mumukit-auth 7.5.2 → 7.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a233658a7f1e3cfb135b4a483349e9fe38e20d92a5bf8a97040ccc618640c077
-  data.tar.gz: 0664fea5f198d4870f21c681f1e42e36df4d4081735e4844edc0891211ffe5a2
+  metadata.gz: d04c848d1712ad910c8bee65a29e7c97cc9473e6bd355a239da5ae4779a628a3
+  data.tar.gz: 1ce6ae321c42896e72cc1bef840a7d8b38eb2ddcd9eab4f422a32b252daf67b3
 SHA512:
-  metadata.gz: 836d44fcc5880cbc22268a9705e4f4d5a9f77256d7de7a84851356ce7da06daf5b5da0bea28b56a7aebabd1b89109b9e556e6af728ea6edbb923cc13e67e8d37
-  data.tar.gz: d8860943ad2c1da1190189664deaeb73681abf3543c93e219b7c563eb1c27d998954678ef70da2de6b7c22e4332115af612b7aea31db325b27d08aba10e9ebef
+  metadata.gz: 3b47da935941edca52ea4be8fe3fe9a3e87a10f6f90fcd132683655aece5d35f359bb51c347dfeb068df92eb64bc13745851e0636f28e8c6c3ad69449392e550
+  data.tar.gz: ff30972e250e1427bb40a6a585ff8b3be581896054cd34dce36859d7e30ede4d585be856b2a77dce26186179cdc513e068726c39d30d9c4e33faead47e352314

data/lib/mumukit/auth/grant.rb

@@ -7,6 +7,8 @@ end
 
 module Mumukit::Auth
   class Grant
+    delegate :organization, to: :to_mumukit_slug
+
     def as_json(options={})
       to_s
     end
@@ -63,7 +65,7 @@ module Mumukit::Auth
     end
 
     def allows?(resource_slug)
-      resource_slug.to_mumukit_slug.match_first @first
+      resource_slug.to_mumukit_slug.normalize!.match_first @first
     end
 
     def to_s
@@ -77,16 +79,16 @@ module Mumukit::Auth
 
   class SingleGrant < Grant
     def initialize(slug)
-      @slug = slug
+      @slug = slug.normalize
     end
 
     def allows?(resource_slug)
-      resource_slug = resource_slug.to_mumukit_slug
+      resource_slug = resource_slug.to_mumukit_slug.normalize!
       resource_slug.match_first(@slug.first) && resource_slug.match_second(@slug.second)
     end
 
     def to_s
-      @slug.to_case_insensitive_s
+      @slug.to_s
     end
 
     def to_mumukit_slug

data/lib/mumukit/auth/permissions.rb

@@ -28,8 +28,25 @@ class Mumukit::Auth::Permissions
     self.scopes[role] ||= Mumukit::Auth::Scope.new
   end
 
+  # Deprecated: use `student_granted_organizations` organizations instead
   def accessible_organizations
-    scope_for(:student)&.grants&.map { |grant| grant.to_mumukit_slug.organization }.to_set
+    warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" +
+         "Use student_granted_organizations if you still need its behaviour"
+    student_granted_organizations
+  end
+
+  # Answers the organizations for which the user has been explicitly granted acceses as student.
+  # This method does not include the organizations the user has access because of the roles hierarchy
+  def student_granted_organizations
+    granted_organizations_for :student
+  end
+
+  def any_granted_organizations
+    scopes.values.flat_map(&:grants).map(&:organization).to_set
+  end
+
+  def granted_organizations_for(role)
+    scope_for(role)&.grants&.map(&:organization).to_set
   end
 
   def add_permission!(role, *grants)

data/lib/mumukit/auth/role.rb

@@ -41,12 +41,15 @@ module Mumukit::Auth
       parent :editor
     end
     class Editor < Role
-      parent :owner
+      parent :admin
     end
     class Janitor < Role
-      parent :owner
+      parent :admin
     end
     class Moderator < Role
+      parent :admin
+    end
+    class Admin < Role
       parent :owner
     end
     class Owner < Role
@@ -57,4 +60,4 @@ module Mumukit::Auth
       end
     end
   end
-end
+end

data/lib/mumukit/auth/roles.rb

@@ -1,6 +1,6 @@
 module Mumukit::Auth
   module Roles
-    ROLES = [:student, :teacher, :headmaster, :writer, :editor, :janitor, :moderator, :owner]
+    ROLES = [:student, :teacher, :headmaster, :writer, :editor, :janitor, :moderator, :admin, :owner]
 
     ROLES.each do |role|
       define_method "#{role}?" do |scope = Mumukit::Auth::Slug.any|

data/lib/mumukit/auth/slug.rb

@@ -23,11 +23,11 @@ module Mumukit::Auth
     end
 
     def match_first(first)
-      match self.first.downcase, first.downcase
+      match self.first, first
     end
 
     def match_second(second)
-      match self.second.downcase, second.downcase
+      match self.second, second
     end
 
     def rebase(new_organizaton)
@@ -35,21 +35,29 @@ module Mumukit::Auth
     end
 
     def ==(o)
-      self.class == o.class && to_case_insensitive_s == o.to_case_insensitive_s
+      self.class == o.class && self.normalize.eql?(o.normalize)
     end
 
-    alias_method :eql?, :==
+    def eql?(o)
+      self.class == o.class && to_s == o.to_s
+    end
 
     def hash
-      to_case_insensitive_s.hash
+      to_s.hash
     end
 
     def to_s
       "#{first}/#{second}"
     end
 
-    def to_case_insensitive_s
-      @case_insensitive_s ||= to_s.downcase
+    def normalize!
+      @first = normalize_part @first
+      @second = normalize_part @second
+      self
+    end
+
+    def normalize
+      dup.normalize!
     end
 
     def inspect
@@ -90,14 +98,22 @@ module Mumukit::Auth
       parse '_/_'
     end
 
+    def self.normalize(first, second)
+      new(first, second).normalize!
+    end
+
     private
 
+    def normalize_part(slug_part)
+      slug_part.split('.').map(&:parameterize).join('.')
+    end
+
     def match(pattern, part)
       pattern == '_' || pattern == part
     end
 
     def self.validate_slug!(slug)
-      unless slug =~ /.*\/.*/
+      unless slug =~ /\A[^\/\n]+\/[^\/\n]+\z/
         raise Mumukit::Auth::InvalidSlugFormatError, "Invalid slug: #{slug}. It must be in first/second format"
       end
     end

data/lib/mumukit/auth/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Auth
-    VERSION = '7.5.2'
+    VERSION = '7.8.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-auth
 version: !ruby/object:Gem::Version
-  version: 7.5.2
+  version: 7.8.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-29 00:00:00.000000000 Z
+date: 2020-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,42 +16,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.7'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -119,7 +119,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.2
+rubyforge_project: 
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Library for authorizing mumuki requests