nexus_cqrs_auth 0.1.0 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9e062f14cca2a6a41d143bf648edbe21a6e661056fa5f8a408aeaea5c75d9b69
4
- data.tar.gz: 686b79c46f969565dc23ba210bc48ff4a42f9c2f309b2592f82e0174e9e652b9
3
+ metadata.gz: d1daefed67dc89410ebe057a05c3c35342aff0129283d729784b285dd0b3bd01
4
+ data.tar.gz: e6cc7a5d8ae88e769bfeb9efacfaaa43c1886f06866239ad006c5b66bd6d171a
5
5
  SHA512:
6
- metadata.gz: 3168a7a3ae6bb2070a2b3790043c5630560502515d7305d87a64d36cdfd0ed88f969c036d292452a6be6758f5f045f147a0a6c25ff46463ad3b697b2d418b935
7
- data.tar.gz: 7f64fc4f86f877b19621728360d1f9cbd1ed1afedbff3c8808dc250e9b729af99477c0148af58b64042fa75c88d785296c71d7c55119285b06b05b0bec3db63b
6
+ metadata.gz: 82134ce951fe252f5bdfac8f375e7945d422d7f0aab33b40529bc65e0eee39131f8957a6bacf10d46725427898270004557209de20d0413b47337110e4f089a9
7
+ data.tar.gz: d70ab29cc24370907317039af7b23c6590fdf4341e8d6739b045a35dbd89453631264065b4bea8d55dccf5ccd99ad9bcb8e1a3f1b9f8621e1ab323720b01f37f
data/Gemfile CHANGED
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  source 'https://rubygems.org'
2
3
 
3
4
  gemspec
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'pundit'
2
3
  require 'strings-case'
3
4
 
@@ -6,13 +7,15 @@ module NexusCqrsAuth
6
7
  def authorize(command, record, query = nil, policy_class: nil)
7
8
  query ||= Strings::Case.snakecase(command.demodularised_class_name) + '?'
8
9
  @command_user = command.metadata[:current_user]
10
+ @global_permissions = command.metadata[:global_permissions]
9
11
  super_ = super(record, query, policy_class: policy_class)
10
12
  @command_user = nil
13
+ @global_permissions = nil
11
14
  super_
12
15
  end
13
16
 
14
17
  def pundit_user
15
- @command_user || super || nil
18
+ UserContext.new(@command_user, @global_permissions)
16
19
  end
17
20
 
18
21
  def current_user
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require 'nexus_cqrs'
2
3
  require 'pundit'
3
4
 
@@ -0,0 +1,42 @@
1
+ # frozen_string_literal: true
2
+ module NexusCqrsAuth
3
+ class PermissionProvider
4
+ def initialize(user_id, global_permissions)
5
+ @user_id = user_id
6
+ @global_permissions = parse_permissions_array(global_permissions)
7
+ end
8
+
9
+ #
10
+ # has_permission? 'collection:destroy'
11
+ #
12
+ # has_permission? 'collection:edit', CollectionPermission, collection.id
13
+ #
14
+ def has_permission?(permission_key, permission_model = nil, entity_id = nil)
15
+ return true if @global_permissions.include?(permission_key)
16
+
17
+ # check entity-specific permissions
18
+ unless permission_model.nil?
19
+ return true if permission_model.where(permission: permission_key, entity_id: entity_id,
20
+ user_id: @user_id).exists?
21
+ end
22
+
23
+ false
24
+ end
25
+
26
+ private
27
+
28
+ def parse_permissions_array(permissions_array)
29
+ return [] if permissions_array.nil?
30
+
31
+ permissions = []
32
+
33
+ permissions_array.each do |entity, action_array|
34
+ action_array.each do |action|
35
+ permissions << entity + ":" + action
36
+ end
37
+ end
38
+
39
+ permissions
40
+ end
41
+ end
42
+ end
@@ -0,0 +1,13 @@
1
+ # frozen_string_literal: true
2
+ module NexusCqrsAuth
3
+ # Class used to provide additional context into pundit. This enables us to not only pass the user model, but also the
4
+ # global permissions for that user - as those are pulled from the user's request, not the model.
5
+ class UserContext
6
+ attr_reader :user, :global_permissions
7
+
8
+ def initialize(user, global_permissions)
9
+ @user = user
10
+ @global_permissions = global_permissions
11
+ end
12
+ end
13
+ end
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  module NexusCqrsAuth
2
- VERSION = '0.1.0'
3
+ VERSION = '1.0.0'
3
4
  end
@@ -1,2 +1,5 @@
1
+ # frozen_string_literal: true
1
2
  require 'nexus_cqrs_auth/helper'
2
3
  require 'nexus_cqrs_auth/middleware'
4
+ require 'nexus_cqrs_auth/permission_provider'
5
+ require 'nexus_cqrs_auth/user_context'
@@ -1,3 +1,4 @@
1
+ # frozen_string_literal: true
1
2
  require_relative 'lib/nexus_cqrs_auth/version'
2
3
 
3
4
  Gem::Specification.new do |spec|
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexus_cqrs_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Harrison
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-08-25 00:00:00.000000000 Z
11
+ date: 2021-10-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: nexus_cqrs
@@ -68,6 +68,8 @@ files:
68
68
  - lib/nexus_cqrs_auth.rb
69
69
  - lib/nexus_cqrs_auth/helper.rb
70
70
  - lib/nexus_cqrs_auth/middleware.rb
71
+ - lib/nexus_cqrs_auth/permission_provider.rb
72
+ - lib/nexus_cqrs_auth/user_context.rb
71
73
  - lib/nexus_cqrs_auth/version.rb
72
74
  - nexus_cqrs_auth.gemspec
73
75
  homepage:
@@ -88,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
88
90
  - !ruby/object:Gem::Version
89
91
  version: '0'
90
92
  requirements: []
91
- rubygems_version: 3.2.26
93
+ rubygems_version: 3.2.29
92
94
  signing_key:
93
95
  specification_version: 4
94
96
  summary: Authorisation for the Nexus CQRS pattern