warrant 4.0.0 → 5.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/warrant/api_operations.rb +9 -7
- data/lib/warrant/models/feature.rb +122 -99
- data/lib/warrant/models/list_response.rb +14 -0
- data/lib/warrant/models/object.rb +230 -0
- data/lib/warrant/models/permission.rb +72 -103
- data/lib/warrant/models/pricing_tier.rb +128 -97
- data/lib/warrant/models/query_result.rb +16 -0
- data/lib/warrant/models/role.rb +72 -97
- data/lib/warrant/models/session.rb +4 -4
- data/lib/warrant/models/tenant.rb +131 -133
- data/lib/warrant/models/user.rb +180 -155
- data/lib/warrant/models/warrant.rb +196 -94
- data/lib/warrant/version.rb +1 -1
- data/lib/warrant.rb +3 -0
- metadata +5 -2
|
@@ -2,24 +2,24 @@
|
|
|
2
2
|
|
|
3
3
|
module Warrant
|
|
4
4
|
class Warrant
|
|
5
|
-
attr_reader :id, :object_type, :object_id, :relation, :subject, :policy, :
|
|
5
|
+
attr_reader :id, :object_type, :object_id, :relation, :subject, :policy, :warrant_token
|
|
6
6
|
|
|
7
7
|
# @!visibility private
|
|
8
|
-
def initialize(object_type, object_id, relation, subject, policy = nil,
|
|
8
|
+
def initialize(object_type, object_id, relation, subject, policy = nil, warrant_token = nil)
|
|
9
9
|
@object_type = object_type
|
|
10
10
|
@object_id = object_id
|
|
11
11
|
@relation = relation
|
|
12
12
|
@subject = subject
|
|
13
13
|
@policy = policy
|
|
14
|
-
@
|
|
14
|
+
@warrant_token = warrant_token
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
# Create a new warrant that associates an object (object_type and object_id) to a subject via a relation.
|
|
18
18
|
#
|
|
19
|
-
# @param object [WarrantObject | Hash]
|
|
20
|
-
# @param relation [String] The relation
|
|
21
|
-
# @param subject [WarrantObject | Hash]
|
|
22
|
-
# @param policy [String] - A boolean expression that must evaluate to
|
|
19
|
+
# @param object [WarrantObject | Hash] The object to which the warrant will apply. Can be a hash with object type and id or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
20
|
+
# @param relation [String] The relation for this object to subject association. The relation must be valid as per the object type definition.
|
|
21
|
+
# @param subject [WarrantObject | Hash] The subject for which the warrant will apply. Can be a hash with object type and id and an optional relation or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
22
|
+
# @param policy [String] - A boolean expression that must evaluate to true for this warrant to apply. The expression can reference variables that are provided in the context attribute of access check requests. (optional)
|
|
23
23
|
#
|
|
24
24
|
# @return [Warrant] created warrant
|
|
25
25
|
#
|
|
@@ -30,7 +30,7 @@ module Warrant
|
|
|
30
30
|
# @raise [Warrant::NotFoundError]
|
|
31
31
|
# @raise [Warrant::UnauthorizedError]
|
|
32
32
|
# @raise [Warrant::WarrantError]
|
|
33
|
-
def self.create(object, relation, subject, policy = nil)
|
|
33
|
+
def self.create(object, relation, subject, policy = nil, options = {})
|
|
34
34
|
params = {
|
|
35
35
|
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
|
36
36
|
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
|
@@ -41,13 +41,56 @@ module Warrant
|
|
|
41
41
|
},
|
|
42
42
|
policy: policy
|
|
43
43
|
}
|
|
44
|
-
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/
|
|
45
|
-
|
|
44
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v2/warrants"), params: Util.normalize_params(params), options: options)
|
|
45
|
+
|
|
46
|
+
case res
|
|
47
|
+
when Net::HTTPSuccess
|
|
48
|
+
res_json = JSON.parse(res.body, symbolize_names: true)
|
|
49
|
+
subject = Subject.new(res_json[:subject][:objectType], res_json[:subject][:objectId], res_json[:subject][:relation])
|
|
50
|
+
Warrant.new(res_json[:objectType], res_json[:objectId], res_json[:relation], subject, res_json[:policy], res['Warrant-Token'])
|
|
51
|
+
else
|
|
52
|
+
APIOperations.raise_error(res)
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# Batch creates multiple warrants with given parameters
|
|
57
|
+
#
|
|
58
|
+
# @param [Array<Hash>] warrants Array of warrants to create.
|
|
59
|
+
# @option warrants [WarrantObject | Hash] :object The object to which the warrant will apply. Object can be a hash with object type and id or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
60
|
+
# @option warrants [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition.
|
|
61
|
+
# @option warrants [WarrantObject | Hash] :subject The subject for which the warrant will apply. Can be a hash with object type and id and an optional relation or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
62
|
+
# @option warrants [String] :policy A boolean expression that must evaluate to true for this warrant to apply. The expression can reference variables that are provided in the context attribute of access check requests. (optional)
|
|
63
|
+
#
|
|
64
|
+
# @return [Array<Warrant>] all created warrants
|
|
65
|
+
#
|
|
66
|
+
# @raise [Warrant::DuplicateRecordError]
|
|
67
|
+
# @raise [Warrant::InternalError]
|
|
68
|
+
# @raise [Warrant::InvalidParameterError]
|
|
69
|
+
# @raise [Warrant::InvalidRequestError]
|
|
70
|
+
# @raise [Warrant::NotFoundError]
|
|
71
|
+
# @raise [Warrant::UnauthorizedError]
|
|
72
|
+
def self.batch_create(warrants, options = {})
|
|
73
|
+
mapped_warrants = warrants.map{ |warrant|
|
|
74
|
+
{
|
|
75
|
+
object_type: warrant[:object].respond_to?(:warrant_object_type) ? warrant[:object].warrant_object_type.to_s : warrant[:object_type],
|
|
76
|
+
object_id: warrant[:object].respond_to?(:warrant_object_id) ? warrant[:object].warrant_object_id.to_s : warrant[:object_id],
|
|
77
|
+
relation: warrant[:relation],
|
|
78
|
+
subject: {
|
|
79
|
+
object_type: warrant[:subject].respond_to?(:warrant_object_type) ? warrant[:subject].warrant_object_type.to_s : warrant[:subject][:object_type],
|
|
80
|
+
object_id: warrant[:subject].respond_to?(:warrant_object_id) ? warrant[:subject].warrant_object_id.to_s : warrant[:subject][:object_id]
|
|
81
|
+
},
|
|
82
|
+
policy: warrant[:policy]
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v2/warrants"), params: Util.normalize_params(mapped_warrants), options: options)
|
|
46
86
|
|
|
47
87
|
case res
|
|
48
88
|
when Net::HTTPSuccess
|
|
49
|
-
|
|
50
|
-
|
|
89
|
+
res_json = JSON.parse(res.body, symbolize_names: true)
|
|
90
|
+
res_json.map{ |warrant|
|
|
91
|
+
subject = Subject.new(warrant[:subject][:objectType], warrant[:subject][:objectId], warrant[:subject][:relation])
|
|
92
|
+
Warrant.new(warrant[:objectType], warrant[:objectId], warrant[:relation], subject, warrant[:policy], res['Warrant-Token'])
|
|
93
|
+
}
|
|
51
94
|
else
|
|
52
95
|
APIOperations.raise_error(res)
|
|
53
96
|
end
|
|
@@ -55,10 +98,10 @@ module Warrant
|
|
|
55
98
|
|
|
56
99
|
# Deletes a warrant specified by the combination of object_type, object_id, relation, and subject.
|
|
57
100
|
#
|
|
58
|
-
# @param object [WarrantObject | Hash]
|
|
59
|
-
# @param relation [String] The relation
|
|
60
|
-
# @param subject [WarrantObject | Hash]
|
|
61
|
-
# @param policy [String] - A boolean expression that must evaluate to
|
|
101
|
+
# @param object [WarrantObject | Hash] The object to which the warrant applies. Can be a hash with object type and id or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
102
|
+
# @param relation [String] The relation for this object to subject association. The relation must be valid as per the object type definition.
|
|
103
|
+
# @param subject [WarrantObject | Hash] The subject to for which the warrant applies. Can be a hash with object type and id and an optional relation or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
104
|
+
# @param policy [String] - A boolean expression that must evaluate to true for this warrant to apply. The expression can reference variables that are provided in the context attribute of access check requests. (optional)
|
|
62
105
|
#
|
|
63
106
|
# @return [nil] if delete was successful
|
|
64
107
|
#
|
|
@@ -67,7 +110,7 @@ module Warrant
|
|
|
67
110
|
# @raise [Warrant::NotFoundError]
|
|
68
111
|
# @raise [Warrant::UnauthorizedError]
|
|
69
112
|
# @raise [Warrant::WarrantError]
|
|
70
|
-
def self.delete(object, relation, subject, policy = nil)
|
|
113
|
+
def self.delete(object, relation, subject, policy = nil, options = {})
|
|
71
114
|
params = {
|
|
72
115
|
object_type: object.respond_to?(:warrant_object_type) ? object.warrant_object_type.to_s : object[:object_type],
|
|
73
116
|
object_id: object.respond_to?(:warrant_object_id) ? object.warrant_object_id.to_s : object[:object_id],
|
|
@@ -78,11 +121,87 @@ module Warrant
|
|
|
78
121
|
},
|
|
79
122
|
policy: policy
|
|
80
123
|
}
|
|
81
|
-
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/
|
|
124
|
+
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v2/warrants"), params: Util.normalize_params(params), options: options)
|
|
125
|
+
|
|
126
|
+
case res
|
|
127
|
+
when Net::HTTPSuccess
|
|
128
|
+
return res['Warrant-Token']
|
|
129
|
+
else
|
|
130
|
+
APIOperations.raise_error(res)
|
|
131
|
+
end
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
# Batch deletes multiple warrants with given parameters
|
|
135
|
+
#
|
|
136
|
+
# @param [Array<Hash>] warrants Array of warrants to delete.
|
|
137
|
+
# @option warrants [WarrantObject | Hash] :object The object to which the warrant applies. Can be a hash with object type and id or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
138
|
+
# @option warrants [String] :relation The relation for this object to subject association. The relation must be valid as per the object type definition.
|
|
139
|
+
# @option warrants [WarrantObject | Hash] :subject The subject for which the warrant applies. Can be a hash with object type and id and an optional relation or an instance of a class that implements the WarrantObject module and its methods (`warrant_object_type` and `warrant_object_id`). The object type must be one of your system's existing object type.
|
|
140
|
+
# @option warrants [String] :policy A boolean expression that must evaluate to true for this warrant to apply. The expression can reference variables that are provided in the context attribute of access check requests. (optional)
|
|
141
|
+
#
|
|
142
|
+
# @return [nil] if delete was successful
|
|
143
|
+
#
|
|
144
|
+
# @raise [Warrant::InternalError]
|
|
145
|
+
# @raise [Warrant::InvalidRequestError]
|
|
146
|
+
# @raise [Warrant::NotFoundError]
|
|
147
|
+
# @raise [Warrant::UnauthorizedError]
|
|
148
|
+
# @raise [Warrant::WarrantError]
|
|
149
|
+
def self.batch_delete(warrants, options = {})
|
|
150
|
+
mapped_warrants = warrants.map{ |warrant|
|
|
151
|
+
{
|
|
152
|
+
object_type: warrant[:object].respond_to?(:warrant_object_type) ? warrant[:object].warrant_object_type.to_s : warrant[:object_type],
|
|
153
|
+
object_id: warrant[:object].respond_to?(:warrant_object_id) ? warrant[:object].warrant_object_id.to_s : warrant[:object_id],
|
|
154
|
+
relation: warrant[:relation],
|
|
155
|
+
subject: {
|
|
156
|
+
object_type: warrant[:subject].respond_to?(:warrant_object_type) ? warrant[:subject].warrant_object_type.to_s : warrant[:subject][:object_type],
|
|
157
|
+
object_id: warrant[:subject].respond_to?(:warrant_object_id) ? warrant[:subject].warrant_object_id.to_s : warrant[:subject][:object_id]
|
|
158
|
+
},
|
|
159
|
+
policy: warrant[:policy]
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
res = APIOperations.delete(URI.parse("#{::Warrant.config.api_base}/v2/warrants"), params: Util.normalize_params(mapped_warrants), options: options)
|
|
82
163
|
|
|
83
164
|
case res
|
|
84
165
|
when Net::HTTPSuccess
|
|
85
|
-
return
|
|
166
|
+
return res['Warrant-Token']
|
|
167
|
+
else
|
|
168
|
+
APIOperations.raise_error(res)
|
|
169
|
+
end
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
# List all warrants for your organization and environment
|
|
173
|
+
#
|
|
174
|
+
# @param [Hash] filters Filters to apply to result set
|
|
175
|
+
# @param [Hash] options Options to apply on a per-request basis
|
|
176
|
+
# @option filters [String] :object_type _Required if object_id is provided._ Only return warrants whose object_type matches this value. (optional)
|
|
177
|
+
# @option filters [String] :object_id Only return warrants whose object_id matches this value. (optional)
|
|
178
|
+
# @option filters [String] :relation Only return warrants whose relation matches this value. (optional)
|
|
179
|
+
# @option filters [String] :subject_type Required if :subjectId is provided. Only return warrants with a subject whose objectType matches this value. (optional)
|
|
180
|
+
# @option filters [String] :subject_id Only return warrants with a subject whose object_id matches this value. (optional)
|
|
181
|
+
# @option filters [String] :subject_relation Only return warrants with a subject whose relation matches this value. (optional)
|
|
182
|
+
# @option filters [Integer] :limit A positive integer representing the maximum number of items to return in the response. Must be less than or equal to 1000. Defaults to 25. (optional)
|
|
183
|
+
# @option filters [String] :prev_cursor A cursor representing your place in a list of results. Requests containing prev_cursor will return the results immediately preceding the cursor. (optional)
|
|
184
|
+
# @option filters [String] :next_cursor A cursor representing your place in a list of results. Requests containing next_cursor will return the results immediately following the cursor. (optional)
|
|
185
|
+
# @option filters [String] :sort_by The column to sort the result by. Unless otherwise specified, all list endpoints are sorted by their unique identifier by default. Supported values for objects are +object_type+, +object_id+, and +created_at+ (optional)
|
|
186
|
+
# @option filters [String] :sort_order The order in which to sort the result by. Valid values are +ASC+ and +DESC+. Defaults to +ASC+. (optional)
|
|
187
|
+
# @option options [String] :warrant_token A valid warrant token from a previous write operation or latest. Used to specify desired consistency for this read operation. (optional)
|
|
188
|
+
#
|
|
189
|
+
# @return [Array<Warrant>] all permissions for your organization
|
|
190
|
+
#
|
|
191
|
+
# @raise [Warrant::InternalError]
|
|
192
|
+
# @raise [Warrant::InvalidParameterError]
|
|
193
|
+
# @raise [Warrant::UnauthorizedError]
|
|
194
|
+
def self.list(filters = {}, options = {})
|
|
195
|
+
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v2/warrants"), params: Util.normalize_params(filters), options: options)
|
|
196
|
+
|
|
197
|
+
case res
|
|
198
|
+
when Net::HTTPSuccess
|
|
199
|
+
list_result = JSON.parse(res.body, symbolize_names: true)
|
|
200
|
+
warrants = list_result[:results].map{ |warrant|
|
|
201
|
+
subject = Subject.new(warrant[:subject][:objectType], warrant[:subject][:objectId], warrant[:subject][:relation])
|
|
202
|
+
Warrant.new(warrant[:objectType], warrant[:objectId], warrant[:relation], subject, warrant[:policy])
|
|
203
|
+
}
|
|
204
|
+
return ListResponse.new(warrants, list_result[:prevCursor], list_result[:nextCursor])
|
|
86
205
|
else
|
|
87
206
|
APIOperations.raise_error(res)
|
|
88
207
|
end
|
|
@@ -90,7 +209,7 @@ module Warrant
|
|
|
90
209
|
|
|
91
210
|
# Query to find all warrants for a given object or subject.
|
|
92
211
|
#
|
|
93
|
-
# @param warrant_query [
|
|
212
|
+
# @param warrant_query [String] Query to run for a set of warrants.
|
|
94
213
|
# @option filters [Integer] :page A positive integer (starting with 1) representing the page of items to return in response. Used in conjunction with the limit param. (optional)
|
|
95
214
|
# @option filters [Integer] :limit A positive integer representing the max number of items to return in response. (optional)
|
|
96
215
|
#
|
|
@@ -101,54 +220,19 @@ module Warrant
|
|
|
101
220
|
# @raise [Warrant::MissingRequiredParameterError]
|
|
102
221
|
# @raise [Warrant::UnauthorizedError]
|
|
103
222
|
# @raise [Warrant::WarrantError]
|
|
104
|
-
def self.query(
|
|
105
|
-
|
|
223
|
+
def self.query(query, filters: {}, options: {})
|
|
224
|
+
params = filters.merge(q: query)
|
|
225
|
+
res = APIOperations.get(URI.parse("#{::Warrant.config.api_base}/v2/query"), params: Util.normalize_params(params), options: options)
|
|
106
226
|
|
|
107
227
|
case res
|
|
108
228
|
when Net::HTTPSuccess
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
subject = Subject.new(warrant[
|
|
112
|
-
Warrant.new(warrant[
|
|
229
|
+
query_response = JSON.parse(res.body, symbolize_names: true)
|
|
230
|
+
query_results = query_response[:results].map{ |result|
|
|
231
|
+
subject = Subject.new(result[:warrant][:subject][:objectType], result[:warrant][:subject][:objectId], result[:warrant][:subject][:relation])
|
|
232
|
+
warrant = Warrant.new(result[:warrant][:objectType], result[:warrant][:objectId], result[:warrant][:relation], subject, result[:warrant][:policy])
|
|
233
|
+
QueryResult.new(result[:objectType], result[:objectId], warrant, result[:isImplicit], result[:meta])
|
|
113
234
|
}
|
|
114
|
-
|
|
115
|
-
if query_result['meta']['feature']
|
|
116
|
-
query_result['meta']['feature'].each{ |featureId, feature|
|
|
117
|
-
query_result['meta']['feature'][featureId] = Feature.new(feature['featureId'])
|
|
118
|
-
}
|
|
119
|
-
end
|
|
120
|
-
|
|
121
|
-
if query_result['meta']['pricing-tier']
|
|
122
|
-
query_result['meta']['pricing-tier'].each{ |pricingTierId, pricingTier|
|
|
123
|
-
query_result['meta']['pricing-tier'][pricingTierId] = PricingTier.new(pricingTier['pricingTierId'])
|
|
124
|
-
}
|
|
125
|
-
end
|
|
126
|
-
|
|
127
|
-
if query_result['meta']['permission']
|
|
128
|
-
query_result['meta']['permission'].each{ |permissionId, permission|
|
|
129
|
-
query_result['meta']['permission'][permissionId] = Permission.new(permission['permissionId'], permission['name'], permission['description'])
|
|
130
|
-
}
|
|
131
|
-
end
|
|
132
|
-
|
|
133
|
-
if query_result['meta']['role']
|
|
134
|
-
query_result['meta']['role'].each{ |roleId, role|
|
|
135
|
-
query_result['meta']['role'][roleId] = Role.new(role['roleId'], role['name'], role['description'])
|
|
136
|
-
}
|
|
137
|
-
end
|
|
138
|
-
|
|
139
|
-
if query_result['meta']['user']
|
|
140
|
-
query_result['meta']['user'].each{ |userId, user|
|
|
141
|
-
query_result['meta']['user'][userId] = User.new(user['userId'], user['email'], user['createdAt'])
|
|
142
|
-
}
|
|
143
|
-
end
|
|
144
|
-
|
|
145
|
-
if query_result['meta']['tenant']
|
|
146
|
-
query_result['meta']['tenant'].each{ |tenantId, tenant|
|
|
147
|
-
query_result['meta']['tenant'][tenantId] = Tenant.new(tenant['tenantId'], tenant['name'], tenant['createdAt'])
|
|
148
|
-
}
|
|
149
|
-
end
|
|
150
|
-
|
|
151
|
-
query_result
|
|
235
|
+
return ListResponse.new(query_results, query_response[:prevCursor], query_response[:nextCursor])
|
|
152
236
|
else
|
|
153
237
|
APIOperations.raise_error(res)
|
|
154
238
|
end
|
|
@@ -187,12 +271,12 @@ module Warrant
|
|
|
187
271
|
# @raise [Warrant::InvalidParameterError]
|
|
188
272
|
# @raise [Warrant::NotFoundError]
|
|
189
273
|
# @raise [Warrant::UnauthorizedError]
|
|
190
|
-
def self.is_authorized?(params = {})
|
|
274
|
+
def self.is_authorized?(params = {}, options = {})
|
|
191
275
|
unless ::Warrant.config.authorize_endpoint.nil?
|
|
192
|
-
return edge_authorize?(params)
|
|
276
|
+
return edge_authorize?(params, options)
|
|
193
277
|
end
|
|
194
278
|
|
|
195
|
-
return authorize?(params)
|
|
279
|
+
return authorize?(params, options)
|
|
196
280
|
end
|
|
197
281
|
|
|
198
282
|
# Checks whether a specified access check is authorized or not.
|
|
@@ -215,13 +299,21 @@ module Warrant
|
|
|
215
299
|
# @raise [Warrant::NotFoundError]
|
|
216
300
|
# @raise [Warrant::UnauthorizedError]
|
|
217
301
|
def self.check(object, relation, subject, options = {})
|
|
218
|
-
if
|
|
302
|
+
if object.is_a?(WarrantObject)
|
|
303
|
+
object_type = object.warrant_object_type.to_s
|
|
304
|
+
object_id = object.warrant_object_id.to_s
|
|
305
|
+
else
|
|
306
|
+
object_type = object[:object_type]
|
|
307
|
+
object_id = object[:object_id]
|
|
308
|
+
end
|
|
309
|
+
|
|
310
|
+
if subject.is_a?(Subject)
|
|
219
311
|
subject = {
|
|
220
312
|
object_type: subject.object_type,
|
|
221
313
|
object_id: subject.object_id,
|
|
222
314
|
relation: subject.relation
|
|
223
315
|
}.compact!
|
|
224
|
-
|
|
316
|
+
elsif subject.is_a?(WarrantObject)
|
|
225
317
|
subject = {
|
|
226
318
|
object_type: subject.warrant_object_type.to_s,
|
|
227
319
|
object_id: subject.warrant_object_id.to_s
|
|
@@ -231,8 +323,8 @@ module Warrant
|
|
|
231
323
|
unless ::Warrant.config.authorize_endpoint.nil?
|
|
232
324
|
return edge_authorize?(
|
|
233
325
|
warrants: [{
|
|
234
|
-
object_type:
|
|
235
|
-
object_id:
|
|
326
|
+
object_type: object_type,
|
|
327
|
+
object_id: object_id,
|
|
236
328
|
relation: relation,
|
|
237
329
|
subject: subject,
|
|
238
330
|
context: options[:context]
|
|
@@ -243,8 +335,8 @@ module Warrant
|
|
|
243
335
|
|
|
244
336
|
return authorize?(
|
|
245
337
|
warrants: [{
|
|
246
|
-
object_type:
|
|
247
|
-
object_id:
|
|
338
|
+
object_type: object_type,
|
|
339
|
+
object_id: object_id,
|
|
248
340
|
relation: relation,
|
|
249
341
|
subject: subject,
|
|
250
342
|
context: options[:context]
|
|
@@ -283,22 +375,32 @@ module Warrant
|
|
|
283
375
|
# @raise [Warrant::UnauthorizedError]
|
|
284
376
|
def self.check_many(op, warrants, options = {})
|
|
285
377
|
normalized_warrants = warrants.map do |warrant|
|
|
286
|
-
if warrant[:
|
|
378
|
+
if warrant[:object].is_a?(WarrantObject)
|
|
379
|
+
object_type = warrant[:object].warrant_object_type.to_s
|
|
380
|
+
object_id = warrant[:object].warrant_object_id.to_s
|
|
381
|
+
else
|
|
382
|
+
object_type = warrant[:object][:object_type]
|
|
383
|
+
object_id = warrant[:object][:object_id]
|
|
384
|
+
end
|
|
385
|
+
|
|
386
|
+
if warrant[:subject].is_a?(Subject)
|
|
287
387
|
subject = {
|
|
288
388
|
object_type: warrant[:subject].object_type,
|
|
289
389
|
object_id: warrant[:subject].object_id,
|
|
290
390
|
relation: warrant[:subject].relation
|
|
291
391
|
}.compact!
|
|
292
|
-
|
|
392
|
+
elsif warrant[:subject].is_a?(WarrantObject)
|
|
293
393
|
subject = {
|
|
294
394
|
object_type: warrant[:subject].warrant_object_type.to_s,
|
|
295
395
|
object_id: warrant[:subject].warrant_object_id.to_s
|
|
296
396
|
}
|
|
397
|
+
else
|
|
398
|
+
subject = warrant[:subject]
|
|
297
399
|
end
|
|
298
400
|
|
|
299
401
|
{
|
|
300
|
-
object_type:
|
|
301
|
-
object_id:
|
|
402
|
+
object_type: object_type,
|
|
403
|
+
object_id: object_id,
|
|
302
404
|
relation: warrant[:relation],
|
|
303
405
|
subject: subject,
|
|
304
406
|
context: warrant[:context]
|
|
@@ -306,18 +408,18 @@ module Warrant
|
|
|
306
408
|
end
|
|
307
409
|
|
|
308
410
|
unless ::Warrant.config.authorize_endpoint.nil?
|
|
309
|
-
return edge_authorize?(
|
|
411
|
+
return edge_authorize?({
|
|
310
412
|
op: op,
|
|
311
413
|
warrants: normalized_warrants,
|
|
312
414
|
debug: options[:debug]
|
|
313
|
-
)
|
|
415
|
+
}, options)
|
|
314
416
|
end
|
|
315
417
|
|
|
316
|
-
return authorize?(
|
|
418
|
+
return authorize?({
|
|
317
419
|
op: op,
|
|
318
420
|
warrants: normalized_warrants,
|
|
319
421
|
debug: options[:debug]
|
|
320
|
-
)
|
|
422
|
+
}, options)
|
|
321
423
|
end
|
|
322
424
|
|
|
323
425
|
# Checks whether a given user has a given permission.
|
|
@@ -333,12 +435,12 @@ module Warrant
|
|
|
333
435
|
# @raise [Warrant::InvalidParameterError]
|
|
334
436
|
# @raise [Warrant::NotFoundError]
|
|
335
437
|
# @raise [Warrant::UnauthorizedError]
|
|
336
|
-
def self.user_has_permission?(params = {})
|
|
337
|
-
return is_authorized?(
|
|
438
|
+
def self.user_has_permission?(params = {}, options = {})
|
|
439
|
+
return is_authorized?({
|
|
338
440
|
warrants: [{
|
|
339
441
|
object_type: Permission::OBJECT_TYPE,
|
|
340
442
|
object_id: params[:permission_id],
|
|
341
|
-
relation:
|
|
443
|
+
relation: params[:relation],
|
|
342
444
|
subject: {
|
|
343
445
|
object_type: User::OBJECT_TYPE,
|
|
344
446
|
object_id: params[:user_id]
|
|
@@ -346,7 +448,7 @@ module Warrant
|
|
|
346
448
|
context: params[:context]
|
|
347
449
|
}],
|
|
348
450
|
debug: params[:debug]
|
|
349
|
-
)
|
|
451
|
+
}, options)
|
|
350
452
|
end
|
|
351
453
|
|
|
352
454
|
# Checks whether a given subject has a given feature.
|
|
@@ -364,12 +466,12 @@ module Warrant
|
|
|
364
466
|
# @raise [Warrant::InvalidParameterError]
|
|
365
467
|
# @raise [Warrant::NotFoundError]
|
|
366
468
|
# @raise [Warrant::UnauthorizedError]
|
|
367
|
-
def self.has_feature?(params = {})
|
|
368
|
-
return is_authorized?(
|
|
469
|
+
def self.has_feature?(params = {}, options = {})
|
|
470
|
+
return is_authorized?({
|
|
369
471
|
warrants: [{
|
|
370
472
|
object_type: Feature::OBJECT_TYPE,
|
|
371
473
|
object_id: params[:feature_id],
|
|
372
|
-
relation:
|
|
474
|
+
relation: params[:relation],
|
|
373
475
|
subject: {
|
|
374
476
|
object_type: params[:subject][:object_type],
|
|
375
477
|
object_id: params[:subject][:object_id]
|
|
@@ -377,13 +479,13 @@ module Warrant
|
|
|
377
479
|
context: params[:context]
|
|
378
480
|
}],
|
|
379
481
|
debug: params[:debug]
|
|
380
|
-
)
|
|
482
|
+
}, options)
|
|
381
483
|
end
|
|
382
484
|
|
|
383
485
|
private
|
|
384
486
|
|
|
385
|
-
def self.authorize?(params = {})
|
|
386
|
-
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v2/
|
|
487
|
+
def self.authorize?(params = {}, options = {})
|
|
488
|
+
res = APIOperations.post(URI.parse("#{::Warrant.config.api_base}/v2/check"), params: Util.normalize_params(params), options: options)
|
|
387
489
|
res_json = JSON.parse(res.body)
|
|
388
490
|
|
|
389
491
|
case res
|
|
@@ -400,9 +502,9 @@ module Warrant
|
|
|
400
502
|
end
|
|
401
503
|
end
|
|
402
504
|
|
|
403
|
-
def self.edge_authorize?(params = {})
|
|
404
|
-
request_url = URI.parse("#{::Warrant.config.authorize_endpoint}/v2/
|
|
405
|
-
res = APIOperations.post(request_url, Util.normalize_params(params))
|
|
505
|
+
def self.edge_authorize?(params = {}, options = {})
|
|
506
|
+
request_url = URI.parse("#{::Warrant.config.authorize_endpoint}/v2/check")
|
|
507
|
+
res = APIOperations.post(request_url, params: Util.normalize_params(params), options: options)
|
|
406
508
|
res_json = JSON.parse(res.body)
|
|
407
509
|
|
|
408
510
|
case res
|
data/lib/warrant/version.rb
CHANGED
data/lib/warrant.rb
CHANGED
|
@@ -11,6 +11,9 @@ require "warrant/warrant_query"
|
|
|
11
11
|
|
|
12
12
|
require "warrant/api_operations"
|
|
13
13
|
require "warrant/errors"
|
|
14
|
+
require "warrant/models/list_response"
|
|
15
|
+
require "warrant/models/query_result"
|
|
16
|
+
require "warrant/models/object"
|
|
14
17
|
require "warrant/models/feature"
|
|
15
18
|
require "warrant/models/permission"
|
|
16
19
|
require "warrant/models/pricing_tier"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: warrant
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 5.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Warrant
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-11-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Ruby library for the Warrant API at https://warrant.dev.
|
|
14
14
|
email: hello@warrant.dev
|
|
@@ -29,8 +29,11 @@ files:
|
|
|
29
29
|
- lib/warrant/api_operations.rb
|
|
30
30
|
- lib/warrant/errors.rb
|
|
31
31
|
- lib/warrant/models/feature.rb
|
|
32
|
+
- lib/warrant/models/list_response.rb
|
|
33
|
+
- lib/warrant/models/object.rb
|
|
32
34
|
- lib/warrant/models/permission.rb
|
|
33
35
|
- lib/warrant/models/pricing_tier.rb
|
|
36
|
+
- lib/warrant/models/query_result.rb
|
|
34
37
|
- lib/warrant/models/role.rb
|
|
35
38
|
- lib/warrant/models/session.rb
|
|
36
39
|
- lib/warrant/models/subject.rb
|