u-authorization 2.2.0 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/micro/authorization/model.rb +1 -1
- data/lib/micro/authorization/permissions.rb +6 -3
- data/lib/micro/authorization/permissions/checker.rb +24 -69
- data/lib/micro/authorization/permissions/for_each_feature.rb +54 -0
- data/lib/micro/authorization/permissions/model.rb +12 -10
- data/lib/micro/authorization/policy.rb +4 -5
- data/lib/micro/authorization/utils.rb +1 -1
- data/lib/micro/authorization/version.rb +1 -1
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e3526fe8435c3d7156d4a879ac31de440227c7e6c64301fd83c4de7290ce8a30
|
4
|
+
data.tar.gz: 6afe620c20a8eead3210e280afed85643fb8737b14403fd3c1ce0497b2b7e7ae
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d45f1751962e25ab031bf7196916f71fed329d8528cda715583ffb2cba93da09832ecd12552075e6b077394f8349e2ed64585c593b397728a753507c394b76e7
|
7
|
+
data.tar.gz: 1653c3e2cade12615afa6abfde01c49f30b9e3211915802627c4ed297ef8fbd73dcfe888aa07299efa03c8f3106b16cb32d47c570ae6de5fe5b04be3274d2fc9
|
data/Gemfile.lock
CHANGED
@@ -50,7 +50,7 @@ module Micro
|
|
50
50
|
|
51
51
|
def add_policies(new_policies)
|
52
52
|
unless new_policies.is_a?(Hash)
|
53
|
-
raise ArgumentError, "policies must be a Hash
|
53
|
+
raise ArgumentError, "policies must be a Hash. e.g: `{policy_name: #{Policy.name}}`"
|
54
54
|
end
|
55
55
|
|
56
56
|
new_policies.each(&method(:add_policy))
|
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'micro/authorization/permissions/for_each_feature'
|
3
4
|
require 'micro/authorization/permissions/checker'
|
4
5
|
require 'micro/authorization/permissions/model'
|
5
6
|
|
@@ -9,11 +10,13 @@ module Micro
|
|
9
10
|
def self.[](instance)
|
10
11
|
return instance if instance.is_a?(Permissions::Model)
|
11
12
|
|
12
|
-
raise ArgumentError
|
13
|
+
raise ArgumentError.new(
|
14
|
+
"#{instance.inspect} must be a #{Permissions::Model.name}"
|
15
|
+
)
|
13
16
|
end
|
14
17
|
|
15
|
-
def self.new(
|
16
|
-
Permissions::Model.new(
|
18
|
+
def self.new(permissions, context: [])
|
19
|
+
Permissions::Model.new(permissions, context)
|
17
20
|
end
|
18
21
|
end
|
19
22
|
end
|
@@ -1,82 +1,37 @@
|
|
1
|
-
|
2
|
-
module Authorization
|
3
|
-
module Permissions
|
4
|
-
module CheckRole
|
5
|
-
extend self
|
1
|
+
# frozen_string_literal: true
|
6
2
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
private
|
13
|
-
|
14
|
-
def has_permission?(context, role_permission)
|
15
|
-
return false if role_permission.nil?
|
16
|
-
|
17
|
-
if role_permission == false || role_permission == true
|
18
|
-
role_permission
|
19
|
-
elsif !(any = role_permission['any']).nil?
|
20
|
-
any
|
21
|
-
elsif only = role_permission['only']
|
22
|
-
check_feature_permission(only, context)
|
23
|
-
elsif except = role_permission['except']
|
24
|
-
!check_feature_permission(except, context)
|
25
|
-
else
|
26
|
-
raise NotImplementedError
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
def check_feature_permission(context_values, context)
|
31
|
-
Utils.values_as_downcased_strings(context_values).any? do |context_value|
|
32
|
-
Array(context_value.split('.')).all? { |permission| context.include?(permission) }
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
private_constant :CheckRole
|
38
|
-
|
39
|
-
class RoleChecker
|
40
|
-
attr_reader :required_context
|
3
|
+
module Micro::Authorization
|
4
|
+
module Permissions
|
5
|
+
class RoleChecker
|
6
|
+
attr_reader :features
|
7
|
+
alias_method :required_features, :features
|
41
8
|
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
def context?(_context)
|
47
|
-
raise NotImplementedError
|
48
|
-
end
|
49
|
-
|
50
|
-
def required_features
|
51
|
-
warn "[DEPRECATION] `#{self.class.name}#required_features` is deprecated.\nPlease use `#{self.class.name}#required_context` instead."
|
52
|
-
required_context
|
53
|
-
end
|
9
|
+
def initialize(role, feature)
|
10
|
+
@role = role
|
11
|
+
@features = Utils.downcased_strings(feature)
|
54
12
|
end
|
13
|
+
end
|
55
14
|
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
end
|
15
|
+
class SingleRoleChecker < RoleChecker
|
16
|
+
def context?(context)
|
17
|
+
Permissions::ForEachFeature.authorize?(@role, inside: context, to: @features)
|
60
18
|
end
|
19
|
+
end
|
61
20
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
end
|
21
|
+
class MultipleRolesChecker < RoleChecker
|
22
|
+
def context?(context)
|
23
|
+
@role.any? do |role|
|
24
|
+
Permissions::ForEachFeature.authorize?(role, inside: context, to: @features)
|
67
25
|
end
|
68
26
|
end
|
27
|
+
end
|
69
28
|
|
70
|
-
|
29
|
+
private_constant :RoleChecker
|
71
30
|
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
role,
|
77
|
-
Utils.values_as_downcased_strings(required_context)
|
78
|
-
)
|
79
|
-
end
|
31
|
+
module Checker
|
32
|
+
def self.for(role, feature)
|
33
|
+
checker = role.is_a?(Array) ? MultipleRolesChecker : SingleRoleChecker
|
34
|
+
checker.new(role, feature)
|
80
35
|
end
|
81
36
|
end
|
82
37
|
end
|
@@ -0,0 +1,54 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Micro::Authorization
|
4
|
+
module Permissions
|
5
|
+
module ForEachFeature
|
6
|
+
extend self
|
7
|
+
|
8
|
+
DOT = '.'.freeze
|
9
|
+
ANY = 'any'.freeze
|
10
|
+
ONLY = 'only'.freeze
|
11
|
+
EXCEPT = 'except'.freeze
|
12
|
+
|
13
|
+
def authorize?(role, inside:, to:)
|
14
|
+
to.all? { |feature| permit?(inside, role[feature]) }
|
15
|
+
end
|
16
|
+
|
17
|
+
private
|
18
|
+
|
19
|
+
def permit?(current_context, feature_permission)
|
20
|
+
case feature_permission
|
21
|
+
when true then true
|
22
|
+
when false, nil then false
|
23
|
+
else permit!(current_context, feature_permission)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def permit!(current_context, feature_permission)
|
28
|
+
result = permit(current_context, feature_permission)
|
29
|
+
|
30
|
+
return result unless result.nil?
|
31
|
+
|
32
|
+
raise NotImplementedError
|
33
|
+
end
|
34
|
+
|
35
|
+
def permit(current_context, feature_permission)
|
36
|
+
feature_context = feature_permission[ANY]
|
37
|
+
return feature_context unless feature_context.nil?
|
38
|
+
|
39
|
+
feature_context = feature_permission[ONLY]
|
40
|
+
return allow?(current_context, feature_context) if feature_context
|
41
|
+
|
42
|
+
feature_context = feature_permission[EXCEPT]
|
43
|
+
!allow?(current_context, feature_context) if feature_context
|
44
|
+
end
|
45
|
+
|
46
|
+
def allow?(current_context, feature_context)
|
47
|
+
Utils.downcased_strings(feature_context).any? do |expectation|
|
48
|
+
Array(expectation.split(DOT))
|
49
|
+
.all? { |expected_value| current_context.include?(expected_value) }
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -1,31 +1,33 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Micro
|
2
4
|
module Authorization
|
3
5
|
module Permissions
|
4
6
|
class Model
|
5
7
|
attr_reader :role, :context
|
6
8
|
|
7
|
-
def initialize(
|
8
|
-
@role =
|
9
|
+
def initialize(permissions, context)
|
10
|
+
@role = permissions.dup.freeze
|
9
11
|
@cache = {}
|
10
|
-
@context = Utils.
|
12
|
+
@context = Utils.downcased_strings(context).freeze
|
11
13
|
end
|
12
14
|
|
13
|
-
def to(
|
14
|
-
Permissions::Checker.
|
15
|
+
def to(features)
|
16
|
+
Permissions::Checker.for(@role, features)
|
15
17
|
end
|
16
18
|
|
17
|
-
def to?(
|
18
|
-
has_permission_to = to(
|
19
|
+
def to?(features = nil)
|
20
|
+
has_permission_to = to(features)
|
19
21
|
|
20
|
-
cache_key = has_permission_to.
|
22
|
+
cache_key = has_permission_to.features.inspect
|
21
23
|
|
22
24
|
return @cache[cache_key] unless @cache[cache_key].nil?
|
23
25
|
|
24
26
|
@cache[cache_key] = has_permission_to.context?(@context)
|
25
27
|
end
|
26
28
|
|
27
|
-
def to_not?(
|
28
|
-
!to?(
|
29
|
+
def to_not?(features = nil)
|
30
|
+
!to?(features)
|
29
31
|
end
|
30
32
|
end
|
31
33
|
end
|
@@ -22,14 +22,13 @@ module Micro
|
|
22
22
|
|
23
23
|
private
|
24
24
|
|
25
|
-
def permissions; @permissions; end
|
26
25
|
def context; @context; end
|
27
26
|
def subject; @subject; end
|
28
|
-
def
|
29
|
-
|
30
|
-
|
27
|
+
def permissions; @permissions; end
|
28
|
+
def current_user
|
29
|
+
@current_user ||= context[:user] || context[:current_user]
|
31
30
|
end
|
32
|
-
alias_method :
|
31
|
+
alias_method :user, :current_user
|
33
32
|
end
|
34
33
|
end
|
35
34
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: u-authorization
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rodrigo Serradura
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-08-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rake
|
@@ -41,6 +41,7 @@ files:
|
|
41
41
|
- lib/micro/authorization/model.rb
|
42
42
|
- lib/micro/authorization/permissions.rb
|
43
43
|
- lib/micro/authorization/permissions/checker.rb
|
44
|
+
- lib/micro/authorization/permissions/for_each_feature.rb
|
44
45
|
- lib/micro/authorization/permissions/model.rb
|
45
46
|
- lib/micro/authorization/policy.rb
|
46
47
|
- lib/micro/authorization/utils.rb
|
@@ -66,7 +67,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
66
67
|
- !ruby/object:Gem::Version
|
67
68
|
version: '0'
|
68
69
|
requirements: []
|
69
|
-
rubygems_version: 3.0.
|
70
|
+
rubygems_version: 3.0.3
|
70
71
|
signing_key:
|
71
72
|
specification_version: 4
|
72
73
|
summary: Authorization library and role managment
|