class OodSupport::ACL

A helper object that describes an access control list (ACL) with entries

Attributes

default[R]

Whether this ACL defaults to allow, otherwise default deny @return [Boolean] whether default allow

entries[R]

The entries of this ACL @return [Array<ACLEntry>] list of entries

Public Class Methods

new(entries:, default: false) click to toggle source

@param entries [Array<ACLEntry>] list of entries @param default [Boolean] default allow, otherwise deny

# File lib/ood_support/acl.rb, line 26
def initialize(entries:, default: false)
  @entries = entries
  @default = default
end
parse(acl, **kwargs) click to toggle source

Generate an ACL by parsing a string along with options @param acl [#to_s] string describing acl @param kwargs [Hash] extra arguments defining acl @return [ACL] acl generated by string and options

# File lib/ood_support/acl.rb, line 16
def self.parse(acl, **kwargs)
  entries = []
  acl.to_s.strip.split(/\n|,/).grep(/^[^#]/).each do |entry|
    entries << entry_class.parse(entry)
  end
  new(entries: entries, **kwargs)
end

Private Class Methods

entry_class() click to toggle source

Class used to generate an entry

# File lib/ood_support/acl.rb, line 73
def self.entry_class
  ACLEntry
end

Public Instance Methods

==(other) click to toggle source

The comparison operator @param other [#to_h] entry to compare against @return [Boolean] how acls compare

# File lib/ood_support/acl.rb, line 54
def ==(other)
  to_h == other.to_h
end
allow?(principle:) click to toggle source

Check if queried principle has access to resource @param principle [String] principle to check against @return [Boolean] does principle have access?

# File lib/ood_support/acl.rb, line 34
def allow?(principle:)
  # Check in array order
  ordered_check(principle: principle)
end
eql?(other) click to toggle source

Checks whether two ACL objects are completely identical to each other @param other [ACL] entry to compare against @return [Boolean] whether same objects

# File lib/ood_support/acl.rb, line 61
def eql?(other)
  self.class == other.class && self == other
end
hash() click to toggle source

Generates a hash value for this object @return [Integer] hash value of object

# File lib/ood_support/acl.rb, line 67
def hash
  [self.class, to_h].hash
end
to_h() click to toggle source

Convert object to hash @return [Hash] the hash describing this object

# File lib/ood_support/acl.rb, line 47
def to_h
  { entries: entries, default: default }
end
to_s() click to toggle source

Convert object to string @return [String] the string describing this object

# File lib/ood_support/acl.rb, line 41
def to_s
  entries.join("\n")
end

Private Instance Methods

ordered_check(**kwargs) click to toggle source

Check each entry in order from array

# File lib/ood_support/acl.rb, line 78
def ordered_check(**kwargs)
  entries.each do |entry|
    if entry.match(**kwargs)
      # Check if its an allow or deny acl entry (may not be both)
      return true  if entry.is_allow?
      return false if entry.is_deny?
    end
  end
  return default # default allow or default deny
end