Class: Protege::Gateway::AccessControl

Inherits:
Object
  • Object
show all
Defined in:
lib/protege/gateway/access_control.rb

Overview

The inbound access guardrail: composes every access-policy layer that applies to a persona and answers the one question the Gateway asks — may this sender reach this persona? A gateway concern (inbound mail authorization), it lives beside the other Gateway protocol pieces and is called from the Gateway's inbound edge, AgentMailbox.

Composition is by intersection: a sender is permitted only when every layer permits it (logical AND). Because intersection is commutative there is no precedence to reason about — the order of layers never changes the outcome — and the security property falls out for free: a layer can only narrow the set of admitted senders, never widen it. So a per-persona rule can tighten who reaches that agent but can never punch through the committed org-wide ceiling.

Two layers exist today — the committed global policy (+Protege.configuration.inbound_access+) and the persona's runtime rules (+AccessRule.policy_for+). This composer is the single seam the rest of the engine calls; adding a layer later (e.g. a per-persona-class committed policy) is a one-line change to #policies, never a change at the call sites.

Examples:

Gate an inbound sender

Gateway::AccessControl.for(persona:).permits?(address: mail.from.first)

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(persona:) ⇒ void

Parameters:



39
40
41
# File 'lib/protege/gateway/access_control.rb', line 39

def initialize(persona:)
  @persona = persona
end

Instance Attribute Details

#personaProtege::Persona (readonly)

Returns the persona the inbound mail is addressed to.

Returns:



25
26
27
# File 'lib/protege/gateway/access_control.rb', line 25

def persona
  @persona
end

Class Method Details

.for(persona:) ⇒ Protege::Gateway::AccessControl

Build the access control for a persona. Factory mirror of .new reading as a lookup.

Parameters:

Returns:



32
33
34
# File 'lib/protege/gateway/access_control.rb', line 32

def for(persona:)
  new(persona:)
end

Instance Method Details

#permits?(address:) ⇒ Boolean

Decide whether a sender may reach this persona, intersecting all applicable layers.

Parameters:

  • address (String)

    the raw sender address

Returns:

  • (Boolean)

    true only when every layer permits the sender



47
48
49
# File 'lib/protege/gateway/access_control.rb', line 47

def permits?(address:)
  policies.all? { |policy| policy.permits?(address:) }
end