Class: Cbac::CbacPristine::PristineFile

Inherits:
AbstractPristineFile show all
Defined in:
lib/cbac/cbac_pristine/pristine_file.rb

Instance Attribute Summary

Attributes inherited from AbstractPristineFile

#generic_roles, #permissions

Instance Method Summary collapse

Methods inherited from AbstractPristineFile

#initialize, #is_pristine_permission_line?, #parse, #parse_privilege_set_name, #permission_set

Constructor Details

This class inherits a constructor from Cbac::CbacPristine::AbstractPristineFile

Instance Method Details

#parse_role(line, line_number, use_db = true) ⇒ Object

Raises:

  • (SyntaxError) 


123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
 
# File 'lib/cbac/cbac_pristine/pristine_file.rb', line 123

def parse_role(line, line_number, use_db = true)
  if line.match(/^.*Admin\(\)/)
    return @admin_role unless @admin_role.nil?

    @admin_role = PristineRole.admin_role(use_db)
    @generic_roles.push(@admin_role)
    return @admin_role
  end
  if context_role_name = line.match(/^.*ContextRole\(\s*([A-Za-z0-9_]+)\s*\)/)
    # NOTE: the 0 for an ID is very important! In CBAC a context role permission MUST have 0 as generic_role_id
    # if not, the context role is not found by CBAC and thus will not work

    # this may be a context role that's already in the database
    context_role = use_db ? PristineRole.where(role_type: PristineRole.ROLE_TYPES[:context], name: context_role_name.captures[0]).first : nil

    # this may still be a context role we've seen before...
    context_role = @context_roles.select do |cr| cr.role_type == PristineRole.ROLE_TYPES[:context] and cr.name == context_role_name.captures[0] end.first if context_role.nil?

    if context_role.nil?
      # this is a never-before-seen context role
      context_role = PristineRole.new do |role|
        role.role_id = 0
        role.role_type = PristineRole.ROLE_TYPES[:context]
        role.name = context_role_name.captures[0]
      end
      context_role.save if use_db
      @context_roles.push context_role
    end
    return context_role
  end
  raise SyntaxError, "Error: ContextRole or Admin expected, but found: \"#{line}\" on line #{(line_number + 1).to_s}"
end