Class: Scimitar::Schema::Rbac::Entitlement

Inherits:
Base
  • Object
show all
Defined in:
lib/scimitar/rbac/schema/entitlement.rb

Overview

SCIM schema for the Entitlement (permission) resource. Entitlements represent application-specific permissions, each belonging to one Application. The Role<->Entitlement relationship is the key missing link in standard SCIM that this profile addresses.

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeEntitlement

Returns a new instance of Entitlement.



11
12
13
14
15
16
17
18
 
# File 'lib/scimitar/rbac/schema/entitlement.rb', line 11

def initialize
  super(
    name:            "Entitlement",
    id:              self.class.id,
    description:     "Represents an RBAC Entitlement (permission) — an application-specific access right assignable to Roles.",
    scim_attributes: self.class.scim_attributes
  )
end

Class Method Details

.idObject 



20
21
22
 
# File 'lib/scimitar/rbac/schema/entitlement.rb', line 20

def self.id
  "urn:ietf:params:scim:schemas:extension:rbac:2.0:Entitlement"
end

.scim_attributesObject 



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/scimitar/rbac/schema/entitlement.rb', line 24

def self.scim_attributes
  @scim_attributes ||= [
    Scimitar::Schema::Attribute.new(name: "displayName", type: "string", required: true),
    Scimitar::Schema::Attribute.new(name: "type",        type: "string"),
    Scimitar::Schema::Attribute.new(name: "description", type: "string"),

    Scimitar::Schema::Attribute.new(name: "application",
      complexType: Scimitar::ComplexTypes::Rbac::ApplicationReference, mutability: "readWrite"),

    Scimitar::Schema::Attribute.new(name: "roles", multiValued: true,
      complexType: Scimitar::ComplexTypes::Rbac::RoleAssignment, mutability: "readOnly"),

    Scimitar::Schema::Attribute.new(name: "parentEntitlements", multiValued: true,
      complexType: Scimitar::ComplexTypes::Rbac::HierarchyMember),

    Scimitar::Schema::Attribute.new(name: "childEntitlements",  multiValued: true,
      complexType: Scimitar::ComplexTypes::Rbac::HierarchyMember, mutability: "readOnly"),

    Scimitar::Schema::Attribute.new(name: "limitedAssignmentsPermitted", type: "integer"),
    Scimitar::Schema::Attribute.new(name: "totalAssignmentsPermitted",   type: "integer"),
    Scimitar::Schema::Attribute.new(name: "totalAssignmentsUsed",        type: "integer", mutability: "readOnly"),
  ]
end