Class: Checkpoint::Grants
- Inherits:
-
Object
- Object
- Checkpoint::Grants
- Defined in:
- lib/checkpoint/grants.rb
Overview
The repository of grants – a simple wrapper for the Sequel Datastore / grants table.
Instance Method Summary collapse
- #any?(agents, credentials, resources) ⇒ Boolean
- #for(agents, credentials, resources) ⇒ Object
-
#grant!(agent, credential, resource) ⇒ Grant
Grant a credential.
-
#initialize(grants: Checkpoint::DB::Grant) ⇒ Grants
constructor
A new instance of Grants.
-
#revoke!(agents, credentials, resources) ⇒ Integer
Revoke a credential.
-
#what(agents, resources) ⇒ Array<Grant>
Find grants to the given agents on the given resources.
-
#which(agents, credentials) ⇒ Array<Grant>
Find grants to the given agents of the given credentials.
-
#who(credentials, resources) ⇒ Array<Grant>
Find grants of the given credentials on the given resources.
Constructor Details
#initialize(grants: Checkpoint::DB::Grant) ⇒ Grants
Returns a new instance of Grants.
15 16 17 |
# File 'lib/checkpoint/grants.rb', line 15 def initialize(grants: Checkpoint::DB::Grant) @grants = grants end |
Instance Method Details
#any?(agents, credentials, resources) ⇒ Boolean
23 24 25 |
# File 'lib/checkpoint/grants.rb', line 23 def any?(agents, credentials, resources) where(agents, credentials, resources).first != nil end |
#for(agents, credentials, resources) ⇒ Object
19 20 21 |
# File 'lib/checkpoint/grants.rb', line 19 def for(agents, credentials, resources) where(agents, credentials, resources).all end |
#grant!(agent, credential, resource) ⇒ Grant
Grant a credential.
This method takes a single agent, credential, and resource to create a grant. They are not expanded, though they may be general (e.g., an agent for users of an instituion or a wildcard for resources of some type).
73 74 75 |
# File 'lib/checkpoint/grants.rb', line 73 def grant!(agent, credential, resource) grants.from(agent, credential, resource).save end |
#revoke!(agents, credentials, resources) ⇒ Integer
Revoke a credential.
Take care to note that this follows the same matching semantics as #for. There is no expansion done here, but anything that matches what is supplied will be deleted. Of particular note is the default wildcard behavior of Resource::Resolver: if a specific resource has been expanded by the resolver, and the array of the resource, a type wildcard, and the any-resource wildcard (as used for inherited matching) is supplied, the results may be surprising where there are grants at specific and general levels.
In general, the parameters should not have been expanded. If the intent is to revoke a general grant, the general details should be supplied, and likewise for the specific case.
Applications should interact with the Authority, which exposes a more application-oriented interface. This repository should be considered internal to Checkpoint.
100 101 102 |
# File 'lib/checkpoint/grants.rb', line 100 def revoke!(agents, credentials, resources) where(agents, credentials, resources).delete end |
#what(agents, resources) ⇒ Array<Grant>
Find grants to the given agents on the given resources.
This is useful for finding what actions may be taken on particular items. Note that this low-level interface returns the full grants, rather than a unique set of credentials.
47 48 49 |
# File 'lib/checkpoint/grants.rb', line 47 def what(agents, resources) DB::Query::AR.new(agents, resources, **scope).all end |
#which(agents, credentials) ⇒ Array<Grant>
Find grants to the given agents of the given credentials.
This is useful for finding which resources may acted upon. Note that this low-level interface returns the full grants, rather than a unique set of resources.
59 60 61 |
# File 'lib/checkpoint/grants.rb', line 59 def which(agents, credentials) DB::Query::AC.new(agents, credentials, **scope).all end |
#who(credentials, resources) ⇒ Array<Grant>
Find grants of the given credentials on the given resources.
This is useful for finding who should have particular access. Note that this low-level interface returns the full grants, rather than a unique set of agents.
35 36 37 |
# File 'lib/checkpoint/grants.rb', line 35 def who(credentials, resources) DB::Query::CR.new(credentials, resources, **scope).all end |