Class: Checkpoint::Credential::RoleMapResolver

Inherits:
Resolver
  • Object
show all
Defined in:
lib/checkpoint/credential/role_map_resolver.rb

Overview

Credential Resolver that supports a basic role map model.

The role map should be a hash containing all of the roles and each key should be an array of the permissions that role would grant. For example:

“‘ 

admin: [:read, :create, :edit, :delete],
guest: [:read]

“‘

Note that this example is not a recommendation of how to model an application’s permissions; it is only to show the expected format of the hash and that there is no inheritance of permissions between roles (:read is included in both roles). Any more sophisticated rules should be implemented in a custom Resolver, or custom Credential types.

Actions convert to Permissions according to the base Resolver and expand according to the map.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Resolver

#convert

Constructor Details

#initialize(role_map) ⇒ RoleMapResolver

Returns a new instance of RoleMapResolver.



27
28
29
30
 
# File 'lib/checkpoint/credential/role_map_resolver.rb', line 27

def initialize(role_map)
  @role_map = role_map
  @permission_map = invert_role_map
end

Instance Attribute Details

#permission_mapObject (readonly)

Returns the value of attribute permission_map.



25
26
27
 
# File 'lib/checkpoint/credential/role_map_resolver.rb', line 25

def permission_map
  @permission_map
end

#role_mapObject (readonly)

Returns the value of attribute role_map.



25
26
27
 
# File 'lib/checkpoint/credential/role_map_resolver.rb', line 25

def role_map
  @role_map
end

Instance Method Details

#expand(action) ⇒ Array<Credential>

Expand an action name into the matching permission and any roles that would grant it.

Returns:



36
37
38
 
# File 'lib/checkpoint/credential/role_map_resolver.rb', line 36

def expand(action)
  permissions_for(action) + roles_granting(action)
end