module Conjur::ActsAsResource

This module is included in object classes that have resource behavior.

Public Class Methods

included(base) click to toggle source

@api private

# File lib/conjur/acts_as_resource.rb, line 26
def self.included(base)
  base.include HasAttributes
  base.include Escape
  base.extend QueryString
end

Public Instance Methods

exists?() click to toggle source

Check whether this object exists by performing a HEAD request to its URL.

This method will return false if the object doesn’t exist.

@example

does_not_exist = api.user 'does-not-exist' # This returns without error.

# this is wrong!
owner = does_not_exist.owner # raises RestClient::ResourceNotFound

# this is right!
owner = if does_not_exist.exists?
  does_not_exist.owner
else
  nil # or some sensible default
end

@return [Boolean] does it exist?

# File lib/conjur/acts_as_resource.rb, line 62
def exists?
  begin
    url_for(:resources_resource, credentials, id).head
    true
  rescue RestClient::Forbidden
    true
  rescue RestClient::ResourceNotFound
    false
  end
end
owner() click to toggle source

The full role id of the role that owns this resource.

@example

api.current_role # => 'conjur:user:jon'
resource = api.create_resource 'conjur:example:resource-owner'
resource.owner # => 'conjur:user:jon'

@return [String] the full role id of this resource’s owner.

# File lib/conjur/acts_as_resource.rb, line 40
def owner
  build_object attributes['owner'], default_class: Role
end
permitted?(privilege, role: nil) click to toggle source

True if the logged-in role, or a role specified using the :role option, has the specified privilege on this resource.

@example

api.current_role # => 'conjur:cat:mouse'
resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:cat:mouse']
resource.permitted_roles 'update', # => ['conjur:user:admin', 'conjur:cat:gino']

resource.permitted? 'update' # => false, `mouse` can't update this resource
resource.permitted? 'execute' # => true, `mouse` can execute it.
resource.permitted? 'update', role: 'conjur:cat:gino' # => true, `gino` can update it.

@param privilege [String] the privilege to check @param role [String,nil] :role check whether the role given by this full role id is permitted

instead of checking +api.current_role+.

@return [Boolean]

# File lib/conjur/acts_as_resource.rb, line 114
def permitted? privilege, role: nil
  url_for(:resources_check, credentials, id, privilege, role)
  true
rescue RestClient::Forbidden
  false
rescue RestClient::ResourceNotFound
  false
end
permitted_roles(privilege) click to toggle source

Lists roles that have a specified privilege on the resource.

This will return only roles of which api.current_user is a member.

Options:

  • offset Zero-based offset into the result set.

  • limit Total number of records returned.

@example

resource = api.resource 'conjur:variable:example'
resource.permitted_roles 'execute' # => ['conjur:user:admin']
# After permitting 'execute' to user 'jon'
resource.permitted_roles 'execute' # => ['conjur:user:admin', 'conjur:user:jon']

@param privilege [String] the privilege @return [Array<String>] the ids of roles that have ‘privilege` on this resource.

# File lib/conjur/acts_as_resource.rb, line 90
def permitted_roles privilege
  result = JSON.parse url_for(:resources_permitted_roles, credentials, id, privilege).get
  if result.is_a?(Hash) && ( count = result['count'] )
    count
  else
    result
  end
end