Class: Checkpoint::Credential

Inherits:
Object
  • Object
show all
Defined in:
lib/checkpoint/credential.rb,
lib/checkpoint/credential/role.rb,
lib/checkpoint/credential/token.rb,
lib/checkpoint/credential/resolver.rb,
lib/checkpoint/credential/permission.rb

Overview

A Credential is the permission to take a particular action, or any instrument that can represent multiple permissions, such as a role or license.

Credentials are abstract; that is, they are not attached to a particular actor or resource to be acted upon. A credential can be granted to an Agent, optionally applying to a particular resource, by way of a Permit. In other words, a credential can be likened to a class, while a permit can be likened to an instance of that class, bound to a given agent and possibly bound to a Resource.

Direct Known Subclasses

Permission, Role

Defined Under Namespace

Classes: Permission, Resolver, Role, Token

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(name) ⇒ Credential

Create a new generic Credential. This should generally not be called, preferring to use a factory or instantiate a Permission, Role, or custom Credential class.

This class assigns the type ‘credential’, while most often, applications will want a Permission.

The term ‘name` is more intuitive for credentials than `id`, as is used with the Agent and Resource types. This is because most applications will use primitive strings or symbols as the programmatic objects for credentials, where as `id` is often associated with a database-assigned identifier that should not appear in the source code. The parameter is called `name` here to reflect that intuitive concept, but it is really an alias for the `id` property of this Credential.

Parameters:

  • name (String|Symbol)

    the name of this credential



40
41
42
43
 
# File 'lib/checkpoint/credential.rb', line 40

def initialize(name)
  @id   = name.to_s
  @type = 'credential'
end

Instance Attribute Details

#idObject (readonly) Also known as: name

Returns the value of attribute id.



21
22
23
 
# File 'lib/checkpoint/credential.rb', line 21

def id
  @id
end

#typeObject (readonly)

Returns the value of attribute type.



21
22
23
 
# File 'lib/checkpoint/credential.rb', line 21

def type
  @type
end

Instance Method Details

#eql?(other) ⇒ Boolean Also known as: ==

Compare two Credentials.

Parameters:

  • other (Credential)

    the Credential to compare

Returns:

  • (Boolean)

    true if ‘other` is a Credential and its type and id are both eql? to #type and #id



76
77
78
 
# File 'lib/checkpoint/credential.rb', line 76

def eql?(other)
  type.eql?(other.type) && name.eql?(other.id)
end

#granted_byArray<Credential>

Return the list of Credentials that would grant this one.

This is an extension mechanism for application authors needing to implement hierarchical or virtual credentials and wanting to do so in an object-oriented way. The default implementation is to simply return the credential itself in an array but, for example, an a custom permission type could provide for aliasing by including itself and another instance for the synonym. Another example is modeling permissions granted by particular roles; this might be static, as defined in the source files, or dynamic, as impacted by configuration or runtime data.

As an alternative, these rules could be implemented under a PermissionMapper in an application that prefers to model its credentials as strings or symbols, rather than more specialized objects.

Returns:

  • (Array<Credential>)

    the expanded list of credentials that would grant this one

See Also:



63
64
65
 
# File 'lib/checkpoint/credential.rb', line 63

def granted_by
  [self]
end

#tokenToken

Returns a token for this credential.

Returns:

  • (Token)

    a token for this credential



68
69
70
 
# File 'lib/checkpoint/credential.rb', line 68

def token
  @token ||= Token.new(type, id)
end