Class: Angarium::Api::Policy
- Inherits:
-
Object
- Object
- Angarium::Api::Policy
- Defined in:
- app/policies/angarium/api/policy.rb
Overview
The single place for API authorization:
#scope(relation) narrows a base relation to what this user may see
#owner who a newly-created endpoint belongs to
#<action>? whether each action is allowed
Angarium instantiates config.policy_class per request with the controller
and (for member actions) the target record, and runs it in the controller's
context, so current_user, params, and controller are available.
Defaults are permissive and single-owner: you see and create your own endpoints and may do anything to them. Subclass and override to change the scope, support multi-tenancy or admin-on-behalf-of, or restrict actions.
Instance Attribute Summary collapse
-
#controller ⇒ Object
readonly
Returns the value of attribute controller.
-
#record ⇒ Object
readonly
Returns the value of attribute record.
Instance Method Summary collapse
- #create? ⇒ Boolean
-
#create_unverified? ⇒ Boolean
Should endpoints created through the API start
unverified(receiving no deliveries until a successful ping verifies them)? Default: no, they go live immediately. - #current_user ⇒ Object
- #destroy? ⇒ Boolean
- #enable? ⇒ Boolean
-
#expose_owner? ⇒ Boolean
Should serialized endpoints include their owner (owner_type/owner_id)? Default: no.
- #index? ⇒ Boolean
-
#initialize(controller, record = nil) ⇒ Policy
constructor
A new instance of Policy.
-
#owner ⇒ Object
Owner assigned to a newly-created endpoint.
- #params ⇒ Object
- #pause? ⇒ Boolean
-
#permit_allow_private_network? ⇒ Boolean
May the API set allow_private_network? Default: no.
-
#permit_allowed_networks? ⇒ Boolean
May the API set allowed_networks (a per-endpoint CIDR allowlist)? Default: no.
- #ping? ⇒ Boolean
- #redeliver? ⇒ Boolean
- #rotate_secret? ⇒ Boolean
-
#scope(relation) ⇒ Object
Narrow the given base relation to the endpoints this user may see and act on (reads and finds go through this; deliveries and attempts scope through their endpoint).
- #show? ⇒ Boolean
- #update? ⇒ Boolean
- #verify? ⇒ Boolean
Constructor Details
#initialize(controller, record = nil) ⇒ Policy
Returns a new instance of Policy.
18 19 20 21 |
# File 'app/policies/angarium/api/policy.rb', line 18 def initialize(controller, record = nil) @controller = controller @record = record end |
Instance Attribute Details
#controller ⇒ Object (readonly)
Returns the value of attribute controller.
16 17 18 |
# File 'app/policies/angarium/api/policy.rb', line 16 def controller @controller end |
#record ⇒ Object (readonly)
Returns the value of attribute record.
16 17 18 |
# File 'app/policies/angarium/api/policy.rb', line 16 def record @record end |
Instance Method Details
#create? ⇒ Boolean
76 |
# File 'app/policies/angarium/api/policy.rb', line 76 def create? = true |
#create_unverified? ⇒ Boolean
Should endpoints created through the API start unverified (receiving no
deliveries until a successful ping verifies them)? Default: no, they go
live immediately. Override to require endpoints to prove themselves first.
43 44 45 |
# File 'app/policies/angarium/api/policy.rb', line 43 def create_unverified? false end |
#current_user ⇒ Object
23 |
# File 'app/policies/angarium/api/policy.rb', line 23 def current_user = controller.angarium_current_user |
#destroy? ⇒ Boolean
78 |
# File 'app/policies/angarium/api/policy.rb', line 78 def destroy? = true |
#enable? ⇒ Boolean
82 |
# File 'app/policies/angarium/api/policy.rb', line 82 def enable? = update? |
#expose_owner? ⇒ Boolean
Should serialized endpoints include their owner (owner_type/owner_id)? Default: no. The owner is the tenancy boundary, resolved server-side, so the single-owner default has no reason to echo it back. Override for an admin/multi-tenant console that lists endpoints across owners and needs to tell them apart. The raw columns are exposed (already loaded on the row), not the owner record, so this adds no per-row database fetch.
70 71 72 |
# File 'app/policies/angarium/api/policy.rb', line 70 def expose_owner? false end |
#index? ⇒ Boolean
74 |
# File 'app/policies/angarium/api/policy.rb', line 74 def index? = true |
#owner ⇒ Object
Owner assigned to a newly-created endpoint. Override to let an admin
create on behalf of another owner (e.g. read a param), then gate who may
do so in #create? via record.owner.
36 37 38 |
# File 'app/policies/angarium/api/policy.rb', line 36 def owner current_user end |
#params ⇒ Object
24 |
# File 'app/policies/angarium/api/policy.rb', line 24 def params = controller.params |
#pause? ⇒ Boolean
81 |
# File 'app/policies/angarium/api/policy.rb', line 81 def pause? = update? |
#permit_allow_private_network? ⇒ Boolean
May the API set allow_private_network? Default: no. This relaxes SSRF protection (delivery to private/loopback addresses), so an end user who can set it can point a webhook at your internal network. Trusted operators only.
51 52 53 |
# File 'app/policies/angarium/api/policy.rb', line 51 def permit_allow_private_network? false end |
#permit_allowed_networks? ⇒ Boolean
May the API set allowed_networks (a per-endpoint CIDR allowlist)? Default: no. Unlike allow_private_network this only restricts where an endpoint may deliver, so it's safe to expose more widely, but it's gated independently so you can allow it without allowing the private-network relaxation.
60 61 62 |
# File 'app/policies/angarium/api/policy.rb', line 60 def permit_allowed_networks? false end |
#ping? ⇒ Boolean
84 |
# File 'app/policies/angarium/api/policy.rb', line 84 def ping? = update? |
#redeliver? ⇒ Boolean
85 |
# File 'app/policies/angarium/api/policy.rb', line 85 def redeliver? = update? |
#rotate_secret? ⇒ Boolean
80 |
# File 'app/policies/angarium/api/policy.rb', line 80 def rotate_secret? = update? |
#scope(relation) ⇒ Object
Narrow the given base relation to the endpoints this user may see and act on (reads and finds go through this; deliveries and attempts scope through their endpoint). Receives a relation so you can compose on top of it.
29 30 31 |
# File 'app/policies/angarium/api/policy.rb', line 29 def scope(relation) relation.where(owner: current_user) end |
#show? ⇒ Boolean
75 |
# File 'app/policies/angarium/api/policy.rb', line 75 def show? = true |
#update? ⇒ Boolean
77 |
# File 'app/policies/angarium/api/policy.rb', line 77 def update? = true |
#verify? ⇒ Boolean
83 |
# File 'app/policies/angarium/api/policy.rb', line 83 def verify? = update? |