Class: RoadForest::Authorization::Manager

Inherits:

Object

• Object
• RoadForest::Authorization::Manager

Defined in:

lib/roadforest/authorization.rb

Constant Summary

HASH_FUNCTION =

"SHA256".freeze

Instance Attribute Summary

• #authenticator ⇒ Object

  Returns the value of attribute authenticator.

• #grants ⇒ Object readonly

  Returns the value of attribute grants.

• #policy ⇒ Object

  Returns the value of attribute policy.

Instance Method Summary

• #authorization(header, required_grants) ⇒ Object

  :public means the request doesn’t need authorization :granted means that it does need authz but the credentials passed are allowed to access the resource :refused means that the credentials passed are not allowed to access the resource.

• #build_grants(&block) ⇒ Object
• #challenge(options) ⇒ Object
• #initialize(salt = nil, authenticator = nil, policy = nil) ⇒ Manager constructor

  A new instance of Manager.

Constructor Details

#initialize(salt = nil, authenticator = nil, policy = nil) ⇒ Manager

Returns a new instance of Manager.

# File 'lib/roadforest/authorization.rb', line 59

def initialize(salt = nil, authenticator = nil, policy = nil)
  @grants = GrantsHolder.new(salt || "roadforest-insecure", HASH_FUNCTION)

  @authenticator = authenticator || AuthenticationChain.new(DefaultAuthenticationStore.new)
  @policy = policy || AuthorizationPolicy.new
  @policy.grants_holder = @grants
end

Instance Attribute Details

#authenticator ⇒ Object

Returns the value of attribute authenticator.

# File 'lib/roadforest/authorization.rb', line 53

def authenticator
  @authenticator
end

#grants ⇒ Object (readonly)

Returns the value of attribute grants.

# File 'lib/roadforest/authorization.rb', line 55

def grants
  @grants
end

#policy ⇒ Object

Returns the value of attribute policy.

# File 'lib/roadforest/authorization.rb', line 54

def policy
  @policy
end

Instance Method Details

#authorization(header, required_grants) ⇒ Object

:public means the request doesn’t need authorization :granted means that it does need authz but the credentials passed are

allowed to access the resource

:refused means that the credentials passed are not allowed to access

the resource

TODO: Resource needs to add s-maxage=0 for :granted requests or public for :public requests to the CacheControl header

# File 'lib/roadforest/authorization.rb', line 85

def authorization(header, required_grants)
  entity = authenticator.authenticate(header)

  return :refused if entity.nil?

  available_grants = policy.grants_for(entity)

  if required_grants.any?{|required| available_grants.include?(required)}
    return :granted
  else
    return :refused
  end
end

#build_grants(&block) ⇒ Object

# File 'lib/roadforest/authorization.rb', line 67

def build_grants(&block)
  @grants.build_grants(&block)
end

#challenge(options) ⇒ Object

# File 'lib/roadforest/authorization.rb', line 71

def challenge(options)
  @authenticator.challenge(options)
end