proxes 0.9.12 → 0.9.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: daa368238a056af49baf95e92dc664489f80b44e0146508e4006d8b454f79e37
-  data.tar.gz: 4cc6c9716a2101d1b7bba50bce22392772bb80124f6e959d525faaf1f2a43d56
+  metadata.gz: 95d76307001a88f8c450617ba32a844f2b572d221590971d3d2e78648d437c86
+  data.tar.gz: 58d82f430b8c22f1999bc488db50422e0f57045579c4951488c32bb4be02ec18
 SHA512:
-  metadata.gz: 5384c2901a06e83e904f2444f30b2b410b67f6e09e69271390b2298ee29b7762e294cee00a11ed466b869a32c66f0f48f229df3823496ca9520cdfa1682d9241
-  data.tar.gz: cd8c9489ae8593f5e9cab925a00e27f07da849d0eb2b3f16002e9a0b836ce9c0ec0263dc8c260d5205ca95b7dd27c6bdd4e8bb867185c74000ae6478c436a680
+  metadata.gz: 5cfc7eb05f037be6502e5f15dc8e2add30c14579489bdcf382b6fda300859b910585ba0c94df82221f8e611d87050f8ea1693fa4812b4c15307b5cd1b9f93178
+  data.tar.gz: 918a2bcc7730276a8e9cd27c532bdef62da8e5f1509b330da0cc4f5ffe6afa912a4a230dff464fa3eb7dc184c502a3cd61ed4b9ceefb34c4496e8245285d4662

data/lib/ditty/components/proxes.rb

@@ -61,20 +61,21 @@ module Ditty
         ::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_nodes')
         ::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_nodes/stats')
         ::ProxES::Permission.find_or_create(role: user_role, verb: 'GET', pattern: '/_stats')
-        ::ProxES::Permission.find_or_create(role: user_role, verb: 'INDEX', pattern: 'user-{user.id}')
+        ::ProxES::Permission.find_or_create(role: user_role, verb: 'INDEX', pattern: 'user-{user.id}.*')
 
         # Kibana Specific
+        # actions: ["indices:data/read/field_stats", "indices:admin/mappings/fields/get", "indices:admin/get", "indices:data/read/msearch"]
         anon_role = ::Ditty::Role.find_or_create(name: 'anonymous')
         ::Ditty::User.create_anonymous_user('anonymous@proxes.io')
-        ::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/*')
+        ::ProxES::Permission.find_or_create(role: anon_role, verb: 'GET', pattern: '/.kibana/config/.*')
         ::ProxES::Permission.find_or_create(role: anon_role, verb: 'INDEX', pattern: '.kibana')
 
         kibana = ::Ditty::Role.find_or_create(name: 'kibana')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'INDEX', pattern: '.kibana')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'HEAD', pattern: '/')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_nodes*')
-        ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/health*')
-        ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/settings*')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/health.*')
+        ::ProxES::Permission.find_or_create(role: kibana, verb: 'GET', pattern: '/_cluster/settings.*')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_mget')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_search')
         ::ProxES::Permission.find_or_create(role: kibana, verb: 'POST', pattern: '/_msearch')

data/lib/proxes/middleware/error_handling.rb

@@ -28,13 +28,13 @@ module ProxES
       rescue Pundit::NotAuthorizedError, Ditty::Helpers::NotAuthenticated => e
         broadcast(:es_request_denied, request, e)
         log_not_authorized request
-        raise e if env['APP_ENV'] == 'development'
+        raise e if ENV['APP_ENV'] == 'development'
         return [401, {}, []] if request.head?
         request.html? && request.user.nil? ? login_and_redirect(request) : error('Not Authorized', 401)
       rescue StandardError => e
         broadcast(:es_request_denied, request, e)
         log_not_authorized request
-        raise e if env['APP_ENV'] == 'development'
+        raise e if ENV['APP_ENV'] == 'development'
         return [403, {}. []] if request.head?
         error 'Forbidden', 403
       end

data/lib/proxes/middleware/security.rb

@@ -9,10 +9,7 @@ require 'ditty/helpers/authentication'
 module ProxES
   module Middleware
     class Security
-      attr_reader :env, :logger
-
-      include Ditty::Helpers::Authentication
-      include Ditty::Helpers::Pundit
+      attr_reader :logger
 
       def initialize(app, logger = nil)
         @app = app
@@ -20,7 +17,6 @@ module ProxES
       end
 
       def call(env)
-        @env = env
         request = ProxES::Request.from_env(env)
         log(request, 'BEFORE')
 
@@ -48,6 +44,10 @@ module ProxES
         Pundit.authorize(request.user, request, request.request_method.downcase + '?')
       end
 
+      def policy_scope(request)
+        Pundit.policy_scope(request.user, request)
+      end
+
       def log(request, stage)
         logger.debug '============' + stage.ljust(56) + '============'
         logger.debug '= ' + "Request: #{request.detail}".ljust(76) + ' ='

data/lib/proxes/policies/request_policy.rb

@@ -55,7 +55,8 @@ module ProxES
       end
 
       def resolve
-        return [] if user.nil?
+        current_user = user || Ditty::User.anonymous_user
+        return [] if current_user.nil?
         filter request.index, patterns
       end
     end

data/lib/proxes/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ProxES
-  VERSION = '0.9.12'.freeze
+  VERSION = '0.9.13'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: proxes
 version: !ruby/object:Gem::Version
-  version: 0.9.12
+  version: 0.9.13
 platform: ruby
 authors:
 - Jurgens du Toit
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-09-03 00:00:00.000000000 Z
+date: 2018-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler