u-authorization 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fae66869f76df547c31db71f122b5b2325305e647ac8292b0580ae79e7f2baf6
-  data.tar.gz: 06ee2555095a23ddf2c62ade52bc7f207758762950f10b15e3a06798f0e85cdc
+  metadata.gz: 3eed3ce0a228018f007c58ae1c1e70ae5b782b841f98ae3baad6519c6fc40531
+  data.tar.gz: 2201d27e01a1f206bf395334b536596dd88fb05760a986c1e29fe4a9253e3f2e
 SHA512:
-  metadata.gz: d3f855677e13bb60e5aea15fa662b0c24d5d563ee6dbcf986404442c082c153bdbd3deb20c2844dfb4f34ee12148161a35530afb71518b56457a23c893b28ea5
-  data.tar.gz: f5ade9d183a7c95ee78f13628f5e9a680959ee0d8aefd4f12c1c4e5ec1f318cf55287cb4703a8c4bd32c59133ef57817338b708c7e48980f91764ade66af563d
+  metadata.gz: 467a55948c8864903d7024c250dd4b9a93244fbb379dc16aa7d91f1f983ba7f5da6d14c6af8e39a52a9639aa30cad129dc84ad2e56bb34b4bfd6245491845809
+  data.tar.gz: 6c28d09268e034911b19b66a192b53057d21c8c0995fc16e3d1754249da968eeb51d71b074782e1867b2885c67437da25c8c3fb235b7826048f957dc35440514

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    u-authorization (2.1.0)
+    u-authorization (2.2.0)
 
 GEM
   remote: https://rubygems.org/

data/README.md

@@ -34,16 +34,28 @@ $ gem install u-authorization
   require 'ostruct'
   require 'u-authorization'
 
-  role = OpenStruct.new(
-    name: 'user',
-    permissions: {
-      'visit' => { 'except' => ['billings'] },
-      'edit_users' => false, # Same as: 'edit_users' => { 'any' => false },
-      'export_as_csv' => { 'except' => ['sales'] }
+  module Permissions
+    ADMIN = {
+      'visit'  => { 'any' => true },
+      'export' => { 'any' => true }
+    }
+
+    USER = {
+      'visit'  => { 'except' => ['billings'] },
+      'export' => { 'except' => ['sales'] }
+    }
+
+    ALL = {
+      'admin' => ADMIN,
+      'user'  => USER
     }
-  )
 
-  user = OpenStruct.new(id: 1, role: role)
+    def self.to(role)
+      ALL.fetch(role, 'user')
+    end
+  end
+
+  user = OpenStruct.new(id: 1, role: 'user')
 
   class SalesPolicy < Micro::Authorization::Policy
     def edit?(record)
@@ -52,26 +64,26 @@ $ gem install u-authorization
   end
 
   authorization = Micro::Authorization::Model.build(
-    permissions: user.role.permissions,
-    policies: { default: :sales, sales: SalesPolicy }
+    permissions: Permissions.to(user.role),
+    policies: { default: :sales, sales: SalesPolicy },
     context: {
       user: user,
       to_permit: ['dashboard', 'controllers', 'sales', 'index']
     }
   )
 
-  # Note: In the context, you can use :permissions key as an alias of :to_permit. e.g:
-  # context: {
-  #   user: user,
-  #   permissions: ['dashboard', 'controllers', 'sales', 'index']
-  # }
+  # Info about the `context` data:
+  #   1. :to_permit is a required key
+  #     1.1. :permissions is an alternative of :to_permit key.
+  #   2. :user is an optional key
+  #   3. Any key different of :permissions, will be passed as a policy context.
 
   # Verifying the permissions for the given context
-  authorization.permissions.to?('visit')         #=> true
-  authorization.permissions.to?('export_as_csv') #=> false
+  authorization.permissions.to?('visit')  #=> true
+  authorization.permissions.to?('export') #=> false
 
   # Verifying permission for a given feature in different contexts
-  has_permission_to = authorization.permissions.to('export_as_csv')
+  has_permission_to = authorization.permissions.to('export')
   has_permission_to.context?('billings') #=> true
   has_permission_to.context?('sales')    #=> false
 
@@ -81,15 +93,14 @@ $ gem install u-authorization
   authorization.to(:sales).edit?(charge)   #=> true
 
   # :default is the only permitted key to receive
-  # another symbol as value (a policy reference).
+  # another symbol as a value (a policy reference).
   authorization.to(:default).edit?(charge) #=> true
 
   # #policy() method has a similar behavior of #to(),
-  # but if there is a policy named as ":default", it will be fetched and instantiated by default.
+  # but if there is a policy defined as ":default", it will be fetched and instantiated by default.
   authorization.policy.edit?(charge)         #=> true
   authorization.policy(:sales).edit?(charge) #=> true
 
-
   # Cloning the authorization changing only its context.
   new_authorization = authorization.map(context: [
     'dashboard', 'controllers', 'billings', 'index'
@@ -97,7 +108,27 @@ $ gem install u-authorization
 
   new_authorization.permissions.to?('visit') #=> false
 
-  authorization == new_authorization #=> false
+  authorization.equal?(new_authorization) #=> false
+
+  #========================#
+  # Multi role permissions #
+  #========================#
+
+  authorization = Micro::Authorization::Model.build(
+    permissions: [Permissions::USER, Permissions::ADMIN], # An array of permissions
+    policies: { default: :sales, sales: SalesPolicy },
+    context: {
+      user: user,
+      to_permit: ['dashboard', 'controllers', 'sales', 'index']
+    }
+  )
+
+  authorization.permissions.to?('visit')  #=> true
+  authorization.permissions.to?('export') #=> true
+
+  has_permission_to = authorization.permissions.to('export')
+  has_permission_to.context?('billings') #=> true
+  has_permission_to.context?('sales')    #=> true
 ```
 
 ## Original implementation

data/lib/micro/authorization/permissions/checker.rb

@@ -36,16 +36,46 @@ module Micro
 
       private_constant :CheckRole
 
-      class Checker
-        attr_reader :required_features
+      class RoleChecker
+        attr_reader :required_context
 
-        def initialize(role, features)
-          @role = role
-          @required_features = Utils.values_as_downcased_strings(features)
+        def initialize(role, required_context)
+          @role, @required_context = role, required_context
         end
 
+        def context?(_context)
+          raise NotImplementedError
+        end
+
+        def required_features
+          warn "[DEPRECATION] `#{self.class.name}#required_features` is deprecated.\nPlease use `#{self.class.name}#required_context` instead."
+          required_context
+        end
+      end
+
+      class SingleRoleChecker < RoleChecker
+        def context?(context)
+          CheckRole.call(context, @role, @required_context)
+        end
+      end
+
+      class MultiRoleChecker < RoleChecker
         def context?(context)
-          CheckRole.call(context, @role, @required_features)
+          @role.any? do |role|
+            CheckRole.call(context, role, @required_context)
+          end
+        end
+      end
+
+      private_constant :RoleChecker, :SingleRoleChecker, :MultiRoleChecker
+
+      module Checker
+        def self.of(role, required_context:)
+          checker = role.is_a?(Array) ? MultiRoleChecker : SingleRoleChecker
+          checker.new(
+            role,
+            Utils.values_as_downcased_strings(required_context)
+          )
         end
       end
     end

data/lib/micro/authorization/permissions/model.rb

@@ -10,22 +10,22 @@ module Micro
           @context = Utils.values_as_downcased_strings(context).freeze
         end
 
-        def to(features)
-          Permissions::Checker.new(@role, features)
+        def to(required_context)
+          Permissions::Checker.of(@role, required_context: required_context)
         end
 
-        def to?(features = nil)
-          has_permission_to = to(features)
+        def to?(required_context = nil)
+          has_permission_to = to(required_context)
 
-          cache_key = has_permission_to.required_features.inspect
+          cache_key = has_permission_to.required_context.inspect
 
           return @cache[cache_key] unless @cache[cache_key].nil?
 
           @cache[cache_key] = has_permission_to.context?(@context)
         end
 
-        def to_not?(features = nil)
-          !to?(features)
+        def to_not?(required_context = nil)
+          !to?(required_context)
         end
       end
     end

data/lib/micro/authorization/version.rb

@@ -2,6 +2,6 @@
 
 module Micro
   module Authorization
-    VERSION = '2.1.0'.freeze
+    VERSION = '2.2.0'.freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: u-authorization
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Rodrigo Serradura
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-07-29 00:00:00.000000000 Z
+date: 2019-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake