warrant 3.0.0 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +22 -6
- data/lib/warrant/api_operations.rb +9 -9
- data/lib/warrant/models/feature.rb +6 -0
- data/lib/warrant/models/permission.rb +6 -0
- data/lib/warrant/models/pricing_tier.rb +6 -2
- data/lib/warrant/models/role.rb +6 -0
- data/lib/warrant/models/tenant.rb +12 -2
- data/lib/warrant/models/user.rb +12 -4
- data/lib/warrant/models/warrant.rb +13 -24
- data/lib/warrant/util.rb +6 -0
- data/lib/warrant/version.rb +1 -1
- data/lib/warrant/warrant_configuration.rb +3 -1
- data/lib/warrant.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e1faca7fd1a9bdcb8ae4f6c4a6ac5bc68a138cca35d3eafcb888de554156f4c5
|
4
|
+
data.tar.gz: 7bc91b0ebf6e9cf0dd442b19edc6b6f0514b3008cf89e4ddc448fd4def3bf12c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b849e8be7fc0105a11677ab6aa901221c45e8f70cc3e0baf2ff4b4c590816a841536aece028d9e1d386267d654192fd61f081991ddb39b3b7c93e0c672e93168
|
7
|
+
data.tar.gz: 7f653279a31b8b96beb09f8e255ad19680bd3d2602c14a025b0a9e5820523264acb58568d6a6d85ccc265fc73b136040c22a5c1bff86e8bccfe6e9057382a83e
|
data/README.md
CHANGED
@@ -6,7 +6,6 @@ Use [Warrant](https://warrant.dev/) in ruby projects.
|
|
6
6
|
[![Slack](https://img.shields.io/badge/slack-join-brightgreen)](https://join.slack.com/t/warrantcommunity/shared_invite/zt-12g84updv-5l1pktJf2bI5WIKN4_~f4w)
|
7
7
|
|
8
8
|
## Installation
|
9
|
-
---
|
10
9
|
|
11
10
|
Add this line to your application's Gemfile:
|
12
11
|
|
@@ -27,30 +26,47 @@ You can also build the gem from source:
|
|
27
26
|
$ gem build warrant.gemspec
|
28
27
|
|
29
28
|
## Documentation
|
30
|
-
---
|
31
29
|
|
32
30
|
- [Ruby API Docs](https://rubydoc.info/gems/warrant)
|
33
31
|
- [Warrant Docs](https://docs.warrant.dev/)
|
34
32
|
|
35
33
|
## Requirements
|
36
|
-
---
|
37
34
|
|
38
35
|
- Ruby 2.3+.
|
39
36
|
|
40
37
|
## Usage
|
41
|
-
---
|
42
38
|
|
43
39
|
```ruby
|
44
40
|
require 'warrant'
|
45
41
|
Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
|
46
42
|
|
47
|
-
#
|
43
|
+
# Create a user
|
48
44
|
Warrant::User.create(user_id: "user123")
|
49
45
|
|
50
|
-
#
|
46
|
+
# Check whether user slp951 has view access to report 7asm24
|
51
47
|
Warrant::Warrant.is_authorized?(object_type: "report", object_id: "7asm24", relation: "viewer", subject: { object_id: "user", object_id: "slp951" })
|
52
48
|
```
|
53
49
|
|
50
|
+
## Configuring the API and Authorize Endpoints
|
51
|
+
The API and Authorize endpoints the SDK makes requests to is configurable via the `Warrant.api_base` and `Warrant.authorize_endpoint` attributes:
|
52
|
+
|
53
|
+
```ruby
|
54
|
+
require 'warrant'
|
55
|
+
|
56
|
+
# Set api and authorize endpoints to http://localhost:8000
|
57
|
+
Warrant.api_base = 'http://localhost:8000'
|
58
|
+
Warrant.authorize_endpoint = 'http://localhost:8000'
|
59
|
+
```
|
60
|
+
|
61
|
+
## Configuring SSL
|
62
|
+
By default, the SDK will attempt to use SSL when making requests to the API. This setting is configurable via the `Warrant.use_ssl` attribute:
|
63
|
+
|
64
|
+
```ruby
|
65
|
+
require 'warrant'
|
66
|
+
|
67
|
+
# Disable ssl
|
68
|
+
Warrant.use_ssl = false
|
69
|
+
```
|
54
70
|
|
55
71
|
We’ve used a random API key in these code examples. Replace it with your [actual publishable API keys](https://app.warrant.dev) to
|
56
72
|
test this code through your own Warrant account.
|
@@ -4,21 +4,21 @@ module Warrant
|
|
4
4
|
# @!visibility private
|
5
5
|
class APIOperations
|
6
6
|
class << self
|
7
|
-
def post(uri, params = {}
|
7
|
+
def post(uri, params = {})
|
8
8
|
http = Net::HTTP.new(uri.host, uri.port)
|
9
|
-
http.use_ssl = use_ssl
|
9
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
10
10
|
headers = {
|
11
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
12
11
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
13
12
|
}
|
13
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
14
14
|
http.post(uri.path, params.to_json, headers)
|
15
15
|
end
|
16
16
|
|
17
17
|
def delete(uri, params = {})
|
18
18
|
http = Net::HTTP.new(uri.host, uri.port)
|
19
|
-
http.use_ssl =
|
19
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
20
20
|
request = Net::HTTP::Delete.new(uri.path)
|
21
|
-
request["Authorization"] = "ApiKey #{::Warrant.config.api_key}"
|
21
|
+
request["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
22
22
|
request["User-Agent"] = "warrant-ruby/#{VERSION}"
|
23
23
|
|
24
24
|
http.request(request, params.to_json)
|
@@ -26,11 +26,11 @@ module Warrant
|
|
26
26
|
|
27
27
|
def get(uri, params = {})
|
28
28
|
http = Net::HTTP.new(uri.host, uri.port)
|
29
|
-
http.use_ssl =
|
29
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
30
30
|
headers = {
|
31
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
32
31
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
33
32
|
}
|
33
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
34
34
|
|
35
35
|
unless params.empty?
|
36
36
|
normalized_params = Util.normalize_params(params.compact)
|
@@ -42,11 +42,11 @@ module Warrant
|
|
42
42
|
|
43
43
|
def put(uri, params = {})
|
44
44
|
http = Net::HTTP.new(uri.host, uri.port)
|
45
|
-
http.use_ssl =
|
45
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
46
46
|
headers = {
|
47
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
48
47
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
49
48
|
}
|
49
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
50
50
|
http.put(uri.path, params.to_json, headers)
|
51
51
|
end
|
52
52
|
|
@@ -66,6 +66,12 @@ module Warrant
|
|
66
66
|
#
|
67
67
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
68
68
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
69
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a featureId. If provided, the results returned are immediately before the provided value. (optional)
|
70
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
71
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a featureId. If provided, the results returned are immediately after the provided value. (optional)
|
72
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
73
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is featureId. (optional)
|
74
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
69
75
|
#
|
70
76
|
# @return [Array<Feature>] all features for your organization
|
71
77
|
#
|
@@ -68,6 +68,12 @@ module Warrant
|
|
68
68
|
#
|
69
69
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
70
70
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
71
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a permissionId. If provided, the results returned are immediately before the provided value. (optional)
|
72
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
73
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a permissionId. If provided, the results returned are immediately after the provided value. (optional)
|
74
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
75
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is permissionId. (optional)
|
76
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
71
77
|
#
|
72
78
|
# @return [Array<Permission>] all permissions for your organization
|
73
79
|
#
|
@@ -66,6 +66,12 @@ module Warrant
|
|
66
66
|
#
|
67
67
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
68
68
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
69
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a pricingTierId. If provided, the results returned are immediately before the provided value. (optional)
|
70
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
71
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a pricingTierId. If provided, the results returned are immediately after the provided value. (optional)
|
72
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
73
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is pricingTierId. (optional)
|
74
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
69
75
|
#
|
70
76
|
# @return [Array<Feature>] all pricing tiers for your organization
|
71
77
|
#
|
@@ -267,7 +273,6 @@ module Warrant
|
|
267
273
|
#
|
268
274
|
# @param feature_id [String] The feature_id of the feature to check whether the pricing tier has access to.
|
269
275
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
270
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
271
276
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
272
277
|
#
|
273
278
|
# @return [Boolean] whether or not the pricing tier has the given feature
|
@@ -284,7 +289,6 @@ module Warrant
|
|
284
289
|
object_id: pricing_tier_id
|
285
290
|
},
|
286
291
|
context: opts[:context],
|
287
|
-
consistent_read: opts[:consistent_read],
|
288
292
|
debug: opts[:debug]
|
289
293
|
)
|
290
294
|
end
|
data/lib/warrant/models/role.rb
CHANGED
@@ -68,6 +68,12 @@ module Warrant
|
|
68
68
|
#
|
69
69
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
70
70
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
71
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a roleId. If provided, the results returned are immediately before the provided value. (optional)
|
72
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
73
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a roleId. If provided, the results returned are immediately after the provided value. (optional)
|
74
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
75
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is roleId. (optional)
|
76
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
71
77
|
#
|
72
78
|
# @return [Array<Role>] all roles for your organization
|
73
79
|
#
|
@@ -99,6 +99,12 @@ module Warrant
|
|
99
99
|
#
|
100
100
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
101
101
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
102
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately before the provided value. (optional)
|
103
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
104
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately after the provided value. (optional)
|
105
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
106
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is tenantId. (optional)
|
107
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
102
108
|
#
|
103
109
|
# @return [Array<Tenant>] all tenants for your organization
|
104
110
|
#
|
@@ -222,6 +228,12 @@ module Warrant
|
|
222
228
|
# @param user_id [String] The user_id of the user from which to fetch tenants
|
223
229
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
224
230
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
231
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately before the provided value. (optional)
|
232
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
233
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately after the provided value. (optional)
|
234
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
235
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is tenantId. (optional)
|
236
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
225
237
|
#
|
226
238
|
# @return [Array<Tenant>] all tenants for the user
|
227
239
|
#
|
@@ -344,7 +356,6 @@ module Warrant
|
|
344
356
|
#
|
345
357
|
# @param feature_id [String] The feature_id of the feature to check whether the tenant has access to.
|
346
358
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
347
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
348
359
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
349
360
|
#
|
350
361
|
# @ return [Boolean] whether or not the tenant has the given feature
|
@@ -361,7 +372,6 @@ module Warrant
|
|
361
372
|
object_id: tenant_id
|
362
373
|
},
|
363
374
|
context: opts[:context],
|
364
|
-
consistent_read: opts[:consistent_read],
|
365
375
|
debug: opts[:debug]
|
366
376
|
)
|
367
377
|
end
|
data/lib/warrant/models/user.rb
CHANGED
@@ -100,6 +100,12 @@ module Warrant
|
|
100
100
|
#
|
101
101
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
102
102
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
103
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately before the provided value. (optional)
|
104
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
105
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately after the provided value. (optional)
|
106
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
107
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is userId. (optional)
|
108
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
103
109
|
#
|
104
110
|
# @return [Array<User>] all users for your organization
|
105
111
|
#
|
@@ -301,7 +307,6 @@ module Warrant
|
|
301
307
|
#
|
302
308
|
# @param permission_id [String] The permission_id of the permission you want to check whether or not it exists on the user.
|
303
309
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
304
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
305
310
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
306
311
|
#
|
307
312
|
# @return [Boolean] whether or not the user has the given permission
|
@@ -319,7 +324,6 @@ module Warrant
|
|
319
324
|
permission_id: permission_id,
|
320
325
|
user_id: user_id,
|
321
326
|
context: opts[:context],
|
322
|
-
consistent_read: opts[:consistent_read],
|
323
327
|
debug: opts[:debug]
|
324
328
|
)
|
325
329
|
end
|
@@ -329,6 +333,12 @@ module Warrant
|
|
329
333
|
# @param tenant_id [String] The tenant_id of the tenant from which to fetch users
|
330
334
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
331
335
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
336
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately before the provided value. (optional)
|
337
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
338
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately after the provided value. (optional)
|
339
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
340
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is userId. (optional)
|
341
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
332
342
|
#
|
333
343
|
# @return [Array<User>] all users for the tenant
|
334
344
|
#
|
@@ -485,7 +495,6 @@ module Warrant
|
|
485
495
|
#
|
486
496
|
# @param feature_id [String] The feature_id of the feature to check whether the user has access to.
|
487
497
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
488
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
489
498
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
490
499
|
#
|
491
500
|
# @ return [Boolean] whether or not the user has the given feature
|
@@ -502,7 +511,6 @@ module Warrant
|
|
502
511
|
object_id: user_id
|
503
512
|
},
|
504
513
|
context: opts[:context],
|
505
|
-
consistent_read: opts[:consistent_read],
|
506
514
|
debug: opts[:debug]
|
507
515
|
)
|
508
516
|
end
|
@@ -2,15 +2,15 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Warrant
|
5
|
-
attr_reader :id, :object_type, :object_id, :relation, :subject, :
|
5
|
+
attr_reader :id, :object_type, :object_id, :relation, :subject, :policy, :is_implicit
|
6
6
|
|
7
7
|
# @!visibility private
|
8
|
-
def initialize(object_type, object_id, relation, subject,
|
8
|
+
def initialize(object_type, object_id, relation, subject, policy = nil, is_implicit = nil)
|
9
9
|
@object_type = object_type
|
10
10
|
@object_id = object_id
|
11
11
|
@relation = relation
|
12
12
|
@subject = subject
|
13
|
-
@
|
13
|
+
@policy = policy
|
14
14
|
@is_implicit = is_implicit
|
15
15
|
end
|
16
16
|
|
@@ -19,7 +19,7 @@ module Warrant
|
|
19
19
|
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
20
20
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
21
21
|
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
22
|
-
# @param
|
22
|
+
# @param policy [String] - A boolean expression that must evaluate to `true` for this warrant to apply. The expression can reference variables that are provided in the `context` attribute of access check requests. (optional)
|
23
23
|
#
|
24
24
|
# @return [Warrant] created warrant
|
25
25
|
#
|
@@ -30,7 +30,7 @@ module Warrant
|
|
30
30
|
# @raise [Warrant::NotFoundError]
|
31
31
|
# @raise [Warrant::UnauthorizedError]
|
32
32
|
# @raise [Warrant::WarrantError]
|
33
|
-
def self.create(object, relation, subject,
|
33
|
+
def self.create(object, relation, subject, policy = nil)
|
34
34
|
params = {
|
35
35
|
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
36
36
|
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
@@ -39,7 +39,7 @@ module Warrant
|
|
39
39
|
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
40
40
|
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
41
41
|
},
|
42
|
-
|
42
|
+
policy: policy
|
43
43
|
}
|
44
44
|
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
|
45
45
|
res_json = JSON.parse(res.body)
|
@@ -47,7 +47,7 @@ module Warrant
|
|
47
47
|
case res
|
48
48
|
when Net::HTTPSuccess
|
49
49
|
subject = Subject.new(res_json['subject']['objectType'], res_json['subject']['objectId'], res_json['subject']['relation'])
|
50
|
-
Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject, res_json['
|
50
|
+
Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject, res_json['policy'])
|
51
51
|
else
|
52
52
|
APIOperations.raise_error(res)
|
53
53
|
end
|
@@ -58,7 +58,7 @@ module Warrant
|
|
58
58
|
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
59
59
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
60
60
|
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
61
|
-
# @param
|
61
|
+
# @param policy [String] - A boolean expression that must evaluate to `true` for this warrant to apply. The expression can reference variables that are provided in the `context` attribute of access check requests. (optional)
|
62
62
|
#
|
63
63
|
# @return [nil] if delete was successful
|
64
64
|
#
|
@@ -67,7 +67,7 @@ module Warrant
|
|
67
67
|
# @raise [Warrant::NotFoundError]
|
68
68
|
# @raise [Warrant::UnauthorizedError]
|
69
69
|
# @raise [Warrant::WarrantError]
|
70
|
-
def self.delete(object, relation, subject,
|
70
|
+
def self.delete(object, relation, subject, policy = nil)
|
71
71
|
params = {
|
72
72
|
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
73
73
|
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
@@ -76,7 +76,7 @@ module Warrant
|
|
76
76
|
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
77
77
|
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
78
78
|
},
|
79
|
-
|
79
|
+
policy: policy
|
80
80
|
}
|
81
81
|
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
|
82
82
|
|
@@ -166,8 +166,7 @@ module Warrant
|
|
166
166
|
# * object_type (String) - The type of object. Must be one of your system's existing object types.
|
167
167
|
# * object_id (String) - The id of the specific object.
|
168
168
|
# * relation (String) - The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
|
169
|
-
#
|
170
|
-
# @param consistent_read [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
169
|
+
# * context [Hash] - Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
171
170
|
# @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
172
171
|
#
|
173
172
|
# @return [Boolean] whether or not the given access check is authorized
|
@@ -201,8 +200,7 @@ module Warrant
|
|
201
200
|
# @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
202
201
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
203
202
|
# @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
204
|
-
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
205
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
203
|
+
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
206
204
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
207
205
|
#
|
208
206
|
# @return [Boolean] whether or not the given access check is authorized
|
@@ -239,7 +237,6 @@ module Warrant
|
|
239
237
|
subject: subject,
|
240
238
|
context: options[:context]
|
241
239
|
}],
|
242
|
-
consistent_read: options[:consistent_read],
|
243
240
|
debug: options[:debug]
|
244
241
|
)
|
245
242
|
end
|
@@ -252,7 +249,6 @@ module Warrant
|
|
252
249
|
subject: subject,
|
253
250
|
context: options[:context]
|
254
251
|
}],
|
255
|
-
consistent_read: options[:consistent_read],
|
256
252
|
debug: options[:debug]
|
257
253
|
)
|
258
254
|
end
|
@@ -265,7 +261,6 @@ module Warrant
|
|
265
261
|
# * relation (String) - The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
266
262
|
# * subject (WarrantObject) Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
267
263
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
268
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
269
264
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
270
265
|
#
|
271
266
|
# @return [Boolean] whether or not the given access check is authorized
|
@@ -314,7 +309,6 @@ module Warrant
|
|
314
309
|
return edge_authorize?(
|
315
310
|
op: op,
|
316
311
|
warrants: normalized_warrants,
|
317
|
-
consistent_read: options[:consistent_read],
|
318
312
|
debug: options[:debug]
|
319
313
|
)
|
320
314
|
end
|
@@ -322,7 +316,6 @@ module Warrant
|
|
322
316
|
return authorize?(
|
323
317
|
op: op,
|
324
318
|
warrants: normalized_warrants,
|
325
|
-
consistent_read: options[:consistent_read],
|
326
319
|
debug: options[:debug]
|
327
320
|
)
|
328
321
|
end
|
@@ -332,7 +325,6 @@ module Warrant
|
|
332
325
|
# @param user_id [String] Id of the user to check
|
333
326
|
# @param permission_id [String] Id of the permission to check on the user
|
334
327
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
335
|
-
# @param consistentRead [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
336
328
|
# @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
337
329
|
#
|
338
330
|
# @return [Boolean] whether or not the user has the given permission
|
@@ -353,7 +345,6 @@ module Warrant
|
|
353
345
|
},
|
354
346
|
context: params[:context]
|
355
347
|
}],
|
356
|
-
consistentRead: params[:consistentRead],
|
357
348
|
debug: params[:debug]
|
358
349
|
)
|
359
350
|
end
|
@@ -365,7 +356,6 @@ module Warrant
|
|
365
356
|
# * object_id (String) - The id of the specific object.
|
366
357
|
# @param feature_id [String] Id of the feature to check on the subject
|
367
358
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
368
|
-
# @param consistent_read [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
369
359
|
# @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
370
360
|
#
|
371
361
|
# @return [Boolean] whether or not the user has the given permission
|
@@ -386,7 +376,6 @@ module Warrant
|
|
386
376
|
},
|
387
377
|
context: params[:context]
|
388
378
|
}],
|
389
|
-
consistent_read: params[:consistent_read],
|
390
379
|
debug: params[:debug]
|
391
380
|
)
|
392
381
|
end
|
@@ -413,7 +402,7 @@ module Warrant
|
|
413
402
|
|
414
403
|
def self.edge_authorize?(params = {})
|
415
404
|
request_url = URI.parse("#{::Warrant.config.authorize_endpoint}/v2/authorize")
|
416
|
-
res = APIOperations.post(request_url, Util.normalize_params(params)
|
405
|
+
res = APIOperations.post(request_url, Util.normalize_params(params))
|
417
406
|
res_json = JSON.parse(res.body)
|
418
407
|
|
419
408
|
case res
|
data/lib/warrant/util.rb
CHANGED
@@ -21,6 +21,12 @@ module Warrant
|
|
21
21
|
case params
|
22
22
|
when Hash
|
23
23
|
params.each_with_object({}) do |(k, v), new_opts|
|
24
|
+
# Leave context hash as-is to allow for any naming convention (snake_case vs camelCase)
|
25
|
+
if k.to_s == "context"
|
26
|
+
new_opts[k] = v
|
27
|
+
next
|
28
|
+
end
|
29
|
+
|
24
30
|
new_key = Util.camelcase(k.to_s)
|
25
31
|
|
26
32
|
case v
|
data/lib/warrant/version.rb
CHANGED
@@ -3,14 +3,16 @@
|
|
3
3
|
module Warrant
|
4
4
|
# @!visibility private
|
5
5
|
class WarrantConfiguration
|
6
|
-
attr_accessor :api_key, :api_base, :authorize_endpoint
|
6
|
+
attr_accessor :api_key, :api_base, :authorize_endpoint, :use_ssl
|
7
7
|
|
8
8
|
attr_reader :self_service_dash_url_base
|
9
9
|
|
10
10
|
def initialize
|
11
|
+
@api_key = ""
|
11
12
|
@api_base = "https://api.warrant.dev"
|
12
13
|
@authorize_endpoint = "https://api.warrant.dev"
|
13
14
|
@self_service_dash_url_base = "https://self-serve.warrant.dev"
|
15
|
+
@use_ssl = true
|
14
16
|
end
|
15
17
|
end
|
16
18
|
end
|
data/lib/warrant.rb
CHANGED
@@ -31,6 +31,6 @@ module Warrant
|
|
31
31
|
|
32
32
|
attr_reader :config
|
33
33
|
|
34
|
-
def_delegators :@config, :api_key, :api_key=, :api_base, :api_base=, :authorize_endpoint, :authorize_endpoint=
|
34
|
+
def_delegators :@config, :api_key, :api_key=, :api_base, :api_base=, :authorize_endpoint, :authorize_endpoint=, :use_ssl, :use_ssl=
|
35
35
|
end
|
36
36
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warrant
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Warrant
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Ruby library for the Warrant API at https://warrant.dev.
|
14
14
|
email: hello@warrant.dev
|
@@ -50,7 +50,7 @@ metadata:
|
|
50
50
|
source_code_uri: https://github.com/warrant-dev/warrant-ruby
|
51
51
|
changelog_uri: https://github.com/warrant-dev/warrant-ruby/CHANGELOG.md
|
52
52
|
documentation_uri: https://docs.warrant.dev/
|
53
|
-
post_install_message:
|
53
|
+
post_install_message:
|
54
54
|
rdoc_options: []
|
55
55
|
require_paths:
|
56
56
|
- lib
|
@@ -65,8 +65,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
65
65
|
- !ruby/object:Gem::Version
|
66
66
|
version: '0'
|
67
67
|
requirements: []
|
68
|
-
rubygems_version: 3.2.
|
69
|
-
signing_key:
|
68
|
+
rubygems_version: 3.2.33
|
69
|
+
signing_key:
|
70
70
|
specification_version: 4
|
71
71
|
summary: Warrant Ruby Library
|
72
72
|
test_files: []
|