mumukit-auth 3.0.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a9092f2f97e6a3b76afc8339f023be19daae8f43
-  data.tar.gz: a341795e26fceb21541c1d4dbfabc8acaa5c4942
+  metadata.gz: ea91874d47681042c3ee482de3312406ca7978df
+  data.tar.gz: 08770d172965ab3bbd1a75748d91bafea2e80afb
 SHA512:
-  metadata.gz: fb99bd92c87a8dd3c80a86a9edfaeffd2ebb7beffe321b266126adab91d73f154fc2f53b53c0dcf000801e7e4009278e49151b6fe6c41ef63af27e05626d4e03
-  data.tar.gz: 9f0f7f2cff61e2f3447de4d4ca00071a2ab897556c274f80bea6dc5681bbc95b708e2cf2ffa550152bb2d4b20f4acaf27ae00619b9c54f024336f305b6f4c11c
+  metadata.gz: 288fc8a1586feda6a2ddb47e46c3e653c51c5aec1180c4096dcb78bdc29ad1bee4e32f91ba7b432bd3544dea94e3f654b44553c8a3e10a707fcd42344e116662
+  data.tar.gz: f34511cfbba2770ec4b7b292f3949c520791864d9417f0befca20536fce94f62aa5e456b0eb3a9563566a80ebd4cfe563af52623721e641945c28a4fbffb9d13

data/lib/mumukit/auth.rb

@@ -3,6 +3,7 @@ require 'mumukit/core'
 require 'daybreak'
 
 require_relative './auth/array'
+require_relative './auth/role'
 require_relative './auth/roles'
 require_relative './auth/slug'
 require_relative './auth/version'

data/lib/mumukit/auth/permissions.rb

@@ -4,13 +4,17 @@ class Mumukit::Auth::Permissions
   attr_accessor :scopes
 
   def initialize(scopes={})
-    raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope  }
+    raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
 
     @scopes = scopes.with_indifferent_access
   end
 
   def has_permission?(role, resource_slug)
-    !!scope_for(role)&.allows?(resource_slug)
+    Mumukit::Auth::Role.parse(role).allows?(resource_slug, self)
+  end
+
+  def role_allows?(role, resource_slug)
+    scope_for(role).allows?(resource_slug)
   end
 
   def protect!(scope, slug)
@@ -21,12 +25,12 @@ class Mumukit::Auth::Permissions
     scopes[role].present?
   end
 
+
   def scope_for(role)
-    self.scopes[role] || Mumukit::Auth::Scope.new
+    self.scopes[role] ||= Mumukit::Auth::Scope.new
   end
 
   def add_permission!(role, *grants)
-    self.scopes[role] ||= Mumukit::Auth::Scope.new
     scope_for(role)&.add_grant! *grants
   end
 

data/lib/mumukit/auth/role.rb

@@ -0,0 +1,57 @@
+module Mumukit::Auth
+  class Role
+    def initialize(symbol)
+      @symbol=symbol
+    end
+
+    def allows?(resource_slug, permissions)
+      permissions.role_allows?(to_sym, resource_slug) ||
+          parent_allows?(resource_slug, permissions)
+    end
+
+    def parent_allows?(resource_slug, permissions)
+      parent.allows?(resource_slug, permissions)
+    end
+
+    def to_sym
+      @symbol
+    end
+
+    private
+
+    def self.parent(parent)
+      define_method(:parent) { self.class.parse(parent) }
+    end
+
+    def self.parse(role)
+      @roles ||= {}
+      @roles[role] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
+    end
+
+    class Student < Role
+      parent :owner
+    end
+    class Teacher < Role
+      parent :headmaster
+    end
+    class Headmaster < Role
+      parent :owner
+    end
+    class Writer < Role
+      parent :editor
+    end
+    class Editor < Role
+      parent :owner
+    end
+    class Janitor < Role
+      parent :owner
+    end
+    class Owner < Role
+      parent nil
+
+      def parent_allows?(*)
+        false
+      end
+    end
+  end
+end

data/lib/mumukit/auth/scope.rb

@@ -31,7 +31,7 @@ module Mumukit::Auth
       to_s.present?
     end
 
-    def self.parse(string)
+    def self.parse(string='')
       new(string.split(':').map(&:to_mumukit_grant))
     end
 

data/lib/mumukit/auth/store.rb

@@ -1,5 +1,20 @@
 module Mumukit::Auth
   class Store
+    def initialize(db_name)
+      @db = Daybreak::DB.new "#{db_name}.db", default: '{}'
+    end
+
+    def close
+      @db.close
+    end
+
+    def set!(key, value)
+      @db.update! key.to_sym => value.to_json
+    end
+
+    def get(key)
+      Mumukit::Auth::Permissions.load @db[key]
+    end
 
     class << self
       def from_env
@@ -9,8 +24,8 @@ module Mumukit::Auth
       def with(&block)
         store = from_env
         block.call store
-        ensure
-          store.close
+      ensure
+        store.close
       end
 
       def set!(*args)
@@ -21,21 +36,5 @@ module Mumukit::Auth
         with { |store| store.get(key) }
       end
     end
-
-    def initialize(db_name)
-      @db = Daybreak::DB.new "#{db_name}.db", default: '{}'
-    end
-
-    def close
-      @db.close
-    end
-
-    def set!(key, value)
-      @db.update! key.to_sym => value.to_json
-    end
-
-    def get(key)
-      Mumukit::Auth::Permissions.load @db[key]
-    end
   end
 end

data/lib/mumukit/auth/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Auth
-    VERSION = '3.0.0'
+    VERSION = '3.1.0'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-auth
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.1.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
@@ -106,6 +106,7 @@ files:
 - lib/mumukit/auth/exceptions.rb
 - lib/mumukit/auth/grant.rb
 - lib/mumukit/auth/permissions.rb
+- lib/mumukit/auth/role.rb
 - lib/mumukit/auth/roles.rb
 - lib/mumukit/auth/scope.rb
 - lib/mumukit/auth/slug.rb