Class: ApiEngineBase::Authorize::Validate

Inherits:
ServiceBase
  • Object
show all
Defined in:
app/services/api_engine_base/authorize/validate.rb

Constant Summary

Constants inherited from ServiceBase

ServiceBase::ON_ARGUMENT_VALIDATION

Instance Method Summary collapse

Methods inherited from ServiceBase

inherited, #internal_validate, #service_base_logging, #validate!

Methods included from ApiEngineBase::ArgumentValidation

included

Methods included from ServiceLogging

#aletered_message, #class_name, #log, #log_error, #log_info, #log_prefix, #log_warn, #logger, #service_id

Instance Method Details

#authorization_required?Boolean

Returns:

  • (Boolean) 


36
37
38
39
40
41
 
# File 'app/services/api_engine_base/authorize/validate.rb', line 36

def authorization_required?
  controller_mapping = ApiEngineBase::Authorization.mapped_controllers[controller]
  return false if controller_mapping.nil?

  controller_mapping.include?(method.to_sym)
end

#callObject 



11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'app/services/api_engine_base/authorize/validate.rb', line 11

def call
  context.authorization_required = authorization_required?
  unless context.authorization_required
    log_info("controller:#{controller}; method:#{method} -- No Authorization required")
    context.msg = "Authorization not required at this time"
    return
  end

  # At this point we know authorization on the route is required
  # Iterate through the users roles to find a matching role that allows authorization
  # If at least 1 of the users roles passes validation, we can allow access to the path
  log_info("User Roles: #{user.roles}")
  auhorization_result = user_role_objects.any? do |_role_name, role_object|
    result = role_object.authorized?(controller:, method:, user:)
    log_info("Role:#{result[:role]};Authorized:[#{result[:authorized]}];Reason:[#{result[:reason]}]")
    result[:authorized] == true
  end

  if auhorization_result
    context.msg = "User is Authorized for action"
  else
    context.fail!(msg: "Unauthorized Access. Incorrect User Privileges")
  end
end

#user_role_objectsObject 



43
44
45
46
47
 
# File 'app/services/api_engine_base/authorize/validate.rb', line 43

def user_role_objects
  ApiEngineBase::Authorization::Role.roles.select do |role_name, _|
    user.roles.include?(role_name.to_s)
  end
end