RubyGems - u-authorization - Versions diffs - 2.2.0 → 2.3.0 - Mend

u-authorization 2.2.0 → 2.3.0

Files changed (11) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/lib/micro/authorization/model.rb +1 -1
data/lib/micro/authorization/permissions.rb +6 -3
data/lib/micro/authorization/permissions/checker.rb +24 -69
data/lib/micro/authorization/permissions/for_each_feature.rb +54 -0
data/lib/micro/authorization/permissions/model.rb +12 -10
data/lib/micro/authorization/policy.rb +4 -5
data/lib/micro/authorization/utils.rb +1 -1
data/lib/micro/authorization/version.rb +1 -1
metadata +4 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3eed3ce0a228018f007c58ae1c1e70ae5b782b841f98ae3baad6519c6fc40531
-  data.tar.gz: 2201d27e01a1f206bf395334b536596dd88fb05760a986c1e29fe4a9253e3f2e
+  metadata.gz: e3526fe8435c3d7156d4a879ac31de440227c7e6c64301fd83c4de7290ce8a30
+  data.tar.gz: 6afe620c20a8eead3210e280afed85643fb8737b14403fd3c1ce0497b2b7e7ae
 SHA512:
-  metadata.gz: 467a55948c8864903d7024c250dd4b9a93244fbb379dc16aa7d91f1f983ba7f5da6d14c6af8e39a52a9639aa30cad129dc84ad2e56bb34b4bfd6245491845809
-  data.tar.gz: 6c28d09268e034911b19b66a192b53057d21c8c0995fc16e3d1754249da968eeb51d71b074782e1867b2885c67437da25c8c3fb235b7826048f957dc35440514
+  metadata.gz: d45f1751962e25ab031bf7196916f71fed329d8528cda715583ffb2cba93da09832ecd12552075e6b077394f8349e2ed64585c593b397728a753507c394b76e7
+  data.tar.gz: 1653c3e2cade12615afa6abfde01c49f30b9e3211915802627c4ed297ef8fbd73dcfe888aa07299efa03c8f3106b16cb32d47c570ae6de5fe5b04be3274d2fc9

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    u-authorization (2.2.0)
+    u-authorization (2.3.0)
 GEM
   remote: https://rubygems.org/

data/lib/micro/authorization/model.rb CHANGED

@@ -50,7 +50,7 @@ module Micro
       def add_policies(new_policies)
         unless new_policies.is_a?(Hash)
-          raise ArgumentError, "policies must be a Hash (key => #{Policy.name})"
+          raise ArgumentError, "policies must be a Hash. e.g: `{policy_name: #{Policy.name}}`"
         end
         new_policies.each(&method(:add_policy))

data/lib/micro/authorization/permissions.rb CHANGED

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require 'micro/authorization/permissions/for_each_feature'
 require 'micro/authorization/permissions/checker'
 require 'micro/authorization/permissions/model'
@@ -9,11 +10,13 @@ module Micro
       def self.[](instance)
         return instance if instance.is_a?(Permissions::Model)
-        raise ArgumentError, "#{instance.inspect} must be a #{self.name}"
+        raise ArgumentError.new(
+          "#{instance.inspect} must be a #{Permissions::Model.name}"
+        )
       end
-      def self.new(role_permissions, context: [])
-        Permissions::Model.new(role_permissions, context: context)
+      def self.new(permissions, context: [])
+        Permissions::Model.new(permissions, context)
       end
     end
   end

data/lib/micro/authorization/permissions/checker.rb CHANGED

@@ -1,82 +1,37 @@
-module Micro
-  module Authorization
-    module Permissions
-      module CheckRole
-        extend self
+# frozen_string_literal: true
-        def call(context, role_permissions, required_features)
-          required_features
-            .all? { |feature| has_permission?(context, role_permissions[feature]) }
-        end
-        private
-        def has_permission?(context, role_permission)
-          return false if role_permission.nil?
-          if role_permission == false || role_permission == true
-            role_permission
-          elsif !(any = role_permission['any']).nil?
-            any
-          elsif only = role_permission['only']
-            check_feature_permission(only, context)
-          elsif except = role_permission['except']
-            !check_feature_permission(except, context)
-          else
-            raise NotImplementedError
-          end
-        end
-        def check_feature_permission(context_values, context)
-          Utils.values_as_downcased_strings(context_values).any? do |context_value|
-            Array(context_value.split('.')).all? { |permission| context.include?(permission) }
-          end
-        end
-      end
-      private_constant :CheckRole
-      class RoleChecker
-        attr_reader :required_context
+module Micro::Authorization
+  module Permissions
+    class RoleChecker
+      attr_reader :features
+      alias_method :required_features, :features
-        def initialize(role, required_context)
-          @role, @required_context = role, required_context
-        end
-        def context?(_context)
-          raise NotImplementedError
-        end
-        def required_features
-          warn "[DEPRECATION] `#{self.class.name}#required_features` is deprecated.\nPlease use `#{self.class.name}#required_context` instead."
-          required_context
-        end
+      def initialize(role, feature)
+        @role = role
+        @features = Utils.downcased_strings(feature)
       end
+    end
-      class SingleRoleChecker < RoleChecker
-        def context?(context)
-          CheckRole.call(context, @role, @required_context)
-        end
+    class SingleRoleChecker < RoleChecker
+      def context?(context)
+        Permissions::ForEachFeature.authorize?(@role, inside: context, to: @features)
       end
+    end
-      class MultiRoleChecker < RoleChecker
-        def context?(context)
-          @role.any? do |role|
-            CheckRole.call(context, role, @required_context)
-          end
+    class MultipleRolesChecker < RoleChecker
+      def context?(context)
+        @role.any? do |role|
+          Permissions::ForEachFeature.authorize?(role, inside: context, to: @features)
         end
       end
+    end
-      private_constant :RoleChecker, :SingleRoleChecker, :MultiRoleChecker
+    private_constant :RoleChecker
-      module Checker
-        def self.of(role, required_context:)
-          checker = role.is_a?(Array) ? MultiRoleChecker : SingleRoleChecker
-          checker.new(
-            role,
-            Utils.values_as_downcased_strings(required_context)
-          )
-        end
+    module Checker
+      def self.for(role, feature)
+        checker = role.is_a?(Array) ? MultipleRolesChecker : SingleRoleChecker
+        checker.new(role, feature)
       end
     end
   end

data/lib/micro/authorization/permissions/for_each_feature.rb ADDED

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+module Micro::Authorization
+  module Permissions
+    module ForEachFeature
+      extend self
+      DOT = '.'.freeze
+      ANY = 'any'.freeze
+      ONLY = 'only'.freeze
+      EXCEPT = 'except'.freeze
+      def authorize?(role, inside:, to:)
+        to.all? { |feature| permit?(inside, role[feature]) }
+      end
+      private
+      def permit?(current_context, feature_permission)
+        case feature_permission
+        when true then true
+        when false, nil then false
+        else permit!(current_context, feature_permission)
+        end
+      end
+      def permit!(current_context, feature_permission)
+        result = permit(current_context, feature_permission)
+        return result unless result.nil?
+        raise NotImplementedError
+      end
+      def permit(current_context, feature_permission)
+        feature_context = feature_permission[ANY]
+        return feature_context unless feature_context.nil?
+        feature_context = feature_permission[ONLY]
+        return allow?(current_context, feature_context) if feature_context
+        feature_context = feature_permission[EXCEPT]
+        !allow?(current_context, feature_context) if feature_context
+      end
+      def allow?(current_context, feature_context)
+        Utils.downcased_strings(feature_context).any? do |expectation|
+          Array(expectation.split(DOT))
+            .all? { |expected_value| current_context.include?(expected_value) }
+        end
+      end
+    end
+  end
+end

data/lib/micro/authorization/permissions/model.rb CHANGED

@@ -1,31 +1,33 @@
+# frozen_string_literal: true
 module Micro
   module Authorization
     module Permissions
       class Model
         attr_reader :role, :context
-        def initialize(role, context:)
-          @role = role.dup.freeze
+        def initialize(permissions, context)
+          @role = permissions.dup.freeze
           @cache = {}
-          @context = Utils.values_as_downcased_strings(context).freeze
+          @context = Utils.downcased_strings(context).freeze
         end
-        def to(required_context)
-          Permissions::Checker.of(@role, required_context: required_context)
+        def to(features)
+          Permissions::Checker.for(@role, features)
         end
-        def to?(required_context = nil)
-          has_permission_to = to(required_context)
+        def to?(features = nil)
+          has_permission_to = to(features)
-          cache_key = has_permission_to.required_context.inspect
+          cache_key = has_permission_to.features.inspect
           return @cache[cache_key] unless @cache[cache_key].nil?
           @cache[cache_key] = has_permission_to.context?(@context)
         end
-        def to_not?(required_context = nil)
-          !to?(required_context)
+        def to_not?(features = nil)
+          !to?(features)
         end
       end
     end

data/lib/micro/authorization/policy.rb CHANGED

@@ -22,14 +22,13 @@ module Micro
       private
-      def permissions; @permissions; end
       def context; @context; end
       def subject; @subject; end
-      def user
-        @user ||=
-          context.is_a?(Hash) ? context[:user] || context[:current_user] : context
+      def permissions; @permissions; end
+      def current_user
+        @current_user ||= context[:user] || context[:current_user]
       end
-      alias_method :current_user, :user
+      alias_method :user, :current_user
     end
   end
 end

data/lib/micro/authorization/utils.rb CHANGED

@@ -3,7 +3,7 @@
 module Micro
   module Authorization
     module Utils
-      def self.values_as_downcased_strings(values)
+      def self.downcased_strings(values)
         Array(values).map { |value| String(value).downcase }
       end
     end

data/lib/micro/authorization/version.rb CHANGED

@@ -2,6 +2,6 @@
 module Micro
   module Authorization
-    VERSION = '2.2.0'.freeze
+    VERSION = '2.3.0'.freeze
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: u-authorization
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Rodrigo Serradura
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-07-30 00:00:00.000000000 Z
+date: 2019-08-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -41,6 +41,7 @@ files:
 - lib/micro/authorization/model.rb
 - lib/micro/authorization/permissions.rb
 - lib/micro/authorization/permissions/checker.rb
+- lib/micro/authorization/permissions/for_each_feature.rb
 - lib/micro/authorization/permissions/model.rb
 - lib/micro/authorization/policy.rb
 - lib/micro/authorization/utils.rb
@@ -66,7 +67,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: Authorization library and role managment