Class: Unimatrix::Authorization::RequiresPolicies

Inherits:
Object
  • Object
show all
Defined in:
lib/unimatrix/authorization/filters/requires_policies.rb

Instance Method Summary collapse

Constructor Details

#initialize(resource, options = {}) ⇒ RequiresPolicies 



4
5
6
7
 
# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 4

def initialize( resource, options = {} )
  @resource_name = resource
  @resource_server = options[ :resource_server ] || ENV[ 'APPLICATION_NAME' ]
end

Instance Method Details

#before(controller) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
 
# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 9

def before( controller )
  access_token = controller.params[ 'access_token' ]
  
  realm_uuid = begin 
    if controller.respond_to?( :realm_uuid )
      controller.realm_uuid
    elsif controller.respond_to?( :realm )
      controller.realm.uuid
    else
      controller.params[ :realm_uuid ]
    end
  end

  if access_token.present?
    policies = controller.retrieve_policies( 
      @resource_name, 
      access_token, 
      realm_uuid, 
      @resource_server 
    )

    if policies.present? && policies.is_a?( Array ) &&
       policies.first.type_name == 'policy'
      controller.policies = policies
      forbidden = true
      policies.each do | policy |
        if policy.actions.include?( controller.action_name )
          forbidden = false
        end
      end

      if forbidden
        controller.render_error(
          ::ForbiddenError,
          "A policy permitting this action was not found."
        )
      end
    else
      controller.render_error(
        ::ForbiddenError,
        "The requested policies could not be retrieved."
      )
    end
  else
    controller.render_error( 
      ::MissingParameterError,
      "The parameter 'access_token' is required."
    ) 
  end
end