class Insights::API::Common::RBAC::Access
Constants
- ADMIN_SCOPE
- GROUP_SCOPE
- USER_SCOPE
Attributes
acl[R]
Public Class Methods
enabled?()
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 48 def self.enabled? ENV['BYPASS_RBAC'] != "true" end
new(app_name_filter = ENV["APP_NAME"])
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 11 def initialize(app_name_filter = ENV["APP_NAME"]) @app_name_filter = app_name_filter end
Public Instance Methods
accessible?(resource, verb, app_name = ENV['APP_NAME'])
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 31 def accessible?(resource, verb, app_name = ENV['APP_NAME']) regexp = create_regexp(app_name, resource, verb) @acls.any? { |item| regexp.match?(item.permission) } end
admin_scope?(resource, verb, app_name = ENV['APP_NAME'])
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 36 def admin_scope?(resource, verb, app_name = ENV['APP_NAME']) scope?(app_name, resource, verb, ADMIN_SCOPE) end
group_scope?(resource, verb, app_name = ENV['APP_NAME'])
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 40 def group_scope?(resource, verb, app_name = ENV['APP_NAME']) scope?(app_name, resource, verb, GROUP_SCOPE) end
process()
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 15 def process Service.call(RBACApiClient::AccessApi) do |api| @acls ||= api.get_principal_access(@app_name_filter).data end self end
scopes(resource, verb, app_name = ENV['APP_NAME'])
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 22 def scopes(resource, verb, app_name = ENV['APP_NAME']) regexp = create_regexp(app_name, resource, verb) @acls.each_with_object([]) do |item, memo| if regexp.match?(item.permission) memo << all_scopes(item) end end.flatten.uniq.sort end
user_scope?(resource, verb, app_name = ENV['APP_NAME'])
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 44 def user_scope?(resource, verb, app_name = ENV['APP_NAME']) scope?(app_name, resource, verb, USER_SCOPE) end
Private Instance Methods
all_scopes(item)
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 69 def all_scopes(item) item.resource_definitions.each_with_object([]) do |rd, memo| if rd.attribute_filter.key == 'scope' && rd.attribute_filter.operation == 'equal' memo << rd.attribute_filter.value end end end
create_regexp(app_name, resource, verb)
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 78 def create_regexp(app_name, resource, verb) Regexp.new("(#{Regexp.escape(app_name)}):(#{Regexp.escape(resource)}):(#{Regexp.escape(verb)})") end
scope?(app_name, resource, verb, scope)
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 54 def scope?(app_name, resource, verb, scope) regexp = create_regexp(app_name, resource, verb) @acls.any? do |item| regexp.match?(item.permission) && scope_matches?(item, scope) end end
scope_matches?(item, scope)
click to toggle source
# File lib/insights/api/common/rbac/access.rb, line 61 def scope_matches?(item, scope) item.resource_definitions.any? do |rd| rd.attribute_filter.key == 'scope' && rd.attribute_filter.operation == 'equal' && rd.attribute_filter.value == scope end end