Class: Yes::Auth::Cerbos::ReadResourceAccess::PrincipalData

Inherits:

Object

• Object
• Yes::Auth::Cerbos::ReadResourceAccess::PrincipalData

Defined in:

lib/yes/auth/cerbos/read_resource_access/principal_data.rb

Overview

Builds principal data for Cerbos authorization based on read resource accesses.

Examples:

Building principal data

Yes::Auth::Cerbos::ReadResourceAccess::PrincipalData.call(identity_id: 'user-uuid')
# => { id: 'identity-id', roles: ['role1'], attributes: { ... } }

Class Method Summary

• .call(auth_data) ⇒ Hash

  Cerbos-compatible principal data, or empty hash if principal not found.

Class Method Details

.call(auth_data) ⇒ Hash

Returns Cerbos-compatible principal data, or empty hash if principal not found.

Parameters:

• auth_data (Hash) —

  authentication data containing :identity_id

Returns:

• (Hash) —

  Cerbos-compatible principal data, or empty hash if principal not found

# File 'lib/yes/auth/cerbos/read_resource_access/principal_data.rb', line 16

def call(auth_data)
  return {} unless (principal = load_principal(auth_data[:identity_id]))

  read_resource_accesses = load_read_resource_accesses(principal.id)

  {
    id: principal.identity_id,
    roles: roles(principal),
    attributes: attributes(principal, read_resource_accesses)
  }.with_indifferent_access
end