Class: Legion::MCP::Tools::RbacCheck

Inherits:

MCP::Tool

Object
MCP::Tool
Legion::MCP::Tools::RbacCheck

show all

Extended by:: Logging::Helper

Defined in:: lib/legion/mcp/tools/rbac_check.rb

Class Method Summary collapse

.call(principal:, action:, resource:, roles: [], team: nil) ⇒ Object

Class Method Details

.call(principal:, action:, resource:, roles: [], team: nil) ⇒ `Object`

# File 'lib/legion/mcp/tools/rbac_check.rb', line 24

def call(principal:, action:, resource:, roles: [], team: nil)
  log.info('Starting legion.mcp.tools.rbac_check.call')
  return error_response('legion-rbac not installed') unless defined?(Legion::Rbac)

  p = Legion::Rbac::Principal.new(id: principal, roles: roles, team: team)
  result = Legion::Rbac::PolicyEngine.evaluate(principal: p, action: action, resource: resource,
                                               enforce: false)
  text_response(result)
rescue StandardError => e
  handle_exception(e, level: :warn, operation: 'legion.mcp.tools.rbac_check.call')
  log.warn("RbacCheck#call failed: #{e.message}")
  error_response("RBAC check failed: #{e.message}")
end

Class: Legion::MCP::Tools::RbacCheck

Class Method Summary collapse

Class Method Details

.call(principal:, action:, resource:, roles: [], team: nil) ⇒ Object

.call(principal:, action:, resource:, roles: [], team: nil) ⇒ `Object`