Class: RackJwtAegis::RbacManager

Inherits:
Object
  • Object
show all
Includes:
DebugLogger
Defined in:
lib/rack_jwt_aegis/rbac_manager.rb

Overview

Role-Based Access Control (RBAC) manager

Handles authorization by checking user permissions against cached RBAC data. Supports both simple boolean permissions and complex permission structures. Uses a two-tier caching system for performance optimization.

Examples:

Basic usage

config = Configuration.new(jwt_secret: 'secret', rbac_enabled: true, rbac_cache_store: :memory)
manager = RbacManager.new(config)
manager.authorize(request, jwt_payload)

Author:

  • Ken Camajalan Demanawa

Since:

  • 0.1.0

Instance Method Summary collapse

Methods included from DebugLogger

#debug_log

Constructor Details

#initialize(config) ⇒ RbacManager

Initialize the RBAC manager

Parameters:

Since:

  • 0.1.0



23
24
25
26
 
# File 'lib/rack_jwt_aegis/rbac_manager.rb', line 23

def initialize(config)
  @config = config
  setup_cache_adapters
end

Instance Method Details

#authorize(request, payload) ⇒ Object

Authorize a request against RBAC permissions

Parameters:

  • request (Rack::Request)

    the incoming request

  • payload (Hash)

    the JWT payload containing user information

Raises:

Since:

  • 0.1.0



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
 
# File 'lib/rack_jwt_aegis/rbac_manager.rb', line 33

def authorize(request, payload)
  user_id = payload[@config.payload_key(:user_id).to_s]
  raise AuthorizationError, 'User ID missing from JWT payload' if user_id.nil?

  # Build permission key
  permission_key = build_permission_key(user_id, request)
  return if check_cached_permission(permission_key) == true

  # Permission not cached or cache miss - check RBAC store
  has_permission = check_rbac_permission(user_id, request)
  # Cache the result if middleware has write access
  cache_permission_result(permission_key, has_permission)
  return if has_permission

  raise AuthorizationError, 'Access denied - insufficient permissions'
end