Module: Shamu::Security::Support
- Extended by:
- ActiveSupport::Concern
- Included in:
- Features::FeaturesService
- Defined in:
- lib/shamu/security/support.rb
Overview
Adds support for authorizing and querying security Policy to a Shamu::Services::Service.
Dependencies collapse
-
#roles_service ⇒ Security::RolesService
A roles service to retrieve the roles granted to the #security_principal.
-
#security_principal ⇒ Security::Principal
The principal offered to the service for policy resolution.
Class Method Summary collapse
-
.policy_class(klass) ⇒ Object
Define the Policy class to use when enforcing policy on the service methods.
Instance Method Summary collapse
- #authorize!(action, resource, additional_context = nil) ⇒ resource
-
#delegate_policy_class ⇒ Class
A Policy class used when #service_policy_delegation? is true.
- #permit?(action, resource, additional_context = nil) ⇒ :yes, ...
-
#policy ⇒ Policy
The security Policy for the service.
-
#policy_class ⇒ Class
Override to declare the policy class to use for the service.
-
#service_policy_delegation? ⇒ Boolean
True if the service has been asked to delegate policy checks to the upstream service and.
Instance Attribute Details
#roles_service ⇒ Security::RolesService
Returns a roles service to retrieve the roles granted to the #security_principal.
|
# File 'lib/shamu/security/support.rb', line 17
|
#security_principal ⇒ Security::Principal
Returns the principal offered to the service for policy resolution.
|
# File 'lib/shamu/security/support.rb', line 13
|
Class Method Details
.policy_class(klass) ⇒ Object
Define the Policy class to use when enforcing policy on the service methods.
87 88 89 90 91 92 93 |
# File 'lib/shamu/security/support.rb', line 87 def policy_class( klass ) define_method :policy_class do klass end private :policy_class end |
Instance Method Details
#authorize!(action, resource, additional_context = nil) ⇒ resource
|
# File 'lib/shamu/security/support.rb', line 37
|
#delegate_policy_class ⇒ Class
Returns a Policy class used when #service_policy_delegation? is true.
70 71 72 |
# File 'lib/shamu/security/support.rb', line 70 def delegate_policy_class NoPolicy end |
#permit?(action, resource, additional_context = nil) ⇒ :yes, ...
45 |
# File 'lib/shamu/security/support.rb', line 45 delegate :authorize!, :permit?, to: :policy |
#policy ⇒ Policy
Returns the security Policy for the service.
30 31 32 33 34 35 |
# File 'lib/shamu/security/support.rb', line 30 def policy @policy ||= _policy_class.new( principal: security_principal, roles: roles_service.roles_for( security_principal ) ) end |
#policy_class ⇒ Class
Override to declare the policy class to use for the service.
62 63 64 |
# File 'lib/shamu/security/support.rb', line 62 def policy_class fail Security::IncompleteSetupError, "No policy class defined. Override #policy_class in #{ self.class.name } to declare policy." # rubocop:disable Metrics/LineLength end |
#service_policy_delegation? ⇒ Boolean
Returns true if the service has been asked to delegate policy checks to the upstream service and.
78 79 80 |
# File 'lib/shamu/security/support.rb', line 78 def service_policy_delegation? security_principal.service_delegate? end |