Class: Angarium::Api::Policy

Inherits:
Object
  • Object
show all
Defined in:
app/policies/angarium/api/policy.rb

Overview

The single place for API authorization:

#scope(relation)  narrows a base relation to what this user may see
#owner            who a newly-created endpoint belongs to
#<action>?        whether each action is allowed

Angarium instantiates config.policy_class per request with the controller and (for member actions) the target record, and runs it in the controller's context, so current_user, params, and controller are available.

Defaults are permissive and single-owner: you see and create your own endpoints and may do anything to them. Subclass and override to change the scope, support multi-tenancy or admin-on-behalf-of, or restrict actions.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(controller, record = nil) ⇒ Policy

Returns a new instance of Policy.



18
19
20
21
# File 'app/policies/angarium/api/policy.rb', line 18

def initialize(controller, record = nil)
  @controller = controller
  @record = record
end

Instance Attribute Details

#controllerObject (readonly)

Returns the value of attribute controller.



16
17
18
# File 'app/policies/angarium/api/policy.rb', line 16

def controller
  @controller
end

#recordObject (readonly)

Returns the value of attribute record.



16
17
18
# File 'app/policies/angarium/api/policy.rb', line 16

def record
  @record
end

Instance Method Details

#create?Boolean

Returns:

  • (Boolean)


76
# File 'app/policies/angarium/api/policy.rb', line 76

def create? = true

#create_unverified?Boolean

Should endpoints created through the API start unverified (receiving no deliveries until a successful ping verifies them)? Default: no, they go live immediately. Override to require endpoints to prove themselves first.

Returns:

  • (Boolean)


43
44
45
# File 'app/policies/angarium/api/policy.rb', line 43

def create_unverified?
  false
end

#current_userObject



23
# File 'app/policies/angarium/api/policy.rb', line 23

def current_user = controller.angarium_current_user

#destroy?Boolean

Returns:

  • (Boolean)


78
# File 'app/policies/angarium/api/policy.rb', line 78

def destroy? = true

#enable?Boolean

Returns:

  • (Boolean)


82
# File 'app/policies/angarium/api/policy.rb', line 82

def enable? = update?

#expose_owner?Boolean

Should serialized endpoints include their owner (owner_type/owner_id)? Default: no. The owner is the tenancy boundary, resolved server-side, so the single-owner default has no reason to echo it back. Override for an admin/multi-tenant console that lists endpoints across owners and needs to tell them apart. The raw columns are exposed (already loaded on the row), not the owner record, so this adds no per-row database fetch.

Returns:

  • (Boolean)


70
71
72
# File 'app/policies/angarium/api/policy.rb', line 70

def expose_owner?
  false
end

#index?Boolean

Returns:

  • (Boolean)


74
# File 'app/policies/angarium/api/policy.rb', line 74

def index? = true

#ownerObject

Owner assigned to a newly-created endpoint. Override to let an admin create on behalf of another owner (e.g. read a param), then gate who may do so in #create? via record.owner.



36
37
38
# File 'app/policies/angarium/api/policy.rb', line 36

def owner
  current_user
end

#paramsObject



24
# File 'app/policies/angarium/api/policy.rb', line 24

def params = controller.params

#pause?Boolean

Returns:

  • (Boolean)


81
# File 'app/policies/angarium/api/policy.rb', line 81

def pause? = update?

#permit_allow_private_network?Boolean

May the API set allow_private_network? Default: no. This relaxes SSRF protection (delivery to private/loopback addresses), so an end user who can set it can point a webhook at your internal network. Trusted operators only.

Returns:

  • (Boolean)


51
52
53
# File 'app/policies/angarium/api/policy.rb', line 51

def permit_allow_private_network?
  false
end

#permit_allowed_networks?Boolean

May the API set allowed_networks (a per-endpoint CIDR allowlist)? Default: no. Unlike allow_private_network this only restricts where an endpoint may deliver, so it's safe to expose more widely, but it's gated independently so you can allow it without allowing the private-network relaxation.

Returns:

  • (Boolean)


60
61
62
# File 'app/policies/angarium/api/policy.rb', line 60

def permit_allowed_networks?
  false
end

#ping?Boolean

Returns:

  • (Boolean)


84
# File 'app/policies/angarium/api/policy.rb', line 84

def ping? = update?

#redeliver?Boolean

Returns:

  • (Boolean)


85
# File 'app/policies/angarium/api/policy.rb', line 85

def redeliver? = update?

#rotate_secret?Boolean

Returns:

  • (Boolean)


80
# File 'app/policies/angarium/api/policy.rb', line 80

def rotate_secret? = update?

#scope(relation) ⇒ Object

Narrow the given base relation to the endpoints this user may see and act on (reads and finds go through this; deliveries and attempts scope through their endpoint). Receives a relation so you can compose on top of it.



29
30
31
# File 'app/policies/angarium/api/policy.rb', line 29

def scope(relation)
  relation.where(owner: current_user)
end

#show?Boolean

Returns:

  • (Boolean)


75
# File 'app/policies/angarium/api/policy.rb', line 75

def show? = true

#update?Boolean

Returns:

  • (Boolean)


77
# File 'app/policies/angarium/api/policy.rb', line 77

def update? = true

#verify?Boolean

Returns:

  • (Boolean)


83
# File 'app/policies/angarium/api/policy.rb', line 83

def verify? = update?