Class: Ddr::Auth::AuthContext Abstract

Inherits:

Object

• Object
• Ddr::Auth::AuthContext

Defined in:

lib/ddr/auth/auth_context.rb

Overview

This class is abstract.

Direct Known Subclasses

DetachedAuthContext, WebAuthContext

Instance Attribute Summary

• #env ⇒ Object readonly

  Returns the value of attribute env.

• #user ⇒ Object readonly

  Returns the value of attribute user.

Instance Method Summary

• #ability ⇒ Object
• #affiliation ⇒ Array<String>

  The affiliation values associated with the context.

• #agent ⇒ String

  Return the user agent for this context.

• #agents ⇒ Array<String>

  Return the combined user and group agents for this context.

• #anonymous? ⇒ Boolean

  Return whether a user is absent from the auth context.

• #authenticated? ⇒ Boolean

  Return whether a user is present in the auth context.

• #authorized_to_act_as_superuser? ⇒ Boolean

  Is the auth context authorized to act as superuser? This is separate from whether the context is authenticated in superuser scope.

• #default_ability_class ⇒ Object
• #duke_agent? ⇒ Boolean

  Is the authenticated agent a Duke identity?.

• #groups ⇒ Array<Group>

  Return the list of groups for this context.

• #initialize(user = nil, env = nil) ⇒ AuthContext constructor

  A new instance of AuthContext.

• #ip_address ⇒ String

  The IP address associated with the context.

• #ismemberof ⇒ Array<String>

  The remote group values associated with the context.

• #member_of?(group) ⇒ Boolean

  Is the user associated with the auth context a member of the group?.

• #metadata_manager? ⇒ Boolean
• #superuser? ⇒ Boolean

  Return whether context is authenticated in superuser scope.

Constructor Details

#initialize(user = nil, env = nil) ⇒ AuthContext

Returns a new instance of AuthContext.

# File 'lib/ddr/auth/auth_context.rb', line 7

def initialize(user = nil, env = nil)
  @user = user
  @env = env
end

Instance Attribute Details

#env ⇒ Object (readonly)

Returns the value of attribute env.

# File 'lib/ddr/auth/auth_context.rb', line 5

def env
  @env
end

#user ⇒ Object (readonly)

Returns the value of attribute user.

# File 'lib/ddr/auth/auth_context.rb', line 5

def user
  @user
end

Instance Method Details

#ability ⇒ Object

# File 'lib/ddr/auth/auth_context.rb', line 12

def ability
  if anonymous?
    AnonymousAbility.new(self)
  elsif superuser?
    SuperuserAbility.new(self)
  else
    default_ability_class.new(self)
  end
end

#affiliation ⇒ Array<String>

The affiliation values associated with the context.

Returns:

• (Array<String>)

# File 'lib/ddr/auth/auth_context.rb', line 98

def affiliation
  []
end

#agent ⇒ String

Return the user agent for this context.

Returns:

• (String) —

  or nil, if auth context is anonymous/

# File 'lib/ddr/auth/auth_context.rb', line 50

def agent
  anonymous? ? nil : user.agent
end

#agents ⇒ Array<String>

Return the combined user and group agents for this context.

Returns:

• (Array<String>)

# File 'lib/ddr/auth/auth_context.rb', line 86

def agents
  groups.map(&:agent).push(agent).compact
end

#anonymous? ⇒ Boolean

Return whether a user is absent from the auth context.

Returns:

• (Boolean)

# File 'lib/ddr/auth/auth_context.rb', line 28

def anonymous?
  user.nil?
end

#authenticated? ⇒ Boolean

Return whether a user is present in the auth context.

Returns:

• (Boolean)

# File 'lib/ddr/auth/auth_context.rb', line 34

def authenticated?
  !anonymous?
end

#authorized_to_act_as_superuser? ⇒ Boolean

Is the auth context authorized to act as superuser?

This is separate from whether the context is authenticated in superuser scope.

Returns:

• (Boolean)

# File 'lib/ddr/auth/auth_context.rb', line 80

def authorized_to_act_as_superuser?
  member_of? Ddr::Auth.superuser_group
end

#default_ability_class ⇒ Object

# File 'lib/ddr/auth/auth_context.rb', line 22

def default_ability_class
  Ddr::Auth::default_ability.constantize
end

#duke_agent? ⇒ Boolean

Is the authenticated agent a Duke identity?

Returns:

• (Boolean)

# File 'lib/ddr/auth/auth_context.rb', line 56

def duke_agent?
  !!(agent =~ /@duke\.edu\z/)
end

#groups ⇒ Array<Group>

Return the list of groups for this context.

Returns:

• (Array<Group>)

# File 'lib/ddr/auth/auth_context.rb', line 62

def groups
  @groups ||= Groups.call(self)
end

#ip_address ⇒ String

The IP address associated with the context.

Returns:

• (String)

# File 'lib/ddr/auth/auth_context.rb', line 92

def ip_address
  nil
end

#ismemberof ⇒ Array<String>

The remote group values associated with the context.

Returns:

• (Array<String>)

# File 'lib/ddr/auth/auth_context.rb', line 104

def ismemberof
  []
end

#member_of?(group) ⇒ Boolean

Is the user associated with the auth context a member of the group?

Parameters:

• group (Group, String) —

  group object or group id

Returns:

• (Boolean)

# File 'lib/ddr/auth/auth_context.rb', line 69

def member_of?(group)
  if group.is_a? Group
    groups.include? group
  else
    member_of? Group.new(group)
  end
end

#metadata_manager? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ddr/auth/auth_context.rb', line 44

def metadata_manager?
  member_of? Ddr::Auth.metadata_managers_group
end

#superuser? ⇒ Boolean

Return whether context is authenticated in superuser scope.

Returns:

• (Boolean)

# File 'lib/ddr/auth/auth_context.rb', line 40

def superuser?
  env && env.key?("warden") && env["warden"].authenticate?(scope: :superuser)
end