class RoadForest::RemoteHost::AuthorizationDecider

Attributes

grant_list_pattern[R]
graph[R]
keychain[R]
resource[R]

Public Class Methods

new(remote_host, focus) click to toggle source
# File lib/roadforest/remote-host.rb, line 107
def initialize(remote_host, focus)
  @graph = SourceRigor::RetrieveManager.new
  graph.rigor = remote_host.source_rigor
  graph.source_graph = focus.access_manager.source_graph

  @resource = focus.subject
  @keychain = remote_host.user_agent.keychain
end

Public Instance Methods

affordance_type(method) click to toggle source
# File lib/roadforest/remote-host.rb, line 179
def affordance_type(method)
  case method.downcase
  when "get"
    Graph::Af.Navigate
  when "post"
    Graph::Af.Create
  when "put"
    Graph::Af.Update
  when "delete"
    Graph::Af.Destroy
  else
    Graph::Af[method] #allow passthrough
  end
end
authby_query(method) click to toggle source
# File lib/roadforest/remote-host.rb, line 194
def authby_query(method)
  af_type = affordance_type(method)
  resource = self.resource
  SourceRigor::ResourceQuery.new([], {:subject_context => resource}) do
    pattern [:aff, Graph::Af.target, resource]
    pattern [:aff, ::RDF.type, af_type]
    pattern [:aff, Graph::Af.authorizedBy, :authz]
  end
end
direct_check(url) click to toggle source
# File lib/roadforest/remote-host.rb, line 147
def direct_check(url)
  statements = graph.query(:subject => url)
  if !statements.empty?
    return true
  else
    annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph)
    annealer.resolve do
      graph.query(list_pattern_query(url)) do |solution|
        @grant_list_pattern = solution[:pattern].value
      end
    end
    return false
  end
end
forbidden?(method) click to toggle source
# File lib/roadforest/remote-host.rb, line 118
def forbidden?(method)
  annealer = SourceRigor::CredenceAnnealer.new(graph.source_graph)

  permissions = []
  annealer.resolve do
    permissions.clear
    @grant_list_pattern = nil

    graph.query(authby_query(method)) do |solution|
      permissions << solution[:authz]
    end
    permissions.each do |grant|
      return false if have_grant?(grant)
    end
  end

  return false if permissions.empty?
  return true
end
grant_list(creds) click to toggle source
# File lib/roadforest/remote-host.rb, line 162
def grant_list(creds)
  return [] if grant_list_pattern.nil?
  template = Addressable::Template.new(grant_list_pattern)
  grant_list_url = uri(template.expand( :username => creds.user.to_s ).to_s)
  graph.query_resource_pattern(grant_list_url, :subject => grant_list_url, :predicate => Graph::Af.grants).map do |stmt|
    stmt.object
  end
end
have_grant?(url) click to toggle source
# File lib/roadforest/remote-host.rb, line 138
def have_grant?(url)
  creds = keychain.credentials_for(url)
  if grant_list_pattern.nil? or creds.nil?
    direct_check(url)
  else
    grant_list(creds).include?(url)
  end
end
list_pattern_query(url) click to toggle source
# File lib/roadforest/remote-host.rb, line 171
def list_pattern_query(url)
  SourceRigor::ResourceQuery.new([], :subject_context => url) do
    pattern [:af, ::RDF.type, Graph::Af.Navigate]
    pattern [:af, Graph::Af.target, :pnode]
    pattern [:pnode, Graph::Af.pattern, :pattern]
  end
end