Class: JunglePath::Authentication::DataProvider::Test

Inherits:
Object
  • Object
show all
Defined in:
lib/jungle_path/authentication/data_provider/test.rb

Instance Method Summary collapse

Constructor Details

#initialize(models_hash) ⇒ Test 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 9

def initialize models_hash
  @roles = {
    root: {
      id: 0,
      name: :root,
      description: 'root can do anything',
      permissions: [:root],
      restrictions: []
    },
    admin: {
      id: 1,
      name: :admin,
      description: 'admin and add, edit and delete users, but not root users.',
      permissions: [:admin],
      restrictions: []
    },
    user: {
      id: 2,
      name: :user,
      description: 'basic system user -- has read only access.',
      permissions: [:read],
      restrictions: [:query_only, :me_related]
    }
  }
  @users = {
    root: {
      id: 0,
      name: 'root',
      email: nil,
      phone: nil,
      active: true,
      user_name: :root,
      #password: 'test',
      hash: 'sha1:1000:/CloeFSPBOT7Ac/Jf/qQLk59iQbflhxf:H4eHZ0w51f3UdQpM+tp2DdhofDPkTf2P\n',
      role: :root
    },
    admin: {
      id: 1,
      name: 'admin',
      email: nil,
      phone: nil,
      active: true,
      user_name: :admin,
      #password: 'test',
      hash: 'sha1:1000:/CloeFSPBOT7Ac/Jf/qQLk59iQbflhxf:H4eHZ0w51f3UdQpM+tp2DdhofDPkTf2P\n',
      role: :admin
    },
    user: {
      id: 2,
      name: 'user',
      email: nil,
      phone: nil,
      active: true,
      user_name: :user,
      #password: 'test',
      #hash: 'sha1:1000:/CloeFSPBOT7Ac/Jf/qQLk59iQbflhxf:H4eHZ0w51f3UdQpM+tp2DdhofDPkTf2P\n',
      #password: 'zoo',
      hash: 'sha1:1000:wNGOiLtzLt7U9t7g+AoQVYZBeZn4NDIl:WZ7ADLonzVbnMP+d0g4K94Rk06ai4Ezk\n',
      role: :user
    }
  }
  @models = models_hash # (parameter models_hash usually from Schema::Base.models)
  @role_permissions = {}
  @role_restrictions = {}
  @roles.each do |key, role|
    @role_permissions[role[:name]] = role[:permissions]
    @role_restrictions[role[:name]] = role[:restrictions]
  end
  @role_schema_filters = {
    root: :allow_all_tables,
    admin: :allow_all_tables,
    user: :hide_nonpublic_tables
  }
  @schema_filters = {
    allow_all_tables: {allow: [table: /./]},
    hide_nonpublic_tables: {allow: [{table: /./}], deny: [{table: /^utility_/}, {table: /^temp_/}]}
  }
  @role_query_filters = lambda do |identity| {
      admin: [
        {table_name: :table_i_want_to_filter, sub_select: "select id from table_i_want_to_filter where a = b"}
      ]
    }
  end
  @restriction_query_filters = lambda do |identity| {
      me_related:[
        {table_name: :user, sub_select: "select id from user where id = #{identity.user.id}"}
      ]
    }
  end
  @user_query_filters = lambda do |identity| {
    }
  end
  @role_table_filters = {
    user: [
      {table_name: :opportunity, replacement: :filter_opportunity}
    ]
  }
  @restriction_table_filters = {
    me_related:[
      {table_name: :opportunity, replacement: :filter_opportunity}
    ]
  }
  @user_table_filters = {}
end

Instance Method Details

#get_alternative_user_keys(user_id, no_cache = false) ⇒ Object 



189
190
191
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 189

def get_alternative_user_keys(user_id, no_cache=false)
  {}
end

#get_authorization_filter(identity, no_cache = false) ⇒ Object 



137
138
139
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 137

def get_authorization_filter(identity, no_cache=false)
  JunglePath::Authorization::Filter.new([identity.role], @models, @role_permissions, @role_restrictions, @role_schema_filters, @schema_filters)
end

#get_query_filters(identity, no_cache = false) ⇒ Object 



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 141

def get_query_filters(identity, no_cache=false)
  filters = []

  temp_filters = @role_query_filters.call(identity)[identity.role] or []
  temp_filters.each do |filter|
    filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
  end

  temp_filters = @restriction_query_filters.call(identity)
  identity.authorization_filter.restrictions.each do |restriction|
    temp = temp_filters[restriction] or []
    temp.each do |filter|
      filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
    end
  end

  temp_filters = @user_query_filters.call(identity)
  temp = temp_filters[identity.user.id] or []
  temp.each do |filter|
    filters << JunglePath::Query::Filter.new(filter[:table_name], filter[:sub_select])
  end

  filters
end

#get_role(identity, no_cache = false) ⇒ Object 



133
134
135
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 133

def get_role(identity, no_cache=false)
  @roles[@users[identity.user.user_name.to_sym][:role]]
end

#get_table_filters(identity, no_cache = false) ⇒ Object 



166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 166

def get_table_filters(identity, no_cache=false)
  filters = {}

  temp_filters = @role_table_filters[identity.role] || []
  temp_filters.each do |filter|
    filters[filter[:table_name]] = filter
  end

  identity.authorization_filter.restrictions.each do |restriction|
    temp_filters = @restriction_table_filters[restriction] or []
    temp.each do |filter|
      filters[filter[:table_name]] = filter
    end
  end

  temp_filters = @user_table_filters[identity.user.id] or []
  temp_filters.each do |filter|
    filters[filter[:table_name]] = filter
  end

  filters
end

#get_user(user_name, password, assume_identity = false, no_cache = false) ⇒ Object 



114
115
116
117
118
119
120
121
122
123
124
125
126
127
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 114

def get_user(user_name, password, assume_identity=false, no_cache=false)
  lower_case_user_name = nil
  lower_case_user_name = user_name.downcase.to_sym if user_name
  hash = @users[lower_case_user_name]
  user = ::Schema::User.new(hash, false) if hash
  halt 401, "Unauthorized" unless user
  halt 401, "Unauthorized: user #{user.user_name} is not marked as active." unless user.active
  #user.is_valid = (user.password == password)
  #user.password = password
  user.is_valid = assume_identity
  user.is_valid = JunglePath::Authentication::PasswordHash.validate_password(password, user.hash) unless assume_identity
  user.password = password
  user
end

#get_user_by_key(key, assume_identity = false, no_cache = false, password = nil) ⇒ Object 



129
130
131
 
# File 'lib/jungle_path/authentication/data_provider/test.rb', line 129

def get_user_by_key(key, assume_identity=false, no_cache=false, password=nil)
  get_user(user_name, password, assume_identity, no_cache)
end