warrant 0.1.5 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +19 -82
- data/lib/warrant/api_operations.rb +75 -0
- data/lib/warrant/errors.rb +47 -0
- data/lib/warrant/models/permission.rb +202 -1
- data/lib/warrant/models/role.rb +184 -0
- data/lib/warrant/models/session.rb +61 -0
- data/lib/warrant/models/{userset.rb → subject.rb} +2 -2
- data/lib/warrant/models/tenant.rb +160 -3
- data/lib/warrant/models/user.rb +313 -3
- data/lib/warrant/models/warrant.rb +214 -4
- data/lib/warrant/util.rb +22 -0
- data/lib/warrant/version.rb +1 -1
- data/lib/warrant/warrant_configuration.rb +4 -1
- data/lib/warrant.rb +5 -3
- metadata +10 -8
- data/lib/warrant/warrant_client.rb +0 -308
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5c44e60e9d2c5fef31622621a356033848368ba16854759d81ec6797ba3a0dbe
|
4
|
+
data.tar.gz: 146f08b5bac7ed1db618f39ef8e6c7f0a2884b8167e65c3812d2ee0d41fcf2c6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 27f2a30747e35747387f294a05d221571488fc60f4c4522257770352eeea31ad1785c77b5579c2de031265c07ade7f9fe49b7cb91962282a662e53e3945ba758
|
7
|
+
data.tar.gz: 59c909e93d57c04301bcf13600573e073ebe61c83493ceed1c280c9629745cfe1cc40e089d71a804608bd768d39039563cfae2cde9410c30d19a9d007f29a35a
|
data/README.md
CHANGED
@@ -3,9 +3,10 @@
|
|
3
3
|
Use [Warrant](https://warrant.dev/) in ruby projects.
|
4
4
|
|
5
5
|
[![Gem Version](https://badge.fury.io/rb/warrant.svg)](https://badge.fury.io/rb/warrant)
|
6
|
-
[![
|
6
|
+
[![Slack](https://img.shields.io/badge/slack-join-brightgreen)](https://join.slack.com/t/warrantcommunity/shared_invite/zt-12g84updv-5l1pktJf2bI5WIKN4_~f4w)
|
7
7
|
|
8
8
|
## Installation
|
9
|
+
---
|
9
10
|
|
10
11
|
Add this line to your application's Gemfile:
|
11
12
|
|
@@ -17,99 +18,39 @@ And then execute:
|
|
17
18
|
|
18
19
|
$ bundle install
|
19
20
|
|
20
|
-
Or install it yourself
|
21
|
+
Or install it yourself:
|
21
22
|
|
22
23
|
$ gem install warrant
|
23
24
|
|
24
|
-
|
25
|
+
You can also build the gem from source:
|
25
26
|
|
26
|
-
|
27
|
-
require 'warrant'
|
28
|
-
Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
|
29
|
-
```
|
27
|
+
$ gem build warrant.gemspec
|
30
28
|
|
31
|
-
|
32
|
-
|
33
|
-
This method creates a user entity in Warrant with the specified `user_d`. Provide an optional `username` to make it easier to identify users in the Warrant dashboard.
|
34
|
-
|
35
|
-
```ruby
|
36
|
-
# Create user with user email and id
|
37
|
-
Warrant::WarrantClient.create_user(user.email, user.id)
|
38
|
-
|
39
|
-
# Create user with generated id
|
40
|
-
Warrant::WarrantClient.create_user()
|
41
|
-
```
|
42
|
-
|
43
|
-
### `create_warrant(object_type, object_id, relation, user)`
|
44
|
-
|
45
|
-
#### **User parameters**
|
46
|
-
Can provide either a user id, or a combination of object type, object id, and relation
|
29
|
+
## Documentation
|
47
30
|
---
|
48
|
-
#### **user_id**
|
49
|
-
Creates a warrant for the user specified by user_id
|
50
|
-
|
51
|
-
#### **object_type**
|
52
|
-
#### **object_id**
|
53
|
-
#### **relation**
|
54
|
-
Creates a warrant for the given userset specified by object type, object id, and relation
|
55
|
-
|
56
|
-
|
57
|
-
This method creates a warrant which specifies that the provided `user` (or userset) has `relation` on the object of type `objectType` with id `objectId`.
|
58
|
-
|
59
|
-
```ruby
|
60
|
-
# Create a warrant allowing user.id to "view" the store with id store.id
|
61
|
-
Warrant::WarrantClient.create_warrant('store', store.id, 'view', { user_id: user.id })
|
62
|
-
|
63
|
-
# Create a warrant specifying all members of the manager role to "view" store of id store.id
|
64
|
-
Warrant::WarrantClient.create_warrant('store', store.id, 'view', { object_type: 'role', object_id: 'manager', relation: 'member' })
|
65
|
-
```
|
66
|
-
|
67
|
-
### `create_session(userId)`
|
68
31
|
|
69
|
-
|
70
|
-
|
71
|
-
```ruby
|
72
|
-
# Create session token for user
|
73
|
-
Warrant::WarrantClient.create_session(user.id)
|
74
|
-
```
|
75
|
-
|
76
|
-
### `is_authorized(object_type, object_id, relation, user_id)`
|
77
|
-
|
78
|
-
This method returns `true` if the user with the specified `user_id` has the specified `relation` to the object of type `object_type` with id `objectId` and `false` otherwise.
|
79
|
-
|
80
|
-
```ruby
|
81
|
-
# Example: user 123 can only view store 824
|
82
|
-
Warrant::WarrantClient.is_authorized('store', '824', 'view', '123') # true
|
83
|
-
Warrant::WarrantClient.is_authorized('store', '824', 'edit', '123') # false
|
84
|
-
```
|
85
|
-
|
86
|
-
### `list_warrants(filters = {})`
|
87
|
-
This method returns all warrants that match the filters provided, or all warrants for your organization if none are provided.
|
32
|
+
- [Ruby API Docs](https://rubydoc.info/gems/warrant)
|
33
|
+
- [Warrant Docs](https://docs.warrant.dev/)
|
88
34
|
|
89
|
-
|
35
|
+
## Requirements
|
90
36
|
---
|
91
|
-
#### **object_type**
|
92
|
-
Only return warrants with the given object type.
|
93
|
-
|
94
|
-
#### **object_id**
|
95
|
-
Only return warrants with the given object id.
|
96
37
|
|
97
|
-
|
98
|
-
Only return warrants with the given relation.
|
99
|
-
|
100
|
-
#### **user_id**
|
101
|
-
Only return warrants with the given user id
|
38
|
+
- Ruby 2.3+.
|
102
39
|
|
40
|
+
## Usage
|
41
|
+
---
|
103
42
|
|
104
43
|
```ruby
|
105
|
-
|
106
|
-
Warrant
|
44
|
+
require 'warrant'
|
45
|
+
Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
|
107
46
|
|
108
|
-
#
|
109
|
-
Warrant::
|
47
|
+
# create a user
|
48
|
+
Warrant::User.create(user_id: "user123")
|
49
|
+
|
50
|
+
# check whether user slp951 has view access to report 7asm24
|
51
|
+
Warrant::Warrant.is_authorized?(object_type: "report", object_id: "7asm24", relation: "viewer", subject: { object_id: "user", object_id: "slp951" })
|
110
52
|
```
|
111
53
|
|
112
|
-
---
|
113
54
|
|
114
55
|
We’ve used a random API key in these code examples. Replace it with your [actual publishable API keys](https://app.warrant.dev) to
|
115
56
|
test this code through your own Warrant account.
|
@@ -117,7 +58,3 @@ test this code through your own Warrant account.
|
|
117
58
|
For more information on how to use the Warrant API, please refer to the [Warrant API reference](https://docs.warrant.dev).
|
118
59
|
|
119
60
|
Note that we may release new [minor and patch](https://semver.org/) versions of this library with small but backwards-incompatible fixes to the type declarations. These changes will not affect Warrant itself.
|
120
|
-
|
121
|
-
## Warrant Documentation
|
122
|
-
|
123
|
-
- [Warrant Docs](https://docs.warrant.dev/)
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Warrant
|
4
|
+
# @!visibility private
|
5
|
+
class APIOperations
|
6
|
+
class << self
|
7
|
+
def post(uri, params = {}, use_ssl = true)
|
8
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
9
|
+
http.use_ssl = use_ssl
|
10
|
+
headers = {
|
11
|
+
"Authorization": "ApiKey #{::Warrant.config.api_key}"
|
12
|
+
}
|
13
|
+
http.post(uri.path, params.to_json, headers)
|
14
|
+
end
|
15
|
+
|
16
|
+
def delete(uri, params = {})
|
17
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
18
|
+
http.use_ssl = true
|
19
|
+
request = Net::HTTP::Delete.new(uri.path)
|
20
|
+
request["Authorization"] = "ApiKey #{::Warrant.config.api_key}"
|
21
|
+
|
22
|
+
http.request(request, params.to_json)
|
23
|
+
end
|
24
|
+
|
25
|
+
def get(uri, params = {})
|
26
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
27
|
+
http.use_ssl = true
|
28
|
+
headers = {
|
29
|
+
"Authorization": "ApiKey #{::Warrant.config.api_key}"
|
30
|
+
}
|
31
|
+
|
32
|
+
unless params.empty?
|
33
|
+
normalized_params = Util.normalize_params(params.compact)
|
34
|
+
uri.query = URI.encode_www_form(normalized_params)
|
35
|
+
end
|
36
|
+
|
37
|
+
http.get(uri, headers)
|
38
|
+
end
|
39
|
+
|
40
|
+
def put(uri, params = {})
|
41
|
+
http = Net::HTTP.new(uri.host, uri.port)
|
42
|
+
http.use_ssl = true
|
43
|
+
headers = {
|
44
|
+
"Authorization": "ApiKey #{::Warrant.config.api_key}"
|
45
|
+
}
|
46
|
+
http.put(uri.path, params.to_json, headers)
|
47
|
+
end
|
48
|
+
|
49
|
+
def raise_error(response)
|
50
|
+
error_code = JSON.parse(response.body)['code']
|
51
|
+
|
52
|
+
case error_code
|
53
|
+
when Error::DUPLICATE_RECORD_ERROR
|
54
|
+
raise DuplicateRecordError.initialize_error_from_response(response)
|
55
|
+
when Error::INTERNAL_ERROR
|
56
|
+
raise InternalError.initialize_error_from_response(response)
|
57
|
+
when Error::INVALID_REQUEST_ERROR
|
58
|
+
raise InvalidRequestError.initialize_error_from_response(response)
|
59
|
+
when Error::INVALID_PARAMETER_ERROR
|
60
|
+
raise InvalidParameterError.initialize_error_from_response(response)
|
61
|
+
when Error::MISSING_REQUIRED_PARAMETER_ERROR
|
62
|
+
raise MissingRequiredParameterError.initialize_error_from_response(response)
|
63
|
+
when Error::NOT_FOUND_ERROR
|
64
|
+
raise NotFoundError.initialize_error_from_response(response)
|
65
|
+
when Error::UNAUTHORIZED_ERROR
|
66
|
+
raise UnauthorizedError.initialize_error_from_response(response)
|
67
|
+
when Error::UNKNOWN_ORIGIN_ERROR
|
68
|
+
raise UnknownOriginError.initialize_error_from_response(response)
|
69
|
+
else
|
70
|
+
raise WarrantError.initialize_error_from_response(response)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Warrant
|
4
|
+
class Error
|
5
|
+
DUPLICATE_RECORD_ERROR = "duplicate_record"
|
6
|
+
INTERNAL_ERROR = "internal_error"
|
7
|
+
INVALID_REQUEST_ERROR = "invalid_request"
|
8
|
+
INVALID_PARAMETER_ERROR = "invalid_parameter"
|
9
|
+
MISSING_REQUIRED_PARAMETER_ERROR = "missing_required_parameter"
|
10
|
+
NOT_FOUND_ERROR = "not_found"
|
11
|
+
UNAUTHORIZED_ERROR = "unauthorized"
|
12
|
+
end
|
13
|
+
|
14
|
+
class WarrantError < StandardError
|
15
|
+
attr_reader :code, :headers, :message, :http_status, :http_headers, :http_body, :json_body
|
16
|
+
|
17
|
+
def initialize(code = nil, message = nil, http_status = nil, http_headers = nil, http_body = nil, json_body = nil)
|
18
|
+
@code = code
|
19
|
+
@headers = headers
|
20
|
+
@message = message
|
21
|
+
@http_status = http_status
|
22
|
+
@http_headers = http_headers
|
23
|
+
@http_body = http_body
|
24
|
+
@json_body = json_body
|
25
|
+
end
|
26
|
+
|
27
|
+
def self.initialize_error_from_response(response)
|
28
|
+
response_json = JSON.parse(response.body)
|
29
|
+
self.new(
|
30
|
+
response_json['code'],
|
31
|
+
Util.snake_case(response_json['message']),
|
32
|
+
response.code,
|
33
|
+
response.to_hash,
|
34
|
+
response.body,
|
35
|
+
response_json
|
36
|
+
)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
class DuplicateRecordError < WarrantError; end
|
41
|
+
class InternalError < WarrantError; end
|
42
|
+
class InvalidRequestError < WarrantError; end
|
43
|
+
class InvalidParameterError < WarrantError; end
|
44
|
+
class MissingRequiredParameterError < WarrantError; end
|
45
|
+
class NotFoundError < WarrantError; end
|
46
|
+
class UnauthorizedError < WarrantError; end
|
47
|
+
end
|
@@ -3,9 +3,210 @@
|
|
3
3
|
module Warrant
|
4
4
|
class Permission
|
5
5
|
attr_reader :permission_id
|
6
|
-
|
6
|
+
|
7
|
+
# @!visibility private
|
7
8
|
def initialize(permission_id)
|
8
9
|
@permission_id = permission_id
|
9
10
|
end
|
11
|
+
|
12
|
+
# Creates a permission with the given parameters
|
13
|
+
#
|
14
|
+
# @option params [String] :permission_id A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'. (optional)
|
15
|
+
#
|
16
|
+
# @return [Permission] created permission
|
17
|
+
#
|
18
|
+
# @example Create a new Permission with the permission id "test-permission"
|
19
|
+
# Warrant::Permission.create(permission_id: "test-permission")
|
20
|
+
#
|
21
|
+
# @raise [Warrant::DuplicateRecordError]
|
22
|
+
# @raise [Warrant::InternalError]
|
23
|
+
# @raise [Warrant::InvalidParameterError]
|
24
|
+
# @raise [Warrant::InvalidRequestError]
|
25
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
26
|
+
# @raise [Warrant::NotFoundError]
|
27
|
+
# @raise [Warrant::UnauthorizedError]
|
28
|
+
# @raise [Warrant::WarrantError]
|
29
|
+
def self.create(params = {})
|
30
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/permissions"), Util.normalize_params(params))
|
31
|
+
|
32
|
+
case res
|
33
|
+
when Net::HTTPSuccess
|
34
|
+
res_json = JSON.parse(res.body)
|
35
|
+
Permission.new(res_json['permissionId'])
|
36
|
+
else
|
37
|
+
APIOperations.raise_error(res)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# Deletes a permission with given permission id
|
42
|
+
#
|
43
|
+
# @param permission_id [String] A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
|
44
|
+
#
|
45
|
+
# @return [nil] if delete was successful
|
46
|
+
#
|
47
|
+
# @example Delete a Permission with the permission id "test-permission"
|
48
|
+
# Warrant::Permission.delete("test-permission")
|
49
|
+
#
|
50
|
+
# @raise [Warrant::InternalError]
|
51
|
+
# @raise [Warrant::InvalidRequestError]
|
52
|
+
# @raise [Warrant::NotFoundError]
|
53
|
+
# @raise [Warrant::UnauthorizedError]
|
54
|
+
# @raise [Warrant::WarrantError]
|
55
|
+
def self.delete(permission_id)
|
56
|
+
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}"))
|
57
|
+
|
58
|
+
case res
|
59
|
+
when Net::HTTPSuccess
|
60
|
+
return
|
61
|
+
else
|
62
|
+
APIOperations.raise_error(res)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
# Lists all permissions for your organization
|
67
|
+
#
|
68
|
+
# @return [Array<Permission>] all permissions for organization
|
69
|
+
#
|
70
|
+
# @example List all permissions
|
71
|
+
# Warrant::Permission.list()
|
72
|
+
#
|
73
|
+
# @raise [Warrant::InternalError]
|
74
|
+
# @raise [Warrant::InvalidRequestError]
|
75
|
+
# @raise [Warrant::NotFoundError]
|
76
|
+
# @raise [Warrant::UnauthorizedError]
|
77
|
+
# @raise [Warrant::WarrantError]
|
78
|
+
def self.list(filters = {})
|
79
|
+
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/permissions"))
|
80
|
+
|
81
|
+
case res
|
82
|
+
when Net::HTTPSuccess
|
83
|
+
permissions = JSON.parse(res.body)
|
84
|
+
permissions.map{ |permission| Permission.new(permission['permissionId']) }
|
85
|
+
else
|
86
|
+
APIOperations.raise_error(res)
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
# Get a permission with the given permission_id
|
91
|
+
#
|
92
|
+
# @param permission_id [String] A string identifier for this new permission. The permission_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
|
93
|
+
#
|
94
|
+
# @return [Permission] retrieved permission
|
95
|
+
#
|
96
|
+
# @raise [Warrant::InternalError]
|
97
|
+
# @raise [Warrant::InvalidParameterError]
|
98
|
+
# @raise [Warrant::InvalidRequestError]
|
99
|
+
# @raise [Warrant::NotFoundError]
|
100
|
+
# @raise [Warrant::UnauthorizedError]
|
101
|
+
# @raise [Warrant::WarrantError]
|
102
|
+
def self.get(permission_id)
|
103
|
+
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}"))
|
104
|
+
|
105
|
+
case res
|
106
|
+
when Net::HTTPSuccess
|
107
|
+
permission = JSON.parse(res.body)
|
108
|
+
Permission.new(permission['permissionId'])
|
109
|
+
else
|
110
|
+
APIOperations.raise_error(res)
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
# Assign a permission to a role
|
115
|
+
#
|
116
|
+
# @param role_id [String] The role_id of the role you want to assign a permission to.
|
117
|
+
# @param permission_id [String] The permission_id of the permission you want to assign to a role.
|
118
|
+
#
|
119
|
+
# @return [Permission] assigned permission
|
120
|
+
#
|
121
|
+
# @raise [Warrant::InternalError]
|
122
|
+
# @raise [Warrant::InvalidRequestError]
|
123
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
124
|
+
# @raise [Warrant::NotFoundError]
|
125
|
+
# @raise [Warrant::UnauthorizedError]
|
126
|
+
# @raise [Warrant::WarrantError]
|
127
|
+
def self.assign_to_role(role_id, permission_id)
|
128
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
|
129
|
+
|
130
|
+
case res
|
131
|
+
when Net::HTTPSuccess
|
132
|
+
permission = JSON.parse(res.body)
|
133
|
+
Permission.new(permission['permissionId'])
|
134
|
+
else
|
135
|
+
APIOperations.raise_error(res)
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
# Remove a permission from a role
|
140
|
+
#
|
141
|
+
# @param role_id [String] The role_id of the role you want to assign a permission to.
|
142
|
+
# @param permission_id [String] The permission_id of the permission you want to assign to a role.
|
143
|
+
#
|
144
|
+
# @return [nil] if remove was successful
|
145
|
+
#
|
146
|
+
# @raise [Warrant::InternalError]
|
147
|
+
# @raise [Warrant::InvalidRequestError]
|
148
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
149
|
+
# @raise [Warrant::NotFoundError]
|
150
|
+
# @raise [Warrant::UnauthorizedError]
|
151
|
+
# @raise [Warrant::WarrantError]
|
152
|
+
def self.remove_from_role(role_id, permission_id)
|
153
|
+
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}/permissions/#{permission_id}"))
|
154
|
+
|
155
|
+
case res
|
156
|
+
when Net::HTTPSuccess
|
157
|
+
return
|
158
|
+
else
|
159
|
+
APIOperations.raise_error(res)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
# Assign a permission to a user
|
164
|
+
#
|
165
|
+
# @param user_id [String] The user_id of the user you want to assign a permission to.
|
166
|
+
# @param permission_id [String] The permission_id of the permission you want to assign to a user.
|
167
|
+
#
|
168
|
+
# @return [Permission] assigned permission
|
169
|
+
#
|
170
|
+
# @raise [Warrant::InternalError]
|
171
|
+
# @raise [Warrant::InvalidRequestError]
|
172
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
173
|
+
# @raise [Warrant::NotFoundError]
|
174
|
+
# @raise [Warrant::UnauthorizedError]
|
175
|
+
# @raise [Warrant::WarrantError]
|
176
|
+
def self.assign_to_user(user_id, permission_id)
|
177
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
|
178
|
+
|
179
|
+
case res
|
180
|
+
when Net::HTTPSuccess
|
181
|
+
permission = JSON.parse(res.body)
|
182
|
+
Permission.new(permission['permissionId'])
|
183
|
+
else
|
184
|
+
APIOperations.raise_error(res)
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
188
|
+
# Remove a permission from a user
|
189
|
+
#
|
190
|
+
# @param user_id [String] The user_id of the user you want to assign a permission to.
|
191
|
+
# @param permission_id [String] The permission_id of the permission you want to assign to a user.
|
192
|
+
#
|
193
|
+
# @return [nil] if remove was successful
|
194
|
+
#
|
195
|
+
# @raise [Warrant::InternalError]
|
196
|
+
# @raise [Warrant::InvalidRequestError]
|
197
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
198
|
+
# @raise [Warrant::NotFoundError]
|
199
|
+
# @raise [Warrant::UnauthorizedError]
|
200
|
+
# @raise [Warrant::WarrantError]
|
201
|
+
def self.remove_from_user(user_id, permission_id)
|
202
|
+
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}"))
|
203
|
+
|
204
|
+
case res
|
205
|
+
when Net::HTTPSuccess
|
206
|
+
return
|
207
|
+
else
|
208
|
+
APIOperations.raise_error(res)
|
209
|
+
end
|
210
|
+
end
|
10
211
|
end
|
11
212
|
end
|
data/lib/warrant/models/role.rb
CHANGED
@@ -4,8 +4,192 @@ module Warrant
|
|
4
4
|
class Role
|
5
5
|
attr_reader :role_id
|
6
6
|
|
7
|
+
# @!visibility private
|
7
8
|
def initialize(role_id)
|
8
9
|
@role_id = role_id
|
9
10
|
end
|
11
|
+
|
12
|
+
# Creates a role with the given parameters
|
13
|
+
#
|
14
|
+
# @option params [String] :role_id A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'. (optional)
|
15
|
+
#
|
16
|
+
# @return [Role] created role
|
17
|
+
#
|
18
|
+
# @example Create a new Role with the role id "test-role"
|
19
|
+
# Warrant::Role.create(role_id: "test-role")
|
20
|
+
#
|
21
|
+
# @raise [Warrant::DuplicateRecordError]
|
22
|
+
# @raise [Warrant::InternalError]
|
23
|
+
# @raise [Warrant::InvalidParameterError]
|
24
|
+
# @raise [Warrant::InvalidRequestError]
|
25
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
26
|
+
# @raise [Warrant::NotFoundError]
|
27
|
+
# @raise [Warrant::UnauthorizedError]
|
28
|
+
# @raise [Warrant::WarrantError]
|
29
|
+
def self.create(params = {})
|
30
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/roles"), Util.normalize_params(params))
|
31
|
+
|
32
|
+
case res
|
33
|
+
when Net::HTTPSuccess
|
34
|
+
res_json = JSON.parse(res.body)
|
35
|
+
Role.new(res_json['roleId'])
|
36
|
+
else
|
37
|
+
APIOperations.raise_error(res)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# Deletes a role with given role id
|
42
|
+
#
|
43
|
+
# @param role_id [String] A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
|
44
|
+
#
|
45
|
+
# @return [nil] if delete was successful
|
46
|
+
#
|
47
|
+
# @example Delete a Role with the role id "test-role"
|
48
|
+
# Warrant::Role.delete("test-role")
|
49
|
+
#
|
50
|
+
# @raise [Warrant::InternalError]
|
51
|
+
# @raise [Warrant::InvalidRequestError]
|
52
|
+
# @raise [Warrant::NotFoundError]
|
53
|
+
# @raise [Warrant::UnauthorizedError]
|
54
|
+
# @raise [Warrant::WarrantError]
|
55
|
+
def self.delete(role_id)
|
56
|
+
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}"))
|
57
|
+
|
58
|
+
case res
|
59
|
+
when Net::HTTPSuccess
|
60
|
+
return
|
61
|
+
else
|
62
|
+
APIOperations.raise_error(res)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
# Lists all roles for your organization
|
67
|
+
#
|
68
|
+
# @return [Array<Role>] all roles for your organization
|
69
|
+
#
|
70
|
+
# @example List all roles
|
71
|
+
# Warrant::Role.list()
|
72
|
+
#
|
73
|
+
# @raise [Warrant::InternalError]
|
74
|
+
# @raise [Warrant::InvalidRequestError]
|
75
|
+
# @raise [Warrant::NotFoundError]
|
76
|
+
# @raise [Warrant::UnauthorizedError]
|
77
|
+
# @raise [Warrant::WarrantError]
|
78
|
+
def self.list(filters = {})
|
79
|
+
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/roles"))
|
80
|
+
|
81
|
+
case res
|
82
|
+
when Net::HTTPSuccess
|
83
|
+
roles = JSON.parse(res.body)
|
84
|
+
roles.map{ |role| Role.new(role['roleId']) }
|
85
|
+
else
|
86
|
+
APIOperations.raise_error(res)
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
# Get a role with the given role_id
|
91
|
+
#
|
92
|
+
# @param role_id [String] A string identifier for this new role. The role_id can only be composed of lower-case alphanumeric chars and/or '-' and '_'.
|
93
|
+
#
|
94
|
+
# @return [Role] retrieved role
|
95
|
+
#
|
96
|
+
# @raise [Warrant::InternalError]
|
97
|
+
# @raise [Warrant::InvalidParameterError]
|
98
|
+
# @raise [Warrant::InvalidRequestError]
|
99
|
+
# @raise [Warrant::NotFoundError]
|
100
|
+
# @raise [Warrant::UnauthorizedError]
|
101
|
+
# @raise [Warrant::WarrantError]
|
102
|
+
def self.get(role_id)
|
103
|
+
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}"))
|
104
|
+
|
105
|
+
case res
|
106
|
+
when Net::HTTPSuccess
|
107
|
+
role = JSON.parse(res.body)
|
108
|
+
Role.new(role['roleId'])
|
109
|
+
else
|
110
|
+
APIOperations.raise_error(res)
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
# Assign a role to a user
|
115
|
+
#
|
116
|
+
# @param user_id [String] The user_id of the user you want to assign a role to.
|
117
|
+
# @param role_id [String] The role_id of the role you want to assign to a user.
|
118
|
+
#
|
119
|
+
# @return [Permission] assigned role
|
120
|
+
#
|
121
|
+
# @raise [Warrant::InternalError]
|
122
|
+
# @raise [Warrant::InvalidRequestError]
|
123
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
124
|
+
# @raise [Warrant::NotFoundError]
|
125
|
+
# @raise [Warrant::UnauthorizedError]
|
126
|
+
# @raise [Warrant::WarrantError]
|
127
|
+
def self.assign_to_user(user_id, role_id)
|
128
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
|
129
|
+
|
130
|
+
case res
|
131
|
+
when Net::HTTPSuccess
|
132
|
+
role = JSON.parse(res.body)
|
133
|
+
Role.new(role['permissionId'])
|
134
|
+
else
|
135
|
+
APIOperations.raise_error(res)
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
# Remove a role from a user
|
140
|
+
#
|
141
|
+
# @param user_id [String] The user_id of the role you want to assign a role to.
|
142
|
+
# @param role_id [String] The role_id of the role you want to assign to a user.
|
143
|
+
#
|
144
|
+
# @return [nil] if remove was successful
|
145
|
+
#
|
146
|
+
# @raise [Warrant::InternalError]
|
147
|
+
# @raise [Warrant::InvalidRequestError]
|
148
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
149
|
+
# @raise [Warrant::NotFoundError]
|
150
|
+
# @raise [Warrant::UnauthorizedError]
|
151
|
+
# @raise [Warrant::WarrantError]
|
152
|
+
def self.remove_from_user(user_id, role_id)
|
153
|
+
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}"))
|
154
|
+
|
155
|
+
case res
|
156
|
+
when Net::HTTPSuccess
|
157
|
+
return
|
158
|
+
else
|
159
|
+
APIOperations.raise_error(res)
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
# Assign a permission to a role
|
164
|
+
#
|
165
|
+
# @param permission_id [String] The permission_id of the permission you want to assign to a role.
|
166
|
+
#
|
167
|
+
# @return [Permission] assigned permission
|
168
|
+
#
|
169
|
+
# @raise [Warrant::InternalError]
|
170
|
+
# @raise [Warrant::InvalidRequestError]
|
171
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
172
|
+
# @raise [Warrant::NotFoundError]
|
173
|
+
# @raise [Warrant::UnauthorizedError]
|
174
|
+
# @raise [Warrant::WarrantError]
|
175
|
+
def assign_permission(permission_id)
|
176
|
+
return Permission.assign_to_role(role_id, permission_id)
|
177
|
+
end
|
178
|
+
|
179
|
+
# Remove a permission from a role
|
180
|
+
#
|
181
|
+
# @param permission_id [String] The permission_id of the permission you want to assign to a role.
|
182
|
+
#
|
183
|
+
# @return [nil] if remove was successful
|
184
|
+
#
|
185
|
+
# @raise [Warrant::InternalError]
|
186
|
+
# @raise [Warrant::InvalidRequestError]
|
187
|
+
# @raise [Warrant::MissingRequiredParameterError]
|
188
|
+
# @raise [Warrant::NotFoundError]
|
189
|
+
# @raise [Warrant::UnauthorizedError]
|
190
|
+
# @raise [Warrant::WarrantError]
|
191
|
+
def remove_permission(permission_id)
|
192
|
+
return Permission.remove_from_role(role_id, permission_id)
|
193
|
+
end
|
10
194
|
end
|
11
195
|
end
|