Class: Yes::Auth::Cerbos::WriteResourceAccess::PrincipalData

Inherits:

Object

Object
Yes::Auth::Cerbos::WriteResourceAccess::PrincipalData

show all

Defined in:: lib/yes/auth/cerbos/write_resource_access/principal_data.rb

Overview

Builds principal data for Cerbos authorization based on write resource accesses.

Examples:

Building principal data

Yes::Auth::Cerbos::WriteResourceAccess::PrincipalData.call(identity_id: 'user-uuid')
# => { id: 'identity-id', roles: ['role1'], attributes: { ... } }

Class Method Summary collapse

.call(auth_data) ⇒ Hash

Cerbos-compatible principal data, or empty hash if principal not found.

Class Method Details

.call(auth_data) ⇒ `Hash`

Returns Cerbos-compatible principal data, or empty hash if principal not found.

Parameters:

auth_data (Hash) —

authentication data containing :identity_id

Returns:

(Hash) —

Cerbos-compatible principal data, or empty hash if principal not found

# File 'lib/yes/auth/cerbos/write_resource_access/principal_data.rb', line 16

def call(auth_data)
  return {} unless (principal = load_principal(auth_data[:identity_id]))

  write_resource_accesses = load_write_resource_accesses(principal.id)

  {
    id: principal.identity_id,
    roles: roles(principal),
    attributes: attributes(principal, write_resource_accesses)
  }.with_indifferent_access
end