nexus_cqrs_auth 0.1.0 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/lib/nexus_cqrs_auth/helper.rb +4 -1
- data/lib/nexus_cqrs_auth/middleware.rb +1 -0
- data/lib/nexus_cqrs_auth/permission_provider.rb +42 -0
- data/lib/nexus_cqrs_auth/user_context.rb +13 -0
- data/lib/nexus_cqrs_auth/version.rb +2 -1
- data/lib/nexus_cqrs_auth.rb +3 -0
- data/nexus_cqrs_auth.gemspec +1 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1daefed67dc89410ebe057a05c3c35342aff0129283d729784b285dd0b3bd01
|
|
4
|
+
data.tar.gz: e6cc7a5d8ae88e769bfeb9efacfaaa43c1886f06866239ad006c5b66bd6d171a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 82134ce951fe252f5bdfac8f375e7945d422d7f0aab33b40529bc65e0eee39131f8957a6bacf10d46725427898270004557209de20d0413b47337110e4f089a9
|
|
7
|
+
data.tar.gz: d70ab29cc24370907317039af7b23c6590fdf4341e8d6739b045a35dbd89453631264065b4bea8d55dccf5ccd99ad9bcb8e1a3f1b9f8621e1ab323720b01f37f
|
data/Gemfile
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
1
2
|
require 'pundit'
|
|
2
3
|
require 'strings-case'
|
|
3
4
|
|
|
@@ -6,13 +7,15 @@ module NexusCqrsAuth
|
|
|
6
7
|
def authorize(command, record, query = nil, policy_class: nil)
|
|
7
8
|
query ||= Strings::Case.snakecase(command.demodularised_class_name) + '?'
|
|
8
9
|
@command_user = command.metadata[:current_user]
|
|
10
|
+
@global_permissions = command.metadata[:global_permissions]
|
|
9
11
|
super_ = super(record, query, policy_class: policy_class)
|
|
10
12
|
@command_user = nil
|
|
13
|
+
@global_permissions = nil
|
|
11
14
|
super_
|
|
12
15
|
end
|
|
13
16
|
|
|
14
17
|
def pundit_user
|
|
15
|
-
@command_user
|
|
18
|
+
UserContext.new(@command_user, @global_permissions)
|
|
16
19
|
end
|
|
17
20
|
|
|
18
21
|
def current_user
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module NexusCqrsAuth
|
|
3
|
+
class PermissionProvider
|
|
4
|
+
def initialize(user_id, global_permissions)
|
|
5
|
+
@user_id = user_id
|
|
6
|
+
@global_permissions = parse_permissions_array(global_permissions)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
#
|
|
10
|
+
# has_permission? 'collection:destroy'
|
|
11
|
+
#
|
|
12
|
+
# has_permission? 'collection:edit', CollectionPermission, collection.id
|
|
13
|
+
#
|
|
14
|
+
def has_permission?(permission_key, permission_model = nil, entity_id = nil)
|
|
15
|
+
return true if @global_permissions.include?(permission_key)
|
|
16
|
+
|
|
17
|
+
# check entity-specific permissions
|
|
18
|
+
unless permission_model.nil?
|
|
19
|
+
return true if permission_model.where(permission: permission_key, entity_id: entity_id,
|
|
20
|
+
user_id: @user_id).exists?
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
false
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def parse_permissions_array(permissions_array)
|
|
29
|
+
return [] if permissions_array.nil?
|
|
30
|
+
|
|
31
|
+
permissions = []
|
|
32
|
+
|
|
33
|
+
permissions_array.each do |entity, action_array|
|
|
34
|
+
action_array.each do |action|
|
|
35
|
+
permissions << entity + ":" + action
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
permissions
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module NexusCqrsAuth
|
|
3
|
+
# Class used to provide additional context into pundit. This enables us to not only pass the user model, but also the
|
|
4
|
+
# global permissions for that user - as those are pulled from the user's request, not the model.
|
|
5
|
+
class UserContext
|
|
6
|
+
attr_reader :user, :global_permissions
|
|
7
|
+
|
|
8
|
+
def initialize(user, global_permissions)
|
|
9
|
+
@user = user
|
|
10
|
+
@global_permissions = global_permissions
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
data/lib/nexus_cqrs_auth.rb
CHANGED
data/nexus_cqrs_auth.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexus_cqrs_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Harrison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-10-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nexus_cqrs
|
|
@@ -68,6 +68,8 @@ files:
|
|
|
68
68
|
- lib/nexus_cqrs_auth.rb
|
|
69
69
|
- lib/nexus_cqrs_auth/helper.rb
|
|
70
70
|
- lib/nexus_cqrs_auth/middleware.rb
|
|
71
|
+
- lib/nexus_cqrs_auth/permission_provider.rb
|
|
72
|
+
- lib/nexus_cqrs_auth/user_context.rb
|
|
71
73
|
- lib/nexus_cqrs_auth/version.rb
|
|
72
74
|
- nexus_cqrs_auth.gemspec
|
|
73
75
|
homepage:
|
|
@@ -88,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
88
90
|
- !ruby/object:Gem::Version
|
|
89
91
|
version: '0'
|
|
90
92
|
requirements: []
|
|
91
|
-
rubygems_version: 3.2.
|
|
93
|
+
rubygems_version: 3.2.29
|
|
92
94
|
signing_key:
|
|
93
95
|
specification_version: 4
|
|
94
96
|
summary: Authorisation for the Nexus CQRS pattern
|