entitlements-app 0.1.6

data/lib/entitlements/models/person.rb

@@ -0,0 +1,149 @@
+# frozen_string_literal: true
+
+module Entitlements
+  class Models
+    class Person
+      include ::Contracts::Core
+      C = ::Contracts
+
+      attr_reader :uid
+
+      # Constructor.
+      #
+      # uid        - A String with user's ID (unique throughout Entitlements)
+      # attributes - Optionally a Hash of {String => String | Array<String>} with additional attributes
+      Contract C::KeywordArgs[
+        uid: String,
+        attributes: C::Maybe[C::HashOf[String => C::Or[String, C::ArrayOf[String], nil]]]
+      ] => C::Any
+      def initialize(uid:, attributes: {})
+        @uid = uid
+        setup_attributes(attributes)
+      end
+
+      # Grab any methods that have been defined by extras and dispatch them to the appropriate backend.
+      # The first argument sent to the method is a reference to this object (self). Any arguments passed
+      # by the caller are sent thereafter. For now this ignores blocks (maybe figure this out later?).
+      #
+      # Arguments and return varies.
+      def method_missing(m, *args, &block)
+        if method_class_ref = Entitlements.person_extra_methods[m]
+          return method_class_ref.send(m, self, *args)
+        end
+
+        # :nocov:
+        raise NoMethodError, "No method '#{m}' exists for Entitlements::Models::Person or any registered extras."
+        # :nocov:
+      end
+
+      # Hash method to get current value of an attribute. Raises if the attribute is undefined.
+      #
+      # attribute - A String with the attribute name to retrieve.
+      #
+      # Returns a String or Array<String> with the attribute's value. (nil deletes later)
+      Contract String => C::Or[String, C::ArrayOf[String], nil]
+      def [](attribute)
+        outward(@current_attributes.fetch(attribute))
+      end
+
+      # Get current value of the original attribute.
+      #
+      # attribute - A String with the attribute name to retrieve.
+      #
+      # Returns a String or Array<String> with the attribute's value. (nil if it did not exist)
+      Contract String => C::Or[String, C::ArrayOf[String], nil]
+      def original(attribute)
+        outward(@original_attributes[attribute])
+      end
+
+      # Hash method to set current value of an attribute.
+      #
+      # attribute - A String with the attribute name to set.
+      # val       - A String, Array<String>, Set<String>, or nil with new value. (nil deletes later)
+      #
+      # Returns nothing interesting (this method is in void context).
+      Contract String, C::Or[String, C::ArrayOf[String], C::SetOf[String], nil] => C::Any
+      def []=(attribute, val)
+        @touched_attributes.add(attribute)
+
+        if val.nil? && @original_attributes[attribute].nil?
+          @original_attributes.delete(attribute)
+          @current_attributes.delete(attribute)
+          return
+        end
+
+        @original_attributes[attribute] ||= nil
+        if val.nil? || val.is_a?(String)
+          @current_attributes[attribute] = val
+        elsif val.is_a?(Set)
+          @current_attributes[attribute] = val.dup
+        else
+          @current_attributes[attribute] = Set.new(val)
+        end
+      end
+
+      # Get the changes between original attributes and any attributes updated in this session.
+      #
+      # Takes no arguments.
+      #
+      # Returns a Hash of { attribute name => new value }.
+      Contract C::None => C::HashOf[String => C::Or[String, C::ArrayOf[String], nil]]
+      def attribute_changes
+        @current_attributes
+          .select { |k, _| @touched_attributes.member?(k) }
+          .reject { |k, v| @original_attributes[k] == v }
+          .reject { |k, v| (@original_attributes[k].nil? || @original_attributes[k] == Set.new) && (v.nil? || v == Set.new) }
+          .map { |k, _| [k, self[k]] }
+          .to_h
+      end
+
+      # Update an attribute that is an array or a set by adding a new string item to it.
+      #
+      # attribute - A String with the attribute name to set.
+      # val       - A String to add to the array/set.
+      #
+      # Returns nothing.
+      Contract String, String => nil
+      def add(attribute, val)
+        @touched_attributes.add(attribute)
+        ca = @current_attributes.fetch(attribute) # Raises if not found
+        raise ArgumentError, "Called add() on attribute that is a #{ca.class}" unless ca.is_a?(Set)
+        ca.add(val)
+        nil
+      end
+
+      private
+
+      # Convert the internal structure of an attribute to the displayed structure. Basically
+      # converts sets into sorted arrays and leaves everything else untouched.
+      #
+      # internal_obj - The internal structure.
+      #
+      # Returns the outward facing structure.
+      Contract C::Or[nil, String, C::SetOf[String]] => C::Or[nil, String, C::ArrayOf[String]]
+      def outward(internal_obj)
+        internal_obj.is_a?(Set) ? internal_obj.sort : internal_obj
+      end
+
+      # Construct a hash of attributes, keeping track of the original attributes as well
+      # as the current ones.
+      #
+      # attributes - Hash of {String => String | Array<String>} with additional attributes
+      #
+      # Returns nothing.
+      Contract C::HashOf[String => C::Or[String, C::ArrayOf[String], nil]] => nil
+      def setup_attributes(attributes)
+        @touched_attributes = Set.new
+        @original_attributes = {}
+        @current_attributes = {}
+        attributes.each do |k, v|
+          next if v.nil?
+          val = v.is_a?(Array) ? Set.new(v.sort) : v
+          @original_attributes[k] = val.dup
+          @current_attributes[k] = val.dup
+        end
+        nil
+      end
+    end
+  end
+end

data/lib/entitlements/plugins/dummy.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Entitlements
+  class Plugins
+    class Dummy < Entitlements::Plugins
+      include ::Contracts::Core
+      C = ::Contracts
+
+      # Dummy override hash.
+      #
+      # group         - Entitlements::Models::Group object
+      # plugin_config - Additional configuration for the plugin
+      # ldap          - Reference to the underlying Entitlements::Service::LDAP object
+      #
+      # Returns Hash with override settings.
+      Contract Entitlements::Models::Group, C::HashOf[String => C::Any], Entitlements::Service::LDAP => C::HashOf[String => C::Any]
+      def self.override_hash(_group, _plugin_config, _ldap)
+        {}
+      end
+    end
+  end
+end

data/lib/entitlements/plugins/group_of_names.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Entitlements
+  class Plugins
+    class GroupOfNames < Entitlements::Plugins
+      include ::Contracts::Core
+      C = ::Contracts
+
+      # Produce the override hash for an LDAP groupOfNames.
+      #
+      # group         - Entitlements::Models::Group object
+      # plugin_config - Additional configuration for the plugin
+      # ldap          - Reference to the underlying Entitlements::Service::LDAP object
+      #
+      # Returns Hash with override settings.
+      Contract Entitlements::Models::Group, C::HashOf[String => C::Any], Entitlements::Service::LDAP => C::HashOf[String => C::Any]
+      def self.override_hash(group, _plugin_config, ldap)
+        members = group.member_strings.map { |ms| ldap.person_dn_format.gsub("%KEY%", ms) }
+
+        {
+          "objectClass"  => "GroupOfNames",
+          "member"       => members,
+          "uniqueMember" => nil
+        }
+      end
+    end
+  end
+end

data/lib/entitlements/plugins/posix_group.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Entitlements
+  class Plugins
+    class PosixGroup < Entitlements::Plugins
+      include ::Contracts::Core
+      C = ::Contracts
+
+      # Produce the override hash for an LDAP posixGroup.
+      #
+      # group         - Entitlements::Models::Group object
+      # plugin_config - Additional configuration for the plugin
+      # ldap          - Reference to the underlying Entitlements::Service::LDAP object
+      #
+      # Returns Hash with override settings.
+      Contract Entitlements::Models::Group, C::HashOf[String => C::Any], Entitlements::Service::LDAP => C::HashOf[String => C::Any]
+      def self.override_hash(group, _plugin_config, ldap)
+        members = group.member_strings.map { |ms| ldap.person_dn_format.gsub("%KEY%", ms) }
+
+        {
+          "objectClass"  => "PosixGroup",
+          "memberUid"    => members,
+          "gidNumber"    => gid_number(group).to_s,
+          "uniqueMember" => nil,
+          "owner"        => nil
+        }
+      end
+
+      # Get the gidNumber from the metadata in the group.
+      #
+      # group - Entitlements::Models::Group object
+      #
+      # Returns an Integer with the GID number of the group.
+      Contract Entitlements::Models::Group => Integer
+      def self.gid_number(group)
+        unless group.metadata.key?("gid_number")
+          raise ArgumentError, "POSIX Group #{group.dn} has no metadata setting for gid_number!"
+        end
+
+        result = group.metadata["gid_number"].to_i
+        return result if result >= 1 && result < 65536
+        raise ArgumentError, "POSIX Group #{group.dn} has GID #{result} out of 1-65535 range!"
+      end
+    end
+  end
+end

data/lib/entitlements/plugins.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Entitlements
+  class Plugins
+    def self.loaded?
+      true
+    end
+
+    def self.override_hash(*args)
+      raise "Please define override_hash in the child class #{self}!"
+    end
+  end
+end

data/lib/entitlements/rule/base.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+# Rules written in ruby can (and should) inherit this class.
+
+module Entitlements
+  class Rule
+    class Base
+      include ::Contracts::Core
+      C = ::Contracts
+
+      # This method must be re-implemented by the child class.
+      #
+      # Takes no Arguments.
+      #
+      # Returns a Set[String] of the DN's of all people who satisfy the filter.
+      Contract C::None => C::SetOf[String]
+      def members
+        # :nocov:
+        raise "Must be implemented by the child class"
+        # :nocov:
+      end
+
+      # This method allows the class to contain a line like:
+      #   description "This is some text"
+      # and have that description be set as a class variable. When
+      # called without an argument, this returns the value of the
+      # description, so the instance can access it.
+      Contract C::Maybe[String] => String
+      def self.description(text = nil)
+        if text
+          @description = text
+        else
+          @description ||= ""
+        end
+      end
+
+      # Retrieve the description of the group from the class variable.
+      #
+      # Takes no arguments.
+      #
+      # Returns a String with the description.
+      Contract C::None => String
+      def description
+        self.class.description
+      end
+
+      # This method allows the class to contain a line like:
+      #   filter "foo" => :all / :none / [list of Strings]
+      # and have that filter be set as a class variable. When
+      # called without an argument, this returns the value of the
+      # filter, so the instance can access it.
+      Contract C::Maybe[C::HashOf[String => C::Or[:all, :none, C::ArrayOf[String]]]] => C::HashOf[String => C::Or[:all, :none, C::ArrayOf[String]]]
+      def self.filter(filter_pair = nil)
+        @filters ||= Entitlements::Data::Groups::Calculated.filters_default
+        @filters.merge!(filter_pair) if filter_pair
+        @filters
+      end
+
+      # Retrieve the filters for the group from the class variable.
+      #
+      # Takes no arguments.
+      #
+      # Returns a Hash with the filters.
+      Contract C::None => C::HashOf[String => C::Or[:all, :none, C::ArrayOf[String]]]
+      def filters
+        self.class.filter
+      end
+
+      private
+
+      attr_reader :cache
+    end
+  end
+end