Class: PactBroker::Api::Authorization::ResourceAccessPolicy

Inherits:

Object

• Object
• PactBroker::Api::Authorization::ResourceAccessPolicy

Includes:

Paths

Defined in:

lib/pact_broker/api/authorization/resource_access_policy.rb

Constant Summary

READ_METHODS =

%w{GET OPTIONS HEAD}.freeze

ALL_METHODS =

%w{GET POST PUT PATCH DELETE HEAD OPTIONS}.freeze

POST =

"POST".freeze

ALL_PATHS =

%r{.*}.freeze

HEARTBEAT_PATH =

%r{^/diagnostic/status/heartbeat$}.freeze

PACTS_FOR_VERIFICATION_PATH =

%r{^/pacts/provider/[^/]+/for-verification$}.freeze

PUBLIC =

0

READ =

1

WRITE =

2

Constants included from Paths

Paths::CAN_I_DEPLOY_BADGE_PATH, Paths::MATRIX_BADGE_PATH, Paths::PACT_BADGE_PATH, Paths::VERIFICATION_RESULTS

Class Method Summary

• .build(allow_public_read_access, allow_public_access_to_heartbeat, enable_public_badge_access) ⇒ Object

Instance Method Summary

• #initialize(resource_access_rules) ⇒ ResourceAccessPolicy constructor

  A new instance of ResourceAccessPolicy.

• #public_access_allowed?(env) ⇒ Boolean
• #read_access_allowed?(env) ⇒ Boolean

Methods included from Paths

#is_badge_path?, #is_verification_results_path?

Constructor Details

#initialize(resource_access_rules) ⇒ ResourceAccessPolicy

Returns a new instance of ResourceAccessPolicy.

# File 'lib/pact_broker/api/authorization/resource_access_policy.rb', line 21

def initialize(resource_access_rules)
  @resource_access_rules = resource_access_rules
end

Class Method Details

.build(allow_public_read_access, allow_public_access_to_heartbeat, enable_public_badge_access) ⇒ Object

# File 'lib/pact_broker/api/authorization/resource_access_policy.rb', line 33

def self.build(allow_public_read_access, allow_public_access_to_heartbeat, enable_public_badge_access)
  rules = [
    [WRITE, ALL_METHODS, ALL_PATHS],
    [READ, READ_METHODS, ALL_PATHS],
    [READ, [POST], PACTS_FOR_VERIFICATION_PATH],
  ]

  if enable_public_badge_access
    rules.concat([
      [PUBLIC, READ_METHODS, PACT_BADGE_PATH],
      [PUBLIC, READ_METHODS, MATRIX_BADGE_PATH],
      [PUBLIC, READ_METHODS, CAN_I_DEPLOY_BADGE_PATH]
    ])
  end

  if allow_public_access_to_heartbeat
    rules.unshift([PUBLIC, READ_METHODS, HEARTBEAT_PATH])
  end

  if allow_public_read_access
    rules.unshift([PUBLIC, READ_METHODS, ALL_PATHS])
    rules.unshift([PUBLIC, [POST], PACTS_FOR_VERIFICATION_PATH])
  end

  ResourceAccessPolicy.new(ResourceAccessRules.new(rules))
end

Instance Method Details

#public_access_allowed?(env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pact_broker/api/authorization/resource_access_policy.rb', line 25

def public_access_allowed?(env)
  resource_access_rules.access_allowed?(env, PUBLIC)
end

#read_access_allowed?(env) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/pact_broker/api/authorization/resource_access_policy.rb', line 29

def read_access_allowed?(env)
  resource_access_rules.access_allowed?(env, READ)
end