Class: Yes::Command::Api::Commands::BatchAuthorizer

Inherits:

Object

Object
Yes::Command::Api::Commands::BatchAuthorizer

show all

Extended by:: Yes::Core::OpenTelemetry::Trackable

Defined in:: lib/yes/command/api/commands/batch_authorizer.rb

Overview

Authorizes a collection of commands using their respective authorizer classes. Raises if any command is not authorized.

Constant Summary collapse

CommandsNotAuthorized =

Class.new(Yes::Core::Error)

CommandAuthorizerNotFound =

Class.new(Yes::Core::Error)

Class Method Summary collapse

.call(commands, auth_data) ⇒ void

Authorizes the given commands with the provided auth data.

Class Method Details

.call(commands, auth_data) ⇒ `void`

This method returns an undefined value.

Authorizes the given commands with the provided auth data.

Parameters:

commands (Array<Yes::Core::Command>) —

commands to authorize
auth_data (Hash) —

authorization data

Raises:

(CommandsNotAuthorized) —

if any command is not authorized

# File 'lib/yes/command/api/commands/batch_authorizer.rb', line 22

def call(commands, auth_data)
  unauthorized = []

  commands.each do |command|
    authorizer = authorizer_for(command)
    authorizer.call(command, auth_data)
  rescue CommandAuthorizerNotFound
    unauthorized << unauthorized_data(command, 'Not allowed').tap do
      trace_error('Command authorizer not found', { command: command.to_json })
    end
  rescue Yes::Core::Authorization::CommandAuthorizer::CommandNotAuthorized => e
    unauthorized << unauthorized_data(command, e.message).tap do
      trace_error('Command not authorized', { command: })
    end
  end

  return unless unauthorized.any?

  trace_error('Unauthorized', { unauthorized: unauthorized.to_json })
  raise CommandsNotAuthorized.new(extra: unauthorized)
end