Class: Legion::Rbac::DenyRule

Inherits:

Object

• Object
• Legion::Rbac::DenyRule

Includes:

Logging::Helper

Defined in:

lib/legion/rbac/permission.rb

Instance Attribute Summary

• #above_level ⇒ Object readonly

  Returns the value of attribute above_level.

• #resource_pattern ⇒ Object readonly

  Returns the value of attribute resource_pattern.

Instance Method Summary

• #initialize(resource_pattern:, above_level: nil) ⇒ DenyRule constructor

  A new instance of DenyRule.

• #matches?(resource, **opts) ⇒ Boolean

Constructor Details

#initialize(resource_pattern:, above_level: nil) ⇒ DenyRule

Returns a new instance of DenyRule.

# File 'lib/legion/rbac/permission.rb', line 52

def initialize(resource_pattern:, above_level: nil)
  @resource_pattern = resource_pattern
  @above_level = above_level
  @resource_regex = self.class.send(:pattern_to_regex, resource_pattern)
end

Instance Attribute Details

#above_level ⇒ Object (readonly)

Returns the value of attribute above_level.

# File 'lib/legion/rbac/permission.rb', line 50

def above_level
  @above_level
end

#resource_pattern ⇒ Object (readonly)

Returns the value of attribute resource_pattern.

# File 'lib/legion/rbac/permission.rb', line 50

def resource_pattern
  @resource_pattern
end

Instance Method Details

#matches?(resource, **opts) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/legion/rbac/permission.rb', line 58

def matches?(resource, **opts)
  return false unless pattern_matches?(resource)

  if above_level.nil?
    log.debug("RBAC deny rule matched pattern=#{resource_pattern} resource=#{resource}")
    return true
  end

  level = opts[:level]
  return false if level.nil?

  matched = level > above_level
  log.debug("RBAC deny rule matched pattern=#{resource_pattern} resource=#{resource} level=#{level} above_level=#{above_level}") if matched
  matched
end