drillbit 2.4.0 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d29c3be0431dc83e7edb1c1cf2d0844b93ea086a
-  data.tar.gz: c5e5a28648fc56cd51731f5b698da2756bed6b86
+  metadata.gz: 7c46b75100d524c1e99a08d7b3c19642e6772743
+  data.tar.gz: 64ca903e7fe42f35463cfd41738a70fd7860f052
 SHA512:
-  metadata.gz: 2b471ef7bf9d5854779359cbe78a23c024fd2410abdc7a141c93796a084ebeec30c9fe05c3d9a0d05e8ef39b364d02d3ba4bf66253c7bee8009573f594246bcb
-  data.tar.gz: 81300a8c464efc2c6323319b2da243870f17b2f3acc17490c3bfe9b33d60d14c54c15d421f16d51ad7ab89ca0f61541dff161a69d6a032b4056ada9cc8d8b97c
+  metadata.gz: 3d7fb6d5553790fb4010b8132333f6d82117d89ce363f65732aecd4626a3e1a7536f8fe8703c3351649c4b4b65cfce4434587fbfe7dff72ac7bfc8ac7d997058
+  data.tar.gz: 2f25c8001b902dfc800d37a4708adecdc10168ef47bad529bc6f0cdbc9d8720b7876b7a37660bff0d5ae9c10c4232f2d7eb3642c66475b6abc7391a4f1af612f

data/lib/drillbit/authorizable_resource.rb

@@ -75,6 +75,7 @@ module  AuthorizableResource
                     authorizer_class.
                     new(token:    token,
                         user:     authorized_user,
+                        issuer:   authorized_issuer,
                         params:   authorized_params,
                         resource: authorized_resource)
   end
@@ -85,6 +86,7 @@ module  AuthorizableResource
                           authorizer_scope_class.
                           new(token:      token,
                               user:       authorized_user,
+                              issuer:     authorized_issuer,
                               params:     authorized_params,
                               scope_root: authorized_scope_root).
                           call
@@ -94,11 +96,12 @@ module  AuthorizableResource
     @authorized_params ||= authorizer_params_class.
                            new(token:  token,
                                user:   authorized_user,
+                               issuer: authorized_issuer,
                                params: params).
                            call
   end
 
-  # rubocop:disable Style/EmptyLinesAroundBlockBody, Metrics/AbcSize
+  # rubocop:disable Metrics/AbcSize
   def authorized_attributes
     @authorized_attributes ||= begin
       attributes    = authorized_params.
@@ -163,6 +166,10 @@ module  AuthorizableResource
     current_user
   end
 
+  def authorized_issuer
+    current_issuer
+  end
+
   def authorization_query
     @authorization_query ||= "able_to_#{action_name}?"
   end

data/lib/drillbit/authorizers/parameters/filtering.rb

@@ -46,18 +46,24 @@ class   Filtering < Authorizers::Parameters
     end
   end
 
-  def override_filter_parameter(name:,
-                                value:,
-                                only_when_present: false,
-                                override_if_admin: false)
+  def add_filter_override(name:,
+                          value:,
+                          only_when_present: false,
+                          override_if_admin: false)
 
     add_filterable_parameter name
 
     return true if !override_if_admin && token.admin?
 
+    param = params.
+            fetch(:filter, {}).
+            fetch(name,    nil)
+
+    return if !param && only_when_present
+
     params[:filter] ||= {}
 
-    params[:filter][name] = value if params[:filter][name] || !only_when_present
+    params[:filter][name] = value
   end
 end
 end

data/lib/drillbit/authorizers/parameters/resource.rb

@@ -65,6 +65,28 @@ class   Resource < Authorizers::Parameters
       add_authorized_relationship(name)
     end
   end
+
+  def add_attribute_override(name:,
+                             value:,
+                             only_when_present: false,
+                             override_if_admin: false)
+
+    add_authorized_attribute name
+
+    return true if !override_if_admin && token.admin?
+
+    param = params.
+            fetch(:data,       {}).
+            fetch(:attributes, {}).
+            fetch(name,        nil)
+
+    return if !param && only_when_present
+
+    params[:data]              ||= {}
+    params[:data][:attributes] ||= {}
+
+    params[:data][:attributes][name] = value
+  end
 end
 end
 end

data/lib/drillbit/authorizers/parameters.rb

@@ -6,7 +6,7 @@ class   Parameters
                 :user,
                 :params
 
-  def initialize(token:, user:, params:, **other)
+  def initialize(token:, user:, issuer:, params:, **other)
     self.token  = token
     self.user   = user
     self.params = params

data/lib/drillbit/authorizers/query.rb

@@ -7,7 +7,8 @@ class   Query
                 :params,
                 :resource
 
-  def initialize(token:, user:, params:, resource:, **other)
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(token:, user:, issuer:, params:, resource:, **other)
     self.token    = token
     self.user     = user
     self.params   = params
@@ -17,6 +18,7 @@ class   Query
       public_send("#{name}=", value)
     end
   end
+  # rubocop:enable Metrics/ParameterLists
 
   def able_to_index?
     false

data/lib/drillbit/authorizers/scope.rb

@@ -9,7 +9,8 @@ class   Scope
                 :params,
                 :scope_root
 
-  def initialize(token:, user:, params:, scope_root:, **other)
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(token:, user:, issuer:, params:, scope_root:, **other)
     self.token      = token
     self.user       = user
     self.params     = params
@@ -19,6 +20,7 @@ class   Scope
       public_send("#{name}=", value)
     end
   end
+  # rubocop:enable Metrics/ParameterLists
 
   def user_scope
     scope_root.public_send("for_#{user_underscored_class_name}", scope_user_id)

data/lib/drillbit/middleware/parameter_parser.rb

@@ -14,7 +14,7 @@ class   ParameterParser
   def call(env)
     env['QUERY_STRING'] = underscore_query_string(env['QUERY_STRING'])
 
-    if env['CONTENT_LENGTH'].to_i > 0 && env['CONTENT_TYPE'] =~ /json/
+    if env['CONTENT_LENGTH'].to_i.positive? && env['CONTENT_TYPE'] =~ /json/
       if env['rack.input']
         underscored_input     = underscore_request_parameters(env['rack.input'])
         env['rack.input']     = StringIO.new(underscored_input)
@@ -33,7 +33,7 @@ class   ParameterParser
   private
 
   def underscore_request_parameters(request_parameters)
-    data = JSON.load(request_parameters)
+    data = JSON.parse(request_parameters)
     data = underscore_parameters(data)
 
     JSON.dump(data)

data/lib/drillbit/requests/rack.rb

@@ -5,6 +5,7 @@ require 'drillbit/accept_header'
 require 'drillbit/tokens/json_web_token'
 require 'drillbit/tokens/base64'
 
+# rubocop:disable Style/VariableNumber
 module  Drillbit
 module  Requests
 class   Rack < Base
@@ -49,3 +50,4 @@ class   Rack < Base
 end
 end
 end
+# rubocop:enable Style/VariableNumber

data/lib/drillbit/requests/rails.rb

@@ -9,13 +9,13 @@ module  Drillbit
 module  Requests
 class   Rails < Base
   def authorization_token_from_params
-    if request.params.key?(JSON_WEB_TOKEN_PARAM_NAME)
+    if request.params.has_key?(JSON_WEB_TOKEN_PARAM_NAME)
       Tokens::JsonWebToken.__send__(
         "from_#{Drillbit.configuration.token_type.downcase}",
         request.params[JSON_WEB_TOKEN_PARAM_NAME] || '',
         private_key: token_private_key,
       )
-    elsif request.params.key?(BASE64_TOKEN_PARAM_NAME)
+    elsif request.params.has_key?(BASE64_TOKEN_PARAM_NAME)
       Tokens::Base64.convert(raw_token: request.params[BASE64_TOKEN_PARAM_NAME] || '')
     else
       Tokens::Null.instance

data/lib/drillbit/resource/processors/filtering.rb

@@ -29,7 +29,7 @@ class  Filtering
 
       if !filter_method
         filtered_resource
-      elsif filter_method.arity == 0
+      elsif filter_method.arity.zero?
         filtered_resource.public_send(filter_method.name)
       else
         filtered_resource.public_send(filter_method.name, value)

data/lib/drillbit/tokens/json_web_tokens/password_reset.rb

@@ -9,7 +9,7 @@ class   PasswordReset < JsonWebToken
                  roles: ['password_reset'],
                  **attrs)
 
-    super(expiration: expiration, roles: roles, **attrs)
+    super(:expiration => expiration, :roles => roles, **attrs)
   end
 end
 end

data/lib/drillbit/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Drillbit
-  VERSION = '2.4.0'
+  VERSION = '2.5.0'
 end

data/spec/drillbit/authorizers/parameters/filtering_spec.rb

@@ -11,6 +11,7 @@ describe  Filtering do
   it 'can authorize new filter parameters', verify: false do
     filter_params = Filtering.new(token:  '1234',
                                   user:   '1234',
+                                  issuer: 'my_issuer',
                                   params: params)
 
     allow(params).to receive(:permit)
@@ -31,6 +32,7 @@ describe  Filtering do
     }
     filter_params = Filtering.new(token:  '1234',
                                   user:   '1234',
+                                  issuer: 'my_issuer',
                                   params: params)
 
     allow(params).to receive(:permit)
@@ -45,6 +47,7 @@ describe  Filtering do
   it 'has default authorized parameters', verify: false do
     filter_params = Filtering.new(token:  '1234',
                                   user:   '1234',
+                                  issuer: 'my_issuer',
                                   params: params)
 
     allow(params).to receive(:permit)

data/spec/drillbit/authorizers/parameters_spec.rb

@@ -8,6 +8,7 @@ describe  Parameters do
   it 'defaults to nothing' do
     parameters = Parameters.new(token:  '123',
                                 user:   'my_user',
+                                issuer: 'my_issuer',
                                 params: { foo: 'bar' })
 
     expect(parameters.call).to eql(foo: 'bar')

data/spec/drillbit/authorizers/query_spec.rb

@@ -8,6 +8,7 @@ describe  Query do
   it 'does not authorize the resource by default' do
     authorizer = Query.new(token:    '123',
                            user:     'my_user',
+                           issuer:   'my_issuer',
                            resource: 'my_resource',
                            params:   'my_params')
 

data/spec/drillbit/authorizers/scope_spec.rb

@@ -9,6 +9,7 @@ describe  Scope do
   it 'defaults to nothing' do
     scope = Scope.new(token:      '123',
                       user:       Object.new,
+                      issuer:     'my_issuer',
                       params:     {},
                       scope_root: OpenStruct.new(none: []))
 

data/spec/support/private_keys.rb

@@ -33,6 +33,7 @@ def invalid_jwe_token
   @invalid_jwe_token ||= valid_jwe_token.tr('a', 'f')
 end
 
+# rubocop:disable Style/VariableNumber
 def valid_b64_token(payload = 'hereisacoollittlestring')
   @valid_b64_token ||= Base64.encode64(payload).chomp
 end
@@ -40,3 +41,4 @@ end
 def invalid_b64_token
   @invalid_b64_token ||= valid_b64_token.tr('abcdefghijklmnop', '$o#m$k#i$g#e$c#a')
 end
+# rubocop:enable Style/VariableNumber

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: drillbit
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.5.0
 platform: ruby
 authors:
 - thegranddesign
@@ -31,7 +31,7 @@ cert_chain:
   zRIv8lqQM8QFT76rzP5SBCERwN+ltKAFbQ5/FwmZNGWYnmCP3RZMQiRnbh+9H9lh
   mlbwaYZTjgsXq6cy8N38EecewgBbZYS1IYJraE/M
   -----END CERTIFICATE-----
-date: 2016-09-07 00:00:00.000000000 Z
+date: 2016-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: erratum
@@ -269,4 +269,3 @@ test_files:
 - spec/fixtures/test_rsa_key.pub
 - spec/spec_helper.rb
 - spec/support/private_keys.rb
-has_rdoc: