apiphobic-authorization 1.5.0 → 1.7.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/LICENSE.txt +1 -1
- data/lib/apiphobic/authorization/authorizer.rb +1 -3
- data/lib/apiphobic/authorization/authorizers/parameters.rb +19 -29
- data/lib/apiphobic/authorization/authorizers/scope.rb +6 -6
- data/lib/apiphobic/authorization/resource.rb +19 -5
- data/lib/apiphobic/authorization/version.rb +1 -1
- data/lib/apiphobic/errors/unpermitted_inclusions.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +45 -39
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c135e4a79e3b2097aa987b0916813ab570e8125068e85de6e7344551fa1002e5
|
4
|
+
data.tar.gz: a08e93dea792d5a558858311162fd3481f6cdfb770b85cd1aefc2880975258ff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 321a53341b56b78dc15dd41e8e3dd5ad8ac56ac95421e0adb274bfdfbe284b97ca4b0d0974cefce58cdaa11208641c4c4cf641c06c6afb6115fe6096488d5b40
|
7
|
+
data.tar.gz: f11fc3cc8c28a7367607ef6c357a0a71951704fd89382314085daa2256e30d8a6aa696fbdf16517b030a6d3a321c0c590ac5f72754da72ec41c2c635dec1e384
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/LICENSE.txt
CHANGED
@@ -9,8 +9,7 @@ class Authorizer
|
|
9
9
|
:token,
|
10
10
|
:audience
|
11
11
|
|
12
|
-
# rubocop:disable Metrics/ParameterLists
|
13
|
-
def initialize(action:, token:, audience:, issuer:, parameters:, resource:, **other)
|
12
|
+
def initialize(action:, token:, audience:, issuer:, parameters:, resource:, **other) # rubocop:disable Metrics/ParameterLists
|
14
13
|
self.action = action
|
15
14
|
self.audience = audience
|
16
15
|
self.parameters = parameters
|
@@ -21,7 +20,6 @@ class Authorizer
|
|
21
20
|
public_send("#{name}=", value)
|
22
21
|
end
|
23
22
|
end
|
24
|
-
# rubocop:enable Metrics/ParameterLists
|
25
23
|
|
26
24
|
alias user audience
|
27
25
|
|
@@ -4,7 +4,6 @@ require 'apple_core/refinements/deep_dup'
|
|
4
4
|
require 'apiphobic/errors/unpermitted_inclusions'
|
5
5
|
require 'apiphobic/errors/unpermitted_sorts'
|
6
6
|
|
7
|
-
# rubocop:disable Metrics/ClassLength
|
8
7
|
module Apiphobic
|
9
8
|
module Authorization
|
10
9
|
module Authorizers
|
@@ -23,8 +22,7 @@ class Parameters
|
|
23
22
|
:authorized_sorts,
|
24
23
|
:ignored_attributes
|
25
24
|
|
26
|
-
# rubocop:disable Metrics/ParameterLists
|
27
|
-
def initialize(action:, token:, audience:, issuer:, parameters:, **other)
|
25
|
+
def initialize(action:, token:, audience:, issuer:, parameters:, **other) # rubocop:disable Metrics/ParameterLists
|
28
26
|
self.action = action
|
29
27
|
self.audience = audience
|
30
28
|
self.parameters = parameters.deep_dup
|
@@ -34,7 +32,6 @@ class Parameters
|
|
34
32
|
public_send("#{name}=", value)
|
35
33
|
end
|
36
34
|
end
|
37
|
-
# rubocop:enable Metrics/ParameterLists
|
38
35
|
|
39
36
|
alias user audience
|
40
37
|
|
@@ -94,8 +91,7 @@ class Parameters
|
|
94
91
|
@ignored_attributes || []
|
95
92
|
end
|
96
93
|
|
97
|
-
# rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity
|
98
|
-
def call
|
94
|
+
def call # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
99
95
|
sliced_parameters = authorized_parameters.map { |v| v.is_a?(::Hash) ? v[:name] : v }
|
100
96
|
|
101
97
|
parameters.slice!(*sliced_parameters)
|
@@ -138,7 +134,6 @@ class Parameters
|
|
138
134
|
|
139
135
|
parameters.permit(*authorization)
|
140
136
|
end
|
141
|
-
# rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity
|
142
137
|
|
143
138
|
private
|
144
139
|
|
@@ -197,10 +192,10 @@ class Parameters
|
|
197
192
|
def authorize_parameter(name:,
|
198
193
|
value:,
|
199
194
|
authorization_parameters:,
|
200
|
-
authorization_value: nil,
|
201
195
|
raw_parameters:,
|
202
|
-
|
203
|
-
|
196
|
+
authorization_value: nil,
|
197
|
+
allowed_values: nil,
|
198
|
+
override: {})
|
204
199
|
|
205
200
|
value = override_parameter(name: name,
|
206
201
|
value: value,
|
@@ -211,7 +206,7 @@ class Parameters
|
|
211
206
|
|
212
207
|
if authorization_value
|
213
208
|
authorization_parameters[0][name] = authorization_value
|
214
|
-
elsif value.
|
209
|
+
elsif value.instance_of?(::Array)
|
215
210
|
authorization_parameters[0][name] = []
|
216
211
|
else
|
217
212
|
authorization_parameters << name
|
@@ -254,21 +249,19 @@ class Parameters
|
|
254
249
|
parameters[:data][:relationships] = raw_parameter_relationships.delete_if(&key_match)
|
255
250
|
end
|
256
251
|
|
257
|
-
# rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
258
|
-
def override_parameter(name:, value:, hash:, override:)
|
252
|
+
def override_parameter(name:, value:, hash:, override:) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
259
253
|
override = { with: nil, if_admin: false, if_absent: true, if_blank: true }
|
260
254
|
.merge(override)
|
261
255
|
|
262
|
-
return value
|
263
|
-
|
264
|
-
|
265
|
-
|
256
|
+
return value if !override[:with] ||
|
257
|
+
(token.admin? && !override[:if_admin]) ||
|
258
|
+
(!hash.has_key?(name) && !override[:if_absent]) ||
|
259
|
+
(hash.has_key?(name) && value.nil? && !override[:if_blank])
|
266
260
|
|
267
261
|
hash[name] = override[:with]
|
268
262
|
|
269
263
|
override[:with]
|
270
264
|
end
|
271
|
-
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
272
265
|
|
273
266
|
def authorized_data_parameter
|
274
267
|
authorization[0][:data][2]
|
@@ -286,16 +279,14 @@ class Parameters
|
|
286
279
|
authorization[0][:filter] ||= [{}]
|
287
280
|
end
|
288
281
|
|
289
|
-
# rubocop:disable Layout/ExtraSpacing
|
290
282
|
def raw_parameter_attributes
|
291
283
|
@raw_parameter_attributes ||= begin
|
292
|
-
|
293
|
-
|
284
|
+
parameters[:data] ||= {}
|
285
|
+
parameters[:data][:attributes] ||= {}
|
294
286
|
|
295
|
-
|
296
|
-
|
287
|
+
parameters[:data][:attributes]
|
288
|
+
end
|
297
289
|
end
|
298
|
-
# rubocop:enable Layout/ExtraSpacing
|
299
290
|
|
300
291
|
def raw_parameter_filters
|
301
292
|
@raw_parameter_filters ||= parameters[:filter] ||= {}
|
@@ -307,11 +298,11 @@ class Parameters
|
|
307
298
|
|
308
299
|
def raw_parameter_relationships
|
309
300
|
@raw_parameter_relationships ||= begin
|
310
|
-
|
311
|
-
|
301
|
+
parameters[:data] ||= {}
|
302
|
+
parameters[:data][:relationships] ||= {}
|
312
303
|
|
313
|
-
|
314
|
-
|
304
|
+
parameters[:data][:relationships]
|
305
|
+
end
|
315
306
|
end
|
316
307
|
|
317
308
|
def raw_parameter_sorts
|
@@ -337,4 +328,3 @@ end
|
|
337
328
|
end
|
338
329
|
end
|
339
330
|
end
|
340
|
-
# rubocop:enable Metrics/ClassLength
|
@@ -14,8 +14,7 @@ class Scope
|
|
14
14
|
:scope_root,
|
15
15
|
:token
|
16
16
|
|
17
|
-
# rubocop:disable Metrics/ParameterLists
|
18
|
-
def initialize(action:, token:, audience:, issuer:, parameters:, scope_root:, **other)
|
17
|
+
def initialize(action:, token:, audience:, issuer:, parameters:, scope_root:, **other) # rubocop:disable Metrics/ParameterLists
|
19
18
|
self.action = action
|
20
19
|
self.audience = audience
|
21
20
|
self.raw_parameters = parameters
|
@@ -26,7 +25,6 @@ class Scope
|
|
26
25
|
public_send("#{name}=", value)
|
27
26
|
end
|
28
27
|
end
|
29
|
-
# rubocop:enable Metrics/ParameterLists
|
30
28
|
|
31
29
|
alias user audience
|
32
30
|
|
@@ -54,10 +52,12 @@ class Scope
|
|
54
52
|
|
55
53
|
def user_underscored_class_name
|
56
54
|
@user_underscored_class_name ||= begin
|
57
|
-
|
55
|
+
base_user_class_name = user
|
56
|
+
.class
|
57
|
+
.name[/([^:]+)\z/, 1]
|
58
58
|
|
59
|
-
|
60
|
-
|
59
|
+
base_user_class_name.underscore.downcase
|
60
|
+
end
|
61
61
|
end
|
62
62
|
|
63
63
|
def authorized_scope_id(name:, default:)
|
@@ -20,6 +20,10 @@ module Resource
|
|
20
20
|
Object.const_get(authorizer_class_name('Parameters'))
|
21
21
|
end
|
22
22
|
|
23
|
+
def authorized_resource_class
|
24
|
+
Object.const_get(authorized_resource_class_name)
|
25
|
+
end
|
26
|
+
|
23
27
|
def authorizer_scope_class
|
24
28
|
@authorizer_scope_class ||= Object.const_get(authorizer_class_name('Scope'))
|
25
29
|
end
|
@@ -32,15 +36,21 @@ module Resource
|
|
32
36
|
[
|
33
37
|
name_components['root_module'],
|
34
38
|
'Authorizers',
|
35
|
-
|
39
|
+
name_components['submodules'],
|
40
|
+
base_resource_name,
|
36
41
|
type,
|
37
42
|
]
|
38
|
-
.
|
43
|
+
.map(&:to_s)
|
44
|
+
.reject(&:empty?)
|
39
45
|
end
|
40
46
|
|
41
47
|
def authorizer_class_name(type = nil)
|
42
48
|
authorizer_class_components(type).join('::')
|
43
49
|
end
|
50
|
+
|
51
|
+
def authorized_resource_class_name
|
52
|
+
singular_resource_class_name
|
53
|
+
end
|
44
54
|
end
|
45
55
|
|
46
56
|
def self.included(base)
|
@@ -58,7 +68,7 @@ module Resource
|
|
58
68
|
Erratum.fail(
|
59
69
|
'Forbidden',
|
60
70
|
resource_name: self.class.singular_underscored_base_resource_name,
|
61
|
-
resource_id: [
|
71
|
+
resource_id: [authorized_resource_identifier],
|
62
72
|
action: action_name,
|
63
73
|
)
|
64
74
|
end
|
@@ -115,11 +125,15 @@ module Resource
|
|
115
125
|
|
116
126
|
@authorized_resource ||= \
|
117
127
|
::Apiphobic::Resource::Model
|
118
|
-
.new(resource:
|
119
|
-
id:
|
128
|
+
.new(resource: self.class.authorized_resource_class,
|
129
|
+
id: authorized_resource_identifier,
|
120
130
|
parameters: authorized_parameters)
|
121
131
|
end
|
122
132
|
|
133
|
+
def authorized_resource_identifier
|
134
|
+
params[:id]
|
135
|
+
end
|
136
|
+
|
123
137
|
def authorized_collection
|
124
138
|
return unless RESOURCE_COLLECTION_ACTIONS.include?(action_name)
|
125
139
|
|
@@ -19,7 +19,7 @@ class UnpermittedInclusions < RuntimeError
|
|
19
19
|
|
20
20
|
def detail
|
21
21
|
'One or more of the inclusions you attempted to pass via the "include" parameter ' \
|
22
|
-
|
22
|
+
'are either not available or not authorized.'
|
23
23
|
end
|
24
24
|
|
25
25
|
def source
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: apiphobic-authorization
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- thegranddesign
|
@@ -10,28 +10,34 @@ bindir: bin
|
|
10
10
|
cert_chain:
|
11
11
|
- |
|
12
12
|
-----BEGIN CERTIFICATE-----
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
13
|
+
MIIEyjCCAzKgAwIBAgIBATANBgkqhkiG9w0BAQsFADBVMSIwIAYDVQQDDBlsb2Nh
|
14
|
+
bGV1bmtub3duODEwX3J1YnlnZW1zMRowGAYKCZImiZPyLGQBGRYKcHJvdG9ubWFp
|
15
|
+
bDETMBEGCgmSJomT8ixkARkWA2NvbTAeFw0yMjA3MDkwNTMxMjJaFw0yMzA3MDkw
|
16
|
+
NTMxMjJaMFUxIjAgBgNVBAMMGWxvY2FsZXVua25vd244MTBfcnVieWdlbXMxGjAY
|
17
|
+
BgoJkiaJk/IsZAEZFgpwcm90b25tYWlsMRMwEQYKCZImiZPyLGQBGRYDY29tMIIB
|
18
|
+
ojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0otlhSPyU7jLLW1p786Mo/pV
|
19
|
+
5cJ1Ed8D/bJK78PqGFO2h0ZUefupxT5PRMokLYNNGRPopnAAxZ0zVxJ68aOyYCBW
|
20
|
+
Wk3/XFcXCrtk/OcFwLTltgeMjyqCBd/zRRx6CCjY4uOfH0E3n1gQ6Fbmewjg83XJ
|
21
|
+
nOs7Gu/hzj5+feEQ1Exmg6z1oCM/8BTIBtK+p++HvcDK3AhJ7x3fc6P9WS+22w6j
|
22
|
+
7jpi3p9YtoAjrXIzw3lsobiX+bEt+N+T47e8gOATVgapuZ/QmJzNU6LWepehs4V1
|
23
|
+
8J+FUaIMV7nAMKmpkbYL51uHEiGV+HDx1HUdOsCFx8zD4h49KRT2t6AcumJ5P1Cj
|
24
|
+
c7NX2xl85ShHDNNFkozuC2c5cwj6F20EVaVjGwv2OFq0S2tUw9EJXHTN9RpfRUmn
|
25
|
+
IHwS9M4gcJO7IzV39a1YL6+9hrabF4+JTSYDehq8oxTdcOPLYyvH54aJWVqCrnLO
|
26
|
+
KNa/p6hMmwxTWNS5Vz0uxuEGyE9E0tHbtjIs2XX5AgMBAAGjgaQwgaEwCQYDVR0T
|
27
|
+
BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFAK3RicwO0f6+puFN6lRVMOKMJuu
|
28
|
+
MDMGA1UdEQQsMCqBKGxvY2FsZXVua25vd244MTArcnVieWdlbXNAcHJvdG9ubWFp
|
29
|
+
bC5jb20wMwYDVR0SBCwwKoEobG9jYWxldW5rbm93bjgxMCtydWJ5Z2Vtc0Bwcm90
|
30
|
+
b25tYWlsLmNvbTANBgkqhkiG9w0BAQsFAAOCAYEAQwV6pOp5gm8141pyXeQFI/5E
|
31
|
+
rZYO3MvdyZM8O3HMD51LDS8mtMURceaKZM6WTambe2RVX4A++0qUiEnn9K4Fexm/
|
32
|
+
SEGaC/Gp+Fg9D1SKfkdq9bgdIhOEUwiGqjczgzNC806AtWZ+awI940oydFYZlpo0
|
33
|
+
jMQihPPJEqF1U6JBDMZYV5tX/dJYSGRl9L3s1k2tjoN98q+beNaZQDn21Amml4eK
|
34
|
+
KEkMeTTJ2E4GVzR9eKEETLq2LygdUWWZ5NdWOYTxJMdg1GZp3b6X8hJrwfOiizqt
|
35
|
+
/ANlIEh11/pOnWa6WPUVpGIMpYdquvmJXnF2LX6zxkKK1hbrebt+vAEAGczgw1Ri
|
36
|
+
rkLM6y+BHQdkOTj3VG4MjIU8D4h1Z73Exzxds/VbVKMEz+8JrFjGJ/tYa0PZ8U5p
|
37
|
+
3yXL4G6eW3rdBW/OiLF7GgG2o26d02OMzf4+ubUVS5LQDOcd4vgNPLWzJSBt1YIh
|
38
|
+
TgBsED7Me5YdMVXxtTWYsF1VMzaL9hReD3UXGcxe
|
33
39
|
-----END CERTIFICATE-----
|
34
|
-
date:
|
40
|
+
date: 2022-08-01 00:00:00.000000000 Z
|
35
41
|
dependencies:
|
36
42
|
- !ruby/object:Gem::Dependency
|
37
43
|
name: apiphobic-resource
|
@@ -39,14 +45,14 @@ dependencies:
|
|
39
45
|
requirements:
|
40
46
|
- - "~>"
|
41
47
|
- !ruby/object:Gem::Version
|
42
|
-
version: '1.
|
48
|
+
version: '1.2'
|
43
49
|
type: :runtime
|
44
50
|
prerelease: false
|
45
51
|
version_requirements: !ruby/object:Gem::Requirement
|
46
52
|
requirements:
|
47
53
|
- - "~>"
|
48
54
|
- !ruby/object:Gem::Version
|
49
|
-
version: '1.
|
55
|
+
version: '1.2'
|
50
56
|
- !ruby/object:Gem::Dependency
|
51
57
|
name: apple_core
|
52
58
|
requirement: !ruby/object:Gem::Requirement
|
@@ -65,50 +71,44 @@ dependencies:
|
|
65
71
|
name: erratum
|
66
72
|
requirement: !ruby/object:Gem::Requirement
|
67
73
|
requirements:
|
68
|
-
- - ">="
|
69
|
-
- !ruby/object:Gem::Version
|
70
|
-
version: 3.1.1
|
71
74
|
- - "~>"
|
72
75
|
- !ruby/object:Gem::Version
|
73
|
-
version: '
|
76
|
+
version: '4.0'
|
74
77
|
type: :runtime
|
75
78
|
prerelease: false
|
76
79
|
version_requirements: !ruby/object:Gem::Requirement
|
77
80
|
requirements:
|
78
|
-
- - ">="
|
79
|
-
- !ruby/object:Gem::Version
|
80
|
-
version: 3.1.1
|
81
81
|
- - "~>"
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version: '
|
83
|
+
version: '4.0'
|
84
84
|
- !ruby/object:Gem::Dependency
|
85
85
|
name: actionpack
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
87
87
|
requirements:
|
88
88
|
- - "~>"
|
89
89
|
- !ruby/object:Gem::Version
|
90
|
-
version: '
|
90
|
+
version: '7.0'
|
91
91
|
type: :development
|
92
92
|
prerelease: false
|
93
93
|
version_requirements: !ruby/object:Gem::Requirement
|
94
94
|
requirements:
|
95
95
|
- - "~>"
|
96
96
|
- !ruby/object:Gem::Version
|
97
|
-
version: '
|
97
|
+
version: '7.0'
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: rspec
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
101
101
|
requirements:
|
102
102
|
- - "~>"
|
103
103
|
- !ruby/object:Gem::Version
|
104
|
-
version: '3.
|
104
|
+
version: '3.11'
|
105
105
|
type: :development
|
106
106
|
prerelease: false
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
108
108
|
requirements:
|
109
109
|
- - "~>"
|
110
110
|
- !ruby/object:Gem::Version
|
111
|
-
version: '3.
|
111
|
+
version: '3.11'
|
112
112
|
- !ruby/object:Gem::Dependency
|
113
113
|
name: rspeckled
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
@@ -158,11 +158,18 @@ files:
|
|
158
158
|
- lib/apiphobic/json_api/relationship.rb
|
159
159
|
- lib/apiphobic/rails/api_controller_compatibility.rb
|
160
160
|
- lib/apiphobic/rails/controller.rb
|
161
|
-
homepage:
|
161
|
+
homepage: https://github.com/thekompanee/apiphobic-authorization
|
162
162
|
licenses:
|
163
163
|
- MIT
|
164
164
|
metadata:
|
165
165
|
allowed_push_host: https://rubygems.org
|
166
|
+
bug_tracker_uri: https://github.com/thekompanee/apiphobic-authorization/issues
|
167
|
+
changelog_uri: https://github.com/thekompanee/apiphobic-authorization/blob/master/CHANGELOG.md
|
168
|
+
documentation_uri: https://github.com/thekompanee/apiphobic-authorization/tree/releases/v1.7.1
|
169
|
+
homepage_uri: https://github.com/thekompanee/apiphobic-authorization
|
170
|
+
source_code_uri: https://github.com/thekompanee/apiphobic-authorization
|
171
|
+
wiki_uri: https://github.com/thekompanee/apiphobic-authorization/wiki
|
172
|
+
rubygems_mfa_required: 'true'
|
166
173
|
post_install_message:
|
167
174
|
rdoc_options: []
|
168
175
|
require_paths:
|
@@ -178,8 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
178
185
|
- !ruby/object:Gem::Version
|
179
186
|
version: '0'
|
180
187
|
requirements: []
|
181
|
-
|
182
|
-
rubygems_version: 2.7.7
|
188
|
+
rubygems_version: 3.3.7
|
183
189
|
signing_key:
|
184
190
|
specification_version: 4
|
185
191
|
summary: Authorization for API Requests
|
metadata.gz.sig
CHANGED
Binary file
|