module Bosh::Director::Api::Extensions::Scoping

Public Class Methods

registered(app) click to toggle source
# File lib/bosh/director/api/extensions/scoping.rb, line 15
def self.registered(app)
  app.set default_scope: :admin
  app.helpers(Helpers)
end

Public Instance Methods

route(verb, path, options = {}, &block) click to toggle source
Calls superclass method
# File lib/bosh/director/api/extensions/scoping.rb, line 46
def route(verb, path, options = {}, &block)
  options[:scope] ||= :default
  super(verb, path, options, &block)
end
scope(allowed_scope) click to toggle source
# File lib/bosh/director/api/extensions/scoping.rb, line 20
def scope(allowed_scope)
  if allowed_scope == :authorization
    # handled by the :authorization option of the route
    return
  end

  condition do
    if allowed_scope == :default
      scope = settings.default_scope
    elsif allowed_scope.kind_of?(ParamsScope)
      scope = allowed_scope.scope(params, settings.default_scope)
    else
      scope = allowed_scope
    end

    if requires_authentication?
      if @user.nil?
        # this should already be happening in base_controller#authentication
        throw(:halt, [401, "Not authorized: '#{request.path}'\n"])
      end

      @permission_authorizer.granted_or_raise(:director, scope, @user.scopes)
    end
  end
end