Class: Aker::Authorities::Static

Inherits:
Object
  • Object
show all
Defined in:
lib/aker/authorities/static.rb

Overview

An authority which is configured entirely in memory. It's not intended for production, but rather for testing (particularly integrated testing) and bootstrapping (e.g., for rapidly testing out aker in an application before setting up the infrastructure needed for Ldap or a custom authority).

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(ignored = nil) ⇒ Static

Creates a new instance. Does not use any configuration properties.


14
15
16
# File 'lib/aker/authorities/static.rb', line 14

def initialize(ignored=nil)
  self.clear
end

Class Method Details

.from_file(filename) ⇒ Static

Creates a new instance from a file. You can use the result of this method directly in a Aker configuration block. E.g.:

Aker.configure {
  authority Aker::Authorities::Static.from_file(File.expand_path("../static-auth.yml", __FILE__))
}

Parameters:

  • filename (String)

    the name of a YAML file containing the format outlined for #load!

Returns:

See Also:


32
33
34
# File 'lib/aker/authorities/static.rb', line 32

def self.from_file(filename)
  File.open(filename) { |f| self.new.load!(f) }
end

Instance Method Details

#amplify!(user) ⇒ Aker::User

Merges in the authorization information in this authority for the given user.

Parameters:

Returns:


56
57
58
59
60
61
# File 'lib/aker/authorities/static.rb', line 56

def amplify!(user)
  base = @users[user.username]
  return user unless base

  user.merge!(base)
end

#clearStatic

Resets the user and authorization data to the same state it was in at initialization.

Returns:


294
295
296
297
298
299
# File 'lib/aker/authorities/static.rb', line 294

def clear
  @groups = {}
  @users = {}
  @credentials = {}
  self
end

#find_users(*criteria) ⇒ Array<Aker::User>

Returns the any users which match the given criteria from the set that have been loaded with #load!, #valid_credentials!, and #user.

Parameters:

Returns:


71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# File 'lib/aker/authorities/static.rb', line 71

def find_users(*criteria)
  criteria.collect do |criteria_group|
    unless Hash === criteria_group
      criteria_group = { :username => criteria_group.to_s }
    end
    props = criteria_group.keys.select { |k|
      Aker::User.instance_methods.include?(k.to_s) || # for 1.8.7
      Aker::User.instance_methods.include?(k.to_sym)  # for 1.9.1
    }
    if props.empty?
      []
    else
      @users.values.select do |user|
        props.inject(true) { |result, prop| result && user.send(prop) == criteria_group[prop] }
      end
    end
  end.flatten.uniq
end

#load!(io) ⇒ Static

Loads a YAML doc and uses its contents to initialize the authority's authentication and authorization data.

Sample doc:

users:
  wakibbe:               # username
    password: ekibder    # password for :user auth (optional)
    first_name: Warren   # any attributes from Aker::User may
    last_name: Kibbe     #   be set here
    identifiers:         # identifiers will be loaded with
      employee_id: 4     # symbolized keys
    portals:             # portal & group auth info (optional)
      - SQLSubmit        # A groupless portal
      - ENU:             # A portal with simple groups
        - User
      - NOTIS:           # A portal with affiliated groups
        - Manager: [23]
        - User           # you can mix affiliated and simple

groups:                  # groups for hierarchical portals
  NOTIS:                 # (these aren't real NOTIS groups)
    - Admin:
      - Manager:
        - User
      - Auditor

Parameters:

  • io (#read)

    a readable handle (something that can be passed to YAML.load)

Returns:


204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
# File 'lib/aker/authorities/static.rb', line 204

def load!(io)
  doc = YAML.load(io)
  return self unless doc
  (doc["groups"] || {}).each do |portal, top_level_groups|
    @groups[portal.to_sym] = top_level_groups.collect { |group_data| build_group(group_data) }
  end
  (doc["users"] || {}).each do |username, config|
    attr_keys = config.keys - ["password", "portals", "identifiers"]

    valid_credentials!(:user, username, config["password"]) do |u|
      attr_keys.each do |k|
        begin
          u.send("#{k}=", config[k])
        rescue NoMethodError
          raise NoMethodError, "#{k} is not a recognized user attribute"
        end
      end

      portal_data = config["portals"] || []

      portals_and_groups_from_yaml(portal_data) do |portal, group, affiliate_ids|
        u.default_portal = portal unless u.default_portal

        u.in_portal!(portal)

        if group
          if affiliate_ids
            u.in_group!(portal, group, :affiliate_ids => affiliate_ids)
          else
            u.in_group!(portal, group)
          end
        end
      end

      (config["identifiers"] || {}).each do |ident, value|
        u.identifiers[ident.to_sym] = value
      end
    end
  end

  self
end

#user(username, &block) ⇒ Aker::User

Creates or updates one of the user records in this authority. If provided a block, the user will be yielded to it. This the mechanism to use to set attributes, portals, and group memberships on the users returned by #valid_credentials?. Example:

auth.user("wakibbe") do |u|
  u.first_name = "Warren"
  u.portals << :ENU
end

auth.user("wakibbe").first_name # => "Warren"

Parameters:

  • username (String)

    the username for the user to create, update, or just read

Returns:

  • (Aker::User)

    the single user for username (possibly newly created; never nil)

See Also:


113
114
115
116
117
# File 'lib/aker/authorities/static.rb', line 113

def user(username, &block)
  u = (@users[username] ||= Aker::User.new(username))
  u.tap(&block) if block
  u
end

#valid_credentials!(kind, username, *credentials) {|user| ... }

This method returns an undefined value.

Associate the given set of credentials of a particular kind with the specified user. Note that all kinds require a username (unlike with #valid_credentials?). Examples:

auth.valid_credentials!(:user, "wakibbe", "ekibder")
auth.valid_credentials!(:api_key, "notis-app", "12345-67890")

For further user customization, you can pass a block. This block receives an object that responds to all User methods as well as helper methods for setting up portal and group memberships. Examples:

auth.valid_credentials!(:user, "wakibbe", "ekibder") do |u|
  # grants access to portal :ENU
  u.in_portal!(:ENU)

  # sets up name data
  u.first_name = 'Warren'
  u.last_name = 'Kibbe'
end

auth.valid_credentials!(:user, "wakibbe", "ekibder") do |u|
  # grants access to portal :ENU and membership in group "User"
  u.in_group!(:ENU, "User")
end

auth.valid_credentials!(:api_key, "notis-ns", "12345-67890") do |u|
  # grants access to portal :NOTIS and membership in group "Auditor"
  for affiliates 20 and 30
  u.in_group!(:NOTIS, "Auditor", :affiliate_ids => [20, 30])
end

Parameters:

  • kind (Symbol)

    the kind of credentials these are. Anything is allowed.

  • username (String)

    the username for the user which is authenticated by these credentials.

  • *credentials (Array<String>, nil)

    the credentials themselves. (Note that you need not repeat the username for the :user kind.)

Yields:

  • (user)

    a user object as described above


162
163
164
165
166
167
168
169
170
# File 'lib/aker/authorities/static.rb', line 162

def valid_credentials!(kind, username, *credentials)
  if kind == :user
    credentials = [username, *credentials]
  end
  all_credentials(kind) << { :username => username, :credentials =>  credentials }
  @users[username] ||= Aker::User.new(username)

  yield UserBuilder.new(@users[username], self) if block_given?
end

#valid_credentials?(kind, *credentials) ⇒ Aker::User?

Verifies the credentials against the set provided by calls to #valid_credentials! and #load!. Supports all kinds.

Returns:


43
44
45
46
47
# File 'lib/aker/authorities/static.rb', line 43

def valid_credentials?(kind, *credentials)
  found_username =
    (all_credentials(kind).detect { |c| c[:credentials] == credentials } || {})[:username]
  @users[found_username]
end