Class: Soar::Authorization::AccessManager::Provider::ServiceRegistry

Inherits:
Object
  • Object
show all
Includes:
Jsender
Defined in:
lib/soar/authorization/access_manager/provider/service_registry.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(service_registry) ⇒ ServiceRegistry

Returns a new instance of ServiceRegistry.



15
16
17
 
# File 'lib/soar/authorization/access_manager/provider/service_registry.rb', line 15

def initialize(service_registry)
  @service_registry = service_registry
end

Instance Attribute Details

#service_registryObject (readonly)

Returns the value of attribute service_registry.



13
14
15
 
# File 'lib/soar/authorization/access_manager/provider/service_registry.rb', line 13

def service_registry
  @service_registry
end

Instance Method Details

#authorized?(service_identifier, resource_identifier, request) ⇒ Boolean

Returns:

  • (Boolean) 


19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/soar/authorization/access_manager/provider/service_registry.rb', line 19

def authorized?(service_identifier, resource_identifier, request)
  notifications = []
  decision = false

  begin
    if ENV['RACK_ENV'] == 'development'
      notifications << 'Authorized in development environment'
      decision = true
    end

    meta = @service_registry.services.meta_for_service(service_identifier)
    policy = meta['policy'] if meta and meta.is_a?(Hash) and meta['policy']

    if policy.nil?
      decision = true
      notifications << 'No policy associated with service'
    else
      decision, detail = ask_policy(policy, request[:authentication_identifier], service_identifier, resource_identifier, request)
      notifications.concat(detail) if not detail.empty?
      notifications << 'Policy rejected authorization request' if not decision
      notifications << 'Policy approved authorization request' if decision
    end
  rescue SoarSr::ValidationError => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  rescue Exception => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  end

  success(notifications, { 'approved' => decision } )
end