Class: Insights::API::Common::RBAC::Access

Inherits:

Object

• Object
• Insights::API::Common::RBAC::Access

Defined in:

lib/insights/api/common/rbac/access.rb

Constant Summary

DEFAULT_LIMIT =

500

ADMIN_SCOPE =

"admin"

GROUP_SCOPE =

"group"

USER_SCOPE =

"user"

Instance Attribute Summary

• #acl ⇒ Object readonly

  Returns the value of attribute acl.

Class Method Summary

• .enabled? ⇒ Boolean

Instance Method Summary

• #accessible?(resource, verb, app_name = ) ⇒ Boolean
• #admin_scope?(resource, verb, app_name = ) ⇒ Boolean
• #group_scope?(resource, verb, app_name = ) ⇒ Boolean
• #initialize(app_name_filter = ENV["APP_NAME"]) ⇒ Access constructor

  A new instance of Access.

• #process ⇒ Object
• #scopes(resource, verb, app_name = ENV['APP_NAME']) ⇒ Object
• #user_scope?(resource, verb, app_name = ) ⇒ Boolean

Constructor Details

#initialize(app_name_filter = ENV["APP_NAME"]) ⇒ Access

# File 'lib/insights/api/common/rbac/access.rb', line 12

def initialize(app_name_filter = ENV["APP_NAME"])
  @app_name_filter = app_name_filter
end

Instance Attribute Details

#acl ⇒ Object (readonly)

Returns the value of attribute acl.

# File 'lib/insights/api/common/rbac/access.rb', line 6

def acl
  @acl
end

Class Method Details

.enabled? ⇒ Boolean

# File 'lib/insights/api/common/rbac/access.rb', line 49

def self.enabled?
  ENV['BYPASS_RBAC'] != "true"
end

Instance Method Details

#accessible?(resource, verb, app_name = ) ⇒ Boolean

# File 'lib/insights/api/common/rbac/access.rb', line 32

def accessible?(resource, verb, app_name = ENV['APP_NAME'])
  regexp = create_regexp(app_name, resource, verb)
  @acls.any? { |item| regexp.match?(item.permission) }
end

#admin_scope?(resource, verb, app_name = ) ⇒ Boolean

# File 'lib/insights/api/common/rbac/access.rb', line 37

def admin_scope?(resource, verb, app_name = ENV['APP_NAME'])
  scope?(app_name, resource, verb, ADMIN_SCOPE)
end

#group_scope?(resource, verb, app_name = ) ⇒ Boolean

# File 'lib/insights/api/common/rbac/access.rb', line 41

def group_scope?(resource, verb, app_name = ENV['APP_NAME'])
  scope?(app_name, resource, verb, GROUP_SCOPE)
end

#process ⇒ Object

# File 'lib/insights/api/common/rbac/access.rb', line 16

def process
  Service.call(RBACApiClient::AccessApi) do |api|
    @acls ||= Service.paginate(api, :get_principal_access, {:limit => DEFAULT_LIMIT}, @app_name_filter).to_a
  end
  self
end

#scopes(resource, verb, app_name = ENV['APP_NAME']) ⇒ Object

# File 'lib/insights/api/common/rbac/access.rb', line 23

def scopes(resource, verb, app_name = ENV['APP_NAME'])
  regexp = create_regexp(app_name, resource, verb)
  @acls.each_with_object([]) do |item, memo|
    if regexp.match?(item.permission)
      memo << all_scopes(item)
    end
  end.flatten.uniq.sort
end

#user_scope?(resource, verb, app_name = ) ⇒ Boolean

# File 'lib/insights/api/common/rbac/access.rb', line 45

def user_scope?(resource, verb, app_name = ENV['APP_NAME'])
  scope?(app_name, resource, verb, USER_SCOPE)
end