Module: Verikloak::Pundit::RoleMapper
- Defined in:
- lib/verikloak/pundit/role_mapper.rb
Overview
Maps roles to permissions using project configuration.
Class Method Summary collapse
-
.map(role, config) ⇒ String, ...
deprecated
Deprecated.
Use RoleMapper.permission_for instead. This method now delegates to it so that strict mode and explicit nil revocations are honored consistently by every caller.
-
.permission_for(role, config) ⇒ String, ...
Resolve the permission granted by a role, honoring strict mode.
Class Method Details
.map(role, config) ⇒ String, ...
Deprecated.
Use permission_for instead. This method now delegates to it so that strict mode and explicit nil revocations are honored consistently by every caller.
Map a Keycloak role to a domain permission via configuration.
17 18 19 |
# File 'lib/verikloak/pundit/role_mapper.rb', line 17 def map(role, config) (role, config) end |
.permission_for(role, config) ⇒ String, ...
Resolve the permission granted by a role, honoring strict mode. A role explicitly mapped to nil grants nothing even when strict mode is off — an explicit revocation of the role's implicit permission.
30 31 32 33 34 35 |
# File 'lib/verikloak/pundit/role_mapper.rb', line 30 def (role, config) key = role.to_sym return config.role_map[key] if config.role_map.key?(key) config. ? nil : role end |