lib/authx/rpc/ability_handler.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# frozen_string_literal: true

class Organization
  class << self
    def find(id)
      new
    end
  end
end

module Authx
  module Rpc

    class AbilityHandler
      def allowed(request, env)
        puts [request, env, can?(request)].inspect

        {
          result: can?(request)
        }
      end

      private

      def can?(request)
        subject = subject_of(request.subject)
        resource = resource_from(request.resource)
        policy = DeclarativePolicy.policy_for(subject, resource)
        policy.can?(request.permission.to_sym)
      end

      def subject_of(token)
        _header, claims, _signature = from_jwt(token)
        claims[:sub]
      end

      def resource_from(global_id)
        # TODO:: Parse global id and convert to class
        GlobalID::Locator.locate(global_id)
      end

      # TODO:: validate signature
      def from_jwt(token)
        token
          .split('.', 3)
          .map { |x| JSON.parse(Base64.strict_decode64(x), symbolize_names: true) }
      end
    end
  end
end