Class: OpenStax::Utilities::AccessPolicy

Inherits:

Object

• Object
• OpenStax::Utilities::AccessPolicy

Includes:

Singleton

Defined in:

lib/openstax/utilities/access_policy.rb

Instance Attribute Summary

• #resource_policy_map ⇒ Object readonly

  Returns the value of attribute resource_policy_map.

Class Method Summary

• .action_allowed?(action, requestor, resource) ⇒ Boolean
• .method_missing(method_name, *arguments, &block) ⇒ Object
• .register(resource_class, policy_class) ⇒ Object
• .require_action_allowed!(action, requestor, resource) ⇒ Object
• .respond_to_missing?(method_name, include_private = false) ⇒ Boolean

Instance Method Summary

• #initialize ⇒ AccessPolicy constructor

  A new instance of AccessPolicy.

Constructor Details

#initialize ⇒ AccessPolicy

Returns a new instance of AccessPolicy.

# File 'lib/openstax/utilities/access_policy.rb', line 10

def initialize()
  @resource_policy_map = {}
end

Instance Attribute Details

#resource_policy_map ⇒ Object (readonly)

Returns the value of attribute resource_policy_map.

# File 'lib/openstax/utilities/access_policy.rb', line 8

def resource_policy_map
  @resource_policy_map
end

Class Method Details

.action_allowed?(action, requestor, resource) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/openstax/utilities/access_policy.rb', line 31

def self.action_allowed?(action, requestor, resource)

  # If the incoming requestor is an ApiUser, choose to use either its
  # human_user or its application.  If there is a human user involved, it
  # should always take precedence when testing for access.
  if defined?(OpenStax::Api::ApiUser) &&
     requestor.is_a?(OpenStax::Api::ApiUser)
    requestor = requestor.human_user ? requestor.human_user : requestor.application
  end

  resource_class = resource.is_a?(Class) ? resource : resource.class
  policy_class = instance.resource_policy_map[resource_class.to_s].try(:constantize)

  # If there is no policy registered, we by default deny access
  return false if policy_class.nil?

  policy_class.action_allowed?(action, requestor, resource)
end

.method_missing(method_name, *arguments, &block) ⇒ Object

# File 'lib/openstax/utilities/access_policy.rb', line 14

def self.method_missing(method_name, *arguments, &block)
  if method_name.to_s =~ /(.*)_allowed?/
    action_allowed?(*arguments.unshift($1.to_sym), &block)
  else
    super
  end
end

.register(resource_class, policy_class) ⇒ Object

# File 'lib/openstax/utilities/access_policy.rb', line 50

def self.register(resource_class, policy_class)
  self.instance.resource_policy_map[resource_class.to_s] = policy_class.to_s
end

.require_action_allowed!(action, requestor, resource) ⇒ Object

Raises:

• (SecurityTransgression)

# File 'lib/openstax/utilities/access_policy.rb', line 26

def self.require_action_allowed!(action, requestor, resource)
  msg = "\"#{requestor.inspect}\" is not allowed to perform \"#{action}\" on \"#{resource.inspect}\""
  raise(SecurityTransgression, msg) unless action_allowed?(action, requestor, resource)
end

.respond_to_missing?(method_name, include_private = false) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/openstax/utilities/access_policy.rb', line 22

def self.respond_to_missing?(method_name, include_private = false)
  method_name.to_s.end_with?('_allowed?') || super
end