Class: AtlasRb::System::User

Inherits:

Object

Object
AtlasRb::System::User

show all

Extended by:: FaradayHelper

Defined in:: lib/atlas_rb/system/user.rb

Overview

SSO-callback user provisioning. Finds the Atlas User row keyed on the supplied NUID (creating it if missing) and replaces its groups with the IdP-asserted set. Full replace, not merge — the IdP assertion is authoritative.

Always authenticates via FaradayHelper#system_connection, so the caller has no way to act as a non-system principal. Atlas allows this endpoint only for the system token + system NUID pairing.

Class Method Summary collapse

.find_or_create(nuid:, groups:, name: nil, email: nil) ⇒ AtlasRb::Mash
Find-or-create the User keyed on NUID and replace its groups.

Methods included from FaradayHelper

connection, multipart, system_connection

Class Method Details

.find_or_create(nuid:, groups:, name: nil, email: nil) ⇒ `AtlasRb::Mash`

Find-or-create the User keyed on NUID and replace its groups.

Examples:

From Cerberus's SSO callback

AtlasRb::System::User.find_or_create(
  nuid: "001234567",
  groups: ["northeastern:staff", "drs:editors"],
  name: "Jane Doe",
  email: "j.doe@example.edu"
)

Parameters:

nuid (String) —
the NUID of the user being provisioned. This is the subject of the operation, not the actor — the actor is always the system fixture.
groups (Array<String>) —
full group set; replaces, not merges.
name (String, nil) (defaults to: nil) —
forwarded if the SSO callback has it; Atlas treats this field as optional.
email (String, nil) (defaults to: nil) —
forwarded if available; optional in Atlas.

Returns:

(AtlasRb::Mash) —
the resulting User record (id, nuid, name, email, role, groups).

# File 'lib/atlas_rb/system/user.rb', line 60

def self.find_or_create(nuid:, groups:, name: nil, email: nil)
  body = { groups: groups }
  body[:name]  = name  if name
  body[:email] = email if email

  response = system_connection.put("/users/by_nuid/#{nuid}", body.to_json)
  AtlasRb::Mash.new(JSON.parse(response.body))["user"]
end