Module: Bosh::Director::Api::Extensions::Scoping

Defined in:
lib/bosh/director/api/extensions/scoping.rb

Defined Under Namespace

Modules: Helpers Classes: ParamsScope

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.registered(app) ⇒ Object 



15
16
17
18
 
# File 'lib/bosh/director/api/extensions/scoping.rb', line 15

def self.registered(app)
  app.set default_scope: :admin
  app.helpers(Helpers)
end

Instance Method Details

#route(verb, path, options = {}, &block) ⇒ Object 



46
47
48
49
 
# File 'lib/bosh/director/api/extensions/scoping.rb', line 46

def route(verb, path, options = {}, &block)
  options[:scope] ||= :default
  super(verb, path, options, &block)
end

#scope(allowed_scope) ⇒ Object 



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/bosh/director/api/extensions/scoping.rb', line 20

def scope(allowed_scope)
  if allowed_scope == :authorization
    # handled by the :authorization option of the route
    return
  end

  condition do
    if allowed_scope == :default
      scope = settings.default_scope
    elsif allowed_scope.kind_of?(ParamsScope)
      scope = allowed_scope.scope(params, settings.default_scope)
    else
      scope = allowed_scope
    end

    if requires_authentication?
      if @user.nil?
        # this should already be happening in base_controller#authentication
        throw(:halt, [401, "Not authorized: '#{request.path}'\n"])
      end

      @permission_authorizer.granted_or_raise(:director, scope, @user.scopes)
    end
  end
end