g5_authenticatable 1.1.2.pre.1 → 1.1.2.rc.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +0 -2
  3. data/README.md +2 -2
  4. data/app/models/g5_authenticatable/user.rb +0 -1
  5. data/app/policies/g5_authenticatable/base_policy.rb +17 -7
  6. data/lib/g5_authenticatable/version.rb +1 -1
  7. data/spec/models/g5_authenticatable/user_spec.rb +125 -130
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '081f7ecf2032384e90e2496d589a4b1f4ec09136d05acec75ac2e05b747e336d'
4
- data.tar.gz: db926d3359f6e8fa3eb2e88d6bf48ad519743721da0928db845b89fcdcb19ee0
3
+ metadata.gz: c2cb34d3b28574111f10bb4db862b8b54276bd825763a7540294d353906e81e8
4
+ data.tar.gz: fa649cec65a016088cf63073e3503b546a7daeb19d0de5d5393a49480070e1a3
5
5
  SHA512:
6
- metadata.gz: a3db25d8018a283bda4d8d3aa34c2ab34dc3ec9b60065cdd86c0e87e4fb5cf155108d60c96711e097749c8f47d163383b75a5af34e8063a5d43109b2d0e47ccf
7
- data.tar.gz: 25db85aa0014338a5cd1a13932543ef8fbe6df0106e19eed1702b141c3d4815ebd6127e51a8207398f46ffe579b9d2deb9a2b399ba01015b2a6e7685d0e3953a
6
+ metadata.gz: 744623d894aac98bc79523e84d9aab3c42a1ae59733bce8cb95e1c929685c1746b48dbed9c3fdad09f1c1207af6f66ce7c19c55aabb9352ea9624a3ed0d60303
7
+ data.tar.gz: 948276bb53c47074e9425cd2f1e9f3d9473b8521936b20d3fe3ab48b93858f5bd18eeb12ea45ea6cdb9da663bafb062d64f748974f1db83350b29410fea638fb
data/CHANGELOG.md CHANGED
@@ -1,5 +1,3 @@
1
- ## v1.1.2 (2018-12-20)
2
- * Adding `User.current_client_urn` to better support Pundit authorization
3
1
  ## v1.1.1 (2018-06-21)
4
2
 
5
3
  * Support rails 5.2 green field apps, including fixes for setting the default
data/README.md CHANGED
@@ -76,7 +76,7 @@ root to: 'home#index'
76
76
  ### Registering your OAuth application
77
77
 
78
78
  1. Visit the auth server admin console and login:
79
- * For development, visit https://auth-staging.g5devops.com/admin
79
+ * For development, visit https://dev-auth.g5search.com/admin
80
80
  * For production, visit https://auth.g5search.com/admin
81
81
  2. Click "New Application"
82
82
  3. Enter a name that recognizably identifies your application.
@@ -106,7 +106,7 @@ environment variables for your client application:
106
106
  * `G5_AUTH_CLIENT_SECRET` - the OAuth 2.0 application secret from the auth server
107
107
  * `G5_AUTH_REDIRECT_URI` - the OAuth 2.0 redirect URI registered with the auth server
108
108
  * `G5_AUTH_ENDPOINT` - the endpoint URL (without any path info) for the G5 auth server.
109
- Generally, this will be set to either `https://auth-staging.g5devops.com` or
109
+ Generally, this will be set to either `https://dev-auth.g5search.com` or
110
110
  `https://auth.g5search.com` (the default).
111
111
 
112
112
  If you need to make server-to-server API calls that are not associated with an
data/app/models/g5_authenticatable/user.rb CHANGED
@@ -9,7 +9,6 @@ module G5Authenticatable
9
9
 
10
10
  validates :email, presence: true, uniqueness: true
11
11
  validates_uniqueness_of :uid, scope: :provider
12
- attr_accessor :current_client_urn # helpful for authorizing in Pudit
13
12
 
14
13
  GLOBAL_ROLE = 'GLOBAL'
15
14
 
data/app/policies/g5_authenticatable/base_policy.rb CHANGED
@@ -71,16 +71,26 @@ module G5Authenticatable
71
71
  user.present? && user.has_role?(:super_admin)
72
72
  end
73
73
 
74
- def admin?
75
- user.present? && user.has_role?(:admin)
74
+ def check_for_role(role_name,global_scope=false)
75
+ if user.present?
76
+ query = user.roles.where(name: role_name)
77
+ query = query.where(resource_type: nil) if global_scope
78
+ return query.exists?
79
+ else
80
+ return false
81
+ end
82
+ end
83
+
84
+ def admin?(global_scope=false)
85
+ check_for_role(:admin,global_scope)
76
86
  end
77
87
 
78
- def editor?
79
- user.present? && user.has_role?(:editor)
88
+ def editor?(global_scope=false)
89
+ check_for_role(:editor,global_scope)
80
90
  end
81
91
 
82
- def viewer?
83
- user.present? && user.has_role?(:viewer)
92
+ def viewer?(global_scope=false)
93
+ check_for_role(:viewer,global_scope)
84
94
  end
85
95
 
86
96
  def has_global_role?
@@ -92,7 +102,7 @@ module G5Authenticatable
92
102
  end
93
103
 
94
104
  def global_role?
95
- super_admin? || admin? || editor? || viewer?
105
+ super_admin? || admin?(true) || editor?(true) || viewer?(true)
96
106
  end
97
107
  end
98
108
  end
data/lib/g5_authenticatable/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module G5Authenticatable
4
- VERSION = '1.1.2-1'
4
+ VERSION = '1.1.2.rc.1'
5
5
  end
data/spec/models/g5_authenticatable/user_spec.rb CHANGED
@@ -9,11 +9,6 @@ RSpec.describe G5Authenticatable::User do
9
9
 
10
10
  it { is_expected.to have_and_belong_to_many(:roles) }
11
11
 
12
- it 'has an current_client_urn attr_accessor' do
13
- subject.current_client_urn = 'foo'
14
- expect(subject.current_client_urn).to eq('foo')
15
- end
16
-
17
12
  it 'should expose the email' do
18
13
  expect(user.email).to eq(user_attributes[:email])
19
14
  end
@@ -73,30 +68,30 @@ RSpec.describe G5Authenticatable::User do
73
68
  full_name = [new_user_attributes[:first_name],
74
69
  new_user_attributes[:last_name]].join(' ')
75
70
  OmniAuth::AuthHash.new(
76
- 'uid' => new_user_attributes[:uid],
77
- 'provider' => new_user_attributes[:provider],
78
- 'info' => {
79
- 'email' => new_user_attributes[:email],
80
- 'name' => full_name,
81
- 'first_name' => new_user_attributes[:first_name],
82
- 'last_name' => new_user_attributes[:last_name],
83
- 'phone' => new_user_attributes[:phone_number]
84
- },
85
- 'credentials' => {
86
- 'token' => new_user_attributes[:g5_access_token],
87
- 'expires' => true,
88
- 'expires_at' => Time.now + 1000
89
- },
90
- 'extra' => {
91
- 'title' => new_user_attributes[:title],
92
- 'organization_name' => new_user_attributes[:organization_name],
93
- 'roles' => [
94
- { 'name' => new_role_attributes[:name],
95
- 'type' => 'GLOBAL',
96
- 'urn' => nil }
97
- ],
98
- 'raw_info' => {}
99
- }
71
+ 'uid' => new_user_attributes[:uid],
72
+ 'provider' => new_user_attributes[:provider],
73
+ 'info' => {
74
+ 'email' => new_user_attributes[:email],
75
+ 'name' => full_name,
76
+ 'first_name' => new_user_attributes[:first_name],
77
+ 'last_name' => new_user_attributes[:last_name],
78
+ 'phone' => new_user_attributes[:phone_number]
79
+ },
80
+ 'credentials' => {
81
+ 'token' => new_user_attributes[:g5_access_token],
82
+ 'expires' => true,
83
+ 'expires_at' => Time.now + 1000
84
+ },
85
+ 'extra' => {
86
+ 'title' => new_user_attributes[:title],
87
+ 'organization_name' => new_user_attributes[:organization_name],
88
+ 'roles' => [
89
+ { 'name' => new_role_attributes[:name],
90
+ 'type' => 'GLOBAL',
91
+ 'urn' => nil }
92
+ ],
93
+ 'raw_info' => {}
94
+ }
100
95
  )
101
96
  end
102
97
 
@@ -113,17 +108,17 @@ RSpec.describe G5Authenticatable::User do
113
108
 
114
109
  it 'has the correct provider' do
115
110
  expect(attributes_from_auth[:provider])
116
- .to eq(new_user_attributes[:provider])
111
+ .to eq(new_user_attributes[:provider])
117
112
  end
118
113
 
119
114
  it 'has the correct first_name' do
120
115
  expect(attributes_from_auth[:first_name])
121
- .to eq(new_user_attributes[:first_name])
116
+ .to eq(new_user_attributes[:first_name])
122
117
  end
123
118
 
124
119
  it 'has the correct last_name' do
125
120
  expect(attributes_from_auth[:last_name])
126
- .to eq(new_user_attributes[:last_name])
121
+ .to eq(new_user_attributes[:last_name])
127
122
  end
128
123
 
129
124
  it 'has the correct email' do
@@ -132,7 +127,7 @@ RSpec.describe G5Authenticatable::User do
132
127
 
133
128
  it 'has the correct phone_number' do
134
129
  expect(attributes_from_auth[:phone_number])
135
- .to eq(new_user_attributes[:phone_number])
130
+ .to eq(new_user_attributes[:phone_number])
136
131
  end
137
132
 
138
133
  it 'has the correct title' do
@@ -141,7 +136,7 @@ RSpec.describe G5Authenticatable::User do
141
136
 
142
137
  it 'has the correct organization_name' do
143
138
  expect(attributes_from_auth[:organization_name])
144
- .to eq(new_user_attributes[:organization_name])
139
+ .to eq(new_user_attributes[:organization_name])
145
140
  end
146
141
  end
147
142
 
@@ -155,29 +150,29 @@ RSpec.describe G5Authenticatable::User do
155
150
  full_name = [new_user_attributes[:first_name],
156
151
  new_user_attributes[:last_name]].join(' ')
157
152
  OmniAuth::AuthHash.new(
158
- 'provider' => new_user_attributes[:provider],
159
- 'info' => {
160
- 'email' => new_user_attributes[:email],
161
- 'name' => full_name,
162
- 'first_name' => new_user_attributes[:first_name],
163
- 'last_name' => new_user_attributes[:last_name],
164
- 'phone' => new_user_attributes[:phone_number]
165
- },
166
- 'credentials' => {
167
- 'token' => new_user_attributes[:g5_access_token],
168
- 'expires' => true,
169
- 'expires_at' => Time.now + 1000
170
- },
171
- 'extra' => {
172
- 'title' => new_user_attributes[:title],
173
- 'organization_name' => new_user_attributes[:organization_name],
174
- 'roles' => [
175
- { 'name' => new_role_attributes[:name],
176
- 'type' => 'GLOBAL',
177
- 'urn' => nil }
178
- ],
179
- 'raw_info' => {}
180
- }
153
+ 'provider' => new_user_attributes[:provider],
154
+ 'info' => {
155
+ 'email' => new_user_attributes[:email],
156
+ 'name' => full_name,
157
+ 'first_name' => new_user_attributes[:first_name],
158
+ 'last_name' => new_user_attributes[:last_name],
159
+ 'phone' => new_user_attributes[:phone_number]
160
+ },
161
+ 'credentials' => {
162
+ 'token' => new_user_attributes[:g5_access_token],
163
+ 'expires' => true,
164
+ 'expires_at' => Time.now + 1000
165
+ },
166
+ 'extra' => {
167
+ 'title' => new_user_attributes[:title],
168
+ 'organization_name' => new_user_attributes[:organization_name],
169
+ 'roles' => [
170
+ { 'name' => new_role_attributes[:name],
171
+ 'type' => 'GLOBAL',
172
+ 'urn' => nil }
173
+ ],
174
+ 'raw_info' => {}
175
+ }
181
176
  )
182
177
  end
183
178
 
@@ -242,7 +237,7 @@ RSpec.describe G5Authenticatable::User do
242
237
 
243
238
  it 'should set the organization_name from the session data' do
244
239
  expect(new_user.organization_name)
245
- .to eq(new_user_attributes[:organization_name])
240
+ .to eq(new_user_attributes[:organization_name])
246
241
  end
247
242
 
248
243
  it 'should assign the role from the session data' do
@@ -286,11 +281,11 @@ RSpec.describe G5Authenticatable::User do
286
281
 
287
282
  let(:user_attributes) do
288
283
  FactoryBot.attributes_for(:g5_authenticatable_user,
289
- first_name: nil,
290
- last_name: nil,
291
- phone_number: nil,
292
- title: nil,
293
- organization_name: nil)
284
+ first_name: nil,
285
+ last_name: nil,
286
+ phone_number: nil,
287
+ title: nil,
288
+ organization_name: nil)
294
289
  end
295
290
  let(:role_name) { :my_role }
296
291
 
@@ -301,27 +296,27 @@ RSpec.describe G5Authenticatable::User do
301
296
 
302
297
  let(:auth_data) do
303
298
  OmniAuth::AuthHash.new(
304
- 'provider' => user_attributes[:provider],
305
- 'uid' => user_attributes[:uid],
306
- 'info' => {
307
- 'email' => updated_attributes[:email],
308
- 'first_name' => updated_attributes[:first_name],
309
- 'last_name' => updated_attributes[:last_name],
310
- 'phone' => updated_attributes[:phone_number]
311
- },
312
- 'credentials' => {
313
- 'token' => updated_attributes[:g5_access_token],
314
- 'expires' => true,
315
- 'expires_at' => Time.now + 1000
316
- },
317
- 'extra' => {
318
- 'title' => updated_attributes[:title],
319
- 'organization_name' => updated_attributes[:organization_name],
320
- 'roles' => [
321
- { name: updated_role_name, type: 'GLOBAL', urn: nil }
322
- ],
323
- 'raw_info' => {}
324
- }
299
+ 'provider' => user_attributes[:provider],
300
+ 'uid' => user_attributes[:uid],
301
+ 'info' => {
302
+ 'email' => updated_attributes[:email],
303
+ 'first_name' => updated_attributes[:first_name],
304
+ 'last_name' => updated_attributes[:last_name],
305
+ 'phone' => updated_attributes[:phone_number]
306
+ },
307
+ 'credentials' => {
308
+ 'token' => updated_attributes[:g5_access_token],
309
+ 'expires' => true,
310
+ 'expires_at' => Time.now + 1000
311
+ },
312
+ 'extra' => {
313
+ 'title' => updated_attributes[:title],
314
+ 'organization_name' => updated_attributes[:organization_name],
315
+ 'roles' => [
316
+ { name: updated_role_name, type: 'GLOBAL', urn: nil }
317
+ ],
318
+ 'raw_info' => {}
319
+ }
325
320
  )
326
321
  end
327
322
 
@@ -333,7 +328,7 @@ RSpec.describe G5Authenticatable::User do
333
328
 
334
329
  it 'should update the access token' do
335
330
  expect { updated_user }.to change { user.reload.g5_access_token }
336
- .to(updated_attributes[:g5_access_token])
331
+ .to(updated_attributes[:g5_access_token])
337
332
  end
338
333
 
339
334
  it 'should return the updated user' do
@@ -372,15 +367,15 @@ RSpec.describe G5Authenticatable::User do
372
367
  context 'when user info has changed' do
373
368
  let(:updated_attributes) do
374
369
  {
375
- uid: user.uid,
376
- provider: user.provider,
377
- email: 'updated.email@test.host',
378
- g5_access_token: 'updatedtoken42',
379
- first_name: 'Updated First Name',
380
- last_name: 'Updated Last Name',
381
- phone_number: '555.555.5555 x123',
382
- title: 'Recently Promoted',
383
- organization_name: 'Updated Department'
370
+ uid: user.uid,
371
+ provider: user.provider,
372
+ email: 'updated.email@test.host',
373
+ g5_access_token: 'updatedtoken42',
374
+ first_name: 'Updated First Name',
375
+ last_name: 'Updated Last Name',
376
+ phone_number: '555.555.5555 x123',
377
+ title: 'Recently Promoted',
378
+ organization_name: 'Updated Department'
384
379
  }
385
380
  end
386
381
 
@@ -388,7 +383,7 @@ RSpec.describe G5Authenticatable::User do
388
383
 
389
384
  it 'should update the access token' do
390
385
  expect { updated_user }.to change { user.reload.g5_access_token }
391
- .to(updated_attributes[:g5_access_token])
386
+ .to(updated_attributes[:g5_access_token])
392
387
  end
393
388
 
394
389
  it 'should return the updated user' do
@@ -405,32 +400,32 @@ RSpec.describe G5Authenticatable::User do
405
400
 
406
401
  it 'should update the email' do
407
402
  expect { updated_user }.to change { user.reload.email }
408
- .to(updated_attributes[:email])
403
+ .to(updated_attributes[:email])
409
404
  end
410
405
 
411
406
  it 'should update the first name' do
412
407
  expect { updated_user }.to change { user.reload.first_name }
413
- .to(updated_attributes[:first_name])
408
+ .to(updated_attributes[:first_name])
414
409
  end
415
410
 
416
411
  it 'should update the last name' do
417
412
  expect { updated_user }.to change { user.reload.last_name }
418
- .to(updated_attributes[:last_name])
413
+ .to(updated_attributes[:last_name])
419
414
  end
420
415
 
421
416
  it 'should update the phone number' do
422
417
  expect { updated_user }.to change { user.reload.phone_number }
423
- .to(updated_attributes[:phone_number])
418
+ .to(updated_attributes[:phone_number])
424
419
  end
425
420
 
426
421
  it 'should update the title' do
427
422
  expect { updated_user }.to change { user.reload.title }
428
- .to(updated_attributes[:title])
423
+ .to(updated_attributes[:title])
429
424
  end
430
425
 
431
426
  it 'should update the organization_name' do
432
427
  expect { updated_user }.to change { user.reload.organization_name }
433
- .to(updated_attributes[:organization_name])
428
+ .to(updated_attributes[:organization_name])
434
429
  end
435
430
 
436
431
  it 'should unassign the old role' do
@@ -508,25 +503,25 @@ RSpec.describe G5Authenticatable::User do
508
503
 
509
504
  let(:auth_data) do
510
505
  OmniAuth::AuthHash.new(
511
- 'provider' => user_attributes[:provider],
512
- 'uid' => user_attributes[:uid],
513
- 'info' => {
514
- 'email' => user_attributes[:email],
515
- 'first_name' => user_attributes[:first_name],
516
- 'last_name' => user_attributes[:last_name],
517
- 'phone' => user_attributes[:phone_number]
518
- },
519
- 'credentials' => {
520
- 'token' => user_attributes[:g5_access_token],
521
- 'expires' => true,
522
- 'expires_at' => Time.now + 1000
523
- },
524
- 'extra' => {
525
- 'title' => user_attributes[:title],
526
- 'organization_name' => user_attributes[:organization_name],
527
- 'roles' => roles,
528
- 'raw_info' => {}
529
- }
506
+ 'provider' => user_attributes[:provider],
507
+ 'uid' => user_attributes[:uid],
508
+ 'info' => {
509
+ 'email' => user_attributes[:email],
510
+ 'first_name' => user_attributes[:first_name],
511
+ 'last_name' => user_attributes[:last_name],
512
+ 'phone' => user_attributes[:phone_number]
513
+ },
514
+ 'credentials' => {
515
+ 'token' => user_attributes[:g5_access_token],
516
+ 'expires' => true,
517
+ 'expires_at' => Time.now + 1000
518
+ },
519
+ 'extra' => {
520
+ 'title' => user_attributes[:title],
521
+ 'organization_name' => user_attributes[:organization_name],
522
+ 'roles' => roles,
523
+ 'raw_info' => {}
524
+ }
530
525
  )
531
526
  end
532
527
 
@@ -537,7 +532,7 @@ RSpec.describe G5Authenticatable::User do
537
532
 
538
533
  it 'will add a global role' do
539
534
  expect { user.update_roles_from_auth(auth_data) }
540
- .to change { user.roles.length }.from(0).to(1)
535
+ .to change { user.roles.length }.from(0).to(1)
541
536
  expect(user.roles.first.name).to eq('admin')
542
537
  expect(user.roles.first.resource).to be_nil
543
538
  end
@@ -550,7 +545,7 @@ RSpec.describe G5Authenticatable::User do
550
545
 
551
546
  it 'will add a scoped role' do
552
547
  expect { user.update_roles_from_auth(auth_data) }
553
- .to change { user.roles.length }.from(0).to(1)
548
+ .to change { user.roles.length }.from(0).to(1)
554
549
  expect(user.roles.first.name).to eq('viewer')
555
550
  expect(user.roles.first.resource_id).to eq(resource.id)
556
551
  expect(user.roles.first.resource_type).to eq(resource.class.name)
@@ -560,14 +555,14 @@ RSpec.describe G5Authenticatable::User do
560
555
  context 'with a more than 1 role' do
561
556
  let(:roles) do
562
557
  [
563
- { name: 'viewer', type: resource.class.name, urn: resource.urn },
564
- { name: 'admin', type: 'GLOBAL', urn: nil }
558
+ { name: 'viewer', type: resource.class.name, urn: resource.urn },
559
+ { name: 'admin', type: 'GLOBAL', urn: nil }
565
560
  ]
566
561
  end
567
562
 
568
563
  it 'will add a scoped role' do
569
564
  expect { user.update_roles_from_auth(auth_data) }
570
- .to change { user.roles.length }.from(0).to(2)
565
+ .to change { user.roles.length }.from(0).to(2)
571
566
  end
572
567
  end
573
568
 
@@ -580,7 +575,7 @@ RSpec.describe G5Authenticatable::User do
580
575
 
581
576
  it 'will add a scoped role' do
582
577
  expect { user.update_roles_from_auth(auth_data) }
583
- .to_not change { user.roles.length }
578
+ .to_not change { user.roles.length }
584
579
  end
585
580
  end
586
581
 
@@ -589,21 +584,21 @@ RSpec.describe G5Authenticatable::User do
589
584
 
590
585
  it 'will add a scoped role' do
591
586
  expect { user.update_roles_from_auth(auth_data) }
592
- .to_not change { user.roles.length }.from(0)
587
+ .to_not change { user.roles.length }.from(0)
593
588
  end
594
589
  end
595
590
 
596
591
  context 'with a bad role type' do
597
592
  let(:roles) do
598
593
  [
599
- { name: 'viewer', type: resource.class.name, urn: resource.urn },
600
- { name: 'viewer', type: 'BadResource', urn: resource.urn }
594
+ { name: 'viewer', type: resource.class.name, urn: resource.urn },
595
+ { name: 'viewer', type: 'BadResource', urn: resource.urn }
601
596
  ]
602
597
  end
603
598
 
604
599
  it 'will skip the bad role' do
605
600
  expect { user.update_roles_from_auth(auth_data) }
606
- .to change { user.roles.length }.from(0).to(1)
601
+ .to change { user.roles.length }.from(0).to(1)
607
602
  expect(user.roles.first.name).to eq('viewer')
608
603
  expect(user.roles.first.resource_id).to eq(resource.id)
609
604
  expect(user.roles.first.resource_type).to eq(resource.class.name)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: g5_authenticatable
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2.pre.1
4
+ version: 1.1.2.rc.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - maeve
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-12-20 00:00:00.000000000 Z
11
+ date: 2018-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise_g5_authenticatable