Class: Insights::API::Common::RBAC::Access

Inherits:
Object
  • Object
show all
Defined in:
lib/insights/api/common/rbac/access.rb

Constant Summary collapse

DEFAULT_LIMIT = 
500

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource, verb) ⇒ Access

Returns a new instance of Access.



8
9
10
11
12
13
 
# File 'lib/insights/api/common/rbac/access.rb', line 8

def initialize(resource, verb)
  @resource = resource
  @verb     = verb
  @regexp   = Regexp.new(":(#{Regexp.escape(@resource)}|\\*):(#{Regexp.escape(@verb)}|\\*)")
  @app_name = ENV["APP_NAME"]
end

Instance Attribute Details

#aclObject (readonly)

Returns the value of attribute acl.



6
7
8
 
# File 'lib/insights/api/common/rbac/access.rb', line 6

def acl
  @acl
end

Class Method Details

.enabled?Boolean

Returns:

  • (Boolean) 


36
37
38
 
# File 'lib/insights/api/common/rbac/access.rb', line 36

def self.enabled?
  ENV['BYPASS_RBAC'].blank?
end

Instance Method Details

#accessible?Boolean

Returns:

  • (Boolean) 


24
25
26
 
# File 'lib/insights/api/common/rbac/access.rb', line 24

def accessible?
  @acl.any?
end

#id_listObject 



28
29
30
 
# File 'lib/insights/api/common/rbac/access.rb', line 28

def id_list
  ids.include?('*') ? [] : ids
end

#owner_scoped?Boolean

Returns:

  • (Boolean) 


32
33
34
 
# File 'lib/insights/api/common/rbac/access.rb', line 32

def owner_scoped?
  ids.include?('*') ? false : owner_scope_filter?
end

#processObject 



15
16
17
18
19
20
21
22
 
# File 'lib/insights/api/common/rbac/access.rb', line 15

def process
  Service.call(RBACApiClient::AccessApi) do |api|
    @acl ||= Service.paginate(api, :get_principal_access, {:limit => DEFAULT_LIMIT}, @app_name).select do |item|
      @regexp.match?(item.permission)
    end
  end
  self
end