This repository has been archived by the owner on Jun 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a6bbcd0
commit ad23e8a
Showing
12 changed files
with
182 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
module Ddr | ||
module Managers | ||
class AbstractRoleManager < Manager | ||
|
||
delegate :granted?, :where, to: :granted | ||
|
||
def granted | ||
raise NotImplementedError, "Subclasses must implement `granted'." | ||
end | ||
|
||
# Return a list of the permissions granted in scope to any of the agents | ||
def permissions_in_scope_for_agents(scope, agents) | ||
where(scope: scope, agent: agents).map(&:permissions).flatten.uniq | ||
end | ||
|
||
# Return a list of the permissions granted in resource scope to any of the agents | ||
def resource_permissions_for_agents(agents) | ||
permissions_in_scope_for_agents("resource", agents) | ||
end | ||
|
||
# Return a list of the permissions granted in policy scope to any of the agents | ||
def policy_permissions_for_agents(agents) | ||
permissions_in_scope_for_agents("policy", agents) | ||
end | ||
|
||
# Return the permissions granted to the user in resource scope (via roles on the object) | ||
def resource_permissions_for_user(user) | ||
resource_permissions_for_agents(user.agents) | ||
end | ||
|
||
# Return the permissions granted to the user in policy scope (via roles on the object) | ||
def policy_permissions_for_user(user) | ||
policy_permissions_for_agents(user.agents) | ||
end | ||
|
||
# Return the permissions granted to the user on the object in resource scope, plus | ||
# the permissions granted to the user on the object's admin policy in policy scope | ||
def role_based_permissions(user) | ||
perms = resource_permissions_for_user(user) | ||
if policy = object.admin_policy | ||
perms |= policy.roles.policy_permissions_for_user(user) | ||
end | ||
perms | ||
end | ||
|
||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
module Ddr | ||
module Managers | ||
class SolrDocumentRoleManager < AbstractRoleManager | ||
|
||
def granted | ||
@granted ||= Ddr::Auth::Roles::RoleSet.deserialize(object.access_role, :json) | ||
end | ||
|
||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters