Class: Unimatrix::Authorization::RequiresPolicies

Inherits:
Object
  • Object
show all
Defined in:
lib/unimatrix/authorization/filters/requires_policies.rb

Instance Method Summary collapse

Constructor Details

#initialize(resource, options = {}) ⇒ RequiresPolicies 



4
5
6
7
 
# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 4

def initialize( resource, options = {} )
  @resource_name = resource
  @resource_server = options[ :resource_server ] || ENV[ 'APPLICATION_NAME' ]
end

Instance Method Details

#before(controller) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 9

def before( controller )
  client_id     = Unimatrix.configuration.client_id
  client_secret = Unimatrix.configuration.client_secret

  access_token =
    if controller.params[ 'access_token' ].present?
      controller.params[ 'access_token' ]
    else
      controller.retrieve_client_token( client_id, client_secret )
    end

  realm_uuid =
    if controller.respond_to?( :realm_uuid )
      controller.realm_uuid
    elsif controller.respond_to?( :realm )
      controller.realm.uuid
    else
      controller.params[ :realm_uuid ]
    end

  if access_token.present?
    policies = controller.retrieve_policies(
      @resource_name,
      access_token,
      realm_uuid,
      @resource_server
    )

    if policies.present? && policies.is_a?( Array ) &&
       policies.first.type_name == 'policy'
      controller.policies = policies
      forbidden = true
      policies.each do | policy |
        if policy.actions.include?( controller.action_name )
          forbidden = false
        end
      end

      if forbidden
        controller.render_error( ::MissingPolicyError )
      end
    else
      controller.render_error( ::MissingPolicyError )
    end
  else
    controller.render_error( ::MissingTokenError )
  end
end