Updated more gems, restored missing access policies inside an after_i…

…nitialize block
openstax · Oct 9, 2024 · e6a5259 · e6a5259
1 parent 7bdfb96
commit e6a5259
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 44 deletions.
diff --git a/Gemfile b/Gemfile
@@ -73,13 +73,13 @@ gem 'omniauth-google-oauth2'
 gem 'redis-rails'
 
 # Utilities for OpenStax websites
-gem 'openstax_utilities', github: 'openstax/openstax_utilities', ref: '4a22dd7fb557174f805bb8cc29cd8e60695983f5'
+gem 'openstax_utilities'
 
 # API versioning and documentation
 gem 'openstax_api'
 
 # Notify developers of Exceptions in production
-gem 'openstax_rescue_from', github: 'openstax/rescue_from', ref: '7a6dcfa0a70e843d2801795e151888bb9f03386a'
+gem 'openstax_rescue_from'
 
 # Sentry integration
 gem 'sentry-ruby'
@@ -113,7 +113,7 @@ gem 'delayed_job_worker_pool'
 gem 'delayed_job_heartbeat_plugin'
 
 # JSON Api builder
-gem 'representable', '~> 3.0.0'
+gem 'representable'
 
 # Keyword search
 gem 'keyword_search', '~> 1.5.0'

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -18,20 +18,6 @@ GIT
       railties (>= 3.1)
       sass-rails
 
-GIT
-  remote: https://github.com/openstax/openstax_utilities.git
-  revision: 4a22dd7fb557174f805bb8cc29cd8e60695983f5
-  ref: 4a22dd7fb557174f805bb8cc29cd8e60695983f5
-  specs:
-    openstax_utilities (5.1.1)
-      aws-sdk-autoscaling
-      faraday
-      faraday-http-cache
-      keyword_search
-      lev
-      rails (>= 5.0, < 8.0)
-      request_store
-
 GIT
   remote: https://github.com/openstax/path_prefixer.git
   revision: e3edfc70589bc90fcffba63b417260a88c1377d7
@@ -48,14 +34,6 @@ GIT
   specs:
     pattern-library (1.1.18)
 
-GIT
-  remote: https://github.com/openstax/rescue_from.git
-  revision: 7a6dcfa0a70e843d2801795e151888bb9f03386a
-  ref: 7a6dcfa0a70e843d2801795e151888bb9f03386a
-  specs:
-    openstax_rescue_from (4.2.0)
-      rails (>= 3.1, < 7.0)
-
 GEM
   remote: https://rubygems.org/
   specs:
@@ -264,7 +242,6 @@ GEM
       activesupport (>= 4.0, < 7.3)
       rspec (>= 3.0)
     declarative (0.0.20)
-    declarative-option (0.1.0)
     delayed_job (4.1.12)
       activesupport (>= 3.0, < 8.0)
     delayed_job_active_record (4.1.10)
@@ -534,13 +511,23 @@ GEM
       uber
     openstax_healthcheck (1.0.1)
       rails (>= 3.0)
+    openstax_rescue_from (4.2.1)
+      rails (>= 3.1, < 7.0)
     openstax_salesforce (8.1.0)
       openstax_active_force
       rails (>= 5.0, < 7.0)
       restforce
     openstax_transaction_retry (1.2.0)
       activerecord (>= 5.1)
       transaction_isolation (>= 1.0.5)
+    openstax_utilities (5.1.2)
+      aws-sdk-autoscaling
+      faraday
+      faraday-http-cache
+      keyword_search
+      lev
+      rails (>= 5.0, < 8.0)
+      request_store
     ostruct (0.6.0)
     p3p (2.0.0)
       rack (>= 1.6.2)
@@ -651,9 +638,9 @@ GEM
       io-console (~> 0.5)
     render_anywhere (0.0.12)
       rails (>= 3.0.7)
-    representable (3.0.4)
+    representable (3.2.0)
       declarative (< 0.1.0)
-      declarative-option (< 0.2.0)
+      trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     request_store (1.7.0)
       rack (>= 1.4)
@@ -771,6 +758,7 @@ GEM
     tilt (2.4.0)
     timecop (0.9.10)
     timeout (0.4.1)
+    trailblazer-option (0.1.2)
     transaction_isolation (1.0.5)
       activerecord (>= 3.0.11)
     tzinfo (2.0.6)
@@ -878,9 +866,9 @@ DEPENDENCIES
   openstax_api
   openstax_healthcheck
   openstax_path_prefixer!
-  openstax_rescue_from!
+  openstax_rescue_from
   openstax_salesforce
-  openstax_utilities!
+  openstax_utilities
   p3p
   parallel_tests
   pattern-library!
@@ -896,7 +884,7 @@ DEPENDENCIES
   rails-settings-cached
   redis-rails
   render_anywhere
-  representable (~> 3.0.0)
+  representable
   rspec-instafail
   rspec-rails
   rubocop

diff --git a/config/initializers/access_policies.rb b/config/initializers/access_policies.rb
@@ -1 +1,19 @@
 require_relative 'doorkeeper'
+
+Rails.application.config.after_initialize do
+  OSU::AccessPolicy.register(Doorkeeper::Application, Doorkeeper::ApplicationAccessPolicy)
+  OSU::AccessPolicy.register(User, UserAccessPolicy)
+  OSU::AccessPolicy.register(AnonymousUser, UserAccessPolicy)
+  OSU::AccessPolicy.register(Identity, IdentityAccessPolicy)
+  OSU::AccessPolicy.register(ContactInfo, ContactInfoAccessPolicy)
+  OSU::AccessPolicy.register(EmailAddress, ContactInfoAccessPolicy)
+  OSU::AccessPolicy.register(Authentication, AuthenticationAccessPolicy)
+  OSU::AccessPolicy.register(ApplicationUser, ApplicationUserAccessPolicy)
+  OSU::AccessPolicy.register(Message, MessageAccessPolicy)
+  OSU::AccessPolicy.register(Group, GroupAccessPolicy)
+  OSU::AccessPolicy.register(GroupMember, GroupMemberAccessPolicy)
+  OSU::AccessPolicy.register(GroupOwner, GroupOwnerAccessPolicy)
+  OSU::AccessPolicy.register(GroupNesting, GroupNestingAccessPolicy)
+  OSU::AccessPolicy.register(ApplicationGroup, ApplicationGroupAccessPolicy)
+  OSU::AccessPolicy.register(ExternalId, ExternalIdAccessPolicy)
+end
diff --git a/config/puma.rb b/config/puma.rb
@@ -11,8 +11,6 @@
 
 NUM_WORKERS = ENV.fetch('WEB_CONCURRENCY') { Etc.nprocessors }.to_i
 
-worker_timeout ENV.fetch('WORKER_TIMEOUT', 60).to_i
-
 stdout_redirect(
   ENV.fetch('STDOUT_LOGFILE', "#{APP_DIR}/log/puma.stdout.log"),
   ENV.fetch('STDERR_LOGFILE', "#{APP_DIR}/log/puma.stderr.log"),
@@ -52,6 +50,11 @@
 min_threads_count = ENV.fetch('RAILS_MIN_THREADS') { max_threads_count }
 threads min_threads_count, max_threads_count
 
+# Specifies the `worker_timeout` threshold that Puma will use to wait before
+# terminating a worker in development environments.
+#
+worker_timeout ENV.fetch('WORKER_TIMEOUT', 60).to_i
+
 if ENV['SOCKET']
   # Specifies the `socket` to which Puma will bind to receive requests.
   bind ENV['SOCKET']

diff --git a/lib/sso_cookie_jar.rb b/lib/sso_cookie_jar.rb
@@ -18,11 +18,11 @@ def delete(options = {})
     @parent_jar.delete @@cookie_name, options.reverse_merge(@@cookie_options)
   end
 
-  def parse(name, encrypted_message, purpose: nil)
-    SsoCookie.read encrypted_message
+  def parse(name, data, purpose: nil)
+    SsoCookie.read data
   end
 
-  def commit(options)
+  def commit(name, options)
     options[:value] = SsoCookie.generate options
     options.reverse_merge! @@cookie_options
   end

diff --git a/spec/access_policies/external_id_access_policy_spec.rb b/spec/access_policies/external_id_access_policy_spec.rb
@@ -13,16 +13,16 @@
 
   context 'create' do
     it 'cannot be accessed by users or untrusted apps' do
-      expect(OSU::AccessPolicy.action_allowed?(:search, anon, external_id)).to eq false
-      expect(OSU::AccessPolicy.action_allowed?(:search, temp, external_id)).to eq false
-      expect(OSU::AccessPolicy.action_allowed?(:search, user, external_id)).to eq false
-      expect(OSU::AccessPolicy.action_allowed?(:search, new_social, external_id)).to eq false
-      expect(OSU::AccessPolicy.action_allowed?(:search, admin, external_id)).to eq false
-      expect(OSU::AccessPolicy.action_allowed?(:search, app, external_id)).to eq false
+      expect(OSU::AccessPolicy.action_allowed?(:create, anon, external_id)).to eq false
+      expect(OSU::AccessPolicy.action_allowed?(:create, temp, external_id)).to eq false
+      expect(OSU::AccessPolicy.action_allowed?(:create, user, external_id)).to eq false
+      expect(OSU::AccessPolicy.action_allowed?(:create, new_social, external_id)).to eq false
+      expect(OSU::AccessPolicy.action_allowed?(:create, admin, external_id)).to eq false
+      expect(OSU::AccessPolicy.action_allowed?(:create, app, external_id)).to eq false
     end
 
     it 'can be accessed by trusted apps' do
-      expect(OSU::AccessPolicy.action_allowed?(:search, trusted_app, User)).to eq true
+      expect(OSU::AccessPolicy.action_allowed?(:create, trusted_app, external_id)).to eq true
     end
   end
-end
+end