nexus_cqrs 0.4.2 → 0.4.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 967dfb16241304d1d0f2233b23e3410b87abff47ec4a916569101a53e4b963c5
-  data.tar.gz: d528d7da45c96cae5fe8a403116e3f9c8abc83c2842dbd165dfa5c3267a81e1d
+  metadata.gz: db72b483e967493d5e37a286713381f251518ec32f163ae7815f99c07d7bc3d7
+  data.tar.gz: 8efd35b594563d0df4e234dd2eba492052aefb3ef995f3e39cac9f071de35a87
 SHA512:
-  metadata.gz: 1f407d669371be6e3fd4f9ad4e55f92678b6fc82825b1dba6f5bf4a1dabb070c79005bdf37a114dd2461f6b99d7213daf777894d04f3337daf4a8255a74fa2f6
-  data.tar.gz: 6d31c90bff990bd92f7aeb9ffcf289d1fe47bb5fd987d47f14fb12e7a7d9baa0571f731a466dff569999976a370c7028a6380c8f4423a5798ecc1063f8847029
+  metadata.gz: c50ca03abdef77895b8c8f3c1a5a1ddff58303c007a82712a2c903ea4a01d66d0e050511908b3b73c1be6d57ec2564ce5430d3e2b000e87a46404e0c8fcb6baa
+  data.tar.gz: 1dc9aa1d54cacdb47ed56ff35b7f7e20f016bfed6eb78ab79628e60ac4fcf9a8b210ef14a4f5b91446246af5e44a953c05cbd31d632a7085ed2fe70cc9d76bf1

data/Gemfile

@@ -11,3 +11,4 @@ gem 'rspec'
 gem "generator_spec"
 gem 'thread_safe'
 gem 'ibsciss-middleware'
+gem 'request_store'

data/Gemfile.lock

@@ -5,6 +5,7 @@ PATH
       generator_spec
       ibsciss-middleware
       pundit
+      request_store
       strings-case
       thread_safe
 
@@ -54,7 +55,7 @@ GEM
     parallel (1.21.0)
     parser (3.0.2.0)
       ast (~> 2.4.1)
-    pundit (2.1.1)
+    pundit (2.2.0)
       activesupport (>= 3.0.0)
     racc (1.6.0)
     rack (2.2.3)
@@ -74,6 +75,8 @@ GEM
     rainbow (3.0.0)
     rake (13.0.6)
     regexp_parser (2.1.1)
+    request_store (1.5.0)
+      rack (>= 1.4)
     rexml (3.2.5)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
@@ -117,6 +120,7 @@ DEPENDENCIES
   generator_spec
   ibsciss-middleware
   nexus_cqrs!
+  request_store
   rspec
   rubocop
   rubocop-shopify (~> 1.0.4)

data/lib/nexus_cqrs/auth/auth.rb

@@ -6,7 +6,7 @@ module NexusCqrs
   # Concern used to provide authorisation abilities to handlers and other classes. Overrides pundit's `authorize` method
   # and creates helpers for the permission_provider
   module Auth
-    include Pundit
+    include Pundit::Authorization
 
     # Overrides pundit's `authorize` method, allowing the message to be passed
     #
@@ -17,7 +17,7 @@ module NexusCqrs
       query ||= Strings::Case.snakecase(message.demodularised_class_name) + '?'
 
       # Retreive the policy class object from the type of record we are passing in
-      policy_class ||= PolicyFinder.new(record).policy
+      policy_class ||= Pundit::PolicyFinder.new(record).policy
 
       # Pull context variables from command
       user = message.metadata[:current_user]
@@ -25,7 +25,7 @@ module NexusCqrs
 
       # Instantiate new policy class, with context
       policy = policy_class.new(UserContext.new(user, global_permissions), record)
-      raise NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
+      raise Pundit::NotAuthorizedError, query: query, record: record, policy: policy unless policy.public_send(query)
 
       record.is_a?(Array) ? record.last : record
     end

data/lib/nexus_cqrs/auth/permission_provider.rb

@@ -1,4 +1,6 @@
 # frozen_string_literal: true
+require 'request_store'
+
 module NexusCqrs
   module Auth
     class PermissionProvider
@@ -22,8 +24,15 @@ module NexusCqrs
 
         # check entity-specific permissions
         unless permission_model.nil?
-          return true if permission_model.where(permission: permission_key, entity_id: entity_id,
-  user_id: @user_id.id).exists?
+
+          # get all permissions for this entity. NOTE: This will be cached per-request.
+          permissions = cached_permissions(permission_model)
+
+          # if there are no permissions for this entity and user, return false
+          return false if permissions[entity_id].nil?
+
+          # if the permission key is in the user's permissions for this entity, return true
+          return true if permissions[entity_id].include?(permission_key)
         end
 
         false
@@ -35,7 +44,7 @@ module NexusCqrs
       # @param [Integer] entity_id ID of the entity
       # @return [Array] Returns an array of hashes representing permission keys, along with their global status
       # @example Get a list of permissions
-      #   permissions.for_user(CollectionPermissions, collection.id) #=>
+      #   permissions.for_user_on_entity(CollectionPermissions, collection.id) #=>
       #     [
       #       {:global=>false, :key=>"collection:discard"},
       #       {:global=>false, :key=>"collection:publish"},
@@ -56,6 +65,35 @@ module NexusCqrs
         (global_permissions + entity_permissions).uniq { |p| p[:key] }
       end
 
+      # Retrieves a list of permissions assigned to a user for ANY entity ID
+      #
+      # @param [ApplicationRecord] permission_model Permission model
+      # @return [Hash] Returns a hash representing each entity and the user's permissions
+      # @example Get a list of permissions
+      #   permissions.for_user(CollectionPermissions) #=>
+      #     {
+      #       1 => ["collection:discard"],
+      #       2 => ["collection:discard"],
+      #       3 => ["collection:discard", "collection:edit"],
+      #       4 => ["collection:discard"],
+      #     }
+      def for_user(permission_model)
+        return {} if @user_id.nil?
+
+        permissions = {}
+
+        # retrieve entity-specific permissions from DB and map to hash
+        permission_model.where(user_id: @user_id).each do |p|
+          if permissions[p.entity_id].nil?
+            permissions[p.entity_id] = [p.permission]
+          else
+            permissions[p.entity_id] << p.permission
+          end
+        end
+
+        permissions
+      end
+
       private
 
       def parse_permissions_array(permissions_array)
@@ -71,6 +109,15 @@ module NexusCqrs
 
         permissions
       end
+
+      # Retrieve all the permissions for this user for a specific model and cache it for this request (as all calls to
+      # a PermissionProvider in the same request will all have the same permissions, this saves on many SQL calls)
+      #
+      # @param [ApplicationRecord] permission_model Permission model
+      # @see PermissionProvider#for_user
+      def cached_permissions(permission_model)
+        ::RequestStore.store[:permissions] ||= for_user(permission_model)
+      end
     end
   end
 end

data/lib/nexus_cqrs/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module NexusCqrs
-  # Leave this as 0.4.2 in order for CI process to replace with the tagged version.
-  VERSION = '0.4.2'
+  # Leave this as 0.4.5 in order for CI process to replace with the tagged version.
+  VERSION = '0.4.5'
 end

data/nexus_cqrs.gemspec

@@ -23,4 +23,5 @@ Gem::Specification.new do |spec|
   spec.add_dependency('ibsciss-middleware')
   spec.add_dependency('pundit')
   spec.add_dependency('strings-case')
+  spec.add_dependency('request_store')
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexus_cqrs
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.4.5
 platform: ruby
 authors:
 - Dean Lovett
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-11-18 00:00:00.000000000 Z
+date: 2022-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: generator_spec
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: request_store
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - dean.lovett@nexusmods.com
@@ -140,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.31
+rubygems_version: 3.3.8
 signing_key: 
 specification_version: 4
 summary: Core package for the nexus cqrs gem