mumuki-bibliotheca 7.0.0 → 7.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a62a41ccc466635f65a59f922897532792a11eb2211398ae421380da55a833d
-  data.tar.gz: f6a09743749b10ff195df298ad6f49a7b959234325bcea012a4caa97e174d06a
+  metadata.gz: e35d3a87a2d214fdf4e8fed498cbc1db596483a12f268aed2d2efc3c57818de3
+  data.tar.gz: baed6fc210b41f298f3bbb1caaed7f2cf5713ae5b247b059a9a388674e059353
 SHA512:
-  metadata.gz: d6ffc3539d2b88703b6bc4c87677306ef70a8431b22f7e24b51c57f186ec10bb9010c551bfe18861554824bea48cad0ae4a38993ae955b4b0c62b17307c52aca
-  data.tar.gz: a954340293fcc9f01ac5f1423adb2b9af46691a347eec0dc075a1e0ec41ff2b252cadd377195d0216723f1b62ed3bdfe52230e1ec270c7c8c64e778924348b09
+  metadata.gz: 730a390c254515e9cfa6ded72ac16115636a4a801f19f350e7bf3bfd9f251acca827a32ff55f9ba8c3c1069d116f1060bae205a29edfc7fa7474e2933dd35e50
+  data.tar.gz: 429d7d7b7f631a3097db22a961ad45e73a1fb611800db2283f738ed8a218a6665f765a91af982f35e36e1eadec1e938efcca02512c10b75952f3eeb54c75b6d3

data/lib/mumuki/bibliotheca/sinatra.rb

@@ -94,6 +94,10 @@ HTML
     halt 400
   end
 
+  error Mumuki::Domain::ForbiddenError do
+    halt 403
+  end
+
   options '*' do
     response.headers['Allow'] = settings.allow_methods.map { |it| it.to_s.upcase }.join(',')
     response.headers['Access-Control-Allow-Headers'] = 'X-Mumuki-Auth-Token, X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept, Authorization'
@@ -165,7 +169,7 @@ HTML
     end
 
     def permissions
-      current_user.permissions
+      current_user&.permissions
     end
 
     def organizations_for(item)
@@ -174,6 +178,10 @@ HTML
         .accessible_as(current_user, :student)
         .map { |it| it.as_json(only: [:name]) }
     end
+
+    def validate_accessible!(subject)
+      authorize! :writer if subject.private?
+    end
   end
 
   post '/markdown' do

data/lib/mumuki/bibliotheca/sinatra/books.rb

@@ -10,7 +10,7 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
   end
 
   get '/books' do
-    list_books Book.all
+    list_books Book.visible(permissions)
   end
 
   get '/books/writable' do
@@ -18,10 +18,12 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
   end
 
   get '/books/:organization/:repository' do
+    validate_accessible! book
     book.to_resource_h
   end
 
   get '/books/:organization/:repository/organizations' do
+    validate_accessible! book
     organizations_for book
   end
 

data/lib/mumuki/bibliotheca/sinatra/guides.rb

@@ -14,11 +14,11 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
   end
 
   get '/guides' do
-    list_guides Guide.visible(current_user&.permissions)
+    list_guides Guide.visible(permissions)
   end
 
   get '/guides/writable' do
-    list_guides Guide.allowed(current_user&.permissions)
+    list_guides Guide.allowed(permissions)
   end
 
   delete '/guides/:organization/:repository' do
@@ -26,14 +26,17 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
   end
 
   get '/guides/:organization/:repository/markdown' do
+    validate_accessible! guide
     slice_guide_resource_h_for_api guide.to_markdownified_resource_h
   end
 
   get '/guides/:organization/:repository' do
+    validate_accessible! guide
     slice_guide_resource_h_for_api guide.to_resource_h
   end
 
   get '/guides/:organization/:repository/organizations' do
+    validate_accessible! guide
     organizations_for guide
   end
 
@@ -50,6 +53,7 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
   end
 
   post '/guides/:organization/:repository/assets' do
+    authorize! :writer
     Mumuki::Bibliotheca.upload_asset! slug, json_body['filename'], json_body['content']
   end
 

data/lib/mumuki/bibliotheca/sinatra/topics.rb

@@ -10,7 +10,7 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
   end
 
   get '/topics' do
-    list_topics Topic.all
+    list_topics Topic.visible(permissions)
   end
 
   get '/topics/writable' do
@@ -18,10 +18,12 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
   end
 
   get '/topics/:organization/:repository' do
+    validate_accessible! topic
     topic.to_resource_h
   end
 
   get '/topics/:organization/:repository/organizations' do
+    validate_accessible! topic
     organizations_for topic
   end
 

data/lib/mumuki/bibliotheca/version.rb

@@ -1,5 +1,5 @@
 module Mumuki
   module Bibliotheca
-    VERSION = '7.0.0'
+    VERSION = '7.5.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumuki-bibliotheca
 version: !ruby/object:Gem::Version
-  version: 7.0.0
+  version: 7.5.0
 platform: ruby
 authors:
 - Franco Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-25 00:00:00.000000000 Z
+date: 2020-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 7.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 7.0.0
+        version: 7.5.0
 - !ruby/object:Gem::Dependency
   name: mumukit-login
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: sprockets
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement