principal.rb in shamu-0.0.24

- old
+ new

@@ -26,18 +26,24 @@
       # @return [Boolean] true if the user has elevated this session by
       #     providing their credentials.
         attr_reader :elevated
         alias_method :elevated?, :elevated
 
+      # @!attribute
+      # @return [Array<Symbol>] security scopes the principal may be used to
+      # authenticate against. When empty, no limits are imposed.
+        attr_reader :scopes
+
       #
       # @!endgroup Attributes
 
-      def initialize( user_id: nil, parent_principal: nil, remote_ip: nil, elevated: false )
+      def initialize( user_id: nil, parent_principal: nil, remote_ip: nil, elevated: false, scopes: nil )
         @user_id          = user_id
         @parent_principal = parent_principal
         @remote_ip        = remote_ip
         @elevated         = elevated
+        @scopes           = scopes
       end
 
       # @return [Array<Object>] all of the user ids in the security principal
       #  chain, starting from the root.
       def user_id_chain
@@ -71,8 +77,22 @@
       #     another and requesting that the downstream service delegate security
       #     checks to the calling service.
       def service_delegate?
       end
 
+      # @param [Symbol] scope
+      # @return [Boolean] true if the principal is scoped to authenticate the
+      # user for the given scope.
+      def scoped?( scope )
+        scopes.nil? || scopes.include?( scope )
+      end
+
+      # @!attribute
+      # @return [Boolean] true if there is no user associated with the
+      # principal.
+      def anonymous?
+        !user_id
+      end
+
     end
   end
-end
\ No newline at end of file
+end