Module: ForestLiana::Ability::Permission

Includes:
Fetch
Included in:
ForestLiana::Ability
Defined in:
app/services/forest_liana/ability/permission.rb,
app/services/forest_liana/ability/permission/request_permission.rb,
app/services/forest_liana/ability/permission/smart_action_checker.rb

Defined Under Namespace

Classes: RequestPermission, SmartActionChecker

Constant Summary collapse

TTL =
(ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 900).to_i.second

Instance Method Summary collapse

Methods included from Fetch

#get_permissions

Instance Method Details

#is_chart_authorized?(user, parameters) ⇒ Boolean

Returns:

  • (Boolean)


53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'app/services/forest_liana/ability/permission.rb', line 53

def is_chart_authorized?(user, parameters)
  parameters = parameters.to_h
  parameters.delete('timezone')
  parameters.delete('controller')
  parameters.delete('action')
  parameters.delete('collection')
  parameters.delete('contextVariables')
  parameters.delete('record_id')

  hash_request = "#{parameters['type']}:#{Digest::SHA1.hexdigest(parameters.deep_sort.to_s)}"
  allowed = get_chart_data(user['rendering_id']).to_s.include? hash_request

  unless allowed
    allowed = get_chart_data(user['rendering_id'], true).to_s.include? hash_request
  end

  allowed
end

#is_crud_authorized?(action, user, collection) ⇒ Boolean

Returns:

  • (Boolean)


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# File 'app/services/forest_liana/ability/permission.rb', line 11

def is_crud_authorized?(action, user, collection)
  return true unless has_permission_system?

  user_data = get_user_data(user['id'])
  collections_data = get_collections_permissions_data
  collection_name = ForestLiana.name_for(collection)

  begin
    is_allowed = (collections_data.key?(collection_name) && collections_data[collection_name][action].include?(user_data['roleId']))

    # re-fetch if user permission is not allowed (may have been changed)
    unless is_allowed
      collections_data = get_collections_permissions_data(true)
      is_allowed = collections_data[collection_name][action].include? user_data['roleId']
    end

    is_allowed
  rescue ForestLiana::Errors::ExpectedError => exception
    raise exception
  rescue
    raise ForestLiana::Ability::Exceptions::UnknownCollection.new(collection_name)
  end
end

#is_smart_action_authorized?(user, collection, parameters, endpoint, http_method) ⇒ Boolean

Returns:

  • (Boolean)


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'app/services/forest_liana/ability/permission.rb', line 35

def is_smart_action_authorized?(user, collection, parameters, endpoint, http_method)
  return true unless has_permission_system?

  user_data = get_user_data(user['id'])
  collections_data = get_collections_permissions_data
  collection_name = ForestLiana.name_for(collection)
  begin
    action = find_action_from_endpoint(collection_name, endpoint, http_method).name

    smart_action_approval = SmartActionChecker.new(parameters, collection, collections_data[collection_name][:actions][action], user_data)
    smart_action_approval.can_execute?
  rescue ForestLiana::Errors::ExpectedError => exception
    raise exception
  rescue
    raise ForestLiana::Ability::Exceptions::UnknownCollection.new(collection_name)
  end
end