Module: ForestLiana::Ability::Permission

Includes:

Fetch

Included in:

ForestLiana::Ability

Defined in:

app/services/forest_liana/ability/permission.rb,
app/services/forest_liana/ability/permission/request_permission.rb,
app/services/forest_liana/ability/permission/smart_action_checker.rb

Defined Under Namespace

Classes: RequestPermission, SmartActionChecker

Constant Summary

TTL =

(ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 900).to_i.second

Instance Method Summary

• #is_chart_authorized?(user, parameters) ⇒ Boolean
• #is_crud_authorized?(action, user, collection) ⇒ Boolean
• #is_smart_action_authorized?(user, collection, parameters, endpoint, http_method) ⇒ Boolean

Methods included from Fetch

#get_permissions

Instance Method Details

#is_chart_authorized?(user, parameters) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/services/forest_liana/ability/permission.rb', line 53

def is_chart_authorized?(user, parameters)
  parameters = parameters.to_h
  parameters.delete('timezone')
  parameters.delete('controller')
  parameters.delete('action')
  parameters.delete('collection')
  parameters.delete('contextVariables')
  parameters.delete('record_id')

  hash_request = "#{parameters['type']}:#{Digest::SHA1.hexdigest(parameters.deep_sort.to_s)}"
  allowed = get_chart_data(user['rendering_id']).to_s.include? hash_request

  unless allowed
    allowed = get_chart_data(user['rendering_id'], true).to_s.include? hash_request
  end

  allowed
end

#is_crud_authorized?(action, user, collection) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/services/forest_liana/ability/permission.rb', line 11

def is_crud_authorized?(action, user, collection)
  return true unless has_permission_system?

  user_data = get_user_data(user['id'])
  collections_data = get_collections_permissions_data
  collection_name = ForestLiana.name_for(collection)

  begin
    is_allowed = (collections_data.key?(collection_name) && collections_data[collection_name][action].include?(user_data['roleId']))

    # re-fetch if user permission is not allowed (may have been changed)
    unless is_allowed
      collections_data = get_collections_permissions_data(true)
      is_allowed = collections_data[collection_name][action].include? user_data['roleId']
    end

    is_allowed
  rescue ForestLiana::Errors::ExpectedError => exception
    raise exception
  rescue
    raise ForestLiana::Ability::Exceptions::UnknownCollection.new(collection_name)
  end
end

#is_smart_action_authorized?(user, collection, parameters, endpoint, http_method) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/services/forest_liana/ability/permission.rb', line 35

def is_smart_action_authorized?(user, collection, parameters, endpoint, http_method)
  return true unless has_permission_system?

  user_data = get_user_data(user['id'])
  collections_data = get_collections_permissions_data
  collection_name = ForestLiana.name_for(collection)
  begin
    action = find_action_from_endpoint(collection_name, endpoint, http_method).name

    smart_action_approval = SmartActionChecker.new(parameters, collection, collections_data[collection_name][:actions][action], user_data)
    smart_action_approval.can_execute?
  rescue ForestLiana::Errors::ExpectedError => exception
    raise exception
  rescue
    raise ForestLiana::Ability::Exceptions::UnknownCollection.new(collection_name)
  end
end