Class: Soar::Authorization::AccessManager::Provider::Policy

Inherits:
Object
  • Object
show all
Includes:
Jsender
Defined in:
lib/soar/authorization/access_manager/provider/policy.rb

Instance Method Summary collapse

Constructor Details

#initialize(meta: {}, policies: {}) ⇒ Policy

Returns a new instance of Policy.



14
15
16
17
 
# File 'lib/soar/authorization/access_manager/provider/policy.rb', line 14

def initialize(meta: {}, policies: {})
  @meta = meta
  @policies = policies
end

Instance Method Details

#authorized?(service_identifier, resource_identifier, request) ⇒ Boolean

Returns:

  • (Boolean) 


19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/soar/authorization/access_manager/provider/policy.rb', line 19

def authorized?(service_identifier, resource_identifier, request)
  notifications = []
  decision = false

  begin
    if ENV['RACK_ENV'] == 'development'
      notifications << 'Authorized in development environment'
      decision = true
    end

    policy = get_policy(service_identifier)

    if policy.nil?
      decision = true
      notifications << 'No policy associated with service'
    else
      decision, detail = ask_policy(policy, request[:authentication_identifier], service_identifier, resource_identifier, request)
      notifications.concat(detail) if not detail.empty?
      notifications << 'Policy rejected authorization request' if not decision
      notifications << 'Policy approved authorization request' if decision
    end
  rescue SoarSr::ValidationError => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  rescue Exception => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  end

  success(notifications, { 'approved' => decision } )
end