nexus_cqrs_auth 0.0.3 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitlab-ci.yml +1 -1
- data/Gemfile +1 -0
- data/README.md +4 -0
- data/lib/nexus_cqrs_auth/helper.rb +10 -1
- data/lib/nexus_cqrs_auth/middleware.rb +1 -0
- data/lib/nexus_cqrs_auth/permission_provider.rb +42 -0
- data/lib/nexus_cqrs_auth/user_context.rb +13 -0
- data/lib/nexus_cqrs_auth/version.rb +2 -1
- data/lib/nexus_cqrs_auth.rb +3 -0
- data/nexus_cqrs_auth.gemspec +2 -1
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1daefed67dc89410ebe057a05c3c35342aff0129283d729784b285dd0b3bd01
|
|
4
|
+
data.tar.gz: e6cc7a5d8ae88e769bfeb9efacfaaa43c1886f06866239ad006c5b66bd6d171a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 82134ce951fe252f5bdfac8f375e7945d422d7f0aab33b40529bc65e0eee39131f8957a6bacf10d46725427898270004557209de20d0413b47337110e4f089a9
|
|
7
|
+
data.tar.gz: d70ab29cc24370907317039af7b23c6590fdf4341e8d6739b045a35dbd89453631264065b4bea8d55dccf5ccd99ad9bcb8e1a3f1b9f8621e1ab323720b01f37f
|
data/.gitlab-ci.yml
CHANGED
|
@@ -22,7 +22,7 @@ release:
|
|
|
22
22
|
- if: '$CI_COMMIT_TAG'
|
|
23
23
|
script:
|
|
24
24
|
- mkdir -p ~/.gem
|
|
25
|
-
- cp
|
|
25
|
+
- cp $RUBYGEMS_CREDENTIALS ~/.gem/credentials
|
|
26
26
|
- chmod 0600 ~/.gem/credentials
|
|
27
27
|
- gem update --system
|
|
28
28
|
- ruby --version
|
data/Gemfile
CHANGED
data/README.md
CHANGED
|
@@ -70,6 +70,10 @@ end
|
|
|
70
70
|
|
|
71
71
|
You can then write various policies to setup authorisation in CQRS flows.
|
|
72
72
|
|
|
73
|
+
More information about policies can be found in the [Pundit documentation](https://github.com/varvet/pundit).
|
|
74
|
+
|
|
75
|
+
Remember to create a base policy at: `app/policies/application_policy.rb`
|
|
76
|
+
|
|
73
77
|
### Bus level policy
|
|
74
78
|
|
|
75
79
|
Create a policy class in `app/policies/my_message_policy.rb`
|
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
require 'pundit'
|
|
2
3
|
require 'strings-case'
|
|
3
4
|
|
|
@@ -6,12 +7,20 @@ module NexusCqrsAuth
|
|
|
6
7
|
def authorize(command, record, query = nil, policy_class: nil)
|
|
7
8
|
query ||= Strings::Case.snakecase(command.demodularised_class_name) + '?'
|
|
8
9
|
@command_user = command.metadata[:current_user]
|
|
10
|
+
@global_permissions = command.metadata[:global_permissions]
|
|
9
11
|
super_ = super(record, query, policy_class: policy_class)
|
|
10
12
|
@command_user = nil
|
|
13
|
+
@global_permissions = nil
|
|
11
14
|
super_
|
|
12
15
|
end
|
|
13
16
|
|
|
14
17
|
def pundit_user
|
|
15
|
-
@command_user
|
|
18
|
+
UserContext.new(@command_user, @global_permissions)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def current_user
|
|
22
|
+
return super if defined?(super)
|
|
23
|
+
|
|
24
|
+
nil
|
|
16
25
|
end
|
|
17
26
|
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module NexusCqrsAuth
|
|
3
|
+
class PermissionProvider
|
|
4
|
+
def initialize(user_id, global_permissions)
|
|
5
|
+
@user_id = user_id
|
|
6
|
+
@global_permissions = parse_permissions_array(global_permissions)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
#
|
|
10
|
+
# has_permission? 'collection:destroy'
|
|
11
|
+
#
|
|
12
|
+
# has_permission? 'collection:edit', CollectionPermission, collection.id
|
|
13
|
+
#
|
|
14
|
+
def has_permission?(permission_key, permission_model = nil, entity_id = nil)
|
|
15
|
+
return true if @global_permissions.include?(permission_key)
|
|
16
|
+
|
|
17
|
+
# check entity-specific permissions
|
|
18
|
+
unless permission_model.nil?
|
|
19
|
+
return true if permission_model.where(permission: permission_key, entity_id: entity_id,
|
|
20
|
+
user_id: @user_id).exists?
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
false
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def parse_permissions_array(permissions_array)
|
|
29
|
+
return [] if permissions_array.nil?
|
|
30
|
+
|
|
31
|
+
permissions = []
|
|
32
|
+
|
|
33
|
+
permissions_array.each do |entity, action_array|
|
|
34
|
+
action_array.each do |action|
|
|
35
|
+
permissions << entity + ":" + action
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
permissions
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module NexusCqrsAuth
|
|
3
|
+
# Class used to provide additional context into pundit. This enables us to not only pass the user model, but also the
|
|
4
|
+
# global permissions for that user - as those are pulled from the user's request, not the model.
|
|
5
|
+
class UserContext
|
|
6
|
+
attr_reader :user, :global_permissions
|
|
7
|
+
|
|
8
|
+
def initialize(user, global_permissions)
|
|
9
|
+
@user = user
|
|
10
|
+
@global_permissions = global_permissions
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
data/lib/nexus_cqrs_auth.rb
CHANGED
data/nexus_cqrs_auth.gemspec
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
require_relative 'lib/nexus_cqrs_auth/version'
|
|
2
3
|
|
|
3
4
|
Gem::Specification.new do |spec|
|
|
@@ -15,7 +16,7 @@ Gem::Specification.new do |spec|
|
|
|
15
16
|
%x(git ls-files -z).split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
|
16
17
|
end
|
|
17
18
|
spec.require_paths = ['lib']
|
|
18
|
-
spec.add_dependency('nexus_cqrs', '~>0.
|
|
19
|
+
spec.add_dependency('nexus_cqrs', '~>0.2')
|
|
19
20
|
spec.add_dependency('pundit')
|
|
20
21
|
spec.add_dependency('strings-case')
|
|
21
22
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexus_cqrs_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Harrison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-10-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nexus_cqrs
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: '0.2'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: '0.2'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: pundit
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -68,6 +68,8 @@ files:
|
|
|
68
68
|
- lib/nexus_cqrs_auth.rb
|
|
69
69
|
- lib/nexus_cqrs_auth/helper.rb
|
|
70
70
|
- lib/nexus_cqrs_auth/middleware.rb
|
|
71
|
+
- lib/nexus_cqrs_auth/permission_provider.rb
|
|
72
|
+
- lib/nexus_cqrs_auth/user_context.rb
|
|
71
73
|
- lib/nexus_cqrs_auth/version.rb
|
|
72
74
|
- nexus_cqrs_auth.gemspec
|
|
73
75
|
homepage:
|
|
@@ -88,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
88
90
|
- !ruby/object:Gem::Version
|
|
89
91
|
version: '0'
|
|
90
92
|
requirements: []
|
|
91
|
-
rubygems_version: 3.
|
|
93
|
+
rubygems_version: 3.2.29
|
|
92
94
|
signing_key:
|
|
93
95
|
specification_version: 4
|
|
94
96
|
summary: Authorisation for the Nexus CQRS pattern
|