access-granted 0.2 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -21
- data/access-granted.gemspec +1 -1
- data/benchmarks/README.md +1 -1
- data/lib/access-granted.rb +6 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d6d610eeb4a1e57538d942c6f1cd0bfe6958a852
|
4
|
+
data.tar.gz: 50ce2232aa01528cb8478a38e578a8424ca0e801
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0768c9dd24d77292180d8574f9155312c3a4028b2259d8125d8db36754e8a26c7bb448f88452f2b7588fa72edd9e46d68522ea1a3eb6e3a2b185ef766ecc292d
|
7
|
+
data.tar.gz: 7852d05613d5afa58e5cf6aa23a0432efab48ba0b7badc812047a107543e1c9784492ed591547e5f3cb649a0f58e2f53f75b8c1f964741451053eaea72111c49
|
data/README.md
CHANGED
@@ -12,22 +12,22 @@ Multi-role and whitelist based authorization gem for Rails. And it's lightweight
|
|
12
12
|
|
13
13
|
### Supported Ruby versions
|
14
14
|
|
15
|
-
|
15
|
+
Because it has **zero** runtime dependencies it is guaranteed to work on all major Ruby versions MRI 1.9.3-2.2, Rubinius >= 2.X and JRuby >= 1.7.
|
16
16
|
|
17
17
|
## Summary
|
18
18
|
|
19
|
-
AccessGranted is meant as a replacement for CanCan to solve
|
19
|
+
AccessGranted is meant as a replacement for CanCan to solve major problems:
|
20
20
|
|
21
21
|
1. Performance
|
22
|
-
On average AccessGranted is 50-60% faster in resolving identical dependencies and takes less memory.
|
23
|
-
See [benchmarks](https://github.com/chaps-io/access-granted/blob/master/benchmarks).
|
24
22
|
|
25
|
-
|
23
|
+
On average AccessGranted is 50-60% faster in resolving identical permissions and takes less memory.
|
24
|
+
See [benchmarks](https://github.com/chaps-io/access-granted/blob/master/benchmarks).
|
26
25
|
|
27
|
-
|
28
|
-
Additionally, permissions are forced to be unique in the scope of a role. This greatly simplifies resolving permissions and makes it faster.
|
26
|
+
2. Roles
|
29
27
|
|
30
|
-
|
28
|
+
Adds support for roles, so no more `if`'s and `else`'s in your Policy file. This makes it extremely easy to maintain and read the code.
|
29
|
+
|
30
|
+
3. white-lists
|
31
31
|
|
32
32
|
This means that you define what the user **can** do, which results in clean, readable policies regardless of app complexity.
|
33
33
|
You don't have to worry about juggling `can`s and `cannot`s in a very convoluted way!
|
@@ -37,7 +37,7 @@ AccessGranted is meant as a replacement for CanCan to solve three major problems
|
|
37
37
|
4. framework agnostic
|
38
38
|
|
39
39
|
Permissions can work on basically any object and AccessGranted is framework-agnostic,
|
40
|
-
but it has Rails support of
|
40
|
+
but it has Rails support out of the box :)
|
41
41
|
It **does not depend on any libraries**, pure and clean Ruby code. Guaranteed to always work,
|
42
42
|
even when software around changes.
|
43
43
|
|
@@ -88,7 +88,7 @@ end
|
|
88
88
|
#### Defining roles
|
89
89
|
|
90
90
|
Each `role` method accepts the name of the role you're creating and an optional matcher.
|
91
|
-
Matchers are used to check if user belongs to that role and if the permissions inside should be executed against
|
91
|
+
Matchers are used to check if user belongs to that role and if the permissions inside should be executed against it.
|
92
92
|
|
93
93
|
The simplest role can be defined as follows:
|
94
94
|
|
@@ -115,8 +115,8 @@ role :member do
|
|
115
115
|
end
|
116
116
|
```
|
117
117
|
|
118
|
-
The `{ is_admin: true }` hash is compared with the user's attributes to see if the role should be applied to
|
119
|
-
So, if the user has an attribute `is_admin` set to `true`, then the role will be applied to
|
118
|
+
The `{ is_admin: true }` hash is compared with the user's attributes to see if the role should be applied to it.
|
119
|
+
So, if the user has an attribute `is_admin` set to `true`, then the role will be applied to it.
|
120
120
|
|
121
121
|
**Note:** you can use more keys in the hash to check many attributes at once.
|
122
122
|
|
@@ -133,8 +133,8 @@ end
|
|
133
133
|
|
134
134
|
#### Block conditions
|
135
135
|
|
136
|
-
"But wait! User should also be able to edit his posts, and only his posts!" you are wondering.
|
137
|
-
This can be done using a block condition in `can` method, like
|
136
|
+
"But wait! User should also be able to edit his posts, and only his posts!", you are wondering.
|
137
|
+
This can be done using a block condition in `can` method, like so:
|
138
138
|
|
139
139
|
```ruby
|
140
140
|
role :member do
|
@@ -144,11 +144,11 @@ role :member do
|
|
144
144
|
end
|
145
145
|
```
|
146
146
|
|
147
|
-
When the given block evaluates to `true`,
|
147
|
+
When the given block evaluates to `true`, then user is given the permission to update the post.
|
148
148
|
|
149
149
|
#### Roles in order of importance
|
150
150
|
|
151
|
-
Additionally we can allow admins to update **all** posts despite them not being authors like
|
151
|
+
Additionally, we can allow admins to update **all** posts despite them not being authors like so:
|
152
152
|
|
153
153
|
|
154
154
|
```ruby
|
@@ -218,6 +218,7 @@ class UsersController
|
|
218
218
|
# (...)
|
219
219
|
end
|
220
220
|
end
|
221
|
+
```
|
221
222
|
|
222
223
|
#### Checking permissions in views
|
223
224
|
|
@@ -234,7 +235,7 @@ You can hide any part of the page from users without permissions like this:
|
|
234
235
|
|
235
236
|
#### Customizing policy
|
236
237
|
|
237
|
-
By default AccessGranted adds this method to your controllers:
|
238
|
+
By default, AccessGranted adds this method to your controllers:
|
238
239
|
|
239
240
|
```ruby
|
240
241
|
def current_policy
|
@@ -242,7 +243,7 @@ By default AccessGranted adds this method to your controllers:
|
|
242
243
|
end
|
243
244
|
```
|
244
245
|
|
245
|
-
If you have a different policy class or if your user is not stored in `current_user` variable, then you can override it in any
|
246
|
+
If you have a different policy class or if your user is not stored in `current_user` variable, then you can override it in any controller and modify the logic as you please.
|
246
247
|
|
247
248
|
You can even have different policies for different controllers!
|
248
249
|
|
@@ -311,7 +312,7 @@ end
|
|
311
312
|
|
312
313
|
## Compatibility with CanCan
|
313
314
|
|
314
|
-
This gem
|
315
|
+
This gem has been created as a replacement for CanCan and therefore it requires minimum work to switch.
|
315
316
|
|
316
317
|
### Main differences
|
317
318
|
|
@@ -322,10 +323,10 @@ This gem was created as a replacement for CanCan and therefore it requires minim
|
|
322
323
|
|
323
324
|
2. Both `can?`/`cannot?` and `authorize!` methods work in Rails controllers and views, just like in CanCan.
|
324
325
|
The only change you have to make is to replace all `can? :manage, Class` with the exact action to check against.
|
325
|
-
`can :manage` is still available for **defining** methods and serves as a shortcut for defining `:
|
326
|
+
`can :manage` is still available for **defining** methods and serves as a shortcut for defining `:create`, `:read`, `:update`, `:destroy` all in one line.
|
326
327
|
|
327
328
|
3. Syntax for defining permissions in AccessPolicy file (Ability in CanCan) is exactly the same,
|
328
|
-
with added
|
329
|
+
with roles added on top. See [Usage](#usage) below.
|
329
330
|
|
330
331
|
|
331
332
|
## Contributing
|
data/access-granted.gemspec
CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "access-granted"
|
7
|
-
spec.version = "0.2"
|
7
|
+
spec.version = "0.2.1"
|
8
8
|
spec.authors = ["Piotrek Okoński"]
|
9
9
|
spec.email = ["piotrek@okonski.org"]
|
10
10
|
spec.description = %q{Role based authorization gem}
|
data/benchmarks/README.md
CHANGED
data/lib/access-granted.rb
CHANGED