mumukit-auth 7.11.0 → 7.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mumukit/auth/permissions.rb +40 -7
- data/lib/mumukit/auth/role.rb +39 -6
- data/lib/mumukit/auth/scope.rb +12 -8
- data/lib/mumukit/auth/slug.rb +33 -7
- data/lib/mumukit/auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2c1873c090d214598c8dfde394af11341cbe5ef5da1604479725e3ccab5a30fe
|
4
|
+
data.tar.gz: 315c143eae6654332e7b3d1c13e74d5dfe24a29ecad5ae1063ef3ef7770f121a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ef85cc04780ed65e32524bf1a3f59caabbe9222ea62340b1263c116ac058f06aaf8bac6478605a0b61511ddab04fbe82ee3252b113a8dea2a2bc7cd868ba3795
|
7
|
+
data.tar.gz: dbddcd9a2a0f85d30135fca3b697b1c6a4e99ab8e492aaa81a34fa46b2e4965fd7e867675630aab1889c11650fa992b7c5a162837e906a7690cb2b9ba34ea81a
|
@@ -2,18 +2,15 @@ class Mumukit::Auth::Permissions
|
|
2
2
|
include Mumukit::Auth::Roles
|
3
3
|
include Mumukit::Auth::Protection
|
4
4
|
|
5
|
-
delegate :empty?, to: :scopes
|
6
|
-
|
7
5
|
attr_accessor :scopes
|
8
6
|
|
9
7
|
def initialize(scopes={})
|
10
|
-
|
11
|
-
|
12
|
-
@scopes = scopes.with_indifferent_access
|
8
|
+
@scopes = {}.with_indifferent_access
|
9
|
+
add_scopes! scopes
|
13
10
|
end
|
14
11
|
|
15
12
|
def has_permission?(role, resource_slug)
|
16
|
-
|
13
|
+
role.to_mumukit_role.allows?(resource_slug, self)
|
17
14
|
end
|
18
15
|
|
19
16
|
def role_allows?(role, resource_slug)
|
@@ -28,6 +25,21 @@ class Mumukit::Auth::Permissions
|
|
28
25
|
self.scopes[role] ||= Mumukit::Auth::Scope.new
|
29
26
|
end
|
30
27
|
|
28
|
+
def empty?
|
29
|
+
scopes.all? { |_, it| it.empty? }
|
30
|
+
end
|
31
|
+
|
32
|
+
def compact!
|
33
|
+
old_scopes = @scopes.dup
|
34
|
+
@scopes = {}.with_indifferent_access
|
35
|
+
|
36
|
+
old_scopes.each do |role, scope|
|
37
|
+
scope.grants.each do |grant|
|
38
|
+
push_and_compact! role, grant
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
31
43
|
# Deprecated: use `student_granted_organizations` organizations instead
|
32
44
|
def accessible_organizations
|
33
45
|
warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" +
|
@@ -54,7 +66,13 @@ class Mumukit::Auth::Permissions
|
|
54
66
|
end
|
55
67
|
|
56
68
|
def add_permission!(role, *grants)
|
57
|
-
|
69
|
+
role = role.to_mumukit_role
|
70
|
+
grants.each { |grant| push_and_compact! role, grant }
|
71
|
+
end
|
72
|
+
|
73
|
+
def add_scopes!(scopes)
|
74
|
+
raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
|
75
|
+
scopes.each { |role, scope| add_permission! role, *scope.grants }
|
58
76
|
end
|
59
77
|
|
60
78
|
def merge(other)
|
@@ -146,4 +164,19 @@ class Mumukit::Auth::Permissions
|
|
146
164
|
scope.grants.all? { |grant| has_permission? role, grant }
|
147
165
|
end
|
148
166
|
|
167
|
+
def push_and_compact!(role, grant)
|
168
|
+
role = role.to_mumukit_role
|
169
|
+
grant = grant.to_mumukit_grant
|
170
|
+
|
171
|
+
scopes.each do |other_role, other_scope|
|
172
|
+
other_role = other_role.to_mumukit_role
|
173
|
+
|
174
|
+
if other_role.narrower_than?(role)
|
175
|
+
other_scope.remove_narrower_grants!(grant)
|
176
|
+
elsif other_role.broader_than?(role) && other_scope.has_broader_grant?(grant)
|
177
|
+
return
|
178
|
+
end
|
179
|
+
end
|
180
|
+
scope_for(role.to_sym).add_grant! grant
|
181
|
+
end
|
149
182
|
end
|
data/lib/mumukit/auth/role.rb
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
|
2
|
+
class String
|
3
|
+
def to_mumukit_role
|
4
|
+
Mumukit::Auth::Role.parse self
|
5
|
+
end
|
6
|
+
end
|
7
|
+
|
8
|
+
class Symbol
|
9
|
+
def to_mumukit_role
|
10
|
+
Mumukit::Auth::Role.parse self
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
1
14
|
module Mumukit::Auth
|
2
15
|
class Role
|
3
16
|
def initialize(symbol)
|
@@ -17,15 +30,31 @@ module Mumukit::Auth
|
|
17
30
|
@symbol
|
18
31
|
end
|
19
32
|
|
20
|
-
|
33
|
+
def broader_than?(other)
|
34
|
+
other.narrower_than? self
|
35
|
+
end
|
36
|
+
|
37
|
+
def narrower_than?(other)
|
38
|
+
other.class != self.class && _narrower_than_other?(other)
|
39
|
+
end
|
21
40
|
|
22
|
-
def
|
23
|
-
|
41
|
+
def to_mumukit_role
|
42
|
+
self
|
24
43
|
end
|
25
44
|
|
26
|
-
def
|
27
|
-
|
28
|
-
|
45
|
+
def _narrower_than_other?(other)
|
46
|
+
self.parent.class == other.class || self.parent._narrower_than_other?(other)
|
47
|
+
end
|
48
|
+
|
49
|
+
class << self
|
50
|
+
def parent(parent)
|
51
|
+
define_method(:parent) { self.class.parse(parent) }
|
52
|
+
end
|
53
|
+
|
54
|
+
def parse(role)
|
55
|
+
@roles ||= {}
|
56
|
+
@roles[role.to_sym] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
|
57
|
+
end
|
29
58
|
end
|
30
59
|
|
31
60
|
class ExStudent < Role
|
@@ -64,6 +93,10 @@ module Mumukit::Auth
|
|
64
93
|
def parent_allows?(*)
|
65
94
|
false
|
66
95
|
end
|
96
|
+
|
97
|
+
def _narrower_than_other?(*)
|
98
|
+
false
|
99
|
+
end
|
67
100
|
end
|
68
101
|
end
|
69
102
|
end
|
data/lib/mumukit/auth/scope.rb
CHANGED
@@ -20,6 +20,10 @@ module Mumukit::Auth
|
|
20
20
|
self.grants.delete(grant)
|
21
21
|
end
|
22
22
|
|
23
|
+
def empty?
|
24
|
+
grants.empty?
|
25
|
+
end
|
26
|
+
|
23
27
|
def merge(other)
|
24
28
|
self.class.new grants + other.grants
|
25
29
|
end
|
@@ -54,6 +58,14 @@ module Mumukit::Auth
|
|
54
58
|
to_s
|
55
59
|
end
|
56
60
|
|
61
|
+
def remove_narrower_grants!(grant)
|
62
|
+
grants.reject! { |it| grant.allows? it }
|
63
|
+
end
|
64
|
+
|
65
|
+
def has_broader_grant?(grant)
|
66
|
+
grants.any? { |it| it.allows? grant }
|
67
|
+
end
|
68
|
+
|
57
69
|
private
|
58
70
|
|
59
71
|
def any_grant?(&block)
|
@@ -66,13 +78,5 @@ module Mumukit::Auth
|
|
66
78
|
remove_narrower_grants! grant
|
67
79
|
grants << grant
|
68
80
|
end
|
69
|
-
|
70
|
-
def remove_narrower_grants!(grant)
|
71
|
-
grants.reject! { |it| grant.allows? it }
|
72
|
-
end
|
73
|
-
|
74
|
-
def has_broader_grant?(grant)
|
75
|
-
grants.any? { |it| it.allows? grant }
|
76
|
-
end
|
77
81
|
end
|
78
82
|
end
|
data/lib/mumukit/auth/slug.rb
CHANGED
@@ -35,11 +35,11 @@ module Mumukit::Auth
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def ==(o)
|
38
|
-
|
38
|
+
o.is_a?(Mumukit::Auth::Slug) && self.normalize.eql?(o.normalize)
|
39
39
|
end
|
40
40
|
|
41
41
|
def eql?(o)
|
42
|
-
|
42
|
+
o.is_a?(Mumukit::Auth::Slug) && to_s == o.to_s
|
43
43
|
end
|
44
44
|
|
45
45
|
def hash
|
@@ -57,7 +57,15 @@ module Mumukit::Auth
|
|
57
57
|
end
|
58
58
|
|
59
59
|
def normalize
|
60
|
-
|
60
|
+
Normalized.new(first, second)
|
61
|
+
end
|
62
|
+
|
63
|
+
def normalized_s
|
64
|
+
normalize.to_s
|
65
|
+
end
|
66
|
+
|
67
|
+
def normalized?
|
68
|
+
normalize.eql? self
|
61
69
|
end
|
62
70
|
|
63
71
|
def inspect
|
@@ -99,7 +107,7 @@ module Mumukit::Auth
|
|
99
107
|
end
|
100
108
|
|
101
109
|
def self.normalize(first, second)
|
102
|
-
new(first, second)
|
110
|
+
Normalized.new(first, second)
|
103
111
|
end
|
104
112
|
|
105
113
|
private
|
@@ -117,11 +125,29 @@ module Mumukit::Auth
|
|
117
125
|
raise Mumukit::Auth::InvalidSlugFormatError, "Invalid slug: #{slug}. It must be in first/second format"
|
118
126
|
end
|
119
127
|
end
|
128
|
+
|
129
|
+
class Normalized < Slug
|
130
|
+
alias_method :_normalize!, :normalize!
|
131
|
+
|
132
|
+
def initialize(*)
|
133
|
+
super
|
134
|
+
_normalize!
|
135
|
+
end
|
136
|
+
|
137
|
+
def normalize
|
138
|
+
self
|
139
|
+
end
|
140
|
+
|
141
|
+
def normalize!
|
142
|
+
self
|
143
|
+
end
|
144
|
+
|
145
|
+
def normalized?
|
146
|
+
true
|
147
|
+
end
|
148
|
+
end
|
120
149
|
end
|
121
150
|
|
122
151
|
class InvalidSlugFormatError < StandardError
|
123
152
|
end
|
124
153
|
end
|
125
|
-
|
126
|
-
|
127
|
-
|
data/lib/mumukit/auth/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mumukit-auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 7.
|
4
|
+
version: 7.12.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Franco Leonardo Bulgarelli
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|