u-authorization 2.2.0 → 2.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3eed3ce0a228018f007c58ae1c1e70ae5b782b841f98ae3baad6519c6fc40531
4
- data.tar.gz: 2201d27e01a1f206bf395334b536596dd88fb05760a986c1e29fe4a9253e3f2e
3
+ metadata.gz: e3526fe8435c3d7156d4a879ac31de440227c7e6c64301fd83c4de7290ce8a30
4
+ data.tar.gz: 6afe620c20a8eead3210e280afed85643fb8737b14403fd3c1ce0497b2b7e7ae
5
5
  SHA512:
6
- metadata.gz: 467a55948c8864903d7024c250dd4b9a93244fbb379dc16aa7d91f1f983ba7f5da6d14c6af8e39a52a9639aa30cad129dc84ad2e56bb34b4bfd6245491845809
7
- data.tar.gz: 6c28d09268e034911b19b66a192b53057d21c8c0995fc16e3d1754249da968eeb51d71b074782e1867b2885c67437da25c8c3fb235b7826048f957dc35440514
6
+ metadata.gz: d45f1751962e25ab031bf7196916f71fed329d8528cda715583ffb2cba93da09832ecd12552075e6b077394f8349e2ed64585c593b397728a753507c394b76e7
7
+ data.tar.gz: 1653c3e2cade12615afa6abfde01c49f30b9e3211915802627c4ed297ef8fbd73dcfe888aa07299efa03c8f3106b16cb32d47c570ae6de5fe5b04be3274d2fc9
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- u-authorization (2.2.0)
4
+ u-authorization (2.3.0)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
@@ -50,7 +50,7 @@ module Micro
50
50
 
51
51
  def add_policies(new_policies)
52
52
  unless new_policies.is_a?(Hash)
53
- raise ArgumentError, "policies must be a Hash (key => #{Policy.name})"
53
+ raise ArgumentError, "policies must be a Hash. e.g: `{policy_name: #{Policy.name}}`"
54
54
  end
55
55
 
56
56
  new_policies.each(&method(:add_policy))
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'micro/authorization/permissions/for_each_feature'
3
4
  require 'micro/authorization/permissions/checker'
4
5
  require 'micro/authorization/permissions/model'
5
6
 
@@ -9,11 +10,13 @@ module Micro
9
10
  def self.[](instance)
10
11
  return instance if instance.is_a?(Permissions::Model)
11
12
 
12
- raise ArgumentError, "#{instance.inspect} must be a #{self.name}"
13
+ raise ArgumentError.new(
14
+ "#{instance.inspect} must be a #{Permissions::Model.name}"
15
+ )
13
16
  end
14
17
 
15
- def self.new(role_permissions, context: [])
16
- Permissions::Model.new(role_permissions, context: context)
18
+ def self.new(permissions, context: [])
19
+ Permissions::Model.new(permissions, context)
17
20
  end
18
21
  end
19
22
  end
@@ -1,82 +1,37 @@
1
- module Micro
2
- module Authorization
3
- module Permissions
4
- module CheckRole
5
- extend self
1
+ # frozen_string_literal: true
6
2
 
7
- def call(context, role_permissions, required_features)
8
- required_features
9
- .all? { |feature| has_permission?(context, role_permissions[feature]) }
10
- end
11
-
12
- private
13
-
14
- def has_permission?(context, role_permission)
15
- return false if role_permission.nil?
16
-
17
- if role_permission == false || role_permission == true
18
- role_permission
19
- elsif !(any = role_permission['any']).nil?
20
- any
21
- elsif only = role_permission['only']
22
- check_feature_permission(only, context)
23
- elsif except = role_permission['except']
24
- !check_feature_permission(except, context)
25
- else
26
- raise NotImplementedError
27
- end
28
- end
29
-
30
- def check_feature_permission(context_values, context)
31
- Utils.values_as_downcased_strings(context_values).any? do |context_value|
32
- Array(context_value.split('.')).all? { |permission| context.include?(permission) }
33
- end
34
- end
35
- end
36
-
37
- private_constant :CheckRole
38
-
39
- class RoleChecker
40
- attr_reader :required_context
3
+ module Micro::Authorization
4
+ module Permissions
5
+ class RoleChecker
6
+ attr_reader :features
7
+ alias_method :required_features, :features
41
8
 
42
- def initialize(role, required_context)
43
- @role, @required_context = role, required_context
44
- end
45
-
46
- def context?(_context)
47
- raise NotImplementedError
48
- end
49
-
50
- def required_features
51
- warn "[DEPRECATION] `#{self.class.name}#required_features` is deprecated.\nPlease use `#{self.class.name}#required_context` instead."
52
- required_context
53
- end
9
+ def initialize(role, feature)
10
+ @role = role
11
+ @features = Utils.downcased_strings(feature)
54
12
  end
13
+ end
55
14
 
56
- class SingleRoleChecker < RoleChecker
57
- def context?(context)
58
- CheckRole.call(context, @role, @required_context)
59
- end
15
+ class SingleRoleChecker < RoleChecker
16
+ def context?(context)
17
+ Permissions::ForEachFeature.authorize?(@role, inside: context, to: @features)
60
18
  end
19
+ end
61
20
 
62
- class MultiRoleChecker < RoleChecker
63
- def context?(context)
64
- @role.any? do |role|
65
- CheckRole.call(context, role, @required_context)
66
- end
21
+ class MultipleRolesChecker < RoleChecker
22
+ def context?(context)
23
+ @role.any? do |role|
24
+ Permissions::ForEachFeature.authorize?(role, inside: context, to: @features)
67
25
  end
68
26
  end
27
+ end
69
28
 
70
- private_constant :RoleChecker, :SingleRoleChecker, :MultiRoleChecker
29
+ private_constant :RoleChecker
71
30
 
72
- module Checker
73
- def self.of(role, required_context:)
74
- checker = role.is_a?(Array) ? MultiRoleChecker : SingleRoleChecker
75
- checker.new(
76
- role,
77
- Utils.values_as_downcased_strings(required_context)
78
- )
79
- end
31
+ module Checker
32
+ def self.for(role, feature)
33
+ checker = role.is_a?(Array) ? MultipleRolesChecker : SingleRoleChecker
34
+ checker.new(role, feature)
80
35
  end
81
36
  end
82
37
  end
@@ -0,0 +1,54 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Micro::Authorization
4
+ module Permissions
5
+ module ForEachFeature
6
+ extend self
7
+
8
+ DOT = '.'.freeze
9
+ ANY = 'any'.freeze
10
+ ONLY = 'only'.freeze
11
+ EXCEPT = 'except'.freeze
12
+
13
+ def authorize?(role, inside:, to:)
14
+ to.all? { |feature| permit?(inside, role[feature]) }
15
+ end
16
+
17
+ private
18
+
19
+ def permit?(current_context, feature_permission)
20
+ case feature_permission
21
+ when true then true
22
+ when false, nil then false
23
+ else permit!(current_context, feature_permission)
24
+ end
25
+ end
26
+
27
+ def permit!(current_context, feature_permission)
28
+ result = permit(current_context, feature_permission)
29
+
30
+ return result unless result.nil?
31
+
32
+ raise NotImplementedError
33
+ end
34
+
35
+ def permit(current_context, feature_permission)
36
+ feature_context = feature_permission[ANY]
37
+ return feature_context unless feature_context.nil?
38
+
39
+ feature_context = feature_permission[ONLY]
40
+ return allow?(current_context, feature_context) if feature_context
41
+
42
+ feature_context = feature_permission[EXCEPT]
43
+ !allow?(current_context, feature_context) if feature_context
44
+ end
45
+
46
+ def allow?(current_context, feature_context)
47
+ Utils.downcased_strings(feature_context).any? do |expectation|
48
+ Array(expectation.split(DOT))
49
+ .all? { |expected_value| current_context.include?(expected_value) }
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
@@ -1,31 +1,33 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Micro
2
4
  module Authorization
3
5
  module Permissions
4
6
  class Model
5
7
  attr_reader :role, :context
6
8
 
7
- def initialize(role, context:)
8
- @role = role.dup.freeze
9
+ def initialize(permissions, context)
10
+ @role = permissions.dup.freeze
9
11
  @cache = {}
10
- @context = Utils.values_as_downcased_strings(context).freeze
12
+ @context = Utils.downcased_strings(context).freeze
11
13
  end
12
14
 
13
- def to(required_context)
14
- Permissions::Checker.of(@role, required_context: required_context)
15
+ def to(features)
16
+ Permissions::Checker.for(@role, features)
15
17
  end
16
18
 
17
- def to?(required_context = nil)
18
- has_permission_to = to(required_context)
19
+ def to?(features = nil)
20
+ has_permission_to = to(features)
19
21
 
20
- cache_key = has_permission_to.required_context.inspect
22
+ cache_key = has_permission_to.features.inspect
21
23
 
22
24
  return @cache[cache_key] unless @cache[cache_key].nil?
23
25
 
24
26
  @cache[cache_key] = has_permission_to.context?(@context)
25
27
  end
26
28
 
27
- def to_not?(required_context = nil)
28
- !to?(required_context)
29
+ def to_not?(features = nil)
30
+ !to?(features)
29
31
  end
30
32
  end
31
33
  end
@@ -22,14 +22,13 @@ module Micro
22
22
 
23
23
  private
24
24
 
25
- def permissions; @permissions; end
26
25
  def context; @context; end
27
26
  def subject; @subject; end
28
- def user
29
- @user ||=
30
- context.is_a?(Hash) ? context[:user] || context[:current_user] : context
27
+ def permissions; @permissions; end
28
+ def current_user
29
+ @current_user ||= context[:user] || context[:current_user]
31
30
  end
32
- alias_method :current_user, :user
31
+ alias_method :user, :current_user
33
32
  end
34
33
  end
35
34
  end
@@ -3,7 +3,7 @@
3
3
  module Micro
4
4
  module Authorization
5
5
  module Utils
6
- def self.values_as_downcased_strings(values)
6
+ def self.downcased_strings(values)
7
7
  Array(values).map { |value| String(value).downcase }
8
8
  end
9
9
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Micro
4
4
  module Authorization
5
- VERSION = '2.2.0'.freeze
5
+ VERSION = '2.3.0'.freeze
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: u-authorization
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rodrigo Serradura
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-07-30 00:00:00.000000000 Z
11
+ date: 2019-08-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rake
@@ -41,6 +41,7 @@ files:
41
41
  - lib/micro/authorization/model.rb
42
42
  - lib/micro/authorization/permissions.rb
43
43
  - lib/micro/authorization/permissions/checker.rb
44
+ - lib/micro/authorization/permissions/for_each_feature.rb
44
45
  - lib/micro/authorization/permissions/model.rb
45
46
  - lib/micro/authorization/policy.rb
46
47
  - lib/micro/authorization/utils.rb
@@ -66,7 +67,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
66
67
  - !ruby/object:Gem::Version
67
68
  version: '0'
68
69
  requirements: []
69
- rubygems_version: 3.0.1
70
+ rubygems_version: 3.0.3
70
71
  signing_key:
71
72
  specification_version: 4
72
73
  summary: Authorization library and role managment