Module: Conjur::ActsAsRole

Included in:
Group, Layer
Defined in:
lib/conjur/acts_as_role.rb

Instance Method Summary collapse

Instance Method Details

#can(privilege, resource, options = {}) ⇒ Object

Permit this role to perform a privileged action.



39
40
41
42
 
# File 'lib/conjur/acts_as_role.rb', line 39

def can(privilege, resource, options = {})
  require 'conjur/resource'
  Conjur::Resource.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_resource_id(resource).join('/')].permit privilege, self.roleid, options
end

#cannot(privilege, resource, options = {}) ⇒ Object

Deny this role from performing perform a privileged action.



45
46
47
48
 
# File 'lib/conjur/acts_as_role.rb', line 45

def cannot(privilege, resource, options = {})
  require 'conjur/resource'
  Conjur::Resource.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_resource_id(resource).join('/')].deny privilege, self.roleid
end

#roleObject

NOTE: parse_role_id returns tuple of path components (basically, same components as in ‘roleid’ plus some prefixes)



33
34
35
36
 
# File 'lib/conjur/acts_as_role.rb', line 33

def role
  require 'conjur/role'
  Conjur::Role.new(Conjur::Authz::API.host, self.options)[Conjur::API.parse_role_id(self.roleid).join('/')]
end

#role_kindObject 



27
28
29
 
# File 'lib/conjur/acts_as_role.rb', line 27

def role_kind
  self.class.name.split('::')[-1].underscore
end

#roleidObject 



23
24
25
 
# File 'lib/conjur/acts_as_role.rb', line 23

def roleid
  [ , role_kind, id ].join(':')
end