module Shamu::Security::Support

Adds support for authorizing and querying security {Policy} to a {Services::Service}.

Public Instance Methods

policy() click to toggle source

@return [Policy] the security {Policy} for the service.

# File lib/shamu/security/support.rb, line 30
def policy
  @policy ||= _policy_class.new(
    principal: security_principal,
    roles: roles_service.roles_for( security_principal )
  )
end

Private Instance Methods

_policy_class() click to toggle source
# File lib/shamu/security/support.rb, line 49
def _policy_class
  if service_policy_delegation?
    delegate_policy_class
  else
    policy_class
  end
end
delegate_policy_class() click to toggle source

@!visibility public

@return [Class] a {Policy} class used when

{#service_policy_delegation?}  is true.
# File lib/shamu/security/support.rb, line 70
def delegate_policy_class
  NoPolicy
end
policy_class() click to toggle source

@!visibility public

Override to declare the policy class to use for the service.

@return [Class] a {Policy} class used to authorize actions.

# File lib/shamu/security/support.rb, line 62
def policy_class
  fail Security::IncompleteSetupError, "No policy class defined. Override #policy_class in #{ self.class.name } to declare policy." # rubocop:disable Metrics/LineLength
end
service_policy_delegation?() click to toggle source

@!visibility public

@return [Boolean] true if the service has been asked to delegate

policy checks to the upstream service and
# File lib/shamu/security/support.rb, line 78
def service_policy_delegation?
  security_principal.service_delegate?
end