class RoadForest::RemoteHost::AuthorizationDecider
Attributes
grant_list_pattern[R]
graph[R]
keychain[R]
resource[R]
Public Class Methods
new(remote_host, focus)
click to toggle source
# File lib/roadforest/remote-host.rb, line 107 def initialize(remote_host, focus) @graph = SourceRigor::RetrieveManager.new graph.rigor = remote_host.source_rigor graph.source_graph = focus.access_manager.source_graph @resource = focus.subject @keychain = remote_host.user_agent.keychain end
Public Instance Methods
affordance_type(method)
click to toggle source
# File lib/roadforest/remote-host.rb, line 179 def affordance_type(method) case method.downcase when "get" Graph::Af.Navigate when "post" Graph::Af.Create when "put" Graph::Af.Update when "delete" Graph::Af.Destroy else Graph::Af[method] #allow passthrough end end
authby_query(method)
click to toggle source
# File lib/roadforest/remote-host.rb, line 194 def authby_query(method) af_type = affordance_type(method) resource = self.resource SourceRigor::ResourceQuery.new([], {:subject_context => resource}) do pattern [:aff, Graph::Af.target, resource] pattern [:aff, ::RDF.type, af_type] pattern [:aff, Graph::Af.authorizedBy, :authz] end end
direct_check(url)
click to toggle source
# File lib/roadforest/remote-host.rb, line 147 def direct_check(url) statements = graph.query(:subject => url) if !statements.empty? return true else annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph) annealer.resolve do graph.query(list_pattern_query(url)) do |solution| @grant_list_pattern = solution[:pattern].value end end return false end end
forbidden?(method)
click to toggle source
# File lib/roadforest/remote-host.rb, line 118 def forbidden?(method) annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph) permissions = [] annealer.resolve do permissions.clear @grant_list_pattern = nil graph.query(authby_query(method)) do |solution| permissions << solution[:authz] end permissions.each do |grant| return false if have_grant?(grant) end end return false if permissions.empty? return true end
grant_list(creds)
click to toggle source
# File lib/roadforest/remote-host.rb, line 162 def grant_list(creds) return [] if grant_list_pattern.nil? template = Addressable::Template.new(grant_list_pattern) grant_list_url = uri(template.expand( :username => creds.user.to_s ).to_s) graph.query_resource_pattern(grant_list_url, :subject => grant_list_url, :predicate => Graph::Af.grants).map do |stmt| stmt.object end end
have_grant?(url)
click to toggle source
# File lib/roadforest/remote-host.rb, line 138 def have_grant?(url) creds = keychain.credentials_for(url) if grant_list_pattern.nil? or creds.nil? direct_check(url) else grant_list(creds).include?(url) end end
list_pattern_query(url)
click to toggle source
# File lib/roadforest/remote-host.rb, line 171 def list_pattern_query(url) SourceRigor::ResourceQuery.new([], :subject_context => url) do pattern [:af, ::RDF.type, Graph::Af.Navigate] pattern [:af, Graph::Af.target, :pnode] pattern [:pnode, Graph::Af.pattern, :pattern] end end