Module: KindeSdk::Client::Permissions

Included in:: KindeSdk::Client

Defined in:: lib/kinde_sdk/client/permissions.rb

Instance Method Summary collapse

#get_permission(permission, options = {}) ⇒ Hash

Get a specific permission status.
#get_permissions(options = {}) ⇒ Hash

Get all permissions for the authenticated user Matches the JavaScript SDK API: getPermissions(options?).
#get_permissions_legacy(token_type = :access_token) ⇒ Object

Backward compatibility method - matches existing Ruby SDK API.
#getAllPermissions ⇒ Array (also: #all_permissions)

Get all permissions with automatic pagination (hard check) Matches PHP: $client->getAllPermissions().
#getPermissions ⇒ Hash

PHP SDK compatible alias for get_permissions with hard check Matches PHP: $client->getPermissions().
#permission_granted?(permission, options = {}) ⇒ Boolean

Check if a permission is granted.

Instance Method Details

#get_permission(permission, options = {}) ⇒ `Hash`

Get a specific permission status

Parameters:

permission (String) —

The permission key to check
options (Hash) (defaults to: {}) —

Options for retrieving permissions (same as get_permissions)

Returns:

(Hash) —

Hash containing org_code and is_granted status

# File 'lib/kinde_sdk/client/permissions.rb', line 48

def get_permission(permission, options = {})
  permissions_data = get_permissions(options)
  
  {
    org_code: permissions_data[:org_code],
    is_granted: permissions_data[:permissions]&.include?(permission) || false
  }
end

#get_permissions(options = {}) ⇒ `Hash`

Get all permissions for the authenticated user Matches the JavaScript SDK API: getPermissions(options?)

Examples:

# Soft check (from token)
client.get_permissions
# => { org_code: "org_123", permissions: ["read:users", "write:posts"] }

# Hard check (from API)
client.get_permissions(force_api: true)
# => { org_code: "org_123", permissions: ["read:users", "write:posts", "admin:all"] }

# Legacy backward compatibility
client.get_permissions(:id_token)
# => { org_code: "org_123", permissions: ["read:users", "write:posts"] }

Parameters:

options (Hash, Symbol) (defaults to: {}) —

Options for retrieving permissions, or legacy token_type symbol

Options Hash (options):

:force_api (Boolean) — default: false —

If true, calls the API to get fresh permissions, otherwise extracts from token claims. Useful for ensuring latest permissions but may incur additional API calls
:token_type (Symbol) — default: :access_token —

The token type to use for soft check (:access_token or :id_token)

Returns:

(Hash) —

Hash containing org_code and permissions array

# File 'lib/kinde_sdk/client/permissions.rb', line 24

def get_permissions(options = {})
  # Handle legacy positional argument for backward compatibility
  if options.is_a?(Symbol)
    options = { token_type: options }
  end
  
  # Extract options with defaults - use member variable if not overridden
  force_api = options[:force_api] || @force_api || false
  token_type = options[:token_type] || :access_token

  if force_api
    # Hard check - call API for fresh permissions
    get_permissions_from_api
  else
    # Soft check - extract from token claims
    get_permissions_from_token(token_type)
  end
end

#get_permissions_legacy(token_type = :access_token) ⇒ `Object`

Backward compatibility method - matches existing Ruby SDK API



91
92
93

# File 'lib/kinde_sdk/client/permissions.rb', line 91

def get_permissions_legacy(token_type = :access_token)
  get_claim("permissions", token_type)&.dig(:value)
end

#getAllPermissions ⇒ `Array` Also known as: all_permissions

Get all permissions with automatic pagination (hard check) Matches PHP: $client->getAllPermissions()

Returns:

(Array) —

Array of permission keys

# File 'lib/kinde_sdk/client/permissions.rb', line 80

def getAllPermissions
  # Use client's force_api setting, default to true for PHP SDK compatibility
  force_api_setting = @force_api.nil? ? true : @force_api
  permissions_data = get_permissions(force_api: force_api_setting)
  permissions_data[:permissions] || []
end

#getPermissions ⇒ `Hash`

PHP SDK compatible alias for get_permissions with hard check Matches PHP: $client->getPermissions()

Returns:

(Hash) —

Hash containing org_code and permissions array

# File 'lib/kinde_sdk/client/permissions.rb', line 70

def getPermissions
  # Use client's force_api setting, default to true for PHP SDK compatibility
  force_api_setting = @force_api.nil? ? true : @force_api
  get_permissions(force_api: force_api_setting)
end

#permission_granted?(permission, options = {}) ⇒ `Boolean`

Check if a permission is granted

Parameters:

permission (String) —

The permission key to check
options (Hash) (defaults to: {}) —

Options for retrieving permissions

Returns:

(Boolean) —

True if permission is granted, false otherwise



62
63
64

# File 'lib/kinde_sdk/client/permissions.rb', line 62

def permission_granted?(permission, options = {})
  get_permission(permission, options)[:is_granted]
end

Module: KindeSdk::Client::Permissions

Instance Method Summary collapse

Instance Method Details

#get_permission(permission, options = {}) ⇒ Hash

#get_permissions(options = {}) ⇒ Hash

Examples:

#get_permissions_legacy(token_type = :access_token) ⇒ Object

#getAllPermissions ⇒ Array Also known as: all_permissions

#getPermissions ⇒ Hash

#permission_granted?(permission, options = {}) ⇒ Boolean

#get_permission(permission, options = {}) ⇒ `Hash`

#get_permissions(options = {}) ⇒ `Hash`

#get_permissions_legacy(token_type = :access_token) ⇒ `Object`

#getAllPermissions ⇒ `Array` Also known as: all_permissions

#getPermissions ⇒ `Hash`

#permission_granted?(permission, options = {}) ⇒ `Boolean`