forest_liana 5.2.3 → 5.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/forest_liana/actions_controller.rb +95 -0
- data/app/controllers/forest_liana/resources_controller.rb +14 -17
- data/app/controllers/forest_liana/smart_actions_controller.rb +10 -5
- data/app/helpers/forest_liana/is_same_data_structure_helper.rb +44 -0
- data/app/helpers/forest_liana/widgets_helper.rb +59 -0
- data/app/models/forest_liana/model/action.rb +2 -1
- data/app/services/forest_liana/apimap_sorter.rb +1 -0
- data/app/services/forest_liana/permissions_checker.rb +118 -56
- data/app/services/forest_liana/permissions_formatter.rb +52 -0
- data/app/services/forest_liana/permissions_getter.rb +52 -17
- data/app/services/forest_liana/resources_getter.rb +3 -3
- data/app/services/forest_liana/scope_validator.rb +8 -7
- data/app/services/forest_liana/utils/beta_schema_utils.rb +13 -0
- data/config/routes.rb +2 -0
- data/lib/forest_liana/bootstrapper.rb +19 -0
- data/lib/forest_liana/schema_file_updater.rb +1 -0
- data/lib/forest_liana/version.rb +1 -1
- data/spec/helpers/forest_liana/is_same_data_structure_helper_spec.rb +87 -0
- data/spec/requests/actions_controller_spec.rb +174 -0
- data/spec/services/forest_liana/apimap_sorter_spec.rb +6 -4
- data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb +711 -0
- data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb +831 -0
- data/spec/services/forest_liana/permissions_formatter_spec.rb +222 -0
- data/spec/services/forest_liana/permissions_getter_spec.rb +82 -0
- data/spec/services/forest_liana/schema_adapter_spec.rb +1 -1
- data/spec/spec_helper.rb +3 -0
- metadata +18 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4e1a93b16b8c079a92000891ac73f8794fa87c2b6411e99a6e160d7f5e88e64d
|
|
4
|
+
data.tar.gz: 0b6853a6eda1fef9f395fa9f247b90273fef74fe8eb9e621ed4647d43832dc03
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3e7aa35686573cce22819ea583a20c9d93afd39b72187aae0c618fd0e67e1494475435ae0ca9c8c892b7bbe3015c0e6ac0f220ca75b2526f66883f5a491f54f7
|
|
7
|
+
data.tar.gz: ffdcfcf09b90001e66bff1910a86d635def03cf718a9e13282061d4f9d5c4b0780058ba7462106ea6c4deb299e388bb3c32a3eec624d51bfd7b0420a85a60167
|
|
@@ -1,7 +1,102 @@
|
|
|
1
1
|
module ForestLiana
|
|
2
2
|
class ActionsController < ForestLiana::BaseController
|
|
3
|
+
|
|
3
4
|
def values
|
|
4
5
|
render serializer: nil, json: {}, status: :ok
|
|
5
6
|
end
|
|
7
|
+
|
|
8
|
+
def get_collection(collection_name)
|
|
9
|
+
ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def get_action(collection_name)
|
|
13
|
+
collection = get_collection(collection_name)
|
|
14
|
+
begin
|
|
15
|
+
collection.actions.find {|action| ActiveSupport::Inflector.parameterize(action.name) == params[:action_name]}
|
|
16
|
+
rescue => error
|
|
17
|
+
FOREST_LOGGER.error "Smart Action get action retrieval error: #{error}"
|
|
18
|
+
nil
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def get_record
|
|
23
|
+
model = ForestLiana::SchemaUtils.find_model_from_collection_name(params[:collectionName])
|
|
24
|
+
redord_getter = ForestLiana::ResourceGetter.new(model, {:id => params[:recordIds][0]})
|
|
25
|
+
redord_getter.perform
|
|
26
|
+
redord_getter.record
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def get_smart_action_load_ctx(fields)
|
|
30
|
+
fields = fields.reduce({}) do |p, c|
|
|
31
|
+
ForestLiana::WidgetsHelper.set_field_widget(c)
|
|
32
|
+
p.update(c[:field] => c.merge!(value: nil))
|
|
33
|
+
end
|
|
34
|
+
{:record => get_record, :fields => fields}
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def get_smart_action_change_ctx(fields)
|
|
38
|
+
fields = fields.reduce({}) do |p, c|
|
|
39
|
+
field = c.permit!.to_h.symbolize_keys
|
|
40
|
+
ForestLiana::WidgetsHelper.set_field_widget(field)
|
|
41
|
+
p.update(c[:field] => field)
|
|
42
|
+
end
|
|
43
|
+
{:record => get_record, :fields => fields}
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def handle_result(result, formatted_fields, action)
|
|
47
|
+
if result.nil? || !result.is_a?(Hash)
|
|
48
|
+
return render status: 500, json: { error: 'Error in smart action load hook: hook must return an object' }
|
|
49
|
+
end
|
|
50
|
+
is_same_data_structure = ForestLiana::IsSameDataStructureHelper::Analyser.new(formatted_fields, result, 1)
|
|
51
|
+
unless is_same_data_structure.perform
|
|
52
|
+
return render status: 500, json: { error: 'Error in smart action hook: fields must be unchanged (no addition nor deletion allowed)' }
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# Apply result on fields (transform the object back to an array), preserve order.
|
|
56
|
+
fields = action.fields.map do |field|
|
|
57
|
+
updated_field = result[field[:field]]
|
|
58
|
+
# Reset `value` when not present in `enums` (which means `enums` has changed).
|
|
59
|
+
if updated_field[:enums].is_a?(Array) && !updated_field[:enums].include?(updated_field[:value])
|
|
60
|
+
updated_field[:value] = nil
|
|
61
|
+
end
|
|
62
|
+
updated_field
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
render serializer: nil, json: { fields: fields}, status: :ok
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def load
|
|
69
|
+
action = get_action(params[:collectionName])
|
|
70
|
+
|
|
71
|
+
if !action
|
|
72
|
+
render status: 500, json: {error: 'Error in smart action load hook: cannot retrieve action from collection'}
|
|
73
|
+
else
|
|
74
|
+
# Transform fields from array to an object to ease usage in hook, adds null value.
|
|
75
|
+
context = get_smart_action_load_ctx(action.fields)
|
|
76
|
+
formatted_fields = context[:fields].clone # clone for following test on is_same_data_structure
|
|
77
|
+
|
|
78
|
+
# Call the user-defined load hook.
|
|
79
|
+
result = action.hooks[:load].(context)
|
|
80
|
+
|
|
81
|
+
handle_result(result, formatted_fields, action)
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
def change
|
|
86
|
+
action = get_action(params[:collectionName])
|
|
87
|
+
|
|
88
|
+
if !action
|
|
89
|
+
render status: 500, json: {error: 'Error in smart action change hook: cannot retrieve action from collection'}
|
|
90
|
+
else
|
|
91
|
+
# Transform fields from array to an object to ease usage in hook.
|
|
92
|
+
context = get_smart_action_change_ctx(params[:fields])
|
|
93
|
+
formatted_fields = context[:fields].clone # clone for following test on is_same_data_structure
|
|
94
|
+
|
|
95
|
+
# Call the user-defined change hook.
|
|
96
|
+
result = action.hooks[:change][params[:changedField]].(context)
|
|
97
|
+
|
|
98
|
+
handle_result(result, formatted_fields, action)
|
|
99
|
+
end
|
|
100
|
+
end
|
|
6
101
|
end
|
|
7
102
|
end
|
|
@@ -16,18 +16,15 @@ module ForestLiana
|
|
|
16
16
|
def index
|
|
17
17
|
begin
|
|
18
18
|
if request.format == 'csv'
|
|
19
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, '
|
|
20
|
-
return head :forbidden unless checker.is_authorized?
|
|
21
|
-
elsif params.has_key?(:searchToEdit)
|
|
22
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, 'searchToEdit', @rendering_id)
|
|
19
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id, user_id: forest_user['id'])
|
|
23
20
|
return head :forbidden unless checker.is_authorized?
|
|
24
21
|
else
|
|
25
22
|
checker = ForestLiana::PermissionsChecker.new(
|
|
26
23
|
@resource,
|
|
27
|
-
'
|
|
24
|
+
'browseEnabled',
|
|
28
25
|
@rendering_id,
|
|
29
|
-
|
|
30
|
-
get_collection_list_permission_info(forest_user, request)
|
|
26
|
+
user_id: forest_user['id'],
|
|
27
|
+
collection_list_parameters: get_collection_list_permission_info(forest_user, request)
|
|
31
28
|
)
|
|
32
29
|
return head :forbidden unless checker.is_authorized?
|
|
33
30
|
end
|
|
@@ -59,10 +56,10 @@ module ForestLiana
|
|
|
59
56
|
begin
|
|
60
57
|
checker = ForestLiana::PermissionsChecker.new(
|
|
61
58
|
@resource,
|
|
62
|
-
'
|
|
59
|
+
'browseEnabled',
|
|
63
60
|
@rendering_id,
|
|
64
|
-
|
|
65
|
-
get_collection_list_permission_info(forest_user, request)
|
|
61
|
+
user_id: forest_user['id'],
|
|
62
|
+
collection_list_parameters: get_collection_list_permission_info(forest_user, request)
|
|
66
63
|
)
|
|
67
64
|
return head :forbidden unless checker.is_authorized?
|
|
68
65
|
|
|
@@ -89,7 +86,7 @@ module ForestLiana
|
|
|
89
86
|
|
|
90
87
|
def show
|
|
91
88
|
begin
|
|
92
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, '
|
|
89
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user_id: forest_user['id'])
|
|
93
90
|
return head :forbidden unless checker.is_authorized?
|
|
94
91
|
|
|
95
92
|
getter = ForestLiana::ResourceGetter.new(@resource, params)
|
|
@@ -104,7 +101,7 @@ module ForestLiana
|
|
|
104
101
|
|
|
105
102
|
def create
|
|
106
103
|
begin
|
|
107
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, '
|
|
104
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id, user_id: forest_user['id'])
|
|
108
105
|
return head :forbidden unless checker.is_authorized?
|
|
109
106
|
|
|
110
107
|
creator = ForestLiana::ResourceCreator.new(@resource, params)
|
|
@@ -127,7 +124,7 @@ module ForestLiana
|
|
|
127
124
|
|
|
128
125
|
def update
|
|
129
126
|
begin
|
|
130
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, '
|
|
127
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user_id: forest_user['id'])
|
|
131
128
|
return head :forbidden unless checker.is_authorized?
|
|
132
129
|
|
|
133
130
|
updater = ForestLiana::ResourceUpdater.new(@resource, params)
|
|
@@ -149,7 +146,7 @@ module ForestLiana
|
|
|
149
146
|
end
|
|
150
147
|
|
|
151
148
|
def destroy
|
|
152
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, '
|
|
149
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
|
|
153
150
|
return head :forbidden unless checker.is_authorized?
|
|
154
151
|
|
|
155
152
|
@resource.destroy(params[:id]) if @resource.exists?(params[:id])
|
|
@@ -161,7 +158,7 @@ module ForestLiana
|
|
|
161
158
|
end
|
|
162
159
|
|
|
163
160
|
def destroy_bulk
|
|
164
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, '
|
|
161
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
|
|
165
162
|
return head :forbidden unless checker.is_authorized?
|
|
166
163
|
|
|
167
164
|
ids = ForestLiana::ResourcesGetter.get_ids_from_request(params)
|
|
@@ -245,8 +242,8 @@ module ForestLiana
|
|
|
245
242
|
@collection ||= ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
|
|
246
243
|
end
|
|
247
244
|
|
|
248
|
-
# NOTICE: Return a formatted object containing the request condition filters and
|
|
249
|
-
# the user id used by the scope validator class to validate if scope is
|
|
245
|
+
# NOTICE: Return a formatted object containing the request condition filters and
|
|
246
|
+
# the user id used by the scope validator class to validate if scope is
|
|
250
247
|
# in request
|
|
251
248
|
def get_collection_list_permission_info(user, collection_list_request)
|
|
252
249
|
{
|
|
@@ -19,14 +19,15 @@ module ForestLiana
|
|
|
19
19
|
|
|
20
20
|
def check_permission_for_smart_route
|
|
21
21
|
begin
|
|
22
|
-
|
|
22
|
+
|
|
23
23
|
smart_action_request = get_smart_action_request
|
|
24
24
|
if !smart_action_request.nil? && smart_action_request.has_key?(:smart_action_id)
|
|
25
25
|
checker = ForestLiana::PermissionsChecker.new(
|
|
26
26
|
find_resource(smart_action_request[:collection_name]),
|
|
27
27
|
'actions',
|
|
28
28
|
@rendering_id,
|
|
29
|
-
|
|
29
|
+
user_id: forest_user['id'],
|
|
30
|
+
smart_action_request_info: get_smart_action_request_info
|
|
30
31
|
)
|
|
31
32
|
return head :forbidden unless checker.is_authorized?
|
|
32
33
|
else
|
|
@@ -54,10 +55,14 @@ module ForestLiana
|
|
|
54
55
|
end
|
|
55
56
|
end
|
|
56
57
|
|
|
57
|
-
|
|
58
|
+
# smart action permissions are retrieved from the action's endpoint and http_method
|
|
59
|
+
def get_smart_action_request_info
|
|
60
|
+
endpoint = request.fullpath
|
|
61
|
+
# Trim starting '/'
|
|
62
|
+
endpoint[0] = '' if endpoint[0] == '/'
|
|
58
63
|
{
|
|
59
|
-
|
|
60
|
-
|
|
64
|
+
endpoint: endpoint,
|
|
65
|
+
http_method: request.request_method
|
|
61
66
|
}
|
|
62
67
|
end
|
|
63
68
|
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
require 'set'
|
|
2
|
+
|
|
3
|
+
module ForestLiana
|
|
4
|
+
module IsSameDataStructureHelper
|
|
5
|
+
class Analyser
|
|
6
|
+
def initialize(object, other, deep = 0)
|
|
7
|
+
@object = object
|
|
8
|
+
@other = other
|
|
9
|
+
@deep = deep
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def are_objects(object, other)
|
|
13
|
+
object && other && object.is_a?(Hash) && other.is_a?(Hash)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def check_keys(object, other, step = 0)
|
|
17
|
+
unless are_objects(object, other)
|
|
18
|
+
return false
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
object_keys = object.keys
|
|
22
|
+
other_keys = other.keys
|
|
23
|
+
|
|
24
|
+
if object_keys.length != other_keys.length
|
|
25
|
+
return false
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
object_keys_set = object_keys.to_set
|
|
29
|
+
other_keys.each { |key|
|
|
30
|
+
if !object_keys_set.member?(key) || (step + 1 <= @deep && !check_keys(object[key], other[key], step + 1))
|
|
31
|
+
return false
|
|
32
|
+
end
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
return true
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def perform
|
|
39
|
+
check_keys(@object, @other)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
require 'set'
|
|
2
|
+
|
|
3
|
+
module ForestLiana
|
|
4
|
+
module WidgetsHelper
|
|
5
|
+
|
|
6
|
+
@widget_edit_list = [
|
|
7
|
+
'address editor',
|
|
8
|
+
'belongsto typeahead',
|
|
9
|
+
'belongsto dropdown',
|
|
10
|
+
'boolean editor',
|
|
11
|
+
'checkboxes',
|
|
12
|
+
'color editor',
|
|
13
|
+
'date editor',
|
|
14
|
+
'dropdown',
|
|
15
|
+
'embedded document editor',
|
|
16
|
+
'file picker',
|
|
17
|
+
'json code editor',
|
|
18
|
+
'input array',
|
|
19
|
+
'multiple select',
|
|
20
|
+
'number input',
|
|
21
|
+
'point editor',
|
|
22
|
+
'price editor',
|
|
23
|
+
'radio button',
|
|
24
|
+
'rich text',
|
|
25
|
+
'text area editor',
|
|
26
|
+
'text editor',
|
|
27
|
+
'time input',
|
|
28
|
+
]
|
|
29
|
+
|
|
30
|
+
@v1_to_v2_edit_widgets_mapping = {
|
|
31
|
+
address: 'address editor',
|
|
32
|
+
'belongsto select': 'belongsto dropdown',
|
|
33
|
+
'color picker': 'color editor',
|
|
34
|
+
'date picker': 'date editor',
|
|
35
|
+
price: 'price editor',
|
|
36
|
+
'JSON editor': 'json code editor',
|
|
37
|
+
'rich text editor': 'rich text',
|
|
38
|
+
'text area': 'text area editor',
|
|
39
|
+
'text input': 'text editor',
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
def self.set_field_widget(field)
|
|
43
|
+
|
|
44
|
+
if field[:widget]
|
|
45
|
+
if @v1_to_v2_edit_widgets_mapping[field[:widget].to_sym]
|
|
46
|
+
field[:widgetEdit] = {name: @v1_to_v2_edit_widgets_mapping[field[:widget].to_sym], parameters: {}}
|
|
47
|
+
elsif @widget_edit_list.include?(field[:widget])
|
|
48
|
+
field[:widgetEdit] = {name: field[:widget], parameters: {}}
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
if !field.key?(:widgetEdit)
|
|
53
|
+
field[:widgetEdit] = nil
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
field.delete(:widget)
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
@@ -5,7 +5,7 @@ class ForestLiana::Model::Action
|
|
|
5
5
|
extend ActiveModel::Naming
|
|
6
6
|
|
|
7
7
|
attr_accessor :id, :name, :base_url, :endpoint, :http_method, :fields, :redirect,
|
|
8
|
-
:type, :download
|
|
8
|
+
:type, :download, :hooks
|
|
9
9
|
|
|
10
10
|
def initialize(attributes = {})
|
|
11
11
|
if attributes.key?(:global)
|
|
@@ -66,6 +66,7 @@ class ForestLiana::Model::Action
|
|
|
66
66
|
@base_url ||= nil
|
|
67
67
|
@type ||= "bulk"
|
|
68
68
|
@download ||= false
|
|
69
|
+
@hooks = !@hooks.nil? ? @hooks.symbolize_keys : nil
|
|
69
70
|
end
|
|
70
71
|
|
|
71
72
|
def persisted?
|
|
@@ -1,100 +1,162 @@
|
|
|
1
1
|
module ForestLiana
|
|
2
2
|
class PermissionsChecker
|
|
3
|
-
@@
|
|
3
|
+
@@permissions_cached = Hash.new
|
|
4
|
+
@@scopes_cached = Hash.new
|
|
5
|
+
@@roles_acl_activated = false
|
|
6
|
+
# TODO: handle cache scopes per rendering
|
|
4
7
|
@@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
|
|
5
8
|
|
|
6
|
-
def initialize(resource, permission_name, rendering_id,
|
|
9
|
+
def initialize(resource, permission_name, rendering_id, user_id:, smart_action_request_info: nil, collection_list_parameters: nil)
|
|
10
|
+
@user_id = user_id
|
|
7
11
|
@collection_name = ForestLiana.name_for(resource)
|
|
8
12
|
@permission_name = permission_name
|
|
9
13
|
@rendering_id = rendering_id
|
|
10
|
-
@
|
|
14
|
+
@smart_action_request_info = smart_action_request_info
|
|
11
15
|
@collection_list_parameters = collection_list_parameters
|
|
12
16
|
end
|
|
13
17
|
|
|
14
18
|
def is_authorized?
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
private
|
|
19
|
+
# User is still authorized if he already was and the permission has not expire
|
|
20
|
+
# if !have_permissions_expired && is_allowed
|
|
21
|
+
return true unless have_permissions_expired? || !is_allowed
|
|
19
22
|
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
@@permissions_per_rendering[@rendering_id] &&
|
|
23
|
-
@@permissions_per_rendering[@rendering_id]['data']
|
|
23
|
+
fetch_permissions
|
|
24
|
+
is_allowed
|
|
24
25
|
end
|
|
25
26
|
|
|
26
|
-
|
|
27
|
-
@@permissions_per_rendering &&
|
|
28
|
-
@@permissions_per_rendering[@rendering_id] &&
|
|
29
|
-
@@permissions_per_rendering[@rendering_id]['last_retrieve']
|
|
30
|
-
end
|
|
27
|
+
private
|
|
31
28
|
|
|
32
|
-
def
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
29
|
+
def fetch_permissions
|
|
30
|
+
permissions = ForestLiana::PermissionsGetter::get_permissions_for_rendering(@rendering_id)
|
|
31
|
+
@@roles_acl_activated = permissions['meta']['rolesACLActivated']
|
|
32
|
+
permissions['last_fetch'] = Time.now
|
|
33
|
+
if @@roles_acl_activated
|
|
34
|
+
@@permissions_cached = permissions
|
|
35
|
+
else
|
|
36
|
+
permissions['data'] = ForestLiana::PermissionsFormatter.convert_to_new_format(permissions['data'], @rendering_id)
|
|
37
|
+
@@permissions_cached[@rendering_id] = permissions
|
|
39
38
|
end
|
|
40
|
-
|
|
41
|
-
@user_id = @smart_action_parameters[:user_id]
|
|
42
|
-
@action_id = @smart_action_parameters[:action_id]
|
|
43
|
-
@smart_action_permissions = smart_actions_permissions[@action_id]
|
|
44
|
-
@allowed = @smart_action_permissions['allowed']
|
|
45
|
-
@users = @smart_action_permissions['users']
|
|
46
|
-
|
|
47
|
-
return @allowed && (@users.nil?|| @users.include?(@user_id.to_i));
|
|
39
|
+
add_scopes_to_cache(permissions)
|
|
48
40
|
end
|
|
49
41
|
|
|
50
|
-
def
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
42
|
+
def add_scopes_to_cache(permissions)
|
|
43
|
+
permissions['data']['renderings'].keys.each { |rendering_id|
|
|
44
|
+
@@scopes_cached[rendering_id] = permissions['data']['renderings'][rendering_id]
|
|
45
|
+
@@scopes_cached[rendering_id]['last_fetch'] = Time.now
|
|
46
|
+
} if permissions['data']['renderings']
|
|
55
47
|
end
|
|
56
48
|
|
|
57
|
-
def is_allowed
|
|
58
|
-
permissions =
|
|
49
|
+
def is_allowed
|
|
50
|
+
permissions = get_permissions_content
|
|
51
|
+
|
|
59
52
|
if permissions && permissions[@collection_name] &&
|
|
60
53
|
permissions[@collection_name]['collection']
|
|
61
54
|
if @permission_name === 'actions'
|
|
62
55
|
return smart_action_allowed?(permissions[@collection_name]['actions'])
|
|
63
|
-
# NOTICE: Permissions[@collection_name]['scope'] will either contains conditions filter and
|
|
64
|
-
# dynamic user values definition, or null for collection that does not use scopes
|
|
65
|
-
elsif @permission_name === 'list' and permissions[@collection_name]['scope']
|
|
66
|
-
return collection_list_allowed?(permissions[@collection_name]['scope'])
|
|
67
56
|
else
|
|
68
|
-
|
|
57
|
+
if @permission_name === 'browseEnabled'
|
|
58
|
+
refresh_scope_cache if scope_cache_expired?
|
|
59
|
+
scope_permissions = get_scope_in_permissions
|
|
60
|
+
if scope_permissions
|
|
61
|
+
# NOTICE: current_scope will either contains conditions filter and
|
|
62
|
+
# dynamic user values definition, or null for collection that does not use scopes
|
|
63
|
+
return false unless are_scopes_valid?(scope_permissions)
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
return is_user_allowed(permissions[@collection_name]['collection'][@permission_name])
|
|
69
67
|
end
|
|
70
68
|
else
|
|
71
69
|
false
|
|
72
70
|
end
|
|
73
71
|
end
|
|
74
72
|
|
|
75
|
-
def
|
|
76
|
-
@@
|
|
77
|
-
|
|
78
|
-
@@
|
|
79
|
-
|
|
73
|
+
def get_scope_in_permissions
|
|
74
|
+
@@scopes_cached[@rendering_id] &&
|
|
75
|
+
@@scopes_cached[@rendering_id][@collection_name] &&
|
|
76
|
+
@@scopes_cached[@rendering_id][@collection_name]['scope']
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def scope_cache_expired?
|
|
80
|
+
return true unless @@scopes_cached[@rendering_id] && @@scopes_cached[@rendering_id]['last_fetch']
|
|
81
|
+
|
|
82
|
+
elapsed_seconds = date_difference_in_seconds(Time.now, @@scopes_cached[@rendering_id]['last_fetch'])
|
|
83
|
+
elapsed_seconds >= @@expiration_in_seconds
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
# This will happen only on rolesACLActivated (as scope cache will always be up to date on disabled)
|
|
87
|
+
def refresh_scope_cache
|
|
88
|
+
permissions = ForestLiana::PermissionsGetter::get_permissions_for_rendering(@rendering_id, rendering_specific_only: true)
|
|
89
|
+
add_scopes_to_cache(permissions)
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
# When acl disabled permissions are stored and retrieved by rendering
|
|
93
|
+
def get_permissions
|
|
94
|
+
@@roles_acl_activated ? @@permissions_cached : @@permissions_cached[@rendering_id]
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
def get_permissions_content
|
|
98
|
+
permissions = get_permissions
|
|
99
|
+
permissions && permissions['data'] && permissions['data']['collections']
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def get_last_fetch
|
|
103
|
+
permissions = get_permissions
|
|
104
|
+
permissions && permissions['last_fetch']
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
def get_smart_action_permissions(smart_actions_permissions)
|
|
108
|
+
endpoint = @smart_action_request_info[:endpoint]
|
|
109
|
+
http_method = @smart_action_request_info[:http_method]
|
|
110
|
+
|
|
111
|
+
return nil unless endpoint && http_method
|
|
112
|
+
|
|
113
|
+
schema_smart_action = ForestLiana::Utils::BetaSchemaUtils.find_action_from_endpoint(@collection_name, endpoint, http_method)
|
|
114
|
+
|
|
115
|
+
schema_smart_action &&
|
|
116
|
+
schema_smart_action.name &&
|
|
117
|
+
smart_actions_permissions &&
|
|
118
|
+
smart_actions_permissions[schema_smart_action.name]
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
def is_user_allowed(permission_value)
|
|
122
|
+
return false if permission_value.nil?
|
|
123
|
+
return permission_value if permission_value.in? [true, false]
|
|
124
|
+
permission_value.include?(@user_id.to_i)
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
def smart_action_allowed?(smart_actions_permissions)
|
|
128
|
+
smart_action_permissions = get_smart_action_permissions(smart_actions_permissions)
|
|
129
|
+
|
|
130
|
+
return false unless smart_action_permissions
|
|
131
|
+
|
|
132
|
+
is_user_allowed(smart_action_permissions['triggerEnabled'])
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
def are_scopes_valid?(scope_permissions)
|
|
136
|
+
return ForestLiana::ScopeValidator.new(
|
|
137
|
+
scope_permissions['filter'],
|
|
138
|
+
scope_permissions['dynamicScopesValues']['users']
|
|
139
|
+
).is_scope_in_request?(@collection_list_parameters)
|
|
80
140
|
end
|
|
81
141
|
|
|
82
142
|
def date_difference_in_seconds(date1, date2)
|
|
83
143
|
(date1 - date2).to_i
|
|
84
144
|
end
|
|
85
145
|
|
|
86
|
-
def
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
return true if last_retrieve.nil?
|
|
146
|
+
def have_permissions_expired?
|
|
147
|
+
last_fetch = get_last_fetch
|
|
148
|
+
return true unless last_fetch
|
|
90
149
|
|
|
91
|
-
elapsed_seconds = date_difference_in_seconds(Time.now,
|
|
150
|
+
elapsed_seconds = date_difference_in_seconds(Time.now, last_fetch)
|
|
92
151
|
elapsed_seconds >= @@expiration_in_seconds
|
|
93
152
|
end
|
|
94
153
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
154
|
+
# Used only for testing purpose
|
|
155
|
+
def self.empty_cache
|
|
156
|
+
@@permissions_cached = Hash.new
|
|
157
|
+
@@scopes_cached = Hash.new
|
|
158
|
+
@@roles_acl_activated = false
|
|
159
|
+
@@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
|
|
98
160
|
end
|
|
99
161
|
end
|
|
100
162
|
end
|