Module: ApiEngineBase::Authorization

Defined in:
lib/api_engine_base/authorization.rb,
lib/api_engine_base/authorization/role.rb,
lib/api_engine_base/authorization/entity.rb

Defined Under Namespace

Classes: Entity, Error, Role

Class Method Summary collapse

Class Method Details

.add_mapping!(role:) ⇒ Object 



19
20
21
22
23
24
 
# File 'lib/api_engine_base/authorization.rb', line 19

def add_mapping!(role:)
  role.guards.each do |controller, methods|
    mapped_controllers[controller] ||= Set.new
    mapped_controllers[controller] += methods
  end
end

.default_defined!Object 



30
31
32
33
 
# File 'lib/api_engine_base/authorization.rb', line 30

def default_defined!
  provision_rbac_default!
  provision_rbac_user_defined!
end

.load_yaml(path) ⇒ Object 



47
48
49
50
51
 
# File 'lib/api_engine_base/authorization.rb', line 47

def load_yaml(path)
  return nil unless File.exist?(path)

  YAML.load_file(path)
end

.mapped_controllersObject 



15
16
17
 
# File 'lib/api_engine_base/authorization.rb', line 15

def mapped_controllers
  @mapped_controllers ||= {}
end

.mapped_controllers_reset!Object 



26
27
28
 
# File 'lib/api_engine_base/authorization.rb', line 26

def mapped_controllers_reset!
  @mapped_controllers = {}
end

.provision_rbac_default!Object 



41
42
43
44
45
 
# File 'lib/api_engine_base/authorization.rb', line 41

def provision_rbac_default!
  path = ApiEngineBase::Engine.root.join("lib", "api_engine_base", "authorization", "default.yml")
  rbac_configuration = load_yaml(path)
  provision_rbac_via_yaml(rbac_configuration)
end

.provision_rbac_user_defined!Object 



35
36
37
38
39
 
# File 'lib/api_engine_base/authorization.rb', line 35

def provision_rbac_user_defined!
  path = ApiEngineBase.config.authorization.rbac_group_path
  rbac_configuration = load_yaml(path)
  provision_rbac_via_yaml(rbac_configuration)
end

.provision_rbac_via_yaml(rbac_configuration) ⇒ Object 



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/api_engine_base/authorization.rb', line 53

def provision_rbac_via_yaml(rbac_configuration)
  return if rbac_configuration.nil?

  rbac_configuration["entities"].each do |entity|
    ApiEngineBase::Authorization::Entity.create_entity(
      name: entity["name"],
      controller: entity["controller"],
      only: entity["only"],
      except: entity["except"],
    )
  end

  rbac_configuration["groups"].each do |name, metadata|
    entities = nil
    allow_everything = false
    description = metadata["description"]

    if metadata["entities"] == true
      allow_everything =  true
    else
      entities = ApiEngineBase::Authorization::Entity.entities.map { |k, v| v if metadata["entities"].include?(k) }.compact
    end

    ApiEngineBase::Authorization::Role.create_role(
      name:,
      entities:,
      description:,
      allow_everything:,
    )
  end
end