warrant 0.1.4 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (17) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +19 -82
  3. data/lib/warrant/api_operations.rb +75 -0
  4. data/lib/warrant/errors.rb +47 -0
  5. data/lib/warrant/models/permission.rb +202 -1
  6. data/lib/warrant/models/role.rb +184 -0
  7. data/lib/warrant/models/session.rb +61 -0
  8. data/lib/warrant/models/{userset.rb → subject.rb} +2 -2
  9. data/lib/warrant/models/tenant.rb +226 -3
  10. data/lib/warrant/models/user.rb +395 -3
  11. data/lib/warrant/models/warrant.rb +214 -4
  12. data/lib/warrant/util.rb +22 -0
  13. data/lib/warrant/version.rb +1 -1
  14. data/lib/warrant/warrant_configuration.rb +4 -1
  15. data/lib/warrant.rb +5 -3
  16. metadata +6 -4
  17. data/lib/warrant/warrant_client.rb +0 -284
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a67a5a1dd2b6e9b95b675395d1337acd9509f166f5e22d224987260191b5090d
4
- data.tar.gz: '08013f834166288f8a0ba21753d7a11d0a89e1aa8b7189894e0d80146f47081e'
3
+ metadata.gz: 6fc7f30432a9ab516978da52e77811011ee0625a819124ad8dcb5b20d8610a34
4
+ data.tar.gz: 54dc068a58982fc5f8fdcc2d781ce5b6b5ec320c3f7a5dfdbd8338eaa20fac93
5
5
  SHA512:
6
- metadata.gz: 8fd775c0e3bf27a5e2eebfa06992c2b09e6dc8d1337740ddbab46e328ea9ccc16b48f1da20e0214ba450d2428d0ac43370ae58ab7f698de7a3ed4b00abab646d
7
- data.tar.gz: 04d89c962874fbd667d3f695f2913552e4dd855fa436737b387e05498736f4557549cd64958ab6dbce92d37f9ffd114549f498140cce5f7823e3f93e0e39c4c9
6
+ metadata.gz: 4e892e951b8107a9d6bdeb621a1ee2fb1674c8a9195eb7271e127f77961d5cfa8fe673e93cfd6bb2784452630ade845b65aa3455379c169580ea8b32fb9dad2f
7
+ data.tar.gz: b7e7c396ff14cbc500b9bf1e1882db09b84002e78fc2ffa11a019de0cc3da25d60766f78b6650075baa648125c87ed9ed48e8cf250cc2a41818fef5b3d2b9209
data/README.md CHANGED
@@ -3,9 +3,10 @@
3
3
  Use [Warrant](https://warrant.dev/) in ruby projects.
4
4
 
5
5
  [![Gem Version](https://badge.fury.io/rb/warrant.svg)](https://badge.fury.io/rb/warrant)
6
- [![Discord](https://img.shields.io/discord/865661082203193365?label=discord)](https://discord.gg/QNCMKWzqET)
6
+ [![Slack](https://img.shields.io/badge/slack-join-brightgreen)](https://join.slack.com/t/warrantcommunity/shared_invite/zt-12g84updv-5l1pktJf2bI5WIKN4_~f4w)
7
7
 
8
8
  ## Installation
9
+ ---
9
10
 
10
11
  Add this line to your application's Gemfile:
11
12
 
@@ -17,99 +18,39 @@ And then execute:
17
18
 
18
19
  $ bundle install
19
20
 
20
- Or install it yourself as:
21
+ Or install it yourself:
21
22
 
22
23
  $ gem install warrant
23
24
 
24
- ## Usage
25
+ You can also build the gem from source:
25
26
 
26
- ```ruby
27
- require 'warrant'
28
- Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
29
- ```
27
+ $ gem build warrant.gemspec
30
28
 
31
- ### `create_user(email, user_id = '')`
32
-
33
- This method creates a user entity in Warrant with the specified `user_d`. Provide an optional `username` to make it easier to identify users in the Warrant dashboard.
34
-
35
- ```ruby
36
- # Create user with user email and id
37
- Warrant::WarrantClient.create_user(user.email, user.id)
38
-
39
- # Create user with generated id
40
- Warrant::WarrantClient.create_user()
41
- ```
42
-
43
- ### `create_warrant(object_type, object_id, relation, user)`
44
-
45
- #### **User parameters**
46
- Can provide either a user id, or a combination of object type, object id, and relation
29
+ ## Documentation
47
30
  ---
48
- #### **user_id**
49
- Creates a warrant for the user specified by user_id
50
-
51
- #### **object_type**
52
- #### **object_id**
53
- #### **relation**
54
- Creates a warrant for the given userset specified by object type, object id, and relation
55
-
56
-
57
- This method creates a warrant which specifies that the provided `user` (or userset) has `relation` on the object of type `objectType` with id `objectId`.
58
-
59
- ```ruby
60
- # Create a warrant allowing user.id to "view" the store with id store.id
61
- Warrant::WarrantClient.create_warrant('store', store.id, 'view', { user_id: user.id })
62
-
63
- # Create a warrant specifying all members of the manager role to "view" store of id store.id
64
- Warrant::WarrantClient.create_warrant('store', store.id, 'view', { object_type: 'role', object_id: 'manager', relation: 'member' })
65
- ```
66
-
67
- ### `create_session(userId)`
68
31
 
69
- This method creates a session in Warrant for the user with the specified `userId` and returns a session token which can be used to make authorized requests to the Warrant API only for the specified user. This session token can safely be used to make requests to the Warrant API's authorization endpoint to determine user access in web and mobile client applications.
70
-
71
- ```ruby
72
- # Create session token for user
73
- Warrant::WarrantClient.create_session(user.id)
74
- ```
75
-
76
- ### `is_authorized(object_type, object_id, relation, user_id)`
77
-
78
- This method returns `true` if the user with the specified `user_id` has the specified `relation` to the object of type `object_type` with id `objectId` and `false` otherwise.
79
-
80
- ```ruby
81
- # Example: user 123 can only view store 824
82
- Warrant::WarrantClient.is_authorized('store', '824', 'view', '123') # true
83
- Warrant::WarrantClient.is_authorized('store', '824', 'edit', '123') # false
84
- ```
85
-
86
- ### `list_warrants(filters = {})`
87
- This method returns all warrants that match the filters provided, or all warrants for your organization if none are provided.
32
+ - [Ruby API Docs](https://rubydoc.info/gems/warrant)
33
+ - [Warrant Docs](https://docs.warrant.dev/)
88
34
 
89
- #### **Filter Parameters**
35
+ ## Requirements
90
36
  ---
91
- #### **object_type**
92
- Only return warrants with the given object type.
93
-
94
- #### **object_id**
95
- Only return warrants with the given object id.
96
37
 
97
- #### **relation**
98
- Only return warrants with the given relation.
99
-
100
- #### **user_id**
101
- Only return warrants with the given user id
38
+ - Ruby 2.3+.
102
39
 
40
+ ## Usage
41
+ ---
103
42
 
104
43
  ```ruby
105
- # List all warrants for an organization
106
- Warrant::WarrantClient.list_warrants
44
+ require 'warrant'
45
+ Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
107
46
 
108
- # List all warrants with object type of store
109
- Warrant::WarrantClient.list_warrants(object_type: 'store')
47
+ # create a user
48
+ Warrant::User.create(user_id: "user123")
49
+
50
+ # check whether user slp951 has view access to report 7asm24
51
+ Warrant::Warrant.is_authorized?(object_type: "report", object_id: "7asm24", relation: "viewer", subject: { object_id: "user", object_id: "slp951" })
110
52
  ```
111
53
 
112
- ---
113
54
 
114
55
  We’ve used a random API key in these code examples. Replace it with your [actual publishable API keys](https://app.warrant.dev) to
115
56
  test this code through your own Warrant account.
@@ -117,7 +58,3 @@ test this code through your own Warrant account.
117
58
  For more information on how to use the Warrant API, please refer to the [Warrant API reference](https://docs.warrant.dev).
118
59
 
119
60
  Note that we may release new [minor and patch](https://semver.org/) versions of this library with small but backwards-incompatible fixes to the type declarations. These changes will not affect Warrant itself.
120
-
121
- ## Warrant Documentation
122
-
123
- - [Warrant Docs](https://docs.warrant.dev/)
data/lib/warrant/api_operations.rb ADDED
@@ -0,0 +1,75 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Warrant
4
+ # @!visibility private
5
+ class APIOperations
6
+ class << self
7
+ def post(uri, params = {}, use_ssl = true)
8
+ http = Net::HTTP.new(uri.host, uri.port)
9
+ http.use_ssl = use_ssl
10
+ headers = {
11
+ "Authorization": "ApiKey #{::Warrant.config.api_key}"
12
+ }
13
+ http.post(uri.path, params.to_json, headers)
14
+ end
15
+
16
+ def delete(uri, params = {})
17
+ http = Net::HTTP.new(uri.host, uri.port)
18
+ http.use_ssl = true
19
+ request = Net::HTTP::Delete.new(uri.path)
20
+ request["Authorization"] = "ApiKey #{::Warrant.config.api_key}"
21
+
22
+ http.request(request, params.to_json)
23
+ end
24
+
25
+ def get(uri, params = {})
26
+ http = Net::HTTP.new(uri.host, uri.port)
27
+ http.use_ssl = true
28
+ headers = {
29
+ "Authorization": "ApiKey #{::Warrant.config.api_key}"
30
+ }
31
+
32
+ unless params.empty?
33
+ normalized_params = Util.normalize_params(params.compact)
34
+ uri.query = URI.encode_www_form(normalized_params)
35
+ end
36
+
37
+ http.get(uri, headers)
38
+ end
39
+
40
+ def put(uri, params = {})
41
+ http = Net::HTTP.new(uri.host, uri.port)
42
+ http.use_ssl = true
43
+ headers = {
44
+ "Authorization": "ApiKey #{::Warrant.config.api_key}"
45
+ }
46
+ http.put(uri.path, params.to_json, headers)
47
+ end
48
+
49
+ def raise_error(response)
50
+ error_code = JSON.parse(response.body)['code']
51
+
52
+ case error_code
53
+ when Error::DUPLICATE_RECORD_ERROR
54
+ raise DuplicateRecordError.initialize_error_from_response(response)
55
+ when Error::INTERNAL_ERROR
56
+ raise InternalError.initialize_error_from_response(response)
57
+ when Error::INVALID_REQUEST_ERROR
58
+ raise InvalidRequestError.initialize_error_from_response(response)
59
+ when Error::INVALID_PARAMETER_ERROR
60
+ raise InvalidParameterError.initialize_error_from_response(response)
61
+ when Error::MISSING_REQUIRED_PARAMETER_ERROR
62
+ raise MissingRequiredParameterError.initialize_error_from_response(response)
63
+ when Error::NOT_FOUND_ERROR
64
+ raise NotFoundError.initialize_error_from_response(response)
65
+ when Error::UNAUTHORIZED_ERROR
66
+ raise UnauthorizedError.initialize_error_from_response(response)
67
+ when Error::UNKNOWN_ORIGIN_ERROR
68
+ raise UnknownOriginError.initialize_error_from_response(response)
69
+ else
70
+ raise WarrantError.initialize_error_from_response(response)
71
+ end
72
+ end
73
+ end
74
+ end
75
+ end
data/lib/warrant/errors.rb ADDED
@@ -0,0 +1,47 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Warrant
4
+ class Error
5
+ DUPLICATE_RECORD_ERROR = "duplicate_record"
6
+ INTERNAL_ERROR = "internal_error"
7
+ INVALID_REQUEST_ERROR = "invalid_request"
8
+ INVALID_PARAMETER_ERROR = "invalid_parameter"
9
+ MISSING_REQUIRED_PARAMETER_ERROR = "missing_required_parameter"
10
+ NOT_FOUND_ERROR = "not_found"
11
+ UNAUTHORIZED_ERROR = "unauthorized"
12
+ end
13
+
14
+ class WarrantError < StandardError
15
+ attr_reader :code, :headers, :message, :http_status, :http_headers, :http_body, :json_body
16
+
17
+ def initialize(code = nil, message = nil, http_status = nil, http_headers = nil, http_body = nil, json_body = nil)
18
+ @code = code
19
+ @headers = headers
20
+ @message = message
21
+ @http_status = http_status
22
+ @http_headers = http_headers
23
+ @http_body = http_body
24
+ @json_body = json_body
25
+ end
26
+
27
+ def self.initialize_error_from_response(response)
28
+ response_json = JSON.parse(response.body)
29
+ self.new(
30
+ response_json['code'],
31
+ Util.snake_case(response_json['message']),
32
+ response.code,
33
+ response.to_hash,
34
+ response.body,
35
+ response_json
36
+ )
37
+ end
38
+ end
39
+
40
+ class DuplicateRecordError < WarrantError; end
41
+ class InternalError < WarrantError; end
42
+ class InvalidRequestError < WarrantError; end
43
+ class InvalidParameterError < WarrantError; end
44
+ class MissingRequiredParameterError < WarrantError; end
45
+ class NotFoundError < WarrantError; end
46
+ class UnauthorizedError < WarrantError; end
47
+ end
data/lib/warrant/models/permission.rb CHANGED
@@ -3,9 +3,210 @@
3
3
  module Warrant
4
4
  class Permission
5
5
  attr_reader :permission_id
6
-
6
+
7
+ # @!visibility private
7
8
  def initialize(permission_id)
8
9
  @permission_id = permission_id
9
10
  end
11
+
12
+ # Creates a permission with the given parameters
13
+ #
14
+ # @option params [String] :permission_id A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'. (optional)
15
+ #
16
+ # @return [Permission] created permission
17
+ #
18
+ # @example Create a new Permission with the permission id "test-permission"
19
+ # Warrant::Permission.create(permission_id: "test-permission")
20
+ #
21
+ # @raise [Warrant::DuplicateRecordError]
22
+ # @raise [Warrant::InternalError]
23
+ # @raise [Warrant::InvalidParameterError]
24
+ # @raise [Warrant::InvalidRequestError]
25
+ # @raise [Warrant::MissingRequiredParameterError]
26
+ # @raise [Warrant::NotFoundError]
27
+ # @raise [Warrant::UnauthorizedError]
28
+ # @raise [Warrant::WarrantError]
29
+ def self.create(params = {})
30
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/permissions"), Util.normalize_params(params))
31
+
32
+ case res
33
+ when Net::HTTPSuccess
34
+ res_json = JSON.parse(res.body)
35
+ Permission.new(res_json['permissionId'])
36
+ else
37
+ APIOperations.raise_error(res)
38
+ end
39
+ end
40
+
41
+ # Deletes a permission with given permission id
42
+ #
43
+ # @param permission_id [String] A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
44
+ #
45
+ # @return [nil] if delete was successful
46
+ #
47
+ # @example Delete a Permission with the permission id "test-permission"
48
+ # Warrant::Permission.delete("test-permission")
49
+ #
50
+ # @raise [Warrant::InternalError]
51
+ # @raise [Warrant::InvalidRequestError]
52
+ # @raise [Warrant::NotFoundError]
53
+ # @raise [Warrant::UnauthorizedError]
54
+ # @raise [Warrant::WarrantError]
55
+ def self.delete(permission_id)
56
+ res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}"))
57
+
58
+ case res
59
+ when Net::HTTPSuccess
60
+ return
61
+ else
62
+ APIOperations.raise_error(res)
63
+ end
64
+ end
65
+
66
+ # Lists all permissions for your organization
67
+ #
68
+ # @return [Array<Permission>] all permissions for organization
69
+ #
70
+ # @example List all permissions
71
+ # Warrant::Permission.list()
72
+ #
73
+ # @raise [Warrant::InternalError]
74
+ # @raise [Warrant::InvalidRequestError]
75
+ # @raise [Warrant::NotFoundError]
76
+ # @raise [Warrant::UnauthorizedError]
77
+ # @raise [Warrant::WarrantError]
78
+ def self.list(filters = {})
79
+ res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/permissions"))
80
+
81
+ case res
82
+ when Net::HTTPSuccess
83
+ permissions = JSON.parse(res.body)
84
+ permissions.map{ |permission| Permission.new(permission['permissionId']) }
85
+ else
86
+ APIOperations.raise_error(res)
87
+ end
88
+ end
89
+
90
+ # Get a permission with the given permission_id
91
+ #
92
+ # @param permission_id [String] A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
93
+ #
94
+ # @return [Permission] retrieved permission
95
+ #
96
+ # @raise [Warrant::InternalError]
97
+ # @raise [Warrant::InvalidParameterError]
98
+ # @raise [Warrant::InvalidRequestError]
99
+ # @raise [Warrant::NotFoundError]
100
+ # @raise [Warrant::UnauthorizedError]
101
+ # @raise [Warrant::WarrantError]
102
+ def self.get(permission_id)
103
+ res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}"))
104
+
105
+ case res
106
+ when Net::HTTPSuccess
107
+ permission = JSON.parse(res.body)
108
+ Permission.new(permission['permissionId'])
109
+ else
110
+ APIOperations.raise_error(res)
111
+ end
112
+ end
113
+
114
+ # Assign a permission to a role
115
+ #
116
+ # @param role_id [String] The role_id of the role you want to assign a permission to.
117
+ # @param permission_id [String] The permission_id of the permission you want to assign to a role.
118
+ #
119
+ # @return [Permission] assigned permission
120
+ #
121
+ # @raise [Warrant::InternalError]
122
+ # @raise [Warrant::InvalidRequestError]
123
+ # @raise [Warrant::MissingRequiredParameterError]
124
+ # @raise [Warrant::NotFoundError]
125
+ # @raise [Warrant::UnauthorizedError]
126
+ # @raise [Warrant::WarrantError]
127
+ def self.assign_to_role(role_id, permission_id)
128
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
129
+
130
+ case res
131
+ when Net::HTTPSuccess
132
+ permission = JSON.parse(res.body)
133
+ Permission.new(permission['permissionId'])
134
+ else
135
+ APIOperations.raise_error(res)
136
+ end
137
+ end
138
+
139
+ # Remove a permission from a role
140
+ #
141
+ # @param role_id [String] The role_id of the role you want to assign a permission to.
142
+ # @param permission_id [String] The permission_id of the permission you want to assign to a role.
143
+ #
144
+ # @return [nil] if remove was successful
145
+ #
146
+ # @raise [Warrant::InternalError]
147
+ # @raise [Warrant::InvalidRequestError]
148
+ # @raise [Warrant::MissingRequiredParameterError]
149
+ # @raise [Warrant::NotFoundError]
150
+ # @raise [Warrant::UnauthorizedError]
151
+ # @raise [Warrant::WarrantError]
152
+ def self.remove_from_role(role_id, permission_id)
153
+ res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
154
+
155
+ case res
156
+ when Net::HTTPSuccess
157
+ return
158
+ else
159
+ APIOperations.raise_error(res)
160
+ end
161
+ end
162
+
163
+ # Assign a permission to a user
164
+ #
165
+ # @param user_id [String] The user_id of the user you want to assign a permission to.
166
+ # @param permission_id [String] The permission_id of the permission you want to assign to a user.
167
+ #
168
+ # @return [Permission] assigned permission
169
+ #
170
+ # @raise [Warrant::InternalError]
171
+ # @raise [Warrant::InvalidRequestError]
172
+ # @raise [Warrant::MissingRequiredParameterError]
173
+ # @raise [Warrant::NotFoundError]
174
+ # @raise [Warrant::UnauthorizedError]
175
+ # @raise [Warrant::WarrantError]
176
+ def self.assign_to_user(user_id, permission_id)
177
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
178
+
179
+ case res
180
+ when Net::HTTPSuccess
181
+ permission = JSON.parse(res.body)
182
+ Permission.new(permission['permissionId'])
183
+ else
184
+ APIOperations.raise_error(res)
185
+ end
186
+ end
187
+
188
+ # Remove a permission from a user
189
+ #
190
+ # @param user_id [String] The user_id of the user you want to assign a permission to.
191
+ # @param permission_id [String] The permission_id of the permission you want to assign to a user.
192
+ #
193
+ # @return [nil] if remove was successful
194
+ #
195
+ # @raise [Warrant::InternalError]
196
+ # @raise [Warrant::InvalidRequestError]
197
+ # @raise [Warrant::MissingRequiredParameterError]
198
+ # @raise [Warrant::NotFoundError]
199
+ # @raise [Warrant::UnauthorizedError]
200
+ # @raise [Warrant::WarrantError]
201
+ def self.remove_from_user(user_id, permission_id)
202
+ res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
203
+
204
+ case res
205
+ when Net::HTTPSuccess
206
+ return
207
+ else
208
+ APIOperations.raise_error(res)
209
+ end
210
+ end
10
211
  end
11
212
  end
data/lib/warrant/models/role.rb CHANGED
@@ -4,8 +4,192 @@ module Warrant
4
4
  class Role
5
5
  attr_reader :role_id
6
6
 
7
+ # @!visibility private
7
8
  def initialize(role_id)
8
9
  @role_id = role_id
9
10
  end
11
+
12
+ # Creates a role with the given parameters
13
+ #
14
+ # @option params [String] :role_id A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'. (optional)
15
+ #
16
+ # @return [Role] created role
17
+ #
18
+ # @example Create a new Role with the role id "test-role"
19
+ # Warrant::Role.create(role_id: "test-role")
20
+ #
21
+ # @raise [Warrant::DuplicateRecordError]
22
+ # @raise [Warrant::InternalError]
23
+ # @raise [Warrant::InvalidParameterError]
24
+ # @raise [Warrant::InvalidRequestError]
25
+ # @raise [Warrant::MissingRequiredParameterError]
26
+ # @raise [Warrant::NotFoundError]
27
+ # @raise [Warrant::UnauthorizedError]
28
+ # @raise [Warrant::WarrantError]
29
+ def self.create(params = {})
30
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/roles"), Util.normalize_params(params))
31
+
32
+ case res
33
+ when Net::HTTPSuccess
34
+ res_json = JSON.parse(res.body)
35
+ Role.new(res_json['roleId'])
36
+ else
37
+ APIOperations.raise_error(res)
38
+ end
39
+ end
40
+
41
+ # Deletes a role with given role id
42
+ #
43
+ # @param role_id [String] A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
44
+ #
45
+ # @return [nil] if delete was successful
46
+ #
47
+ # @example Delete a Role with the role id "test-role"
48
+ # Warrant::Role.delete("test-role")
49
+ #
50
+ # @raise [Warrant::InternalError]
51
+ # @raise [Warrant::InvalidRequestError]
52
+ # @raise [Warrant::NotFoundError]
53
+ # @raise [Warrant::UnauthorizedError]
54
+ # @raise [Warrant::WarrantError]
55
+ def self.delete(role_id)
56
+ res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}"))
57
+
58
+ case res
59
+ when Net::HTTPSuccess
60
+ return
61
+ else
62
+ APIOperations.raise_error(res)
63
+ end
64
+ end
65
+
66
+ # Lists all roles for your organization
67
+ #
68
+ # @return [Array<Role>] all roles for your organization
69
+ #
70
+ # @example List all roles
71
+ # Warrant::Role.list()
72
+ #
73
+ # @raise [Warrant::InternalError]
74
+ # @raise [Warrant::InvalidRequestError]
75
+ # @raise [Warrant::NotFoundError]
76
+ # @raise [Warrant::UnauthorizedError]
77
+ # @raise [Warrant::WarrantError]
78
+ def self.list(filters = {})
79
+ res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/roles"))
80
+
81
+ case res
82
+ when Net::HTTPSuccess
83
+ roles = JSON.parse(res.body)
84
+ roles.map{ |role| Role.new(role['roleId']) }
85
+ else
86
+ APIOperations.raise_error(res)
87
+ end
88
+ end
89
+
90
+ # Get a role with the given role_id
91
+ #
92
+ # @param role_id [String] A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
93
+ #
94
+ # @return [Role] retrieved role
95
+ #
96
+ # @raise [Warrant::InternalError]
97
+ # @raise [Warrant::InvalidParameterError]
98
+ # @raise [Warrant::InvalidRequestError]
99
+ # @raise [Warrant::NotFoundError]
100
+ # @raise [Warrant::UnauthorizedError]
101
+ # @raise [Warrant::WarrantError]
102
+ def self.get(role_id)
103
+ res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}"))
104
+
105
+ case res
106
+ when Net::HTTPSuccess
107
+ role = JSON.parse(res.body)
108
+ Role.new(role['roleId'])
109
+ else
110
+ APIOperations.raise_error(res)
111
+ end
112
+ end
113
+
114
+ # Assign a role to a user
115
+ #
116
+ # @param user_id [String] The user_id of the user you want to assign a role to.
117
+ # @param role_id [String] The role_id of the role you want to assign to a user.
118
+ #
119
+ # @return [Permission] assigned role
120
+ #
121
+ # @raise [Warrant::InternalError]
122
+ # @raise [Warrant::InvalidRequestError]
123
+ # @raise [Warrant::MissingRequiredParameterError]
124
+ # @raise [Warrant::NotFoundError]
125
+ # @raise [Warrant::UnauthorizedError]
126
+ # @raise [Warrant::WarrantError]
127
+ def self.assign_to_user(user_id, role_id)
128
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
129
+
130
+ case res
131
+ when Net::HTTPSuccess
132
+ role = JSON.parse(res.body)
133
+ Role.new(role['permissionId'])
134
+ else
135
+ APIOperations.raise_error(res)
136
+ end
137
+ end
138
+
139
+ # Remove a role from a user
140
+ #
141
+ # @param user_id [String] The user_id of the role you want to assign a role to.
142
+ # @param role_id [String] The role_id of the role you want to assign to a user.
143
+ #
144
+ # @return [nil] if remove was successful
145
+ #
146
+ # @raise [Warrant::InternalError]
147
+ # @raise [Warrant::InvalidRequestError]
148
+ # @raise [Warrant::MissingRequiredParameterError]
149
+ # @raise [Warrant::NotFoundError]
150
+ # @raise [Warrant::UnauthorizedError]
151
+ # @raise [Warrant::WarrantError]
152
+ def self.remove_from_user(user_id, role_id)
153
+ res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
154
+
155
+ case res
156
+ when Net::HTTPSuccess
157
+ return
158
+ else
159
+ APIOperations.raise_error(res)
160
+ end
161
+ end
162
+
163
+ # Assign a permission to a role
164
+ #
165
+ # @param permission_id [String] The permission_id of the permission you want to assign to a role.
166
+ #
167
+ # @return [Permission] assigned permission
168
+ #
169
+ # @raise [Warrant::InternalError]
170
+ # @raise [Warrant::InvalidRequestError]
171
+ # @raise [Warrant::MissingRequiredParameterError]
172
+ # @raise [Warrant::NotFoundError]
173
+ # @raise [Warrant::UnauthorizedError]
174
+ # @raise [Warrant::WarrantError]
175
+ def assign_permission(permission_id)
176
+ return Permission.assign_to_role(role_id, permission_id)
177
+ end
178
+
179
+ # Remove a permission from a role
180
+ #
181
+ # @param permission_id [String] The permission_id of the permission you want to assign to a role.
182
+ #
183
+ # @return [nil] if remove was successful
184
+ #
185
+ # @raise [Warrant::InternalError]
186
+ # @raise [Warrant::InvalidRequestError]
187
+ # @raise [Warrant::MissingRequiredParameterError]
188
+ # @raise [Warrant::NotFoundError]
189
+ # @raise [Warrant::UnauthorizedError]
190
+ # @raise [Warrant::WarrantError]
191
+ def remove_permission(permission_id)
192
+ return Permission.remove_from_role(role_id, permission_id)
193
+ end
10
194
  end
11
195
  end