Class: Insights::API::Common::RBAC::Access
- Inherits:
-
Object
- Object
- Insights::API::Common::RBAC::Access
- Defined in:
- lib/insights/api/common/rbac/access.rb
Constant Summary collapse
- ADMIN_SCOPE =
"admin"- GROUP_SCOPE =
"group"- USER_SCOPE =
"user"
Instance Attribute Summary collapse
-
#acl ⇒ Object
readonly
Returns the value of attribute acl.
Class Method Summary collapse
Instance Method Summary collapse
- #accessible?(resource, verb, app_name = ) ⇒ Boolean
- #admin_scope?(resource, verb, app_name = ) ⇒ Boolean
- #group_scope?(resource, verb, app_name = ) ⇒ Boolean
-
#initialize(app_name_filter = ENV["APP_NAME"]) ⇒ Access
constructor
A new instance of Access.
- #process ⇒ Object
- #scopes(resource, verb, app_name = ENV['APP_NAME']) ⇒ Object
- #user_scope?(resource, verb, app_name = ) ⇒ Boolean
Constructor Details
#initialize(app_name_filter = ENV["APP_NAME"]) ⇒ Access
Returns a new instance of Access.
11 12 13 |
# File 'lib/insights/api/common/rbac/access.rb', line 11 def initialize(app_name_filter = ENV["APP_NAME"]) @app_name_filter = app_name_filter end |
Instance Attribute Details
#acl ⇒ Object (readonly)
Returns the value of attribute acl.
6 7 8 |
# File 'lib/insights/api/common/rbac/access.rb', line 6 def acl @acl end |
Class Method Details
.enabled? ⇒ Boolean
48 49 50 |
# File 'lib/insights/api/common/rbac/access.rb', line 48 def self.enabled? ENV['BYPASS_RBAC'] != "true" end |
Instance Method Details
#accessible?(resource, verb, app_name = ) ⇒ Boolean
31 32 33 34 |
# File 'lib/insights/api/common/rbac/access.rb', line 31 def accessible?(resource, verb, app_name = ENV['APP_NAME']) regexp = create_regexp(app_name, resource, verb) @acls.any? { |item| regexp.match?(item.) } end |
#admin_scope?(resource, verb, app_name = ) ⇒ Boolean
36 37 38 |
# File 'lib/insights/api/common/rbac/access.rb', line 36 def admin_scope?(resource, verb, app_name = ENV['APP_NAME']) scope?(app_name, resource, verb, ADMIN_SCOPE) end |
#group_scope?(resource, verb, app_name = ) ⇒ Boolean
40 41 42 |
# File 'lib/insights/api/common/rbac/access.rb', line 40 def group_scope?(resource, verb, app_name = ENV['APP_NAME']) scope?(app_name, resource, verb, GROUP_SCOPE) end |
#process ⇒ Object
15 16 17 18 19 20 |
# File 'lib/insights/api/common/rbac/access.rb', line 15 def process Service.call(RBACApiClient::AccessApi) do |api| @acls ||= api.get_principal_access(@app_name_filter).data end self end |
#scopes(resource, verb, app_name = ENV['APP_NAME']) ⇒ Object
22 23 24 25 26 27 28 29 |
# File 'lib/insights/api/common/rbac/access.rb', line 22 def scopes(resource, verb, app_name = ENV['APP_NAME']) regexp = create_regexp(app_name, resource, verb) @acls.each_with_object([]) do |item, memo| if regexp.match?(item.) memo << all_scopes(item) end end.flatten.uniq.sort end |
#user_scope?(resource, verb, app_name = ) ⇒ Boolean
44 45 46 |
# File 'lib/insights/api/common/rbac/access.rb', line 44 def user_scope?(resource, verb, app_name = ENV['APP_NAME']) scope?(app_name, resource, verb, USER_SCOPE) end |