Class: OMF::SFA::AM::RPC::AMAuthorizer
- Inherits:
-
DefaultAuthorizer
- Object
- LObject
- DefaultAuthorizer
- OMF::SFA::AM::RPC::AMAuthorizer
- Defined in:
- lib/omf-sfa/am/am-rpc/am_authorizer.rb
Overview
This class implements the decision logic for determining access of a user in a specific context to specific functionality in the AM
Instance Attribute Summary collapse
-
#account ⇒ Object
readonly
Returns the value of attribute account.
-
#certificate ⇒ Hash
readonly
The certificate associated with this caller.
-
#project ⇒ Object
readonly
Returns the value of attribute project.
-
#user ⇒ Object
readonly
Returns the value of attribute user.
Class Method Summary collapse
-
.create_for_sfa_request(account_urn, credentials, request, am_manager) ⇒ Object
Create an instance from the information provided by the rack’s ‘req’ object.
Instance Method Summary collapse
-
#can_release_resource?(resource) ⇒ Boolean
RESOURCE.
-
#can_renew_account?(account, expiration_time) ⇒ Boolean
ACCOUNT.
Instance Attribute Details
#account ⇒ Object (readonly)
Returns the value of attribute account.
18 19 20 |
# File 'lib/omf-sfa/am/am-rpc/am_authorizer.rb', line 18 def account @account end |
#certificate ⇒ Hash (readonly)
Returns The certificate associated with this caller.
|
# File 'lib/omf-sfa/am/am-rpc/am_authorizer.rb', line 29
|
#project ⇒ Object (readonly)
Returns the value of attribute project.
22 23 24 |
# File 'lib/omf-sfa/am/am-rpc/am_authorizer.rb', line 22 def project @project end |
#user ⇒ Object (readonly)
Returns the value of attribute user.
26 27 28 |
# File 'lib/omf-sfa/am/am-rpc/am_authorizer.rb', line 26 def user @user end |
Class Method Details
.create_for_sfa_request(account_urn, credentials, request, am_manager) ⇒ Object
Create an instance from the information provided by the rack’s ‘req’ object.
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'lib/omf-sfa/am/am-rpc/am_authorizer.rb', line 40 def self.create_for_sfa_request(account_urn, credentials, request, am_manager) begin raise "Missing peer cert" unless cert_s = request.env['rack.peer_cert'] peer = OMF::SFA::AM::UserCredential.unmarshall(cert_s) end debug "Requester: #{peer.subject} :: #{peer.user_urn}" raise OMF::SFA::AM::InsufficientPrivilegesException.new "Credentials are missing." if credentials.nil? unless peer.valid_at? OMF::SFA::AM::InsufficientPrivilegesException.new "The certificate has expired or not valid yet. Check the dates." end user = am_manager.find_or_create_user({:uuid => peer.user_uuid, :urn => peer.user_urn}) creds = credentials.map do |cs| cs = OMF::SFA::AM::PrivilegeCredential.unmarshall(cs) cs.tap do |c| unless c.valid_at? OMF::SFA::AM::InsufficientPrivilegesException.new "The credentials have expired or not valid yet. Check the dates." end end end self.new(account_urn, peer, creds, am_manager) end |
Instance Method Details
#can_release_resource?(resource) ⇒ Boolean
RESOURCE
82 83 84 85 86 |
# File 'lib/omf-sfa/am/am-rpc/am_authorizer.rb', line 82 def can_release_resource?(resource) unless resource.account == @account && @permissions[:can_release_resource?] raise OMF::SFA::AM::InsufficientPrivilegesException.new end end |
#can_renew_account?(account, expiration_time) ⇒ Boolean
ACCOUNT
71 72 73 74 75 76 77 78 |
# File 'lib/omf-sfa/am/am-rpc/am_authorizer.rb', line 71 def can_renew_account?(account, expiration_time) debug "Check permission 'can_renew_account?' (#{account == @account}, #{@permissions[:can_renew_account?]}, #{@user_cred.valid_at?(expiration_time)})" unless account == @account && @permissions[:can_renew_account?] && @user_cred.valid_at?(expiration_time) # not sure if this is the right check raise OMF::SFA::AM::InsufficientPrivilegesException.new("Can't renew account after the expiration of the credentials") end end |