warrant 0.1.3 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +20 -68
  3. data/lib/warrant/api_operations.rb +75 -0
  4. data/lib/warrant/errors.rb +47 -0
  5. data/lib/warrant/models/permission.rb +202 -1
  6. data/lib/warrant/models/role.rb +184 -0
  7. data/lib/warrant/models/session.rb +61 -0
  8. data/lib/warrant/models/{userset.rb → subject.rb} +2 -2
  9. data/lib/warrant/models/tenant.rb +160 -3
  10. data/lib/warrant/models/user.rb +313 -3
  11. data/lib/warrant/models/warrant.rb +214 -4
  12. data/lib/warrant/util.rb +22 -0
  13. data/lib/warrant/version.rb +1 -1
  14. data/lib/warrant/warrant_configuration.rb +4 -1
  15. data/lib/warrant.rb +5 -3
  16. metadata +10 -8
  17. data/lib/warrant/warrant_client.rb +0 -285
data/lib/warrant/models/warrant.rb CHANGED
@@ -2,14 +2,224 @@
2
2
 
3
3
  module Warrant
4
4
  class Warrant
5
- attr_reader :id, :object_type, :object_id, :relation, :user
5
+ attr_reader :id, :object_type, :object_id, :relation, :subject
6
6
 
7
- def initialize(id, object_type, object_id, relation, user)
8
- @id = id
7
+ # @!visibility private
8
+ def initialize(object_type, object_id, relation, subject)
9
9
  @object_type = object_type
10
10
  @object_id = object_id
11
11
  @relation = relation
12
- @user = Userset.new(user['objectType'], user['objectId'], user['relation'])
12
+ @subject = subject
13
+ end
14
+
15
+ # Create a new warrant that associates an object (object_type and object_id) to a subject via a relation.
16
+ #
17
+ # @option params [String] :object_type The type of object. Must be one of your system's existing object types.
18
+ # @option params [String] :object_id The id of the specific object.
19
+ # @option params [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition.
20
+ # @option params [Hash] :subject The specific subject (object, user etc.) to be associated with the object. A subject can either be a specific object (by id) or a group of objects defined by a set containing an objectType, objectId and relation.
21
+ # * :object_type (String) - The type of object. Must be one of your system's existing object types.
22
+ # * :object_id (String) - The id of the specific object.
23
+ # * :relation (String) - The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
24
+ #
25
+ # @return [Warrant] created warrant
26
+ #
27
+ # @raise [Warrant::DuplicateRecordError]
28
+ # @raise [Warrant::InternalError]
29
+ # @raise [Warrant::InvalidParameterError]
30
+ # @raise [Warrant::InvalidRequestError]
31
+ # @raise [Warrant::MissingRequiredParameterError]
32
+ # @raise [Warrant::NotFoundError]
33
+ # @raise [Warrant::UnauthorizedError]
34
+ # @raise [Warrant::WarrantError]
35
+ def self.create(params = {})
36
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
37
+ res_json = JSON.parse(res.body)
38
+
39
+ case res
40
+ when Net::HTTPSuccess
41
+ subject = Subject.new(res_json['subject']['objectType'], res_json['subject']['objectId'])
42
+ Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject)
43
+ else
44
+ APIOperations.raise_error(res)
45
+ end
46
+ end
47
+
48
+ # Deletes a warrant specified by the combination of object_type, object_id, relation, and subject.
49
+ #
50
+ # @option params [String] :object_type The type of object. Must be one of your system's existing object types.
51
+ # @option params [String] :object_id The id of the specific object.
52
+ # @option params [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition.
53
+ # @option params [Hash] :subject The specific subject (object, user etc.) to be associated with the object. A subject can either be a specific object (by id) or a group of objects defined by a set containing an objectType, objectId and relation.
54
+ # * :object_type [String] The type of object. Must be one of your system's existing object types.
55
+ # * :object_id [String] The id of the specific object.
56
+ # * :relation [String] The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
57
+ #
58
+ # @return [nil] if delete was successful
59
+ #
60
+ # @raise [Warrant::InternalError]
61
+ # @raise [Warrant::InvalidParameterError]
62
+ # @raise [Warrant::InvalidRequestError]
63
+ # @raise [Warrant::MissingRequiredParameterError]
64
+ # @raise [Warrant::NotFoundError]
65
+ # @raise [Warrant::UnauthorizedError]
66
+ # @raise [Warrant::WarrantError]
67
+ def self.delete(params = {})
68
+ res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
69
+
70
+ case res
71
+ when Net::HTTPSuccess
72
+ return
73
+ else
74
+ APIOperations.raise_error(res)
75
+ end
76
+ end
77
+
78
+ # List all warrants for your organization.
79
+ #
80
+ # @option filters [String] :object_type The type of object. Must be one of your system's existing object types. (optional)
81
+ # @option filters [String] :object_id The id of the specific object. (optional)
82
+ # @option filters [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
83
+ #
84
+ # @return [Array<Warrant>] list of all warrants with provided filters
85
+ #
86
+ # @raise [Warrant::InternalError]
87
+ # @raise [Warrant::InvalidRequestError]
88
+ # @raise [Warrant::NotFoundError]
89
+ # @raise [Warrant::UnauthorizedError]
90
+ # @raise [Warrant::WarrantError]
91
+ def self.list(filters = {})
92
+ res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), filters)
93
+
94
+ case res
95
+ when Net::HTTPSuccess
96
+ warrants = JSON.parse(res.body)
97
+ warrants.map{ |warrant|
98
+ subject = Subject.new(warrant['subject']['objectType'], warrant['subject']['objectId'])
99
+ Warrant.new(warrant['objectType'], warrant['objectId'], warrant['relation'], subject)
100
+ }
101
+ else
102
+ APIOperations.raise_error(res)
103
+ end
104
+ end
105
+
106
+ # Checks whether a specified access check is authorized or not.
107
+ # If you would like to check only one warrant, then you can exclude the op param and provide an array with one warrant.
108
+ #
109
+ # @param op [String] Logical operator to perform on warrants. Can be 'anyOf' or 'allOf'. (optional)
110
+ # @param warrants [Array] Array of warrants to check access for.
111
+ # * object_type (String) - The type of object. Must be one of your system's existing object types.
112
+ # * object_id (String) - The id of the specific object.
113
+ # * relation (String) - The relation to check for this object to subject association. The relation must be valid as per the object type definition.
114
+ # * subject (Hash) - The specific subject for which access will be checked. Can be a specific object by id or an objectType, objectId and relation set.
115
+ # * object_type (String) - The type of object. Must be one of your system's existing object types.
116
+ # * object_id (String) - The id of the specific object.
117
+ # * relation (String) - The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
118
+ # @param consistentRead [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
119
+ # @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
120
+ #
121
+ # @return [Boolean] whether or not the given access check is authorized
122
+ #
123
+ # @example Check whether user "5djfs6" can view the report with id "avk2837"
124
+ # Warrant::Warrant.is_authorized?(warrants: [{ object_type: "report", object_id: "avk2837", relation: "viewer", subject: { object_type: "user", object_id: "5djfs6" } }])
125
+ #
126
+ # @example Check whether user "5djfs6" can view both report id "report-1" and report id "report-2"
127
+ # Warrant::Warrant.is_authorized?(
128
+ # op: "allOf",
129
+ # warrants: [
130
+ # { object_type: "report", object_id: "report-1", relation: "viewer", subject: { object_type: "user", object_id: "5djfs6" } }
131
+ # { object_type: "report", object_id: "report-2", relation: "viewer", subject: { object_type: "user", object_id: "5djfs6" } }
132
+ # ]
133
+ # )
134
+ #
135
+ # @raise [Warrant::InternalError]
136
+ # @raise [Warrant::InvalidParameterError]
137
+ # @raise [Warrant::InvalidRequestError]
138
+ # @raise [Warrant::MissingRequiredParameterError]
139
+ # @raise [Warrant::NotFoundError]
140
+ # @raise [Warrant::UnauthorizedError]
141
+ # @raise [Warrant::WarrantError]
142
+ def self.is_authorized?(params = {})
143
+ unless ::Warrant.config.authorize_endpoint.nil?
144
+ return edge_authorize?(params)
145
+ end
146
+
147
+ return authorize?(params)
148
+ end
149
+
150
+ # Checks whether a given user has a given permission.
151
+ #
152
+ # @param user_id [String] Id of the user to check
153
+ # @param permission_id [String] Id of the permission to check on the user
154
+ # @param consistentRead [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
155
+ # @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
156
+ #
157
+ # @return [Boolean] whether or not the user has the given permission
158
+ #
159
+ # @raise [Warrant::InternalError]
160
+ # @raise [Warrant::InvalidParameterError]
161
+ # @raise [Warrant::InvalidRequestError]
162
+ # @raise [Warrant::MissingRequiredParameterError]
163
+ # @raise [Warrant::NotFoundError]
164
+ # @raise [Warrant::UnauthorizedError]
165
+ # @raise [Warrant::WarrantError]
166
+ def self.user_has_permission?(params = {})
167
+ return is_authorized?(
168
+ warrants: [{
169
+ object_type: "permission",
170
+ object_id: params[:permission_id],
171
+ relation: "member",
172
+ subject: {
173
+ object_type: "user",
174
+ object_id: params[:user_id]
175
+ }
176
+ }],
177
+ consistentRead: params[:consistentRead],
178
+ debug: params[:debug]
179
+ )
180
+ end
181
+
182
+ private
183
+
184
+ def self.authorize?(params = {})
185
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v2/authorize"), Util.normalize_params(params))
186
+ res_json = JSON.parse(res.body)
187
+
188
+ case res
189
+ when Net::HTTPSuccess
190
+ if res_json['result'] === "Authorized"
191
+ return true
192
+ elsif res_json['result'] === "Not Authorized"
193
+ return false
194
+ else
195
+ return res_json
196
+ end
197
+ else
198
+ APIOperations.raise_error(res)
199
+ end
200
+ end
201
+
202
+ def self.edge_authorize?(params = {})
203
+ request_url = URI.parse("#{::Warrant.config.authorize_endpoint}/v2/authorize")
204
+ res = APIOperations.post(request_url, Util.normalize_params(params), request_url.scheme === "https")
205
+ res_json = JSON.parse(res.body)
206
+
207
+ case res
208
+ when Net::HTTPSuccess
209
+ if res_json['result'] === "Authorized"
210
+ return true
211
+ elsif res_json['result'] === "Not Authorized"
212
+ return false
213
+ else
214
+ return res_json
215
+ end
216
+ else
217
+ if res_json['code'] === "cache_not_ready"
218
+ return authorize(params)
219
+ end
220
+
221
+ APIOperations.raise_error(res)
222
+ end
13
223
  end
14
224
  end
15
225
  end
data/lib/warrant/util.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Warrant
4
+ # @!visibility private
4
5
  class Util
5
6
  class << self
6
7
  def camelcase(str)
@@ -8,6 +9,12 @@ module Warrant
8
9
  str.sub(str[0], str[0].downcase)
9
10
  end
10
11
 
12
+ def snake_case(str)
13
+ str.gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
14
+ .gsub(/([a-z\d])([A-Z])/, '\1_\2')
15
+ .downcase
16
+ end
17
+
11
18
  def normalize_options(opts)
12
19
  new_opts = opts.each_with_object({}) do |(k, v), new_opts|
13
20
  new_key = Util.camelcase(k.to_s)
@@ -15,6 +22,21 @@ module Warrant
15
22
  new_opts[new_key] = v
16
23
  end
17
24
  end
25
+
26
+ def normalize_params(params)
27
+ new_opts = params.each_with_object({}) do |(k, v), new_opts|
28
+ new_key = Util.camelcase(k.to_s)
29
+
30
+ case v
31
+ when Hash
32
+ new_opts[new_key] = normalize_params(v)
33
+ when Array
34
+ new_opts[new_key] = v.map { |i| normalize_params(i) }
35
+ else
36
+ new_opts[new_key] = v
37
+ end
38
+ end
39
+ end
18
40
  end
19
41
  end
20
42
  end
data/lib/warrant/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Warrant
4
- VERSION = "0.1.3"
4
+ VERSION = "1.0.0"
5
5
  end
data/lib/warrant/warrant_configuration.rb CHANGED
@@ -1,13 +1,16 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Warrant
4
+ # @!visibility private
4
5
  class WarrantConfiguration
5
6
  attr_accessor :api_key
7
+ attr_accessor :authorize_endpoint
6
8
 
7
- attr_reader :api_base
9
+ attr_reader :api_base, :self_service_dash_url_base
8
10
 
9
11
  def initialize
10
12
  @api_base = "https://api.warrant.dev"
13
+ @self_service_dash_url_base = "https://self-serve.warrant.dev"
11
14
  end
12
15
  end
13
16
  end
data/lib/warrant.rb CHANGED
@@ -6,15 +6,17 @@ require "net/http"
6
6
  require "json"
7
7
  require "forwardable"
8
8
 
9
+ require "warrant/api_operations"
10
+ require "warrant/errors"
9
11
  require "warrant/models/permission"
10
12
  require "warrant/models/role"
13
+ require "warrant/models/session"
14
+ require "warrant/models/subject"
11
15
  require "warrant/models/tenant"
12
16
  require "warrant/models/user"
13
- require "warrant/models/userset"
14
17
  require "warrant/models/warrant"
15
18
  require "warrant/util"
16
19
  require "warrant/warrant_configuration"
17
- require "warrant/warrant_client"
18
20
 
19
21
  module Warrant
20
22
  @config = ::Warrant::WarrantConfiguration.new
@@ -24,6 +26,6 @@ module Warrant
24
26
 
25
27
  attr_reader :config
26
28
 
27
- def_delegators :@config, :api_key, :api_key=
29
+ def_delegators :@config, :api_key, :api_key=, :authorize_endpoint, :authorize_endpoint=
28
30
  end
29
31
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: warrant
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Warrant
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-05-09 00:00:00.000000000 Z
11
+ date: 2022-07-14 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Ruby library for the Warrant API at https://warrant.dev.
14
14
  email: hello@warrant.dev
@@ -26,15 +26,17 @@ files:
26
26
  - bin/console
27
27
  - bin/setup
28
28
  - lib/warrant.rb
29
+ - lib/warrant/api_operations.rb
30
+ - lib/warrant/errors.rb
29
31
  - lib/warrant/models/permission.rb
30
32
  - lib/warrant/models/role.rb
33
+ - lib/warrant/models/session.rb
34
+ - lib/warrant/models/subject.rb
31
35
  - lib/warrant/models/tenant.rb
32
36
  - lib/warrant/models/user.rb
33
- - lib/warrant/models/userset.rb
34
37
  - lib/warrant/models/warrant.rb
35
38
  - lib/warrant/util.rb
36
39
  - lib/warrant/version.rb
37
- - lib/warrant/warrant_client.rb
38
40
  - lib/warrant/warrant_configuration.rb
39
41
  homepage: https://github.com/warrant-dev/warrant-ruby
40
42
  licenses:
@@ -44,7 +46,7 @@ metadata:
44
46
  source_code_uri: https://github.com/warrant-dev/warrant-ruby
45
47
  changelog_uri: https://github.com/warrant-dev/warrant-ruby/CHANGELOG.md
46
48
  documentation_uri: https://docs.warrant.dev/
47
- post_install_message:
49
+ post_install_message:
48
50
  rdoc_options: []
49
51
  require_paths:
50
52
  - lib
@@ -59,8 +61,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
59
61
  - !ruby/object:Gem::Version
60
62
  version: '0'
61
63
  requirements: []
62
- rubygems_version: 3.3.11
63
- signing_key:
64
+ rubygems_version: 3.2.14
65
+ signing_key:
64
66
  specification_version: 4
65
67
  summary: Warrant Ruby Library
66
68
  test_files: []
data/lib/warrant/warrant_client.rb DELETED
@@ -1,285 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Warrant
4
- class WarrantClient
5
- class << self
6
- def create_tenant(tenant_id = '')
7
- uri = URI.parse("#{::Warrant.config.api_base}/v1/tenants")
8
- params = {
9
- tenantId: tenant_id
10
- }
11
- res = post(uri, params)
12
- res_json = JSON.parse(res.body)
13
-
14
- case res
15
- when Net::HTTPSuccess
16
- Tenant.new(res_json['tenantId'])
17
- else
18
- res_json
19
- end
20
- end
21
-
22
- def create_user(email, user_id = '', tenant_id = '')
23
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users")
24
- params = {
25
- tenantId: tenant_id,
26
- userId: user_id,
27
- email: email
28
- }
29
- res = post(uri, params)
30
- res_json = JSON.parse(res.body)
31
-
32
- case res
33
- when Net::HTTPSuccess
34
- User.new(res_json['tenantId'], res_json['userId'], res_json['email'])
35
- else
36
- res_json
37
- end
38
- end
39
-
40
- def create_role(role_id)
41
- uri = URI.parse("#{::Warrant.config.api_base}/v1/roles")
42
- params = {
43
- roleId: role_id
44
- }
45
- res = post(uri, params)
46
- res_json = JSON.parse(res.body)
47
-
48
- case res
49
- when Net::HTTPSuccess
50
- Role.new(res_json['roleId'])
51
- else
52
- res_json
53
- end
54
- end
55
-
56
- def delete_role(role_id)
57
- uri = URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}")
58
- res = delete(uri)
59
-
60
- case res
61
- when Net::HTTPSuccess
62
- return
63
- else
64
- res_json
65
- end
66
- end
67
-
68
- def create_permission(permission_id)
69
- uri = URI.parse("#{::Warrant.config.api_base}/v1/permissions")
70
- params = {
71
- permissionId: permission_id
72
- }
73
- res = post(uri, params)
74
- res_json = JSON.parse(res.body)
75
-
76
- case res
77
- when Net::HTTPSuccess
78
- Permission.new(res_json['permissionId'])
79
- else
80
- res_json
81
- end
82
- end
83
-
84
- def delete_permission(permission_id)
85
- uri = URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}")
86
- res = delete(uri)
87
-
88
- case res
89
- when Net::HTTPSuccess
90
- return
91
- else
92
- res_json
93
- end
94
- end
95
-
96
- def create_warrant(object_type, object_id, relation, user)
97
- uri = URI.parse("#{::Warrant.config.api_base}/v1/warrants")
98
- params = {
99
- objectType: object_type,
100
- objectId: object_id,
101
- relation: relation,
102
- user: user
103
- }
104
- res = post(uri, params)
105
- res_json = JSON.parse(res.body)
106
-
107
- case res
108
- when Net::HTTPSuccess
109
- Warrant.new(res_json['id'], res_json['objectType'], res_json['objectId'], res_json['relation'], res_json['user'])
110
- else
111
- res_json
112
- end
113
- end
114
-
115
- def delete_warrant(warrant_id)
116
- uri = URI.parse("#{Warrant.config.api_base}/v1/warrants/#{warrant_id}")
117
- res = delete(uri)
118
-
119
- case res
120
- when Net::HTTPSuccess
121
- return
122
- else
123
- res_json
124
- end
125
- end
126
-
127
- def list_warrants(filters = {})
128
- query_string = ""
129
- unless filters.empty?
130
- new_filters = Util.normalize_options(filters.compact)
131
-
132
- query_string = URI.encode_www_form(new_filters)
133
- end
134
-
135
- uri = URI.parse("#{::Warrant.config.api_base}/v1/warrants?#{query_string}")
136
-
137
- res = get(uri)
138
- res_json = JSON.parse(res.body)
139
-
140
- case res
141
- when Net::HTTPSuccess
142
- res_json.map do |warrant|
143
- Warrant.new(warrant['id'], warrant['objectType'], warrant['objectId'], warrant['relation'], warrant['user'])
144
- end
145
- else
146
- res_json
147
- end
148
- end
149
-
150
- def assign_role_to_user(user_id, role_id)
151
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}")
152
- res = post(uri)
153
- res_json = JSON.parse(res.body)
154
-
155
- case res
156
- when Net::HTTPSuccess
157
- Role.new(res_json['roleId'])
158
- else
159
- res_json
160
- end
161
- end
162
-
163
- def remove_role_from_user(user_id, role_id)
164
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}")
165
- res = delete(uri)
166
-
167
- case res
168
- when Net::HTTPSuccess
169
- return
170
- else
171
- res_json
172
- end
173
- end
174
-
175
- def assign_permission_to_user(user_id, permission_id)
176
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}")
177
- res = post(uri)
178
- res_json = JSON.parse(res.body)
179
-
180
- case res
181
- when Net::HTTPSuccess
182
- Permission.new(res_json['permissionId'])
183
- else
184
- res_json
185
- end
186
- end
187
-
188
- def remove_permission_from_user(user_id, permission_id)
189
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}")
190
- res = delete(uri)
191
-
192
- case res
193
- when Net::HTTPSuccess
194
- return
195
- else
196
- res_json
197
- end
198
- end
199
-
200
- def create_session(user_id)
201
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/sessions")
202
- res = post(uri)
203
- res_json = JSON.parse(res.body)
204
-
205
- case res
206
- when Net::HTTPSuccess
207
- res_json['token']
208
- else
209
- res_json
210
- end
211
- end
212
-
213
- def create_self_service_session(user_id, redirect_url)
214
- uri = URI.parse("#{::Warrant.config.api_base}/v1/sessions")
215
- params = {
216
- type: "ssdash",
217
- userId: user_id,
218
- redirectUrl: redirect_url
219
- }
220
- res = post(uri, params)
221
- res_json = JSON.parse(res.body)
222
-
223
- case res
224
- when Net::HTTPSuccess
225
- res_json['url']
226
- else
227
- res_json
228
- end
229
- end
230
-
231
- def is_authorized(object_type, object_id, relation, user_id)
232
- uri = URI.parse("#{::Warrant.config.api_base}/v1/authorize")
233
- params = {
234
- objectType: object_type,
235
- objectId: object_id,
236
- relation: relation,
237
- user: {
238
- userId: user_id
239
- }
240
- }
241
- res = post(uri, params)
242
- res_json = JSON.parse(res.body)
243
-
244
- if res.is_a? Net::HTTPSuccess
245
- true
246
- else
247
- false
248
- end
249
- end
250
-
251
- def has_permission(permission_id, user_id)
252
- return is_authorized("permission", permission_id, "member", user_id)
253
- end
254
-
255
- private
256
-
257
- def post(uri, params = {})
258
- http = Net::HTTP.new(uri.host, uri.port)
259
- http.use_ssl = true
260
- headers = {
261
- "Authorization": "ApiKey #{::Warrant.config.api_key}"
262
- }
263
- http.post(uri.path, params.to_json, headers)
264
- end
265
-
266
- def delete(uri)
267
- http = Net::HTTP.new(uri.host, uri.port)
268
- http.use_ssl = true
269
- headers = {
270
- "Authorization": "ApiKey #{::Warrant.config.api_key}"
271
- }
272
- http.delete(uri.path, headers)
273
- end
274
-
275
- def get(uri, params = {})
276
- http = Net::HTTP.new(uri.host, uri.port)
277
- http.use_ssl = true
278
- headers = {
279
- "Authorization": "ApiKey #{::Warrant.config.api_key}"
280
- }
281
- http.get(uri, headers)
282
- end
283
- end
284
- end
285
- end