Class: Otto::Security::RoleStrategy

Inherits:
AuthStrategy show all
Defined in:
lib/otto/security/authentication.rb

Overview

Role-based authentication strategy

Instance Method Summary collapse

Constructor Details

#initialize(allowed_roles, session_key: 'user_roles') ⇒ RoleStrategy

Returns a new instance of RoleStrategy.



102
103
104
105
 
# File 'lib/otto/security/authentication.rb', line 102

def initialize(allowed_roles, session_key: 'user_roles')
  @allowed_roles = Array(allowed_roles)
  @session_key = session_key
end

Instance Method Details

#authenticate(env, requirement) ⇒ Object 



107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
# File 'lib/otto/security/authentication.rb', line 107

def authenticate(env, requirement)
  session = env['rack.session']
  return failure('No session available') unless session

  user_roles = session[@session_key] || []
  user_roles = Array(user_roles)

  # For requirements like "role:admin", extract the role part
  if requirement.include?(':')
    required_role = requirement.split(':', 2).last
    if user_roles.include?(required_role)
      success(user_roles: user_roles, required_role: required_role)
    else
      failure("Insufficient privileges - requires role: #{required_role}")
    end
  else
    # For direct strategy matches, check if user has any of the allowed roles
    matching_roles = user_roles & @allowed_roles
    if matching_roles.any?
      success(user_roles: user_roles, allowed_roles: @allowed_roles, matching_roles: matching_roles)
    else
      failure("Insufficient privileges - requires one of roles: #{@allowed_roles.join(', ')}")
    end
  end
end

#user_context(env) ⇒ Object 



133
134
135
136
137
138
139
 
# File 'lib/otto/security/authentication.rb', line 133

def user_context(env)
  session = env['rack.session']
  return {} unless session

  user_roles = session[@session_key] || []
  { user_roles: Array(user_roles) }
end