Class: Unimatrix::Authorization::RequiresPolicies
- Inherits:
-
Object
- Object
- Unimatrix::Authorization::RequiresPolicies
- Defined in:
- lib/unimatrix/authorization/filters/requires_policies.rb
Instance Method Summary collapse
- #before(controller) ⇒ Object
-
#initialize(resource, options = {}) ⇒ RequiresPolicies
constructor
A new instance of RequiresPolicies.
Constructor Details
#initialize(resource, options = {}) ⇒ RequiresPolicies
Returns a new instance of RequiresPolicies.
4 5 6 7 |
# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 4 def initialize( resource, = {} ) @resource_name = resource @resource_server = [ :resource_server ] || ENV[ 'APPLICATION_NAME' ] end |
Instance Method Details
#before(controller) ⇒ Object
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/unimatrix/authorization/filters/requires_policies.rb', line 9 def before( controller ) client_id = Unimatrix.configuration.client_id client_secret = Unimatrix.configuration.client_secret access_token = if controller.params[ 'access_token' ].present? controller.params[ 'access_token' ] else controller.retrieve_client_token( client_id, client_secret ) end realm_uuid = if controller.respond_to?( :realm_uuid ) controller.realm_uuid elsif controller.respond_to?( :realm ) controller.realm.uuid else controller.params[ :realm_uuid ] end if access_token.present? policies = controller.retrieve_policies( @resource_name, access_token, realm_uuid, @resource_server ) if policies.present? && policies.is_a?( Array ) && policies.first.type_name == 'policy' controller.policies = policies forbidden = true policies.each do | policy | if policy.actions.include?( controller.action_name ) forbidden = false end end if forbidden controller.render_error( ::MissingPolicyError ) end else controller.render_error( ::MissingPolicyError ) end else controller.render_error( ::MissingTokenError ) end end |