artifactory-permissions 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1161328888803592d738756747044a3d022b4d6d590b06d65113edbfe1ecdc48
+  data.tar.gz: f01a33dc6d38fc78d49840d4927815bb597c55c80078ab8989bcc6dfc3ff7da7
+SHA512:
+  metadata.gz: 3cdb700bf58cc589b79cb296eda1bed6547ebb4c6733a12289d4d753a1d304f971a4a4a0c757677074c691cc46f897bc1523aa1b739d70689dac1fa2d2c1487c
+  data.tar.gz: ec5ce848b5c6fd17e2e110cdb901d2250fa63a6f180b906b2ae144c24d6d560dba9301a88b20ea93c368f6568f1600f98c3ab62560803a520eaad2fa0cfcc156

data/.gitignore

@@ -0,0 +1,17 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+
+.vscode
+.idea
+.byebug_history
+Gemfile.lock
+.env.local

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,6 @@
+---
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.5
+before_install: gem install bundler -v 2.1.4

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at thomas.scholz@rubyapps.ch. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [https://contributor-covenant.org/version/1/4][version]
+
+[homepage]: https://contributor-covenant.org
+[version]: https://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,9 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in artifactory-permissions.gemspec
+gemspec
+
+gem "rake", "~> 12.0"
+gem "rspec", "~> 3.0"
+gem "webmock", "~> 3.8"
+gem "byebug", "~> 11.1"

data/README.md

@@ -0,0 +1,118 @@
+# Artifactory::Permissions
+
+Some lines of code to edit users and groups in existing Artifactory permission targets
+for users having "manage" permissions.
+
+This is a WIP - by far not feature complete. ;)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'artifactory-permissions'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install artifactory-permissions
+
+## Usage
+
+
+### List permission targets accessible to your user
+```ruby
+api_client = Artifactory::Permissions.api_client endpoint: 'http://artifactory.local',
+                                                 api_key: 'your-api-key'
+
+
+Artifactory::Permissions.list api_client: api_client
+# => List of permission targets (json representation) 
+```
+
+### Show / find / get permission target
+```ruby
+api_client = Artifactory::Permissions.api_client endpoint: 'http://artifactory.local',
+                                                 api_key: 'your-api-key'
+
+
+_status, permission_target = Artifactory::Permissions.find name: "<pt-name>",
+                                                          api_client: api_client
+# => [:ok, PermissionTarget]
+
+_status, permission_target = Artifactory::Permissions.get "<permission-target-resource-uri>",
+                                                          api_client: api_client
+# => [:ok, PermissionTarget]
+```
+
+### Add / update / delete users and groups
+```ruby
+api_client = Artifactory::Permissions.api_client endpoint: 'http://artifactory.local',
+                                                 api_key: 'your-api-key'
+
+_status, permission_target = Artifactory::Permissions.find name: "<permission-target-name>",
+                                                           api_client: api_client
+
+user = Artifactory::Permissions.user name: "<user-name>",
+                                     permissions: %w[read write],
+                                     scope: "repo" #  repo, build, releaseBundle 
+
+group = Artifactory::Permissions.group name: "<group-name>",
+                                       permissions: %w[read write],
+                                       scope: "repo" #  repo, build, releaseBundle 
+
+# It does some validations on the user like presence of name, permissions etc.
+
+_status, _permission_target, _errors =
+  Artifactory::Permissions.add_user permission_target: permission_target,
+                                    user: user
+
+_status, _permission_target, _errors =
+  Artifactory::Permissions.add_group permission_target: permission_target,
+                                     group: group
+
+other_user = Artifactory::Permissions.user name: "user-to-remove",
+                                           permissions: %w[],
+                                           scope: "repo" #  repo, build, releaseBundle 
+
+other_group = Artifactory::Permissions.group name: "group-to-remove",
+                                             permissions: %w[],
+                                             scope: "repo" #  repo, build, releaseBundle  
+
+_status, _permission_target, _errors =
+  Artifactory::Permissions.delete_user permission_target: permission_target,
+                                       user: user
+
+_status, _permission_target, _errors =
+  Artifactory::Permissions.delete_group permission_target: permission_target,
+                                        group: group
+
+# Finally submit it to the Artifactory
+
+_status, _permission_target, _errors =
+    Artifactory::Permissions.save permission_target: permission_target,
+                                  api_client: api_client
+```
+
+You may add multiple users and groups at a time. But keep in mind Artifactory rejects the
+permission target on the first error it detects. Errors might be an user or group not yet present
+to the Artifactory, unknown permissions, etc.
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/artifactory-permissions. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/artifactory-permissions/blob/master/CODE_OF_CONDUCT.md).
+
+
+## Code of Conduct
+
+Everyone interacting in the Artifactory::Permissions project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/[USERNAME]/artifactory-permissions/blob/master/CODE_OF_CONDUCT.md).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/artifactory-permissions.gemspec

@@ -0,0 +1,30 @@
+require_relative "lib/artifactory/permissions/version"
+
+Gem::Specification.new do |spec|
+  spec.name = "artifactory-permissions"
+  spec.version = Artifactory::Permissions::VERSION
+  spec.authors = ["Thomas Scholz"]
+  spec.email = ["thomas.scholz@rubyapps.ch"]
+
+  spec.summary = %q{Ruby Lib for managing Artifactory PermissionTargets}
+  spec.description = %q{Ruby Lib for managing Artifactory PermissionTargets}
+  spec.homepage = "https://github.com/tscholz/artifactory-permissions"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  spec.metadata["allowed_push_host"] = "https://rubygems.org"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = spec.homepage
+  spec.metadata["changelog_uri"] = "#{spec.homepage}/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path("..", __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir = "exe"
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "httparty", "~> 0.18"
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "artifactory/permissions"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/artifactory/permissions.rb

@@ -0,0 +1,84 @@
+require_relative "permissions/errors"
+require_relative "permissions/helpers"
+require_relative "permissions/v2"
+require_relative "permissions/version"
+
+module Artifactory
+  module Permissions
+    Error = Class.new StandardError
+    FatalError = Class.new Error
+
+    PERMISSIONS = %w[read write annotate delete manage managedXrayMeta distribute].freeze
+    SCOPES = %w[repo build releaseBundle].freeze
+
+    module_function
+
+    def list(api_client:)
+      api_client.list_permissions
+    end
+
+    def find(name:, api_client:)
+      status, result = api_client.find_permission name: name
+
+      status == :ok ? [:ok, V2.parse_permission_target(result)] : [status, result]
+    end
+
+    def get(uri, api_client:)
+      status, result = api_client.get uri
+
+      status == :ok ? [:ok, V2.parse_permission_target(result)] : [status, result]
+    end
+
+    def user(name:, permissions:, scope:)
+      V2::PermissionItems.user name: name,
+                               permissions: permissions,
+                               scope: scope
+    end
+
+    def group(name:, permissions:, scope:)
+      V2::PermissionItems.group name: name,
+                                permissions: permissions,
+                                scope: scope
+    end
+
+    def upsert_user(permission_target:, user:)
+      V2::Commands.upsert_item permission_target: permission_target,
+                               item: user
+
+      [user.errors? ? :error : :ok, permission_target, user.errors]
+    end
+
+    def delete_user(permission_target:, user:)
+      V2::Commands.delete_item permission_target: permission_target,
+                               item: user
+
+      [user.errors? ? :error : :ok, permission_target, user.errors]
+    end
+
+    def upsert_group(permission_target:, group:)
+      V2::Commands.upsert_item permission_target: permission_target,
+                               item: group
+
+      [group.errors? ? :error : :ok, permission_target, group.errors]
+    end
+
+    def delete_group(permission_target:, group:)
+      V2::Commands.delete_item permission_target: permission_target,
+                               item: group
+
+      [group.errors? ? :error : :ok, permission_target, group.errors]
+    end
+
+    def save(permission_target:, api_client:)
+      V2::Commands.save_permission_target permission_target: permission_target,
+                                          api_client: api_client
+
+      [permission_target.errors? ? :error : :ok, permission_target, permission_target.errors]
+    end
+
+    def api_client(endpoint:, api_key:)
+      V2.api_client endpoint: endpoint,
+                    api_key: api_key
+    end
+  end
+end

data/lib/artifactory/permissions/errors.rb

@@ -0,0 +1,39 @@
+module Artifactory
+  module Permissions
+    class Errors
+      def initialize
+        @errors = Hash.new { |h, k| h[k] = [] }
+      end
+
+      def add(key, msg)
+        @errors[key] << msg
+        self
+      end
+
+      def empty?
+        !any?
+      end
+
+      alias_method :none?, :empty?
+
+      def any?
+        @errors.values.flatten.any?
+      end
+
+      def full_messages
+        @errors
+          .keys
+          .map { |key| [key, full_message(key)].join(": ") }
+          .join("; ")
+      end
+
+      def full_message(key)
+        @errors[key].join(", ")
+      end
+
+      def to_h
+        @errors.dup
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/helpers.rb

@@ -0,0 +1,21 @@
+module Artifactory
+  module Permissions
+    module Helpers
+      module_function
+
+      def deep_merge!(hash, other)
+        hash.merge!(other) do |key, val, other_val|
+          if val.is_a?(Hash) && other_val.is_a?(Hash)
+            deep_merge!(val, other_val)
+          else
+            other_val
+          end
+        end
+      end
+
+      def deep_hash
+        Hash.new { |h, k| h[k] = Hash.new &h.default_proc }
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2.rb

@@ -0,0 +1,21 @@
+require_relative "v2/api_client"
+require_relative "v2/commands"
+require_relative "v2/permission_items"
+require_relative "v2/permission_target"
+
+module Artifactory
+  module Permissions
+    module V2
+      module_function
+
+      def api_client(endpoint:, api_key:)
+        ApiClient.new endpoint: endpoint,
+                      api_key: api_key
+      end
+
+      def parse_permission_target(payload)
+        PermissionTarget.new payload
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/api_client.rb

@@ -0,0 +1,105 @@
+require "cgi"
+require "httparty"
+require "json"
+
+module Artifactory
+  module Permissions
+    module V2
+      class ApiClient
+        include HTTParty
+
+        HTTP_ERRORS = [
+          EOFError,
+          Errno::ECONNRESET,
+          Errno::EINVAL,
+          Net::HTTPBadResponse,
+          Net::HTTPHeaderSyntaxError,
+          Net::ProtocolError,
+          Timeout::Error,
+        ]
+
+        HANDLED_ERRORS = [SocketError] + HTTP_ERRORS
+
+        attr_reader :endpoint, :api_key
+
+        def initialize(endpoint:, api_key:)
+          @endpoint = endpoint
+          @api_key = api_key
+        end
+
+        def list_permissions
+          get "/api/v2/security/permissions"
+        end
+
+        def find_permission(name:)
+          get "/api/v2/security/permissions/#{url_safe name}"
+        end
+
+        def save_permission_target(permission_target)
+          put "/api/v2/security/permissions/#{url_safe permission_target.name}",
+              permission_target.payload
+        end
+
+        def get(path)
+          response = self.class.get uri_for(path), headers: headers
+
+          handle_response response
+        rescue *handled_errors => err
+          raise FatalError, err.message
+        end
+
+        def put(path, data)
+          response = self.class.put uri_for(path),
+                                    body: data.to_json,
+                                    headers: headers
+
+          handle_response response
+        rescue *handled_errors => err
+          raise FatalError, err.message
+        end
+
+        private
+
+        # Informational responses (100–199),
+        # Successful responses (200–299),
+        # Redirects (300–399),
+        # Client errors (400–499),
+        # and Server errors (500–599).
+        def handle_response(response)
+          response.success? ? [:ok, response.parsed_response] : [:error, handle_none_success!(response)]
+        end
+
+        def handle_none_success!(response)
+          case response
+          when :client_error?.to_proc
+            response.parsed_response.fetch "errors"
+          when :server_error?
+            raise FatalError, response.body
+          else
+            response.error!
+          end
+        end
+
+        def uri_for(path)
+          File.join endpoint, path
+        end
+
+        def headers
+          { "Content-Type" => "application/json" }.merge auth_headers
+        end
+
+        def auth_headers
+          { "X-JFrog-Art-Api" => api_key }
+        end
+
+        def url_safe(string)
+          CGI.escape string
+        end
+
+        def handled_errors
+          HANDLED_ERRORS
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/commands.rb

@@ -0,0 +1,29 @@
+require_relative "commands/permission_item_command"
+require_relative "commands/delete_item"
+require_relative "commands/save_permission"
+require_relative "commands/upsert_item"
+
+module Artifactory
+  module Permissions
+    module V2
+      module Commands
+        module_function
+
+        def upsert_item(permission_target:, item:)
+          UpsertItem.call permission_target: permission_target,
+                          item: item
+        end
+
+        def delete_item(permission_target:, item:)
+          DeleteItem.call permission_target: permission_target,
+                          item: item
+        end
+
+        def save_permission_target(permission_target:, api_client:)
+          SavePermission.call permission_target: permission_target,
+                              api_client: api_client
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/commands/delete_item.rb

@@ -0,0 +1,21 @@
+module Artifactory
+  module Permissions
+    module V2
+      module Commands
+        class DeleteItem < PermissionItemCommand
+          private
+
+          def process
+            permission_target
+              .public_send("delete_#{item_type}", scope: scope, name: name)
+          end
+
+          def validate
+            errors.add :name,
+                       "Name can not be empty." if name.empty?
+          end
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/commands/permission_item_command.rb

@@ -0,0 +1,66 @@
+require "forwardable"
+
+module Artifactory
+  module Permissions
+    module V2
+      module Commands
+        class PermissionItemCommand
+          extend Forwardable
+
+          def self.call(permission_target:, item:)
+            new(permission_target: permission_target, item: item).call
+          end
+
+          attr_reader :permission_target, :item
+
+          def initialize(permission_target:, item:)
+            @permission_target = permission_target
+            @item = item
+          end
+
+          def call
+            validate_scope
+
+            validate
+
+            process if valid?
+
+            self
+          end
+
+          private
+
+          def validate_scope
+            if scope.empty?
+              errors.add :scope,
+                         "Scope can not be empty."
+            else
+              errors.add :scope,
+                         "Unknown scope '#{scope}'. Must be one of #{available_scopes.join(", ")}." unless available_scopes.include? scope
+            end
+          end
+
+          def_delegators :item, :name, :permissions, :scope, :errors, :errors?, :valid?
+
+          def validate
+            # Subclass validations goes here
+          end
+
+          def process
+            NotImplementedError
+          end
+
+          def item_type
+            @item_type ||= item.class.name.split("::").last.downcase.tap do |type|
+              raise Error, "Unknown permission item type #{type}" unless %w[group user].include? type
+            end
+          end
+
+          def available_scopes
+            item.class.available_scopes
+          end
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/commands/save_permission.rb

@@ -0,0 +1,43 @@
+require "json"
+
+module Artifactory
+  module Permissions
+    module V2
+      module Commands
+        class SavePermission
+          def self.call(permission_target:, api_client:)
+            new(permission_target: permission_target, api_client: api_client).call
+          end
+
+          attr_reader :permission_target, :api_client
+
+          def initialize(permission_target:, api_client:)
+            @permission_target = permission_target
+            @api_client = api_client
+          end
+
+          def call
+            process
+            permission_target
+          end
+
+          private
+
+          def process
+            status, result = api_client.save_permission_target permission_target
+
+            result.each { |err| add_error err } if status == :error
+          end
+
+          def add_error(err)
+            errors.add :base, [err["status"], err["message"]].join(" - ")
+          end
+
+          def errors
+            permission_target.errors
+          end
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/commands/upsert_item.rb

@@ -0,0 +1,37 @@
+module Artifactory
+  module Permissions
+    module V2
+      module Commands
+        class UpsertItem < PermissionItemCommand
+          private
+
+          def process
+            permission_target
+              .public_send("upsert_#{item_type}", scope: scope, name: name, permissions: permissions)
+          end
+
+          def validate
+            errors.add :name,
+                       "Name can not be empty." if name.empty?
+
+            errors.add :permissions,
+                       "Permissions can not be empty." if permissions.empty?
+
+            validate_permission_items if permissions.any?
+          end
+
+          def validate_permission_items
+            (unknown_permissions = permissions - available_permissions).any? or return
+
+            errors.add :permissions,
+                       "Permissions contain unknown value(s) #{unknown_permissions.join(", ")}. Valid permissions are #{available_permissions.join(", ")}."
+          end
+
+          def available_permissions
+            item.class.available_permissions
+          end
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/permission_items.rb

@@ -0,0 +1,21 @@
+require_relative "permission_items/base"
+require_relative "permission_items/group"
+require_relative "permission_items/user"
+
+module Artifactory
+  module Permissions
+    module V2
+      module PermissionItems
+        module_function
+
+        def user(name:, permissions:, scope:)
+          User.new name: name, permissions: permissions, scope: scope
+        end
+
+        def group(name:, permissions:, scope:)
+          Group.new name: name, permissions: permissions, scope: scope
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/permission_items/base.rb

@@ -0,0 +1,37 @@
+module Artifactory
+  module Permissions
+    module V2
+      module PermissionItems
+        class Base
+          def self.available_permissions
+            PERMISSIONS
+          end
+
+          def self.available_scopes
+            SCOPES
+          end
+
+          attr_reader :name, :permissions, :scope
+
+          def initialize(name:, permissions:, scope:)
+            @name = name.to_s
+            @permissions = Array(permissions).map(&:to_s)
+            @scope = scope.to_s
+          end
+
+          def valid?
+            !errors?
+          end
+
+          def errors?
+            errors.any?
+          end
+
+          def errors
+            @errors ||= Errors.new
+          end
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/permission_items/group.rb

@@ -0,0 +1,10 @@
+module Artifactory
+  module Permissions
+    module V2
+      module PermissionItems
+        class Group < Base
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/permission_items/user.rb

@@ -0,0 +1,10 @@
+module Artifactory
+  module Permissions
+    module V2
+      module PermissionItems
+        class User < Base
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/v2/permission_target.rb

@@ -0,0 +1,96 @@
+module Artifactory
+  module Permissions
+    module V2
+      class PermissionTarget
+        attr_reader :payload
+
+        def initialize(payload)
+          @payload = Hash payload
+        end
+
+        def name
+          payload["name"]
+        end
+
+        def users(scope: nil)
+          find_all :user, scope
+        end
+
+        def groups(scope: nil)
+          find_all :group, scope
+        end
+
+        def upsert_user(scope:, name:, permissions:)
+          upsert! scope, "users", name, permissions
+        end
+
+        def delete_user(scope:, name:)
+          delete! scope, "users", name
+        end
+
+        def upsert_group(scope:, name:, permissions:)
+          upsert! scope, "groups", name, permissions
+        end
+
+        def delete_group(scope:, name:)
+          delete! scope, "groups", name
+        end
+
+        # def headers
+        #   # Does not work.
+        #   { "Content-Type" => "application/vnd.org.jfrog.artifactory.security.PermissionTargetV2+json" }
+        # end
+
+        def errors?
+          errors.any?
+        end
+
+        def errors
+          @errors ||= Errors.new
+        end
+
+        private
+
+        def find_all(type, scope)
+          scopes = scope ? Array(scope.to_s) : known_scopes
+
+          scopes.map do |current_scope|
+            payload
+              .dig(current_scope, "actions", "#{type}s")
+              .to_a
+              .map { |name, permissions|
+              PermissionItems.public_send type, name: name,
+                                                permissions: permissions,
+                                                scope: current_scope
+            }
+          end.flatten
+        end
+
+        def upsert!(scope, subject, name, permissions)
+          Helpers.deep_merge! payload,
+                              deep_hash(scope, subject, name, permissions)
+
+          self
+        end
+
+        def delete!(scope, subject, name)
+          payload
+            .dig(scope, "actions", subject)
+            &.delete(name)
+
+          self
+        end
+
+        def deep_hash(scope, subject, name, permissions)
+          Helpers
+            .deep_hash
+            .tap { |h| h[scope]["actions"][subject][name] = permissions }
+        end
+
+        def known_scopes
+          Permissions::SCOPES
+        end
+      end
+    end
+  end
+end

data/lib/artifactory/permissions/version.rb

@@ -0,0 +1,5 @@
+module Artifactory
+  module Permissions
+    VERSION = "0.1.0"
+  end
+end

metadata

@@ -0,0 +1,86 @@
+--- !ruby/object:Gem::Specification
+name: artifactory-permissions
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Thomas Scholz
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2020-07-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.18'
+description: Ruby Lib for managing Artifactory PermissionTargets
+email:
+- thomas.scholz@rubyapps.ch
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- README.md
+- Rakefile
+- artifactory-permissions.gemspec
+- bin/console
+- bin/setup
+- lib/artifactory/permissions.rb
+- lib/artifactory/permissions/errors.rb
+- lib/artifactory/permissions/helpers.rb
+- lib/artifactory/permissions/v2.rb
+- lib/artifactory/permissions/v2/api_client.rb
+- lib/artifactory/permissions/v2/commands.rb
+- lib/artifactory/permissions/v2/commands/delete_item.rb
+- lib/artifactory/permissions/v2/commands/permission_item_command.rb
+- lib/artifactory/permissions/v2/commands/save_permission.rb
+- lib/artifactory/permissions/v2/commands/upsert_item.rb
+- lib/artifactory/permissions/v2/permission_items.rb
+- lib/artifactory/permissions/v2/permission_items/base.rb
+- lib/artifactory/permissions/v2/permission_items/group.rb
+- lib/artifactory/permissions/v2/permission_items/user.rb
+- lib/artifactory/permissions/v2/permission_target.rb
+- lib/artifactory/permissions/version.rb
+homepage: https://github.com/tscholz/artifactory-permissions
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+  homepage_uri: https://github.com/tscholz/artifactory-permissions
+  source_code_uri: https://github.com/tscholz/artifactory-permissions
+  changelog_uri: https://github.com/tscholz/artifactory-permissions/CHANGELOG.md
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
+summary: Ruby Lib for managing Artifactory PermissionTargets
+test_files: []