Class: Cerbos::Input::Principal

Inherits:

Object

• Object
• Cerbos::Input::Principal

Defined in:

lib/cerbos/input/principal.rb

Overview

A principal (often a user, but potentially another actor like a service account) to authorize.

Instance Attribute Summary

• #attributes ⇒ Attributes readonly

  Application-specific attributes describing the principal.

• #id ⇒ String readonly

  A unique identifier for the principal.

• #policy_version ⇒ String^? readonly

  The policy version to use when authorizing the principal.

• #roles ⇒ Array<String> readonly

  The roles held by the principal.

• #scope ⇒ String^? readonly

  The policy scope to use when authorizing the principal.

Instance Method Summary

• #initialize(id:, roles:, attributes: {}, policy_version: nil, scope: nil) ⇒ Principal constructor

  Specify a principal to authorize.

Constructor Details

#initialize(id:, roles:, attributes: {}, policy_version: nil, scope: nil) ⇒ Principal

Specify a principal to authorize.

Parameters:

• id (String) —

  a unique identifier for the principal.

• roles (Array<String>) —

  the roles held by the principal.

• attributes (Attributes, Hash) (defaults to: {}) —

  application-specific attributes describing the principal.

• policy_version (String, nil) (defaults to: nil) —

  the policy version to use when authorizing the principal (nil to use the Cerbos policy decision point server's configured default version).

• scope (String, nil) (defaults to: nil) —

  the policy scope to use when authorizing the principal.

# File 'lib/cerbos/input/principal.rb', line 43

def initialize(id:, roles:, attributes: {}, policy_version: nil, scope: nil)
  @id = id
  @roles = roles
  @attributes = Input.coerce_required(attributes, Attributes)
  @policy_version = policy_version
  @scope = scope
end

Instance Attribute Details

#attributes ⇒ Attributes (readonly)

Application-specific attributes describing the principal.

Returns:

• (Attributes)

# File 'lib/cerbos/input/principal.rb', line 20

def attributes
  @attributes
end

#id ⇒ String (readonly)

A unique identifier for the principal.

Returns:

• (String)

# File 'lib/cerbos/input/principal.rb', line 10

def id
  @id
end

#policy_version ⇒ String^? (readonly)

The policy version to use when authorizing the principal.

Returns:

• (String)
• (nil) —

  if not provided (in which case the Cerbos policy decision point server's configured default version will be used).

# File 'lib/cerbos/input/principal.rb', line 26

def policy_version
  @policy_version
end

#roles ⇒ Array<String> (readonly)

The roles held by the principal.

Returns:

• (Array<String>)

# File 'lib/cerbos/input/principal.rb', line 15

def roles
  @roles
end

#scope ⇒ String^? (readonly)

The policy scope to use when authorizing the principal.

Returns:

• (String)
• (nil) —

  if not provided.

See Also:

• Scoped policies

# File 'lib/cerbos/input/principal.rb', line 34

def scope
  @scope
end