Class: SoarPl::AuthorizationPolicy

Inherits:
Object
  • Object
show all
Includes:
Jsender
Defined in:
lib/soar_pl/authorization_policy.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(policy_identifier, policy_configuration) ⇒ AuthorizationPolicy

Returns a new instance of AuthorizationPolicy.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/soar_pl/authorization_policy.rb', line 19

def initialize(policy_identifier, policy_configuration)
  data = { 'dependencies' => 
           { 'configuration' => 'invalid',
             'policy_identifier' => 'invalid',
             'rule_set' => 'invalid' } }
  @roles = []
  @policy_identifier = policy_identifier
  @configuration = policy_configuration

  valid_policy_identifier = valid_non_empty_string?(policy_identifier)
  valid_configuration = @configuration.is_a?(Hash)
  #byebug
  valid_rule_set = (self.class.name != 'SoarPl::AuthorizationPolicy')
  
  if (policy_identifier.nil?)
    @status = fail('no identifier provided')
  elsif (not valid_policy_identifier)
    @status = fail('invalid identifier provided')
  elsif policy_configuration.nil?
    @status = fail('no configuration provided')
  elsif not valid_configuration
    @status = fail('invalid configuration provided', data) 
  elsif not valid_rule_set
    # Must extend this class and provide a rule set in apply_rule_set(...)
    @status = fail('invalid rule set provided')
  else
    @status = success_data(data)
  end
  data['dependencies']['configuration'] = (valid_configuration ? 'valid' : 'invalid')
  data['dependencies']['rule_set'] = (valid_rule_set ? 'valid' : 'invalid')
  data['dependencies']['policy_identifier'] = (valid_policy_identifier ? 'valid' : 'invalid')
  setup
end

Instance Attribute Details

#configurationObject (readonly)

Returns the value of attribute configuration.



12
13
14
 
# File 'lib/soar_pl/authorization_policy.rb', line 12

def configuration
  @configuration
end

#idmObject (readonly)

Returns the value of attribute idm.



14
15
16
 
# File 'lib/soar_pl/authorization_policy.rb', line 14

def idm
  @idm
end

#policy_configurationObject (readonly)

Returns the value of attribute policy_configuration.



8
9
10
 
# File 'lib/soar_pl/authorization_policy.rb', line 8

def policy_configuration
  @policy_configuration
end

#policy_identifierObject (readonly)

Returns the value of attribute policy_identifier.



7
8
9
 
# File 'lib/soar_pl/authorization_policy.rb', line 7

def policy_identifier
  @policy_identifier
end

#requestObject (readonly)

Returns the value of attribute request.



11
12
13
 
# File 'lib/soar_pl/authorization_policy.rb', line 11

def request
  @request
end

#request_debug_allowObject

Returns the value of attribute request_debug_allow.



17
18
19
 
# File 'lib/soar_pl/authorization_policy.rb', line 17

def request_debug_allow
  @request_debug_allow
end

#requestor_identifierObject (readonly)

Returns the value of attribute requestor_identifier.



10
11
12
 
# File 'lib/soar_pl/authorization_policy.rb', line 10

def requestor_identifier
  @requestor_identifier
end

#rolesObject (readonly)

Returns the value of attribute roles.



15
16
17
 
# File 'lib/soar_pl/authorization_policy.rb', line 15

def roles
  @roles
end

#rule_setObject (readonly)

Returns the value of attribute rule_set.



13
14
15
 
# File 'lib/soar_pl/authorization_policy.rb', line 13

def rule_set
  @rule_set
end

#statusObject

Returns the value of attribute status.



16
17
18
 
# File 'lib/soar_pl/authorization_policy.rb', line 16

def status
  @status
end

#subject_identifierObject (readonly)

Returns the value of attribute subject_identifier.



9
10
11
 
# File 'lib/soar_pl/authorization_policy.rb', line 9

def subject_identifier
  @subject_identifier
end

Instance Method Details

#authorize(subject_identifier, requestor_identifier, resource_identifier, request) ⇒ Object 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
 
# File 'lib/soar_pl/authorization_policy.rb', line 63

def authorize(subject_identifier, requestor_identifier, resource_identifier, request)
  #byebug
  requested = request
  begin
    requested = JSON.parse(request) if not request.is_a?(Hash)
  rescue => ex
    return fail("Invalid request", build_result(false, "Invalid request", @idm))        
  end
  return fail_invalid("resource identifier") if not valid_non_empty_string?(resource_identifier)
  return fail("Invalid request", build_result(false, "Invalid request", @idm)) if requested and not requested.is_a?(Hash)
  return fail_invalid("requestor identifier") if not valid_non_empty_string?(requestor_identifier)
  return fail_invalid("subject identifier") if not valid_non_empty_string?(subject_identifier)

  subject_roles = []
  attributes = {}
  begin
    subject_roles = discover_subject_roles(subject_identifier) if @idm
  rescue => ex
    error = 'Entity error (IDM)'
    return fail(error, build_result(false, error, @idm))
  end

  return success_data(build_result(false, "Role missing", @idm)) if not roles_present?(subject_roles, @roles)

  begin
    attributes = discover_subject_role_attributes(subject_identifier, subject_roles) if @idm
  rescue => ex
    error = 'Entity error (IDM)'
    return fail(error, build_result(false, error, @idm))
  end

  result, message = apply_rule_set(subject_identifier, requestor_identifier, resource_identifier, requested, subject_roles, attributes)

  if (result)
    success_data(build_result(true, message, @idm))
  else
    success_data(build_result(false, message, @idm))
  end
end

#has_idm(idm) ⇒ Object 



59
60
61
 
# File 'lib/soar_pl/authorization_policy.rb', line 59

def has_idm(idm)
  @idm = idm
end

#requires_roles(roles) ⇒ Object 



53
54
55
56
57
 
# File 'lib/soar_pl/authorization_policy.rb', line 53

def requires_roles(roles)
  roles = [roles] if not roles.is_a?(Array)

  @roles = roles
end