module Unimatrix::Authorization

Public Class Methods

included( controller ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_policies.rb, line 68
def self.included( controller )
  controller.extend( ClassMethods )
end

Public Instance Methods

policies() click to toggle source
# File lib/unimatrix/authorization/filters/requires_policies.rb, line 76
def policies
  @policies ||= begin
    # Used by Archivist requires_permission filter. TODO: deprecate
    retrieve_policies(
      @resource_name,
      params[ :access_token ],
      realm_uuid,
      @resource_server
    )
  end
end
policies=( attributes ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_policies.rb, line 72
def policies=( attributes )
  @policies = attributes
end
request_client_token( client_id, client_secret ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_policies.rb, line 114
def request_client_token( client_id, client_secret )
  if client_id && client_secret
    ClientCredentialsGrant.new(
      client_id: client_id,
      client_secret: client_secret
    ).request_token( with_expiry: true )
  else
    nil
  end
end
request_policies( resource_name, access_token, realm_uuid, resource_server ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_policies.rb, line 102
def request_policies( resource_name, access_token, realm_uuid, resource_server )
  if resource_name && access_token
    realm_uuid = realm_uuid || '*'
    Operation.new( '/policies' ).where(
      access_token: access_token,
      resource: "realm/#{ realm_uuid }::#{ resource_server }::#{ resource_name }/*"
    ).read
  else
    nil
  end
end
request_resource_owner( access_token ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_resource_owner.rb, line 61
def request_resource_owner( access_token )
  Operation.new( '/resource_owner' ).where( access_token: access_token ).read
end
resource_owner() click to toggle source
# File lib/unimatrix/authorization/filters/requires_resource_owner.rb, line 48
def resource_owner
  @resource_owner ||= begin
    retrieve_resource_owner( params[ :access_token ] )
  end
end
resource_owner=( attributes ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_resource_owner.rb, line 44
def resource_owner=( attributes )
  @resource_owner = attributes
end
retrieve_client_token( client_id, client_secret ) click to toggle source
# File lib/unimatrix/authorization/railtie.rb, line 39
def retrieve_client_token( client_id, client_secret )
  if client_id && client_secret
    key        = [ client_id, client_secret ].join
    expires_in = nil
    
    token = Rails.cache.fetch(
      "keymaker-client_token-#{ Digest::SHA1.hexdigest( key ) }",
      expires_in: 1.minute
    ) do
      token_hash = request_client_token( client_id, client_secret )
      
      if token_hash && token_hash[ :expires_in ] && token_hash[ :expires_in ] < 60
        expires_in = token_hash[ :expires_in ]
      end
      
      token_hash[ :access_token ] rescue nil
    end
    
    if expires_in
      Rails.cache.write(
        "keymaker-client_token-#{ Digest::SHA1.hexdigest( key ) }",
        token,
        expires_in: expires_in
      )
    end
    
    token
  else
    nil
  end
end
retrieve_policies( resource_name, access_token, realm_uuid, resource_server ) click to toggle source

In Rails app, this is overwritten by retrieve_policies in railtie.rb

# File lib/unimatrix/authorization/filters/requires_policies.rb, line 89
def retrieve_policies( resource_name, access_token, realm_uuid, resource_server )
  if resource_name && access_token
    request_policies(
      resource_name,
      access_token,
      realm_uuid,
      resource_server
    )
  else
    nil
  end
end
retrieve_resource_owner( access_token ) click to toggle source

In Rails app, this is overwritten by retrieve_resource_owner in railtie.rb

# File lib/unimatrix/authorization/filters/requires_resource_owner.rb, line 55
def retrieve_resource_owner( access_token )
  if access_token
    request_resource_owner( access_token )
  end
end