Module: KindeSdk::Client::Permissions

Includes:
Logging
Included in:
KindeSdk::Client
Defined in:
lib/kinde_sdk/client/permissions.rb

Instance Method Summary collapse

Methods included from Logging

#log_debug, #log_error, #log_info, #log_warning, resolve_logger, write_log

Instance Method Details

#get_permission(permission, options = {}) ⇒ Hash

Get a specific permission status

Parameters:

  • permission (String)

    The permission key to check

  • options (Hash) (defaults to: {})

    Options for retrieving permissions (same as get_permissions)

Returns:

  • (Hash)

    Hash containing org_code and is_granted status



49
50
51
52
53
54
55
56
# File 'lib/kinde_sdk/client/permissions.rb', line 49

def get_permission(permission, options = {})
  permissions_data = get_permissions(options)
  
  {
    org_code: permissions_data[:org_code],
    is_granted: permissions_data[:permissions]&.include?(permission) || false
  }
end

#get_permissions(options = {}) ⇒ Hash

Get all permissions for the authenticated user Matches the JavaScript SDK API: getPermissions(options?)

Examples:

# Soft check (from token)
client.get_permissions
# => { org_code: "org_123", permissions: ["read:users", "write:posts"] }

# Hard check (from API)
client.get_permissions(force_api: true)
# => { org_code: "org_123", permissions: ["read:users", "write:posts", "admin:all"] }

# Legacy backward compatibility
client.get_permissions(:id_token)
# => { org_code: "org_123", permissions: ["read:users", "write:posts"] }

Parameters:

  • options (Hash, Symbol) (defaults to: {})

    Options for retrieving permissions, or legacy token_type symbol

Options Hash (options):

  • :force_api (Boolean) — default: false

    If true, calls the API to get fresh permissions, otherwise extracts from token claims. Useful for ensuring latest permissions but may incur additional API calls

  • :token_type (Symbol) — default: :access_token

    The token type to use for soft check (:access_token or :id_token)

Returns:

  • (Hash)

    Hash containing org_code and permissions array



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/kinde_sdk/client/permissions.rb', line 25

def get_permissions(options = {})
  # Handle legacy positional argument for backward compatibility
  if options.is_a?(Symbol)
    options = { token_type: options }
  end
  
  # Extract options with defaults - use member variable if not overridden
  force_api = options[:force_api] || @force_api || false
  token_type = options[:token_type] || :access_token

  if force_api
    # Hard check - call API for fresh permissions
    get_permissions_from_api
  else
    # Soft check - extract from token claims
    get_permissions_from_token(token_type)
  end
end

#get_permissions_legacy(token_type = :access_token) ⇒ Object

Backward compatibility method - matches existing Ruby SDK API



92
93
94
# File 'lib/kinde_sdk/client/permissions.rb', line 92

def get_permissions_legacy(token_type = :access_token)
  get_claim("permissions", token_type)&.dig(:value)
end

#getAllPermissionsArray Also known as: all_permissions

Get all permissions with automatic pagination (hard check) Matches PHP: $client->getAllPermissions()

Returns:

  • (Array)

    Array of permission keys



81
82
83
84
85
86
# File 'lib/kinde_sdk/client/permissions.rb', line 81

def getAllPermissions
  # Use client's force_api setting, default to true for PHP SDK compatibility
  force_api_setting = @force_api.nil? ? true : @force_api
  permissions_data = get_permissions(force_api: force_api_setting)
  permissions_data[:permissions] || []
end

#getPermissionsHash

PHP SDK compatible alias for get_permissions with hard check Matches PHP: $client->getPermissions()

Returns:

  • (Hash)

    Hash containing org_code and permissions array



71
72
73
74
75
# File 'lib/kinde_sdk/client/permissions.rb', line 71

def getPermissions
  # Use client's force_api setting, default to true for PHP SDK compatibility
  force_api_setting = @force_api.nil? ? true : @force_api
  get_permissions(force_api: force_api_setting)
end

#permission_granted?(permission, options = {}) ⇒ Boolean

Check if a permission is granted

Parameters:

  • permission (String)

    The permission key to check

  • options (Hash) (defaults to: {})

    Options for retrieving permissions

Returns:

  • (Boolean)

    True if permission is granted, false otherwise



63
64
65
# File 'lib/kinde_sdk/client/permissions.rb', line 63

def permission_granted?(permission, options = {})
  get_permission(permission, options)[:is_granted]
end