Module: Bosh::Director::Api::Extensions::Scoping
- Defined in:
- lib/bosh/director/api/extensions/scoping.rb
Defined Under Namespace
Modules: Helpers
Classes: ParamsScope
Class Method Summary
collapse
Instance Method Summary
collapse
Class Method Details
.registered(app) ⇒ Object
11
12
13
14
|
# File 'lib/bosh/director/api/extensions/scoping.rb', line 11
def self.registered(app)
app.set default_scope: :write
app.helpers(Helpers)
end
|
Instance Method Details
#route(verb, path, options = {}, &block) ⇒ Object
49
50
51
52
|
# File 'lib/bosh/director/api/extensions/scoping.rb', line 49
def route(verb, path, options = {}, &block)
options[:scope] ||= :default
super(verb, path, options, &block)
end
|
#scope(allowed_scope) ⇒ Object
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# File 'lib/bosh/director/api/extensions/scoping.rb', line 16
def scope(allowed_scope)
condition do
if allowed_scope == :default
scope = settings.default_scope
elsif allowed_scope.kind_of?(ParamsScope)
scope = allowed_scope.scope(params, settings.default_scope)
else
scope = allowed_scope
end
auth_provided = %w(HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION).detect do |key|
request.env.has_key?(key)
end
if auth_provided
begin
@user = identity_provider.get_user(request.env)
rescue AuthenticationError
end
end
if requires_authentication? && (@user.nil? || !identity_provider.valid_access?(@user, scope))
response['WWW-Authenticate'] = 'Basic realm="BOSH Director"'
if @user.nil?
message = "Not authorized: '#{request.path}'\n"
else
message = "Not authorized: '#{request.path}' requires one of the scopes: #{identity_provider.required_scopes(scope).join(", ")}\n"
end
throw(:halt, [401, message])
end
end
end
|