Class: Entitlements::Backend::BaseController

Inherits:

Object

• Object
• Entitlements::Backend::BaseController

Includes:

Contracts::Core

Defined in:

lib/entitlements/backend/base_controller.rb

Direct Known Subclasses

Dummy::Controller, LDAP::Controller, MemberOf::Controller

Constant Summary

C =

::Contracts

COMMON_GROUP_CONFIG =

{
  "allowed_methods" => { required: false, type: Array },
  "allowed_types"   => { required: false, type: Array },
  "dir"             => { required: false, type: String }
}

Instance Attribute Summary

• #actions ⇒ Object readonly

  Returns the value of attribute actions.

Class Method Summary

• .identifier ⇒ Object

  Default identifier is the de-camelized name of the class - override by defining this method in the child class.

• .priority ⇒ Object

  Default priority is 10 - override by defining this method in the child class.

• .register ⇒ Object

  Upon loading of the class itself, register the class in the list of available backends that is tracked in the Entitlements class.

Instance Method Summary

• #apply(action) ⇒ Object
• #calculate ⇒ Object
• #change_count ⇒ Object
• #initialize(group_name, config = nil) ⇒ BaseController constructor

  A new instance of BaseController.

• #preapply ⇒ Object
• #prefetch ⇒ Object

  Stub methods :nocov:.

• #print_differences(key:, added:, removed:, changed:, ignored_users: Set.new) ⇒ Object
• #priority ⇒ Object

  :nocov:.

• #validate ⇒ Object
• #validate_config!(key, data) ⇒ Object

Constructor Details

#initialize(group_name, config = nil) ⇒ BaseController

Returns a new instance of BaseController.

# File 'lib/entitlements/backend/base_controller.rb', line 50

def initialize(group_name, config = nil)
  @group_name = group_name
  @config = config ? config.dup : Entitlements.config["groups"].fetch(group_name).dup
  @config.delete("type")
  @actions = []
  @logger = Entitlements.logger
  validate_config!(@group_name, @config)
end

Instance Attribute Details

#actions ⇒ Object (readonly)

Returns the value of attribute actions.

# File 'lib/entitlements/backend/base_controller.rb', line 59

def actions
  @actions
end

Class Method Details

.identifier ⇒ Object

Default identifier is the de-camelized name of the class - override by defining this method in the child class.

# File 'lib/entitlements/backend/base_controller.rb', line 34

def self.identifier
  classname = self.to_s.split("::")[-2]
  Entitlements::Util::Util.decamelize(classname)
end

.priority ⇒ Object

Default priority is 10 - override by defining this method in the child class.

# File 'lib/entitlements/backend/base_controller.rb', line 23

def self.priority
  10
end

.register ⇒ Object

Upon loading of the class itself, register the class in the list of available backends that is tracked in the Entitlements class.

# File 'lib/entitlements/backend/base_controller.rb', line 18

def self.register
  Entitlements.register_backend(identifier, self, priority)
end

Instance Method Details

#apply(action) ⇒ Object

# File 'lib/entitlements/backend/base_controller.rb', line 158

def apply(action)
  raise "Must be defined in child class"
end

#calculate ⇒ Object

# File 'lib/entitlements/backend/base_controller.rb', line 150

def calculate
  raise "Must be defined in child class"
end

#change_count ⇒ Object

# File 'lib/entitlements/backend/base_controller.rb', line 136

def change_count
  actions.size
end

#preapply ⇒ Object

# File 'lib/entitlements/backend/base_controller.rb', line 154

def preapply
  # Can be left undefined
end

#prefetch ⇒ Object

Stub methods :nocov:

# File 'lib/entitlements/backend/base_controller.rb', line 142

def prefetch
  # Can be left undefined
end

#print_differences(key:, added:, removed:, changed:, ignored_users: Set.new) ⇒ Object

# File 'lib/entitlements/backend/base_controller.rb', line 77

def print_differences(key:, added:, removed:, changed:, ignored_users: Set.new)
  added_array   = added.map   { |i| [i.dn, :added,   i] }
  removed_array = removed.map { |i| [i.dn, :removed, i] }
  changed_array = changed.map { |i| [i.dn, :changed, i] }

  combined = (added_array + removed_array + changed_array).sort_by { |i| i.first.to_s.downcase }
  combined.each do |entry|
    identifier = entry[0]
    changetype = entry[1]
    obj        = entry[2]

    if changetype == :added
      members = obj.updated.member_strings.map { |i| i =~ /\Auid=(.+?),/ ? Regexp.last_match(1) : i }
      Entitlements.logger.info "ADD #{identifier} to #{key} (Members: #{members.sort.join(',')})"
    elsif changetype == :removed
      Entitlements.logger.info "DELETE #{identifier} from #{key}"
    else
      ignored_users.merge obj.ignored_users
      existing_members = obj.existing.member_strings
      Entitlements::Util::Util.remove_uids(existing_members, ignored_users)

      proposed_members = obj.updated.member_strings
      Entitlements::Util::Util.remove_uids(proposed_members, ignored_users)

      added_to_group = (proposed_members - existing_members).map { |i| [i, "+"] }
      removed_from_group = (existing_members - proposed_members).map { |i| [i, "-"] }

      # Filter out case-only differences. For example if "bob" is in existing and "BOB" is in proposed,
      # we don't want to show this as a difference.
      downcase_proposed_members = proposed_members.map { |m| m.downcase }
      downcase_existing_members = existing_members.map { |m| m.downcase }
      duplicated = downcase_proposed_members & downcase_existing_members
      added_to_group.reject! { |m| duplicated.include?(m.first.downcase) }
      removed_from_group.reject! { |m| duplicated.include?(m.first.downcase) }

      # What's left is actual changes.
      combined_group = (added_to_group + removed_from_group).sort_by { |i| i.first.downcase }
      if combined_group.any?
        Entitlements.logger.info "CHANGE #{identifier} in #{key}"
        combined_group.each do |item, item_changetype|
          Entitlements.logger.info ".  #{item_changetype} #{item}"
        end
      end

      if obj.existing.description != obj.updated.description && obj.ou_type == "ldap"
        Entitlements.logger.info "METADATA CHANGE #{identifier} in #{key}"
        Entitlements.logger.info "- Old description: #{obj.existing.description.inspect}"
        Entitlements.logger.info "+ New description: #{obj.updated.description.inspect}"
      end
    end
  end
end

#priority ⇒ Object

:nocov:

# File 'lib/entitlements/backend/base_controller.rb', line 28

def priority
  self.class.priority
end

#validate ⇒ Object

# File 'lib/entitlements/backend/base_controller.rb', line 146

def validate
  # Can be left undefined
end

#validate_config!(key, data) ⇒ Object

# File 'lib/entitlements/backend/base_controller.rb', line 162

def validate_config!(key, data)
  # Can be left undefined (but really shouldn't)
end