warrant 3.0.0 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -6
- data/lib/warrant/api_operations.rb +9 -9
- data/lib/warrant/models/feature.rb +6 -0
- data/lib/warrant/models/permission.rb +6 -0
- data/lib/warrant/models/pricing_tier.rb +6 -2
- data/lib/warrant/models/role.rb +6 -0
- data/lib/warrant/models/tenant.rb +12 -2
- data/lib/warrant/models/user.rb +12 -4
- data/lib/warrant/models/warrant.rb +13 -24
- data/lib/warrant/util.rb +6 -0
- data/lib/warrant/version.rb +1 -1
- data/lib/warrant/warrant_configuration.rb +3 -1
- data/lib/warrant.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e1faca7fd1a9bdcb8ae4f6c4a6ac5bc68a138cca35d3eafcb888de554156f4c5
|
4
|
+
data.tar.gz: 7bc91b0ebf6e9cf0dd442b19edc6b6f0514b3008cf89e4ddc448fd4def3bf12c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b849e8be7fc0105a11677ab6aa901221c45e8f70cc3e0baf2ff4b4c590816a841536aece028d9e1d386267d654192fd61f081991ddb39b3b7c93e0c672e93168
|
7
|
+
data.tar.gz: 7f653279a31b8b96beb09f8e255ad19680bd3d2602c14a025b0a9e5820523264acb58568d6a6d85ccc265fc73b136040c22a5c1bff86e8bccfe6e9057382a83e
|
data/README.md
CHANGED
@@ -6,7 +6,6 @@ Use [Warrant](https://warrant.dev/) in ruby projects.
|
|
6
6
|
[](https://join.slack.com/t/warrantcommunity/shared_invite/zt-12g84updv-5l1pktJf2bI5WIKN4_~f4w)
|
7
7
|
|
8
8
|
## Installation
|
9
|
-
---
|
10
9
|
|
11
10
|
Add this line to your application's Gemfile:
|
12
11
|
|
@@ -27,30 +26,47 @@ You can also build the gem from source:
|
|
27
26
|
$ gem build warrant.gemspec
|
28
27
|
|
29
28
|
## Documentation
|
30
|
-
---
|
31
29
|
|
32
30
|
- [Ruby API Docs](https://rubydoc.info/gems/warrant)
|
33
31
|
- [Warrant Docs](https://docs.warrant.dev/)
|
34
32
|
|
35
33
|
## Requirements
|
36
|
-
---
|
37
34
|
|
38
35
|
- Ruby 2.3+.
|
39
36
|
|
40
37
|
## Usage
|
41
|
-
---
|
42
38
|
|
43
39
|
```ruby
|
44
40
|
require 'warrant'
|
45
41
|
Warrant.api_key = 'api_test_f5dsKVeYnVSLHGje44zAygqgqXiLJBICbFzCiAg1E='
|
46
42
|
|
47
|
-
#
|
43
|
+
# Create a user
|
48
44
|
Warrant::User.create(user_id: "user123")
|
49
45
|
|
50
|
-
#
|
46
|
+
# Check whether user slp951 has view access to report 7asm24
|
51
47
|
Warrant::Warrant.is_authorized?(object_type: "report", object_id: "7asm24", relation: "viewer", subject: { object_id: "user", object_id: "slp951" })
|
52
48
|
```
|
53
49
|
|
50
|
+
## Configuring the API and Authorize Endpoints
|
51
|
+
The API and Authorize endpoints the SDK makes requests to is configurable via the `Warrant.api_base` and `Warrant.authorize_endpoint` attributes:
|
52
|
+
|
53
|
+
```ruby
|
54
|
+
require 'warrant'
|
55
|
+
|
56
|
+
# Set api and authorize endpoints to http://localhost:8000
|
57
|
+
Warrant.api_base = 'http://localhost:8000'
|
58
|
+
Warrant.authorize_endpoint = 'http://localhost:8000'
|
59
|
+
```
|
60
|
+
|
61
|
+
## Configuring SSL
|
62
|
+
By default, the SDK will attempt to use SSL when making requests to the API. This setting is configurable via the `Warrant.use_ssl` attribute:
|
63
|
+
|
64
|
+
```ruby
|
65
|
+
require 'warrant'
|
66
|
+
|
67
|
+
# Disable ssl
|
68
|
+
Warrant.use_ssl = false
|
69
|
+
```
|
54
70
|
|
55
71
|
We’ve used a random API key in these code examples. Replace it with your [actual publishable API keys](https://app.warrant.dev) to
|
56
72
|
test this code through your own Warrant account.
|
@@ -4,21 +4,21 @@ module Warrant
|
|
4
4
|
# @!visibility private
|
5
5
|
class APIOperations
|
6
6
|
class << self
|
7
|
-
def post(uri, params = {}
|
7
|
+
def post(uri, params = {})
|
8
8
|
http = Net::HTTP.new(uri.host, uri.port)
|
9
|
-
http.use_ssl = use_ssl
|
9
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
10
10
|
headers = {
|
11
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
12
11
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
13
12
|
}
|
13
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
14
14
|
http.post(uri.path, params.to_json, headers)
|
15
15
|
end
|
16
16
|
|
17
17
|
def delete(uri, params = {})
|
18
18
|
http = Net::HTTP.new(uri.host, uri.port)
|
19
|
-
http.use_ssl =
|
19
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
20
20
|
request = Net::HTTP::Delete.new(uri.path)
|
21
|
-
request["Authorization"] = "ApiKey #{::Warrant.config.api_key}"
|
21
|
+
request["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
22
22
|
request["User-Agent"] = "warrant-ruby/#{VERSION}"
|
23
23
|
|
24
24
|
http.request(request, params.to_json)
|
@@ -26,11 +26,11 @@ module Warrant
|
|
26
26
|
|
27
27
|
def get(uri, params = {})
|
28
28
|
http = Net::HTTP.new(uri.host, uri.port)
|
29
|
-
http.use_ssl =
|
29
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
30
30
|
headers = {
|
31
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
32
31
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
33
32
|
}
|
33
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
34
34
|
|
35
35
|
unless params.empty?
|
36
36
|
normalized_params = Util.normalize_params(params.compact)
|
@@ -42,11 +42,11 @@ module Warrant
|
|
42
42
|
|
43
43
|
def put(uri, params = {})
|
44
44
|
http = Net::HTTP.new(uri.host, uri.port)
|
45
|
-
http.use_ssl =
|
45
|
+
http.use_ssl = ::Warrant.config.use_ssl
|
46
46
|
headers = {
|
47
|
-
"Authorization": "ApiKey #{::Warrant.config.api_key}",
|
48
47
|
"User-Agent": "warrant-ruby/#{VERSION}"
|
49
48
|
}
|
49
|
+
headers["Authorization"] = "ApiKey #{::Warrant.config.api_key}" unless ::Warrant.config.api_key.empty?
|
50
50
|
http.put(uri.path, params.to_json, headers)
|
51
51
|
end
|
52
52
|
|
@@ -66,6 +66,12 @@ module Warrant
|
|
66
66
|
#
|
67
67
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
68
68
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
69
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a featureId. If provided, the results returned are immediately before the provided value. (optional)
|
70
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
71
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a featureId. If provided, the results returned are immediately after the provided value. (optional)
|
72
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
73
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is featureId. (optional)
|
74
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
69
75
|
#
|
70
76
|
# @return [Array<Feature>] all features for your organization
|
71
77
|
#
|
@@ -68,6 +68,12 @@ module Warrant
|
|
68
68
|
#
|
69
69
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
70
70
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
71
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a permissionId. If provided, the results returned are immediately before the provided value. (optional)
|
72
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
73
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a permissionId. If provided, the results returned are immediately after the provided value. (optional)
|
74
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
75
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is permissionId. (optional)
|
76
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
71
77
|
#
|
72
78
|
# @return [Array<Permission>] all permissions for your organization
|
73
79
|
#
|
@@ -66,6 +66,12 @@ module Warrant
|
|
66
66
|
#
|
67
67
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
68
68
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
69
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a pricingTierId. If provided, the results returned are immediately before the provided value. (optional)
|
70
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
71
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a pricingTierId. If provided, the results returned are immediately after the provided value. (optional)
|
72
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
73
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is pricingTierId. (optional)
|
74
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
69
75
|
#
|
70
76
|
# @return [Array<Feature>] all pricing tiers for your organization
|
71
77
|
#
|
@@ -267,7 +273,6 @@ module Warrant
|
|
267
273
|
#
|
268
274
|
# @param feature_id [String] The feature_id of the feature to check whether the pricing tier has access to.
|
269
275
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
270
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
271
276
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
272
277
|
#
|
273
278
|
# @return [Boolean] whether or not the pricing tier has the given feature
|
@@ -284,7 +289,6 @@ module Warrant
|
|
284
289
|
object_id: pricing_tier_id
|
285
290
|
},
|
286
291
|
context: opts[:context],
|
287
|
-
consistent_read: opts[:consistent_read],
|
288
292
|
debug: opts[:debug]
|
289
293
|
)
|
290
294
|
end
|
data/lib/warrant/models/role.rb
CHANGED
@@ -68,6 +68,12 @@ module Warrant
|
|
68
68
|
#
|
69
69
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
70
70
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
71
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a roleId. If provided, the results returned are immediately before the provided value. (optional)
|
72
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
73
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a roleId. If provided, the results returned are immediately after the provided value. (optional)
|
74
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
75
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is roleId. (optional)
|
76
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
71
77
|
#
|
72
78
|
# @return [Array<Role>] all roles for your organization
|
73
79
|
#
|
@@ -99,6 +99,12 @@ module Warrant
|
|
99
99
|
#
|
100
100
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
101
101
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
102
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately before the provided value. (optional)
|
103
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
104
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately after the provided value. (optional)
|
105
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
106
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is tenantId. (optional)
|
107
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
102
108
|
#
|
103
109
|
# @return [Array<Tenant>] all tenants for your organization
|
104
110
|
#
|
@@ -222,6 +228,12 @@ module Warrant
|
|
222
228
|
# @param user_id [String] The user_id of the user from which to fetch tenants
|
223
229
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
224
230
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
231
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately before the provided value. (optional)
|
232
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
233
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a tenantId. If provided, the results returned are immediately after the provided value. (optional)
|
234
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
235
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is tenantId. (optional)
|
236
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
225
237
|
#
|
226
238
|
# @return [Array<Tenant>] all tenants for the user
|
227
239
|
#
|
@@ -344,7 +356,6 @@ module Warrant
|
|
344
356
|
#
|
345
357
|
# @param feature_id [String] The feature_id of the feature to check whether the tenant has access to.
|
346
358
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
347
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
348
359
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
349
360
|
#
|
350
361
|
# @ return [Boolean] whether or not the tenant has the given feature
|
@@ -361,7 +372,6 @@ module Warrant
|
|
361
372
|
object_id: tenant_id
|
362
373
|
},
|
363
374
|
context: opts[:context],
|
364
|
-
consistent_read: opts[:consistent_read],
|
365
375
|
debug: opts[:debug]
|
366
376
|
)
|
367
377
|
end
|
data/lib/warrant/models/user.rb
CHANGED
@@ -100,6 +100,12 @@ module Warrant
|
|
100
100
|
#
|
101
101
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
102
102
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
103
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately before the provided value. (optional)
|
104
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
105
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately after the provided value. (optional)
|
106
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
107
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is userId. (optional)
|
108
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
103
109
|
#
|
104
110
|
# @return [Array<User>] all users for your organization
|
105
111
|
#
|
@@ -301,7 +307,6 @@ module Warrant
|
|
301
307
|
#
|
302
308
|
# @param permission_id [String] The permission_id of the permission you want to check whether or not it exists on the user.
|
303
309
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
304
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
305
310
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
306
311
|
#
|
307
312
|
# @return [Boolean] whether or not the user has the given permission
|
@@ -319,7 +324,6 @@ module Warrant
|
|
319
324
|
permission_id: permission_id,
|
320
325
|
user_id: user_id,
|
321
326
|
context: opts[:context],
|
322
|
-
consistent_read: opts[:consistent_read],
|
323
327
|
debug: opts[:debug]
|
324
328
|
)
|
325
329
|
end
|
@@ -329,6 +333,12 @@ module Warrant
|
|
329
333
|
# @param tenant_id [String] The tenant_id of the tenant from which to fetch users
|
330
334
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
331
335
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
336
|
+
# @option filters [String] :beforeId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately before the provided value. (optional)
|
337
|
+
# @option filters [String] :beforeValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately before the provided value. (optional)
|
338
|
+
# @option filters [String] :afterId A string representing a cursor value in the form of a userId. If provided, the results returned are immediately after the provided value. (optional)
|
339
|
+
# @option filters [String] :afterValue A string representing a cursor value in the form of the `sortBy` value. If provided, the results returned are immediately after the provided value. (optional)
|
340
|
+
# @option filters [String] :sortBy A string representing the field to sort results by. Default value is userId. (optional)
|
341
|
+
# @option filters [String] :sortOrder A string representing whether to sort results in ascending or descending order. Must be ASC or DESC. (optional)
|
332
342
|
#
|
333
343
|
# @return [Array<User>] all users for the tenant
|
334
344
|
#
|
@@ -485,7 +495,6 @@ module Warrant
|
|
485
495
|
#
|
486
496
|
# @param feature_id [String] The feature_id of the feature to check whether the user has access to.
|
487
497
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
488
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
489
498
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
490
499
|
#
|
491
500
|
# @ return [Boolean] whether or not the user has the given feature
|
@@ -502,7 +511,6 @@ module Warrant
|
|
502
511
|
object_id: user_id
|
503
512
|
},
|
504
513
|
context: opts[:context],
|
505
|
-
consistent_read: opts[:consistent_read],
|
506
514
|
debug: opts[:debug]
|
507
515
|
)
|
508
516
|
end
|
@@ -2,15 +2,15 @@
|
|
2
2
|
|
3
3
|
module Warrant
|
4
4
|
class Warrant
|
5
|
-
attr_reader :id, :object_type, :object_id, :relation, :subject, :
|
5
|
+
attr_reader :id, :object_type, :object_id, :relation, :subject, :policy, :is_implicit
|
6
6
|
|
7
7
|
# @!visibility private
|
8
|
-
def initialize(object_type, object_id, relation, subject,
|
8
|
+
def initialize(object_type, object_id, relation, subject, policy = nil, is_implicit = nil)
|
9
9
|
@object_type = object_type
|
10
10
|
@object_id = object_id
|
11
11
|
@relation = relation
|
12
12
|
@subject = subject
|
13
|
-
@
|
13
|
+
@policy = policy
|
14
14
|
@is_implicit = is_implicit
|
15
15
|
end
|
16
16
|
|
@@ -19,7 +19,7 @@ module Warrant
|
|
19
19
|
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
20
20
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
21
21
|
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
22
|
-
# @param
|
22
|
+
# @param policy [String] - A boolean expression that must evaluate to `true` for this warrant to apply. The expression can reference variables that are provided in the `context` attribute of access check requests. (optional)
|
23
23
|
#
|
24
24
|
# @return [Warrant] created warrant
|
25
25
|
#
|
@@ -30,7 +30,7 @@ module Warrant
|
|
30
30
|
# @raise [Warrant::NotFoundError]
|
31
31
|
# @raise [Warrant::UnauthorizedError]
|
32
32
|
# @raise [Warrant::WarrantError]
|
33
|
-
def self.create(object, relation, subject,
|
33
|
+
def self.create(object, relation, subject, policy = nil)
|
34
34
|
params = {
|
35
35
|
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
36
36
|
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
@@ -39,7 +39,7 @@ module Warrant
|
|
39
39
|
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
40
40
|
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
41
41
|
},
|
42
|
-
|
42
|
+
policy: policy
|
43
43
|
}
|
44
44
|
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
|
45
45
|
res_json = JSON.parse(res.body)
|
@@ -47,7 +47,7 @@ module Warrant
|
|
47
47
|
case res
|
48
48
|
when Net::HTTPSuccess
|
49
49
|
subject = Subject.new(res_json['subject']['objectType'], res_json['subject']['objectId'], res_json['subject']['relation'])
|
50
|
-
Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject, res_json['
|
50
|
+
Warrant.new(res_json['objectType'], res_json['objectId'], res_json['relation'], subject, res_json['policy'])
|
51
51
|
else
|
52
52
|
APIOperations.raise_error(res)
|
53
53
|
end
|
@@ -58,7 +58,7 @@ module Warrant
|
|
58
58
|
# @param object [WarrantObject | Hash] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
59
59
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
60
60
|
# @param subject [WarrantObject | Hash] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
61
|
-
# @param
|
61
|
+
# @param policy [String] - A boolean expression that must evaluate to `true` for this warrant to apply. The expression can reference variables that are provided in the `context` attribute of access check requests. (optional)
|
62
62
|
#
|
63
63
|
# @return [nil] if delete was successful
|
64
64
|
#
|
@@ -67,7 +67,7 @@ module Warrant
|
|
67
67
|
# @raise [Warrant::NotFoundError]
|
68
68
|
# @raise [Warrant::UnauthorizedError]
|
69
69
|
# @raise [Warrant::WarrantError]
|
70
|
-
def self.delete(object, relation, subject,
|
70
|
+
def self.delete(object, relation, subject, policy = nil)
|
71
71
|
params = {
|
72
72
|
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
73
73
|
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
@@ -76,7 +76,7 @@ module Warrant
|
|
76
76
|
object_type: subject.respond_to?(:warrant_object_type) ? subject.warrant_object_type.to_s : subject[:object_type],
|
77
77
|
object_id: subject.respond_to?(:warrant_object_id) ? subject.warrant_object_id.to_s : subject[:object_id]
|
78
78
|
},
|
79
|
-
|
79
|
+
policy: policy
|
80
80
|
}
|
81
81
|
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v1/warrants"), Util.normalize_params(params))
|
82
82
|
|
@@ -166,8 +166,7 @@ module Warrant
|
|
166
166
|
# * object_type (String) - The type of object. Must be one of your system's existing object types.
|
167
167
|
# * object_id (String) - The id of the specific object.
|
168
168
|
# * relation (String) - The relation for this object to subject association. The relation must be valid as per the object type definition. (optional)
|
169
|
-
#
|
170
|
-
# @param consistent_read [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
169
|
+
# * context [Hash] - Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
171
170
|
# @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
172
171
|
#
|
173
172
|
# @return [Boolean] whether or not the given access check is authorized
|
@@ -201,8 +200,7 @@ module Warrant
|
|
201
200
|
# @param object [WarrantObject] Object to check in the access check. Object must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
202
201
|
# @param relation [String] The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
203
202
|
# @param subject [WarrantObject] Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
204
|
-
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
205
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
203
|
+
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
206
204
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
207
205
|
#
|
208
206
|
# @return [Boolean] whether or not the given access check is authorized
|
@@ -239,7 +237,6 @@ module Warrant
|
|
239
237
|
subject: subject,
|
240
238
|
context: options[:context]
|
241
239
|
}],
|
242
|
-
consistent_read: options[:consistent_read],
|
243
240
|
debug: options[:debug]
|
244
241
|
)
|
245
242
|
end
|
@@ -252,7 +249,6 @@ module Warrant
|
|
252
249
|
subject: subject,
|
253
250
|
context: options[:context]
|
254
251
|
}],
|
255
|
-
consistent_read: options[:consistent_read],
|
256
252
|
debug: options[:debug]
|
257
253
|
)
|
258
254
|
end
|
@@ -265,7 +261,6 @@ module Warrant
|
|
265
261
|
# * relation (String) - The relation to check for this object to subject association. The relation must be valid as per the object type definition.
|
266
262
|
# * subject (WarrantObject) Subject to check in the access check. Subject must include WarrantObject module and implements its methods (`warrant_object_type` and `warrant_object_id`).
|
267
263
|
# @option options [Hash] :context Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
268
|
-
# @option options [Boolean] :consistent_read Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
269
264
|
# @option options [Boolean] :debug Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
270
265
|
#
|
271
266
|
# @return [Boolean] whether or not the given access check is authorized
|
@@ -314,7 +309,6 @@ module Warrant
|
|
314
309
|
return edge_authorize?(
|
315
310
|
op: op,
|
316
311
|
warrants: normalized_warrants,
|
317
|
-
consistent_read: options[:consistent_read],
|
318
312
|
debug: options[:debug]
|
319
313
|
)
|
320
314
|
end
|
@@ -322,7 +316,6 @@ module Warrant
|
|
322
316
|
return authorize?(
|
323
317
|
op: op,
|
324
318
|
warrants: normalized_warrants,
|
325
|
-
consistent_read: options[:consistent_read],
|
326
319
|
debug: options[:debug]
|
327
320
|
)
|
328
321
|
end
|
@@ -332,7 +325,6 @@ module Warrant
|
|
332
325
|
# @param user_id [String] Id of the user to check
|
333
326
|
# @param permission_id [String] Id of the permission to check on the user
|
334
327
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
335
|
-
# @param consistentRead [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
336
328
|
# @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
337
329
|
#
|
338
330
|
# @return [Boolean] whether or not the user has the given permission
|
@@ -353,7 +345,6 @@ module Warrant
|
|
353
345
|
},
|
354
346
|
context: params[:context]
|
355
347
|
}],
|
356
|
-
consistentRead: params[:consistentRead],
|
357
348
|
debug: params[:debug]
|
358
349
|
)
|
359
350
|
end
|
@@ -365,7 +356,6 @@ module Warrant
|
|
365
356
|
# * object_id (String) - The id of the specific object.
|
366
357
|
# @param feature_id [String] Id of the feature to check on the subject
|
367
358
|
# @param context [Hash] - Object containing key-value pairs that specifies the context the warrant should be checked in. (optional)
|
368
|
-
# @param consistent_read [Boolean] Boolean flag indicating whether or not to enforce strict consistency for this access check. Defaults to false. (optional)
|
369
359
|
# @param debug [Boolean] Boolean flag indicating whether or not to return debug information for this access check. Defaults to false. (optional)
|
370
360
|
#
|
371
361
|
# @return [Boolean] whether or not the user has the given permission
|
@@ -386,7 +376,6 @@ module Warrant
|
|
386
376
|
},
|
387
377
|
context: params[:context]
|
388
378
|
}],
|
389
|
-
consistent_read: params[:consistent_read],
|
390
379
|
debug: params[:debug]
|
391
380
|
)
|
392
381
|
end
|
@@ -413,7 +402,7 @@ module Warrant
|
|
413
402
|
|
414
403
|
def self.edge_authorize?(params = {})
|
415
404
|
request_url = URI.parse("#{::Warrant.config.authorize_endpoint}/v2/authorize")
|
416
|
-
res = APIOperations.post(request_url, Util.normalize_params(params)
|
405
|
+
res = APIOperations.post(request_url, Util.normalize_params(params))
|
417
406
|
res_json = JSON.parse(res.body)
|
418
407
|
|
419
408
|
case res
|
data/lib/warrant/util.rb
CHANGED
@@ -21,6 +21,12 @@ module Warrant
|
|
21
21
|
case params
|
22
22
|
when Hash
|
23
23
|
params.each_with_object({}) do |(k, v), new_opts|
|
24
|
+
# Leave context hash as-is to allow for any naming convention (snake_case vs camelCase)
|
25
|
+
if k.to_s == "context"
|
26
|
+
new_opts[k] = v
|
27
|
+
next
|
28
|
+
end
|
29
|
+
|
24
30
|
new_key = Util.camelcase(k.to_s)
|
25
31
|
|
26
32
|
case v
|
data/lib/warrant/version.rb
CHANGED
@@ -3,14 +3,16 @@
|
|
3
3
|
module Warrant
|
4
4
|
# @!visibility private
|
5
5
|
class WarrantConfiguration
|
6
|
-
attr_accessor :api_key, :api_base, :authorize_endpoint
|
6
|
+
attr_accessor :api_key, :api_base, :authorize_endpoint, :use_ssl
|
7
7
|
|
8
8
|
attr_reader :self_service_dash_url_base
|
9
9
|
|
10
10
|
def initialize
|
11
|
+
@api_key = ""
|
11
12
|
@api_base = "https://api.warrant.dev"
|
12
13
|
@authorize_endpoint = "https://api.warrant.dev"
|
13
14
|
@self_service_dash_url_base = "https://self-serve.warrant.dev"
|
15
|
+
@use_ssl = true
|
14
16
|
end
|
15
17
|
end
|
16
18
|
end
|
data/lib/warrant.rb
CHANGED
@@ -31,6 +31,6 @@ module Warrant
|
|
31
31
|
|
32
32
|
attr_reader :config
|
33
33
|
|
34
|
-
def_delegators :@config, :api_key, :api_key=, :api_base, :api_base=, :authorize_endpoint, :authorize_endpoint=
|
34
|
+
def_delegators :@config, :api_key, :api_key=, :api_base, :api_base=, :authorize_endpoint, :authorize_endpoint=, :use_ssl, :use_ssl=
|
35
35
|
end
|
36
36
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: warrant
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Warrant
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Ruby library for the Warrant API at https://warrant.dev.
|
14
14
|
email: hello@warrant.dev
|
@@ -50,7 +50,7 @@ metadata:
|
|
50
50
|
source_code_uri: https://github.com/warrant-dev/warrant-ruby
|
51
51
|
changelog_uri: https://github.com/warrant-dev/warrant-ruby/CHANGELOG.md
|
52
52
|
documentation_uri: https://docs.warrant.dev/
|
53
|
-
post_install_message:
|
53
|
+
post_install_message:
|
54
54
|
rdoc_options: []
|
55
55
|
require_paths:
|
56
56
|
- lib
|
@@ -65,8 +65,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
65
65
|
- !ruby/object:Gem::Version
|
66
66
|
version: '0'
|
67
67
|
requirements: []
|
68
|
-
rubygems_version: 3.2.
|
69
|
-
signing_key:
|
68
|
+
rubygems_version: 3.2.33
|
69
|
+
signing_key:
|
70
70
|
specification_version: 4
|
71
71
|
summary: Warrant Ruby Library
|
72
72
|
test_files: []
|