super_auth 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +154 -10
  4. data/db/migrate/1_users.rb +1 -1
  5. data/db/migrate/2_groups.rb +2 -2
  6. data/db/migrate/3_permissions.rb +1 -1
  7. data/db/migrate/4_roles.rb +2 -2
  8. data/db/migrate/5_resources.rb +1 -1
  9. data/db/migrate/6_edge.rb +6 -6
  10. data/lib/basic_loader.rb +1 -0
  11. data/lib/super_auth/edge.rb +91 -91
  12. data/lib/super_auth/group.rb +1 -1
  13. data/lib/super_auth/nestable.rb +2 -2
  14. data/lib/super_auth/permission.rb +11 -11
  15. data/lib/super_auth/railtie.rb +12 -0
  16. data/lib/super_auth/resource.rb +1 -1
  17. data/lib/super_auth/role.rb +1 -1
  18. data/lib/super_auth/user.rb +10 -10
  19. data/lib/super_auth/version.rb +1 -1
  20. data/lib/super_auth.rb +12 -8
  21. data/lib/tasks/super_auth_tasks.rake +13 -0
  22. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e1ea96c948511db2bcb65e7dc10b813ae6b5fddb1bbee785c7a3e59178c7b68f
4
- data.tar.gz: 3d5eb559c56948c9edb31f801f28636ee594578759f83c452d3a62987432394e
3
+ metadata.gz: 6a5da5e9ec945c0624514fb6b72471c934911dfa9e59271aeee08ef7e78e60c7
4
+ data.tar.gz: 6f96f6f911d939a4f4059081b45b68894c7ef1795d232df6f4646c854f4554a1
5
5
  SHA512:
6
- metadata.gz: 272eba9bf5807006f956605eb927c7aaec6594fee0683c8ee155c7f4d614419dbd1927495860cfa73acc9b5973887d273605bdbbff58a8d0726f7f63a9ebdcd5
7
- data.tar.gz: 904ee67ef8c4b858bfec6ea2cfe39bdc692dba063edee0a76f769209301c3c9a8850df37bf8b65584bd5a15db9cbf1df3125429c2d4a43f8b18f49e25c8bf665
6
+ metadata.gz: f747d99cf64d276a95d7e3231885b37289b4e587e09be1febbe070ed416f206b7989bba7c32a64b9d5fddeed6afb2502ef871008e51b64395696d54e54887dd1
7
+ data.tar.gz: b580ce1942b4ce3334639e0ac20c579af0eb65d285beaa403a5c3540c3239d6582d2444fb88d7d67fdf05720e37b7291d104cb208bbc98d393b97e4280ab066e
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- super_auth (0.1.2)
4
+ super_auth (0.1.3)
5
5
  sequel
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -1,23 +1,167 @@
1
1
  # SuperAuth
2
2
 
3
- TODO: Delete this and the text below, and describe your gem
3
+ Super auth is turn-key authorization gem that makes unauthorized access unrepresentable. **Stop writing tests for authorization with confidence**
4
4
 
5
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/super_auth`. To experiment with that code, run `bin/console` for an interactive prompt.
5
+ The intent is to use with ruby applications, as well as centralize authorization for multiple applications. If you look at the [OWASP top vulnerabilty](https://owasp.org/Top10/A01_2021-Broken_Access_Control/), broken
6
+ access control is the NUMBER 1 most common security risk in modern applications today. super_auth provides a authentication strategy that allows you to completely de-risk your application, solving this issue once confidently.
6
7
 
7
- ## Installation
8
8
 
9
- TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
9
+ ## Installation
10
10
 
11
- Install the gem and add to the application's Gemfile by executing:
11
+ gem "super_auth"
12
12
 
13
- $ bundle add UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG
14
13
 
15
- If bundler is not being used to manage dependencies, install the gem by executing:
14
+ ## Docs
16
15
 
17
- $ gem install UPDATE_WITH_YOUR_GEM_NAME_PRIOR_TO_RELEASE_TO_RUBYGEMS_ORG
16
+ How `super_auth` stacks up against other authentication strategies:
17
+ [Do you really understand Authentication](https://dev.to/jonathanfrias/do-you-really-understand-authorization-1o5d)
18
18
 
19
19
  ## Usage
20
20
 
21
+ SuperAuth is a rules engine engine that works on 5 different authorization concepts:
22
+
23
+ - Users
24
+ - Groups
25
+ - Roles
26
+ - Permissions
27
+ - Resources
28
+
29
+ The basis for how this works is that the rules engine is trying to match a user with a resource to determine access.
30
+ The engine determines if it can find an authorization route betewen a user and a resource. It does so by looking at users, groups, roles, permissions.
31
+
32
+ +-------+ +------+
33
+ | Group |<----->| Role |
34
+ +-------+\ / +------+
35
+ ^ \ / ^
36
+ | \/ |
37
+ | /\ |
38
+ | / \ |
39
+ V / \ V
40
+ +---------------+ +------+/ \+------------+ +----------+ +-------------------+
41
+ | YourApp::User |<-->| User |<------>| Permission |<-->| Resource | <--> | YourApp::Resource |
42
+ +---------------+ +------+ +------------+ +----------+ +-------------------+
43
+ ^ ^
44
+ | |
45
+ +----------------------------------+
46
+
47
+
48
+ The lines between the boxes are called [edges](https://en.wikipedia.org/wiki/Glossary_of_graph_theory#edge).
49
+ Note that `Group` and `Role` trees.
50
+
51
+ In general the super_auth has 5 different pathing strategies to search for access.
52
+
53
+ 1. users <-> group[s] <-> role[s] <-> permission <-> resource
54
+ 2. users <-> role[s] <-> permission <-> resource
55
+ 3. users <-> group[s] <-> permission <-> resource
56
+ 4. users <-> permission <-> resource
57
+ 5. users <-> resource
58
+
59
+ Edges can be drawn between any 2 objects, allowing super_auth can seamlessly scale in complexity with you.
60
+ When `Group` and `Role` are used, the rules will apply to all descedants. If there are any edges
61
+ between the specified user and the resource, then access is granted.
62
+
63
+
64
+ You can see usage examples `spec/example_spec.rb`.
65
+
66
+ We're going to need some users:
67
+
68
+ Users:
69
+ - Peter
70
+ - Michael
71
+ - Bethany
72
+ - Eloise
73
+ - Anna
74
+ - Dillon
75
+ - Guest (Unknown User)
76
+
77
+ Let's see an example company structure:
78
+
79
+ Groups:
80
+ - Company
81
+ - Engineering_dept
82
+ - Backend
83
+ - Frontend
84
+ - Sales Department
85
+ - Marketing Department
86
+ - Customers
87
+ - CustomerA
88
+ - CustomerB
89
+ - Vendors
90
+ - VendorA
91
+ - VendorB
92
+
93
+ We're going to define a roles:
94
+
95
+ Roles:
96
+ - Employee
97
+ - Engineering
98
+ - Señor Software Developer
99
+ - Señor Designer
100
+ - Software Developer
101
+ - Production Support
102
+ - Sales and Marketing
103
+ - Marketing Manager
104
+ - Marketing Associate
105
+ - CustomerRole
106
+
107
+ We're going to define some permissions:
108
+
109
+ Permissions:
110
+ - create
111
+ - read
112
+ - update
113
+ - delete
114
+ - invoice
115
+ - login
116
+ - reboot
117
+ - deploy
118
+ - sign_contract
119
+ - subscribe
120
+ - unsubscribe
121
+ - publish_design
122
+
123
+ Finally, we need some resources:
124
+
125
+ Resources:
126
+ - app1
127
+ - app2
128
+ - staging
129
+ - db1
130
+ - db2
131
+ - core_design_template
132
+ - customer_profile
133
+ - marketing_website
134
+ - customer_post1
135
+ - customer_post2
136
+ - customer_post3
137
+
138
+ So we have sufficient prerequisite data to do some interesting authorizations. Let's draw some edges:
139
+
140
+ Peter <-> Frontend # Peter is on the Frontend team. (via Company->Engineering_dept->Frontend)
141
+ Engineering_dept <-> Engineering # Group "Engineering_dept" has the Role "Engineering"
142
+ Engineering <-> create # Engineering role can do basic CRUD operations
143
+ Engineering <-> read # Peter can CRUD too
144
+ Engineering <-> update
145
+ Engineering <-> delete
146
+ core_design_template <-> create # Now, those CRUD permissions apply to core_design_template resource
147
+ core_design_template <-> read
148
+ core_design_template <-> update
149
+ core_design_template <-> delete
150
+
151
+ With this, the following paths are created from Peter to the core_design_template:
152
+
153
+ Peter <-> Frontend <-> Engineering_dept <-> Engineering <-> create <-> core_design_template
154
+ Peter <-> Frontend <-> Engineering_dept <-> Engineering <-> read <-> core_design_template
155
+ Peter <-> Frontend <-> Engineering_dept <-> Engineering <-> update <-> core_design_template
156
+ Peter <-> Frontend <-> Engineering_dept <-> Engineering <-> delete <-> core_design_template
157
+
158
+ Which completes the circuit using the path
159
+ user <-> group <-> group <-> role <-> permission <-> resource
160
+
161
+
162
+ When you create/delete an edge new authorizations are generated and stored in the `super_auth` database table.
163
+ Since the path is stored with the record, it trivial to audit access permissions using basic SQL.
164
+
21
165
  TODO: Write usage instructions here
22
166
 
23
167
  ## Development
@@ -28,8 +172,8 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
28
172
 
29
173
  ## Contributing
30
174
 
31
- Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/super_auth.
175
+ Bug reports and pull requests are welcome on GitHub at https://github.com/JonathanFrias/super_auth.
32
176
 
33
177
  ## License
34
178
 
35
- The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
179
+ The gem is available as open source under the terms of the [GPL](https://www.gnu.org/licenses/quick-guide-gplv3.html).
data/db/migrate/1_users.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  Sequel.migration do
2
2
  change do
3
- create_table(:users) do
3
+ create_table?(:super_auth_users) do
4
4
  primary_key :id
5
5
 
6
6
  String :external_id # , null: false
data/db/migrate/2_groups.rb CHANGED
@@ -1,9 +1,9 @@
1
1
  Sequel.migration do
2
2
  change do
3
- create_table(:groups) do
3
+ create_table?(:super_auth_groups) do
4
4
  primary_key :id
5
5
  String :name, null: false
6
- foreign_key :parent_id, :groups, deferrable: true, type: :integer
6
+ foreign_key :parent_id, :super_auth_groups, deferrable: true, type: :integer
7
7
  DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
8
8
  DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
9
9
  end
data/db/migrate/3_permissions.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  Sequel.migration do
2
2
  change do
3
- create_table(:permissions) do
3
+ create_table?(:super_auth_permissions) do
4
4
  primary_key :id
5
5
  String :name, null: false
6
6
  DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
data/db/migrate/4_roles.rb CHANGED
@@ -1,9 +1,9 @@
1
1
  Sequel.migration do
2
2
  change do
3
- create_table(:roles) do
3
+ create_table?(:super_auth_roles) do
4
4
  primary_key :id
5
5
  String :name, null: false
6
- foreign_key :parent_id, :roles, deferrable: true, type: :integer
6
+ foreign_key :parent_id, :super_auth_roles, deferrable: true, type: :integer
7
7
  DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
8
8
  DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
9
9
  end
data/db/migrate/5_resources.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  Sequel.migration do
2
2
  change do
3
- create_table(:resources) do
3
+ create_table?(:super_auth_resources) do
4
4
  primary_key :id
5
5
 
6
6
  String :name
data/db/migrate/6_edge.rb CHANGED
@@ -1,13 +1,13 @@
1
1
  Sequel.migration do
2
2
  change do
3
- create_table(:edges) do
3
+ create_table?(:super_auth_edges) do
4
4
  primary_key :id
5
5
 
6
- foreign_key :user_id, :users, null: true
7
- foreign_key :group_id, :groups, null: true
8
- foreign_key :permission_id, :permissions, null: true
9
- foreign_key :role_id, :roles, null: true
10
- foreign_key :resource_id, :resources, null: true
6
+ foreign_key :user_id, :super_auth_users, null: true
7
+ foreign_key :group_id, :super_auth_groups, null: true
8
+ foreign_key :permission_id, :super_auth_permissions, null: true
9
+ foreign_key :role_id, :super_auth_roles, null: true
10
+ foreign_key :resource_id, :super_auth_resources, null: true
11
11
 
12
12
  DateTime :created_at, null: false, default: Sequel::CURRENT_TIMESTAMP
13
13
  DateTime :updated_at, null: false, default: Sequel::CURRENT_TIMESTAMP
data/lib/basic_loader.rb CHANGED
@@ -7,6 +7,7 @@ require 'super_auth/edge'
7
7
  require 'super_auth/nestable'
8
8
  require 'super_auth/group'
9
9
  require 'super_auth/permission'
10
+ require 'super_auth/railtie'
10
11
  require 'super_auth/resource'
11
12
  require 'super_auth/role'
12
13
  require 'super_auth/user'
data/lib/super_auth/edge.rb CHANGED
@@ -1,4 +1,4 @@
1
- class SuperAuth::Edge < Sequel::Model(:edges)
1
+ class SuperAuth::Edge < Sequel::Model(:super_auth_edges)
2
2
  many_to_one :user
3
3
  many_to_one :group
4
4
  many_to_one :permission
@@ -15,45 +15,45 @@ class SuperAuth::Edge < Sequel::Model(:edges)
15
15
  end
16
16
 
17
17
  def users_groups_roles_permissions_resources
18
- users_groups_roles_ds = SuperAuth::User.join(:edges, user_id: :id).select_all(:users).join(SuperAuth::Group.from(SuperAuth::Group.trees).as(:groups), id: :group_id).select(
19
- Sequel[:users][:id].as(:user_id),
20
- Sequel[:users][:name].as(:user_name),
21
- Sequel[:users][:external_id].as(:user_external_id),
22
- Sequel[:users][:created_at].as(:user_created_at),
23
- Sequel[:users][:updated_at].as(:user_updated_at),
18
+ users_groups_roles_ds = SuperAuth::User.join(:super_auth_edges, user_id: :id).select_all(:super_auth_users).join(SuperAuth::Group.from(SuperAuth::Group.trees).as(:groups), id: :group_id).select(
19
+ Sequel[:super_auth_users][:id].as(:user_id),
20
+ Sequel[:super_auth_users][:name].as(:user_name),
21
+ Sequel[:super_auth_users][:external_id].as(:user_external_id),
22
+ Sequel[:super_auth_users][:created_at].as(:user_created_at),
23
+ Sequel[:super_auth_users][:updated_at].as(:user_updated_at),
24
24
  Sequel[:groups][:id].as(:group_id),
25
25
  Sequel[:groups][:name].as(:group_name),
26
- Sequel[:edges][:id].as(:edge_id),
27
- Sequel[:edges][:permission_id].as(:edge_permission_id),
28
- Sequel[:edges][:group_id].as(:edge_group_id),
29
- Sequel[:edges][:user_id].as(:edge_user_id),
30
- Sequel[:edges][:role_id].as(:edge_role_id),
26
+ Sequel[:super_auth_edges][:id].as(:edge_id),
27
+ Sequel[:super_auth_edges][:permission_id].as(:edge_permission_id),
28
+ Sequel[:super_auth_edges][:group_id].as(:edge_group_id),
29
+ Sequel[:super_auth_edges][:user_id].as(:edge_user_id),
30
+ Sequel[:super_auth_edges][:role_id].as(:edge_role_id),
31
31
  Sequel[:groups][:group_path],
32
32
  Sequel[:groups][:group_name_path],
33
33
  Sequel[:groups][:parent_id],
34
34
  Sequel[:groups][:created_at].as(:group_created_at),
35
35
  Sequel[:groups][:updated_at].as(:group_updated_at),
36
- ).join(Sequel[:edges].as(:group_role_edges), Sequel[:group_role_edges][:group_id] => Sequel[:groups][:id]).select_append(
36
+ ).join(Sequel[:super_auth_edges].as(:group_role_edges), Sequel[:group_role_edges][:group_id] => Sequel[:groups][:id]).select_append(
37
37
  Sequel[:group_role_edges][:id].as(:group_role_edge_id),
38
38
  Sequel[:group_role_edges][:permission_id].as(:group_role_edge_permission_id),
39
39
  Sequel[:group_role_edges][:group_id].as(:group_role_edge_group_id),
40
40
  Sequel[:group_role_edges][:user_id].as(:group_role_edge_user_id),
41
41
  Sequel[:group_role_edges][:role_id].as(:group_role_edge_role_id),
42
- ).join(:roles, id: Sequel[:group_role_edges][:role_id])
42
+ ).join(:super_auth_roles, id: Sequel[:group_role_edges][:role_id])
43
43
 
44
44
  SuperAuth::Edge.from(
45
45
  SuperAuth::Edge.from(
46
46
  SuperAuth::Group.cte(SuperAuth::Group.where(id: users_groups_roles_ds.select(Sequel[:groups][:id])).select(:id)).select { [id.as(:group_id), name.as(:group_name), parent_id.as(:group_parent_id), group_path, group_name_path, created_at.as(:group_created_at), updated_at.as(:group_updated_at)] },
47
47
  SuperAuth::Role.cte(users_groups_roles_ds.select(Sequel[:group_role_edges][:role_id])).select { [id.as(:role_id), name.as(:role_name), parent_id.as(:role_parent_id), role_path, role_name_path, created_at.as(:role_created_at), updated_at.as(:role_updated_at) ] }
48
48
  ).as(:users_groups_roles_permissions_resources)
49
- ).join(Sequel[:edges].as(:user_edges), Sequel[:user_edges][:group_id] => Sequel[:users_groups_roles_permissions_resources][:group_id])
50
- .join(Sequel[:users], id: Sequel[:user_edges][:user_id])
49
+ ).join(Sequel[:super_auth_edges].as(:user_edges), Sequel[:user_edges][:group_id] => Sequel[:users_groups_roles_permissions_resources][:group_id])
50
+ .join(Sequel[:super_auth_users], id: Sequel[:user_edges][:user_id])
51
51
  .select(
52
- Sequel[:users][:id].as(:user_id),
53
- Sequel[:users][:name].as(:user_name),
54
- Sequel[:users][:external_id].as(:user_external_id),
55
- Sequel[:users][:created_at].cast(:text).as(:user_created_at),
56
- Sequel[:users][:updated_at].cast(:text).as(:user_updated_at),
52
+ Sequel[:super_auth_users][:id].as(:user_id),
53
+ Sequel[:super_auth_users][:name].as(:user_name),
54
+ Sequel[:super_auth_users][:external_id].as(:user_external_id),
55
+ Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
56
+ Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
57
57
 
58
58
  Sequel[:users_groups_roles_permissions_resources][:group_id],
59
59
  Sequel[:users_groups_roles_permissions_resources][:group_name],
@@ -71,32 +71,32 @@ class SuperAuth::Edge < Sequel::Model(:edges)
71
71
  Sequel[:users_groups_roles_permissions_resources][:role_created_at].cast(:text),
72
72
  Sequel[:users_groups_roles_permissions_resources][:role_updated_at].cast(:text),
73
73
 
74
- Sequel[:permissions][:id].as(:permission_id),
75
- Sequel[:permissions][:name].as(:permission_name),
76
- Sequel[:permissions][:created_at].cast(:text).as(:permission_created_at),
77
- Sequel[:permissions][:updated_at].cast(:text).as(:permission_updated_at),
74
+ Sequel[:super_auth_permissions][:id].as(:permission_id),
75
+ Sequel[:super_auth_permissions][:name].as(:permission_name),
76
+ Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
77
+ Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
78
78
 
79
- Sequel[:resources][:id].as(:resource_id),
80
- Sequel[:resources][:name].as(:resource_name),
81
- Sequel[:resources][:external_id].as(:resource_external_id)
79
+ Sequel[:super_auth_resources][:id].as(:resource_id),
80
+ Sequel[:super_auth_resources][:name].as(:resource_name),
81
+ Sequel[:super_auth_resources][:external_id].as(:resource_external_id)
82
82
  )
83
- .join(Sequel[:edges].as(:permission_edges), Sequel[:permission_edges][:role_id] => Sequel[:users_groups_roles_permissions_resources][:role_id])
84
- .join(Sequel[:permissions], id: Sequel[:permission_edges][:permission_id])
85
- .join(Sequel[:edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:permission_edges][:permission_id])
86
- .join(Sequel[:resources], id: Sequel[:resource_edges][:resource_id])
83
+ .join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:role_id] => Sequel[:users_groups_roles_permissions_resources][:role_id])
84
+ .join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id])
85
+ .join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:permission_edges][:permission_id])
86
+ .join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id])
87
87
  .distinct
88
88
  end
89
89
 
90
90
  def users_groups_permissions_resources
91
91
  SuperAuth::User.
92
- join(Sequel[:edges].as(:user_edges), user_id: :id).
92
+ join(Sequel[:super_auth_edges].as(:user_edges), user_id: :id).
93
93
  join(SuperAuth::Group.from(SuperAuth::Group.trees).as(:groups), id: :group_id).
94
94
  select(
95
- Sequel[:users][:id].as(:user_id),
96
- Sequel[:users][:name].as(:user_name),
97
- Sequel[:users][:external_id].as(:user_external_id),
98
- Sequel[:users][:created_at].cast(:text).as(:user_created_at),
99
- Sequel[:users][:updated_at].cast(:text).as(:user_updated_at),
95
+ Sequel[:super_auth_users][:id].as(:user_id),
96
+ Sequel[:super_auth_users][:name].as(:user_name),
97
+ Sequel[:super_auth_users][:external_id].as(:user_external_id),
98
+ Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
99
+ Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
100
100
 
101
101
  Sequel[:groups][:id].as(:group_id),
102
102
  Sequel[:groups][:name].as(:group_name),
@@ -114,40 +114,40 @@ class SuperAuth::Edge < Sequel::Model(:edges)
114
114
  Sequel::NULL.as(:role_created_at), # Sequel[:roles][:created_at].as(:role_created_at),
115
115
  Sequel::NULL.as(:role_updated_at), # Sequel[:roles][:updated_at].as(:role_updated_at),
116
116
 
117
- Sequel[:permissions][:id].as(:permission_id),
118
- Sequel[:permissions][:name].as(:permission_name),
119
- Sequel[:permissions][:created_at].cast(:text).as(:permission_created_at),
120
- Sequel[:permissions][:updated_at].cast(:text).as(:permission_updated_at),
117
+ Sequel[:super_auth_permissions][:id].as(:permission_id),
118
+ Sequel[:super_auth_permissions][:name].as(:permission_name),
119
+ Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
120
+ Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
121
121
 
122
- Sequel[:resources][:id].as(:resource_id),
123
- Sequel[:resources][:name].as(:resource_name),
124
- Sequel[:resources][:external_id].as(:resource_external_id),
122
+ Sequel[:super_auth_resources][:id].as(:resource_id),
123
+ Sequel[:super_auth_resources][:name].as(:resource_name),
124
+ Sequel[:super_auth_resources][:external_id].as(:resource_external_id),
125
125
  ).
126
- join(Sequel[:edges].as(:permission_edges), Sequel[:permission_edges][:group_id] => Sequel[:groups][:id]).
127
- join(Sequel[:permissions], id: Sequel[:permission_edges][:permission_id]).
128
- join(Sequel[:edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:permissions][:id]).
129
- join(Sequel[:resources], id: Sequel[:resource_edges][:resource_id]).
126
+ join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:group_id] => Sequel[:groups][:id]).
127
+ join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id]).
128
+ join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
129
+ join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id]).
130
130
  distinct
131
131
  end
132
132
 
133
133
  def users_roles_permissions_resources
134
134
  SuperAuth::User.
135
- join(Sequel[:edges].as(:user_edges), user_id: :id).
135
+ join(Sequel[:super_auth_edges].as(:user_edges), user_id: :id).
136
136
  join(SuperAuth::Role.from(SuperAuth::Role.trees).as(:roles), id: :role_id).
137
137
  select(
138
- Sequel[:users][:id].as(:user_id),
139
- Sequel[:users][:name].as(:user_name),
140
- Sequel[:users][:external_id].as(:user_external_id),
141
- Sequel[:users][:created_at].cast(:text).as(:user_created_at),
142
- Sequel[:users][:updated_at].cast(:text).as(:user_updated_at),
143
-
144
- Sequel.lit(%Q[0 as "group_id"]), # Sequel[:groups][:group_id],
145
- Sequel::NULL.as(:group_name), # Sequel[:groups][:group_name],
146
- Sequel::NULL.as(:group_path), # Sequel[:groups][:group_path],
147
- Sequel::NULL.as(:group_name_path), # Sequel[:groups][:group_name_path],
148
- Sequel.lit(%Q[0 as "group_parent_id"]), # Sequel[:groups][:group_parent_id],
149
- Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_created_at"]), # Sequel[:groups][:group_created_at],
150
- Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_updated_at"]), # Sequel[:groups][:group_updated_at],
138
+ Sequel[:super_auth_users][:id].as(:user_id),
139
+ Sequel[:super_auth_users][:name].as(:user_name),
140
+ Sequel[:super_auth_users][:external_id].as(:user_external_id),
141
+ Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
142
+ Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
143
+
144
+ Sequel.lit(%Q[0 as "group_id"]), # Sequel[:super_auth_groups][:group_id],
145
+ Sequel::NULL.as(:group_name), # Sequel[:super_auth_groups][:group_name],
146
+ Sequel::NULL.as(:group_path), # Sequel[:super_auth_groups][:group_path],
147
+ Sequel::NULL.as(:group_name_path), # Sequel[:super_auth_groups][:group_name_path],
148
+ Sequel.lit(%Q[0 as "group_parent_id"]), # Sequel[:super_auth_groups][:group_parent_id],
149
+ Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_created_at"]), # Sequel[:super_auth_groups][:group_created_at],
150
+ Sequel.lit(%Q['1970-01-01 00:00:00.000000-00' as "group_updated_at"]), # Sequel[:super_auth_groups][:group_updated_at],
151
151
 
152
152
  Sequel[:roles][:id].as(:role_id),
153
153
  Sequel[:roles][:name].as(:role_name),
@@ -157,31 +157,31 @@ class SuperAuth::Edge < Sequel::Model(:edges)
157
157
  Sequel[:roles][:created_at].cast(:text).as(:role_created_at),
158
158
  Sequel[:roles][:updated_at].cast(:text).as(:role_updated_at),
159
159
 
160
- Sequel[:permissions][:id].as(:permission_id),
161
- Sequel[:permissions][:name].as(:permission_name),
162
- Sequel[:permissions][:created_at].cast(:text).as(:permission_created_at),
163
- Sequel[:permissions][:updated_at].cast(:text).as(:permission_updated_at),
160
+ Sequel[:super_auth_permissions][:id].as(:permission_id),
161
+ Sequel[:super_auth_permissions][:name].as(:permission_name),
162
+ Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
163
+ Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
164
164
 
165
- Sequel[:resources][:id].as(:resource_id),
166
- Sequel[:resources][:name].as(:resource_name),
167
- Sequel[:resources][:external_id].as(:resource_external_id),
165
+ Sequel[:super_auth_resources][:id].as(:resource_id),
166
+ Sequel[:super_auth_resources][:name].as(:resource_name),
167
+ Sequel[:super_auth_resources][:external_id].as(:resource_external_id),
168
168
  ).
169
- join(Sequel[:edges].as(:permission_edges), Sequel[:permission_edges][:role_id] => Sequel[:roles][:id]).
170
- join(Sequel[:permissions], id: Sequel[:permission_edges][:permission_id]).
171
- join(Sequel[:edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:permissions][:id]).
172
- join(Sequel[:resources], id: Sequel[:resource_edges][:resource_id]).
169
+ join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:role_id] => Sequel[:roles][:id]).
170
+ join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id]).
171
+ join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
172
+ join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id]).
173
173
  distinct
174
174
  end
175
175
 
176
176
  def users_permissions_resources
177
177
  SuperAuth::User.
178
- join(Sequel[:edges].as(:user_edges), user_id: :id).
178
+ join(Sequel[:super_auth_edges].as(:user_edges), user_id: :id).
179
179
  select(
180
- Sequel[:users][:id].as(:user_id),
181
- Sequel[:users][:name].as(:user_name),
182
- Sequel[:users][:external_id].as(:user_external_id),
183
- Sequel[:users][:created_at].cast(:text).as(:user_created_at),
184
- Sequel[:users][:updated_at].cast(:text).as(:user_updated_at),
180
+ Sequel[:super_auth_users][:id].as(:user_id),
181
+ Sequel[:super_auth_users][:name].as(:user_name),
182
+ Sequel[:super_auth_users][:external_id].as(:user_external_id),
183
+ Sequel[:super_auth_users][:created_at].cast(:text).as(:user_created_at),
184
+ Sequel[:super_auth_users][:updated_at].cast(:text).as(:user_updated_at),
185
185
 
186
186
  Sequel.lit(%Q[0 as "group_id"]), # Sequel[:groups][:group_id],
187
187
  Sequel::NULL.as(:group_name), # Sequel[:groups][:group_name],
@@ -200,19 +200,19 @@ class SuperAuth::Edge < Sequel::Model(:edges)
200
200
  Sequel::NULL.as(:role_created_at), # Sequel[:roles][:role_created_at],
201
201
  Sequel::NULL.as(:role_updated_at), # Sequel[:roles][:role_updated_at],
202
202
 
203
- Sequel[:permissions][:id].as(:permission_id),
204
- Sequel[:permissions][:name].as(:permission_name),
205
- Sequel[:permissions][:created_at].cast(:text).as(:permission_created_at),
206
- Sequel[:permissions][:updated_at].cast(:text).as(:permission_updated_at),
203
+ Sequel[:super_auth_permissions][:id].as(:permission_id),
204
+ Sequel[:super_auth_permissions][:name].as(:permission_name),
205
+ Sequel[:super_auth_permissions][:created_at].cast(:text).as(:permission_created_at),
206
+ Sequel[:super_auth_permissions][:updated_at].cast(:text).as(:permission_updated_at),
207
207
 
208
- Sequel[:resources][:id].as(:resource_id),
209
- Sequel[:resources][:name].as(:resource_name),
210
- Sequel[:resources][:external_id].as(:resource_external_id)
208
+ Sequel[:super_auth_resources][:id].as(:resource_id),
209
+ Sequel[:super_auth_resources][:name].as(:resource_name),
210
+ Sequel[:super_auth_resources][:external_id].as(:resource_external_id)
211
211
  ).
212
- join(Sequel[:edges].as(:permission_edges), Sequel[:permission_edges][:user_id] => Sequel[:users][:id]).
213
- join(Sequel[:permissions], id: Sequel[:permission_edges][:permission_id]).
214
- join(Sequel[:edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:permissions][:id]).
215
- join(Sequel[:resources], id: Sequel[:resource_edges][:resource_id]).
212
+ join(Sequel[:super_auth_edges].as(:permission_edges), Sequel[:permission_edges][:user_id] => Sequel[:super_auth_users][:id]).
213
+ join(Sequel[:super_auth_permissions], id: Sequel[:permission_edges][:permission_id]).
214
+ join(Sequel[:super_auth_edges].as(:resource_edges), Sequel[:resource_edges][:permission_id] => Sequel[:super_auth_permissions][:id]).
215
+ join(Sequel[:super_auth_resources], id: Sequel[:resource_edges][:resource_id]).
216
216
  distinct
217
217
  end
218
218
  end
data/lib/super_auth/group.rb CHANGED
@@ -1,3 +1,3 @@
1
- class SuperAuth::Group < Sequel::Model(:groups)
1
+ class SuperAuth::Group < Sequel::Model(:super_auth_groups)
2
2
  include SuperAuth::Nestable
3
3
  end
data/lib/super_auth/nestable.rb CHANGED
@@ -110,7 +110,7 @@ module SuperAuth::Nestable
110
110
  end
111
111
 
112
112
  def pluralize(base = self)
113
- "#{demodularize(base).downcase}s".to_sym
113
+ "super_auth_#{demodularize(base).downcase}s".to_sym
114
114
  end
115
115
 
116
116
  def singularize(base = self)
@@ -118,7 +118,7 @@ module SuperAuth::Nestable
118
118
  end
119
119
 
120
120
  def cte_name(base = self)
121
- "#{pluralize(base)}_cte".to_sym
121
+ "super_auth_#{pluralize(base)}_cte".to_sym
122
122
  end
123
123
 
124
124
  def base_path(base = self)
data/lib/super_auth/permission.rb CHANGED
@@ -1,23 +1,23 @@
1
- class SuperAuth::Permission < Sequel::Model(:permissions)
1
+ class SuperAuth::Permission < Sequel::Model(:super_auth_permissions)
2
2
  one_to_many :edges
3
3
 
4
4
  dataset_module do
5
5
  def with_edges
6
- join(:edges, permission_id: :id).select_all(:permissions)
6
+ join(:super_auth_edges, permission_id: :id).select_all(:super_auth_permissions)
7
7
  end
8
8
 
9
9
  def with_roles
10
- with_edges.join(Role.from(Role.trees).as(:roles), id: :role_id).select(
11
- Sequel[:permissions][:id].as(:id),
12
- Sequel[:permissions][:id].as(:permission_id),
10
+ with_edges.join(Role.from(Role.trees).as(:roles), id: :role_id).select(
11
+ Sequel[:super_auth_permissions][:id].as(:id),
12
+ Sequel[:super_auth_permissions][:id].as(:permission_id),
13
13
  Sequel[:roles][:id].as(:role_id),
14
- Sequel[:permissions][:name].as(:permission_name),
14
+ Sequel[:super_auth_permissions][:name].as(:permission_name),
15
15
  Sequel[:roles][:name].as(:role_name),
16
- Sequel[:edges][:id].as(:edge_id),
17
- Sequel[:edges][:permission_id].as(:edge_permission_id),
18
- Sequel[:edges][:group_id].as(:edge_group_id),
19
- Sequel[:edges][:user_id].as(:edge_user_id),
20
- Sequel[:edges][:role_id].as(:edge_role_id),
16
+ Sequel[:super_auth_edges][:id].as(:edge_id),
17
+ Sequel[:super_auth_edges][:permission_id].as(:edge_permission_id),
18
+ Sequel[:super_auth_edges][:group_id].as(:edge_group_id),
19
+ Sequel[:super_auth_edges][:user_id].as(:edge_user_id),
20
+ Sequel[:super_auth_edges][:role_id].as(:edge_role_id),
21
21
  :role_path,
22
22
  :role_name_path,
23
23
  :parent_id
data/lib/super_auth/railtie.rb ADDED
@@ -0,0 +1,12 @@
1
+ module SuperAuth
2
+ if defined? Rails::Railtie
3
+ class Railtie < Rails::Railtie
4
+ rake_tasks do
5
+ load "tasks/super_auth_tasks.rake"
6
+ end
7
+ end
8
+ else
9
+ class Railtie
10
+ end
11
+ end
12
+ end
data/lib/super_auth/resource.rb CHANGED
@@ -1,2 +1,2 @@
1
- class SuperAuth::Resource < Sequel::Model(:resources)
1
+ class SuperAuth::Resource < Sequel::Model(:super_auth_resources)
2
2
  end
data/lib/super_auth/role.rb CHANGED
@@ -1,3 +1,3 @@
1
- class SuperAuth::Role < Sequel::Model(:roles)
1
+ class SuperAuth::Role < Sequel::Model(:super_auth_roles)
2
2
  include SuperAuth::Nestable
3
3
  end
data/lib/super_auth/user.rb CHANGED
@@ -1,23 +1,23 @@
1
- class SuperAuth::User < Sequel::Model(:users)
1
+ class SuperAuth::User < Sequel::Model(:super_auth_users)
2
2
  one_to_many :edges
3
3
 
4
4
  dataset_module do
5
5
  def with_edges
6
- join(:edges, user_id: :id).select_all(:users)
6
+ join(:super_auth_edges, user_id: :id).select_all(:super_auth_users)
7
7
  end
8
8
 
9
9
  def with_groups
10
10
  with_edges.join(Group.from(Group.trees).as(:groups), id: :group_id).select(
11
- Sequel[:users][:id].as(:id),
12
- Sequel[:users][:id].as(:user_id),
11
+ Sequel[:super_auth_users][:id].as(:id),
12
+ Sequel[:super_auth_users][:id].as(:user_id),
13
13
  Sequel[:groups][:id].as(:group_id),
14
- Sequel[:users][:name].as(:user_name),
14
+ Sequel[:super_auth_users][:name].as(:user_name),
15
15
  Sequel[:groups][:name].as(:group_name),
16
- Sequel[:edges][:id].as(:edge_id),
17
- Sequel[:edges][:permission_id].as(:edge_permission_id),
18
- Sequel[:edges][:group_id].as(:edge_group_id),
19
- Sequel[:edges][:user_id].as(:edge_user_id),
20
- Sequel[:edges][:role_id].as(:edge_role_id),
16
+ Sequel[:super_auth_edges][:id].as(:edge_id),
17
+ Sequel[:super_auth_edges][:permission_id].as(:edge_permission_id),
18
+ Sequel[:super_auth_edges][:group_id].as(:edge_group_id),
19
+ Sequel[:super_auth_edges][:user_id].as(:edge_user_id),
20
+ Sequel[:super_auth_edges][:role_id].as(:edge_role_id),
21
21
  Sequel[:groups][:group_path],
22
22
  Sequel[:groups][:group_name_path],
23
23
  Sequel[:groups][:parent_id]
data/lib/super_auth/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SuperAuth
4
- VERSION = "0.1.3"
4
+ VERSION = "0.1.4"
5
5
  end
data/lib/super_auth.rb CHANGED
@@ -13,25 +13,29 @@ end
13
13
  require 'sequel'
14
14
 
15
15
  ENV["SUPER_AUTH_LOG_LEVEL"] = 'debug'
16
- logger = if ENV["SUPER_AUTH_LOG_LEVEL"] == "debug"
17
- require 'logger'
18
- Logger.new(STDOUT)
19
- end
16
+ require 'logger'
17
+ logger = Logger.new(STDOUT)
20
18
 
21
- require 'sequel'
22
19
  Sequel::Model.plugin :timestamps, update_on_create: true
23
20
  if !ENV['SUPER_AUTH_DATABASE_URL'].nil? && !ENV['SUPER_AUTH_DATABASE_URL'].empty?
24
21
  Sequel::Model.db = Sequel.connect(ENV['SUPER_AUTH_DATABASE_URL'], logger: logger)
25
22
  else
26
- puts "Warning: SUPER_AUTH_DATABASE_URL not set, using in memory database"
23
+ logger.warn "SUPER_AUTH_DATABASE_URL not set, using sqlite in memory database."
27
24
  Sequel::Model.db = Sequel.sqlite(logger: logger)
28
- Sequel.extension :migration
29
- Sequel::Migrator.run(Sequel::Model.db, "db/migrate")
30
25
  end
31
26
  Sequel::Model.default_association_options = {:class_namespace=>'SuperAuth'}
32
27
 
28
+ # I don't love this, but I don't know how to do it better
29
+ unless Sequel::Model.db.table_exists?(:super_auth_edges)
30
+ Sequel.extension :migration
31
+ path = Pathname.new(__FILE__).parent.parent.join("db", "migrate")
32
+ Sequel::Migrator.run(Sequel::Model.db, path)
33
+ end
33
34
  require 'basic_loader' unless defined?(SuperAuth::AUTOLOADERS)
34
35
 
36
+
35
37
  module SuperAuth
36
38
  class Error < StandardError; end
37
39
  end
40
+
41
+ require "super_auth/railtie" if defined?(Rails::Railtie)
data/lib/tasks/super_auth_tasks.rake ADDED
@@ -0,0 +1,13 @@
1
+ namespace :super_auth do
2
+ desc "Run the super_auth database migrations"
3
+ task migrate: :environment do
4
+ # TODO: Make this work properly without auto applying migrations, which is silly
5
+ #
6
+ # raise "ENV variable SUPER_AUTH_DATABASE_URL is not set" if ENV['SUPER_AUTH_DATABASE_URL'].nil? || ENV['SUPER_AUTH_DATABASE_URL'].empty?
7
+ # Sequel::Model.db = Sequel.connect(ENV['SUPER_AUTH_DATABASE_URL'])
8
+ # Sequel.extension :migration
9
+ # binding.irb
10
+ # path = Pathname.new(__FILE__).parent.parent.join("db", "migrate")
11
+ # Sequel::Migrator.run(Sequel::Model.db, path)
12
+ end
13
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: super_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Frias
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-30 00:00:00.000000000 Z
11
+ date: 2024-12-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sequel
@@ -64,10 +64,12 @@ files:
64
64
  - lib/super_auth/group.rb
65
65
  - lib/super_auth/nestable.rb
66
66
  - lib/super_auth/permission.rb
67
+ - lib/super_auth/railtie.rb
67
68
  - lib/super_auth/resource.rb
68
69
  - lib/super_auth/role.rb
69
70
  - lib/super_auth/user.rb
70
71
  - lib/super_auth/version.rb
72
+ - lib/tasks/super_auth_tasks.rake
71
73
  homepage: https://github.com/JonathanFrias/super_auth
72
74
  licenses:
73
75
  - MIT
@@ -90,7 +92,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
90
92
  - !ruby/object:Gem::Version
91
93
  version: '0'
92
94
  requirements: []
93
- rubygems_version: 3.5.3
95
+ rubygems_version: 3.4.19
94
96
  signing_key:
95
97
  specification_version: 4
96
98
  summary: Make Unauthenticated State Unrepresentable