Module: Unimatrix::Authorization

Defined in:

lib/unimatrix/authorization/parser.rb,
lib/unimatrix/authorization/policy.rb,
lib/unimatrix/authorization/railtie.rb,
lib/unimatrix/authorization/request.rb,
lib/unimatrix/authorization/resource.rb,
lib/unimatrix/authorization/response.rb,
lib/unimatrix/authorization/operation.rb,
lib/unimatrix/authorization/resource_owner.rb,
lib/unimatrix/authorization/resource_server.rb,
lib/unimatrix/authorization/client_credentials_grant.rb,
lib/unimatrix/authorization/filters/requires_policies.rb

Defined Under Namespace

Modules: ClassMethods Classes: ClientCredentialsGrant, Operation, Parser, Policy, Railtie, Request, RequiresPolicies, Resource, ResourceOwner, ResourceServer, Response

Class Method Summary

• .included(controller) ⇒ Object

Instance Method Summary

• #policies ⇒ Object
• #policies=(attributes) ⇒ Object
• #request_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object
• #retrieve_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object

  In Rails app, this is overwritten by #retrieve_policies in railtie.rb.

Class Method Details

.included(controller) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 70

def self.included( controller )
  controller.extend( ClassMethods )
end

Instance Method Details

#policies ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 78

def policies
  @policies ||= begin
    # Used by Archivist requires_permission filter. TODO: deprecate
    retrieve_policies( 
      @resource_name, 
      params[ :access_token ], 
      realm_uuid,
      @resource_server 
    )
  end
end

#policies=(attributes) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 74

def policies=( attributes )
  @policies = attributes
end

#request_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 102

def request_policies( resource_name, access_token, realm_uuid, resource_server )
  if resource_name && access_token
    realm_uuid = realm_uuid || '*'
    Operation.new( '/policies' ).where(
      access_token: access_token,
      resource: "realm/#{ realm_uuid }::#{ resource_server }::#{ resource_name }/*"
    ).read
  end
end

#retrieve_policies(resource_name, access_token, realm_uuid, resource_server) ⇒ Object

In Rails app, this is overwritten by #retrieve_policies in railtie.rb

# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 91

def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
  if resource_name && access_token
    key = params.respond_to?( 'to_unsafe_h' ) ? 
          params.to_unsafe_h.sort.to_s : 
          params.sort.to_s
          
    Rails.cache.fetch(
      Digest::SHA1.hexdigest( key ),
      expires_in: 1.minute
    ) do
      request_policies( resource_name, access_token, realm_uuid, resource_server )
    end
  end
end