g5_authenticatable 1.1.2.pre.1 → 1.1.2.rc.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +0 -2
  3. data/README.md +2 -2
  4. data/app/models/g5_authenticatable/user.rb +0 -1
  5. data/app/policies/g5_authenticatable/base_policy.rb +17 -7
  6. data/lib/g5_authenticatable/version.rb +1 -1
  7. data/spec/models/g5_authenticatable/user_spec.rb +125 -130
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '081f7ecf2032384e90e2496d589a4b1f4ec09136d05acec75ac2e05b747e336d'
4
- data.tar.gz: db926d3359f6e8fa3eb2e88d6bf48ad519743721da0928db845b89fcdcb19ee0
3
+ metadata.gz: c2cb34d3b28574111f10bb4db862b8b54276bd825763a7540294d353906e81e8
4
+ data.tar.gz: fa649cec65a016088cf63073e3503b546a7daeb19d0de5d5393a49480070e1a3
5
5
  SHA512:
6
- metadata.gz: a3db25d8018a283bda4d8d3aa34c2ab34dc3ec9b60065cdd86c0e87e4fb5cf155108d60c96711e097749c8f47d163383b75a5af34e8063a5d43109b2d0e47ccf
7
- data.tar.gz: 25db85aa0014338a5cd1a13932543ef8fbe6df0106e19eed1702b141c3d4815ebd6127e51a8207398f46ffe579b9d2deb9a2b399ba01015b2a6e7685d0e3953a
6
+ metadata.gz: 744623d894aac98bc79523e84d9aab3c42a1ae59733bce8cb95e1c929685c1746b48dbed9c3fdad09f1c1207af6f66ce7c19c55aabb9352ea9624a3ed0d60303
7
+ data.tar.gz: 948276bb53c47074e9425cd2f1e9f3d9473b8521936b20d3fe3ab48b93858f5bd18eeb12ea45ea6cdb9da663bafb062d64f748974f1db83350b29410fea638fb
data/CHANGELOG.md CHANGED
@@ -1,5 +1,3 @@
1
- ## v1.1.2 (2018-12-20)
2
- * Adding `User.current_client_urn` to better support Pundit authorization
3
1
  ## v1.1.1 (2018-06-21)
4
2
 
5
3
  * Support rails 5.2 green field apps, including fixes for setting the default
data/README.md CHANGED
@@ -76,7 +76,7 @@ root to: 'home#index'
76
76
  ### Registering your OAuth application
77
77
 
78
78
  1. Visit the auth server admin console and login:
79
- * For development, visit https://auth-staging.g5devops.com/admin
79
+ * For development, visit https://dev-auth.g5search.com/admin
80
80
  * For production, visit https://auth.g5search.com/admin
81
81
  2. Click "New Application"
82
82
  3. Enter a name that recognizably identifies your application.
@@ -106,7 +106,7 @@ environment variables for your client application:
106
106
  * `G5_AUTH_CLIENT_SECRET` - the OAuth 2.0 application secret from the auth server
107
107
  * `G5_AUTH_REDIRECT_URI` - the OAuth 2.0 redirect URI registered with the auth server
108
108
  * `G5_AUTH_ENDPOINT` - the endpoint URL (without any path info) for the G5 auth server.
109
- Generally, this will be set to either `https://auth-staging.g5devops.com` or
109
+ Generally, this will be set to either `https://dev-auth.g5search.com` or
110
110
  `https://auth.g5search.com` (the default).
111
111
 
112
112
  If you need to make server-to-server API calls that are not associated with an
data/app/models/g5_authenticatable/user.rb CHANGED
@@ -9,7 +9,6 @@ module G5Authenticatable
9
9
 
10
10
  validates :email, presence: true, uniqueness: true
11
11
  validates_uniqueness_of :uid, scope: :provider
12
- attr_accessor :current_client_urn # helpful for authorizing in Pudit
13
12
 
14
13
  GLOBAL_ROLE = 'GLOBAL'
15
14
 
data/app/policies/g5_authenticatable/base_policy.rb CHANGED
@@ -71,16 +71,26 @@ module G5Authenticatable
71
71
  user.present? && user.has_role?(:super_admin)
72
72
  end
73
73
 
74
- def admin?
75
- user.present? && user.has_role?(:admin)
74
+ def check_for_role(role_name,global_scope=false)
75
+ if user.present?
76
+ query = user.roles.where(name: role_name)
77
+ query = query.where(resource_type: nil) if global_scope
78
+ return query.exists?
79
+ else
80
+ return false
81
+ end
82
+ end
83
+
84
+ def admin?(global_scope=false)
85
+ check_for_role(:admin,global_scope)
76
86
  end
77
87
 
78
- def editor?
79
- user.present? && user.has_role?(:editor)
88
+ def editor?(global_scope=false)
89
+ check_for_role(:editor,global_scope)
80
90
  end
81
91
 
82
- def viewer?
83
- user.present? && user.has_role?(:viewer)
92
+ def viewer?(global_scope=false)
93
+ check_for_role(:viewer,global_scope)
84
94
  end
85
95
 
86
96
  def has_global_role?
@@ -92,7 +102,7 @@ module G5Authenticatable
92
102
  end
93
103
 
94
104
  def global_role?
95
- super_admin? || admin? || editor? || viewer?
105
+ super_admin? || admin?(true) || editor?(true) || viewer?(true)
96
106
  end
97
107
  end
98
108
  end
data/lib/g5_authenticatable/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module G5Authenticatable
4
- VERSION = '1.1.2-1'
4
+ VERSION = '1.1.2.rc.1'
5
5
  end
data/spec/models/g5_authenticatable/user_spec.rb CHANGED
@@ -9,11 +9,6 @@ RSpec.describe G5Authenticatable::User do
9
9
 
10
10
  it { is_expected.to have_and_belong_to_many(:roles) }
11
11
 
12
- it 'has an current_client_urn attr_accessor' do
13
- subject.current_client_urn = 'foo'
14
- expect(subject.current_client_urn).to eq('foo')
15
- end
16
-
17
12
  it 'should expose the email' do
18
13
  expect(user.email).to eq(user_attributes[:email])
19
14
  end
@@ -73,30 +68,30 @@ RSpec.describe G5Authenticatable::User do
73
68
  full_name = [new_user_attributes[:first_name],
74
69
  new_user_attributes[:last_name]].join(' ')
75
70
  OmniAuth::AuthHash.new(
76
- 'uid' => new_user_attributes[:uid],
77
- 'provider' => new_user_attributes[:provider],
78
- 'info' => {
79
- 'email' => new_user_attributes[:email],
80
- 'name' => full_name,
81
- 'first_name' => new_user_attributes[:first_name],
82
- 'last_name' => new_user_attributes[:last_name],
83
- 'phone' => new_user_attributes[:phone_number]
84
- },
85
- 'credentials' => {
86
- 'token' => new_user_attributes[:g5_access_token],
87
- 'expires' => true,
88
- 'expires_at' => Time.now + 1000
89
- },
90
- 'extra' => {
91
- 'title' => new_user_attributes[:title],
92
- 'organization_name' => new_user_attributes[:organization_name],
93
- 'roles' => [
94
- { 'name' => new_role_attributes[:name],
95
- 'type' => 'GLOBAL',
96
- 'urn' => nil }
97
- ],
98
- 'raw_info' => {}
99
- }
71
+ 'uid' => new_user_attributes[:uid],
72
+ 'provider' => new_user_attributes[:provider],
73
+ 'info' => {
74
+ 'email' => new_user_attributes[:email],
75
+ 'name' => full_name,
76
+ 'first_name' => new_user_attributes[:first_name],
77
+ 'last_name' => new_user_attributes[:last_name],
78
+ 'phone' => new_user_attributes[:phone_number]
79
+ },
80
+ 'credentials' => {
81
+ 'token' => new_user_attributes[:g5_access_token],
82
+ 'expires' => true,
83
+ 'expires_at' => Time.now + 1000
84
+ },
85
+ 'extra' => {
86
+ 'title' => new_user_attributes[:title],
87
+ 'organization_name' => new_user_attributes[:organization_name],
88
+ 'roles' => [
89
+ { 'name' => new_role_attributes[:name],
90
+ 'type' => 'GLOBAL',
91
+ 'urn' => nil }
92
+ ],
93
+ 'raw_info' => {}
94
+ }
100
95
  )
101
96
  end
102
97
 
@@ -113,17 +108,17 @@ RSpec.describe G5Authenticatable::User do
113
108
 
114
109
  it 'has the correct provider' do
115
110
  expect(attributes_from_auth[:provider])
116
- .to eq(new_user_attributes[:provider])
111
+ .to eq(new_user_attributes[:provider])
117
112
  end
118
113
 
119
114
  it 'has the correct first_name' do
120
115
  expect(attributes_from_auth[:first_name])
121
- .to eq(new_user_attributes[:first_name])
116
+ .to eq(new_user_attributes[:first_name])
122
117
  end
123
118
 
124
119
  it 'has the correct last_name' do
125
120
  expect(attributes_from_auth[:last_name])
126
- .to eq(new_user_attributes[:last_name])
121
+ .to eq(new_user_attributes[:last_name])
127
122
  end
128
123
 
129
124
  it 'has the correct email' do
@@ -132,7 +127,7 @@ RSpec.describe G5Authenticatable::User do
132
127
 
133
128
  it 'has the correct phone_number' do
134
129
  expect(attributes_from_auth[:phone_number])
135
- .to eq(new_user_attributes[:phone_number])
130
+ .to eq(new_user_attributes[:phone_number])
136
131
  end
137
132
 
138
133
  it 'has the correct title' do
@@ -141,7 +136,7 @@ RSpec.describe G5Authenticatable::User do
141
136
 
142
137
  it 'has the correct organization_name' do
143
138
  expect(attributes_from_auth[:organization_name])
144
- .to eq(new_user_attributes[:organization_name])
139
+ .to eq(new_user_attributes[:organization_name])
145
140
  end
146
141
  end
147
142
 
@@ -155,29 +150,29 @@ RSpec.describe G5Authenticatable::User do
155
150
  full_name = [new_user_attributes[:first_name],
156
151
  new_user_attributes[:last_name]].join(' ')
157
152
  OmniAuth::AuthHash.new(
158
- 'provider' => new_user_attributes[:provider],
159
- 'info' => {
160
- 'email' => new_user_attributes[:email],
161
- 'name' => full_name,
162
- 'first_name' => new_user_attributes[:first_name],
163
- 'last_name' => new_user_attributes[:last_name],
164
- 'phone' => new_user_attributes[:phone_number]
165
- },
166
- 'credentials' => {
167
- 'token' => new_user_attributes[:g5_access_token],
168
- 'expires' => true,
169
- 'expires_at' => Time.now + 1000
170
- },
171
- 'extra' => {
172
- 'title' => new_user_attributes[:title],
173
- 'organization_name' => new_user_attributes[:organization_name],
174
- 'roles' => [
175
- { 'name' => new_role_attributes[:name],
176
- 'type' => 'GLOBAL',
177
- 'urn' => nil }
178
- ],
179
- 'raw_info' => {}
180
- }
153
+ 'provider' => new_user_attributes[:provider],
154
+ 'info' => {
155
+ 'email' => new_user_attributes[:email],
156
+ 'name' => full_name,
157
+ 'first_name' => new_user_attributes[:first_name],
158
+ 'last_name' => new_user_attributes[:last_name],
159
+ 'phone' => new_user_attributes[:phone_number]
160
+ },
161
+ 'credentials' => {
162
+ 'token' => new_user_attributes[:g5_access_token],
163
+ 'expires' => true,
164
+ 'expires_at' => Time.now + 1000
165
+ },
166
+ 'extra' => {
167
+ 'title' => new_user_attributes[:title],
168
+ 'organization_name' => new_user_attributes[:organization_name],
169
+ 'roles' => [
170
+ { 'name' => new_role_attributes[:name],
171
+ 'type' => 'GLOBAL',
172
+ 'urn' => nil }
173
+ ],
174
+ 'raw_info' => {}
175
+ }
181
176
  )
182
177
  end
183
178
 
@@ -242,7 +237,7 @@ RSpec.describe G5Authenticatable::User do
242
237
 
243
238
  it 'should set the organization_name from the session data' do
244
239
  expect(new_user.organization_name)
245
- .to eq(new_user_attributes[:organization_name])
240
+ .to eq(new_user_attributes[:organization_name])
246
241
  end
247
242
 
248
243
  it 'should assign the role from the session data' do
@@ -286,11 +281,11 @@ RSpec.describe G5Authenticatable::User do
286
281
 
287
282
  let(:user_attributes) do
288
283
  FactoryBot.attributes_for(:g5_authenticatable_user,
289
- first_name: nil,
290
- last_name: nil,
291
- phone_number: nil,
292
- title: nil,
293
- organization_name: nil)
284
+ first_name: nil,
285
+ last_name: nil,
286
+ phone_number: nil,
287
+ title: nil,
288
+ organization_name: nil)
294
289
  end
295
290
  let(:role_name) { :my_role }
296
291
 
@@ -301,27 +296,27 @@ RSpec.describe G5Authenticatable::User do
301
296
 
302
297
  let(:auth_data) do
303
298
  OmniAuth::AuthHash.new(
304
- 'provider' => user_attributes[:provider],
305
- 'uid' => user_attributes[:uid],
306
- 'info' => {
307
- 'email' => updated_attributes[:email],
308
- 'first_name' => updated_attributes[:first_name],
309
- 'last_name' => updated_attributes[:last_name],
310
- 'phone' => updated_attributes[:phone_number]
311
- },
312
- 'credentials' => {
313
- 'token' => updated_attributes[:g5_access_token],
314
- 'expires' => true,
315
- 'expires_at' => Time.now + 1000
316
- },
317
- 'extra' => {
318
- 'title' => updated_attributes[:title],
319
- 'organization_name' => updated_attributes[:organization_name],
320
- 'roles' => [
321
- { name: updated_role_name, type: 'GLOBAL', urn: nil }
322
- ],
323
- 'raw_info' => {}
324
- }
299
+ 'provider' => user_attributes[:provider],
300
+ 'uid' => user_attributes[:uid],
301
+ 'info' => {
302
+ 'email' => updated_attributes[:email],
303
+ 'first_name' => updated_attributes[:first_name],
304
+ 'last_name' => updated_attributes[:last_name],
305
+ 'phone' => updated_attributes[:phone_number]
306
+ },
307
+ 'credentials' => {
308
+ 'token' => updated_attributes[:g5_access_token],
309
+ 'expires' => true,
310
+ 'expires_at' => Time.now + 1000
311
+ },
312
+ 'extra' => {
313
+ 'title' => updated_attributes[:title],
314
+ 'organization_name' => updated_attributes[:organization_name],
315
+ 'roles' => [
316
+ { name: updated_role_name, type: 'GLOBAL', urn: nil }
317
+ ],
318
+ 'raw_info' => {}
319
+ }
325
320
  )
326
321
  end
327
322
 
@@ -333,7 +328,7 @@ RSpec.describe G5Authenticatable::User do
333
328
 
334
329
  it 'should update the access token' do
335
330
  expect { updated_user }.to change { user.reload.g5_access_token }
336
- .to(updated_attributes[:g5_access_token])
331
+ .to(updated_attributes[:g5_access_token])
337
332
  end
338
333
 
339
334
  it 'should return the updated user' do
@@ -372,15 +367,15 @@ RSpec.describe G5Authenticatable::User do
372
367
  context 'when user info has changed' do
373
368
  let(:updated_attributes) do
374
369
  {
375
- uid: user.uid,
376
- provider: user.provider,
377
- email: 'updated.email@test.host',
378
- g5_access_token: 'updatedtoken42',
379
- first_name: 'Updated First Name',
380
- last_name: 'Updated Last Name',
381
- phone_number: '555.555.5555 x123',
382
- title: 'Recently Promoted',
383
- organization_name: 'Updated Department'
370
+ uid: user.uid,
371
+ provider: user.provider,
372
+ email: 'updated.email@test.host',
373
+ g5_access_token: 'updatedtoken42',
374
+ first_name: 'Updated First Name',
375
+ last_name: 'Updated Last Name',
376
+ phone_number: '555.555.5555 x123',
377
+ title: 'Recently Promoted',
378
+ organization_name: 'Updated Department'
384
379
  }
385
380
  end
386
381
 
@@ -388,7 +383,7 @@ RSpec.describe G5Authenticatable::User do
388
383
 
389
384
  it 'should update the access token' do
390
385
  expect { updated_user }.to change { user.reload.g5_access_token }
391
- .to(updated_attributes[:g5_access_token])
386
+ .to(updated_attributes[:g5_access_token])
392
387
  end
393
388
 
394
389
  it 'should return the updated user' do
@@ -405,32 +400,32 @@ RSpec.describe G5Authenticatable::User do
405
400
 
406
401
  it 'should update the email' do
407
402
  expect { updated_user }.to change { user.reload.email }
408
- .to(updated_attributes[:email])
403
+ .to(updated_attributes[:email])
409
404
  end
410
405
 
411
406
  it 'should update the first name' do
412
407
  expect { updated_user }.to change { user.reload.first_name }
413
- .to(updated_attributes[:first_name])
408
+ .to(updated_attributes[:first_name])
414
409
  end
415
410
 
416
411
  it 'should update the last name' do
417
412
  expect { updated_user }.to change { user.reload.last_name }
418
- .to(updated_attributes[:last_name])
413
+ .to(updated_attributes[:last_name])
419
414
  end
420
415
 
421
416
  it 'should update the phone number' do
422
417
  expect { updated_user }.to change { user.reload.phone_number }
423
- .to(updated_attributes[:phone_number])
418
+ .to(updated_attributes[:phone_number])
424
419
  end
425
420
 
426
421
  it 'should update the title' do
427
422
  expect { updated_user }.to change { user.reload.title }
428
- .to(updated_attributes[:title])
423
+ .to(updated_attributes[:title])
429
424
  end
430
425
 
431
426
  it 'should update the organization_name' do
432
427
  expect { updated_user }.to change { user.reload.organization_name }
433
- .to(updated_attributes[:organization_name])
428
+ .to(updated_attributes[:organization_name])
434
429
  end
435
430
 
436
431
  it 'should unassign the old role' do
@@ -508,25 +503,25 @@ RSpec.describe G5Authenticatable::User do
508
503
 
509
504
  let(:auth_data) do
510
505
  OmniAuth::AuthHash.new(
511
- 'provider' => user_attributes[:provider],
512
- 'uid' => user_attributes[:uid],
513
- 'info' => {
514
- 'email' => user_attributes[:email],
515
- 'first_name' => user_attributes[:first_name],
516
- 'last_name' => user_attributes[:last_name],
517
- 'phone' => user_attributes[:phone_number]
518
- },
519
- 'credentials' => {
520
- 'token' => user_attributes[:g5_access_token],
521
- 'expires' => true,
522
- 'expires_at' => Time.now + 1000
523
- },
524
- 'extra' => {
525
- 'title' => user_attributes[:title],
526
- 'organization_name' => user_attributes[:organization_name],
527
- 'roles' => roles,
528
- 'raw_info' => {}
529
- }
506
+ 'provider' => user_attributes[:provider],
507
+ 'uid' => user_attributes[:uid],
508
+ 'info' => {
509
+ 'email' => user_attributes[:email],
510
+ 'first_name' => user_attributes[:first_name],
511
+ 'last_name' => user_attributes[:last_name],
512
+ 'phone' => user_attributes[:phone_number]
513
+ },
514
+ 'credentials' => {
515
+ 'token' => user_attributes[:g5_access_token],
516
+ 'expires' => true,
517
+ 'expires_at' => Time.now + 1000
518
+ },
519
+ 'extra' => {
520
+ 'title' => user_attributes[:title],
521
+ 'organization_name' => user_attributes[:organization_name],
522
+ 'roles' => roles,
523
+ 'raw_info' => {}
524
+ }
530
525
  )
531
526
  end
532
527
 
@@ -537,7 +532,7 @@ RSpec.describe G5Authenticatable::User do
537
532
 
538
533
  it 'will add a global role' do
539
534
  expect { user.update_roles_from_auth(auth_data) }
540
- .to change { user.roles.length }.from(0).to(1)
535
+ .to change { user.roles.length }.from(0).to(1)
541
536
  expect(user.roles.first.name).to eq('admin')
542
537
  expect(user.roles.first.resource).to be_nil
543
538
  end
@@ -550,7 +545,7 @@ RSpec.describe G5Authenticatable::User do
550
545
 
551
546
  it 'will add a scoped role' do
552
547
  expect { user.update_roles_from_auth(auth_data) }
553
- .to change { user.roles.length }.from(0).to(1)
548
+ .to change { user.roles.length }.from(0).to(1)
554
549
  expect(user.roles.first.name).to eq('viewer')
555
550
  expect(user.roles.first.resource_id).to eq(resource.id)
556
551
  expect(user.roles.first.resource_type).to eq(resource.class.name)
@@ -560,14 +555,14 @@ RSpec.describe G5Authenticatable::User do
560
555
  context 'with a more than 1 role' do
561
556
  let(:roles) do
562
557
  [
563
- { name: 'viewer', type: resource.class.name, urn: resource.urn },
564
- { name: 'admin', type: 'GLOBAL', urn: nil }
558
+ { name: 'viewer', type: resource.class.name, urn: resource.urn },
559
+ { name: 'admin', type: 'GLOBAL', urn: nil }
565
560
  ]
566
561
  end
567
562
 
568
563
  it 'will add a scoped role' do
569
564
  expect { user.update_roles_from_auth(auth_data) }
570
- .to change { user.roles.length }.from(0).to(2)
565
+ .to change { user.roles.length }.from(0).to(2)
571
566
  end
572
567
  end
573
568
 
@@ -580,7 +575,7 @@ RSpec.describe G5Authenticatable::User do
580
575
 
581
576
  it 'will add a scoped role' do
582
577
  expect { user.update_roles_from_auth(auth_data) }
583
- .to_not change { user.roles.length }
578
+ .to_not change { user.roles.length }
584
579
  end
585
580
  end
586
581
 
@@ -589,21 +584,21 @@ RSpec.describe G5Authenticatable::User do
589
584
 
590
585
  it 'will add a scoped role' do
591
586
  expect { user.update_roles_from_auth(auth_data) }
592
- .to_not change { user.roles.length }.from(0)
587
+ .to_not change { user.roles.length }.from(0)
593
588
  end
594
589
  end
595
590
 
596
591
  context 'with a bad role type' do
597
592
  let(:roles) do
598
593
  [
599
- { name: 'viewer', type: resource.class.name, urn: resource.urn },
600
- { name: 'viewer', type: 'BadResource', urn: resource.urn }
594
+ { name: 'viewer', type: resource.class.name, urn: resource.urn },
595
+ { name: 'viewer', type: 'BadResource', urn: resource.urn }
601
596
  ]
602
597
  end
603
598
 
604
599
  it 'will skip the bad role' do
605
600
  expect { user.update_roles_from_auth(auth_data) }
606
- .to change { user.roles.length }.from(0).to(1)
601
+ .to change { user.roles.length }.from(0).to(1)
607
602
  expect(user.roles.first.name).to eq('viewer')
608
603
  expect(user.roles.first.resource_id).to eq(resource.id)
609
604
  expect(user.roles.first.resource_type).to eq(resource.class.name)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: g5_authenticatable
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2.pre.1
4
+ version: 1.1.2.rc.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - maeve
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-12-20 00:00:00.000000000 Z
11
+ date: 2018-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: devise_g5_authenticatable