RubyGems - drillbit - Versions diffs - 2.8.0 → 2.9.0 - Mend

drillbit 2.8.0 → 2.9.0

Files changed (13) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/lib/drillbit.rb +1 -0
data/lib/drillbit/authorizable_resource.rb +21 -0
data/lib/drillbit/authorizers/parameters/filtering.rb +3 -2
data/lib/drillbit/authorizers/parameters/inclusions.rb +51 -0
data/lib/drillbit/authorizers/parameters/resource.rb +6 -5
data/lib/drillbit/errors/unpermitted_inclusions.rb +29 -0
data/lib/drillbit/version.rb +1 -1
data/spec/drillbit/authorizers/parameters/filtering_spec.rb +3 -0
metadata +3 -1
metadata.gz.sig +0 -0

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fec9e9fdc03cb3d4b5ec5977ba97e7732979d35e
-  data.tar.gz: 1eb9aeaa0634e5d47e6a6c80e95fbc2124e08900
+  metadata.gz: df937a00a4c1c57a662407c726abf38c6630afa8
+  data.tar.gz: fe694633fe98cc22888ca02252ea667bcb0100a5
 SHA512:
-  metadata.gz: 86d163daf5b5523fa2d156f093a8ea257591e15ae155138a6c6b147fb9e34eb8c11d3cfb136481f8cc0f40c932a456c7514caae7ad5c64e6effe92191e733eb0
-  data.tar.gz: 00471ebf723e9042d801d66e2dfa27847bb7a11b3314a57c391d99402cfdc3b0486652555b466ea55fa80ad8803765f642cbdc1fc702a7fe7984028c64a9cba1
+  metadata.gz: 800b83bb991f6517bd4e89ce42bb9eb57124e80c3fa85971e55d8a026367059c714b59a4ba65c4013e86c0e53c042e865a91c13f70d2ad481f1732cfa48adeb6
+  data.tar.gz: 57e8d41ee03aff8ee7819fe6fb794a62a64d51e25c83a7ac0587322de8f52cf533f00e6fd9f5b3e85cf1ccaff0b5395bd35924d82f2b84c0c6369c2d45248f01

checksums.yaml.gz.sig CHANGED

Binary file

data.tar.gz.sig CHANGED

Binary file

data/lib/drillbit.rb CHANGED

@@ -3,6 +3,7 @@ require 'drillbit/version'
 require 'drillbit/authorizers/parameters'
 require 'drillbit/authorizers/parameters/filtering'
+require 'drillbit/authorizers/parameters/inclusions'
 require 'drillbit/authorizers/parameters/resource'
 require 'drillbit/authorizers/query'
 require 'drillbit/authorizers/scope'

data/lib/drillbit/authorizable_resource.rb CHANGED

@@ -49,6 +49,16 @@ module  AuthorizableResource
     rescue NameError
       'Drillbit::Authorizers::Parameters::Filtering'.constantize
     end
+    def authorizer_inclusions_params_class
+      @authorizer_inclusions_params_class ||= "#{authorizer_prefix}" \
+                                              "Authorizers::" \
+                                              "#{resource_class_name}::" \
+                                              "InclusionParameters".
+                                              constantize
+    rescue NameError
+      'Drillbit::Authorizers::Parameters::Inclusions'.constantize
+    end
   end
   def self.included(base)
@@ -92,6 +102,17 @@ module  AuthorizableResource
                           call
   end
+  def authorized_inclusions
+    @authorized_inclusions ||= self.
+                               class.
+                               authorizer_inclusions_params_class.
+                               new(token:  token,
+                                   user:   authorized_user,
+                                   issuer: authorized_issuer,
+                                   params: authorized_params).
+                               call
+  end
   def authorized_params
     @authorized_params ||= authorizer_params_class.
                            new(token:  token,

data/lib/drillbit/authorizers/parameters/filtering.rb CHANGED

@@ -19,6 +19,7 @@ class   Filtering < Authorizers::Parameters
                              :token_jwt,
                              :format,
                              :accept,
+                             :include,
                              page:   %i{
                                        number
                                        size
@@ -39,9 +40,9 @@ class   Filtering < Authorizers::Parameters
             fetch(name,    nil)
     if param.class == Array
-      authorized_params[6][:filter][1][name] = []
+      authorized_params[7][:filter][1][name] = []
     else
-      authorized_params[6][:filter] << name
+      authorized_params[7][:filter] << name
     end
   end

data/lib/drillbit/authorizers/parameters/inclusions.rb ADDED

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+require 'drillbit/authorizers/parameters'
+require 'drillbit/errors/unpermitted_inclusions'
+module  Drillbit
+module  Authorizers
+class   Parameters
+class   Inclusions < Authorizers::Parameters
+  attr_accessor :authorized_inclusions
+  # rubocop:disable Style/RaiseArgs
+  def call
+    fail Errors::UnpermittedInclusions.new(inclusions: requested_inclusions) \
+      if inclusion_differences.any?
+    authorized_inclusions
+  end
+  # rubocop:enable Style/RaiseArgs
+  protected
+  def authorized_inclusions
+    @authorized_inclusions ||= []
+  end
+  private
+  def add_includable_resource(resource_name)
+    authorized_inclusions << resource_name
+  end
+  def add_includable_resources(*resource_names)
+    resource_names.each do |resource_name|
+      add_includable_resource(resource_name)
+    end
+  end
+  def requested_inclusions
+    @requested_inclusions ||= params.
+                              fetch(:include, '').
+                              split(',').
+                              map(&:to_sym)
+  end
+  def inclusion_differences
+    @inclusion_differences ||= requested_inclusions - authorized_inclusions
+  end
+end
+end
+end
+end

data/lib/drillbit/authorizers/parameters/resource.rb CHANGED

@@ -19,6 +19,7 @@ class   Resource < Authorizers::Parameters
                              :token_jwt,
                              :format,
                              :accept,
+                             :include,
                              data: [
                                      :type,
                                      :id,
@@ -39,9 +40,9 @@ class   Resource < Authorizers::Parameters
             fetch(name,        nil)
     if param.class == Array
-      authorized_params[6][:data][2][:attributes][0][name] = []
+      authorized_params[7][:data][2][:attributes][0][name] = []
     else
-      authorized_params[6][:data][2][:attributes] << name
+      authorized_params[7][:data][2][:attributes] << name
     end
   end
@@ -67,9 +68,9 @@ class   Resource < Authorizers::Parameters
     embedded = first.fetch(:attributes, nil)
     if param.nil?
-      authorized_params[6][:data][2][:relationships][name] = [:data]
+      authorized_params[7][:data][2][:relationships][name] = [:data]
     elsif embedded
-      authorized_params[6][:data][2][:relationships][name] = {
+      authorized_params[7][:data][2][:relationships][name] = {
         data: [
                 :type,
                 {
@@ -78,7 +79,7 @@ class   Resource < Authorizers::Parameters
               ],
       }
     else
-      authorized_params[6][:data][2][:relationships][name] = { data: %i{type id} }
+      authorized_params[7][:data][2][:relationships][name] = { data: %i{type id} }
     end
   end
   # rubocop:enable Metrics/AbcSize

data/lib/drillbit/errors/unpermitted_inclusions.rb ADDED

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+require 'erratum'
+module  Drillbit
+module  Errors
+class   UnpermittedInclusions < RuntimeError
+  include Erratum::Error
+  attr_accessor :inclusions
+  def http_status
+    422
+  end
+  def title
+    'Unpermitted Inclusion'
+  end
+  def detail
+    'One or more of the inclusions you attempted to pass via the "include" parameter ' \
+    'are either not available or not authorized.'
+  end
+  def source
+    { inclusions: inclusions }
+  end
+end
+end
+end

data/lib/drillbit/version.rb CHANGED

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Drillbit
-  VERSION = '2.8.0'
+  VERSION = '2.9.0'
 end

data/spec/drillbit/authorizers/parameters/filtering_spec.rb CHANGED

@@ -26,6 +26,7 @@ describe  Filtering do
          :token_jwt,
          :format,
          :accept,
+         :include,
          include(
            filter: include(:name, :age),
          ))
@@ -55,6 +56,7 @@ describe  Filtering do
          :token_jwt,
          :format,
          :accept,
+         :include,
          include(
            filter: include(:name, ary: []),
          ))
@@ -77,6 +79,7 @@ describe  Filtering do
          :token_jwt,
          :format,
          :accept,
+         :include,
          page:   %i{
                    number
                    size

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: drillbit
 version: !ruby/object:Gem::Version
-  version: 2.8.0
+  version: 2.9.0
 platform: ruby
 authors:
 - thegranddesign
@@ -131,6 +131,7 @@ files:
 - lib/drillbit/authorizable_resource.rb
 - lib/drillbit/authorizers/parameters.rb
 - lib/drillbit/authorizers/parameters/filtering.rb
+- lib/drillbit/authorizers/parameters/inclusions.rb
 - lib/drillbit/authorizers/parameters/resource.rb
 - lib/drillbit/authorizers/query.rb
 - lib/drillbit/authorizers/scope.rb
@@ -140,6 +141,7 @@ files:
 - lib/drillbit/errors/invalid_request_body.rb
 - lib/drillbit/errors/invalid_subdomain.rb
 - lib/drillbit/errors/invalid_token.rb
+- lib/drillbit/errors/unpermitted_inclusions.rb
 - lib/drillbit/matchers/accept_header.rb
 - lib/drillbit/matchers/generic.rb
 - lib/drillbit/matchers/subdomain.rb

metadata.gz.sig CHANGED

Binary file