Class: Checkpoint::Credential
- Inherits:
-
Object
- Object
- Checkpoint::Credential
- Defined in:
- lib/checkpoint/credential.rb,
lib/checkpoint/credential/role.rb,
lib/checkpoint/credential/token.rb,
lib/checkpoint/credential/resolver.rb,
lib/checkpoint/credential/permission.rb,
lib/checkpoint/credential/role_map_resolver.rb
Overview
A Credential is the permission to take a particular action, or any instrument that can represent multiple permissions, such as a role or license.
Credentials are abstract; that is, they are not attached to a particular actor or resource to be acted upon. A credential can be granted to an Agent, optionally applying to a particular resource, by way of a Grant. In other words, a credential can be likened to a class, while a grant can be likened to an instance of that class, bound to a given agent and possibly bound to a Resource.
Direct Known Subclasses
Defined Under Namespace
Classes: Permission, Resolver, Role, RoleMapResolver, Token
Instance Attribute Summary collapse
-
#id ⇒ Object
(also: #name)
readonly
Returns the value of attribute id.
-
#type ⇒ Object
readonly
Returns the value of attribute type.
Instance Method Summary collapse
-
#eql?(other) ⇒ Boolean
(also: #==)
Compare two Credentials.
-
#granted_by ⇒ Array<Credential>
Return the list of Credentials that would grant this one.
-
#initialize(name) ⇒ Credential
constructor
Create a new generic Credential.
-
#to_credential ⇒ Credential
Convert this object to a Credential.
-
#token ⇒ Token
A token for this credential.
Constructor Details
#initialize(name) ⇒ Credential
Create a new generic Credential. This should generally not be called, preferring to use a factory or instantiate a Permission, Role, or custom Credential class.
This class assigns the type ‘credential’, while most often, applications will want a Permission.
The term ‘name` is more intuitive for credentials than `id`, as is used with the Agent and Resource types. This is because most applications will use primitive strings or symbols as the programmatic objects for credentials, where as `id` is often associated with a database-assigned identifier that should not appear in the source code. The parameter is called `name` here to reflect that intuitive concept, but it is really an alias for the `id` property of this Credential.
40 41 42 43 |
# File 'lib/checkpoint/credential.rb', line 40 def initialize(name) @id = name.to_s @type = 'credential' end |
Instance Attribute Details
#id ⇒ Object (readonly) Also known as: name
Returns the value of attribute id.
21 22 23 |
# File 'lib/checkpoint/credential.rb', line 21 def id @id end |
#type ⇒ Object (readonly)
Returns the value of attribute type.
21 22 23 |
# File 'lib/checkpoint/credential.rb', line 21 def type @type end |
Instance Method Details
#eql?(other) ⇒ Boolean Also known as: ==
Compare two Credentials.
89 90 91 |
# File 'lib/checkpoint/credential.rb', line 89 def eql?(other) type.eql?(other.type) && name.eql?(other.id) end |
#granted_by ⇒ Array<Credential>
Return the list of Credentials that would grant this one.
This is an extension mechanism for application authors needing to implement hierarchical or virtual credentials and wanting to do so in an object-oriented way. The default implementation is to simply return the credential itself in an array but, for example, a custom permission type could provide for aliasing by including itself and another instance for the synonym. Another example is modeling permissions granted by particular roles; this might be static, as defined in the source files, or dynamic, as impacted by configuration or runtime data.
As an alternative, these rules could be implemented by using the rather straightforward RoleMapResolver or a custom Resolver.
61 62 63 |
# File 'lib/checkpoint/credential.rb', line 61 def granted_by [self] end |
#to_credential ⇒ Credential
Convert this object to a Credential.
For Checkpoint-supplied Credential types, this is an identity operation, but it allows consistent handling of the built-in types and application-supplied types that will either implement this interface or convert themselves to a built-in type. This removes the requirement to extend Checkpoint types and, in combination with ‘#granted_by`, allows design of an object-oriented permission model that can interoperate seamlessly with the Checkpoint constructs.
76 77 78 |
# File 'lib/checkpoint/credential.rb', line 76 def to_credential self end |