mumuki-bibliotheca 7.1.0 → 7.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d5a9335601683b0046c9f9c35584d8040f863e0defec2151720c5e32090b583e
4
- data.tar.gz: 64f610853cefb9bdf72df538e266e4a086294efda9fbdf94fb0858ca710671cc
3
+ metadata.gz: bddf299b537a1f2749a8f042746709c1e9033cb2af3b1b36063c6de358450770
4
+ data.tar.gz: 728a83c5686363f7398787d22bee777d4f0fd01137658578446269d4b0038dfe
5
5
  SHA512:
6
- metadata.gz: c06d0d1e8c664726c5dfa5bb69c2199bcb1b6a70a6d8e4320b06dc3424afd25d1c40155c74f869cda66a59edb6335ca997011bb80dcfd4656e1f5df552c9d1f3
7
- data.tar.gz: 2f3d6cb49cef4b0c8b2bc89b3b43d67911b350640a2fd52fb2362d8299423211c5a1f319866bf0c02ae74fa82abab138215bd05bbf994a778b4800ecef3415f7
6
+ metadata.gz: 5daeb1be795463f90c785087be78126839b8305988f1efbff8be92d2caa6874cb5e463a5083e23cbef585d99c03c04620026b34e43d18f2f1226ae5a45979a0c
7
+ data.tar.gz: e512a4e5d3fa31badd4a7d32eadc11387f96ff8f95dcf647dd72bfca89b2e17142db3964e3faef381d06a0ee7a6113a14540f09ff8b25839889d3327c77bfa82
@@ -94,6 +94,10 @@ HTML
94
94
  halt 400
95
95
  end
96
96
 
97
+ error Mumuki::Domain::ForbiddenError do
98
+ halt 403
99
+ end
100
+
97
101
  options '*' do
98
102
  response.headers['Allow'] = settings.allow_methods.map { |it| it.to_s.upcase }.join(',')
99
103
  response.headers['Access-Control-Allow-Headers'] = 'X-Mumuki-Auth-Token, X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept, Authorization'
@@ -165,7 +169,7 @@ HTML
165
169
  end
166
170
 
167
171
  def permissions
168
- current_user.permissions
172
+ current_user&.permissions
169
173
  end
170
174
 
171
175
  def organizations_for(item)
@@ -174,6 +178,10 @@ HTML
174
178
  .accessible_as(current_user, :student)
175
179
  .map { |it| it.as_json(only: [:name]) }
176
180
  end
181
+
182
+ def validate_accessible!(subject)
183
+ authorize! :writer if subject.private?
184
+ end
177
185
  end
178
186
 
179
187
  post '/markdown' do
@@ -10,7 +10,7 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
10
10
  end
11
11
 
12
12
  get '/books' do
13
- list_books Book.all
13
+ list_books Book.visible(permissions)
14
14
  end
15
15
 
16
16
  get '/books/writable' do
@@ -18,10 +18,12 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
18
18
  end
19
19
 
20
20
  get '/books/:organization/:repository' do
21
+ validate_accessible! book
21
22
  book.to_resource_h
22
23
  end
23
24
 
24
25
  get '/books/:organization/:repository/organizations' do
26
+ validate_accessible! book
25
27
  organizations_for book
26
28
  end
27
29
 
@@ -14,11 +14,11 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
14
14
  end
15
15
 
16
16
  get '/guides' do
17
- list_guides Guide.visible(current_user&.permissions)
17
+ list_guides Guide.visible(permissions)
18
18
  end
19
19
 
20
20
  get '/guides/writable' do
21
- list_guides Guide.allowed(current_user&.permissions)
21
+ list_guides Guide.allowed(permissions)
22
22
  end
23
23
 
24
24
  delete '/guides/:organization/:repository' do
@@ -26,14 +26,17 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
26
26
  end
27
27
 
28
28
  get '/guides/:organization/:repository/markdown' do
29
+ validate_accessible! guide
29
30
  slice_guide_resource_h_for_api guide.to_markdownified_resource_h
30
31
  end
31
32
 
32
33
  get '/guides/:organization/:repository' do
34
+ validate_accessible! guide
33
35
  slice_guide_resource_h_for_api guide.to_resource_h
34
36
  end
35
37
 
36
38
  get '/guides/:organization/:repository/organizations' do
39
+ validate_accessible! guide
37
40
  organizations_for guide
38
41
  end
39
42
 
@@ -50,6 +53,7 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
50
53
  end
51
54
 
52
55
  post '/guides/:organization/:repository/assets' do
56
+ authorize! :writer
53
57
  Mumuki::Bibliotheca.upload_asset! slug, json_body['filename'], json_body['content']
54
58
  end
55
59
 
@@ -10,7 +10,7 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
10
10
  end
11
11
 
12
12
  get '/topics' do
13
- list_topics Topic.all
13
+ list_topics Topic.visible(permissions)
14
14
  end
15
15
 
16
16
  get '/topics/writable' do
@@ -18,10 +18,12 @@ class Mumuki::Bibliotheca::App < Sinatra::Application
18
18
  end
19
19
 
20
20
  get '/topics/:organization/:repository' do
21
+ validate_accessible! topic
21
22
  topic.to_resource_h
22
23
  end
23
24
 
24
25
  get '/topics/:organization/:repository/organizations' do
26
+ validate_accessible! topic
25
27
  organizations_for topic
26
28
  end
27
29
 
@@ -1,5 +1,5 @@
1
1
  module Mumuki
2
2
  module Bibliotheca
3
- VERSION = '7.1.0'
3
+ VERSION = '7.2.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mumuki-bibliotheca
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.1.0
4
+ version: 7.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Franco Bulgarelli
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-01-17 00:00:00.000000000 Z
11
+ date: 2020-03-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 7.1.0
75
+ version: 7.2.0
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 7.1.0
82
+ version: 7.2.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: mumukit-login
85
85
  requirement: !ruby/object:Gem::Requirement