Class: Otto::Security::PermissionStrategy

Inherits:

AuthStrategy

• Object
• AuthStrategy
• Otto::Security::PermissionStrategy

Defined in:

lib/otto/security/authentication.rb

Overview

Permission-based authentication strategy

Instance Method Summary

• #authenticate(env, requirement) ⇒ Object
• #initialize(required_permissions, session_key: 'user_permissions') ⇒ PermissionStrategy constructor

  A new instance of PermissionStrategy.

• #user_context(env) ⇒ Object

Constructor Details

#initialize(required_permissions, session_key: 'user_permissions') ⇒ PermissionStrategy

Returns a new instance of PermissionStrategy.

# File 'lib/otto/security/authentication.rb', line 171

def initialize(required_permissions, session_key: 'user_permissions')
  @required_permissions = Array(required_permissions)
  @session_key = session_key
end

Instance Method Details

#authenticate(env, requirement) ⇒ Object

# File 'lib/otto/security/authentication.rb', line 176

def authenticate(env, requirement)
  session = env['rack.session']
  return failure('No session available') unless session

  user_permissions = session[@session_key] || []
  user_permissions = Array(user_permissions)

  # Extract permission from requirement (e.g., "permission:write" -> "write")
  required_permission = requirement.split(':', 2).last

  if user_permissions.include?(required_permission)
    success(user_permissions: user_permissions, required_permission: required_permission)
  else
    failure("Insufficient privileges - requires permission: #{required_permission}")
  end
end

#user_context(env) ⇒ Object

# File 'lib/otto/security/authentication.rb', line 193

def user_context(env)
  session = env['rack.session']
  return {} unless session

  user_permissions = session[@session_key] || []
  { user_permissions: Array(user_permissions) }
end