Class: Angarium::Api::Policy
- Inherits:
-
Object
- Object
- Angarium::Api::Policy
- Defined in:
- app/policies/angarium/api/policy.rb
Overview
The single place for API authorization:
#scope(relation) narrows a base relation to what this user may see
#owner who a newly-created endpoint belongs to
#<action>? whether each action is allowed
Angarium instantiates config.policy_class per request with the controller
and (for member actions) the target record, and runs it in the controller's
context, so current_user, params, and controller are available.
Defaults are permissive and single-owner: you see and create your own endpoints and may do anything to them. Subclass and override to change the scope, support multi-tenancy or admin-on-behalf-of, or restrict actions.
Instance Attribute Summary collapse
-
#controller ⇒ Object
readonly
Returns the value of attribute controller.
-
#record ⇒ Object
readonly
Returns the value of attribute record.
Instance Method Summary collapse
- #create? ⇒ Boolean
-
#create_unverified? ⇒ Boolean
Should endpoints created through the API start
unverified(receiving no deliveries until a successful ping verifies them)? Default: no, they go live immediately. - #current_user ⇒ Object
- #destroy? ⇒ Boolean
- #enable? ⇒ Boolean
- #index? ⇒ Boolean
-
#initialize(controller, record = nil) ⇒ Policy
constructor
A new instance of Policy.
-
#owner ⇒ Object
Owner assigned to a newly-created endpoint.
- #params ⇒ Object
- #pause? ⇒ Boolean
-
#permit_allow_private_network? ⇒ Boolean
May the API set allow_private_network? Default: no.
-
#permit_allowed_networks? ⇒ Boolean
May the API set allowed_networks (a per-endpoint CIDR allowlist)? Default: no.
- #ping? ⇒ Boolean
- #redeliver? ⇒ Boolean
- #rotate_secret? ⇒ Boolean
-
#scope(relation) ⇒ Object
Narrow the given base relation to the endpoints this user may see and act on (reads and finds go through this; deliveries and attempts scope through their endpoint).
- #show? ⇒ Boolean
- #update? ⇒ Boolean
- #verify? ⇒ Boolean
Constructor Details
#initialize(controller, record = nil) ⇒ Policy
Returns a new instance of Policy.
18 19 20 21 |
# File 'app/policies/angarium/api/policy.rb', line 18 def initialize(controller, record = nil) @controller = controller @record = record end |
Instance Attribute Details
#controller ⇒ Object (readonly)
Returns the value of attribute controller.
16 17 18 |
# File 'app/policies/angarium/api/policy.rb', line 16 def controller @controller end |
#record ⇒ Object (readonly)
Returns the value of attribute record.
16 17 18 |
# File 'app/policies/angarium/api/policy.rb', line 16 def record @record end |
Instance Method Details
#create? ⇒ Boolean
66 |
# File 'app/policies/angarium/api/policy.rb', line 66 def create? = true |
#create_unverified? ⇒ Boolean
Should endpoints created through the API start unverified (receiving no
deliveries until a successful ping verifies them)? Default: no, they go
live immediately. Override to require endpoints to prove themselves first.
43 44 45 |
# File 'app/policies/angarium/api/policy.rb', line 43 def create_unverified? false end |
#current_user ⇒ Object
23 |
# File 'app/policies/angarium/api/policy.rb', line 23 def current_user = controller.angarium_current_user |
#destroy? ⇒ Boolean
68 |
# File 'app/policies/angarium/api/policy.rb', line 68 def destroy? = true |
#enable? ⇒ Boolean
72 |
# File 'app/policies/angarium/api/policy.rb', line 72 def enable? = update? |
#index? ⇒ Boolean
64 |
# File 'app/policies/angarium/api/policy.rb', line 64 def index? = true |
#owner ⇒ Object
Owner assigned to a newly-created endpoint. Override to let an admin
create on behalf of another owner (e.g. read a param), then gate who may
do so in #create? via record.owner.
36 37 38 |
# File 'app/policies/angarium/api/policy.rb', line 36 def owner current_user end |
#params ⇒ Object
24 |
# File 'app/policies/angarium/api/policy.rb', line 24 def params = controller.params |
#pause? ⇒ Boolean
71 |
# File 'app/policies/angarium/api/policy.rb', line 71 def pause? = update? |
#permit_allow_private_network? ⇒ Boolean
May the API set allow_private_network? Default: no. This relaxes SSRF protection (delivery to private/loopback addresses), so an end user who can set it can point a webhook at your internal network. Trusted operators only.
51 52 53 |
# File 'app/policies/angarium/api/policy.rb', line 51 def permit_allow_private_network? false end |
#permit_allowed_networks? ⇒ Boolean
May the API set allowed_networks (a per-endpoint CIDR allowlist)? Default: no. Unlike allow_private_network this only restricts where an endpoint may deliver, so it's safe to expose more widely, but it's gated independently so you can allow it without allowing the private-network relaxation.
60 61 62 |
# File 'app/policies/angarium/api/policy.rb', line 60 def permit_allowed_networks? false end |
#ping? ⇒ Boolean
74 |
# File 'app/policies/angarium/api/policy.rb', line 74 def ping? = update? |
#redeliver? ⇒ Boolean
75 |
# File 'app/policies/angarium/api/policy.rb', line 75 def redeliver? = update? |
#rotate_secret? ⇒ Boolean
70 |
# File 'app/policies/angarium/api/policy.rb', line 70 def rotate_secret? = update? |
#scope(relation) ⇒ Object
Narrow the given base relation to the endpoints this user may see and act on (reads and finds go through this; deliveries and attempts scope through their endpoint). Receives a relation so you can compose on top of it.
29 30 31 |
# File 'app/policies/angarium/api/policy.rb', line 29 def scope(relation) relation.where(owner: current_user) end |
#show? ⇒ Boolean
65 |
# File 'app/policies/angarium/api/policy.rb', line 65 def show? = true |
#update? ⇒ Boolean
67 |
# File 'app/policies/angarium/api/policy.rb', line 67 def update? = true |
#verify? ⇒ Boolean
73 |
# File 'app/policies/angarium/api/policy.rb', line 73 def verify? = update? |