warrant 0.1.5 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +19 -82
  3. data/lib/warrant/api_operations.rb +75 -0
  4. data/lib/warrant/errors.rb +47 -0
  5. data/lib/warrant/models/permission.rb +202 -1
  6. data/lib/warrant/models/role.rb +184 -0
  7. data/lib/warrant/models/session.rb +61 -0
  8. data/lib/warrant/models/{userset.rb → subject.rb} +2 -2
  9. data/lib/warrant/models/tenant.rb +160 -3
  10. data/lib/warrant/models/user.rb +313 -3
  11. data/lib/warrant/models/warrant.rb +214 -4
  12. data/lib/warrant/util.rb +22 -0
  13. data/lib/warrant/version.rb +1 -1
  14. data/lib/warrant/warrant_configuration.rb +4 -1
  15. data/lib/warrant.rb +5 -3
  16. metadata +10 -8
  17. data/lib/warrant/warrant_client.rb +0 -308
data/lib/warrant/models/warrant.rb CHANGED
@@ -2,14 +2,224 @@
2
2
 
3
3
  module Warrant
4
4
  class Warrant
5
- attr_reader :id, :object_type, :object_id, :relation, :user
5
+ attr_reader :id, :object_type, :object_id, :relation, :subject
6
6
 
7
- def initialize(id, object_type, object_id, relation, user)
8
- @id = id
7
+ # @!visibility private
8
+ def initialize(object_type, object_id, relation, subject)
9
9
  @object_type = object_type
10
10
  @object_id = object_id
11
11
  @relation = relation
12
- @user = Userset.new(user['objectType'], user['objectId'], user['relation'])
12
+ @subject = subject
13
+ end
14
+
15
+ # Create a new warrant that associates an object (object_type and object_id) to a subject via a relation.
16
+ #
17
+ # @option params [String] :object_type The type of object. Must be one of your system's existing object types.
18
+ # @option params [String] :object_id The id of the specific object.
19
+ # @option params [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition.
20
+ # @option params [Hash] :subject The specific subject (object, user etc.) to be associated with the object. A subject can either be a specific object (by id) or a group of objects defined by a set containing an objectType, objectId and relation.
21
+ # * :object_type (String) - The type of object. Must be one of your system's existing object types.
22
+ # * :object_id (String) - The id of the specific object.
23
+ # * :relation (String) - The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
24
+ #
25
+ # @return [Warrant] created warrant
26
+ #
27
+ # @raise [Warrant::DuplicateRecordError]
28
+ # @raise [Warrant::InternalError]
29
+ # @raise [Warrant::InvalidParameterError]
30
+ # @raise [Warrant::InvalidRequestError]
31
+ # @raise [Warrant::MissingRequiredParameterError]
32
+ # @raise [Warrant::NotFoundError]
33
+ # @raise [Warrant::UnauthorizedError]
34
+ # @raise [Warrant::WarrantError]
35
+ def self.create(params = {})
36
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
37
+ res_json = JSON.parse(res.body)
38
+
39
+ case res
40
+ when Net::HTTPSuccess
41
+ subject = Subject.new(res_json['subject']['objectType'], res_json['subject']['objectId'])
42
+ Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject)
43
+ else
44
+ APIOperations.raise_error(res)
45
+ end
46
+ end
47
+
48
+ # Deletes a warrant specified by the combination of object_type, object_id, relation, and subject.
49
+ #
50
+ # @option params [String] :object_type The type of object. Must be one of your system's existing object types.
51
+ # @option params [String] :object_id The id of the specific object.
52
+ # @option params [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition.
53
+ # @option params [Hash] :subject The specific subject (object, user etc.) to be associated with the object. A subject can either be a specific object (by id) or a group of objects defined by a set containing an objectType, objectId and relation.
54
+ # * :object_type [String] The type of object. Must be one of your system's existing object types.
55
+ # * :object_id [String] The id of the specific object.
56
+ # * :relation [String] The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
57
+ #
58
+ # @return [nil] if delete was successful
59
+ #
60
+ # @raise [Warrant::InternalError]
61
+ # @raise [Warrant::InvalidParameterError]
62
+ # @raise [Warrant::InvalidRequestError]
63
+ # @raise [Warrant::MissingRequiredParameterError]
64
+ # @raise [Warrant::NotFoundError]
65
+ # @raise [Warrant::UnauthorizedError]
66
+ # @raise [Warrant::WarrantError]
67
+ def self.delete(params = {})
68
+ res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
69
+
70
+ case res
71
+ when Net::HTTPSuccess
72
+ return
73
+ else
74
+ APIOperations.raise_error(res)
75
+ end
76
+ end
77
+
78
+ # List all warrants for your organization.
79
+ #
80
+ # @option filters [String] :object_type The type of object. Must be one of your system's existing object types. (optional)
81
+ # @option filters [String] :object_id The id of the specific object. (optional)
82
+ # @option filters [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
83
+ #
84
+ # @return [Array<Warrant>] list of all warrants with provided filters
85
+ #
86
+ # @raise [Warrant::InternalError]
87
+ # @raise [Warrant::InvalidRequestError]
88
+ # @raise [Warrant::NotFoundError]
89
+ # @raise [Warrant::UnauthorizedError]
90
+ # @raise [Warrant::WarrantError]
91
+ def self.list(filters = {})
92
+ res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), filters)
93
+
94
+ case res
95
+ when Net::HTTPSuccess
96
+ warrants = JSON.parse(res.body)
97
+ warrants.map{ |warrant|
98
+ subject = Subject.new(warrant['subject']['objectType'], warrant['subject']['objectId'])
99
+ Warrant.new(warrant['objectType'], warrant['objectId'], warrant['relation'], subject)
100
+ }
101
+ else
102
+ APIOperations.raise_error(res)
103
+ end
104
+ end
105
+
106
+ # Checks whether a specified access check is authorized or not.
107
+ # If you would like to check only one warrant, then you can exclude the op param and provide an array with one warrant.
108
+ #
109
+ # @param op [String] Logical operator to perform on warrants. Can be 'anyOf' or 'allOf'. (optional)
110
+ # @param warrants [Array] Array of warrants to check access for.
111
+ # * object_type (String) - The type of object. Must be one of your system's existing object types.
112
+ # * object_id (String) - The id of the specific object.
113
+ # * relation (String) - The relation to check for this object to subject association. The relation must be valid as per the object type definition.
114
+ # * subject (Hash) - The specific subject for which access will be checked. Can be a specific object by id or an objectType, objectId and relation set.
115
+ # * object_type (String) - The type of object. Must be one of your system's existing object types.
116
+ # * object_id (String) - The id of the specific object.
117
+ # * relation (String) - The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
118
+ # @param consistentRead [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
119
+ # @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
120
+ #
121
+ # @return [Boolean] whether or not the given access check is authorized
122
+ #
123
+ # @example Check whether user "5djfs6" can view the report with id "avk2837"
124
+ # Warrant::Warrant.is_authorized?(warrants: [{ object_type: "report", object_id: "avk2837", relation: "viewer", subject: { object_type: "user", object_id: "5djfs6" } }])
125
+ #
126
+ # @example Check whether user "5djfs6" can view both report id "report-1" and report id "report-2"
127
+ # Warrant::Warrant.is_authorized?(
128
+ # op: "allOf",
129
+ # warrants: [
130
+ # { object_type: "report", object_id: "report-1", relation: "viewer", subject: { object_type: "user", object_id: "5djfs6" } }
131
+ # { object_type: "report", object_id: "report-2", relation: "viewer", subject: { object_type: "user", object_id: "5djfs6" } }
132
+ # ]
133
+ # )
134
+ #
135
+ # @raise [Warrant::InternalError]
136
+ # @raise [Warrant::InvalidParameterError]
137
+ # @raise [Warrant::InvalidRequestError]
138
+ # @raise [Warrant::MissingRequiredParameterError]
139
+ # @raise [Warrant::NotFoundError]
140
+ # @raise [Warrant::UnauthorizedError]
141
+ # @raise [Warrant::WarrantError]
142
+ def self.is_authorized?(params = {})
143
+ unless ::Warrant.config.authorize_endpoint.nil?
144
+ return edge_authorize?(params)
145
+ end
146
+
147
+ return authorize?(params)
148
+ end
149
+
150
+ # Checks whether a given user has a given permission.
151
+ #
152
+ # @param user_id [String] Id of the user to check
153
+ # @param permission_id [String] Id of the permission to check on the user
154
+ # @param consistentRead [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
155
+ # @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
156
+ #
157
+ # @return [Boolean] whether or not the user has the given permission
158
+ #
159
+ # @raise [Warrant::InternalError]
160
+ # @raise [Warrant::InvalidParameterError]
161
+ # @raise [Warrant::InvalidRequestError]
162
+ # @raise [Warrant::MissingRequiredParameterError]
163
+ # @raise [Warrant::NotFoundError]
164
+ # @raise [Warrant::UnauthorizedError]
165
+ # @raise [Warrant::WarrantError]
166
+ def self.user_has_permission?(params = {})
167
+ return is_authorized?(
168
+ warrants: [{
169
+ object_type: "permission",
170
+ object_id: params[:permission_id],
171
+ relation: "member",
172
+ subject: {
173
+ object_type: "user",
174
+ object_id: params[:user_id]
175
+ }
176
+ }],
177
+ consistentRead: params[:consistentRead],
178
+ debug: params[:debug]
179
+ )
180
+ end
181
+
182
+ private
183
+
184
+ def self.authorize?(params = {})
185
+ res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v2/authorize"), Util.normalize_params(params))
186
+ res_json = JSON.parse(res.body)
187
+
188
+ case res
189
+ when Net::HTTPSuccess
190
+ if res_json['result'] === "Authorized"
191
+ return true
192
+ elsif res_json['result'] === "Not Authorized"
193
+ return false
194
+ else
195
+ return res_json
196
+ end
197
+ else
198
+ APIOperations.raise_error(res)
199
+ end
200
+ end
201
+
202
+ def self.edge_authorize?(params = {})
203
+ request_url = URI.parse("#{::Warrant.config.authorize_endpoint}/v2/authorize")
204
+ res = APIOperations.post(request_url, Util.normalize_params(params), request_url.scheme === "https")
205
+ res_json = JSON.parse(res.body)
206
+
207
+ case res
208
+ when Net::HTTPSuccess
209
+ if res_json['result'] === "Authorized"
210
+ return true
211
+ elsif res_json['result'] === "Not Authorized"
212
+ return false
213
+ else
214
+ return res_json
215
+ end
216
+ else
217
+ if res_json['code'] === "cache_not_ready"
218
+ return authorize(params)
219
+ end
220
+
221
+ APIOperations.raise_error(res)
222
+ end
13
223
  end
14
224
  end
15
225
  end
data/lib/warrant/util.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Warrant
4
+ # @!visibility private
4
5
  class Util
5
6
  class << self
6
7
  def camelcase(str)
@@ -8,6 +9,12 @@ module Warrant
8
9
  str.sub(str[0], str[0].downcase)
9
10
  end
10
11
 
12
+ def snake_case(str)
13
+ str.gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
14
+ .gsub(/([a-z\d])([A-Z])/, '\1_\2')
15
+ .downcase
16
+ end
17
+
11
18
  def normalize_options(opts)
12
19
  new_opts = opts.each_with_object({}) do |(k, v), new_opts|
13
20
  new_key = Util.camelcase(k.to_s)
@@ -15,6 +22,21 @@ module Warrant
15
22
  new_opts[new_key] = v
16
23
  end
17
24
  end
25
+
26
+ def normalize_params(params)
27
+ new_opts = params.each_with_object({}) do |(k, v), new_opts|
28
+ new_key = Util.camelcase(k.to_s)
29
+
30
+ case v
31
+ when Hash
32
+ new_opts[new_key] = normalize_params(v)
33
+ when Array
34
+ new_opts[new_key] = v.map { |i| normalize_params(i) }
35
+ else
36
+ new_opts[new_key] = v
37
+ end
38
+ end
39
+ end
18
40
  end
19
41
  end
20
42
  end
data/lib/warrant/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Warrant
4
- VERSION = "0.1.5"
4
+ VERSION = "1.0.0"
5
5
  end
data/lib/warrant/warrant_configuration.rb CHANGED
@@ -1,13 +1,16 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Warrant
4
+ # @!visibility private
4
5
  class WarrantConfiguration
5
6
  attr_accessor :api_key
7
+ attr_accessor :authorize_endpoint
6
8
 
7
- attr_reader :api_base
9
+ attr_reader :api_base, :self_service_dash_url_base
8
10
 
9
11
  def initialize
10
12
  @api_base = "https://api.warrant.dev"
13
+ @self_service_dash_url_base = "https://self-serve.warrant.dev"
11
14
  end
12
15
  end
13
16
  end
data/lib/warrant.rb CHANGED
@@ -6,15 +6,17 @@ require "net/http"
6
6
  require "json"
7
7
  require "forwardable"
8
8
 
9
+ require "warrant/api_operations"
10
+ require "warrant/errors"
9
11
  require "warrant/models/permission"
10
12
  require "warrant/models/role"
13
+ require "warrant/models/session"
14
+ require "warrant/models/subject"
11
15
  require "warrant/models/tenant"
12
16
  require "warrant/models/user"
13
- require "warrant/models/userset"
14
17
  require "warrant/models/warrant"
15
18
  require "warrant/util"
16
19
  require "warrant/warrant_configuration"
17
- require "warrant/warrant_client"
18
20
 
19
21
  module Warrant
20
22
  @config = ::Warrant::WarrantConfiguration.new
@@ -24,6 +26,6 @@ module Warrant
24
26
 
25
27
  attr_reader :config
26
28
 
27
- def_delegators :@config, :api_key, :api_key=
29
+ def_delegators :@config, :api_key, :api_key=, :authorize_endpoint, :authorize_endpoint=
28
30
  end
29
31
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: warrant
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.5
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Warrant
8
- autorequire:
8
+ autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-06-15 00:00:00.000000000 Z
11
+ date: 2022-07-14 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: Ruby library for the Warrant API at https://warrant.dev.
14
14
  email: hello@warrant.dev
@@ -26,15 +26,17 @@ files:
26
26
  - bin/console
27
27
  - bin/setup
28
28
  - lib/warrant.rb
29
+ - lib/warrant/api_operations.rb
30
+ - lib/warrant/errors.rb
29
31
  - lib/warrant/models/permission.rb
30
32
  - lib/warrant/models/role.rb
33
+ - lib/warrant/models/session.rb
34
+ - lib/warrant/models/subject.rb
31
35
  - lib/warrant/models/tenant.rb
32
36
  - lib/warrant/models/user.rb
33
- - lib/warrant/models/userset.rb
34
37
  - lib/warrant/models/warrant.rb
35
38
  - lib/warrant/util.rb
36
39
  - lib/warrant/version.rb
37
- - lib/warrant/warrant_client.rb
38
40
  - lib/warrant/warrant_configuration.rb
39
41
  homepage: https://github.com/warrant-dev/warrant-ruby
40
42
  licenses:
@@ -44,7 +46,7 @@ metadata:
44
46
  source_code_uri: https://github.com/warrant-dev/warrant-ruby
45
47
  changelog_uri: https://github.com/warrant-dev/warrant-ruby/CHANGELOG.md
46
48
  documentation_uri: https://docs.warrant.dev/
47
- post_install_message:
49
+ post_install_message:
48
50
  rdoc_options: []
49
51
  require_paths:
50
52
  - lib
@@ -59,8 +61,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
59
61
  - !ruby/object:Gem::Version
60
62
  version: '0'
61
63
  requirements: []
62
- rubygems_version: 3.3.11
63
- signing_key:
64
+ rubygems_version: 3.2.14
65
+ signing_key:
64
66
  specification_version: 4
65
67
  summary: Warrant Ruby Library
66
68
  test_files: []
data/lib/warrant/warrant_client.rb DELETED
@@ -1,308 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Warrant
4
- class WarrantClient
5
- class << self
6
- def create_tenant(tenant_id = '')
7
- uri = URI.parse("#{::Warrant.config.api_base}/v1/tenants")
8
- params = {
9
- tenantId: tenant_id
10
- }
11
- res = post(uri, params)
12
- res_json = JSON.parse(res.body)
13
-
14
- case res
15
- when Net::HTTPSuccess
16
- Tenant.new(res_json['tenantId'])
17
- else
18
- res_json
19
- end
20
- end
21
-
22
- def delete_tenant(tenant_id)
23
- uri = URI.parse("#{::Warrant.config.api_base}/v1/tenants/#{tenant_id}")
24
- res = delete(uri)
25
-
26
- case res
27
- when Net::HTTPSuccess
28
- return
29
- else
30
- JSON.parse(res.body)
31
- end
32
- end
33
-
34
- def create_user(email = '', user_id = '')
35
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users")
36
- params = {
37
- userId: user_id,
38
- email: email
39
- }
40
- res = post(uri, params)
41
- res_json = JSON.parse(res.body)
42
-
43
- case res
44
- when Net::HTTPSuccess
45
- User.new(res_json['tenantId'], res_json['userId'], res_json['email'])
46
- else
47
- res_json
48
- end
49
- end
50
-
51
- def delete_user(user_id)
52
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}")
53
- res = delete(uri)
54
-
55
- case res
56
- when Net::HTTPSuccess
57
- return
58
- else
59
- JSON.parse(res.body)
60
- end
61
- end
62
-
63
- def create_role(role_id)
64
- uri = URI.parse("#{::Warrant.config.api_base}/v1/roles")
65
- params = {
66
- roleId: role_id
67
- }
68
- res = post(uri, params)
69
- res_json = JSON.parse(res.body)
70
-
71
- case res
72
- when Net::HTTPSuccess
73
- Role.new(res_json['roleId'])
74
- else
75
- res_json
76
- end
77
- end
78
-
79
- def delete_role(role_id)
80
- uri = URI.parse("#{::Warrant.config.api_base}/v1/roles/#{role_id}")
81
- res = delete(uri)
82
-
83
- case res
84
- when Net::HTTPSuccess
85
- return
86
- else
87
- res_json
88
- end
89
- end
90
-
91
- def create_permission(permission_id)
92
- uri = URI.parse("#{::Warrant.config.api_base}/v1/permissions")
93
- params = {
94
- permissionId: permission_id
95
- }
96
- res = post(uri, params)
97
- res_json = JSON.parse(res.body)
98
-
99
- case res
100
- when Net::HTTPSuccess
101
- Permission.new(res_json['permissionId'])
102
- else
103
- res_json
104
- end
105
- end
106
-
107
- def delete_permission(permission_id)
108
- uri = URI.parse("#{::Warrant.config.api_base}/v1/permissions/#{permission_id}")
109
- res = delete(uri)
110
-
111
- case res
112
- when Net::HTTPSuccess
113
- return
114
- else
115
- res_json
116
- end
117
- end
118
-
119
- def create_warrant(object_type, object_id, relation, user)
120
- uri = URI.parse("#{::Warrant.config.api_base}/v1/warrants")
121
- params = {
122
- objectType: object_type,
123
- objectId: object_id,
124
- relation: relation,
125
- user: Util.normalize_options(user)
126
- }
127
- res = post(uri, params)
128
- res_json = JSON.parse(res.body)
129
-
130
- case res
131
- when Net::HTTPSuccess
132
- Warrant.new(res_json['id'], res_json['objectType'], res_json['objectId'], res_json['relation'], res_json['user'])
133
- else
134
- res_json
135
- end
136
- end
137
-
138
- def delete_warrant(warrant_id)
139
- uri = URI.parse("#{::Warrant.config.api_base}/v1/warrants/#{warrant_id}")
140
- res = delete(uri)
141
-
142
- case res
143
- when Net::HTTPSuccess
144
- return
145
- else
146
- res_json
147
- end
148
- end
149
-
150
- def list_warrants(filters = {})
151
- query_string = ""
152
- unless filters.empty?
153
- new_filters = Util.normalize_options(filters.compact)
154
-
155
- query_string = URI.encode_www_form(new_filters)
156
- end
157
-
158
- uri = URI.parse("#{::Warrant.config.api_base}/v1/warrants?#{query_string}")
159
-
160
- res = get(uri)
161
- res_json = JSON.parse(res.body)
162
-
163
- case res
164
- when Net::HTTPSuccess
165
- res_json.map do |warrant|
166
- Warrant.new(warrant['id'], warrant['objectType'], warrant['objectId'], warrant['relation'], warrant['user'])
167
- end
168
- else
169
- res_json
170
- end
171
- end
172
-
173
- def assign_role_to_user(user_id, role_id)
174
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}")
175
- res = post(uri)
176
- res_json = JSON.parse(res.body)
177
-
178
- case res
179
- when Net::HTTPSuccess
180
- Role.new(res_json['roleId'])
181
- else
182
- res_json
183
- end
184
- end
185
-
186
- def remove_role_from_user(user_id, role_id)
187
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/roles/#{role_id}")
188
- res = delete(uri)
189
-
190
- case res
191
- when Net::HTTPSuccess
192
- return
193
- else
194
- res_json
195
- end
196
- end
197
-
198
- def assign_permission_to_user(user_id, permission_id)
199
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}")
200
- res = post(uri)
201
- res_json = JSON.parse(res.body)
202
-
203
- case res
204
- when Net::HTTPSuccess
205
- Permission.new(res_json['permissionId'])
206
- else
207
- res_json
208
- end
209
- end
210
-
211
- def remove_permission_from_user(user_id, permission_id)
212
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/permissions/#{permission_id}")
213
- res = delete(uri)
214
-
215
- case res
216
- when Net::HTTPSuccess
217
- return
218
- else
219
- res_json
220
- end
221
- end
222
-
223
- def create_session(user_id)
224
- uri = URI.parse("#{::Warrant.config.api_base}/v1/users/#{user_id}/sessions")
225
- res = post(uri)
226
- res_json = JSON.parse(res.body)
227
-
228
- case res
229
- when Net::HTTPSuccess
230
- res_json['token']
231
- else
232
- res_json
233
- end
234
- end
235
-
236
- def create_self_service_session(user_id, redirect_url)
237
- uri = URI.parse("#{::Warrant.config.api_base}/v1/sessions")
238
- params = {
239
- type: "ssdash",
240
- userId: user_id,
241
- redirectUrl: redirect_url
242
- }
243
- res = post(uri, params)
244
- res_json = JSON.parse(res.body)
245
-
246
- case res
247
- when Net::HTTPSuccess
248
- res_json['url']
249
- else
250
- res_json
251
- end
252
- end
253
-
254
- def is_authorized(object_type, object_id, relation, user_id)
255
- uri = URI.parse("#{::Warrant.config.api_base}/v1/authorize")
256
- params = {
257
- objectType: object_type,
258
- objectId: object_id,
259
- relation: relation,
260
- user: {
261
- userId: user_id
262
- }
263
- }
264
- res = post(uri, params)
265
- res_json = JSON.parse(res.body)
266
-
267
- if res.is_a? Net::HTTPSuccess
268
- true
269
- else
270
- false
271
- end
272
- end
273
-
274
- def has_permission(permission_id, user_id)
275
- return is_authorized("permission", permission_id, "member", user_id)
276
- end
277
-
278
- private
279
-
280
- def post(uri, params = {})
281
- http = Net::HTTP.new(uri.host, uri.port)
282
- http.use_ssl = true
283
- headers = {
284
- "Authorization": "ApiKey #{::Warrant.config.api_key}"
285
- }
286
- http.post(uri.path, params.to_json, headers)
287
- end
288
-
289
- def delete(uri)
290
- http = Net::HTTP.new(uri.host, uri.port)
291
- http.use_ssl = true
292
- headers = {
293
- "Authorization": "ApiKey #{::Warrant.config.api_key}"
294
- }
295
- http.delete(uri.path, headers)
296
- end
297
-
298
- def get(uri, params = {})
299
- http = Net::HTTP.new(uri.host, uri.port)
300
- http.use_ssl = true
301
- headers = {
302
- "Authorization": "ApiKey #{::Warrant.config.api_key}"
303
- }
304
- http.get(uri, headers)
305
- end
306
- end
307
- end
308
- end