Class: SiriusApi::User

Inherits:
Object
  • Object
show all
Defined in:
lib/sirius_api/user.rb

Overview

TODO: This class should be renamed! This name doesn't make sense, because "user" may be a client application itself with no associated user (OAuth grant client credentials).

Constant Summary collapse

PRIVILEGED_ROLES =
Config.umapi_privileged_roles

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(username = nil, scopes = [], umapi_client: UmapiClient.new) ⇒ User

Returns a new instance of User.


12
13
14
15
16
17
18
# File 'lib/sirius_api/user.rb', line 12

def initialize(username = nil, scopes = [], umapi_client: UmapiClient.new)
  @username = username
  @scopes = Scopes.new(*scopes)
  @umapi_client = umapi_client
  @present_roles = Set.new
  @absent_roles = Set.new
end

Instance Attribute Details

#scopesObject

Returns the value of attribute scopes


8
9
10
# File 'lib/sirius_api/user.rb', line 8

def scopes
  @scopes
end

#usernameObject (readonly)

Returns the value of attribute username


8
9
10
# File 'lib/sirius_api/user.rb', line 8

def username
  @username
end

Instance Method Details

#has_any_role?(*roles) ⇒ Boolean

Returns:

  • (Boolean)

43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/sirius_api/user.rb', line 43

def has_any_role?(*roles)
  fail 'Cannot check roles without username.' unless username

  roles = Set.new(roles)

  return true if @present_roles.intersect? roles
  return false if @absent_roles.intersect? roles

  if @umapi_client.user_has_roles?(username, roles, operator: :any)
    @present_roles.merge(roles)
    true
  else
    @absent_roles.merge(roles)
    false
  end
end

#rolesObject


39
40
41
# File 'lib/sirius_api/user.rb', line 39

def roles
  @present_roles.to_a
end

#student_access_allowed?Boolean

Checks whether access to students (associated with an event) is allowed for current user.

Scope 'read' always permits student access. Scope 'limited-by-idm' depends on current user role. Any other scopes (e.g. 'personal:read') are disallowed to view students.

TODO: Add integration specs for student listing in JSON output.

Returns:

  • (Boolean)

27
28
29
30
31
32
33
# File 'lib/sirius_api/user.rb', line 27

def student_access_allowed?
  return true if scopes.include_any?(Scopes::READ_ALL)
  if username && scopes.include_any?(Scopes::READ_ROLE_BASED)
    return has_any_role? PRIVILEGED_ROLES
  end
  false
end

#to_sObject


35
36
37
# File 'lib/sirius_api/user.rb', line 35

def to_s
  "User [username=#{username}, scopes=#{scopes.to_a.join(' ')}, roles=#{roles.join(' ')}]"
end