clonk 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f8dab272e5def2a4916f0865f6829f47345371716ac09c235e4fdc9411127e7
-  data.tar.gz: f3dbefc497d92a22dd31ea11fd31482fb2b94fdc39b229eec6c902e8995f6faf
+  metadata.gz: 5dbbf649c57b88028e39c185d182ccb7502a82408d28897cdb3f0bfd61e43474
+  data.tar.gz: 9328de2fd40ed3d38a23a4d500bfc6e4b5e1d02ceb04817e2fe4b5fbbbdc966b
 SHA512:
-  metadata.gz: 703d6fa690a791364af18cc73c2b8eb391147cd3789683139203b5dec7809f1024f0478d82bd06fc673830b3b17d4b7215ff3be3debc7e625b70720505270ad2
-  data.tar.gz: a44c4a23a58c00d0eb43283013a9f4dd8de14900e112b1d779818ca67e86411abf974f200f89c87d45498437ada9aaa41024fe665a122496a5098223170ccf76
+  metadata.gz: 3023ad8b816db8dca997fb2b32c95661411523254f7cf51a681c20f01a86f229091627fc34e8f8644f57fdd9d5e36aaa38bef2ad655d93b9b1ee0baa2ba8144b
+  data.tar.gz: 47831b99a46c9289bff80ee78a25a1913b4b8fc71e7ec2366ba958b0957fc18f767abf0fd19e66e9d000b63953b6b97cfd87def5e9447c77edebadc4a37e61e9

data/lib/clonk/connection.rb

@@ -58,6 +58,9 @@ module Clonk
 
     ##
     # Returns the config in SSO for an object.
+    #--
+    # FIXME: Does not work for policies or permissions
+    #++
     def config(object)
       class_name = object.class.name.split('::').last.downcase + 's'
       class_name = 'roles-by-id' if class_name == 'roles'

data/lib/clonk/permission.rb

@@ -1,22 +1,28 @@
 # frozen_string_literal: true
 
 module Clonk
+  # Represents a permission in SSO. Methods on Clonk::Connection can be used to
+  # index its policies, resources and associated scopes
   class Permission
-    def initialize(permission_response, realm)
+    def initialize(permission_response)
       @id = permission_response['id']
-      @realm = realm
+      @name = permission_response['name']
     end
   end
 
   # Defines a connection to SSO.
   class Connection
     def permissions
-      clients.find { |client| client.name == 'realm-management' }
+      realm_management = clients.find { |client| client.name == 'realm-management' }
+      objects(type: 'Permission',
+        path: "/clients/#{realm_management.id}/authz/resource-server/permission"
+      )
     end
+
     ##
     # Returns the policy IDs associated with a permission.
     # FIXME: untested!
-    def policies(permission)
+    def policies_for(permission)
       parsed_response(
         path: "#{url_for(permission, prefix: 'policy')}/associatedPolicies"
       )
@@ -25,7 +31,7 @@ module Clonk
     ##
     # Returns the resource IDs associated with this permission.
     # FIXME: untested!
-    def resources(permission)
+    def resources_for(permission)
       parsed_response(
         path: "#{url_for(permission, prefix: 'policy')}/resources"
       )
@@ -34,7 +40,7 @@ module Clonk
     ##
     # Returns the scope IDs associated with this permission.
     # FIXME: untested
-    def scopes(permission)
+    def scopes_for(permission)
       parsed_response(
         path: "#{url_for(permission, prefix: 'policy')}/scopes"
       )

data/lib/clonk/policy.rb

@@ -1,46 +1,50 @@
 # frozen_string_literal: true
 
 module Clonk
+  # Represents a policy in SSO.
+  # FIXME: Has not been fully updated from v1's use of the API.
   class Policy
     attr_accessor :id
     attr_reader :name
 
-    def initialize(policy_response, realm)
+    def initialize(policy_response)
       @id = policy_response['id']
       @name = policy_response['name']
-      @realm = realm
-    end
-
-    ##
-    # Gets config inside SSO for policy with ID in realm.
-    # FIXME: move to connection class
-
-    def self.get_config(id, realm = REALM)
-      Clonk.parsed_response(
-        path: "#{Clonk.realm_admin_root(realm)}/clients/#{Clonk::Client.find_by(name: 'realm-management').id}/authz/resource-server/policy/role/#{id}"
-      )
-    end
-
-    ##
-    # Creates a new Policy instance from a policy that exists in SSO
-    # FIXME: move to connection class
-
-    def self.new_from_id(id, realm = REALM)
-      new(get_config(id, realm), realm)
     end
 
     ##
     # Returns defaults for a policy.
     # I've found no reason to override these, but then again, I'm not 100% sure
     # how they work. Overrides will be added to necessary methods if requested.
-    # FIXME: move to connection class
-
     def self.defaults
       {
         logic: 'POSITIVE',
         decisionStrategy: 'UNANIMOUS'
       }
     end
+  end
+
+  class Connection
+    def policies
+      realm_management = clients.find { |client| client.name == 'realm-management' }
+      objects(type: 'Policy',
+        path: "/clients/#{realm_management.id}/authz/resource-server/policy"
+      )
+    end
+
+    ##
+    # Gets config inside SSO for policy with ID in realm.
+    #--
+    # FIXME: bring in line with existing config method
+    #++
+
+    def get_policy_config(id)
+      parsed_response(
+        path: "#{realm_admin_root(realm)}/clients/#{clients.find { |client|
+          client.name == 'realm-management'
+        }.id}/authz/resource-server/policy/role/#{id}"
+      )
+    end
 
     ##
     # Returns a policy definition that can then be used to create a policy in SSO.
@@ -48,15 +52,26 @@ module Clonk
     #--
     # TODO: Expand to allow for other policy types
     # TODO: Don't assume role as default type
-    # FIXME: move to connection class
+    # FIXME: give objects a type method, split this into two functions
     #++
 
-    def self.define(type: :role, name: nil, objects: [], description: nil, groups_claim: nil)
-      defaults.merge(
+    def define_policy(type: :role, name: nil, objects: [], description: nil, groups_claim: nil)
+      objects = if type == :role
+                  {
+                    roles: objects.map do |role|
+                      { id: role.id, required: true }
+                    end
+                  }
+                elsif type == :group
+                  {
+                    groups: objects.map do |group|
+                              { id: group.id, extendChildren: false }
+                            end
+                  }
+                end
+      defaults.merge(objects).merge(
         type: type,
         name: name,
-        roles: (objects.map { |role| { id: role.id, required: true } } if type == :role),
-        groups: (objects.map { |group| { id: group.id, extendChildren: false } } if type == :group),
         groupsClaim: (groups_claim if type == :group),
         clients: (objects.map(&:id) if type == :client),
         description: description
@@ -64,15 +79,14 @@ module Clonk
     end
 
     ##
-    # Defines and creates a policy in SSO.
+    # Creates a policy in SSO. You should do this after defining a policy with define_policy.
     # FIXME: move to connection class
 
-    def self.create(type: :role, name: nil, objects: [], description: nil, groups_claim: nil, realm: REALM)
-      data = define(type: type, name: name, objects: objects, description: description, groups_claim: groups_claim)
-      realm_management_url = Clonk::Client.find_by(name: 'realm-management', realm: realm).url
-      Clonk.parsed_response(
+    def self.create(data)
+      realm_management_url = url_for(clients.find { |c| c.name == 'realm-management' })
+      parsed_response(
         method: :post,
-        path: "#{realm_management_url}/authz/resource-server/policy/#{type}",
+        path: "#{realm_management_url}/authz/resource-server/policy/#{data['type']}",
         data: data
       )
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: clonk
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Simon Fish
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-27 00:00:00.000000000 Z
+date: 2018-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday