class Shamu::Security::Principal

Attributes

elevated[R]

@!attribute @return [Boolean] true if the user has elevated this session by

providing their credentials.
elevated?[R]

@!attribute @return [Boolean] true if the user has elevated this session by

providing their credentials.
parent_principal[R]

@!attribute @return [Principal] the parent principal when a user or service is

impersonating another user.
remote_ip[R]

@!attribute @return [String] the IP address of the remote user.

scopes[R]

@!attribute @return [Array<Symbol>] security scopes the principal may be used to authenticate against. When empty, no limits are imposed.

user_id[R]

@!attribute @return [Object] id of the currently authenticated user. May be cached,

for example bu via persistent cookie. See {#elevated}.

Public Class Methods

new( user_id: nil, parent_principal: nil, remote_ip: nil, elevated: false, scopes: nil ) click to toggle source

@!endgroup Attributes

# File lib/shamu/security/principal.rb, line 39
def initialize( user_id: nil, parent_principal: nil, remote_ip: nil, elevated: false, scopes: nil )
  @user_id          = user_id
  @parent_principal = parent_principal
  @remote_ip        = remote_ip
  @elevated         = elevated
  @scopes           = scopes
end

Public Instance Methods

anonymous?() click to toggle source

@!attribute @return [Boolean] true if there is no user associated with the principal.

# File lib/shamu/security/principal.rb, line 92
def anonymous?
  !user_id
end
impersonate( user_id ) click to toggle source

Create a new impersonation {Principal}, cloning relevant principal to the new instance.

@param [Object] user_id of the user to impersonate. @return [Principal] the new principal.

# File lib/shamu/security/principal.rb, line 72
def impersonate( user_id )
  self.class.new( user_id: user_id, parent_principal: self, remote_ip: remote_ip, elevated: elevated )
end
impersonated?() click to toggle source

@return [Boolean] true if the [#user_id] is being impersonated.

# File lib/shamu/security/principal.rb, line 63
def impersonated?
  !!parent_principal
end
scoped?( scope ) click to toggle source

@param [Symbol] scope @return [Boolean] true if the principal is scoped to authenticate the user for the given scope.

# File lib/shamu/security/principal.rb, line 85
def scoped?( scope )
  scopes.nil? || scopes.include?( scope )
end
service_delegate?() click to toggle source

@return [Boolean] true if the principal was offered by one service to

another and requesting that the downstream service delegate security
checks to the calling service.
# File lib/shamu/security/principal.rb, line 79
def service_delegate?
end
user_id_chain() click to toggle source

@return [Array<Object>] all of the user ids in the security principal

chain, starting from the root.
# File lib/shamu/security/principal.rb, line 49
def user_id_chain
  @user_ids ||= begin
    user_ids = []
    principal = self
    while principal
      user_ids << principal.user_id
      principal = principal.parent_principal
    end

    user_ids.reverse
  end
end