mumukit-auth 7.0.0 → 7.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d136ecb1bb6af3070bd6b8fc7b7619177e7d5ec1
4
- data.tar.gz: 96b63bae2e85d94b35d95ed581e0ca85f3e1d06c
3
+ metadata.gz: 6dc8efe9a719847890a69555ecbef9b9d3844d9e
4
+ data.tar.gz: a7547aa226ea437d6dc4d096776187fb367b122b
5
5
  SHA512:
6
- metadata.gz: 965df713960806f3e24bdcc800300156a967726715f32633f4b4987bd3b3e3130639d2811984742fcebedc98f83fb32c0b0b12b511320760ad3ce8d99247729c
7
- data.tar.gz: a52966d1d60e8ca5486aa42902e43c102ba6334772055996957df19b29a06c21897b9af580cfd0e29df875ead430145a981e3b022ba1ae1ed5322362f60e71dd
6
+ metadata.gz: 7646c11a128f13f494916e732149852cc3457f069376e6b42dbab74dec87787df6c6d3737bfda2c568b236ff7d012c4eddb743cf19528f0ce4d4b1b92e176cd3
7
+ data.tar.gz: 766d4c5a3391052ac1fabe125a9d891dd69d75f6eb9e7a9b523133fd5d8c9fd4c47b7774c8a51b4c5ac6404766cb509d6eb9b419453db63201abbaea52d7caab
@@ -1,5 +1,6 @@
1
1
  class Mumukit::Auth::Permissions
2
2
  include Mumukit::Auth::Roles
3
+ include Mumukit::Auth::Protection
3
4
 
4
5
  delegate :empty?, to: :scopes
5
6
 
@@ -19,11 +20,6 @@ class Mumukit::Auth::Permissions
19
20
  scope_for(role).allows?(resource_slug)
20
21
  end
21
22
 
22
- def protect!(role, slug)
23
- raise Mumukit::Auth::UnauthorizedAccessError,
24
- "Unauthorized access to #{slug} as #{role}. Scope is `#{scope_for role}`" unless has_permission?(role, slug)
25
- end
26
-
27
23
  def has_role?(role)
28
24
  scopes[role].present?
29
25
  end
@@ -32,6 +28,10 @@ class Mumukit::Auth::Permissions
32
28
  self.scopes[role] ||= Mumukit::Auth::Scope.new
33
29
  end
34
30
 
31
+ def accessible_organizations
32
+ scope_for(:student)&.grants&.map { |grant| grant.to_mumukit_slug.organization }.to_set
33
+ end
34
+
35
35
  def add_permission!(role, *grants)
36
36
  scope_for(role).add_grant! *grants
37
37
  end
@@ -0,0 +1,12 @@
1
+ module Mumukit::Auth::Protection
2
+ def protect!(role, slug)
3
+ raise Mumukit::Auth::UnauthorizedAccessError,
4
+ "Unauthorized access to #{slug} as #{role}. Scope is `#{scope_for role}`" unless has_permission?(role, slug)
5
+ end
6
+
7
+ def protect_delegation!(other)
8
+ other ||= {}
9
+ raise Mumukit::Auth::UnauthorizedAccessError,
10
+ "Unauthorized delegation to #{other.to_h}" unless delegate_to?(Mumukit::Auth::Permissions.parse(other.to_h))
11
+ end
12
+ end
@@ -3,7 +3,7 @@ module Mumukit::Auth
3
3
  ROLES = [:student, :teacher, :headmaster, :writer, :editor, :janitor, :owner]
4
4
 
5
5
  ROLES.each do |role|
6
- define_method "#{role}?" do |scope|
6
+ define_method "#{role}?" do |scope = Mumukit::Auth::Slug.any|
7
7
  has_permission? role.to_sym, scope
8
8
  end
9
9
  end
@@ -65,6 +65,10 @@ module Mumukit::Auth
65
65
  self.new *slug.split('/')
66
66
  end
67
67
 
68
+ def self.any
69
+ parse '_/_'
70
+ end
71
+
68
72
  private
69
73
 
70
74
  def match(pattern, part)
@@ -1,5 +1,5 @@
1
1
  module Mumukit
2
2
  module Auth
3
- VERSION = '7.0.0'
3
+ VERSION = '7.1.0'
4
4
  end
5
5
  end
data/lib/mumukit/auth.rb CHANGED
@@ -12,6 +12,7 @@ require_relative './auth/grant'
12
12
  require_relative './auth/client'
13
13
  require_relative './auth/token'
14
14
  require_relative './auth/scope'
15
+ require_relative './auth/protection'
15
16
  require_relative './auth/permissions'
16
17
 
17
18
  require 'ostruct'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mumukit-auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.0
4
+ version: 7.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Franco Leonardo Bulgarelli
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-04-28 00:00:00.000000000 Z
11
+ date: 2017-05-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -93,6 +93,7 @@ files:
93
93
  - lib/mumukit/auth/exceptions.rb
94
94
  - lib/mumukit/auth/grant.rb
95
95
  - lib/mumukit/auth/permissions.rb
96
+ - lib/mumukit/auth/protection.rb
96
97
  - lib/mumukit/auth/role.rb
97
98
  - lib/mumukit/auth/roles.rb
98
99
  - lib/mumukit/auth/scope.rb