warrant 4.0.0 → 5.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/warrant/api_operations.rb +9 -7
- data/lib/warrant/models/feature.rb +122 -99
- data/lib/warrant/models/list_response.rb +14 -0
- data/lib/warrant/models/object.rb +230 -0
- data/lib/warrant/models/permission.rb +72 -103
- data/lib/warrant/models/pricing_tier.rb +128 -97
- data/lib/warrant/models/query_result.rb +16 -0
- data/lib/warrant/models/role.rb +72 -97
- data/lib/warrant/models/session.rb +4 -4
- data/lib/warrant/models/tenant.rb +131 -133
- data/lib/warrant/models/user.rb +180 -155
- data/lib/warrant/models/warrant.rb +196 -94
- data/lib/warrant/version.rb +1 -1
- data/lib/warrant.rb +3 -0
- metadata +5 -2
data/lib/warrant/models/role.rb
CHANGED
@@ -1,23 +1,22 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
module Warrant
|
4
|
-
class Role
|
4
|
+
class Role < Warrant::Object
|
5
5
|
OBJECT_TYPE = "role"
|
6
6
|
|
7
7
|
include Warrant::WarrantObject
|
8
8
|
|
9
|
-
|
9
|
+
alias :role_id :object_id
|
10
10
|
|
11
11
|
# @!visibility private
|
12
|
-
def initialize(role_id,
|
13
|
-
|
14
|
-
@name = name
|
15
|
-
@description = description
|
12
|
+
def initialize(role_id, meta = {}, created_at = nil)
|
13
|
+
super(OBJECT_TYPE, role_id, meta, created_at)
|
16
14
|
end
|
17
15
|
|
18
16
|
# Creates a role with the given parameters
|
19
17
|
#
|
20
|
-
# @option params [String] :role_id
|
18
|
+
# @option params [String] :role_id User defined string identifier for this role. If not provided, Warrant will create an id for the role and return it. In this case, you should store the id in your system as you will need to provide it for any authorization requests for that role. Note that roleIds in Warrant must be composed of alphanumeric chars, '-', and/or '_'. (optional)
|
19
|
+
# @option params [Hash] :meta A JSON object containing additional information about this role (e.g. name/description) to be persisted to Warrant. (optional)
|
21
20
|
#
|
22
21
|
# @return [Role] created role
|
23
22
|
#
|
@@ -28,16 +27,9 @@ module Warrant
|
|
28
27
|
# @raise [Warrant::InternalError]
|
29
28
|
# @raise [Warrant::InvalidRequestError]
|
30
29
|
# @raise [Warrant::UnauthorizedError]
|
31
|
-
def self.create(params = {})
|
32
|
-
|
33
|
-
|
34
|
-
case res
|
35
|
-
when Net::HTTPSuccess
|
36
|
-
res_json = JSON.parse(res.body)
|
37
|
-
Role.new(res_json['roleId'], res_json['name'], res_json['description'])
|
38
|
-
else
|
39
|
-
APIOperations.raise_error(res)
|
40
|
-
end
|
30
|
+
def self.create(params = {}, options = {})
|
31
|
+
object = Object.create({ object_type: OBJECT_TYPE, object_id: params[:role_id], meta: params[:meta] }, options)
|
32
|
+
return Role.new(object.object_id, object.meta, object.created_at)
|
41
33
|
end
|
42
34
|
|
43
35
|
# Deletes a role with given role id
|
@@ -53,27 +45,20 @@ module Warrant
|
|
53
45
|
# @raise [Warrant::MissingRequiredParameterError]
|
54
46
|
# @raise [Warrant::NotFoundError]
|
55
47
|
# @raise [Warrant::UnauthorizedError]
|
56
|
-
def self.delete(role_id)
|
57
|
-
|
58
|
-
|
59
|
-
case res
|
60
|
-
when Net::HTTPSuccess
|
61
|
-
return
|
62
|
-
else
|
63
|
-
APIOperations.raise_error(res)
|
64
|
-
end
|
48
|
+
def self.delete(role_id, options = {})
|
49
|
+
return Object.delete(OBJECT_TYPE, role_id, options)
|
65
50
|
end
|
66
51
|
|
67
52
|
# Lists all roles for your organization
|
68
53
|
#
|
69
|
-
# @
|
70
|
-
# @
|
71
|
-
# @option filters [
|
72
|
-
# @option filters [String] :
|
73
|
-
# @option filters [String] :
|
74
|
-
# @option filters [String] :
|
75
|
-
# @option filters [String] :
|
76
|
-
# @option
|
54
|
+
# @param [Hash] filters Filters to apply to result set
|
55
|
+
# @param [Hash] options Options to apply on a per-request basis
|
56
|
+
# @option filters [Integer] :limit A positive integer representing the maximum number of items to return in the response. Must be less than or equal to 1000. Defaults to 25. (optional)
|
57
|
+
# @option filters [String] :prev_cursor A cursor representing your place in a list of results. Requests containing prev_cursor will return the results immediately preceding the cursor. (optional)
|
58
|
+
# @option filters [String] :next_cursor A cursor representing your place in a list of results. Requests containing next_cursor will return the results immediately following the cursor. (optional)
|
59
|
+
# @option filters [String] :sort_by The column to sort the result by. Unless otherwise specified, all list endpoints are sorted by their unique identifier by default. Supported values for objects are +object_type+, +object_id+, and +created_at+ (optional)
|
60
|
+
# @option filters [String] :sort_order The order in which to sort the result by. Valid values are +ASC+ and +DESC+. Defaults to +ASC+. (optional)
|
61
|
+
# @option options [String] :warrant_token A valid warrant token from a previous write operation or latest. Used to specify desired consistency for this read operation. (optional)
|
77
62
|
#
|
78
63
|
# @return [Array<Role>] all roles for your organization
|
79
64
|
#
|
@@ -83,16 +68,11 @@ module Warrant
|
|
83
68
|
# @raise [Warrant::InternalError]
|
84
69
|
# @raise [Warrant::InvalidParameterError]
|
85
70
|
# @raise [Warrant::UnauthorizedError]
|
86
|
-
def self.list(filters = {})
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
roles = JSON.parse(res.body)
|
92
|
-
roles.map{ |role| Role.new(role['roleId'], role['name'], role['description']) }
|
93
|
-
else
|
94
|
-
APIOperations.raise_error(res)
|
95
|
-
end
|
71
|
+
def self.list(filters = {}, options = {})
|
72
|
+
filters.merge({ object_type: "role" })
|
73
|
+
list_response = Object.list(filters, options)
|
74
|
+
roles = list_response.results.map{ |object| Role.new(object.object_id, object.meta, object.created_at)}
|
75
|
+
return ListResponse.new(roles, list_response.prev_cursor, list_response.next_cursor)
|
96
76
|
end
|
97
77
|
|
98
78
|
# Get a role with the given role_id
|
@@ -105,24 +85,15 @@ module Warrant
|
|
105
85
|
# @raise [Warrant::MissingRequiredParameterError]
|
106
86
|
# @raise [Warrant::NotFoundError]
|
107
87
|
# @raise [Warrant::UnauthorizedError]
|
108
|
-
def self.get(role_id)
|
109
|
-
|
110
|
-
|
111
|
-
case res
|
112
|
-
when Net::HTTPSuccess
|
113
|
-
role = JSON.parse(res.body)
|
114
|
-
Role.new(role['roleId'], role['name'], role['description'])
|
115
|
-
else
|
116
|
-
APIOperations.raise_error(res)
|
117
|
-
end
|
88
|
+
def self.get(role_id, options = {})
|
89
|
+
object = Object.get(OBJECT_TYPE, role_id, options)
|
90
|
+
return Role.new(object.object_id, object.meta, object.created_at)
|
118
91
|
end
|
119
92
|
|
120
93
|
# Updates a role with the given role_id and params
|
121
94
|
#
|
122
95
|
# @param role_id [String] The role_id of the role to be updated.
|
123
|
-
# @param [Hash]
|
124
|
-
# @option params [String] :name Name for the role. Designed to be used as a UI-friendly identifier. (optional)
|
125
|
-
# @option params [String] :description Description of the role. Designed to be used as a UI-friendly identifier. (optional)
|
96
|
+
# @param meta [Hash] A JSON object containing additional information about this role (e.g. name/description, etc.) to be persisted to Warrant.
|
126
97
|
#
|
127
98
|
# @return [Role] updated role
|
128
99
|
#
|
@@ -134,65 +105,59 @@ module Warrant
|
|
134
105
|
# @raise [Warrant::InvalidRequestError]
|
135
106
|
# @raise [Warrant::NotFoundError]
|
136
107
|
# @raise [Warrant::UnauthorizedError]
|
137
|
-
def self.update(role_id,
|
138
|
-
|
139
|
-
|
140
|
-
case res
|
141
|
-
when Net::HTTPSuccess
|
142
|
-
res_json = JSON.parse(res.body)
|
143
|
-
Role.new(res_json['roleId'], res_json['name'], res_json['description'])
|
144
|
-
else
|
145
|
-
APIOperations.raise_error(res)
|
146
|
-
end
|
108
|
+
def self.update(role_id, meta, options = {})
|
109
|
+
object = Object.update(OBJECT_TYPE, role_id, meta, options)
|
110
|
+
return Role.new(object.object_id, object.meta, object.created_at)
|
147
111
|
end
|
148
112
|
|
149
113
|
# Updates a role with the given params
|
150
114
|
#
|
151
|
-
# @param [Hash]
|
152
|
-
# @option params [String] :name Name for the role. Designed to be used as a UI-friendly identifier. (optional)
|
153
|
-
# @option params [String] :description Description of the role. Designed to be used as a UI-friendly identifier. (optional)
|
115
|
+
# @param meta [Hash] A JSON object containing additional information about this role (e.g. name/description, etc.) to be persisted to Warrant.
|
154
116
|
#
|
155
117
|
# @return [Role] updated role
|
156
118
|
#
|
157
119
|
# @example Update role "test-role"'s name
|
158
|
-
# Warrant::Role.
|
120
|
+
# role = Warrant::Role.get("test-role")
|
121
|
+
# role.update({ name: "Test Role" })
|
159
122
|
#
|
160
123
|
# @raise [Warrant::InternalError]
|
161
124
|
# @raise [Warrant::InvalidParameterError]
|
162
125
|
# @raise [Warrant::InvalidRequestError]
|
163
126
|
# @raise [Warrant::NotFoundError]
|
164
127
|
# @raise [Warrant::UnauthorizedError]
|
165
|
-
def update(
|
166
|
-
return Role.update(role_id,
|
128
|
+
def update(meta, options = {})
|
129
|
+
return Role.update(role_id, meta)
|
167
130
|
end
|
168
131
|
|
169
132
|
# List roles for user
|
170
133
|
#
|
171
134
|
# @param user_id [String] The user_id of the user you want to retrieve roles for.
|
172
|
-
# @
|
173
|
-
# @
|
135
|
+
# @param [Hash] filters Filters to apply to result set
|
136
|
+
# @param [Hash] options Options to apply on a per-request basis
|
137
|
+
# @option filters [String] :object_type Only return objects with an `objectType` matching this value
|
138
|
+
# @option filters [Integer] :limit A positive integer representing the maximum number of items to return in the response. Must be less than or equal to 1000. Defaults to 25. (optional)
|
139
|
+
# @option filters [String] :prev_cursor A cursor representing your place in a list of results. Requests containing prev_cursor will return the results immediately preceding the cursor. (optional)
|
140
|
+
# @option filters [String] :next_cursor A cursor representing your place in a list of results. Requests containing next_cursor will return the results immediately following the cursor. (optional)
|
141
|
+
# @option filters [String] :sort_by The column to sort the result by. Unless otherwise specified, all list endpoints are sorted by their unique identifier by default. Supported values for objects are +object_type+, +object_id+, and +created_at+ (optional)
|
142
|
+
# @option filters [String] :sort_order The order in which to sort the result by. Valid values are +ASC+ and +DESC+. Defaults to +ASC+. (optional)
|
143
|
+
# @option options [String] :warrant_token A valid warrant token from a previous write operation or latest. Used to specify desired consistency for this read operation. (optional)
|
174
144
|
#
|
175
145
|
# @return [Array<Role>] all assigned roles for the user
|
176
146
|
#
|
177
147
|
# @raise [Warrant::InternalError]
|
178
148
|
# @raise [Warrant::MissingRequiredParameterError]
|
179
149
|
# @raise [Warrant::UnauthorizedError]
|
180
|
-
def self.list_for_user(user_id, filters = {})
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
when Net::HTTPSuccess
|
185
|
-
roles = JSON.parse(res.body)
|
186
|
-
roles.map{ |role| Role.new(role['roleId'], role['name'], role['description']) }
|
187
|
-
else
|
188
|
-
APIOperations.raise_error(res)
|
189
|
-
end
|
150
|
+
def self.list_for_user(user_id, filters = {}, options = {})
|
151
|
+
query_response = Warrant.query("select role where user:#{user_id} is *", filters: filters, options: options)
|
152
|
+
roles = query_response.results.map{ |result| Role.new(result.object_id, result.meta) }
|
153
|
+
return ListResponse.new(roles, query_response.prev_cursor, query_response.next_cursor)
|
190
154
|
end
|
191
155
|
|
192
156
|
# Assign a role to a user
|
193
157
|
#
|
194
158
|
# @param user_id [String] The user_id of the user you want to assign a role to.
|
195
159
|
# @param role_id [String] The role_id of the role you want to assign to a user.
|
160
|
+
# @param relation [String] The relation for this role to user association. The relation must be valid as per the +role+ object type definition.
|
196
161
|
#
|
197
162
|
# @return [Warrant] warrant assigning role to user
|
198
163
|
#
|
@@ -202,14 +167,15 @@ module Warrant
|
|
202
167
|
# @raise [Warrant::MissingRequiredParameterError]
|
203
168
|
# @raise [Warrant::NotFoundError]
|
204
169
|
# @raise [Warrant::UnauthorizedError]
|
205
|
-
def self.assign_to_user(user_id, role_id)
|
206
|
-
Warrant.create({ object_type: Role::OBJECT_TYPE, object_id: role_id },
|
170
|
+
def self.assign_to_user(user_id, role_id, relation: "member", options: {})
|
171
|
+
Warrant.create({ object_type: Role::OBJECT_TYPE, object_id: role_id }, relation, { object_type: User::OBJECT_TYPE, object_id: user_id }, nil, options)
|
207
172
|
end
|
208
173
|
|
209
174
|
# Remove a role from a user
|
210
175
|
#
|
211
176
|
# @param user_id [String] The user_id of the role you want to remove a role from.
|
212
177
|
# @param role_id [String] The role_id of the role you want to remove from a user.
|
178
|
+
# @param relation [String] The relation for this role to user association. The relation must be valid as per the +role+ object type definition.
|
213
179
|
#
|
214
180
|
# @return [nil] if remove was successful
|
215
181
|
#
|
@@ -219,27 +185,35 @@ module Warrant
|
|
219
185
|
# @raise [Warrant::NotFoundError]
|
220
186
|
# @raise [Warrant::UnauthorizedError]
|
221
187
|
# @raise [Warrant::WarrantError]
|
222
|
-
def self.remove_from_user(user_id, role_id)
|
223
|
-
Warrant.delete({ object_type: Role::OBJECT_TYPE, object_id: role_id },
|
188
|
+
def self.remove_from_user(user_id, role_id, relation: "member", options: {})
|
189
|
+
Warrant.delete({ object_type: Role::OBJECT_TYPE, object_id: role_id }, relation, { object_type: User::OBJECT_TYPE, object_id: user_id }, nil, options)
|
224
190
|
end
|
225
191
|
|
226
192
|
# List assigned permissions for the role
|
227
193
|
#
|
228
|
-
# @
|
229
|
-
# @
|
194
|
+
# @param [Hash] filters Filters to apply to result set
|
195
|
+
# @param [Hash] options Options to apply on a per-request basis
|
196
|
+
# @option filters [String] :object_type Only return objects with an `objectType` matching this value
|
197
|
+
# @option filters [Integer] :limit A positive integer representing the maximum number of items to return in the response. Must be less than or equal to 1000. Defaults to 25. (optional)
|
198
|
+
# @option filters [String] :prev_cursor A cursor representing your place in a list of results. Requests containing prev_cursor will return the results immediately preceding the cursor. (optional)
|
199
|
+
# @option filters [String] :next_cursor A cursor representing your place in a list of results. Requests containing next_cursor will return the results immediately following the cursor. (optional)
|
200
|
+
# @option filters [String] :sort_by The column to sort the result by. Unless otherwise specified, all list endpoints are sorted by their unique identifier by default. Supported values for objects are +object_type+, +object_id+, and +created_at+ (optional)
|
201
|
+
# @option filters [String] :sort_order The order in which to sort the result by. Valid values are +ASC+ and +DESC+. Defaults to +ASC+. (optional)
|
202
|
+
# @option options [String] :warrant_token A valid warrant token from a previous write operation or latest. Used to specify desired consistency for this read operation. (optional)
|
230
203
|
#
|
231
204
|
# @return [Permission] assigned permissions
|
232
205
|
#
|
233
206
|
# @raise [Warrant::InternalError]
|
234
207
|
# @raise [Warrant::MissingRequiredParameterError]
|
235
208
|
# @raise [Warrant::UnauthorizedError]
|
236
|
-
def list_permissions(filters = {})
|
237
|
-
return Permission.list_for_role(role_id, filters)
|
209
|
+
def list_permissions(filters = {}, options = {})
|
210
|
+
return Permission.list_for_role(role_id, filters, options)
|
238
211
|
end
|
239
212
|
|
240
213
|
# Assign a permission to a role
|
241
214
|
#
|
242
215
|
# @param permission_id [String] The permission_id of the permission you want to assign to the role.
|
216
|
+
# @param relation [String] The relation for this permission to user association. The relation must be valid as per the +permission+ object type definition.
|
243
217
|
#
|
244
218
|
# @return [Permission] assigned permission
|
245
219
|
#
|
@@ -249,13 +223,14 @@ module Warrant
|
|
249
223
|
# @raise [Warrant::MissingRequiredParameterError]
|
250
224
|
# @raise [Warrant::NotFoundError]
|
251
225
|
# @raise [Warrant::UnauthorizedError]
|
252
|
-
def assign_permission(permission_id)
|
253
|
-
return Permission.assign_to_role(role_id, permission_id)
|
226
|
+
def assign_permission(permission_id, relation: "member", options: {})
|
227
|
+
return Permission.assign_to_role(role_id, permission_id, relation: relation, options: options)
|
254
228
|
end
|
255
229
|
|
256
230
|
# Remove a permission from a role
|
257
231
|
#
|
258
232
|
# @param permission_id [String] The permission_id of the permission you want to remove from the role.
|
233
|
+
# @param relation [String] The relation for this permission to user association. The relation must be valid as per the +permission+ object type definition.
|
259
234
|
#
|
260
235
|
# @return [nil] if remove was successful
|
261
236
|
#
|
@@ -264,8 +239,8 @@ module Warrant
|
|
264
239
|
# @raise [Warrant::NotFoundError]
|
265
240
|
# @raise [Warrant::UnauthorizedError]
|
266
241
|
# @raise [Warrant::WarrantError]
|
267
|
-
def remove_permission(permission_id)
|
268
|
-
return Permission.remove_from_role(role_id, permission_id)
|
242
|
+
def remove_permission(permission_id, relation: "member", options: {})
|
243
|
+
return Permission.remove_from_role(role_id, permission_id, relation: relation, options: options)
|
269
244
|
end
|
270
245
|
|
271
246
|
def warrant_object_type
|
@@ -15,9 +15,9 @@ module Warrant
|
|
15
15
|
# @raise [Warrant::MissingRequiredParameterError]
|
16
16
|
# @raise [Warrant::NotFoundError]
|
17
17
|
# @raise [Warrant::UnauthorizedError]
|
18
|
-
def self.create_authorization_session(params = {})
|
18
|
+
def self.create_authorization_session(params = {}, options = {})
|
19
19
|
params = params.merge(type: "sess")
|
20
|
-
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/sessions"), Util.normalize_params(params))
|
20
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/sessions"), params: Util.normalize_params(params), options: options)
|
21
21
|
|
22
22
|
case res
|
23
23
|
when Net::HTTPSuccess
|
@@ -45,9 +45,9 @@ module Warrant
|
|
45
45
|
# @raise [Warrant::MissingRequiredParameterError]
|
46
46
|
# @raise [Warrant::NotFoundError]
|
47
47
|
# @raise [Warrant::UnauthorizedError]
|
48
|
-
def self.create_self_service_session(redirect_url, params = {})
|
48
|
+
def self.create_self_service_session(redirect_url, params = {}, options = {})
|
49
49
|
params = params.merge(type: "ssdash")
|
50
|
-
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/sessions"), Util.normalize_params(params))
|
50
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v1/sessions"), params: Util.normalize_params(params), options: options)
|
51
51
|
|
52
52
|
case res
|
53
53
|
when Net::HTTPSuccess
|