Class: AuthenticJwt::Authorizer

Inherits:

Object

• Object
• AuthenticJwt::Authorizer

Defined in:

lib/authentic_jwt/authorizer.rb

Instance Attribute Summary

• #account_id ⇒ Object readonly

  Returns the value of attribute account_id.

Instance Method Summary

• #call(payload:, scope: nil) ⇒ Object
• #initialize(account_id: ENV["AUTHENTIC_AUTH_ACCOUNT_ID"]) ⇒ Authorizer constructor

  A new instance of Authorizer.

Constructor Details

#initialize(account_id: ENV["AUTHENTIC_AUTH_ACCOUNT_ID"]) ⇒ Authorizer

Returns a new instance of Authorizer.

# File 'lib/authentic_jwt/authorizer.rb', line 3

def initialize(account_id: ENV["AUTHENTIC_AUTH_ACCOUNT_ID"])
  unless account_id.to_s.empty?
    @account_id = account_id.to_s
  end
end

Instance Attribute Details

#account_id ⇒ Object (readonly)

Returns the value of attribute account_id.

# File 'lib/authentic_jwt/authorizer.rb', line 9

def account_id
  @account_id
end

Instance Method Details

#call(payload:, scope: nil) ⇒ Object

# File 'lib/authentic_jwt/authorizer.rb', line 11

def call(payload:, scope: nil)
  return unless account_id

  account = payload.accounts.detect { |account| account.aud == account_id }

  unless account
    raise Forbidden, "No access to account"
  end

  roles = account.roles.collect(&:to_s).collect(&:downcase)

  unless roles.any?
    raise Forbidden, "Account has no roles"
  end

  acceptable_roles = calculate_acceptable_roles(scope: scope)

  unless (acceptable_roles & roles).any?
    raise Forbidden, "Account role is too low"
  end

  true
end