Module: Legion::Rbac::Store

Extended by:
Logging::Helper
Defined in:
lib/legion/rbac/store.rb

Class Method Summary collapse

Class Method Details

.cross_team_grants_for(source_team:) ⇒ Object 



55
56
57
58
59
60
61
62
63
64
 
# File 'lib/legion/rbac/store.rb', line 55

def cross_team_grants_for(source_team:)
  return [] unless db_available?

  grants = Legion::Data::Model::RbacCrossTeamGrant.where(source_team: source_team).all.select(&:active?)
  log.info("RBAC cross_team_grants_for source_team=#{source_team} count=#{grants.size}")
  grants
rescue StandardError => e
  handle_exception(e, level: :error, operation: 'rbac.store.cross_team_grants_for', source_team: source_team)
  raise
end

.db_available?Boolean

Returns:

  • (Boolean) 


11
12
13
14
15
16
17
 
# File 'lib/legion/rbac/store.rb', line 11

def db_available?
  available = (defined?(Legion::Data) &&
              Legion::Settings[:data]&.dig(:connected) == true &&
              defined?(Legion::Data::Model::RbacRoleAssignment)) || false
  log.debug("RBAC store db_available=#{available}")
  available
end

.roles_for(principal_id:, principal_type: nil) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/legion/rbac/store.rb', line 19

def roles_for(principal_id:, principal_type: nil)
  source = db_available? ? 'db' : 'static'
  roles = if source == 'db'
            query = { principal_id: principal_id }
            query[:principal_type] = principal_type if principal_type
            Legion::Data::Model::RbacRoleAssignment.where(query).all.select(&:active?).map(&:role)
          else
            static_roles_for(principal_id, principal_type)
          end
  log.debug(
    "RBAC roles_for principal_id=#{principal_id} principal_type=#{principal_type || 'any'} " \
    "source=#{source} count=#{roles.size}"
  )
  roles
rescue StandardError => e
  handle_exception(
    e,
    level:          :error,
    operation:      'rbac.store.roles_for',
    principal_id:   principal_id,
    principal_type: principal_type
  )
  raise
end

.runner_grants_for(team:) ⇒ Object 



44
45
46
47
48
49
50
51
52
53
 
# File 'lib/legion/rbac/store.rb', line 44

def runner_grants_for(team:)
  return [] unless db_available?

  grants = Legion::Data::Model::RbacRunnerGrant.where(team: team).all
  log.info("RBAC runner_grants_for team=#{team} count=#{grants.size}")
  grants
rescue StandardError => e
  handle_exception(e, level: :error, operation: 'rbac.store.runner_grants_for', team: team)
  raise
end