Class: Tep::Identity

Inherits:

Object

• Object
• Tep::Identity

Defined in:

lib/tep/identity.rb

Instance Attribute Summary

• #acting_via ⇒ Object readonly

  Tep::AgentDelegation or nil.

• #capabilities ⇒ Object readonly

  Array of symbols.

• #principal_id ⇒ Object readonly

  String, opaque to tep (apps own the format).

Class Method Summary

• .anonymous ⇒ Object

  The unauthenticated identity.

Instance Method Summary

• #agent? ⇒ Boolean
• #human? ⇒ Boolean
• #initialize(principal_id, acting_via, capabilities) ⇒ Identity constructor

  A new instance of Identity.

• #may?(cap) ⇒ Boolean
• #subject ⇒ Object

  Audit-friendly string.

Constructor Details

#initialize(principal_id, acting_via, capabilities) ⇒ Identity

Returns a new instance of Identity.

# File 'lib/tep/identity.rb', line 25

def initialize(principal_id, acting_via, capabilities)
  @principal_id = principal_id
  @acting_via   = acting_via
  @capabilities = capabilities
end

Instance Attribute Details

#acting_via ⇒ Object (readonly)

Tep::AgentDelegation or nil

# File 'lib/tep/identity.rb', line 22

def acting_via
  @acting_via
end

#capabilities ⇒ Object (readonly)

Array of symbols

# File 'lib/tep/identity.rb', line 23

def capabilities
  @capabilities
end

#principal_id ⇒ Object (readonly)

String, opaque to tep (apps own the format)

# File 'lib/tep/identity.rb', line 21

def principal_id
  @principal_id
end

Class Method Details

.anonymous ⇒ Object

The unauthenticated identity. Used by the Tep::Auth before- filter when no provider sniffed a credential off the request. Apps that gate routes on identity check the principal_id == “” shape; #may? returns false for everything since the cap array is empty.

# File 'lib/tep/identity.rb', line 36

def self.anonymous
  seed = [:_seed]
  seed.delete_at(0)
  Identity.new("", nil, seed)
end

Instance Method Details

#agent? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tep/identity.rb', line 46

def agent?
  @acting_via != nil
end

#human? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tep/identity.rb', line 42

def human?
  @acting_via == nil
end

#may?(cap) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tep/identity.rb', line 50

def may?(cap)
  @capabilities.include?(cap)
end

#subject ⇒ Object

Audit-friendly string. Humans render as “user:<principal>”; agents render as “agent:<agent_id>/<principal>” – the slash makes the principal-of-record visible at a glance and is the standard shape every log line and Broadcast ‘from` field should carry.

# File 'lib/tep/identity.rb', line 59

def subject
  if @acting_via == nil
    "user:" + @principal_id
  else
    "agent:" + @acting_via.agent_id + "/" + @principal_id
  end
end