class Unimatrix::Authorization::RequiresPolicies

Public Class Methods

new( resource, options = {} ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_policies.rb, line 4
def initialize( resource, options = {} )
  @resource_name = resource
  @resource_server = options[ :resource_server ] || ENV[ 'APPLICATION_NAME' ]
end

Public Instance Methods

before( controller ) click to toggle source
# File lib/unimatrix/authorization/filters/requires_policies.rb, line 9
def before( controller )
  client_id     = Unimatrix.configuration.client_id
  client_secret = Unimatrix.configuration.client_secret

  access_token =
    if controller.params[ 'access_token' ].present?
      controller.params[ 'access_token' ]
    else
      controller.retrieve_client_token( client_id, client_secret )
    end

  realm_uuid =
    if controller.respond_to?( :realm_uuid )
      controller.realm_uuid
    elsif controller.respond_to?( :realm )
      controller.realm.uuid
    else
      controller.params[ :realm_uuid ]
    end

  if access_token.present?
    policies = controller.retrieve_policies(
      @resource_name,
      access_token,
      realm_uuid,
      @resource_server
    )

    if policies.present? && policies.is_a?( Array ) &&
       policies.first.type_name == 'policy'
      controller.policies = policies
      forbidden = true
      policies.each do | policy |
        if policy.actions.include?( controller.action_name )
          forbidden = false
        end
      end

      if forbidden
        controller.render_error( ::MissingPolicyError )
      end
    else
      controller.render_error( ::MissingPolicyError )
    end
  else
    controller.render_error( ::MissingTokenError )
  end
end