class Checkpoint::Credential::RoleMapResolver
Credential
Resolver
that supports a basic role map model.
The role map should be a hash containing all of the roles and each key should be an array of the permissions that role would grant. For example:
“` {
admin: [:read, :create, :edit, :delete], guest: [:read]
} “`
Note that this example is not a recommendation of how to model an application's permissions; it is only to show the expected format of the hash and that there is no inheritance of permissions between roles (:read is included in both roles). Any more sophisticated rules should be implemented in a custom Resolver
, or custom Credential
types.
Actions convert to Permissions according to the base {Resolver} and expand according to the map.
Attributes
Public Class Methods
# File lib/checkpoint/credential/role_map_resolver.rb, line 27 def initialize(role_map) @role_map = role_map @permission_map = invert_role_map end
Public Instance Methods
Expand an action name into the matching permission and any roles that would grant it.
@return [Array<Credential>]
# File lib/checkpoint/credential/role_map_resolver.rb, line 36 def expand(action) permissions_for(action) + roles_granting(action) end
Private Instance Methods
# File lib/checkpoint/credential/role_map_resolver.rb, line 54 def invert_role_map {}.tap do |hash| role_map.each do |role, permissions| permissions.each do |permission| hash[permission] ||= [] hash[permission] << role end end end end
# File lib/checkpoint/credential/role_map_resolver.rb, line 42 def permissions_for(action) [Permission.new(action)] end
# File lib/checkpoint/credential/role_map_resolver.rb, line 46 def roles_granting(action) if permission_map.key?(action) permission_map[action].map {|role| Role.new(role) } else [] end end