nexus_cqrs_auth 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/nexus_cqrs_auth/ownable.rb +57 -0
- data/lib/nexus_cqrs_auth/permission_provider.rb +34 -4
- data/lib/nexus_cqrs_auth/version.rb +1 -1
- data/lib/nexus_cqrs_auth.rb +1 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 81a584f66bd17223f77be8efc9e55cd688776ef5bbafda83a287dcfdd9d56930
|
|
4
|
+
data.tar.gz: 482568a0f4bcb831714d0a97939d24392b174c0ccd14d12a61322501ed708fe7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc0c0a9191fa3b5972264806b164fdaa8c67f1c290d7918700de636f6d2d32dfe250392c98bdf06ca5fbee919c87a7b0f31c857534b14934137e0f154d9d4594
|
|
7
|
+
data.tar.gz: 69b83b159ef8202a0fe65b21aeb5848e5aa3e326f6677033c51c72507b97fb2c5bb6d428279dc6f5b4a0330fa6c06395cf669305fa7863e1fdaa3fc486f149ff
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
# Concern used to integrate models to the permissions system. Including this module to a model will assume the
|
|
3
|
+
# model can be "owned" by a user. When the model is created, permissions will automatically be assigned to the user
|
|
4
|
+
# and permissions can be validated and "repaired" retroactively.
|
|
5
|
+
module NexusCqrsAuth
|
|
6
|
+
module Ownable
|
|
7
|
+
extend ActiveSupport::Concern
|
|
8
|
+
|
|
9
|
+
included do
|
|
10
|
+
class_attribute :granted_permissions, default: {}
|
|
11
|
+
|
|
12
|
+
# Default relationship to <class>_permissions
|
|
13
|
+
class_attribute :permissions_relation, default: top_ancestor_class.name.downcase + "_permissions"
|
|
14
|
+
class_attribute :owner_column, default: :user_id
|
|
15
|
+
|
|
16
|
+
before_create :assign_permissions
|
|
17
|
+
|
|
18
|
+
define_model_callbacks :create_permissions
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
module ClassMethods
|
|
22
|
+
# Gets the class that this module is included in
|
|
23
|
+
def top_ancestor_class
|
|
24
|
+
ancestors.first
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def assign_permissions
|
|
29
|
+
# As we are doing this on before_create, we must "build" this association, as opposed to creating it. This
|
|
30
|
+
# ensures validation is passed before saving this parent Collection.
|
|
31
|
+
granted_permissions.each do |p|
|
|
32
|
+
unless permissions.where(permission: p, entity_id: id, user_id: owner_id).exists?
|
|
33
|
+
permissions.build(user_id: owner_id, permission: p)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def validate_owner_permissions
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def owner_id
|
|
42
|
+
send(owner_column)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def permissions
|
|
46
|
+
if respond_to?(permissions_relation)
|
|
47
|
+
return send(permissions_relation)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
raise OwnableRelationshipNotSet, "Permissions relation not set.
|
|
51
|
+
Set it on your model with `self.permissions_relation = :xxx_permissions`, and ensure the relationship has been created"
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
class OwnableRelationshipNotSet < StandardError
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -6,11 +6,14 @@ module NexusCqrsAuth
|
|
|
6
6
|
@global_permissions = parse_permissions_array(global_permissions)
|
|
7
7
|
end
|
|
8
8
|
|
|
9
|
+
# Returns true if the current user has the requested permission on the requested entity (if passed), or globally
|
|
9
10
|
#
|
|
10
|
-
#
|
|
11
|
-
#
|
|
12
|
-
#
|
|
13
|
-
#
|
|
11
|
+
# @param [String] permission_key Permission key to check against
|
|
12
|
+
# @param [ApplicationRecord] permission_model Permission model
|
|
13
|
+
# @param [Integer] entity_id ID of the entity
|
|
14
|
+
# @return [Boolean] Returns true if the current user has this permission on this entity
|
|
15
|
+
# @example Check for permission
|
|
16
|
+
# permissions.has_permission?('collection:publish', CollectionPermissions, collection.id) #=> true
|
|
14
17
|
def has_permission?(permission_key, permission_model = nil, entity_id = nil)
|
|
15
18
|
return false if @user_id.nil?
|
|
16
19
|
|
|
@@ -25,6 +28,33 @@ user_id: @user_id).exists?
|
|
|
25
28
|
false
|
|
26
29
|
end
|
|
27
30
|
|
|
31
|
+
# Retrieves a list of permissions assigned to a user for a specific entity
|
|
32
|
+
#
|
|
33
|
+
# @param [ApplicationRecord] permission_model Permission model
|
|
34
|
+
# @param [Integer] entity_id ID of the entity
|
|
35
|
+
# @return [Array] Returns an array of hashes representing permission keys, along with their global status
|
|
36
|
+
# @example Get a list of permissions
|
|
37
|
+
# permissions.for_user(CollectionPermissions, collection.id) #=>
|
|
38
|
+
# [
|
|
39
|
+
# {:global=>false, :key=>"collection:discard"},
|
|
40
|
+
# {:global=>false, :key=>"collection:publish"},
|
|
41
|
+
# {:global=>false, :key=>"collection:view_under_moderation"},
|
|
42
|
+
# {:global=>false, :key=>"collection:set_status"}
|
|
43
|
+
# ]
|
|
44
|
+
def for_user_on_entity(permission_model, entity_id)
|
|
45
|
+
return [] if @user_id.nil?
|
|
46
|
+
|
|
47
|
+
# retrieve entity-specific permissions from DB and map to hash
|
|
48
|
+
entity_permissions = permission_model.where(user_id: @user_id, entity_id: entity_id)
|
|
49
|
+
.map { |p| { global: false, key: p.permission } }
|
|
50
|
+
|
|
51
|
+
# Map global permissions to hash
|
|
52
|
+
global_permissions = @global_permissions.map { |p| { global: true, key: p } }
|
|
53
|
+
|
|
54
|
+
# Combine hashes and ensure global permissions take priority
|
|
55
|
+
(global_permissions + entity_permissions).uniq { |p| p[:key] }
|
|
56
|
+
end
|
|
57
|
+
|
|
28
58
|
private
|
|
29
59
|
|
|
30
60
|
def parse_permissions_array(permissions_array)
|
data/lib/nexus_cqrs_auth.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexus_cqrs_auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Harrison
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-10-
|
|
11
|
+
date: 2021-10-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nexus_cqrs
|
|
@@ -68,6 +68,7 @@ files:
|
|
|
68
68
|
- lib/nexus_cqrs_auth.rb
|
|
69
69
|
- lib/nexus_cqrs_auth/helper.rb
|
|
70
70
|
- lib/nexus_cqrs_auth/middleware.rb
|
|
71
|
+
- lib/nexus_cqrs_auth/ownable.rb
|
|
71
72
|
- lib/nexus_cqrs_auth/permission_provider.rb
|
|
72
73
|
- lib/nexus_cqrs_auth/user_context.rb
|
|
73
74
|
- lib/nexus_cqrs_auth/version.rb
|
|
@@ -90,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
91
|
- !ruby/object:Gem::Version
|
|
91
92
|
version: '0'
|
|
92
93
|
requirements: []
|
|
93
|
-
rubygems_version: 3.2.
|
|
94
|
+
rubygems_version: 3.2.30
|
|
94
95
|
signing_key:
|
|
95
96
|
specification_version: 4
|
|
96
97
|
summary: Authorisation for the Nexus CQRS pattern
|