RubyGems - u-authorization - Versions diffs - 2.2.0 → 2.3.0 - Mend

u-authorization 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/lib/micro/authorization/model.rb +1 -1
data/lib/micro/authorization/permissions.rb +6 -3
data/lib/micro/authorization/permissions/checker.rb +24 -69
data/lib/micro/authorization/permissions/for_each_feature.rb +54 -0
data/lib/micro/authorization/permissions/model.rb +12 -10
data/lib/micro/authorization/policy.rb +4 -5
data/lib/micro/authorization/utils.rb +1 -1
data/lib/micro/authorization/version.rb +1 -1
metadata +4 -3

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3eed3ce0a228018f007c58ae1c1e70ae5b782b841f98ae3baad6519c6fc40531
-  data.tar.gz: 2201d27e01a1f206bf395334b536596dd88fb05760a986c1e29fe4a9253e3f2e
+  metadata.gz: e3526fe8435c3d7156d4a879ac31de440227c7e6c64301fd83c4de7290ce8a30
+  data.tar.gz: 6afe620c20a8eead3210e280afed85643fb8737b14403fd3c1ce0497b2b7e7ae
 SHA512:
-  metadata.gz: 467a55948c8864903d7024c250dd4b9a93244fbb379dc16aa7d91f1f983ba7f5da6d14c6af8e39a52a9639aa30cad129dc84ad2e56bb34b4bfd6245491845809
-  data.tar.gz: 6c28d09268e034911b19b66a192b53057d21c8c0995fc16e3d1754249da968eeb51d71b074782e1867b2885c67437da25c8c3fb235b7826048f957dc35440514
+  metadata.gz: d45f1751962e25ab031bf7196916f71fed329d8528cda715583ffb2cba93da09832ecd12552075e6b077394f8349e2ed64585c593b397728a753507c394b76e7
+  data.tar.gz: 1653c3e2cade12615afa6abfde01c49f30b9e3211915802627c4ed297ef8fbd73dcfe888aa07299efa03c8f3106b16cb32d47c570ae6de5fe5b04be3274d2fc9

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    u-authorization (2.2.0)
+    u-authorization (2.3.0)
 GEM
   remote: https://rubygems.org/

data/lib/micro/authorization/model.rb CHANGED

@@ -50,7 +50,7 @@ module Micro
       def add_policies(new_policies)
         unless new_policies.is_a?(Hash)
-          raise ArgumentError, "policies must be a Hash (key => #{Policy.name})"
+          raise ArgumentError, "policies must be a Hash. e.g: `{policy_name: #{Policy.name}}`"
         end
         new_policies.each(&method(:add_policy))

data/lib/micro/authorization/permissions.rb CHANGED

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require 'micro/authorization/permissions/for_each_feature'
 require 'micro/authorization/permissions/checker'
 require 'micro/authorization/permissions/model'
@@ -9,11 +10,13 @@ module Micro
       def self.[](instance)
         return instance if instance.is_a?(Permissions::Model)
-        raise ArgumentError, "#{instance.inspect} must be a #{self.name}"
+        raise ArgumentError.new(
+          "#{instance.inspect} must be a #{Permissions::Model.name}"
+        )
       end
-      def self.new(role_permissions, context: [])
-        Permissions::Model.new(role_permissions, context: context)
+      def self.new(permissions, context: [])
+        Permissions::Model.new(permissions, context)
       end
     end
   end

data/lib/micro/authorization/permissions/checker.rb CHANGED

@@ -1,82 +1,37 @@
-module Micro
-  module Authorization
-    module Permissions
-      module CheckRole
-        extend self
+# frozen_string_literal: true
-        def call(context, role_permissions, required_features)
-          required_features
-            .all? { |feature| has_permission?(context, role_permissions[feature]) }
-        end
-        private
-        def has_permission?(context, role_permission)
-          return false if role_permission.nil?
-          if role_permission == false || role_permission == true
-            role_permission
-          elsif !(any = role_permission['any']).nil?
-            any
-          elsif only = role_permission['only']
-            check_feature_permission(only, context)
-          elsif except = role_permission['except']
-            !check_feature_permission(except, context)
-          else
-            raise NotImplementedError
-          end
-        end
-        def check_feature_permission(context_values, context)
-          Utils.values_as_downcased_strings(context_values).any? do |context_value|
-            Array(context_value.split('.')).all? { |permission| context.include?(permission) }
-          end
-        end
-      end
-      private_constant :CheckRole
-      class RoleChecker
-        attr_reader :required_context
+module Micro::Authorization
+  module Permissions
+    class RoleChecker
+      attr_reader :features
+      alias_method :required_features, :features
-        def initialize(role, required_context)
-          @role, @required_context = role, required_context
-        end
-        def context?(_context)
-          raise NotImplementedError
-        end
-        def required_features
-          warn "[DEPRECATION] `#{self.class.name}#required_features` is deprecated.\nPlease use `#{self.class.name}#required_context` instead."
-          required_context
-        end
+      def initialize(role, feature)
+        @role = role
+        @features = Utils.downcased_strings(feature)
       end
+    end
-      class SingleRoleChecker < RoleChecker
-        def context?(context)
-          CheckRole.call(context, @role, @required_context)
-        end
+    class SingleRoleChecker < RoleChecker
+      def context?(context)
+        Permissions::ForEachFeature.authorize?(@role, inside: context, to: @features)
       end
+    end
-      class MultiRoleChecker < RoleChecker
-        def context?(context)
-          @role.any? do |role|
-            CheckRole.call(context, role, @required_context)
-          end
+    class MultipleRolesChecker < RoleChecker
+      def context?(context)
+        @role.any? do |role|
+          Permissions::ForEachFeature.authorize?(role, inside: context, to: @features)
         end
       end
+    end
-      private_constant :RoleChecker, :SingleRoleChecker, :MultiRoleChecker
+    private_constant :RoleChecker
-      module Checker
-        def self.of(role, required_context:)
-          checker = role.is_a?(Array) ? MultiRoleChecker : SingleRoleChecker
-          checker.new(
-            role,
-            Utils.values_as_downcased_strings(required_context)
-          )
-        end
+    module Checker
+      def self.for(role, feature)
+        checker = role.is_a?(Array) ? MultipleRolesChecker : SingleRoleChecker
+        checker.new(role, feature)
       end
     end
   end

data/lib/micro/authorization/permissions/for_each_feature.rb ADDED

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+module Micro::Authorization
+  module Permissions
+    module ForEachFeature
+      extend self
+      DOT = '.'.freeze
+      ANY = 'any'.freeze
+      ONLY = 'only'.freeze
+      EXCEPT = 'except'.freeze
+      def authorize?(role, inside:, to:)
+        to.all? { |feature| permit?(inside, role[feature]) }
+      end
+      private
+      def permit?(current_context, feature_permission)
+        case feature_permission
+        when true then true
+        when false, nil then false
+        else permit!(current_context, feature_permission)
+        end
+      end
+      def permit!(current_context, feature_permission)
+        result = permit(current_context, feature_permission)
+        return result unless result.nil?
+        raise NotImplementedError
+      end
+      def permit(current_context, feature_permission)
+        feature_context = feature_permission[ANY]
+        return feature_context unless feature_context.nil?
+        feature_context = feature_permission[ONLY]
+        return allow?(current_context, feature_context) if feature_context
+        feature_context = feature_permission[EXCEPT]
+        !allow?(current_context, feature_context) if feature_context
+      end
+      def allow?(current_context, feature_context)
+        Utils.downcased_strings(feature_context).any? do |expectation|
+          Array(expectation.split(DOT))
+            .all? { |expected_value| current_context.include?(expected_value) }
+        end
+      end
+    end
+  end
+end

data/lib/micro/authorization/permissions/model.rb CHANGED

@@ -1,31 +1,33 @@
+# frozen_string_literal: true
 module Micro
   module Authorization
     module Permissions
       class Model
         attr_reader :role, :context
-        def initialize(role, context:)
-          @role = role.dup.freeze
+        def initialize(permissions, context)
+          @role = permissions.dup.freeze
           @cache = {}
-          @context = Utils.values_as_downcased_strings(context).freeze
+          @context = Utils.downcased_strings(context).freeze
         end
-        def to(required_context)
-          Permissions::Checker.of(@role, required_context: required_context)
+        def to(features)
+          Permissions::Checker.for(@role, features)
         end
-        def to?(required_context = nil)
-          has_permission_to = to(required_context)
+        def to?(features = nil)
+          has_permission_to = to(features)
-          cache_key = has_permission_to.required_context.inspect
+          cache_key = has_permission_to.features.inspect
           return @cache[cache_key] unless @cache[cache_key].nil?
           @cache[cache_key] = has_permission_to.context?(@context)
         end
-        def to_not?(required_context = nil)
-          !to?(required_context)
+        def to_not?(features = nil)
+          !to?(features)
         end
       end
     end

data/lib/micro/authorization/policy.rb CHANGED

@@ -22,14 +22,13 @@ module Micro
       private
-      def permissions; @permissions; end
       def context; @context; end
       def subject; @subject; end
-      def user
-        @user ||=
-          context.is_a?(Hash) ? context[:user] || context[:current_user] : context
+      def permissions; @permissions; end
+      def current_user
+        @current_user ||= context[:user] || context[:current_user]
       end
-      alias_method :current_user, :user
+      alias_method :user, :current_user
     end
   end
 end

data/lib/micro/authorization/utils.rb CHANGED

@@ -3,7 +3,7 @@
 module Micro
   module Authorization
     module Utils
-      def self.values_as_downcased_strings(values)
+      def self.downcased_strings(values)
         Array(values).map { |value| String(value).downcase }
       end
     end

data/lib/micro/authorization/version.rb CHANGED

@@ -2,6 +2,6 @@
 module Micro
   module Authorization
-    VERSION = '2.2.0'.freeze
+    VERSION = '2.3.0'.freeze
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: u-authorization
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Rodrigo Serradura
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-07-30 00:00:00.000000000 Z
+date: 2019-08-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -41,6 +41,7 @@ files:
 - lib/micro/authorization/model.rb
 - lib/micro/authorization/permissions.rb
 - lib/micro/authorization/permissions/checker.rb
+- lib/micro/authorization/permissions/for_each_feature.rb
 - lib/micro/authorization/permissions/model.rb
 - lib/micro/authorization/policy.rb
 - lib/micro/authorization/utils.rb
@@ -66,7 +67,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: Authorization library and role managment