#!/usr/bin/env ruby # ruby version of https://github.com/APMG/pmp-sdk-perl/blob/master/t/002-authz.t require 'rubygems' require 'bundler/setup' require 'pmp' require 'json' # some utility methods def waiting(seconds, message="waiting") print message seconds.to_i.times{ print "."; sleep(1) } print "\n" end def pretty_json(s) JSON.pretty_generate(JSON.parse(s)) end # ------------------------------------------------------------------------------ # Setup: Make sure you can make a client with id and secret # ------------------------------------------------------------------------------ client_id = ENV['PMP_CLIENT_ID'] client_secret = ENV['PMP_CLIENT_SECRET'] raise "PMP_CLIENT_ID PMP_CLIENT_SECRET not set" unless client_id && client_secret # doing this against the sandbox for now endpoint = 'https://api-sandbox.pmp.io/' # make a new client, assume id and secret are in the env pmp = PMP::Client.new(client_id: client_id, client_secret: client_secret, endpoint: endpoint) puts "\n\nSetup complete: pmp client: #{pmp.inspect}\n\n" # ------------------------------------------------------------------------------ # Step 0: Clean up any old data from prior runs # ------------------------------------------------------------------------------ delete_count = 0 pmp.query["urn:pmp:query:docs"].where(tag: 'pmp_example_permissions', limit: 100).items.each{|i| i.delete; delete_count+=1 } puts "\n\nStep 0 complete: deleted #{delete_count}\n\n" exit 1 if ARGV[0] == 'delete-only' # ------------------------------------------------------------------------------ # Step 1: Make 3 orgs that will end up with different permissions # ------------------------------------------------------------------------------ organizations = (0..2).map do |index| # make a new 'organization' of profile type user org = pmp.doc_of_type('user') org.title = "pmp ruby example, permissions: org #{index}" org.tags = ['pmp_example_permissions'] org.auth = { user: "pmp_ruby_org_#{index}", password: SecureRandom.uuid, scope: 'write' } org.save org end puts "\n\nStep 1 complete: organizations: #{pretty_json(organizations.to_json)}\n\n" # ------------------------------------------------------------------------------ # Step 2: Make 4 permission groups, 0:[0,1], 1:[0], 2:[1], and an empty group 3:[] # ------------------------------------------------------------------------------ group_orgs = [ [0,1], [0], [1], [] ] permission_groups = group_orgs.collect do |orgs| group = pmp.doc_of_type('group') group.tags = ['pmp_example_permissions'] group.title = "pmp ruby example, permissions: permission group #{orgs.inspect}" group.links['item'] = orgs.map{|o| PMP::Link.new(href: organizations[o].href)} if (orgs.size > 0) group.save group end puts "\n\nStep 2 complete: permission_groups: #{pretty_json(permission_groups.to_json)}\n\n" # ------------------------------------------------------------------------------ # Step 3: Make docs to be protected # ------------------------------------------------------------------------------ documents = (0..3).collect do |index| doc = pmp.doc_of_type('story') doc.tags = ['pmp_example_permissions', 'pmp_example_permissions_test_doc'] doc.title = "pmp ruby example, permissions: story #{index}" doc end documents[0].links['permission'] = PMP::Link.new(href: permission_groups[0].href, operation: 'read') documents[1].links['permission'] = [ PMP::Link.new( href: permission_groups[2].href, operation: 'read', blacklist: true ), PMP::Link.new( href: permission_groups[1].href, operation: 'read' ), ] documents[3].links['permission'] = PMP::Link.new(href: permission_groups[3].href, operation: 'read') documents.each{|d| d.save } puts "\n\nStep 3 complete: documents: #{pretty_json(documents.to_json)}\n\n" # ------------------------------------------------------------------------------ # Step 4: Make credentials and clients for each org # ------------------------------------------------------------------------------ credentials = organizations.map do |org| puts "create credentials for org: #{org.auth}" pmp.credentials(user: org.auth[:user], password: org.auth[:password]).create end waiting(5) clients = credentials.map do |creds| PMP::Client.new(client_id: creds['client_id'], client_secret: creds['client_secret'], endpoint: endpoint) end puts "\n\nStep 4 complete: credentials: #{pretty_json(credentials.to_json)}\n\n" # ------------------------------------------------------------------------------ # Step 5: Test doc visibility! # ------------------------------------------------------------------------------ puts "\n\nStep 5: TEST TIME!\n\n" results = (0..2).collect do |index| expected_size = (3 - index) puts "org #{index} should retrieve #{expected_size} items" puts "org #{index} got token: #{clients[index].token.token}" waiting(5) result = clients[index].query["urn:pmp:query:docs"].where(tag: 'pmp_example_permissions_test_doc').retrieve actual_size = result.items.size msg = (actual_size == expected_size) ? "SUCCESS" : "FAIL" puts "#{msg}: org #{index} retrieved #{actual_size} items, expected #{expected_size}.\n" puts "retrieved: #{pretty_json(result.to_json)}\n\n" result end puts "\n\nStep 5 complete, all done!\n\n" exit 1