class RoadForest::Authorization::Manager
Resources describe a set of permissions that are allowed to access them, on a per-method case.
An overall Policy
object provides permission grants to authenticated entities (typically users, but could be e.g. applications acting on their behalf)
The ultimate grant/refuse decision comes down to: is there a shared permission in the list required by the resource and those granted to the entity.
Permissions have a name and an optional set of parameters, and can be referred to as such within the application on the server. They’re stored as digests of those names, which should be safe to communicate to the user application, which can make interaction decisions based on the permissions presented.
The default ServicesHost exposes a Manager
as authz
Constants
- HASH_FUNCTION
Attributes
authenticator[RW]
grants[R]
policy[RW]
Public Class Methods
new(salt = nil, authenticator = nil, policy = nil)
click to toggle source
# File lib/roadforest/authorization/manager.rb, line 35 def initialize(salt = nil, authenticator = nil, policy = nil) #XXX consider launch-time randomized salt @grants = GrantsHolder.new(salt || "roadforest-insecure", HASH_FUNCTION) @store = DefaultAuthenticationStore.new @authenticator = authenticator || AuthenticationChain.new(@store) @policy = policy || Policy.new @policy.grants_holder = @grants end
Public Instance Methods
build_grants(&block)
click to toggle source
# File lib/roadforest/authorization/manager.rb, line 49 def build_grants(&block) @grants.build_grants(&block) end
challenge(options)
click to toggle source
# File lib/roadforest/authorization/manager.rb, line 53 def challenge(options) @authenticator.challenge(options) end
cleartext_grants!()
click to toggle source
# File lib/roadforest/authorization/manager.rb, line 45 def cleartext_grants! @grants.conceal = false end