RubyGems - jwtauth - Versions diffs - 0.2.3 → 0.3.1 - Mend

jwtauth 0.2.3 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 133c62c21f3825c7cceedbad5395dae11cb4dcdc
-  data.tar.gz: 5e4cec0830accd1b2b93c730d998914a4cb8daae
+  metadata.gz: 001dd1412a0f2ff8431611490222199d76e1b366
+  data.tar.gz: 54182546254c2cbb51b20b6c65d0ce8a09f4cde1
 SHA512:
-  metadata.gz: e7b5c770cd442cdad5a0f1daba2b928bc0f53c19928cbd236ffa5ae2ae8349c6f327ff0f96fa835644caf5e1c8586d461a384744ad7add01cbf6c47506fef635
-  data.tar.gz: ad3a53e8b6de9daa8bcd8ee2d916a4c169bae14c0b3843507ec3d6c0e410c141615da1d027c53a8bf9d2b52f00a925c5c6c35e237458c115f76e6e0427154888
+  metadata.gz: e2f6e0cf4784ef59b4c4e98db8ee820ae9c0e326cd9bc83488c90bfb6b27ea5a0cc6be28b7a52f18caeb0faeda7af1009747e593df36ae577c04c7f9a14f1703
+  data.tar.gz: bc3ba8325a68ac19c3772bb325a7adfc0be4c7d78dbe65a9ba93cfbf71c821a1666158bc386439682501471f7bd96e922b7a19f10701d39d6d365fa310bd3522

data/lib/jwtauth.rb CHANGED Viewed

@@ -17,6 +17,14 @@ module Jwtauth
   # mattr_accessor :session_path
   @@session_path = nil
+  # Define current service contain entities
+  # mattr_accessor :service_name
+  @@service_name = nil
+  # Define namespace (String | Array) include +current service+ for service
+  # mattr_accessor :namespace
+  @@namespace = nil
   # Algorithm, JWT use to encode
   # mattr_accessor :algorithm
   @@algorithm = 'RS256'
@@ -57,6 +65,22 @@ module Jwtauth
     @@session_path = session_path
   end
+  def self.service_name
+    @@service_name
+  end
+  def self.service_name=(service_name)
+    @@service_name = service_name
+  end
+  def self.namespace
+    @@namespace
+  end
+  def self.namespace=(namespace)
+    @@namespace = namespace
+  end
   def self.algorithm
     @@algorithm
   end
@@ -116,7 +140,9 @@ module Jwtauth
         uri.query = CGI.unescape({
           'uid' => origin_request.headers['uid'],
           'client' => origin_request.headers['client'],
-          'access-token' => origin_request.headers['access-token'],}.to_query)
+          'access-token' => origin_request.headers['access-token'],
+          'namespace' => Jwtauth.namespace,
+        }.to_query)
         Net::HTTP.start(uri.host, uri.port,
           :use_ssl => uri.scheme == 'https') do |http|
@@ -165,7 +191,7 @@ module Jwtauth
     end
     # Handle for user not authorized
-    def user_not_authorized(exception)
+    def user_not_authenticated(exception)
       status = :forbidden
       case exception
@@ -185,7 +211,277 @@ module Jwtauth
       base.class_eval do
         attr_reader :current_user
-        rescue_from Jwtauth::AuthorizedError, with: :user_not_authorized
+        rescue_from Jwtauth::AuthorizedError, with: :user_not_authenticated
+      end
+    end
+    module ClassMethods
+    end
+  end
+  module Model
+    module ForeignKeys
+      COMPANY_ID = :company_id
+      DEPARTMENT_ID = :department_id
+      USER_ID = :user_id
+    end
+    def self.included(base)
+      base.extend ClassMethods
+      base.class_eval do
+      end
+    end
+    module ClassMethods
+      def new2nd params, current_user
+        _record = self.new(params)
+        _record[self::ForeignKeys::USER_ID] = current_user.id if _record[self::ForeignKeys::USER_ID].blank?
+        _record[self::ForeignKeys::DEPARTMENT_ID] = current_user.department_id if _record[self::ForeignKeys::DEPARTMENT_ID].blank?
+        _record[self::ForeignKeys::COMPANY_ID] = current_user.company_id if _record[self::ForeignKeys::COMPANY_ID].blank?
+        _record
+      end
+    end
+  end
+  # require include Pundit (gem <<pundit>>)
+  module Apiv01Controller
+    # Require define entity class name
+    def define_entity
+      send_json_error(['entity model is not defined'], :internal_server_error)
+    end
+    # Send error messages with status
+    def send_json_error(errors = [], status = :unprocessable_entity)
+      render json: errors, status: status
+    end
+    # Handle for user not authorized
+    def user_not_authorized(exception)
+      policy_name = exception.policy.class.to_s.underscore
+      error_message = I18n.t("#{policy_name}.#{exception.query}", scope: "pundit", default: :default)
+      if request.format.symbol == :json
+        send_json_error [error_message], :forbidden
+      else
+        render template: 'errors/401', locals: { message: error_message }
+      end
+    end
+    # GET /api/v02/entity_name(s)
+    def index
+      authorize @entity_model
+      @records = core_index_filter(policy_scope(@entity_model))
+      render json: { filters: filter_jsons, records: records_as_json(@records) }
+    end
+    # GET /api/v02/entity_names(s)/1
+    def show
+      authorize @record
+      render json: record_as_json(@record)
+    end
+    # POST /api/v02/entity_names(s)
+    def create
+      @record = @entity_model.new2nd(entity_params, current_user)
+      authorize @record
+      if @record.save
+        render json: record_as_json(@record), status: :created
+      else
+        render json: @record.errors.full_messages, status: :unprocessable_entity
+      end
+    end
+    # PATCH/PUT /api/v02/entity_names(s)/1
+    def update
+      authorize @record
+      @record.assign_attributes(entity_params)
+      authorize @record
+      if @record.save
+        render json: record_as_json(@record), status: :ok
+      else
+        render json: @record.errors.full_messages, status: :unprocessable_entity
+      end
+    end
+    # DELETE /api/v02/entity_names(s)/1
+    def destroy
+      authorize @record
+      @record.destroy
+    end
+    protected
+      # Use callbacks to share common setup or constraints between actions.
+      def set_entity
+        @record = @entity_model.find(params[:id])
+      end
+      # Only allow a trusted parameter "white list" through.
+      def entity_params
+        params.require(:record).permit(:created_at)
+      end
+      # Strong parameters for default search query
+      def search_params
+        params.permit(:id)
+      end
+      # Strong parameters for default advanced search query
+      def advanced_search_params
+        params.permit(:created_at)
+      end
+    def self.included(base)
+      base.extend ClassMethods
+      base.class_eval do
+        # Define entity model before action
+        before_action :authorize_user!
+        before_action :define_entity
+        before_action :set_entity, only: [:show, :update, :destroy]
+        rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+        attr_reader :entity_model
+      end
+    end
+    module ClassMethods
+    end
+  end
+  # require use Pundit (gem <<pundit>>)
+  module Policy
+    # Reference from authservice/models/role.rb
+    module Privileges
+      CREATE = 'create'.freeze
+      READ = 'read'.freeze
+      UPDATE = 'update'.freeze
+      DELETE = 'delete'.freeze
+    end
+    # Reference from authservice/models/role.rb
+    module LevelsOfAccess
+      NONE = 'none'.freeze
+      USER = 'user'.freeze
+      BUSINESS_UNIT = 'bu'.freeze
+      FAMILY_BU_TREE = 'fbu'.freeze
+      ORGANIZATION = 'org'.freeze
+    end
+    attr_reader :user, :record
+    def initialize(user, record)
+      @user = user
+      @record = record
+    end
+    def index?
+      get_level_of_access(Privileges::READ) != LevelsOfAccess::NONE
+    end
+    def show?
+      record_action?(get_level_of_access(Privileges::READ))
+    end
+    def create?
+      record_action?(get_level_of_access(Privileges::CREATE))
+    end
+    def new?
+      create?
+    end
+    def update?
+      record_action?(get_level_of_access(Privileges::UPDATE))
+    end
+    def edit?
+      update?
+    end
+    def destroy?
+      record_action?(get_level_of_access(Privileges::DELETE))
+    end
+    def scope
+      Pundit.policy_scope!(user, record.class)
+    end
+    def _entity_class
+      @record.is_a?(Class) ? @record.name.underscore : @record.class.name.underscore
+    end
+    protected
+      def get_level_of_access(method_name, service_name = Jwtauth.service_name)
+        level_of_access = nil
+        if @user.role_permissions.is_a?(Hash)
+          level_of_access = @user.role_permissions.dig(service_name, _entity_class, method_name)
+        end
+        level_of_access ? level_of_access : LevelsOfAccess::NONE
+      end
+      def record_action?(level_of_access)
+        case level_of_access
+        when LevelsOfAccess::USER
+          @user.id == @record[@record.class::ForeignKeys::USER_ID]
+        when LevelsOfAccess::BUSINESS_UNIT
+          @user.departments[LevelsOfAccess::BUSINESS_UNIT].include?(@record[@record.class::ForeignKeys::USER_ID])
+        when LevelsOfAccess::FAMILY_BU_TREE
+          @user.departments[LevelsOfAccess::FAMILY_BU_TREE].include?(@record[@record.class::ForeignKeys::DEPARTMENT_ID])
+        when LevelsOfAccess::ORGANIZATION
+          @user.company_id == @record[@record.class::ForeignKeys::COMPANY_ID]
+        else
+          false
+        end
+      end
+    class Scope
+      attr_reader :user, :scope
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+      def resolve
+        case get_level_of_access(Privileges::READ)
+        when LevelsOfAccess::BUSINESS_UNIT
+          scope.where(scope::ForeignKeys::DEPARTMENT_ID => @user.departments[LevelsOfAccess::BUSINESS_UNIT])
+        when LevelsOfAccess::FAMILY_BU_TREE
+          scope.where(scope::ForeignKeys::DEPARTMENT_ID => @user.departments[LevelsOfAccess::FAMILY_BU_TREE])
+        when LevelsOfAccess::ORGANIZATION
+          scope.where(scope::ForeignKeys::COMPANY_ID => @user.company_id)
+        else
+          scope.where(scope::ForeignKeys::USER_ID => @user.id)
+        end
+      end
+      protected
+        # Reference from Policy.instance.get_level_of_access
+        def get_level_of_access(method_name, service_name = Jwtauth.service_name)
+          level_of_access = nil
+          if @user.role_permissions.is_a?(Hash)
+            level_of_access = @user.role_permissions.dig(service_name, scope.name.downcase, method_name)
+          end
+          level_of_access ? level_of_access : LevelsOfAccess::NONE
+        end
+    end
+    def self.included(base)
+      base.extend ClassMethods
+      base.class_eval do
       end
     end

data/lib/jwtauth/user.rb CHANGED Viewed

@@ -1,11 +1,16 @@
 module Jwtauth
   class User
-    attr_reader :id, :uid, :role
+    attr_reader :id, :uid, :role, :department_id, :company_id
+    attr_reader :role_permissions, :departments
     def initialize attrs
       @id = attrs['id']
       @uid = attrs['uid']
       @role = attrs['role']
+      @department_id = attrs['department_id']
+      @company_id = attrs['company_id']
+      @role_permissions = attrs['role_permissions']
+      @departments = attrs['departments']
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: jwtauth
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.1
 platform: ruby
 authors:
 - Dieu Pham