warrant 2.2.0 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +25 -2
- data/lib/warrant/api_operations.rb +9 -9
- data/lib/warrant/models/feature.rb +11 -54
- data/lib/warrant/models/permission.rb +8 -36
- data/lib/warrant/models/pricing_tier.rb +8 -36
- data/lib/warrant/models/role.rb +5 -18
- data/lib/warrant/models/session.rb +1 -0
- data/lib/warrant/models/tenant.rb +2 -0
- data/lib/warrant/models/user.rb +4 -18
- data/lib/warrant/models/warrant.rb +16 -16
- data/lib/warrant/version.rb +1 -1
- data/lib/warrant/warrant_configuration.rb +3 -1
- data/lib/warrant.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: eedc398b4f1277eabdabf8252acde068e1a1398f0b3752d217793ec1d22570b3
|
4
|
+
data.tar.gz: 035f98bda116c4177ead75b9895a86582b2b37fd7d04b1b2175e68f73c0adff5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b5d81834bffb0ac19ed371259e6b321ca23aa42a8ab0dd1bcf8c720fec168910ed8dcfe620942d17d4d399834593856080dbe802f786d273466db347089b10b4
|
7
|
+
data.tar.gz: 717cce9e98093c01c7412323894e7eb9f87742ae412eac1564e8e91184a3cea327dbb76ee7d5131196389c8df7e6b5a112ed24a6ccbd270f75a0277f2356b651
|
data/README.md
CHANGED
@@ -44,13 +44,36 @@ You can also build the gem from source:
|
|
44
44
|
require 'warrant'
|
45
45
|
Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
|
46
46
|
|
47
|
-
#
|
47
|
+
# Create a user
|
48
48
|
Warrant::User.create(user_id: "user123")
|
49
49
|
|
50
|
-
#
|
50
|
+
# Check whether user slp951 has view access to report 7asm24
|
51
51
|
Warrant::Warrant.is_authorized?(object_type: "report", object_id: "7asm24", relation: "viewer", subject: { object_id: "user", object_id: "slp951" })
|
52
52
|
```
|
53
53
|
|
54
|
+
## Configuring the API and Authorize Endpoints
|
55
|
+
---
|
56
|
+
The API and Authorize endpoints the SDK makes requests to is configurable via the `Warrant.api_base` and `Warrant.authorize_endpoint` attributes:
|
57
|
+
|
58
|
+
```ruby
|
59
|
+
require 'warrant'
|
60
|
+
|
61
|
+
# Set api and authorize endpoints to http://localhost:8000
|
62
|
+
Warrant.api_base = 'http://localhost:8000'
|
63
|
+
Warrant.authorize_endpoint = 'http://localhost:8000'
|
64
|
+
```
|
65
|
+
|
66
|
+
## Configuring SSL
|
67
|
+
---
|
68
|
+
By default, the SDK will attempt to use SSL when making requests to the API. This setting is configurable via the `Warrant.use_ssl` attribute:
|
69
|
+
|
70
|
+
```ruby
|
71
|
+
require 'warrant'
|
72
|
+
|
73
|
+
# Disable ssl
|
74
|
+
Warrant.use_ssl = false
|
75
|
+
```
|
76
|
+
|
54
77
|
|
55
78
|
We’ve used a random API key in these code examples. Replace it with your [actual publishable API keys](https://app.warrant.dev) to
|
56
79
|
test this code through your own Warrant account.
|
@@ -4,21 +4,21 @@ module Warrant
|
|
4
4
|
# @!visibility private
|
5
5
|
class APIOperations
|
6
6
|
class << self
|
7
|
-
def post(uri, params = {}
|
7
|
+
def post(uri, params = {})
|
8
8
|
http = Net::HTTP.new(uri.host, uri.port)
|
9
|
-
http.use_ssl = use_ssl
|
9
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
10
10
|
headers = {
|
11
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
12
11
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
13
12
|
}
|
13
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
14
14
|
http.post(uri.path, params.to_json, headers)
|
15
15
|
end
|
16
16
|
|
17
17
|
def delete(uri, params = {})
|
18
18
|
http = Net::HTTP.new(uri.host, uri.port)
|
19
|
-
http.use_ssl =
|
19
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
20
20
|
request = Net::HTTP::Delete.new(uri.path)
|
21
|
-
request["Authorization"] = "ApiKey #{::Warrant.config.api_key}"
|
21
|
+
request["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
22
22
|
request["User-Agent"] = "warrant-ruby/#{VERSION}"
|
23
23
|
|
24
24
|
http.request(request, params.to_json)
|
@@ -26,11 +26,11 @@ module Warrant
|
|
26
26
|
|
27
27
|
def get(uri, params = {})
|
28
28
|
http = Net::HTTP.new(uri.host, uri.port)
|
29
|
-
http.use_ssl =
|
29
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
30
30
|
headers = {
|
31
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
32
31
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
33
32
|
}
|
33
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
34
34
|
|
35
35
|
unless params.empty?
|
36
36
|
normalized_params = Util.normalize_params(params.compact)
|
@@ -42,11 +42,11 @@ module Warrant
|
|
42
42
|
|
43
43
|
def put(uri, params = {})
|
44
44
|
http = Net::HTTP.new(uri.host, uri.port)
|
45
|
-
http.use_ssl =
|
45
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
46
46
|
headers = {
|
47
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
48
47
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
49
48
|
}
|
49
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
50
50
|
http.put(uri.path, params.to_json, headers)
|
51
51
|
end
|
52
52
|
|
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Feature
|
5
|
+
OBJECT_TYPE = "feature"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :feature_id
|
@@ -134,7 +136,7 @@ module Warrant
|
|
134
136
|
# @param tenant_id [String] The tenant_id of the tenant you want to assign a feature to.
|
135
137
|
# @param feature_id [String] The feature_id of the feature you want to assign to a tenant.
|
136
138
|
#
|
137
|
-
# @return [
|
139
|
+
# @return [Warrant] warrant assigning feature to tenant
|
138
140
|
#
|
139
141
|
# @raise [Warrant::DuplicateRecordError]
|
140
142
|
# @raise [Warrant::InternalError]
|
@@ -142,15 +144,7 @@ module Warrant
|
|
142
144
|
# @raise [Warrant::NotFoundError]
|
143
145
|
# @raise [Warrant::UnauthorizedError]
|
144
146
|
def self.assign_to_tenant(tenant_id, feature_id)
|
145
|
-
|
146
|
-
|
147
|
-
case res
|
148
|
-
when Net::HTTPSuccess
|
149
|
-
feature = JSON.parse(res.body)
|
150
|
-
Feature.new(feature['featureId'])
|
151
|
-
else
|
152
|
-
APIOperations.raise_error(res)
|
153
|
-
end
|
147
|
+
Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
154
148
|
end
|
155
149
|
|
156
150
|
# Remove a feature from a tenant
|
@@ -166,14 +160,7 @@ module Warrant
|
|
166
160
|
# @raise [Warrant::UnauthorizedError]
|
167
161
|
# @raise [Warrant::WarrantError]
|
168
162
|
def self.remove_from_tenant(tenant_id, feature_id)
|
169
|
-
|
170
|
-
|
171
|
-
case res
|
172
|
-
when Net::HTTPSuccess
|
173
|
-
return
|
174
|
-
else
|
175
|
-
APIOperations.raise_error(res)
|
176
|
-
end
|
163
|
+
Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
177
164
|
end
|
178
165
|
|
179
166
|
# List features for user
|
@@ -204,7 +191,7 @@ module Warrant
|
|
204
191
|
# @param user_id [String] The user_id of the user you want to assign a feature to.
|
205
192
|
# @param feature_id [String] The feature_id of the feature you want to assign to a user.
|
206
193
|
#
|
207
|
-
# @return [
|
194
|
+
# @return [Warrant] warrant assigning feature to user
|
208
195
|
#
|
209
196
|
# @raise [Warrant::DuplicateRecordError]
|
210
197
|
# @raise [Warrant::InternalError]
|
@@ -212,15 +199,7 @@ module Warrant
|
|
212
199
|
# @raise [Warrant::NotFoundError]
|
213
200
|
# @raise [Warrant::UnauthorizedError]
|
214
201
|
def self.assign_to_user(user_id, feature_id)
|
215
|
-
|
216
|
-
|
217
|
-
case res
|
218
|
-
when Net::HTTPSuccess
|
219
|
-
feature = JSON.parse(res.body)
|
220
|
-
Feature.new(feature['featureId'])
|
221
|
-
else
|
222
|
-
APIOperations.raise_error(res)
|
223
|
-
end
|
202
|
+
Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
224
203
|
end
|
225
204
|
|
226
205
|
# Remove a feature from a user
|
@@ -236,14 +215,7 @@ module Warrant
|
|
236
215
|
# @raise [Warrant::UnauthorizedError]
|
237
216
|
# @raise [Warrant::WarrantError]
|
238
217
|
def self.remove_from_user(user_id, feature_id)
|
239
|
-
|
240
|
-
|
241
|
-
case res
|
242
|
-
when Net::HTTPSuccess
|
243
|
-
return
|
244
|
-
else
|
245
|
-
APIOperations.raise_error(res)
|
246
|
-
end
|
218
|
+
Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
247
219
|
end
|
248
220
|
|
249
221
|
# List features for pricing tier
|
@@ -274,7 +246,7 @@ module Warrant
|
|
274
246
|
# @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign a feature to.
|
275
247
|
# @param feature_id [String] The feature_id of the feature you want to assign to a pricing tier.
|
276
248
|
#
|
277
|
-
# @return [
|
249
|
+
# @return [Warrant] warrant assigning feature to pricing tier
|
278
250
|
#
|
279
251
|
# @raise [Warrant::DuplicateRecordError]
|
280
252
|
# @raise [Warrant::InternalError]
|
@@ -282,15 +254,7 @@ module Warrant
|
|
282
254
|
# @raise [Warrant::NotFoundError]
|
283
255
|
# @raise [Warrant::UnauthorizedError]
|
284
256
|
def self.assign_to_pricing_tier(pricing_tier_id, feature_id)
|
285
|
-
|
286
|
-
|
287
|
-
case res
|
288
|
-
when Net::HTTPSuccess
|
289
|
-
feature = JSON.parse(res.body)
|
290
|
-
Feature.new(feature['featureId'])
|
291
|
-
else
|
292
|
-
APIOperations.raise_error(res)
|
293
|
-
end
|
257
|
+
Warrant.create({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id })
|
294
258
|
end
|
295
259
|
|
296
260
|
# Remove a feature from a pricing tier
|
@@ -306,14 +270,7 @@ module Warrant
|
|
306
270
|
# @raise [Warrant::UnauthorizedError]
|
307
271
|
# @raise [Warrant::WarrantError]
|
308
272
|
def self.remove_from_pricing_tier(pricing_tier_id, feature_id)
|
309
|
-
|
310
|
-
|
311
|
-
case res
|
312
|
-
when Net::HTTPSuccess
|
313
|
-
return
|
314
|
-
else
|
315
|
-
APIOperations.raise_error(res)
|
316
|
-
end
|
273
|
+
Warrant.delete({ object_type: Feature::OBJECT_TYPE, object_id: feature_id }, "member", { object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id })
|
317
274
|
end
|
318
275
|
|
319
276
|
def warrant_object_type
|
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Permission
|
5
|
+
OBJECT_TYPE = "permission"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :permission_id, :name, :description
|
@@ -186,7 +188,7 @@ module Warrant
|
|
186
188
|
# @param role_id [String] The role_id of the role you want to assign a permission to.
|
187
189
|
# @param permission_id [String] The permission_id of the permission you want to assign to a role.
|
188
190
|
#
|
189
|
-
# @return [
|
191
|
+
# @return [Warrant] warrant assigning permission to role
|
190
192
|
#
|
191
193
|
# @raise [Warrant::DuplicateRecordError]
|
192
194
|
# @raise [Warrant::InternalError]
|
@@ -195,15 +197,7 @@ module Warrant
|
|
195
197
|
# @raise [Warrant::NotFoundError]
|
196
198
|
# @raise [Warrant::UnauthorizedError]
|
197
199
|
def self.assign_to_role(role_id, permission_id)
|
198
|
-
|
199
|
-
|
200
|
-
case res
|
201
|
-
when Net::HTTPSuccess
|
202
|
-
permission = JSON.parse(res.body)
|
203
|
-
Permission.new(permission['permissionId'], permission['name'], permission['description'])
|
204
|
-
else
|
205
|
-
APIOperations.raise_error(res)
|
206
|
-
end
|
200
|
+
Warrant.create({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: Role::OBJECT_TYPE, object_id: role_id })
|
207
201
|
end
|
208
202
|
|
209
203
|
# Remove a permission from a role
|
@@ -219,14 +213,7 @@ module Warrant
|
|
219
213
|
# @raise [Warrant::UnauthorizedError]
|
220
214
|
# @raise [Warrant::WarrantError]
|
221
215
|
def self.remove_from_role(role_id, permission_id)
|
222
|
-
|
223
|
-
|
224
|
-
case res
|
225
|
-
when Net::HTTPSuccess
|
226
|
-
return
|
227
|
-
else
|
228
|
-
APIOperations.raise_error(res)
|
229
|
-
end
|
216
|
+
Warrant.delete({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: Role::OBJECT_TYPE, object_id: role_id })
|
230
217
|
end
|
231
218
|
|
232
219
|
# List permissions for a user
|
@@ -257,7 +244,7 @@ module Warrant
|
|
257
244
|
# @param user_id [String] The user_id of the user you want to assign a permission to.
|
258
245
|
# @param permission_id [String] The permission_id of the permission you want to assign to a user.
|
259
246
|
#
|
260
|
-
# @return [
|
247
|
+
# @return [Warrant] warrant assigning permission to user
|
261
248
|
#
|
262
249
|
# @raise [Warrant::DuplicateRecordError]
|
263
250
|
# @raise [Warrant::InternalError]
|
@@ -266,15 +253,7 @@ module Warrant
|
|
266
253
|
# @raise [Warrant::NotFoundError]
|
267
254
|
# @raise [Warrant::UnauthorizedError]
|
268
255
|
def self.assign_to_user(user_id, permission_id)
|
269
|
-
|
270
|
-
|
271
|
-
case res
|
272
|
-
when Net::HTTPSuccess
|
273
|
-
permission = JSON.parse(res.body)
|
274
|
-
Permission.new(permission['permissionId'], permission['name'], permission['description'])
|
275
|
-
else
|
276
|
-
APIOperations.raise_error(res)
|
277
|
-
end
|
256
|
+
Warrant.create({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
278
257
|
end
|
279
258
|
|
280
259
|
# Remove a permission from a user
|
@@ -290,14 +269,7 @@ module Warrant
|
|
290
269
|
# @raise [Warrant::UnauthorizedError]
|
291
270
|
# @raise [Warrant::WarrantError]
|
292
271
|
def self.remove_from_user(user_id, permission_id)
|
293
|
-
|
294
|
-
|
295
|
-
case res
|
296
|
-
when Net::HTTPSuccess
|
297
|
-
return
|
298
|
-
else
|
299
|
-
APIOperations.raise_error(res)
|
300
|
-
end
|
272
|
+
Warrant.delete({ object_type: Permission::OBJECT_TYPE, object_id: permission_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
301
273
|
end
|
302
274
|
|
303
275
|
def warrant_object_type
|
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class PricingTier
|
5
|
+
OBJECT_TYPE = "pricing-tier"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :pricing_tier_id
|
@@ -135,7 +137,7 @@ module Warrant
|
|
135
137
|
# @param tenant_id [String] The tenant_id of the tenant you want to assign a pricing tier to.
|
136
138
|
# @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign to a tenant.
|
137
139
|
#
|
138
|
-
# @return [
|
140
|
+
# @return [Warrant] warrant assigning pricing tier to tenant
|
139
141
|
#
|
140
142
|
# @raise [Warrant::DuplicateRecordError]
|
141
143
|
# @raise [Warrant::InternalError]
|
@@ -143,15 +145,7 @@ module Warrant
|
|
143
145
|
# @raise [Warrant::NotFoundError]
|
144
146
|
# @raise [Warrant::UnauthorizedError]
|
145
147
|
def self.assign_to_tenant(tenant_id, pricing_tier_id)
|
146
|
-
|
147
|
-
|
148
|
-
case res
|
149
|
-
when Net::HTTPSuccess
|
150
|
-
pricing_tier = JSON.parse(res.body)
|
151
|
-
PricingTier.new(pricing_tier['pricingTierId'])
|
152
|
-
else
|
153
|
-
APIOperations.raise_error(res)
|
154
|
-
end
|
148
|
+
Warrant.create({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
155
149
|
end
|
156
150
|
|
157
151
|
# Remove a pricing tier from a tenant
|
@@ -167,14 +161,7 @@ module Warrant
|
|
167
161
|
# @raise [Warrant::UnauthorizedError]
|
168
162
|
# @raise [Warrant::WarrantError]
|
169
163
|
def self.remove_from_tenant(tenant_id, pricing_tier_id)
|
170
|
-
|
171
|
-
|
172
|
-
case res
|
173
|
-
when Net::HTTPSuccess
|
174
|
-
return
|
175
|
-
else
|
176
|
-
APIOperations.raise_error(res)
|
177
|
-
end
|
164
|
+
Warrant.delete({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: Tenant::OBJECT_TYPE, object_id: tenant_id })
|
178
165
|
end
|
179
166
|
|
180
167
|
# List pricing tiers for user
|
@@ -205,7 +192,7 @@ module Warrant
|
|
205
192
|
# @param user_id [String] The user_id of the user you want to assign a pricing tier to.
|
206
193
|
# @param pricing_tier_id [String] The pricing_tier_id of the pricing tier you want to assign to a user.
|
207
194
|
#
|
208
|
-
# @return [
|
195
|
+
# @return [Warrant] warrant assigning pricing tier to user
|
209
196
|
#
|
210
197
|
# @raise [Warrant::DuplicateRecordError]
|
211
198
|
# @raise [Warrant::InternalError]
|
@@ -213,15 +200,7 @@ module Warrant
|
|
213
200
|
# @raise [Warrant::NotFoundError]
|
214
201
|
# @raise [Warrant::UnauthorizedError]
|
215
202
|
def self.assign_to_user(user_id, pricing_tier_id)
|
216
|
-
|
217
|
-
|
218
|
-
case res
|
219
|
-
when Net::HTTPSuccess
|
220
|
-
pricing_tier = JSON.parse(res.body)
|
221
|
-
PricingTier.new(pricing_tier['pricingTierId'])
|
222
|
-
else
|
223
|
-
APIOperations.raise_error(res)
|
224
|
-
end
|
203
|
+
Warrant.create({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
225
204
|
end
|
226
205
|
|
227
206
|
# Remove a pricing tier from a user
|
@@ -237,14 +216,7 @@ module Warrant
|
|
237
216
|
# @raise [Warrant::UnauthorizedError]
|
238
217
|
# @raise [Warrant::WarrantError]
|
239
218
|
def self.remove_from_user(user_id, pricing_tier_id)
|
240
|
-
|
241
|
-
|
242
|
-
case res
|
243
|
-
when Net::HTTPSuccess
|
244
|
-
return
|
245
|
-
else
|
246
|
-
APIOperations.raise_error(res)
|
247
|
-
end
|
219
|
+
Warrant.delete({ object_type: PricingTier::OBJECT_TYPE, object_id: pricing_tier_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
248
220
|
end
|
249
221
|
|
250
222
|
# List features for a pricing tier
|
data/lib/warrant/models/role.rb
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Role
|
5
|
+
OBJECT_TYPE = "role"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :role_id, :name, :description
|
@@ -186,7 +188,7 @@ module Warrant
|
|
186
188
|
# @param user_id [String] The user_id of the user you want to assign a role to.
|
187
189
|
# @param role_id [String] The role_id of the role you want to assign to a user.
|
188
190
|
#
|
189
|
-
# @return [
|
191
|
+
# @return [Warrant] warrant assigning role to user
|
190
192
|
#
|
191
193
|
# @raise [Warrant::DuplicateRecordError]
|
192
194
|
# @raise [Warrant::InternalError]
|
@@ -195,15 +197,7 @@ module Warrant
|
|
195
197
|
# @raise [Warrant::NotFoundError]
|
196
198
|
# @raise [Warrant::UnauthorizedError]
|
197
199
|
def self.assign_to_user(user_id, role_id)
|
198
|
-
|
199
|
-
|
200
|
-
case res
|
201
|
-
when Net::HTTPSuccess
|
202
|
-
role = JSON.parse(res.body)
|
203
|
-
Role.new(role['roleId'], role['name'], role['description'])
|
204
|
-
else
|
205
|
-
APIOperations.raise_error(res)
|
206
|
-
end
|
200
|
+
Warrant.create({ object_type: Role::OBJECT_TYPE, object_id: role_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
207
201
|
end
|
208
202
|
|
209
203
|
# Remove a role from a user
|
@@ -220,14 +214,7 @@ module Warrant
|
|
220
214
|
# @raise [Warrant::UnauthorizedError]
|
221
215
|
# @raise [Warrant::WarrantError]
|
222
216
|
def self.remove_from_user(user_id, role_id)
|
223
|
-
|
224
|
-
|
225
|
-
case res
|
226
|
-
when Net::HTTPSuccess
|
227
|
-
return
|
228
|
-
else
|
229
|
-
APIOperations.raise_error(res)
|
230
|
-
end
|
217
|
+
Warrant.delete({ object_type: Role::OBJECT_TYPE, object_id: role_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
231
218
|
end
|
232
219
|
|
233
220
|
# List assigned permissions for the role
|
@@ -33,6 +33,7 @@ module Warrant
|
|
33
33
|
# @param redirect_url [String] URL to redirect to once self-service session is created
|
34
34
|
# @option params [String] :user_id Id of the user to create a session for.
|
35
35
|
# @option params [String] :tenant_id Id of the tenant to create a session for
|
36
|
+
# @option params [String] :self_service_strategy Determines whether a self-service token can be used for managing user roles and permissions (`rbac`) or managing fine-grained user access to a particular object (`fgac`)
|
36
37
|
# @option params [Integer] :ttl Number of seconds a session should live for. By default session tokens live for 24 hours and self service tokens live for 30 minutes.
|
37
38
|
#
|
38
39
|
# @return [String] URL to the self service dashboard
|
data/lib/warrant/models/user.rb
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class User
|
5
|
+
OBJECT_TYPE = "user"
|
6
|
+
|
5
7
|
include Warrant::WarrantObject
|
6
8
|
|
7
9
|
attr_reader :user_id, :email, :created_at
|
@@ -358,16 +360,7 @@ module Warrant
|
|
358
360
|
# @raise [Warrant::NotFoundError]
|
359
361
|
# @raise [Warrant::UnauthorizedError]
|
360
362
|
def self.assign_to_tenant(tenant_id, user_id)
|
361
|
-
|
362
|
-
|
363
|
-
case res
|
364
|
-
when Net::HTTPSuccess
|
365
|
-
res_json = JSON.parse(res.body)
|
366
|
-
subject = Subject.new(res_json['subject']['objectType'], res_json['subject']['objectId'], res_json['subject']['relation'])
|
367
|
-
Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject)
|
368
|
-
else
|
369
|
-
APIOperations.raise_error(res)
|
370
|
-
end
|
363
|
+
Warrant.create({ object_type: Tenant::OBJECT_TYPE, object_id: tenant_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
371
364
|
end
|
372
365
|
|
373
366
|
# Remove a user from a tenant
|
@@ -382,14 +375,7 @@ module Warrant
|
|
382
375
|
# @raise [Warrant::UnauthorizedError]
|
383
376
|
# @raise [Warrant::WarrantError]
|
384
377
|
def self.remove_from_tenant(tenant_id, user_id)
|
385
|
-
|
386
|
-
|
387
|
-
case res
|
388
|
-
when Net::HTTPSuccess
|
389
|
-
return
|
390
|
-
else
|
391
|
-
APIOperations.raise_error(res)
|
392
|
-
end
|
378
|
+
Warrant.delete({ object_type: Tenant::OBJECT_TYPE, object_id: tenant_id }, "member", { object_type: User::OBJECT_TYPE, object_id: user_id })
|
393
379
|
end
|
394
380
|
|
395
381
|
# List all tenants for a user
|
@@ -16,9 +16,9 @@ module Warrant
|
|
16
16
|
|
17
17
|
# Create a new warrant that associates an object (object_type and object_id) to a subject via a relation.
|
18
18
|
#
|
19
|
-
# @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
19
|
+
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
20
20
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
21
|
-
# @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
21
|
+
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
22
22
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be created for. (optional)
|
23
23
|
#
|
24
24
|
# @return [Warrant] created warrant
|
@@ -32,12 +32,12 @@ module Warrant
|
|
32
32
|
# @raise [Warrant::WarrantError]
|
33
33
|
def self.create(object, relation, subject, context = nil)
|
34
34
|
params = {
|
35
|
-
object_type: object.warrant_object_type.to_s,
|
36
|
-
object_id: object.warrant_object_id.to_s,
|
35
|
+
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
36
|
+
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
37
37
|
relation: relation,
|
38
38
|
subject: {
|
39
|
-
object_type: subject.warrant_object_type.to_s,
|
40
|
-
object_id: subject.warrant_object_id.to_s
|
39
|
+
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
40
|
+
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
41
41
|
},
|
42
42
|
context: context
|
43
43
|
}
|
@@ -55,9 +55,9 @@ module Warrant
|
|
55
55
|
|
56
56
|
# Deletes a warrant specified by the combination of object_type, object_id, relation, and subject.
|
57
57
|
#
|
58
|
-
# @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
58
|
+
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
59
59
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
60
|
-
# @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
60
|
+
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
61
61
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be deleted in. (optional)
|
62
62
|
#
|
63
63
|
# @return [nil] if delete was successful
|
@@ -69,12 +69,12 @@ module Warrant
|
|
69
69
|
# @raise [Warrant::WarrantError]
|
70
70
|
def self.delete(object, relation, subject, context = nil)
|
71
71
|
params = {
|
72
|
-
object_type: object.warrant_object_type.to_s,
|
73
|
-
object_id: object.warrant_object_id.to_s,
|
72
|
+
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
73
|
+
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
74
74
|
relation: relation,
|
75
75
|
subject: {
|
76
|
-
object_type: subject.warrant_object_type.to_s,
|
77
|
-
object_id: subject.warrant_object_id.to_s
|
76
|
+
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
77
|
+
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
78
78
|
},
|
79
79
|
context: context
|
80
80
|
}
|
@@ -344,11 +344,11 @@ module Warrant
|
|
344
344
|
def self.user_has_permission?(params = {})
|
345
345
|
return is_authorized?(
|
346
346
|
warrants: [{
|
347
|
-
object_type:
|
347
|
+
object_type: Permission::OBJECT_TYPE,
|
348
348
|
object_id: params[:permission_id],
|
349
349
|
relation: "member",
|
350
350
|
subject: {
|
351
|
-
object_type:
|
351
|
+
object_type: User::OBJECT_TYPE,
|
352
352
|
object_id: params[:user_id]
|
353
353
|
},
|
354
354
|
context: params[:context]
|
@@ -377,7 +377,7 @@ module Warrant
|
|
377
377
|
def self.has_feature?(params = {})
|
378
378
|
return is_authorized?(
|
379
379
|
warrants: [{
|
380
|
-
object_type:
|
380
|
+
object_type: Feature::OBJECT_TYPE,
|
381
381
|
object_id: params[:feature_id],
|
382
382
|
relation: "member",
|
383
383
|
subject: {
|
@@ -413,7 +413,7 @@ module Warrant
|
|
413
413
|
|
414
414
|
def self.edge_authorize?(params = {})
|
415
415
|
request_url = URI.parse("#{::Warrant.config.authorize_endpoint}/v2/authorize")
|
416
|
-
res = APIOperations.post(request_url, Util.normalize_params(params)
|
416
|
+
res = APIOperations.post(request_url, Util.normalize_params(params))
|
417
417
|
res_json = JSON.parse(res.body)
|
418
418
|
|
419
419
|
case res
|
data/lib/warrant/version.rb
CHANGED
@@ -3,14 +3,16 @@
|
|
3
3
|
module Warrant
|
4
4
|
# @!visibility private
|
5
5
|
class WarrantConfiguration
|
6
|
-
attr_accessor :api_key, :api_base, :authorize_endpoint
|
6
|
+
attr_accessor :api_key, :api_base, :authorize_endpoint, :use_ssl
|
7
7
|
|
8
8
|
attr_reader :self_service_dash_url_base
|
9
9
|
|
10
10
|
def initialize
|
11
|
+
@api_key = ""
|
11
12
|
@api_base = "https://api.warrant.dev"
|
12
13
|
@authorize_endpoint = "https://api.warrant.dev"
|
13
14
|
@self_service_dash_url_base = "https://self-serve.warrant.dev"
|
15
|
+
@use_ssl = true
|
14
16
|
end
|
15
17
|
end
|
16
18
|
end
|
data/lib/warrant.rb
CHANGED
@@ -31,6 +31,6 @@ module Warrant
|
|
31
31
|
|
32
32
|
attr_reader :config
|
33
33
|
|
34
|
-
def_delegators :@config, :api_key, :api_key=, :api_base, :api_base=, :authorize_endpoint, :authorize_endpoint=
|
34
|
+
def_delegators :@config, :api_key, :api_key=, :api_base, :api_base=, :authorize_endpoint, :authorize_endpoint=, :use_ssl, :use_ssl=
|
35
35
|
end
|
36
36
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warrant
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Warrant
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-03-22 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Ruby library for the Warrant API at https://warrant.dev.
|
14
14
|
email: hello@warrant.dev
|