Module: Shamu::Security::Support

Extended by:

ActiveSupport::Concern

Included in:

Features::FeaturesService

Defined in:

lib/shamu/security/support.rb

Overview

Adds support for authorizing and querying security Policy to a Shamu::Services::Service.

Dependencies

• #roles_service ⇒ Security::RolesService

  A roles service to retrieve the roles granted to the #security_principal.

• #security_principal ⇒ Security::Principal

  The principal offered to the service for policy resolution.

Class Method Summary

• .policy_class(klass) ⇒ Object

  Define the Policy class to use when enforcing policy on the service methods.

Instance Method Summary

• #authorize!(action, resource, additional_context = nil) ⇒ resource
• #delegate_policy_class ⇒ Class

  A Policy class used when #service_policy_delegation? is true.

• #permit?(action, resource, additional_context = nil) ⇒ :yes, ...
• #policy ⇒ Policy

  The security Policy for the service.

• #policy_class ⇒ Class

  Override to declare the policy class to use for the service.

• #service_policy_delegation? ⇒ Boolean

  True if the service has been asked to delegate policy checks to the upstream service and.

Instance Attribute Details

#roles_service ⇒ Security::RolesService

Returns a roles service to retrieve the roles granted to the #security_principal.

Returns:

• (Security::RolesService) —

  a roles service to retrieve the roles granted to the #security_principal.

# File 'lib/shamu/security/support.rb', line 17

#security_principal ⇒ Security::Principal

Returns the principal offered to the service for policy resolution.

Returns:

• (Security::Principal) —

  the principal offered to the service for policy resolution.

# File 'lib/shamu/security/support.rb', line 13

Class Method Details

.policy_class(klass) ⇒ Object

Define the Policy class to use when enforcing policy on the service methods.

# File 'lib/shamu/security/support.rb', line 87

def policy_class( klass )
  define_method :policy_class do
    klass
  end

  private :policy_class
end

Instance Method Details

#authorize!(action, resource, additional_context = nil) ⇒ resource

Returns:

• (resource)

See Also:

• Policy#authorize!

# File 'lib/shamu/security/support.rb', line 37

#delegate_policy_class ⇒ Class

Returns a Policy class used when #service_policy_delegation? is true.

Returns:

• (Class) —

  a Policy class used when #service_policy_delegation? is true.

# File 'lib/shamu/security/support.rb', line 70

def delegate_policy_class
  NoPolicy
end

#permit?(action, resource, additional_context = nil) ⇒ :yes, ...

Returns:

• (:yes, :maybe, false)

See Also:

• Policy#permit?

# File 'lib/shamu/security/support.rb', line 45

delegate :authorize!, :permit?, to: :policy

#policy ⇒ Policy

Returns the security Policy for the service.

Returns:

• (Policy) —

  the security Policy for the service.

# File 'lib/shamu/security/support.rb', line 30

def policy
  @policy ||= _policy_class.new(
    principal: security_principal,
    roles: roles_service.roles_for( security_principal )
  )
end

#policy_class ⇒ Class

Override to declare the policy class to use for the service.

Returns:

• (Class) —

  a Policy class used to authorize actions.

# File 'lib/shamu/security/support.rb', line 62

def policy_class
  fail Security::IncompleteSetupError, "No policy class defined. Override #policy_class in #{ self.class.name } to declare policy." # rubocop:disable Metrics/LineLength
end

#service_policy_delegation? ⇒ Boolean

Returns true if the service has been asked to delegate policy checks to the upstream service and.

Returns:

• (Boolean) —

  true if the service has been asked to delegate policy checks to the upstream service and

# File 'lib/shamu/security/support.rb', line 78

def service_policy_delegation?
  security_principal.service_delegate?
end