Class: RSAML::Statement::AuthorizationDecisionStatement

Inherits:

Base

• Object
• Base
• RSAML::Statement::AuthorizationDecisionStatement

Defined in:

lib/rsaml/statement/authorization_decision_statement.rb

Overview

A request to allow the assertion subject to access the specified resource has been granted or denied.

Instance Attribute Summary

• #decision ⇒ Object

  The decision rendered by the SAML authority with respect to the specified resource.

• #resource ⇒ Object

  A URI reference identifying the resource to which access authorization is sought.

Attributes inherited from Base

#type

Class Method Summary

• .decision_types ⇒ Object

  defines the possible values to be reported as the status of an authorization decision statement.

Instance Method Summary

• #actions ⇒ Object

  The set of actions authorized to be performed on the specified resource.

• #evidence ⇒ Object

  A set of assertions that the SAML authority relied on in making the decision.

• #to_xml(xml = Builder::XmlMarkup.new) ⇒ Object

  Construct an XML fragment representing the authorization decision statement.

• #validate ⇒ Object

  Validate the structure.

Instance Attribute Details

#decision ⇒ Object

The decision rendered by the SAML authority with respect to the specified resource.

# File 'lib/rsaml/statement/authorization_decision_statement.rb', line 23

def decision
  @decision
end

#resource ⇒ Object

A URI reference identifying the resource to which access authorization is sought. This attribute MAY have the value of the empty URI reference (“”), and the meaning is defined to be “the start of the current document”

# File 'lib/rsaml/statement/authorization_decision_statement.rb', line 20

def resource
  @resource
end

Class Method Details

.decision_types ⇒ Object

defines the possible values to be reported as the status of an authorization decision statement.

Possible values are:

• Permit: The specified action is permitted.

• Deny: The specified action is denied.

• Indeterminate The SAML authority cannot determine whether the specified action is permitted or denied.

# File 'lib/rsaml/statement/authorization_decision_statement.rb', line 13

def self.decision_types
  %w(Permit Deny Indeterminate)
end

Instance Method Details

#actions ⇒ Object

The set of actions authorized to be performed on the specified resource.

# File 'lib/rsaml/statement/authorization_decision_statement.rb', line 26

def actions
  @actions ||= []
end

#evidence ⇒ Object

A set of assertions that the SAML authority relied on in making the decision.

# File 'lib/rsaml/statement/authorization_decision_statement.rb', line 31

def evidence
  @evidence ||= []
end

#to_xml(xml = Builder::XmlMarkup.new) ⇒ Object

Construct an XML fragment representing the authorization decision statement

# File 'lib/rsaml/statement/authorization_decision_statement.rb', line 44

def to_xml(xml=Builder::XmlMarkup.new)
  attributes = {'Resource' => resource, 'Decision' => decision}
  xml.tag!('saml:AuthzStatement', attributes) {
    actions.each { |action| xml << action.to_xml }
    evidence.each { |e| xml << e.to_xml }
  }
end

#validate ⇒ Object

Validate the structure

Raises:

• (ValidationError)

# File 'lib/rsaml/statement/authorization_decision_statement.rb', line 36

def validate
  raise ValidationError, "Resource is required" if resource.nil?
  raise ValidationError, "Decision is required" if decision.nil?
  raise ValidationError, "One or more actions must be specified" if actions.empty?
  actions.each { |action| action.validate }
end