Class: AtlasRb::User

Inherits:
Object
  • Object
show all
Extended by:
FaradayHelper
Defined in:
lib/atlas_rb/user.rb

Overview

System-user binding for Atlas's find-or-create + group-replace endpoint.

Used by Cerberus on its SSO callback: given an NUID and the IdP-asserted group set, find-or-create the matching User row and replace its groups with the supplied array (full replace, not merge — the IdP's assertion is authoritative).

The endpoint is system-only; User.find_or_create sends bearer-token auth and no User: header. Atlas returns 403 if any User: header is present.

Class Method Summary collapse

Methods included from FaradayHelper

connection, multipart

Class Method Details

.find_or_create(nuid:, groups:, name: nil, email: nil) ⇒ AtlasRb::Mash

Find-or-create the User keyed on NUID and replace its groups.

Idempotent on nuid. Authoritative on groups.

Examples:

From Cerberus's SSO callback

AtlasRb::User.find_or_create(nuid: "001234567",
                             groups: ["northeastern:staff",
                                      "drs:editors"],
                             name: "Jane Doe",
                             email: "j.doe@example.edu")

Parameters:

  • nuid (String)

    the Northeastern University ID.

  • groups (Array<String>)

    full group set; replaces, not merges.

  • name (String, nil) (defaults to: nil)

    forwarded if the caller (e.g. Cerberus's SSO callback) has it; Atlas treats this field as optional.

  • email (String, nil) (defaults to: nil)

    forwarded if available; optional in Atlas.

Returns:

  • (AtlasRb::Mash)

    the resulting User record (id, nuid, name, email, role, groups).



35
36
37
38
39
40
41
42
 
# File 'lib/atlas_rb/user.rb', line 35

def self.find_or_create(nuid:, groups:, name: nil, email: nil)
  body = { groups: groups }
  body[:name] = name if name
  body[:email] = email if email

  response = connection({}).put("/users/by_nuid/#{nuid}", body.to_json)
  AtlasRb::Mash.new(JSON.parse(response.body))["user"]
end