Class: Checkpoint::Grants

Inherits:

Object

• Object
• Checkpoint::Grants

Defined in:

lib/checkpoint/grants.rb

Overview

The repository of grants – a simple wrapper for the Sequel Datastore / grants table.

Instance Method Summary

• #any?(agents, credentials, resources) ⇒ Boolean
• #for(agents, credentials, resources) ⇒ Object
• #grant!(agent, credential, resource) ⇒ Grant

  Grant a credential.

• #initialize(grants: Checkpoint::DB::Grant) ⇒ Grants constructor

  A new instance of Grants.

• #revoke!(agents, credentials, resources) ⇒ Integer

  Revoke a credential.

• #what(agents, resources) ⇒ Array<Grant>

  Find grants to the given agents on the given resources.

• #which(agents, credentials) ⇒ Array<Grant>

  Find grants to the given agents of the given credentials.

• #who(credentials, resources) ⇒ Array<Grant>

  Find grants of the given credentials on the given resources.

Constructor Details

#initialize(grants: Checkpoint::DB::Grant) ⇒ Grants

Returns a new instance of Grants.

# File 'lib/checkpoint/grants.rb', line 15

def initialize(grants: Checkpoint::DB::Grant)
  @grants = grants
end

Instance Method Details

#any?(agents, credentials, resources) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/checkpoint/grants.rb', line 23

def any?(agents, credentials, resources)
  where(agents, credentials, resources).first != nil
end

#for(agents, credentials, resources) ⇒ Object

# File 'lib/checkpoint/grants.rb', line 19

def for(agents, credentials, resources)
  where(agents, credentials, resources).all
end

#grant!(agent, credential, resource) ⇒ Grant

Grant a credential.

This method takes a single agent, credential, and resource to create a grant. They are not expanded, though they may be general (e.g., an agent for users of an instituion or a wildcard for resources of some type).

Parameters:

• agent (Agent) —

  the agent to whom the credential should be granted

• credential (Credential) —

  the credential to grant

• resource (Resource) —

  the resource to which the credential should apply

Returns:

• (Grant) —

  the saved Grant; nil if the save fails

# File 'lib/checkpoint/grants.rb', line 73

def grant!(agent, credential, resource)
  grants.from(agent, credential, resource).save
end

#revoke!(agents, credentials, resources) ⇒ Integer

Revoke a credential.

Take care to note that this follows the same matching semantics as #for. There is no expansion done here, but anything that matches what is supplied will be deleted. Of particular note is the default wildcard behavior of Resource::Resolver: if a specific resource has been expanded by the resolver, and the array of the resource, a type wildcard, and the any-resource wildcard (as used for inherited matching) is supplied, the results may be surprising where there are grants at specific and general levels.

In general, the parameters should not have been expanded. If the intent is to revoke a general grant, the general details should be supplied, and likewise for the specific case.

Applications should interact with the Authority, which exposes a more application-oriented interface. This repository should be considered internal to Checkpoint.

Parameters:

• agents (Agent|Array) —

  the agent or agents to match for deletion

• credentials (Credential|Array) —

  the credential or credentials to match for deletion

• resources (Resource|Array) —

  the resource or resources to match for deletion

Returns:

• (Integer) —

  the number of Grants deleted

# File 'lib/checkpoint/grants.rb', line 100

def revoke!(agents, credentials, resources)
  where(agents, credentials, resources).delete
end

#what(agents, resources) ⇒ Array<Grant>

Find grants to the given agents on the given resources.

This is useful for finding what actions may be taken on particular items. Note that this low-level interface returns the full grants, rather than a unique set of credentials.

Returns:

• (Array<Grant>) —

  the set of grants to any of the agents on any of the resources

# File 'lib/checkpoint/grants.rb', line 47

def what(agents, resources)
  DB::Query::AR.new(agents, resources, **scope).all
end

#which(agents, credentials) ⇒ Array<Grant>

Find grants to the given agents of the given credentials.

This is useful for finding which resources may acted upon. Note that this low-level interface returns the full grants, rather than a unique set of resources.

Returns:

• (Array<Grant>) —

  the set of grants of any of the credentials to any of the agents

# File 'lib/checkpoint/grants.rb', line 59

def which(agents, credentials)
  DB::Query::AC.new(agents, credentials, **scope).all
end

#who(credentials, resources) ⇒ Array<Grant>

Find grants of the given credentials on the given resources.

This is useful for finding who should have particular access. Note that this low-level interface returns the full grants, rather than a unique set of agents.

Returns:

• (Array<Grant>) —

  the set of grants of any of the credentials on any of the resources

# File 'lib/checkpoint/grants.rb', line 35

def who(credentials, resources)
  DB::Query::CR.new(credentials, resources, **scope).all
end