Module: Legion::Extensions::MicrosoftTeams::Helpers::PermissionGuard

Includes:: Helpers::Lex

Included in:: Runners::ApiIngest, Runners::ProfileIngest

Defined in:: lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb

Constant Summary collapse

BACKOFF_SCHEDULE =

[60, 300, 1800, 7200, 28_800].freeze

Instance Method Summary collapse

#denial_info(endpoint) ⇒ Object
#guarded_request(endpoint) ⇒ Object
#permission_denied?(endpoint) ⇒ Boolean
#record_denial(endpoint, error_message) ⇒ Object
#reset_denials! ⇒ Object

Instance Method Details

#denial_info(endpoint) ⇒ `Object`



30
31
32

# File 'lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb', line 30

def denial_info(endpoint)
  permission_denials[endpoint]
end

#guarded_request(endpoint) ⇒ `Object`

# File 'lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb', line 38

def guarded_request(endpoint)
  return { skipped: true, endpoint: endpoint, reason: :permission_denied } if permission_denied?(endpoint)

  result = yield
  if result.is_a?(Hash) && result[:status] == 403
    msg = result.dig(:result, 'error', 'message') || 'Unknown'
    record_denial(endpoint, msg)
  end
  result
end

#permission_denied?(endpoint) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb', line 13

def permission_denied?(endpoint)
  denial = permission_denials[endpoint]
  return false unless denial

  Time.now.utc < denial[:retry_after]
end

#record_denial(endpoint, error_message) ⇒ `Object`

# File 'lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb', line 20

def record_denial(endpoint, error_message)
  denial = permission_denials[endpoint] || { count: 0 }
  denial[:count] += 1
  backoff = BACKOFF_SCHEDULE.fetch(denial[:count] - 1, BACKOFF_SCHEDULE.last)
  denial[:retry_after] = Time.now.utc + backoff
  permission_denials[endpoint] = denial
  log.warn("Graph API permission denied for #{endpoint}: #{error_message}. " \
           "Retry in #{backoff}s (attempt #{denial[:count]})")
end

#reset_denials! ⇒ `Object`



34
35
36

# File 'lib/legion/extensions/microsoft_teams/helpers/permission_guard.rb', line 34

def reset_denials!
  @permission_denials = {}
end

Module: Legion::Extensions::MicrosoftTeams::Helpers::PermissionGuard

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#denial_info(endpoint) ⇒ Object

#guarded_request(endpoint) ⇒ Object

#permission_denied?(endpoint) ⇒ Boolean

#record_denial(endpoint, error_message) ⇒ Object

#reset_denials! ⇒ Object

#denial_info(endpoint) ⇒ `Object`

#guarded_request(endpoint) ⇒ `Object`

#permission_denied?(endpoint) ⇒ `Boolean`

#record_denial(endpoint, error_message) ⇒ `Object`

#reset_denials! ⇒ `Object`