Class: Soar::Policy::AccessManager::ModelProvider::ServiceRegistry

Inherits:

Object

Object
Soar::Policy::AccessManager::ModelProvider::ServiceRegistry

show all

Includes:: Jsender

Defined in:: lib/soar/policy/access_manager/model_provider/service_registry.rb

Instance Attribute Summary collapse

#service_registry ⇒ Object readonly

Returns the value of attribute service_registry.

Instance Method Summary collapse

#authorized?(service_identifier, resource_identifier, request) ⇒ Boolean
#initialize(service_registry) ⇒ ServiceRegistry constructor

A new instance of ServiceRegistry.

Constructor Details

#initialize(service_registry) ⇒ `ServiceRegistry`

Returns a new instance of ServiceRegistry.



15
16
17

# File 'lib/soar/policy/access_manager/model_provider/service_registry.rb', line 15

def initialize(service_registry)
  @service_registry = service_registry
end

Instance Attribute Details

#service_registry ⇒ `Object` (readonly)

Returns the value of attribute service_registry.



13
14
15

# File 'lib/soar/policy/access_manager/model_provider/service_registry.rb', line 13

def service_registry
  @service_registry
end

Instance Method Details

#authorized?(service_identifier, resource_identifier, request) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/soar/policy/access_manager/model_provider/service_registry.rb', line 19

def authorized?(service_identifier, resource_identifier, request)
  notifications = []
  decision = false

  begin
    if ENV['RACK_ENV'] == 'development'
      notifications << 'Authorized in development environment'
      decision = true
    end

    meta = @service_registry.services.meta_for_service(service_identifier)
    policy = meta['policy'] if meta and meta.is_a?(Hash) and meta['policy']

    if policy.nil?
      decision = true
      notifications << 'No policy associated with service'
    else
      decision, detail = ask_policy(policy, request[:authentication_identifier], service_identifier, resource_identifier, request)
      notifications.concat(detail) if not detail.empty?
      notifications << 'Policy rejected authorization request' if not decision
      notifications << 'Policy approved authorization request' if decision
    end
  rescue SoarSr::ValidationError => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  rescue Exception => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  end

  success(notifications, { 'approved' => decision } )
end

Class: Soar::Policy::AccessManager::ModelProvider::ServiceRegistry

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(service_registry) ⇒ ServiceRegistry

Instance Attribute Details

#service_registry ⇒ Object (readonly)

Instance Method Details

#authorized?(service_identifier, resource_identifier, request) ⇒ Boolean

#initialize(service_registry) ⇒ `ServiceRegistry`

#service_registry ⇒ `Object` (readonly)

#authorized?(service_identifier, resource_identifier, request) ⇒ `Boolean`