Module: Conjur::ActsAsRole
Instance Method Summary collapse
-
#can(privilege, resource, options = {}) ⇒ Object
Permit this role to perform a privileged action.
-
#cannot(privilege, resource, options = {}) ⇒ Object
Deny this role from performing perform a privileged action.
-
#role ⇒ Object
NOTE: parse_role_id returns tuple of path components (basically, same components as in ‘roleid’ plus some prefixes).
- #role_kind ⇒ Object
- #roleid ⇒ Object
Instance Method Details
#can(privilege, resource, options = {}) ⇒ Object
Permit this role to perform a privileged action.
39 40 41 42 |
# File 'lib/conjur/acts_as_role.rb', line 39 def can(privilege, resource, = {}) require 'conjur/resource' Conjur::Resource.new(Conjur::Authz::API.host, self.)[Conjur::API.parse_resource_id(resource).join('/')].permit privilege, self.roleid, end |
#cannot(privilege, resource, options = {}) ⇒ Object
Deny this role from performing perform a privileged action.
45 46 47 48 |
# File 'lib/conjur/acts_as_role.rb', line 45 def cannot(privilege, resource, = {}) require 'conjur/resource' Conjur::Resource.new(Conjur::Authz::API.host, self.)[Conjur::API.parse_resource_id(resource).join('/')].deny privilege, self.roleid end |
#role ⇒ Object
NOTE: parse_role_id returns tuple of path components (basically, same components as in ‘roleid’ plus some prefixes)
33 34 35 36 |
# File 'lib/conjur/acts_as_role.rb', line 33 def role require 'conjur/role' Conjur::Role.new(Conjur::Authz::API.host, self.)[Conjur::API.parse_role_id(self.roleid).join('/')] end |
#role_kind ⇒ Object
27 28 29 |
# File 'lib/conjur/acts_as_role.rb', line 27 def role_kind self.class.name.split('::')[-1].underscore end |
#roleid ⇒ Object
23 24 25 |
# File 'lib/conjur/acts_as_role.rb', line 23 def roleid [ core_conjur_account, role_kind, id ].join(':') end |