RubyGems - mumukit-auth - Versions diffs - 7.8.0 → 7.12.0 - Mend

mumukit-auth 7.8.0 → 7.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/mumukit/auth/permissions.rb +44 -7
data/lib/mumukit/auth/role.rb +45 -6
data/lib/mumukit/auth/roles.rb +1 -1
data/lib/mumukit/auth/scope.rb +12 -8
data/lib/mumukit/auth/slug.rb +33 -7
data/lib/mumukit/auth/version.rb +1 -1
metadata +3 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d04c848d1712ad910c8bee65a29e7c97cc9473e6bd355a239da5ae4779a628a3
-  data.tar.gz: 1ce6ae321c42896e72cc1bef840a7d8b38eb2ddcd9eab4f422a32b252daf67b3
+  metadata.gz: 2c1873c090d214598c8dfde394af11341cbe5ef5da1604479725e3ccab5a30fe
+  data.tar.gz: 315c143eae6654332e7b3d1c13e74d5dfe24a29ecad5ae1063ef3ef7770f121a
 SHA512:
-  metadata.gz: 3b47da935941edca52ea4be8fe3fe9a3e87a10f6f90fcd132683655aece5d35f359bb51c347dfeb068df92eb64bc13745851e0636f28e8c6c3ad69449392e550
-  data.tar.gz: ff30972e250e1427bb40a6a585ff8b3be581896054cd34dce36859d7e30ede4d585be856b2a77dce26186179cdc513e068726c39d30d9c4e33faead47e352314
+  metadata.gz: ef85cc04780ed65e32524bf1a3f59caabbe9222ea62340b1263c116ac058f06aaf8bac6478605a0b61511ddab04fbe82ee3252b113a8dea2a2bc7cd868ba3795
+  data.tar.gz: dbddcd9a2a0f85d30135fca3b697b1c6a4e99ab8e492aaa81a34fa46b2e4965fd7e867675630aab1889c11650fa992b7c5a162837e906a7690cb2b9ba34ea81a

data/lib/mumukit/auth/permissions.rb CHANGED Viewed

@@ -2,18 +2,15 @@ class Mumukit::Auth::Permissions
   include Mumukit::Auth::Roles
   include Mumukit::Auth::Protection
-  delegate :empty?, to: :scopes
   attr_accessor :scopes
   def initialize(scopes={})
-    raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
-    @scopes = scopes.with_indifferent_access
+    @scopes = {}.with_indifferent_access
+    add_scopes! scopes
   end
   def has_permission?(role, resource_slug)
-    Mumukit::Auth::Role.parse(role).allows?(resource_slug, self)
+    role.to_mumukit_role.allows?(resource_slug, self)
   end
   def role_allows?(role, resource_slug)
@@ -28,6 +25,21 @@ class Mumukit::Auth::Permissions
     self.scopes[role] ||= Mumukit::Auth::Scope.new
   end
+  def empty?
+    scopes.all? { |_, it| it.empty? }
+  end
+  def compact!
+    old_scopes = @scopes.dup
+    @scopes = {}.with_indifferent_access
+    old_scopes.each do |role, scope|
+      scope.grants.each do |grant|
+        push_and_compact! role, grant
+      end
+    end
+  end
   # Deprecated: use `student_granted_organizations` organizations instead
   def accessible_organizations
     warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" +
@@ -45,12 +57,22 @@ class Mumukit::Auth::Permissions
     scopes.values.flat_map(&:grants).map(&:organization).to_set
   end
+  def any_granted_roles
+    scopes.select { |_, scope| scope.present? }.keys.to_set
+  end
   def granted_organizations_for(role)
     scope_for(role)&.grants&.map(&:organization).to_set
   end
   def add_permission!(role, *grants)
-    scope_for(role).add_grant! *grants
+    role = role.to_mumukit_role
+    grants.each { |grant| push_and_compact! role, grant }
+  end
+  def add_scopes!(scopes)
+    raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
+    scopes.each { |role, scope| add_permission! role, *scope.grants }
   end
   def merge(other)
@@ -142,4 +164,19 @@ class Mumukit::Auth::Permissions
     scope.grants.all? { |grant| has_permission? role, grant }
   end
+  def push_and_compact!(role, grant)
+    role = role.to_mumukit_role
+    grant = grant.to_mumukit_grant
+    scopes.each do |other_role, other_scope|
+      other_role = other_role.to_mumukit_role
+      if other_role.narrower_than?(role)
+        other_scope.remove_narrower_grants!(grant)
+      elsif other_role.broader_than?(role) && other_scope.has_broader_grant?(grant)
+        return
+      end
+    end
+    scope_for(role.to_sym).add_grant! grant
+  end
 end

data/lib/mumukit/auth/role.rb CHANGED Viewed

@@ -1,3 +1,16 @@
+class String
+  def to_mumukit_role
+    Mumukit::Auth::Role.parse self
+  end
+end
+class Symbol
+  def to_mumukit_role
+    Mumukit::Auth::Role.parse self
+  end
+end
 module Mumukit::Auth
   class Role
     def initialize(symbol)
@@ -17,17 +30,36 @@ module Mumukit::Auth
       @symbol
     end
-    private
+    def broader_than?(other)
+      other.narrower_than? self
+    end
+    def narrower_than?(other)
+      other.class != self.class && _narrower_than_other?(other)
+    end
+    def to_mumukit_role
+      self
+    end
-    def self.parent(parent)
-      define_method(:parent) { self.class.parse(parent) }
+    def _narrower_than_other?(other)
+      self.parent.class == other.class || self.parent._narrower_than_other?(other)
     end
-    def self.parse(role)
-      @roles ||= {}
-      @roles[role] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
+    class << self
+      def parent(parent)
+        define_method(:parent) { self.class.parse(parent) }
+      end
+      def parse(role)
+        @roles ||= {}
+        @roles[role.to_sym] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
+      end
     end
+    class ExStudent < Role
+      parent :student
+    end
     class Student < Role
       parent :teacher
     end
@@ -47,6 +79,9 @@ module Mumukit::Auth
       parent :admin
     end
     class Moderator < Role
+      parent :forum_supervisor
+    end
+    class ForumSupervisor < Role
       parent :admin
     end
     class Admin < Role
@@ -58,6 +93,10 @@ module Mumukit::Auth
       def parent_allows?(*)
         false
       end
+      def _narrower_than_other?(*)
+        false
+      end
     end
   end
 end

data/lib/mumukit/auth/roles.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 module Mumukit::Auth
   module Roles
-    ROLES = [:student, :teacher, :headmaster, :writer, :editor, :janitor, :moderator, :admin, :owner]
+    ROLES = [:ex_student, :student, :teacher, :headmaster, :writer, :editor, :janitor, :moderator, :forum_supervisor, :admin, :owner]
     ROLES.each do |role|
       define_method "#{role}?" do |scope = Mumukit::Auth::Slug.any|

data/lib/mumukit/auth/scope.rb CHANGED Viewed

@@ -20,6 +20,10 @@ module Mumukit::Auth
       self.grants.delete(grant)
     end
+    def empty?
+      grants.empty?
+    end
     def merge(other)
       self.class.new grants + other.grants
     end
@@ -54,6 +58,14 @@ module Mumukit::Auth
       to_s
     end
+    def remove_narrower_grants!(grant)
+      grants.reject! { |it| grant.allows? it }
+    end
+    def has_broader_grant?(grant)
+      grants.any? { |it| it.allows? grant }
+    end
     private
     def any_grant?(&block)
@@ -66,13 +78,5 @@ module Mumukit::Auth
       remove_narrower_grants! grant
       grants << grant
     end
-    def remove_narrower_grants!(grant)
-      grants.reject! { |it| grant.allows? it }
-    end
-    def has_broader_grant?(grant)
-      grants.any? { |it| it.allows? grant }
-    end
   end
 end

data/lib/mumukit/auth/slug.rb CHANGED Viewed

@@ -35,11 +35,11 @@ module Mumukit::Auth
     end
     def ==(o)
-      self.class == o.class && self.normalize.eql?(o.normalize)
+      o.is_a?(Mumukit::Auth::Slug) && self.normalize.eql?(o.normalize)
     end
     def eql?(o)
-      self.class == o.class && to_s == o.to_s
+      o.is_a?(Mumukit::Auth::Slug) && to_s == o.to_s
     end
     def hash
@@ -57,7 +57,15 @@ module Mumukit::Auth
     end
     def normalize
-      dup.normalize!
+      Normalized.new(first, second)
+    end
+    def normalized_s
+      normalize.to_s
+    end
+    def normalized?
+      normalize.eql? self
     end
     def inspect
@@ -99,7 +107,7 @@ module Mumukit::Auth
     end
     def self.normalize(first, second)
-      new(first, second).normalize!
+      Normalized.new(first, second)
     end
     private
@@ -117,11 +125,29 @@ module Mumukit::Auth
         raise Mumukit::Auth::InvalidSlugFormatError, "Invalid slug: #{slug}. It must be in first/second format"
       end
     end
+    class Normalized < Slug
+      alias_method :_normalize!, :normalize!
+      def initialize(*)
+        super
+        _normalize!
+      end
+      def normalize
+        self
+      end
+      def normalize!
+        self
+      end
+      def normalized?
+        true
+      end
+    end
   end
   class InvalidSlugFormatError < StandardError
   end
 end

data/lib/mumukit/auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Mumukit
   module Auth
-    VERSION = '7.8.0'
+    VERSION = '7.12.0'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-auth
 version: !ruby/object:Gem::Version
-  version: 7.8.0
+  version: 7.12.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-07-16 00:00:00.000000000 Z
+date: 2021-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -119,8 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.7
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: Library for authorizing mumuki requests