Module: Legion::Extensions::Permissions

Defined in:
lib/legion/extensions/permissions.rb

Constant Summary collapse

SANDBOX_BASE =
File.expand_path('~/.legionio/data').freeze
DENY_LIST =
[
  File.expand_path('~/.ssh'),
  File.expand_path('~/.gnupg'),
  File.expand_path('~/.aws/credentials')
].freeze

Class Method Summary collapse

Class Method Details

.add_auto_approve(lex_name, globs) ⇒ Object



43
44
45
46
# File 'lib/legion/extensions/permissions.rb', line 43

def add_auto_approve(lex_name, globs)
  auto_approve_globs[lex_name] ||= []
  auto_approve_globs[lex_name].concat(Array(globs))
end

.allowed?(lex_name, path, access_type) ⇒ Boolean

Returns:

  • (Boolean)


19
20
21
22
23
24
25
26
27
# File 'lib/legion/extensions/permissions.rb', line 19

def allowed?(lex_name, path, access_type)
  expanded = File.expand_path(path)
  return false if denied?(expanded)
  return true if in_sandbox?(lex_name, expanded)
  return true if auto_approved?(lex_name, expanded)
  return true if explicitly_approved?(lex_name, expanded, access_type)

  false
end

.approve(lex_name, path, access_type) ⇒ Object



29
30
31
32
# File 'lib/legion/extensions/permissions.rb', line 29

def approve(lex_name, path, access_type)
  approvals[approval_key(lex_name, path, access_type)] = true
  persist_approval(lex_name, path, access_type, true)
end

.approved?(lex_name, path, access_type) ⇒ Boolean

Returns:

  • (Boolean)


39
40
41
# File 'lib/legion/extensions/permissions.rb', line 39

def approved?(lex_name, path, access_type)
  approvals[approval_key(lex_name, path, access_type)] == true
end

.declared_paths(lex_name) ⇒ Object



48
49
50
# File 'lib/legion/extensions/permissions.rb', line 48

def declared_paths(lex_name)
  declarations[lex_name] || { read_paths: [], write_paths: [] }
end

.deny(lex_name, path, access_type) ⇒ Object



34
35
36
37
# File 'lib/legion/extensions/permissions.rb', line 34

def deny(lex_name, path, access_type)
  approvals[approval_key(lex_name, path, access_type)] = false
  persist_approval(lex_name, path, access_type, false)
end

.register_paths(lex_name, read_paths: [], write_paths: []) ⇒ Object



52
53
54
# File 'lib/legion/extensions/permissions.rb', line 52

def register_paths(lex_name, read_paths: [], write_paths: [])
  declarations[lex_name] = { read_paths: Array(read_paths), write_paths: Array(write_paths) }
end

.reset!Object



56
57
58
59
60
# File 'lib/legion/extensions/permissions.rb', line 56

def reset!
  @approvals = {}
  @auto_approve_globs = {}
  @declarations = {}
end

.sandbox_path(lex_name) ⇒ Object



15
16
17
# File 'lib/legion/extensions/permissions.rb', line 15

def sandbox_path(lex_name)
  File.join(SANDBOX_BASE, lex_name)
end