class Soar::Policy::AccessManager::ModelProvider::Stub

Public Class Methods

new(meta: {}, policies: {}) click to toggle source

@param [Hash] meta mapping service identifiers to policy identifiers @param [Hash] policies, policy identifiers map to resource identifiers, that map to an array of authentication_identifiers that are allowed access

# File lib/soar/policy/access_manager/model_provider/stub.rb, line 15
def initialize(meta: {}, policies: {})
  @meta = meta
  @policies = policies
end

Public Instance Methods

authorized?(service_identifier, resource_identifier, request) click to toggle source

@param [String] service_identifier @param [String] resource_identifier @param [Hash] request @return [Hash] a jsend hash

# File lib/soar/policy/access_manager/model_provider/stub.rb, line 26
def authorized?(service_identifier, resource_identifier, request)
  notifications = []
  decision = false

  begin
    if ENV['RACK_ENV'] == 'development'
      notifications << 'Authorized in development environment'
      decision = true
    end

    meta = get_meta(service_identifier)
    policy = meta['policy'] if meta and meta.is_a?(Hash) and meta['policy']

    if policy.nil?
      decision = true
      notifications << 'No policy associated with service'
    else
      decision, detail = ask_policy(policy, request[:authentication_identifier], service_identifier, resource_identifier, request)
      notifications.concat(detail) if not detail.empty?
      notifications << 'Policy rejected authorization request' if not decision
      notifications << 'Policy approved authorization request' if decision
    end
  rescue SoarSr::ValidationError => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  rescue Exception => ex
    notifications << "AccessManager error authorizing #{service_identifier} for #{resource_identifier}: #{ex.message}"
    decision = false
  end
  success(notifications, { 'approved' => decision } )
end

Private Instance Methods

ask_policy(policy, authentication_identifier, service_identifier, resource_identifier, params) click to toggle source

@param [String] policy @param [String] authentication_identifier @param [String] service_identifier @param [String] resource_identifier @param [Hash] request @return [Bool] result @return [Array] notifications

# File lib/soar/policy/access_manager/model_provider/stub.rb, line 77
def ask_policy(policy, authentication_identifier, service_identifier, resource_identifier, params)
  notifications = []
  result = @policies[policy][resource_identifier].include?(authentication_identifier)

  if not result
    notifications << 'Policy query result was not success'
    return false, notifications
  end
  return result, notifications
rescue => ex
  notifications << "Exception while asking policy #{ex.message}"
  return false, notifications
end
get_meta(service_identifier) click to toggle source

@param [String] service identifier @return [Hash, nil] policy hash or nil

# File lib/soar/policy/access_manager/model_provider/stub.rb, line 64
def get_meta(service_identifier)
  @meta[service_identifier]
end