module ChefFixie::AuthzObjectMixin

Public Class Methods

included(base) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 125
    def self.included(base)
#      pp :note=>"Include", :base=>base, :super=>(base.superclass rescue :nil)
#      block = lambda { :object }
#      base.send(:define_method, :type_me, block )
#      pp :methods=>(base.methods.sort - Object.methods)
    end

Public Instance Methods

ace(action) click to toggle source

Todo: filter this by scope and type

# File lib/chef_fixie_shahid/authz_objects.rb, line 177
def ace(action)
  ChefFixie::AuthzMapper.struct_to_name(ace_raw(action))
end
ace_add(action, entity) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 198
def ace_add(action, entity)
  actions = expand_actions(action)
  actions.each { |a| ace_add_raw(a, entity.type, entity) }
end
ace_add_raw(action, actor_or_group, entity) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 188
def ace_add_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] << get_authz_id(entity)
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end
ace_delete(action, entity) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 213
def ace_delete(action, entity)
  actions = expand_actions(action)
  actions.each { |a| ace_delete_raw(a, entity.type, entity) }
end
ace_delete_raw(action, actor_or_group, entity) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 203
def ace_delete_raw(action, actor_or_group, entity)
  # groups or actors
  a_or_g_resource = resourcify_actor_or_group(actor_or_group)
  resource, ace = ace_get_util(action)

  ace[a_or_g_resource] -= [get_authz_id(entity)]
  ace[a_or_g_resource].uniq!
  authz_api.put("#{resource}", ace)
end
ace_get_util(action) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 163
def ace_get_util(action)
  check_action(action)

  resource = "#{prefix}/acl/#{action}"
  ace = authz_api.get(resource)
  [resource, ace]
end
ace_member?(action, entity) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 218
def ace_member?(action, entity)
  a_or_g_resource = resourcify_actor_or_group(entity.type)
  resource, ace = ace_get_util(action)
  ace[a_or_g_resource].member?(entity.authz_id)
end
ace_raw(action) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 171
def ace_raw(action)
  resource, ace = ace_get_util(action)
  ace
end
acl() click to toggle source

Todo: filter this by scope and type

# File lib/chef_fixie_shahid/authz_objects.rb, line 159
def acl
  ChefFixie::AuthzMapper.struct_to_name(acl_raw)
end
acl_add_from_object(object) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 224
def acl_add_from_object(object)
  src = object.acl_raw

  # this could be made more efficient by refactoring ace_add_raw to split fetch and update, but this works
  src.each do |action, ace|
    ace.each do |type, list|
      list.each do |item|
        ace_add_raw(action.to_sym, type, item)
      end
    end
  end
end
acl_raw() click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 154
def acl_raw
  authz_api.get("#{prefix}/acl")
end
authz_api() click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 136
def authz_api
  @@authz_api_as_superuser ||= AuthzApi.new
end
authz_delete() click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 150
def authz_delete
  authz_api.delete(prefix)
end
expand_actions(action) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 181
def expand_actions(action)
  if action == :all
    action = AuthzUtils::ACTIONS
  end
  action.is_a?(Array) ? action : [action]
end
is_authorized(action, actor) click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 145
def is_authorized(action, actor)
  result = authz_api.get("#{prefix}/acl/#{action}/ace/#{actor.authz_id}")
  [:unparsed, result] # todo figure this out in more detail
end
prefix() click to toggle source

we expect to be mixed in with a class that has the authz_id method

# File lib/chef_fixie_shahid/authz_objects.rb, line 141
def prefix
  "#{to_resource(type)}/#{authz_id}"
end
type() click to toggle source
# File lib/chef_fixie_shahid/authz_objects.rb, line 132
def type
  :object
end