Class: VectorMCP::Security::Authorization

Inherits:

Object

• Object
• VectorMCP::Security::Authorization

Defined in:

lib/vector_mcp/security/authorization.rb

Overview

Manages authorization policies for VectorMCP servers Provides fine-grained access control for tools and resources

Instance Attribute Summary

• #enabled ⇒ Object readonly

  Returns the value of attribute enabled.

• #policies ⇒ Object readonly

  Returns the value of attribute policies.

Instance Method Summary

• #add_policy(resource_type, &block) ⇒ Object

  Add an authorization policy for a resource type.

• #authorize(user, action, resource) ⇒ Boolean

  Check if a user is authorized to perform an action on a resource.

• #disable! ⇒ Object

  Disable authorization (return to pass-through mode).

• #enable! ⇒ Object

  Enable authorization system.

• #initialize ⇒ Authorization constructor

  A new instance of Authorization.

• #policy_types ⇒ Array<Symbol>

  Get list of resource types with policies.

• #remove_policy(resource_type) ⇒ Object

  Remove an authorization policy.

• #required? ⇒ Boolean

  Check if authorization is required.

Constructor Details

#initialize ⇒ Authorization

Returns a new instance of Authorization.

# File 'lib/vector_mcp/security/authorization.rb', line 10

def initialize
  @policies = {}
  @enabled = false
  @logger = VectorMCP.logger_for("authorization")
end

Instance Attribute Details

#enabled ⇒ Object (readonly)

Returns the value of attribute enabled.

# File 'lib/vector_mcp/security/authorization.rb', line 8

def enabled
  @enabled
end

#policies ⇒ Object (readonly)

Returns the value of attribute policies.

# File 'lib/vector_mcp/security/authorization.rb', line 8

def policies
  @policies
end

Instance Method Details

#add_policy(resource_type, &block) ⇒ Object

Add an authorization policy for a resource type

Parameters:

• resource_type (Symbol) —

  the type of resource (e.g., :tool, :resource, :prompt)

• block (Proc) —

  the policy block that receives (user, action, resource)

# File 'lib/vector_mcp/security/authorization.rb', line 29

def add_policy(resource_type, &block)
  @policies[resource_type] = block
end

#authorize(user, action, resource) ⇒ Boolean

Check if a user is authorized to perform an action on a resource

Parameters:

• user (Object) —

  the authenticated user object

• action (Symbol) —

  the action being attempted (e.g., :call, :read, :list)

• resource (Object) —

  the resource being accessed

Returns:

• (Boolean) —

  true if authorized, false otherwise

# File 'lib/vector_mcp/security/authorization.rb', line 44

def authorize(user, action, resource)
  return true unless @enabled

  resource_type = determine_resource_type(resource)
  policy = @policies[resource_type]
  return true unless policy

  !!policy.call(user, action, resource)
rescue StandardError => e
  @logger.error("Authorization policy error for #{resource_type}: #{e.message}")
  false
end

#disable! ⇒ Object

Disable authorization (return to pass-through mode)

# File 'lib/vector_mcp/security/authorization.rb', line 22

def disable!
  @enabled = false
end

#enable! ⇒ Object

Enable authorization system

# File 'lib/vector_mcp/security/authorization.rb', line 17

def enable!
  @enabled = true
end

#policy_types ⇒ Array<Symbol>

Get list of resource types with policies

Returns:

• (Array<Symbol>) —

  array of resource types

# File 'lib/vector_mcp/security/authorization.rb', line 65

def policy_types
  @policies.keys
end

#remove_policy(resource_type) ⇒ Object

Remove an authorization policy

Parameters:

• resource_type (Symbol) —

  the resource type to remove policy for

# File 'lib/vector_mcp/security/authorization.rb', line 35

def remove_policy(resource_type)
  @policies.delete(resource_type)
end

#required? ⇒ Boolean

Check if authorization is required

Returns:

• (Boolean) —

  true if authorization is enabled

# File 'lib/vector_mcp/security/authorization.rb', line 59

def required?
  @enabled
end