Class: Puppet::Network::Rights
Overview
Rights class manages a list of ACLs for paths.
Defined Under Namespace
Classes: Right
Instance Method Summary collapse
- #[](name) ⇒ Object
-
#allowed?(name, *args) ⇒ Boolean
Check that name is allowed or not.
- #each ⇒ Object
- #empty? ⇒ Boolean
- #include?(name) ⇒ Boolean
-
#initialize ⇒ Rights
constructor
A new instance of Rights.
- #is_forbidden_and_why?(name, args = {}) ⇒ Boolean
- #is_request_forbidden_and_why?(method, path, params) ⇒ Boolean
-
#newright(name, line = nil, file = nil) ⇒ Object
Define a new right to which access can be provided.
Constructor Details
#initialize ⇒ Rights
Returns a new instance of Rights.
61 62 63 |
# File 'lib/puppet/network/rights.rb', line 61 def initialize @rights = [] end |
Instance Method Details
#[](name) ⇒ Object
65 66 67 |
# File 'lib/puppet/network/rights.rb', line 65 def [](name) @rights.find { |acl| acl == name } end |
#allowed?(name, *args) ⇒ Boolean
Check that name is allowed or not
12 13 14 |
# File 'lib/puppet/network/rights.rb', line 12 def allowed?(name, *args) !is_forbidden_and_why?(name, :node => args[0], :ip => args[1]) end |
#each ⇒ Object
77 78 79 |
# File 'lib/puppet/network/rights.rb', line 77 def each @rights.each { |r| yield r.name,r } end |
#empty? ⇒ Boolean
69 70 71 |
# File 'lib/puppet/network/rights.rb', line 69 def empty? @rights.empty? end |
#include?(name) ⇒ Boolean
73 74 75 |
# File 'lib/puppet/network/rights.rb', line 73 def include?(name) @rights.include?(name) end |
#is_forbidden_and_why?(name, args = {}) ⇒ Boolean
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/puppet/network/rights.rb', line 35 def is_forbidden_and_why?(name, args = {}) res = :nomatch right = @rights.find do |acl| found = false # an acl can return :dunno, which means "I'm not qualified to answer your question, # please ask someone else". This is used when for instance an acl matches, but not for the # current rest method, where we might think some other acl might be more specific. if match = acl.match?(name) args[:match] = match if (res = acl.allowed?(args[:node], args[:ip], args)) != :dunno # return early if we're allowed return nil if res # we matched, select this acl found = true end end found end # if we end up here, then that means we either didn't match or failed, in any # case will return an error to the outside world msg = "#{name} [#{args[:method]}]" AuthorizationError.new(_("Forbidden request: %{msg}") % { msg: msg }) end |
#is_request_forbidden_and_why?(method, path, params) ⇒ Boolean
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/puppet/network/rights.rb', line 16 def is_request_forbidden_and_why?(method, path, params) methods_to_check = if method == :head # :head is ok if either :find or :save is ok. [:find, :save] else [method] end = methods_to_check.map do |m| is_forbidden_and_why?(path, params.merge({:method => m})) end if .include? nil # One of the methods we checked is ok, therefore this request is ok. nil else # Just need to return any of the failure exceptions. .first end end |