Add resources method for getting list of resources for a given scope

lib/prx_auth/resource_map.rb

@@ -3,37 +3,47 @@ class ResourceMap
     WILDCARD_KEY = '*'
 
     def initialize(mapped_values)
-      @map = Hash[mapped_values.map do |(key, values)|
+      input = mapped_values.clone
+      @wildcard = ScopeList.new(input.delete(WILDCARD_KEY)||'')
+      @map = Hash[input.map do |(key, values)|
         [key, ScopeList.new(values)]
       end]
     end
 
     def contains?(resource, namespace=nil, scope=nil)
-      mapped_resource = @map[resource.to_s]
+      resource = resource.to_s
 
-      if mapped_resource == wildcard_resource
+      if resource == WILDCARD_KEY
         raise ArgumentError if namespace.nil?
 
-        mapped_resource.contains?(namespace, scope)
-      elsif mapped_resource && !namespace.nil?
-        mapped_resource.contains?(namespace, scope) || wildcard_resource.contains?(namespace, scope)
-      elsif !namespace.nil?
-        wildcard_resource.contains?(namespace, scope)
+        @wildcard.contains?(namespace, scope)
       else
-        !!mapped_resource
+        mapped_resource = @map[resource]
+
+        if mapped_resource && !namespace.nil?
+          mapped_resource.contains?(namespace, scope) || @wildcard.contains?(namespace, scope)
+        elsif !namespace.nil?
+          @wildcard.contains?(namespace, scope)
+        else
+          !!mapped_resource
+        end
       end
     end
 
     def freeze
       @map.freeze
-      wildcard_resource.freeze
+      @wildcard.freeze
       self
     end
 
-    private
-
-    def wildcard_resource
-      @wildcard_resource ||= @map[WILDCARD_KEY] || ScopeList.new('')
+    def resources(namespace=nil, scope=nil)
+      if namespace.nil?
+        @map.keys
+      else
+        @map.select do |name, list|
+          list.contains?(namespace, scope)
+        end.map(&:first)
+      end
     end
   end
 end

lib/rack/prx_auth/token_data.rb

@@ -3,7 +3,7 @@
 module Rack
   class PrxAuth
     class TokenData
-      attr_reader :attributes, :authorized_resources, :scopes
+      attr_reader :scopes
 
       def initialize(attrs = {})
         @attributes = attrs
@@ -17,6 +17,10 @@ def initialize(attrs = {})
         end
       end
 
+      def resources(namespace=nil, scope=nil)
+        @authorized_resources.resources(namespace, scope)
+      end
+
       def user_id
         @attributes['sub']
       end

test/prx_auth/resource_map_test.rb

@@ -1,8 +1,8 @@
 require 'test_helper'
 
 describe PrxAuth::ResourceMap do
-  let(:map) { PrxAuth::ResourceMap.new(resources) }
-  let(:resources) { {'123' => 'admin one two three ns1:namespaced', '456' => 'member four five six' } }
+  let(:map) { PrxAuth::ResourceMap.new(input) }
+  let(:input) { {'123' => 'admin one two three ns1:namespaced', '456' => 'member four five six' } }
 
   describe '#authorized?' do
     it 'contains scopes in list' do
@@ -26,7 +26,7 @@
     end
 
     describe 'with wildcard resource' do
-      let(:resources) do
+      let(:input) do
         {
           '*' => 'peek',
           '123' => 'admin one two three',
@@ -58,4 +58,41 @@
       end
     end
   end
+
+  describe '#resources' do
+    let (:input) do
+      {
+        '*' => 'read wildcard',
+        '123' => 'read write buy',
+        '456' => 'read ns1:buy'
+      }
+    end
+
+    let (:resources) { map.resources }
+
+    it 'returns resource ids' do
+      assert resources.include?('123')
+      assert resources.include?('456')
+    end
+
+    it 'excludes wildcard values' do
+      assert !resources.include?('*')
+    end
+
+    it 'filters for scope' do
+      resources = map.resources(:write)
+      assert resources.include?('123')
+      assert !resources.include?('456')
+      assert !resources.include?('*')
+    end
+
+    it 'works with namespaces' do
+      resources = map.resources(:ns1, :buy)
+      assert resources.include?('123')
+      assert resources.include?('456')
+
+      resources = map.resources(:buy)
+      assert !resources.include?('456')
+    end
+  end
 end

test/rack/prx_auth/token_data_test.rb

@@ -6,21 +6,34 @@
     assert token.user_id == 123
   end
 
-  it 'pulls authorized_resources from aur' do
+  it 'pulls resources from aur' do
     token = Rack::PrxAuth::TokenData.new('aur' => {'123' => 'admin'})
-    assert token.authorized_resources.contains?('123', 'admin')
+    assert token.resources.include?('123')
   end
 
-  it 'unpacks compressed aur into authorized_resources' do
+  it 'unpacks compressed aur' do
     token = Rack::PrxAuth::TokenData.new('aur' => {
       '123' => 'member',
       '$' => {
         'admin' => [456, 789, 1011]
       }
     })
-    assert !token.authorized_resources.contains?('$')
-    assert token.authorized_resources.contains?('789', :admin)
-    assert token.authorized_resources.contains?(123, :member)
+    assert !token.resources.include?('$')
+    assert token.resources.include?('789')
+    assert token.resources.include?('123')
+  end
+
+  describe '#resources' do
+    let(:token) { Rack::PrxAuth::TokenData.new('aur' => aur) }
+    let(:aur) { {'123' => 'admin ns1:namespaced', '456' => 'member' } }
+
+    it 'scans for resources by namespace and scope' do
+      assert token.resources(:admin) == ['123']
+      assert token.resources(:namespaced) == []
+      assert token.resources(:member) == ['456']
+      assert token.resources(:ns1, :namespaced) == ['123']
+      assert token.resources(:ns1, :member) == ['456']
+    end
   end
 
   describe '#authorized?' do

test/rack/prx_auth_test.rb

@@ -52,7 +52,6 @@
         prxauth.stub(:valid?, true) do
           prxauth.call(env)['prx.auth'].tap do |token|
             assert token.instance_of? Rack::PrxAuth::TokenData
-            assert token.attributes == claims
             assert token.user_id == claims['sub']
           end
         end