Class: Otto::Security::Authentication::Strategies::RoleStrategy

Inherits:

AuthStrategy

• Object
• AuthStrategy
• Otto::Security::Authentication::Strategies::RoleStrategy

Defined in:

lib/otto/security/authentication/strategies/role_strategy.rb

Overview

Role-based authentication strategy

Instance Method Summary

• #authenticate(env, requirement) ⇒ Object
• #initialize(allowed_roles, session_key: 'user_roles') ⇒ RoleStrategy constructor

  A new instance of RoleStrategy.

• #user_context(env) ⇒ Object

Constructor Details

#initialize(allowed_roles, session_key: 'user_roles') ⇒ RoleStrategy

Returns a new instance of RoleStrategy.

# File 'lib/otto/security/authentication/strategies/role_strategy.rb', line 13

def initialize(allowed_roles, session_key: 'user_roles')
  @allowed_roles = Array(allowed_roles)
  @session_key = session_key
end

Instance Method Details

#authenticate(env, requirement) ⇒ Object

# File 'lib/otto/security/authentication/strategies/role_strategy.rb', line 18

def authenticate(env, requirement)
  session = env['rack.session']
  return failure('No session available') unless session

  user_roles = session[@session_key] || []
  user_roles = Array(user_roles)

  # Create user data from session
  user_data = { user_roles: user_roles, session: session }

  # For requirements like "role:admin", extract the role part
  if requirement.include?(':')
    required_role = requirement.split(':', 2).last
    if user_roles.include?(required_role)
      success(user: user_data, user_roles: user_roles, required_role: required_role)
    else
      failure("Insufficient privileges - requires role: #{required_role}")
    end
  else
    # For direct strategy matches, check if user has any of the allowed roles
    matching_roles = user_roles & @allowed_roles
    if matching_roles.any?
      success(user: user_data, user_roles: user_roles, allowed_roles: @allowed_roles,
              matching_roles: matching_roles)
    else
      failure("Insufficient privileges - requires one of roles: #{@allowed_roles.join(', ')}")
    end
  end
end

#user_context(env) ⇒ Object

# File 'lib/otto/security/authentication/strategies/role_strategy.rb', line 48

def user_context(env)
  session = env['rack.session']
  return {} unless session

  user_roles = session[@session_key] || []
  { user_roles: Array(user_roles) }
end