Module: Legion::Extensions::Permissions
- Defined in:
- lib/legion/extensions/permissions.rb
Constant Summary collapse
- SANDBOX_BASE =
File.('~/.legionio/data').freeze
- DENY_LIST =
[ File.('~/.ssh'), File.('~/.gnupg'), File.('~/.aws/credentials') ].freeze
Class Method Summary collapse
- .add_auto_approve(lex_name, globs) ⇒ Object
- .allowed?(lex_name, path, access_type) ⇒ Boolean
- .approve(lex_name, path, access_type) ⇒ Object
- .approved?(lex_name, path, access_type) ⇒ Boolean
- .declared_paths(lex_name) ⇒ Object
- .deny(lex_name, path, access_type) ⇒ Object
- .register_paths(lex_name, read_paths: [], write_paths: []) ⇒ Object
- .reset! ⇒ Object
- .sandbox_path(lex_name) ⇒ Object
Class Method Details
.add_auto_approve(lex_name, globs) ⇒ Object
43 44 45 46 |
# File 'lib/legion/extensions/permissions.rb', line 43 def add_auto_approve(lex_name, globs) auto_approve_globs[lex_name] ||= [] auto_approve_globs[lex_name].concat(Array(globs)) end |
.allowed?(lex_name, path, access_type) ⇒ Boolean
19 20 21 22 23 24 25 26 27 |
# File 'lib/legion/extensions/permissions.rb', line 19 def allowed?(lex_name, path, access_type) = File.(path) return false if denied?() return true if in_sandbox?(lex_name, ) return true if auto_approved?(lex_name, ) return true if explicitly_approved?(lex_name, , access_type) false end |
.approve(lex_name, path, access_type) ⇒ Object
29 30 31 32 |
# File 'lib/legion/extensions/permissions.rb', line 29 def approve(lex_name, path, access_type) approvals[approval_key(lex_name, path, access_type)] = true persist_approval(lex_name, path, access_type, true) end |
.approved?(lex_name, path, access_type) ⇒ Boolean
39 40 41 |
# File 'lib/legion/extensions/permissions.rb', line 39 def approved?(lex_name, path, access_type) approvals[approval_key(lex_name, path, access_type)] == true end |
.declared_paths(lex_name) ⇒ Object
48 49 50 |
# File 'lib/legion/extensions/permissions.rb', line 48 def declared_paths(lex_name) declarations[lex_name] || { read_paths: [], write_paths: [] } end |
.deny(lex_name, path, access_type) ⇒ Object
34 35 36 37 |
# File 'lib/legion/extensions/permissions.rb', line 34 def deny(lex_name, path, access_type) approvals[approval_key(lex_name, path, access_type)] = false persist_approval(lex_name, path, access_type, false) end |
.register_paths(lex_name, read_paths: [], write_paths: []) ⇒ Object
52 53 54 |
# File 'lib/legion/extensions/permissions.rb', line 52 def register_paths(lex_name, read_paths: [], write_paths: []) declarations[lex_name] = { read_paths: Array(read_paths), write_paths: Array(write_paths) } end |
.reset! ⇒ Object
56 57 58 59 60 |
# File 'lib/legion/extensions/permissions.rb', line 56 def reset! @approvals = {} @auto_approve_globs = {} @declarations = {} end |
.sandbox_path(lex_name) ⇒ Object
15 16 17 |
# File 'lib/legion/extensions/permissions.rb', line 15 def sandbox_path(lex_name) File.join(SANDBOX_BASE, lex_name) end |