Module: JwtAuthCognito::PermissionChecker

Defined in:
lib/jwt_auth_cognito/permission_checker.rb

Class Method Summary collapse

Class Method Details

.permission_in_list?(permission, permission_list) ⇒ Boolean

Checks whether a permission string is satisfied by any entry in permission_list. Supports wildcard patterns:

*                  — global wildcard (matches everything)
module:*           — prefix wildcard (matches module:action AND module:sub:action)
module:submodule:* — narrow prefix wildcard
*.action           — suffix wildcard (matches last segment across any depth)

Returns:

  • (Boolean) 


11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/jwt_auth_cognito/permission_checker.rb', line 11

def self.permission_in_list?(permission, permission_list)
  return false if permission_list.nil? || permission_list.empty?
  return true if permission_list.include?(permission)
  return true if permission_list.include?('*')

  permission_list.each do |p|
    if p.end_with?(':*')
      prefix = p[0..-3]
      return true if permission.start_with?("#{prefix}:")
    end

    if p.end_with?('.*')
      prefix = p[0..-3]
      return true if permission.start_with?("#{prefix}.")
    end

    next unless p.start_with?('*.')

    action = p[2..]
    return true if permission.end_with?(":#{action}") || permission.end_with?(".#{action}")
  end

  false
end