Class: Aker::Authorities::Static

Inherits:

Object

• Object
• Aker::Authorities::Static

Defined in:

lib/aker/authorities/static.rb

Overview

An authority which is configured entirely in memory. It’s not intended for production, but rather for testing (particularly integrated testing) and bootstrapping (e.g., for rapidly testing out aker in an application before setting up the infrastructure needed for Ldap or a custom authority).

Class Method Summary

• .from_file(filename) ⇒ Static

  Creates a new instance from a file.

Instance Method Summary

• #amplify!(user) ⇒ Aker::User

  Merges in the authorization information in this authority for the given user.

• #clear ⇒ Static

  Resets the user and authorization data to the same state it was in at initialization.

• #find_users(*criteria) ⇒ Array<Aker::User>

  Returns the any users which match the given criteria from the set that have been loaded with #load!, #valid_credentials!, and #user.

• #initialize(ignored = nil) ⇒ Static constructor

  Creates a new instance.

• #load!(io) ⇒ Static

  Loads a YAML doc and uses its contents to initialize the authority’s authentication and authorization data.

• #user(username, &block) ⇒ Aker::User

  Creates or updates one of the user records in this authority.

• #valid_credentials!(kind, username, *credentials) ⇒ void

  Associate the given set of credentials of a particular kind with the specified user.

• #valid_credentials?(kind, *credentials) ⇒ Aker::User^?

  Verifies the credentials against the set provided by calls to #valid_credentials! and #load!.

Constructor Details

#initialize(ignored = nil) ⇒ Static

Creates a new instance. Does not use any configuration properties.

# File 'lib/aker/authorities/static.rb', line 14

def initialize(ignored=nil)
  self.clear
end

Class Method Details

.from_file(filename) ⇒ Static

Creates a new instance from a file. You can use the result of this method directly in a Aker configuration block. E.g.:

Aker.configure {
  authority Aker::Authorities::Static.from_file(File.expand_path("../static-auth.yml", __FILE__))
}

Parameters:

• filename (String) —

  the name of a YAML file containing the format outlined for #load!

Returns:

• (Static) —

  a new instance

See Also:

• the file format

# File 'lib/aker/authorities/static.rb', line 32

def self.from_file(filename)
  File.open(filename) { |f| self.new.load!(f) }
end

Instance Method Details

#amplify!(user) ⇒ Aker::User

Merges in the authorization information in this authority for the given user.

Parameters:

• user (Aker::User) —

  the target user

Returns:

• (Aker::User) —

  the input user, modified

# File 'lib/aker/authorities/static.rb', line 56

def amplify!(user)
  base = @users[user.username]
  return user unless base

  user.merge!(base)
end

#clear ⇒ Static

Resets the user and authorization data to the same state it was in at initialization.

Returns:

• (Static) —

  self

# File 'lib/aker/authorities/static.rb', line 223

def clear
  @groups = {}
  @users = {}
  @credentials = {}
  self
end

#find_users(*criteria) ⇒ Array<Aker::User>

Returns the any users which match the given criteria from the set that have been loaded with #load!, #valid_credentials!, and #user.

Parameters:

• criteria (Array<Hash,#to_s>) —

  as described in Composite#find_users.

Returns:

• (Array<Aker::User>)

# File 'lib/aker/authorities/static.rb', line 71

def find_users(*criteria)
  criteria.collect do |criteria_group|
    unless Hash === criteria_group
      criteria_group = { :username => criteria_group.to_s }
    end
    props = criteria_group.keys.select { |k|
      Aker::User.instance_methods.include?(k.to_s) || # for 1.8.7
      Aker::User.instance_methods.include?(k.to_sym)  # for 1.9.1
    }
    if props.empty?
      []
    else
      @users.values.select do |user|
        props.inject(true) { |result, prop| result && user.send(prop) == criteria_group[prop] }
      end
    end
  end.flatten.uniq
end

#load!(io) ⇒ Static

Loads a YAML doc and uses its contents to initialize the authority’s authentication and authorization data.

Sample doc:

users:
  wakibbe:               # username
    password: ekibder    # password for :user auth (optional)
    first_name: Warren   # any attributes from Aker::User may
    last_name: Kibbe     #   be set here
    identifiers:         # identifiers will be loaded with
      employee_id: 4     # symbolized keys
    portals:             # portal & group auth info (optional)
      - SQLSubmit        # A groupless portal
      - ENU:             # A portal with simple groups
        - User
      - NOTIS:           # A portal with affiliated groups
        - Manager: [23]
        - User           # you can mix affiliated and simple

groups:                  # groups for hierarchical portals
  NOTIS:                 # (these aren't real NOTIS groups)
    - Admin:
      - Manager:
        - User
      - Auditor

Parameters:

• io (#read) —

  a readable handle (something that can be passed to ‘YAML.load`)

Returns:

• (Static) —

  self

# File 'lib/aker/authorities/static.rb', line 176

def load!(io)
  doc = YAML.load(io)
  return self unless doc
  (doc["groups"] || {}).each do |portal, top_level_groups|
    @groups[portal.to_sym] = top_level_groups.collect { |group_data| build_group(group_data) }
  end
  (doc["users"] || {}).each do |username, config|
    valid_credentials!(:user, username, config["password"]) if config["password"]
    user(username) do |u|
      attr_keys = config.keys
      (attr_keys - ["password", "portals", "identifiers"]).each do |k|
        setter = "#{k}="
        if u.respond_to?(setter)
          u.send(setter, config[k])
        end
      end

      (config["portals"] || []).each do |portal_data|
        portal, group_data =
          if String === portal_data
            portal_data
          else
            portal_data.to_a.first
          end

        u.default_portal = portal unless u.default_portal

        u.portals << portal.to_sym
        if group_data
          u.group_memberships(portal).concat(load_group_memberships(portal.to_sym, group_data))
        end
      end

      (config["identifiers"] || {}).each do |ident, value|
        u.identifiers[ident.to_sym] = value
      end
    end
  end

  self
end

#user(username, &block) ⇒ Aker::User

Creates or updates one of the user records in this authority. If provided a block, the user will be yielded to it. This the mechanism to use to set attributes, portals, and group memberships on the users returned by #valid_credentials?. Example:

auth.user("wakibbe") do |u|
  u.first_name = "Warren"
  u.portals << :ENU
end

auth.user("wakibbe").first_name # => "Warren"

Parameters:

• username (String) —

  the username for the user to create, update, or just read

Returns:

• (Aker::User) —

  the single user for ‘username` (possibly newly created; never nil)

See Also:

• #load!

# File 'lib/aker/authorities/static.rb', line 113

def user(username, &block)
  u = (@users[username] ||= Aker::User.new(username))
  u.tap(&block) if block
  u
end

#valid_credentials!(kind, username, *credentials) ⇒ void

This method returns an undefined value.

Associate the given set of credentials of a particular kind with the specified user. Note that all kinds require a username (unlike with #valid_credentials?). Examples:

auth.valid_credentials!(:user, "wakibbe", "ekibder")
auth.valid_credentials!(:api_key, "notis-app", "12345-67890")

Parameters:

• kind (Symbol) —

  the kind of credentials these are. Anything is allowed.

• username (String) —

  the username for the user which is authenticated by these credentials.

• *credentials (Array<String>, nil) —

  the credentials themselves. (Note that you need not repeat the username for the :user kind.)

# File 'lib/aker/authorities/static.rb', line 136

def valid_credentials!(kind, username, *credentials)
  if kind == :user
    credentials = [username, *credentials]
  end
  all_credentials(kind) << { :username => username, :credentials =>  credentials }
  @users[username] ||= Aker::User.new(username)
end

#valid_credentials?(kind, *credentials) ⇒ Aker::User^?

Verifies the credentials against the set provided by calls to #valid_credentials! and #load!. Supports all kinds.

Returns:

• (Aker::User, nil)

# File 'lib/aker/authorities/static.rb', line 43

def valid_credentials?(kind, *credentials)
  found_username =
    (all_credentials(kind).detect { |c| c[:credentials] == credentials } || {})[:username]
  @users[found_username]
end