tcs-ldap-permission 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/Gemfile.lock +2 -2
- data/README.md +3 -3
- data/lib/tcs/ldap/group.rb +6 -0
- data/lib/tcs/ldap/permission.rb +17 -4
- data/lib/tcs/ldap/permission/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 9680916e4e4eea217de0da66b7302a9089b7c61368f4a61d82cb95067837c2b3
|
|
4
|
+
data.tar.gz: 70b3bea402407ef6ae215c8f1a38372b81ca3db40c86cb7c2a8d2a048016d8f6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a956eaf072f9bc0b2f2a88e554d8f44f676e9c8362f4504523bae74f4c209c64cd302fcc2482187e21234d99172096a7ea988b85858df93c926cc80d0cb55120
|
|
7
|
+
data.tar.gz: efd1dbc9564645274ae0e423b0bf0aa500f7ec5cf80047b85cb43a9e036d948ffce5646a015995ff7192ef797a12a9d9d17c537289f4c2bea98cf8b8798b1dfc
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -21,7 +21,7 @@ Or install it yourself as:
|
|
|
21
21
|
|
|
22
22
|
## Usage
|
|
23
23
|
|
|
24
|
-
Add a `config/
|
|
24
|
+
Add a `config/ldap_permissions.yml` configuration file, e.g.
|
|
25
25
|
```yaml
|
|
26
26
|
<%= Rails.env %>:
|
|
27
27
|
groups:
|
|
@@ -57,8 +57,8 @@ end
|
|
|
57
57
|
|
|
58
58
|
### Configuration
|
|
59
59
|
|
|
60
|
-
The `config/
|
|
61
|
-
It is preferable to only use groups so that the `config/
|
|
60
|
+
The `config/ldap_permissions.yml` file specifies what actions are available to a group or user.
|
|
61
|
+
It is preferable to only use groups so that the `config/ldap_permissions.yml` doesn't
|
|
62
62
|
need to be updated every time a person moves into or out of a role.
|
|
63
63
|
In situations where it doesn't make sense to create a group, you can specify individual
|
|
64
64
|
users by their login.
|
data/lib/tcs/ldap/group.rb
CHANGED
|
@@ -11,6 +11,8 @@
|
|
|
11
11
|
# ['DC', 'com']
|
|
12
12
|
# ]
|
|
13
13
|
class Tcs::Ldap::Group
|
|
14
|
+
SECURITY_GROUP_ROOT = [["DC", "com"], ["DC", "containerstore"], ["OU", "Group Accounts"], ["OU", "Security Groups"]]
|
|
15
|
+
|
|
14
16
|
def initialize(group_string)
|
|
15
17
|
@original_string = group_string
|
|
16
18
|
# CN=pb\, admins,OU=Security Groups\=good,OU=Group Accounts,DC=containerstore,DC=com
|
|
@@ -28,6 +30,10 @@ class Tcs::Ldap::Group
|
|
|
28
30
|
@nodes = nodes_with_equals_replaced.collect { |n| [n.first, n.last.gsub(/;;/, "=")] }
|
|
29
31
|
end
|
|
30
32
|
|
|
33
|
+
def security_group?
|
|
34
|
+
@nodes.reverse[0...4] == SECURITY_GROUP_ROOT
|
|
35
|
+
end
|
|
36
|
+
|
|
31
37
|
def cn
|
|
32
38
|
@nodes.first.last
|
|
33
39
|
end
|
data/lib/tcs/ldap/permission.rb
CHANGED
|
@@ -24,8 +24,14 @@ module Tcs
|
|
|
24
24
|
klass.extend(ClassMethods)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
|
+
# Return the user's groups that have been configured in ldap_permissions.yml
|
|
27
28
|
def groups
|
|
28
|
-
@groups ||=
|
|
29
|
+
@groups ||= fetch_configured_group_names
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
# Return all of this user's security groups, whether or not they are in ldap_permissions.yml
|
|
33
|
+
def all_security_groups
|
|
34
|
+
@all_security_groups ||= fetch_security_groups
|
|
29
35
|
end
|
|
30
36
|
|
|
31
37
|
def authorized_actions
|
|
@@ -42,11 +48,18 @@ module Tcs
|
|
|
42
48
|
|
|
43
49
|
private
|
|
44
50
|
|
|
45
|
-
def
|
|
51
|
+
def fetch_configured_group_names
|
|
52
|
+
fetch_all_groups.map(&:cn) & self.class.configured_ldap_groups
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def fetch_security_groups
|
|
56
|
+
fetch_all_groups.select(&:security_group?).map(&:cn)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def fetch_all_groups
|
|
46
60
|
ldap_array = ldap(:memberof)
|
|
47
61
|
return [] if ldap_array.nil?
|
|
48
|
-
|
|
49
|
-
groups.collect(&:cn) & self.class.configured_ldap_groups
|
|
62
|
+
ldap_array.collect { |g| Tcs::Ldap::Group.new(g) }
|
|
50
63
|
end
|
|
51
64
|
|
|
52
65
|
def ldap(attr)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcs-ldap-permission
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ed Wagner
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-06-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -104,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
104
104
|
version: '0'
|
|
105
105
|
requirements: []
|
|
106
106
|
rubyforge_project:
|
|
107
|
-
rubygems_version: 2.
|
|
107
|
+
rubygems_version: 2.7.9
|
|
108
108
|
signing_key:
|
|
109
109
|
specification_version: 4
|
|
110
110
|
summary: An easy way to map LDAP groups to application roles
|