shopapp 0.0.11 → 0.0.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d61621c7a43b70d2557b5a2836407e45bf6f47e1
-  data.tar.gz: 01cdbf466631099586cc65673bcf16a783ca1a04
+  metadata.gz: b0d34cb99d182cb95c2d79b65964c69e0aed0983
+  data.tar.gz: edda06c79c885845a41ba02b04eed2f3cc55d7e3
 SHA512:
-  metadata.gz: 7f7560cf9ed4c21abda70292f4153da1f09e3a4fabee0e06d2bae45df9951550a63cf110b6f664fa1b65ac34d429bf86934db31f0ef47614a385ea18421d76ae
-  data.tar.gz: a867ac8d9866ff2c604e0b58dd69a2632496debfc69a73adec88625707a6f27d711da04195b792b5ad56f826c3757c2140936961052cdc57cf0ef76b56205c4d
+  metadata.gz: 421f92e6ce6160b873cace9270eb8e17e4150d5bcdd67fca7f88cdf15116e682c8db9e1c258cb30e951163a8318d81582e5acc77f70994d215546214cdc440a9
+  data.tar.gz: d064101bc0678fc81c5e110ba77c0078d6fb57bd3f6cea0c12856db1a2a598725655cb2285e7f2249a75078b048bea1add82d9ab89911db045a8ccef0c7a93ec

data/app/controllers/concerns/shoplift_client.rb

@@ -13,9 +13,9 @@ module ShopliftClient
 
   class_methods do
     attr_reader :search_path
+    attr_reader :required_scopes
     attr_reader :do_hide_search_for_this_controller
 
-
     def set_search_path(value)
       @search_path = value
       @search_path = "/#{@search_path}" unless @search_path[0] == '/'
@@ -25,6 +25,13 @@ module ShopliftClient
     def hide_search_for_this_controller
       @do_hide_search_for_this_controller = true
     end
+
+    def require_scopes(scopes)
+      @required_scopes ||= []
+      scopes = [scopes] unless scopes.is_a? Array
+      @required_scopes.concat scopes.map(&:to_s)
+      @required_scopes.uniq!
+    end
   end
 
   def session_cookie
@@ -36,6 +43,7 @@ module ShopliftClient
   end
 
   def redirect_unauthorized
+    return if performed?
     session.clear
     session[:previous_url] = request.fullpath
     redirect_to client.auth_code.authorize_url(
@@ -69,6 +77,15 @@ module ShopliftClient
       begin
         x = srv.get '/api/users/profile'
         @current_user = JSON.parse x.response.body
+        user_scopes = JSON.parse @current_user['scopes']
+        unless user_scopes.include? 'admin'
+          (self.class.required_scopes || []).each do |required_scope|
+            unless user_scopes.include? required_scope
+              render(file: 'shopapp/403.html', status: 403, layout: false, locals: { missing_scope: required_scope })
+              return false
+            end
+          end
+        end
         find_company_by_code current_user['company']['code']
       rescue OAuth2::Error
         return false

data/app/views/shopapp/403.html.haml

@@ -0,0 +1,61 @@
+!!!
+%html
+  %head
+    %meta{:content => "text/html; charset=UTF-8", "http-equiv" => "Content-Type"}/
+    %title You are not allowed to view this page.
+    %meta{:content => "width=device-width,initial-scale=1", :name => "viewport"}/
+    :css
+      .rails-default-error-page {
+        background-color: #EFEFEF;
+        color: #2E2F30;
+        text-align: center;
+        font-family: arial, sans-serif;
+        margin: 0;
+      }
+
+      .rails-default-error-page div.dialog {
+        width: 95%;
+        max-width: 33em;
+        margin: 4em auto 0;
+      }
+
+      .rails-default-error-page div.dialog > div {
+        border: 1px solid #CCC;
+        border-right-color: #999;
+        border-left-color: #999;
+        border-bottom-color: #BBB;
+        border-top: #B00100 solid 4px;
+        border-top-left-radius: 9px;
+        border-top-right-radius: 9px;
+        background-color: white;
+        padding: 7px 12% 0;
+        box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+      }
+
+      .rails-default-error-page h1 {
+        font-size: 100%;
+        color: #730E15;
+        line-height: 1.5em;
+      }
+
+      .rails-default-error-page div.dialog > p {
+        margin: 0 0 1em;
+        padding: 1em;
+        background-color: #F7F7F7;
+        border: 1px solid #CCC;
+        border-right-color: #999;
+        border-left-color: #999;
+        border-bottom-color: #999;
+        border-bottom-left-radius: 4px;
+        border-bottom-right-radius: 4px;
+        border-top-color: #DADADA;
+        color: #666;
+        box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+      }
+  %body.rails-default-error-page
+    / This file lives in public/404.html
+    .dialog
+      %div
+        %h1 The page you were looking for requires priviligies you do not have.
+        %p If you think you should be allowed to view this page, please contact somebody.
+      %p You are missing scope #{missing_scope}

data/shopapp.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name        = 'shopapp'
-  s.version     = '0.0.11'
-  s.date        = '2018-01-09'
+  s.version     = '0.0.12'
+  s.date        = '2018-05-15'
   s.summary     = 'Do a shoplift.'
   s.description = 'Ha! Art thou Bedlam? Dost thou thirst base Trojan, to have me fold up Parca\'s fatal web? Hence!\
                    I am qualmish at the smell of leek.'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shopapp
 version: !ruby/object:Gem::Version
-  version: 0.0.11
+  version: 0.0.12
 platform: ruby
 authors:
 - Zeljko
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-09 00:00:00.000000000 Z
+date: 2018-05-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -162,6 +162,7 @@ files:
 - app/controllers/user_authenticated_controller.rb
 - app/controllers/user_authenticated_or_api_controller.rb
 - app/views/layouts/_header_menu.html.haml
+- app/views/shopapp/403.html.haml
 - app/views/shopapp/_shopapp.html.haml
 - config/initializers/active_settings.rb
 - lib/shopapp.rb