mumukit-auth 7.8.0 → 7.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mumukit/auth/permissions.rb +44 -7
  3. data/lib/mumukit/auth/role.rb +45 -6
  4. data/lib/mumukit/auth/roles.rb +1 -1
  5. data/lib/mumukit/auth/scope.rb +12 -8
  6. data/lib/mumukit/auth/slug.rb +33 -7
  7. data/lib/mumukit/auth/version.rb +1 -1
  8. metadata +3 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d04c848d1712ad910c8bee65a29e7c97cc9473e6bd355a239da5ae4779a628a3
4
- data.tar.gz: 1ce6ae321c42896e72cc1bef840a7d8b38eb2ddcd9eab4f422a32b252daf67b3
3
+ metadata.gz: 2c1873c090d214598c8dfde394af11341cbe5ef5da1604479725e3ccab5a30fe
4
+ data.tar.gz: 315c143eae6654332e7b3d1c13e74d5dfe24a29ecad5ae1063ef3ef7770f121a
5
5
  SHA512:
6
- metadata.gz: 3b47da935941edca52ea4be8fe3fe9a3e87a10f6f90fcd132683655aece5d35f359bb51c347dfeb068df92eb64bc13745851e0636f28e8c6c3ad69449392e550
7
- data.tar.gz: ff30972e250e1427bb40a6a585ff8b3be581896054cd34dce36859d7e30ede4d585be856b2a77dce26186179cdc513e068726c39d30d9c4e33faead47e352314
6
+ metadata.gz: ef85cc04780ed65e32524bf1a3f59caabbe9222ea62340b1263c116ac058f06aaf8bac6478605a0b61511ddab04fbe82ee3252b113a8dea2a2bc7cd868ba3795
7
+ data.tar.gz: dbddcd9a2a0f85d30135fca3b697b1c6a4e99ab8e492aaa81a34fa46b2e4965fd7e867675630aab1889c11650fa992b7c5a162837e906a7690cb2b9ba34ea81a
data/lib/mumukit/auth/permissions.rb CHANGED
@@ -2,18 +2,15 @@ class Mumukit::Auth::Permissions
2
2
  include Mumukit::Auth::Roles
3
3
  include Mumukit::Auth::Protection
4
4
 
5
- delegate :empty?, to: :scopes
6
-
7
5
  attr_accessor :scopes
8
6
 
9
7
  def initialize(scopes={})
10
- raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
11
-
12
- @scopes = scopes.with_indifferent_access
8
+ @scopes = {}.with_indifferent_access
9
+ add_scopes! scopes
13
10
  end
14
11
 
15
12
  def has_permission?(role, resource_slug)
16
- Mumukit::Auth::Role.parse(role).allows?(resource_slug, self)
13
+ role.to_mumukit_role.allows?(resource_slug, self)
17
14
  end
18
15
 
19
16
  def role_allows?(role, resource_slug)
@@ -28,6 +25,21 @@ class Mumukit::Auth::Permissions
28
25
  self.scopes[role] ||= Mumukit::Auth::Scope.new
29
26
  end
30
27
 
28
+ def empty?
29
+ scopes.all? { |_, it| it.empty? }
30
+ end
31
+
32
+ def compact!
33
+ old_scopes = @scopes.dup
34
+ @scopes = {}.with_indifferent_access
35
+
36
+ old_scopes.each do |role, scope|
37
+ scope.grants.each do |grant|
38
+ push_and_compact! role, grant
39
+ end
40
+ end
41
+ end
42
+
31
43
  # Deprecated: use `student_granted_organizations` organizations instead
32
44
  def accessible_organizations
33
45
  warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" +
@@ -45,12 +57,22 @@ class Mumukit::Auth::Permissions
45
57
  scopes.values.flat_map(&:grants).map(&:organization).to_set
46
58
  end
47
59
 
60
+ def any_granted_roles
61
+ scopes.select { |_, scope| scope.present? }.keys.to_set
62
+ end
63
+
48
64
  def granted_organizations_for(role)
49
65
  scope_for(role)&.grants&.map(&:organization).to_set
50
66
  end
51
67
 
52
68
  def add_permission!(role, *grants)
53
- scope_for(role).add_grant! *grants
69
+ role = role.to_mumukit_role
70
+ grants.each { |grant| push_and_compact! role, grant }
71
+ end
72
+
73
+ def add_scopes!(scopes)
74
+ raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
75
+ scopes.each { |role, scope| add_permission! role, *scope.grants }
54
76
  end
55
77
 
56
78
  def merge(other)
@@ -142,4 +164,19 @@ class Mumukit::Auth::Permissions
142
164
  scope.grants.all? { |grant| has_permission? role, grant }
143
165
  end
144
166
 
167
+ def push_and_compact!(role, grant)
168
+ role = role.to_mumukit_role
169
+ grant = grant.to_mumukit_grant
170
+
171
+ scopes.each do |other_role, other_scope|
172
+ other_role = other_role.to_mumukit_role
173
+
174
+ if other_role.narrower_than?(role)
175
+ other_scope.remove_narrower_grants!(grant)
176
+ elsif other_role.broader_than?(role) && other_scope.has_broader_grant?(grant)
177
+ return
178
+ end
179
+ end
180
+ scope_for(role.to_sym).add_grant! grant
181
+ end
145
182
  end
data/lib/mumukit/auth/role.rb CHANGED
@@ -1,3 +1,16 @@
1
+
2
+ class String
3
+ def to_mumukit_role
4
+ Mumukit::Auth::Role.parse self
5
+ end
6
+ end
7
+
8
+ class Symbol
9
+ def to_mumukit_role
10
+ Mumukit::Auth::Role.parse self
11
+ end
12
+ end
13
+
1
14
  module Mumukit::Auth
2
15
  class Role
3
16
  def initialize(symbol)
@@ -17,17 +30,36 @@ module Mumukit::Auth
17
30
  @symbol
18
31
  end
19
32
 
20
- private
33
+ def broader_than?(other)
34
+ other.narrower_than? self
35
+ end
36
+
37
+ def narrower_than?(other)
38
+ other.class != self.class && _narrower_than_other?(other)
39
+ end
40
+
41
+ def to_mumukit_role
42
+ self
43
+ end
21
44
 
22
- def self.parent(parent)
23
- define_method(:parent) { self.class.parse(parent) }
45
+ def _narrower_than_other?(other)
46
+ self.parent.class == other.class || self.parent._narrower_than_other?(other)
24
47
  end
25
48
 
26
- def self.parse(role)
27
- @roles ||= {}
28
- @roles[role] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
49
+ class << self
50
+ def parent(parent)
51
+ define_method(:parent) { self.class.parse(parent) }
52
+ end
53
+
54
+ def parse(role)
55
+ @roles ||= {}
56
+ @roles[role.to_sym] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
57
+ end
29
58
  end
30
59
 
60
+ class ExStudent < Role
61
+ parent :student
62
+ end
31
63
  class Student < Role
32
64
  parent :teacher
33
65
  end
@@ -47,6 +79,9 @@ module Mumukit::Auth
47
79
  parent :admin
48
80
  end
49
81
  class Moderator < Role
82
+ parent :forum_supervisor
83
+ end
84
+ class ForumSupervisor < Role
50
85
  parent :admin
51
86
  end
52
87
  class Admin < Role
@@ -58,6 +93,10 @@ module Mumukit::Auth
58
93
  def parent_allows?(*)
59
94
  false
60
95
  end
96
+
97
+ def _narrower_than_other?(*)
98
+ false
99
+ end
61
100
  end
62
101
  end
63
102
  end
data/lib/mumukit/auth/roles.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Mumukit::Auth
2
2
  module Roles
3
- ROLES = [:student, :teacher, :headmaster, :writer, :editor, :janitor, :moderator, :admin, :owner]
3
+ ROLES = [:ex_student, :student, :teacher, :headmaster, :writer, :editor, :janitor, :moderator, :forum_supervisor, :admin, :owner]
4
4
 
5
5
  ROLES.each do |role|
6
6
  define_method "#{role}?" do |scope = Mumukit::Auth::Slug.any|
data/lib/mumukit/auth/scope.rb CHANGED
@@ -20,6 +20,10 @@ module Mumukit::Auth
20
20
  self.grants.delete(grant)
21
21
  end
22
22
 
23
+ def empty?
24
+ grants.empty?
25
+ end
26
+
23
27
  def merge(other)
24
28
  self.class.new grants + other.grants
25
29
  end
@@ -54,6 +58,14 @@ module Mumukit::Auth
54
58
  to_s
55
59
  end
56
60
 
61
+ def remove_narrower_grants!(grant)
62
+ grants.reject! { |it| grant.allows? it }
63
+ end
64
+
65
+ def has_broader_grant?(grant)
66
+ grants.any? { |it| it.allows? grant }
67
+ end
68
+
57
69
  private
58
70
 
59
71
  def any_grant?(&block)
@@ -66,13 +78,5 @@ module Mumukit::Auth
66
78
  remove_narrower_grants! grant
67
79
  grants << grant
68
80
  end
69
-
70
- def remove_narrower_grants!(grant)
71
- grants.reject! { |it| grant.allows? it }
72
- end
73
-
74
- def has_broader_grant?(grant)
75
- grants.any? { |it| it.allows? grant }
76
- end
77
81
  end
78
82
  end
data/lib/mumukit/auth/slug.rb CHANGED
@@ -35,11 +35,11 @@ module Mumukit::Auth
35
35
  end
36
36
 
37
37
  def ==(o)
38
- self.class == o.class && self.normalize.eql?(o.normalize)
38
+ o.is_a?(Mumukit::Auth::Slug) && self.normalize.eql?(o.normalize)
39
39
  end
40
40
 
41
41
  def eql?(o)
42
- self.class == o.class && to_s == o.to_s
42
+ o.is_a?(Mumukit::Auth::Slug) && to_s == o.to_s
43
43
  end
44
44
 
45
45
  def hash
@@ -57,7 +57,15 @@ module Mumukit::Auth
57
57
  end
58
58
 
59
59
  def normalize
60
- dup.normalize!
60
+ Normalized.new(first, second)
61
+ end
62
+
63
+ def normalized_s
64
+ normalize.to_s
65
+ end
66
+
67
+ def normalized?
68
+ normalize.eql? self
61
69
  end
62
70
 
63
71
  def inspect
@@ -99,7 +107,7 @@ module Mumukit::Auth
99
107
  end
100
108
 
101
109
  def self.normalize(first, second)
102
- new(first, second).normalize!
110
+ Normalized.new(first, second)
103
111
  end
104
112
 
105
113
  private
@@ -117,11 +125,29 @@ module Mumukit::Auth
117
125
  raise Mumukit::Auth::InvalidSlugFormatError, "Invalid slug: #{slug}. It must be in first/second format"
118
126
  end
119
127
  end
128
+
129
+ class Normalized < Slug
130
+ alias_method :_normalize!, :normalize!
131
+
132
+ def initialize(*)
133
+ super
134
+ _normalize!
135
+ end
136
+
137
+ def normalize
138
+ self
139
+ end
140
+
141
+ def normalize!
142
+ self
143
+ end
144
+
145
+ def normalized?
146
+ true
147
+ end
148
+ end
120
149
  end
121
150
 
122
151
  class InvalidSlugFormatError < StandardError
123
152
  end
124
153
  end
125
-
126
-
127
-
data/lib/mumukit/auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Mumukit
2
2
  module Auth
3
- VERSION = '7.8.0'
3
+ VERSION = '7.12.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mumukit-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.8.0
4
+ version: 7.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Franco Leonardo Bulgarelli
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-16 00:00:00.000000000 Z
11
+ date: 2021-11-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -119,8 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
119
119
  - !ruby/object:Gem::Version
120
120
  version: '0'
121
121
  requirements: []
122
- rubyforge_project:
123
- rubygems_version: 2.7.7
122
+ rubygems_version: 3.0.3
124
123
  signing_key:
125
124
  specification_version: 4
126
125
  summary: Library for authorizing mumuki requests