mumukit-auth 7.11.0 → 7.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 77c87545b48934c4545514e7596756d0e9bdd91837c8dc671f9e8a8fd6262752
-  data.tar.gz: dbb8db587aa6eb02dd0baa708cfd65096315faa191ff47b057c65ec35cc50cd3
+  metadata.gz: 2c1873c090d214598c8dfde394af11341cbe5ef5da1604479725e3ccab5a30fe
+  data.tar.gz: 315c143eae6654332e7b3d1c13e74d5dfe24a29ecad5ae1063ef3ef7770f121a
 SHA512:
-  metadata.gz: 870916a0477ad23ebd5ae68ed5649f91de95e710309cc846509a74541bdebce734ec715c87c1d016944d5b0772e826031a41d4673465ef6752d38a8358b688ad
-  data.tar.gz: '019eacadcfe2f1c978e4d208048fa74b48a7663dd05e85ea6046b2f25f0a6b11a53562f4af0b24f0098d0398b5700be6e18d7931cc0729cca27b0292c732145c'
+  metadata.gz: ef85cc04780ed65e32524bf1a3f59caabbe9222ea62340b1263c116ac058f06aaf8bac6478605a0b61511ddab04fbe82ee3252b113a8dea2a2bc7cd868ba3795
+  data.tar.gz: dbddcd9a2a0f85d30135fca3b697b1c6a4e99ab8e492aaa81a34fa46b2e4965fd7e867675630aab1889c11650fa992b7c5a162837e906a7690cb2b9ba34ea81a

data/lib/mumukit/auth/permissions.rb

@@ -2,18 +2,15 @@ class Mumukit::Auth::Permissions
   include Mumukit::Auth::Roles
   include Mumukit::Auth::Protection
 
-  delegate :empty?, to: :scopes
-
   attr_accessor :scopes
 
   def initialize(scopes={})
-    raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
-
-    @scopes = scopes.with_indifferent_access
+    @scopes = {}.with_indifferent_access
+    add_scopes! scopes
   end
 
   def has_permission?(role, resource_slug)
-    Mumukit::Auth::Role.parse(role).allows?(resource_slug, self)
+    role.to_mumukit_role.allows?(resource_slug, self)
   end
 
   def role_allows?(role, resource_slug)
@@ -28,6 +25,21 @@ class Mumukit::Auth::Permissions
     self.scopes[role] ||= Mumukit::Auth::Scope.new
   end
 
+  def empty?
+    scopes.all? { |_, it| it.empty? }
+  end
+
+  def compact!
+    old_scopes = @scopes.dup
+    @scopes = {}.with_indifferent_access
+
+    old_scopes.each do |role, scope|
+      scope.grants.each do |grant|
+        push_and_compact! role, grant
+      end
+    end
+  end
+
   # Deprecated: use `student_granted_organizations` organizations instead
   def accessible_organizations
     warn "Don't use accessible_organizations, since this method is probably not doing what you would expect.\n" +
@@ -54,7 +66,13 @@ class Mumukit::Auth::Permissions
   end
 
   def add_permission!(role, *grants)
-    scope_for(role).add_grant! *grants
+    role = role.to_mumukit_role
+    grants.each { |grant| push_and_compact! role, grant }
+  end
+
+  def add_scopes!(scopes)
+    raise 'invalid scopes' if scopes.any? { |key, value| value.class != Mumukit::Auth::Scope }
+    scopes.each { |role, scope| add_permission! role, *scope.grants }
   end
 
   def merge(other)
@@ -146,4 +164,19 @@ class Mumukit::Auth::Permissions
     scope.grants.all? { |grant| has_permission? role, grant }
   end
 
+  def push_and_compact!(role, grant)
+    role = role.to_mumukit_role
+    grant = grant.to_mumukit_grant
+
+    scopes.each do |other_role, other_scope|
+      other_role = other_role.to_mumukit_role
+
+      if other_role.narrower_than?(role)
+        other_scope.remove_narrower_grants!(grant)
+      elsif other_role.broader_than?(role) && other_scope.has_broader_grant?(grant)
+        return
+      end
+    end
+    scope_for(role.to_sym).add_grant! grant
+  end
 end

data/lib/mumukit/auth/role.rb

@@ -1,3 +1,16 @@
+
+class String
+  def to_mumukit_role
+    Mumukit::Auth::Role.parse self
+  end
+end
+
+class Symbol
+  def to_mumukit_role
+    Mumukit::Auth::Role.parse self
+  end
+end
+
 module Mumukit::Auth
   class Role
     def initialize(symbol)
@@ -17,15 +30,31 @@ module Mumukit::Auth
       @symbol
     end
 
-    private
+    def broader_than?(other)
+      other.narrower_than? self
+    end
+
+    def narrower_than?(other)
+      other.class != self.class && _narrower_than_other?(other)
+    end
 
-    def self.parent(parent)
-      define_method(:parent) { self.class.parse(parent) }
+    def to_mumukit_role
+      self
     end
 
-    def self.parse(role)
-      @roles ||= {}
-      @roles[role] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
+    def _narrower_than_other?(other)
+      self.parent.class == other.class || self.parent._narrower_than_other?(other)
+    end
+
+    class << self
+      def parent(parent)
+        define_method(:parent) { self.class.parse(parent) }
+      end
+
+      def parse(role)
+        @roles ||= {}
+        @roles[role.to_sym] ||= "Mumukit::Auth::Role::#{role.to_s.camelize}".constantize.new(role.to_sym)
+      end
     end
 
     class ExStudent < Role
@@ -64,6 +93,10 @@ module Mumukit::Auth
       def parent_allows?(*)
         false
       end
+
+      def _narrower_than_other?(*)
+        false
+      end
     end
   end
 end

data/lib/mumukit/auth/scope.rb

@@ -20,6 +20,10 @@ module Mumukit::Auth
       self.grants.delete(grant)
     end
 
+    def empty?
+      grants.empty?
+    end
+
     def merge(other)
       self.class.new grants + other.grants
     end
@@ -54,6 +58,14 @@ module Mumukit::Auth
       to_s
     end
 
+    def remove_narrower_grants!(grant)
+      grants.reject! { |it| grant.allows? it }
+    end
+
+    def has_broader_grant?(grant)
+      grants.any? { |it| it.allows? grant }
+    end
+
     private
 
     def any_grant?(&block)
@@ -66,13 +78,5 @@ module Mumukit::Auth
       remove_narrower_grants! grant
       grants << grant
     end
-
-    def remove_narrower_grants!(grant)
-      grants.reject! { |it| grant.allows? it }
-    end
-
-    def has_broader_grant?(grant)
-      grants.any? { |it| it.allows? grant }
-    end
   end
 end

data/lib/mumukit/auth/slug.rb

@@ -35,11 +35,11 @@ module Mumukit::Auth
     end
 
     def ==(o)
-      self.class == o.class && self.normalize.eql?(o.normalize)
+      o.is_a?(Mumukit::Auth::Slug) && self.normalize.eql?(o.normalize)
     end
 
     def eql?(o)
-      self.class == o.class && to_s == o.to_s
+      o.is_a?(Mumukit::Auth::Slug) && to_s == o.to_s
     end
 
     def hash
@@ -57,7 +57,15 @@ module Mumukit::Auth
     end
 
     def normalize
-      dup.normalize!
+      Normalized.new(first, second)
+    end
+
+    def normalized_s
+      normalize.to_s
+    end
+
+    def normalized?
+      normalize.eql? self
     end
 
     def inspect
@@ -99,7 +107,7 @@ module Mumukit::Auth
     end
 
     def self.normalize(first, second)
-      new(first, second).normalize!
+      Normalized.new(first, second)
     end
 
     private
@@ -117,11 +125,29 @@ module Mumukit::Auth
         raise Mumukit::Auth::InvalidSlugFormatError, "Invalid slug: #{slug}. It must be in first/second format"
       end
     end
+
+    class Normalized < Slug
+      alias_method :_normalize!, :normalize!
+
+      def initialize(*)
+        super
+        _normalize!
+      end
+
+      def normalize
+        self
+      end
+
+      def normalize!
+        self
+      end
+
+      def normalized?
+        true
+      end
+    end
   end
 
   class InvalidSlugFormatError < StandardError
   end
 end
-
-
-

data/lib/mumukit/auth/version.rb

@@ -1,5 +1,5 @@
 module Mumukit
   module Auth
-    VERSION = '7.11.0'
+    VERSION = '7.12.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mumukit-auth
 version: !ruby/object:Gem::Version
-  version: 7.11.0
+  version: 7.12.0
 platform: ruby
 authors:
 - Franco Leonardo Bulgarelli
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-08-19 00:00:00.000000000 Z
+date: 2021-11-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler