mumukit-auth 7.0.0 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d136ecb1bb6af3070bd6b8fc7b7619177e7d5ec1
-  data.tar.gz: 96b63bae2e85d94b35d95ed581e0ca85f3e1d06c
+  metadata.gz: 6dc8efe9a719847890a69555ecbef9b9d3844d9e
+  data.tar.gz: a7547aa226ea437d6dc4d096776187fb367b122b
 SHA512:
-  metadata.gz: 965df713960806f3e24bdcc800300156a967726715f32633f4b4987bd3b3e3130639d2811984742fcebedc98f83fb32c0b0b12b511320760ad3ce8d99247729c
-  data.tar.gz: a52966d1d60e8ca5486aa42902e43c102ba6334772055996957df19b29a06c21897b9af580cfd0e29df875ead430145a981e3b022ba1ae1ed5322362f60e71dd
+  metadata.gz: 7646c11a128f13f494916e732149852cc3457f069376e6b42dbab74dec87787df6c6d3737bfda2c568b236ff7d012c4eddb743cf19528f0ce4d4b1b92e176cd3
+  data.tar.gz: 766d4c5a3391052ac1fabe125a9d891dd69d75f6eb9e7a9b523133fd5d8c9fd4c47b7774c8a51b4c5ac6404766cb509d6eb9b419453db63201abbaea52d7caab

data/lib/mumukit/auth/permissions.rb

@@ -1,5 +1,6 @@
 class Mumukit::Auth::Permissions
   include Mumukit::Auth::Roles
+  include Mumukit::Auth::Protection
 
   delegate :empty?, to: :scopes
 
@@ -19,11 +20,6 @@ class Mumukit::Auth::Permissions
     scope_for(role).allows?(resource_slug)
   end
 
-  def protect!(role, slug)
-    raise Mumukit::Auth::UnauthorizedAccessError,
-          "Unauthorized access to #{slug} as #{role}. Scope is `#{scope_for role}`" unless has_permission?(role, slug)
-  end
-
   def has_role?(role)
     scopes[role].present?
   end
@@ -32,6 +28,10 @@ class Mumukit::Auth::Permissions
     self.scopes[role] ||= Mumukit::Auth::Scope.new
   end
 
+  def accessible_organizations
+    scope_for(:student)&.grants&.map { |grant| grant.to_mumukit_slug.organization }.to_set
+  end
+
   def add_permission!(role, *grants)
     scope_for(role).add_grant! *grants
   end

data/lib/mumukit/auth/protection.rb

@@ -0,0 +1,12 @@
+module Mumukit::Auth::Protection
+  def protect!(role, slug)
+    raise Mumukit::Auth::UnauthorizedAccessError,
+          "Unauthorized access to #{slug} as #{role}. Scope is `#{scope_for role}`" unless has_permission?(role, slug)
+  end
+
+  def protect_delegation!(other)
+    other ||= {}
+    raise Mumukit::Auth::UnauthorizedAccessError,
+          "Unauthorized delegation to #{other.to_h}" unless delegate_to?(Mumukit::Auth::Permissions.parse(other.to_h))
+  end
+end

data/lib/mumukit/auth/roles.rb

@@ -3,7 +3,7 @@ module Mumukit::Auth
     ROLES = [:student, :teacher, :headmaster, :writer, :editor, :janitor, :owner]
 
     ROLES.each do |role|
-      define_method "#{role}?" do |scope|
+      define_method "#{role}?" do |scope = Mumukit::Auth::Slug.any|
         has_permission? role.to_sym, scope
       end
     end

data/lib/mumukit/auth/slug.rb

@@ -65,6 +65,10 @@ module Mumukit::Auth
       self.new *slug.split('/')
     end
 
+    def self.any
+      parse '_/_'
+    end
+
     private
 
     def match(pattern, part)

data/lib/mumukit/auth/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Auth
-    VERSION = '7.0.0'
+    VERSION = '7.1.0'
   end
 end

data/lib/mumukit/auth.rb

@@ -12,6 +12,7 @@ require_relative './auth/grant'
 require_relative './auth/client'
 require_relative './auth/token'
 require_relative './auth/scope'
+require_relative './auth/protection'
 require_relative './auth/permissions'
 
 require 'ostruct'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-auth
 version: !ruby/object:Gem::Version
-  version: 7.0.0
+  version: 7.1.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-04-28 00:00:00.000000000 Z
+date: 2017-05-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -93,6 +93,7 @@ files:
 - lib/mumukit/auth/exceptions.rb
 - lib/mumukit/auth/grant.rb
 - lib/mumukit/auth/permissions.rb
+- lib/mumukit/auth/protection.rb
 - lib/mumukit/auth/role.rb
 - lib/mumukit/auth/roles.rb
 - lib/mumukit/auth/scope.rb