warrant 2.1.0 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/warrant/models/feature.rb +11 -54
- data/lib/warrant/models/permission.rb +8 -36
- data/lib/warrant/models/pricing_tier.rb +8 -36
- data/lib/warrant/models/role.rb +5 -18
- data/lib/warrant/models/session.rb +1 -0
- data/lib/warrant/models/tenant.rb +2 -0
- data/lib/warrant/models/user.rb +4 -18
- data/lib/warrant/models/warrant.rb +62 -24
- data/lib/warrant/version.rb +1 -1
- data/lib/warrant/warrant_query.rb +67 -0
- data/lib/warrant.rb +1 -0
- metadata +7 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8782e5ba0cc2c866761a7c4d906eebe324202b9ea12a14f50b0f250c62483c20
|
4
|
+
data.tar.gz: cfe03ef0070f0e60d8c88f1a8e636c93eb7265d5a367e6f1d99cb787a2e0aff3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7e7a48c244de2fa3a9e402682c3775f84e429e1330404dc1b06281dd5c689379cb974e47c6fc0fc0b8175d52edbaea34e893946c3bcbec029d7d579201e05ffc
|
7
|
+
data.tar.gz: 966d6a67910a9d001f26a592fc226813b9d82acd61b2cb684c84fff8adc9e1b63e50970c366c217022f5bf5a57316d977f1d0736930c038a9af79171f99dd2f1
|
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Feature
|
5
|
+
OBJECT_TYPE = "feature"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :feature_id
|
@@ -134,7 +136,7 @@ module Warrant
|
|
134
136
|
# @param tenant_id [String] The tenant_id of the tenant you want to assign a feature to.
|
135
137
|
# @param feature_id [String] The feature_id of the feature you want to assign to a tenant.
|
136
138
|
#
|
137
|
-
# @return [
|
139
|
+
# @return [Warrant] warrant assigning feature to tenant
|
138
140
|
#
|
139
141
|
# @raise [Warrant::DuplicateRecordError]
|
140
142
|
# @raise [Warrant::InternalError]
|
@@ -142,15 +144,7 @@ module Warrant
|
|
142
144
|
# @raise [Warrant::NotFoundError]
|
143
145
|
# @raise [Warrant::UnauthorizedError]
|
144
146
|
def self.assign_to_tenant(tenant_id, feature_id)
|
145
|
-
|
146
|
-
|
147
|
-
case res
|
148
|
-
when Net::HTTPSuccess
|
149
|
-
feature = JSON.parse(res.body)
|
150
|
-
Feature.new(feature['featureId'])
|
151
|
-
else
|
152
|
-
APIOperations.raise_error(res)
|
153
|
-
end
|
147
|
+
Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
154
148
|
end
|
155
149
|
|
156
150
|
# Remove a feature from a tenant
|
@@ -166,14 +160,7 @@ module Warrant
|
|
166
160
|
# @raise [Warrant::UnauthorizedError]
|
167
161
|
# @raise [Warrant::WarrantError]
|
168
162
|
def self.remove_from_tenant(tenant_id, feature_id)
|
169
|
-
|
170
|
-
|
171
|
-
case res
|
172
|
-
when Net::HTTPSuccess
|
173
|
-
return
|
174
|
-
else
|
175
|
-
APIOperations.raise_error(res)
|
176
|
-
end
|
163
|
+
Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
177
164
|
end
|
178
165
|
|
179
166
|
# List features for user
|
@@ -204,7 +191,7 @@ module Warrant
|
|
204
191
|
# @param user_id [String] The user_id of the user you want to assign a feature to.
|
205
192
|
# @param feature_id [String] The feature_id of the feature you want to assign to a user.
|
206
193
|
#
|
207
|
-
# @return [
|
194
|
+
# @return [Warrant] warrant assigning feature to user
|
208
195
|
#
|
209
196
|
# @raise [Warrant::DuplicateRecordError]
|
210
197
|
# @raise [Warrant::InternalError]
|
@@ -212,15 +199,7 @@ module Warrant
|
|
212
199
|
# @raise [Warrant::NotFoundError]
|
213
200
|
# @raise [Warrant::UnauthorizedError]
|
214
201
|
def self.assign_to_user(user_id, feature_id)
|
215
|
-
|
216
|
-
|
217
|
-
case res
|
218
|
-
when Net::HTTPSuccess
|
219
|
-
feature = JSON.parse(res.body)
|
220
|
-
Feature.new(feature['featureId'])
|
221
|
-
else
|
222
|
-
APIOperations.raise_error(res)
|
223
|
-
end
|
202
|
+
Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
224
203
|
end
|
225
204
|
|
226
205
|
# Remove a feature from a user
|
@@ -236,14 +215,7 @@ module Warrant
|
|
236
215
|
# @raise [Warrant::UnauthorizedError]
|
237
216
|
# @raise [Warrant::WarrantError]
|
238
217
|
def self.remove_from_user(user_id, feature_id)
|
239
|
-
|
240
|
-
|
241
|
-
case res
|
242
|
-
when Net::HTTPSuccess
|
243
|
-
return
|
244
|
-
else
|
245
|
-
APIOperations.raise_error(res)
|
246
|
-
end
|
218
|
+
Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
247
219
|
end
|
248
220
|
|
249
221
|
# List features for pricing tier
|
@@ -274,7 +246,7 @@ module Warrant
|
|
274
246
|
# @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign a feature to.
|
275
247
|
# @param feature_id [String] The feature_id of the feature you want to assign to a pricing tier.
|
276
248
|
#
|
277
|
-
# @return [
|
249
|
+
# @return [Warrant] warrant assigning feature to pricing tier
|
278
250
|
#
|
279
251
|
# @raise [Warrant::DuplicateRecordError]
|
280
252
|
# @raise [Warrant::InternalError]
|
@@ -282,15 +254,7 @@ module Warrant
|
|
282
254
|
# @raise [Warrant::NotFoundError]
|
283
255
|
# @raise [Warrant::UnauthorizedError]
|
284
256
|
def self.assign_to_pricing_tier(pricing_tier_id, feature_id)
|
285
|
-
|
286
|
-
|
287
|
-
case res
|
288
|
-
when Net::HTTPSuccess
|
289
|
-
feature = JSON.parse(res.body)
|
290
|
-
Feature.new(feature['featureId'])
|
291
|
-
else
|
292
|
-
APIOperations.raise_error(res)
|
293
|
-
end
|
257
|
+
Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id })
|
294
258
|
end
|
295
259
|
|
296
260
|
# Remove a feature from a pricing tier
|
@@ -306,14 +270,7 @@ module Warrant
|
|
306
270
|
# @raise [Warrant::UnauthorizedError]
|
307
271
|
# @raise [Warrant::WarrantError]
|
308
272
|
def self.remove_from_pricing_tier(pricing_tier_id, feature_id)
|
309
|
-
|
310
|
-
|
311
|
-
case res
|
312
|
-
when Net::HTTPSuccess
|
313
|
-
return
|
314
|
-
else
|
315
|
-
APIOperations.raise_error(res)
|
316
|
-
end
|
273
|
+
Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id })
|
317
274
|
end
|
318
275
|
|
319
276
|
def warrant_object_type
|
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Permission
|
5
|
+
OBJECT_TYPE = "permission"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :permission_id, :name, :description
|
@@ -186,7 +188,7 @@ module Warrant
|
|
186
188
|
# @param role_id [String] The role_id of the role you want to assign a permission to.
|
187
189
|
# @param permission_id [String] The permission_id of the permission you want to assign to a role.
|
188
190
|
#
|
189
|
-
# @return [
|
191
|
+
# @return [Warrant] warrant assigning permission to role
|
190
192
|
#
|
191
193
|
# @raise [Warrant::DuplicateRecordError]
|
192
194
|
# @raise [Warrant::InternalError]
|
@@ -195,15 +197,7 @@ module Warrant
|
|
195
197
|
# @raise [Warrant::NotFoundError]
|
196
198
|
# @raise [Warrant::UnauthorizedError]
|
197
199
|
def self.assign_to_role(role_id, permission_id)
|
198
|
-
|
199
|
-
|
200
|
-
case res
|
201
|
-
when Net::HTTPSuccess
|
202
|
-
permission = JSON.parse(res.body)
|
203
|
-
Permission.new(permission['permissionId'], permission['name'], permission['description'])
|
204
|
-
else
|
205
|
-
APIOperations.raise_error(res)
|
206
|
-
end
|
200
|
+
Warrant.create({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: Role::OBJECT_TYPE, object_id: role_id })
|
207
201
|
end
|
208
202
|
|
209
203
|
# Remove a permission from a role
|
@@ -219,14 +213,7 @@ module Warrant
|
|
219
213
|
# @raise [Warrant::UnauthorizedError]
|
220
214
|
# @raise [Warrant::WarrantError]
|
221
215
|
def self.remove_from_role(role_id, permission_id)
|
222
|
-
|
223
|
-
|
224
|
-
case res
|
225
|
-
when Net::HTTPSuccess
|
226
|
-
return
|
227
|
-
else
|
228
|
-
APIOperations.raise_error(res)
|
229
|
-
end
|
216
|
+
Warrant.delete({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: Role::OBJECT_TYPE, object_id: role_id })
|
230
217
|
end
|
231
218
|
|
232
219
|
# List permissions for a user
|
@@ -257,7 +244,7 @@ module Warrant
|
|
257
244
|
# @param user_id [String] The user_id of the user you want to assign a permission to.
|
258
245
|
# @param permission_id [String] The permission_id of the permission you want to assign to a user.
|
259
246
|
#
|
260
|
-
# @return [
|
247
|
+
# @return [Warrant] warrant assigning permission to user
|
261
248
|
#
|
262
249
|
# @raise [Warrant::DuplicateRecordError]
|
263
250
|
# @raise [Warrant::InternalError]
|
@@ -266,15 +253,7 @@ module Warrant
|
|
266
253
|
# @raise [Warrant::NotFoundError]
|
267
254
|
# @raise [Warrant::UnauthorizedError]
|
268
255
|
def self.assign_to_user(user_id, permission_id)
|
269
|
-
|
270
|
-
|
271
|
-
case res
|
272
|
-
when Net::HTTPSuccess
|
273
|
-
permission = JSON.parse(res.body)
|
274
|
-
Permission.new(permission['permissionId'], permission['name'], permission['description'])
|
275
|
-
else
|
276
|
-
APIOperations.raise_error(res)
|
277
|
-
end
|
256
|
+
Warrant.create({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
278
257
|
end
|
279
258
|
|
280
259
|
# Remove a permission from a user
|
@@ -290,14 +269,7 @@ module Warrant
|
|
290
269
|
# @raise [Warrant::UnauthorizedError]
|
291
270
|
# @raise [Warrant::WarrantError]
|
292
271
|
def self.remove_from_user(user_id, permission_id)
|
293
|
-
|
294
|
-
|
295
|
-
case res
|
296
|
-
when Net::HTTPSuccess
|
297
|
-
return
|
298
|
-
else
|
299
|
-
APIOperations.raise_error(res)
|
300
|
-
end
|
272
|
+
Warrant.delete({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
301
273
|
end
|
302
274
|
|
303
275
|
def warrant_object_type
|
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class PricingTier
|
5
|
+
OBJECT_TYPE = "pricing-tier"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :pricing_tier_id
|
@@ -135,7 +137,7 @@ module Warrant
|
|
135
137
|
# @param tenant_id [String] The tenant_id of the tenant you want to assign a pricing tier to.
|
136
138
|
# @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign to a tenant.
|
137
139
|
#
|
138
|
-
# @return [
|
140
|
+
# @return [Warrant] warrant assigning pricing tier to tenant
|
139
141
|
#
|
140
142
|
# @raise [Warrant::DuplicateRecordError]
|
141
143
|
# @raise [Warrant::InternalError]
|
@@ -143,15 +145,7 @@ module Warrant
|
|
143
145
|
# @raise [Warrant::NotFoundError]
|
144
146
|
# @raise [Warrant::UnauthorizedError]
|
145
147
|
def self.assign_to_tenant(tenant_id, pricing_tier_id)
|
146
|
-
|
147
|
-
|
148
|
-
case res
|
149
|
-
when Net::HTTPSuccess
|
150
|
-
pricing_tier = JSON.parse(res.body)
|
151
|
-
PricingTier.new(pricing_tier['pricingTierId'])
|
152
|
-
else
|
153
|
-
APIOperations.raise_error(res)
|
154
|
-
end
|
148
|
+
Warrant.create({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
155
149
|
end
|
156
150
|
|
157
151
|
# Remove a pricing tier from a tenant
|
@@ -167,14 +161,7 @@ module Warrant
|
|
167
161
|
# @raise [Warrant::UnauthorizedError]
|
168
162
|
# @raise [Warrant::WarrantError]
|
169
163
|
def self.remove_from_tenant(tenant_id, pricing_tier_id)
|
170
|
-
|
171
|
-
|
172
|
-
case res
|
173
|
-
when Net::HTTPSuccess
|
174
|
-
return
|
175
|
-
else
|
176
|
-
APIOperations.raise_error(res)
|
177
|
-
end
|
164
|
+
Warrant.delete({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
178
165
|
end
|
179
166
|
|
180
167
|
# List pricing tiers for user
|
@@ -205,7 +192,7 @@ module Warrant
|
|
205
192
|
# @param user_id [String] The user_id of the user you want to assign a pricing tier to.
|
206
193
|
# @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign to a user.
|
207
194
|
#
|
208
|
-
# @return [
|
195
|
+
# @return [Warrant] warrant assigning pricing tier to user
|
209
196
|
#
|
210
197
|
# @raise [Warrant::DuplicateRecordError]
|
211
198
|
# @raise [Warrant::InternalError]
|
@@ -213,15 +200,7 @@ module Warrant
|
|
213
200
|
# @raise [Warrant::NotFoundError]
|
214
201
|
# @raise [Warrant::UnauthorizedError]
|
215
202
|
def self.assign_to_user(user_id, pricing_tier_id)
|
216
|
-
|
217
|
-
|
218
|
-
case res
|
219
|
-
when Net::HTTPSuccess
|
220
|
-
pricing_tier = JSON.parse(res.body)
|
221
|
-
PricingTier.new(pricing_tier['pricingTierId'])
|
222
|
-
else
|
223
|
-
APIOperations.raise_error(res)
|
224
|
-
end
|
203
|
+
Warrant.create({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
225
204
|
end
|
226
205
|
|
227
206
|
# Remove a pricing tier from a user
|
@@ -237,14 +216,7 @@ module Warrant
|
|
237
216
|
# @raise [Warrant::UnauthorizedError]
|
238
217
|
# @raise [Warrant::WarrantError]
|
239
218
|
def self.remove_from_user(user_id, pricing_tier_id)
|
240
|
-
|
241
|
-
|
242
|
-
case res
|
243
|
-
when Net::HTTPSuccess
|
244
|
-
return
|
245
|
-
else
|
246
|
-
APIOperations.raise_error(res)
|
247
|
-
end
|
219
|
+
Warrant.delete({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
248
220
|
end
|
249
221
|
|
250
222
|
# List features for a pricing tier
|
data/lib/warrant/models/role.rb
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Role
|
5
|
+
OBJECT_TYPE = "role"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :role_id, :name, :description
|
@@ -186,7 +188,7 @@ module Warrant
|
|
186
188
|
# @param user_id [String] The user_id of the user you want to assign a role to.
|
187
189
|
# @param role_id [String] The role_id of the role you want to assign to a user.
|
188
190
|
#
|
189
|
-
# @return [
|
191
|
+
# @return [Warrant] warrant assigning role to user
|
190
192
|
#
|
191
193
|
# @raise [Warrant::DuplicateRecordError]
|
192
194
|
# @raise [Warrant::InternalError]
|
@@ -195,15 +197,7 @@ module Warrant
|
|
195
197
|
# @raise [Warrant::NotFoundError]
|
196
198
|
# @raise [Warrant::UnauthorizedError]
|
197
199
|
def self.assign_to_user(user_id, role_id)
|
198
|
-
|
199
|
-
|
200
|
-
case res
|
201
|
-
when Net::HTTPSuccess
|
202
|
-
role = JSON.parse(res.body)
|
203
|
-
Role.new(role['roleId'], role['name'], role['description'])
|
204
|
-
else
|
205
|
-
APIOperations.raise_error(res)
|
206
|
-
end
|
200
|
+
Warrant.create({ object_type: Role::OBJECT_TYPE, object_id: role_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
207
201
|
end
|
208
202
|
|
209
203
|
# Remove a role from a user
|
@@ -220,14 +214,7 @@ module Warrant
|
|
220
214
|
# @raise [Warrant::UnauthorizedError]
|
221
215
|
# @raise [Warrant::WarrantError]
|
222
216
|
def self.remove_from_user(user_id, role_id)
|
223
|
-
|
224
|
-
|
225
|
-
case res
|
226
|
-
when Net::HTTPSuccess
|
227
|
-
return
|
228
|
-
else
|
229
|
-
APIOperations.raise_error(res)
|
230
|
-
end
|
217
|
+
Warrant.delete({ object_type: Role::OBJECT_TYPE, object_id: role_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
231
218
|
end
|
232
219
|
|
233
220
|
# List assigned permissions for the role
|
@@ -33,6 +33,7 @@ module Warrant
|
|
33
33
|
# @param redirect_url [String] URL to redirect to once self-service session is created
|
34
34
|
# @option params [String] :user_id Id of the user to create a session for.
|
35
35
|
# @option params [String] :tenant_id Id of the tenant to create a session for
|
36
|
+
# @option params [String] :self_service_strategy Determines whether a self-service token can be used for managing user roles and permissions (`rbac`) or managing fine-grained user access to a particular object (`fgac`)
|
36
37
|
# @option params [Integer] :ttl Number of seconds a session should live for. By default session tokens live for 24 hours and self service tokens live for 30 minutes.
|
37
38
|
#
|
38
39
|
# @return [String] URL to the self service dashboard
|
data/lib/warrant/models/user.rb
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class User
|
5
|
+
OBJECT_TYPE = "user"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :user_id, :email, :created_at
|
@@ -358,16 +360,7 @@ module Warrant
|
|
358
360
|
# @raise [Warrant::NotFoundError]
|
359
361
|
# @raise [Warrant::UnauthorizedError]
|
360
362
|
def self.assign_to_tenant(tenant_id, user_id)
|
361
|
-
|
362
|
-
|
363
|
-
case res
|
364
|
-
when Net::HTTPSuccess
|
365
|
-
res_json = JSON.parse(res.body)
|
366
|
-
subject = Subject.new(res_json['subject']['objectType'], res_json['subject']['objectId'], res_json['subject']['relation'])
|
367
|
-
Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject)
|
368
|
-
else
|
369
|
-
APIOperations.raise_error(res)
|
370
|
-
end
|
363
|
+
Warrant.create({ object_type: Tenant::OBJECT_TYPE, object_id: tenant_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
371
364
|
end
|
372
365
|
|
373
366
|
# Remove a user from a tenant
|
@@ -382,14 +375,7 @@ module Warrant
|
|
382
375
|
# @raise [Warrant::UnauthorizedError]
|
383
376
|
# @raise [Warrant::WarrantError]
|
384
377
|
def self.remove_from_tenant(tenant_id, user_id)
|
385
|
-
|
386
|
-
|
387
|
-
case res
|
388
|
-
when Net::HTTPSuccess
|
389
|
-
return
|
390
|
-
else
|
391
|
-
APIOperations.raise_error(res)
|
392
|
-
end
|
378
|
+
Warrant.delete({ object_type: Tenant::OBJECT_TYPE, object_id: tenant_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
393
379
|
end
|
394
380
|
|
395
381
|
# List all tenants for a user
|
@@ -16,9 +16,9 @@ module Warrant
|
|
16
16
|
|
17
17
|
# Create a new warrant that associates an object (object_type and object_id) to a subject via a relation.
|
18
18
|
#
|
19
|
-
# @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
19
|
+
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
20
20
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
21
|
-
# @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
21
|
+
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
22
22
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be created for. (optional)
|
23
23
|
#
|
24
24
|
# @return [Warrant] created warrant
|
@@ -32,12 +32,12 @@ module Warrant
|
|
32
32
|
# @raise [Warrant::WarrantError]
|
33
33
|
def self.create(object, relation, subject, context = nil)
|
34
34
|
params = {
|
35
|
-
object_type: object.warrant_object_type.to_s,
|
36
|
-
object_id: object.warrant_object_id.to_s,
|
35
|
+
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
36
|
+
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
37
37
|
relation: relation,
|
38
38
|
subject: {
|
39
|
-
object_type: subject.warrant_object_type.to_s,
|
40
|
-
object_id: subject.warrant_object_id.to_s
|
39
|
+
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
40
|
+
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
41
41
|
},
|
42
42
|
context: context
|
43
43
|
}
|
@@ -55,9 +55,9 @@ module Warrant
|
|
55
55
|
|
56
56
|
# Deletes a warrant specified by the combination of object_type, object_id, relation, and subject.
|
57
57
|
#
|
58
|
-
# @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
58
|
+
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
59
59
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
60
|
-
# @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
60
|
+
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
61
61
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be deleted in. (optional)
|
62
62
|
#
|
63
63
|
# @return [nil] if delete was successful
|
@@ -69,12 +69,12 @@ module Warrant
|
|
69
69
|
# @raise [Warrant::WarrantError]
|
70
70
|
def self.delete(object, relation, subject, context = nil)
|
71
71
|
params = {
|
72
|
-
object_type: object.warrant_object_type.to_s,
|
73
|
-
object_id: object.warrant_object_id.to_s,
|
72
|
+
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
73
|
+
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
74
74
|
relation: relation,
|
75
75
|
subject: {
|
76
|
-
object_type: subject.warrant_object_type.to_s,
|
77
|
-
object_id: subject.warrant_object_id.to_s
|
76
|
+
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
77
|
+
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
78
78
|
},
|
79
79
|
context: context
|
80
80
|
}
|
@@ -88,29 +88,67 @@ module Warrant
|
|
88
88
|
end
|
89
89
|
end
|
90
90
|
|
91
|
-
# Query to find all warrants for a given subject.
|
91
|
+
# Query to find all warrants for a given object or subject.
|
92
92
|
#
|
93
|
-
# @
|
94
|
-
# @option
|
95
|
-
# @option
|
93
|
+
# @param warrant_query [WarrantQuery] Query to run for a set of warrants.
|
94
|
+
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
95
|
+
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
96
96
|
#
|
97
|
-
# @return [
|
97
|
+
# @return [Hash] Query result with `result` listing warrants returned and `meta` with metadata for the selected object types.
|
98
98
|
#
|
99
99
|
# @raise [Warrant::InternalError]
|
100
100
|
# @raise [Warrant::InvalidParameterError]
|
101
101
|
# @raise [Warrant::MissingRequiredParameterError]
|
102
102
|
# @raise [Warrant::UnauthorizedError]
|
103
103
|
# @raise [Warrant::WarrantError]
|
104
|
-
def self.query(
|
105
|
-
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/query"),
|
104
|
+
def self.query(warrant_query = WarrantQuery.new, filters = {})
|
105
|
+
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v1/query"), { "q": warrant_query.to_query_param, **filters })
|
106
106
|
|
107
107
|
case res
|
108
108
|
when Net::HTTPSuccess
|
109
|
-
|
110
|
-
|
109
|
+
query_result = JSON.parse(res.body)
|
110
|
+
query_result['result'] = query_result['result'].map{ |warrant|
|
111
111
|
subject = Subject.new(warrant['subject']['objectType'], warrant['subject']['objectId'], warrant['subject']['relation'])
|
112
112
|
Warrant.new(warrant['objectType'], warrant['objectId'], warrant['relation'], subject, warrant['context'], warrant['isImplicit'])
|
113
113
|
}
|
114
|
+
|
115
|
+
if query_result['meta']['feature']
|
116
|
+
query_result['meta']['feature'].each{ |featureId, feature|
|
117
|
+
query_result['meta']['feature'][featureId] = Feature.new(feature['featureId'])
|
118
|
+
}
|
119
|
+
end
|
120
|
+
|
121
|
+
if query_result['meta']['pricing-tier']
|
122
|
+
query_result['meta']['pricing-tier'].each{ |pricingTierId, pricingTier|
|
123
|
+
query_result['meta']['pricing-tier'][pricingTierId] = PricingTier.new(pricingTier['pricingTierId'])
|
124
|
+
}
|
125
|
+
end
|
126
|
+
|
127
|
+
if query_result['meta']['permission']
|
128
|
+
query_result['meta']['permission'].each{ |permissionId, permission|
|
129
|
+
query_result['meta']['permission'][permissionId] = Permission.new(permission['permissionId'], permission['name'], permission['description'])
|
130
|
+
}
|
131
|
+
end
|
132
|
+
|
133
|
+
if query_result['meta']['role']
|
134
|
+
query_result['meta']['role'].each{ |roleId, role|
|
135
|
+
query_result['meta']['role'][roleId] = Role.new(role['roleId'], role['name'], role['description'])
|
136
|
+
}
|
137
|
+
end
|
138
|
+
|
139
|
+
if query_result['meta']['user']
|
140
|
+
query_result['meta']['user'].each{ |userId, user|
|
141
|
+
query_result['meta']['user'][userId] = User.new(user['userId'], user['email'], user['createdAt'])
|
142
|
+
}
|
143
|
+
end
|
144
|
+
|
145
|
+
if query_result['meta']['tenant']
|
146
|
+
query_result['meta']['tenant'].each{ |tenantId, tenant|
|
147
|
+
query_result['meta']['tenant'][tenantId] = Tenant.new(tenant['tenantId'], tenant['name'], tenant['createdAt'])
|
148
|
+
}
|
149
|
+
end
|
150
|
+
|
151
|
+
query_result
|
114
152
|
else
|
115
153
|
APIOperations.raise_error(res)
|
116
154
|
end
|
@@ -306,11 +344,11 @@ module Warrant
|
|
306
344
|
def self.user_has_permission?(params = {})
|
307
345
|
return is_authorized?(
|
308
346
|
warrants: [{
|
309
|
-
object_type:
|
347
|
+
object_type: Permission::OBJECT_TYPE,
|
310
348
|
object_id: params[:permission_id],
|
311
349
|
relation: "member",
|
312
350
|
subject: {
|
313
|
-
object_type:
|
351
|
+
object_type: User::OBJECT_TYPE,
|
314
352
|
object_id: params[:user_id]
|
315
353
|
},
|
316
354
|
context: params[:context]
|
@@ -339,7 +377,7 @@ module Warrant
|
|
339
377
|
def self.has_feature?(params = {})
|
340
378
|
return is_authorized?(
|
341
379
|
warrants: [{
|
342
|
-
object_type:
|
380
|
+
object_type: Feature::OBJECT_TYPE,
|
343
381
|
object_id: params[:feature_id],
|
344
382
|
relation: "member",
|
345
383
|
subject: {
|
data/lib/warrant/version.rb
CHANGED
@@ -0,0 +1,67 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Warrant
|
4
|
+
class WarrantQuery
|
5
|
+
attr_accessor :select_clause, :for_clause, :where_clause
|
6
|
+
|
7
|
+
def initialize
|
8
|
+
@select_clause = []
|
9
|
+
@for_clause = {}
|
10
|
+
@where_clause = {}
|
11
|
+
end
|
12
|
+
|
13
|
+
def select(*object_types)
|
14
|
+
@select_clause = object_types
|
15
|
+
self
|
16
|
+
end
|
17
|
+
|
18
|
+
def select_explicit(*object_types)
|
19
|
+
@select_clause = "explicit #{object_types}"
|
20
|
+
self
|
21
|
+
end
|
22
|
+
|
23
|
+
def for(for_filters)
|
24
|
+
@for_clause = @for_clause.merge(for_filters)
|
25
|
+
self
|
26
|
+
end
|
27
|
+
|
28
|
+
def where(where_filters)
|
29
|
+
@where_clause = @where_clause.merge(where_filters)
|
30
|
+
self
|
31
|
+
end
|
32
|
+
|
33
|
+
def to_query_param
|
34
|
+
if @select_clause.length == 0 || @for_clause.empty?
|
35
|
+
raise "Must have a select and for clause"
|
36
|
+
end
|
37
|
+
|
38
|
+
query = "SELECT #{@select_clause.join(",")} FOR #{filters_hash_to_string(@for_clause)}"
|
39
|
+
query += " WHERE #{filters_hash_to_string(@where_clause)}" unless @where_clause.empty?
|
40
|
+
|
41
|
+
query
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def filters_hash_to_string(filters)
|
47
|
+
filter_string = ""
|
48
|
+
|
49
|
+
if filters[:object]
|
50
|
+
filter_string += "object=#{filters[:object]}"
|
51
|
+
elsif filters[:subject]
|
52
|
+
filter_string += "subject=#{filters[:subject]}"
|
53
|
+
end
|
54
|
+
|
55
|
+
if filters[:context]
|
56
|
+
context_values = []
|
57
|
+
filters[:context].each{ |k, v|
|
58
|
+
context_values.push("#{k}=#{v}")
|
59
|
+
}
|
60
|
+
|
61
|
+
filter_string += " AND context=[#{context_values.join(" ")}]"
|
62
|
+
end
|
63
|
+
|
64
|
+
filter_string
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
data/lib/warrant.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warrant
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Warrant
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-03-15 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Ruby library for the Warrant API at https://warrant.dev.
|
14
14
|
email: hello@warrant.dev
|
@@ -41,6 +41,7 @@ files:
|
|
41
41
|
- lib/warrant/version.rb
|
42
42
|
- lib/warrant/warrant_configuration.rb
|
43
43
|
- lib/warrant/warrant_object.rb
|
44
|
+
- lib/warrant/warrant_query.rb
|
44
45
|
homepage: https://github.com/warrant-dev/warrant-ruby
|
45
46
|
licenses:
|
46
47
|
- MIT
|
@@ -49,7 +50,7 @@ metadata:
|
|
49
50
|
source_code_uri: https://github.com/warrant-dev/warrant-ruby
|
50
51
|
changelog_uri: https://github.com/warrant-dev/warrant-ruby/CHANGELOG.md
|
51
52
|
documentation_uri: https://docs.warrant.dev/
|
52
|
-
post_install_message:
|
53
|
+
post_install_message:
|
53
54
|
rdoc_options: []
|
54
55
|
require_paths:
|
55
56
|
- lib
|
@@ -64,8 +65,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
64
65
|
- !ruby/object:Gem::Version
|
65
66
|
version: '0'
|
66
67
|
requirements: []
|
67
|
-
rubygems_version: 3.2.
|
68
|
-
signing_key:
|
68
|
+
rubygems_version: 3.2.32
|
69
|
+
signing_key:
|
69
70
|
specification_version: 4
|
70
71
|
summary: Warrant Ruby Library
|
71
72
|
test_files: []
|