access-granted 1.1.2 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +21 -0
- data/access-granted.gemspec +1 -1
- data/lib/access-granted/permission.rb +7 -4
- data/lib/access-granted/policy.rb +14 -3
- data/lib/access-granted/role.rb +3 -2
- data/spec/permission_spec.rb +19 -14
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 99c759ed2b314ec49877c1ba6b0673650b9c3fba
|
4
|
+
data.tar.gz: b77fa0ed9b87a7fd2bb3aa853a767f6e43cfe014
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 270c16d0e319ac997679178287cbfb323b69c210b6f57ce8dbb1b34b42d566ec1c415936df32004d2a0f65f8622a777cb02c58b8c4514d14563412dd153e35c5
|
7
|
+
data.tar.gz: 112f93450a81eac894aeb55fb007fc6b1dabec4626e5b561c62a9ceb52e31c29254b0c2a3aae693bb20786e74d77d4376badfaa497e33e0b29a1b3103b1c67d6
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,24 @@
|
|
1
|
+
# 1.2.0
|
2
|
+
|
3
|
+
- Cache whole blocks of identical permissions when one of them is checked.
|
4
|
+
For example, assuming we have a given permissions set:
|
5
|
+
|
6
|
+
```
|
7
|
+
can [:update, :destroy, :archive], Post do |post, user|
|
8
|
+
post.user_id == user.id
|
9
|
+
end
|
10
|
+
```
|
11
|
+
|
12
|
+
When resolving one of them like this:
|
13
|
+
|
14
|
+
```
|
15
|
+
can? :update, @post
|
16
|
+
```
|
17
|
+
|
18
|
+
Access Granted will cache the result for each of the remaining actions, too.
|
19
|
+
So next time when checking permissions `:destroy` or `:archive`, AG will serve the result from cache instead of running the block again.
|
20
|
+
|
21
|
+
|
1
22
|
# 1.1.2
|
2
23
|
|
3
24
|
- Expose internal `block` instance variable in Permission class
|
data/access-granted.gemspec
CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "access-granted"
|
7
|
-
spec.version = "1.
|
7
|
+
spec.version = "1.2.0"
|
8
8
|
spec.authors = ["Piotrek Okoński"]
|
9
9
|
spec.email = ["piotrek@okonski.org"]
|
10
10
|
spec.description = %q{Role based authorization gem}
|
@@ -1,13 +1,14 @@
|
|
1
1
|
module AccessGranted
|
2
2
|
class Permission
|
3
|
-
attr_reader :action, :subject, :granted, :conditions, :block
|
3
|
+
attr_reader :action, :subject, :granted, :conditions, :actions, :block
|
4
4
|
|
5
|
-
def initialize(granted, action, subject, user = nil, conditions = {}, block = nil)
|
5
|
+
def initialize(granted, action, subject, user = nil, conditions = {}, actions = [], block = nil)
|
6
6
|
@action = action
|
7
7
|
@user = user
|
8
8
|
@granted = granted
|
9
9
|
@subject = subject
|
10
10
|
@conditions = conditions
|
11
|
+
@actions = actions
|
11
12
|
@block = block
|
12
13
|
end
|
13
14
|
|
@@ -20,10 +21,12 @@ module AccessGranted
|
|
20
21
|
end
|
21
22
|
|
22
23
|
def matches_conditions?(subject)
|
23
|
-
if @block
|
24
|
+
if @block
|
24
25
|
@block.call(subject, @user)
|
25
|
-
|
26
|
+
elsif !@conditions.empty?
|
26
27
|
matches_hash_conditions?(subject)
|
28
|
+
else
|
29
|
+
true
|
27
30
|
end
|
28
31
|
end
|
29
32
|
|
@@ -29,16 +29,27 @@ module AccessGranted
|
|
29
29
|
|
30
30
|
def can?(action, subject = nil)
|
31
31
|
cache[action] ||= {}
|
32
|
-
|
32
|
+
|
33
|
+
if cache[action][subject]
|
34
|
+
cache[action][subject]
|
35
|
+
else
|
36
|
+
granted, actions = check_permission(action, subject)
|
37
|
+
actions.each do |a|
|
38
|
+
cache[a] ||= {}
|
39
|
+
cache[a][subject] ||= granted
|
40
|
+
end
|
41
|
+
|
42
|
+
granted
|
43
|
+
end
|
33
44
|
end
|
34
45
|
|
35
46
|
def check_permission(action, subject)
|
36
47
|
applicable_roles.each do |role|
|
37
48
|
permission = role.find_permission(action, subject)
|
38
|
-
return permission.granted if permission
|
49
|
+
return [permission.granted, permission.actions] if permission
|
39
50
|
end
|
40
51
|
|
41
|
-
false
|
52
|
+
[false, []]
|
42
53
|
end
|
43
54
|
|
44
55
|
def cannot?(*args)
|
data/lib/access-granted/role.rb
CHANGED
@@ -53,9 +53,10 @@ module AccessGranted
|
|
53
53
|
end
|
54
54
|
|
55
55
|
def add_permission(granted, action, subject, conditions, block)
|
56
|
-
prepare_actions(action)
|
56
|
+
prepared_actions = prepare_actions(action)
|
57
|
+
prepared_actions.each do |a|
|
57
58
|
raise DuplicatePermission, "Permission `#{a}` is already defined for #{subject} in role `#{name}`" if find_permission(a, subject)
|
58
|
-
permissions << Permission.new(granted, a, subject, @user, conditions, block)
|
59
|
+
permissions << Permission.new(granted, a, subject, @user, conditions, prepared_actions, block)
|
59
60
|
end
|
60
61
|
end
|
61
62
|
|
data/spec/permission_spec.rb
CHANGED
@@ -3,30 +3,23 @@ require 'spec_helper'
|
|
3
3
|
describe AccessGranted::Permission do
|
4
4
|
subject { AccessGranted::Permission }
|
5
5
|
|
6
|
-
describe "#
|
7
|
-
it "matches when no conditions given" do
|
8
|
-
perm = subject.new(true, :read, String)
|
9
|
-
expect(perm.matches_conditions?(String)).to eq(true)
|
10
|
-
end
|
6
|
+
describe "#matches_proc_conditions?" do
|
11
7
|
|
12
|
-
it "matches proc conditions" do
|
8
|
+
it "matches proc conditions when true" do
|
13
9
|
sub = double("Element", published?: true)
|
14
|
-
perm = subject.new(true, :read, sub
|
10
|
+
perm = subject.new(true, :read, sub, nil, {}, proc {true})
|
15
11
|
expect(perm.matches_conditions?(sub)).to eq(true)
|
16
12
|
end
|
17
13
|
|
18
|
-
it "does not match proc conditions
|
14
|
+
it "does not match proc conditions false" do
|
19
15
|
sub = double("Element", published?: true)
|
20
|
-
perm = subject.new(true, :read, sub
|
21
|
-
expect(perm.matches_conditions?(sub
|
16
|
+
perm = subject.new(true, :read, sub, nil, {}, proc {false})
|
17
|
+
expect(perm.matches_conditions?(sub)).to eq(false)
|
22
18
|
end
|
19
|
+
|
23
20
|
end
|
24
21
|
|
25
22
|
describe "#matches_hash_conditions?" do
|
26
|
-
it "matches condition hash is empty" do
|
27
|
-
perm = subject.new(true, :read, String)
|
28
|
-
expect(perm.matches_hash_conditions?(String)).to eq(true)
|
29
|
-
end
|
30
23
|
|
31
24
|
it "matches when conditions given" do
|
32
25
|
sub = double("Element", published: true)
|
@@ -39,6 +32,7 @@ describe AccessGranted::Permission do
|
|
39
32
|
perm = subject.new(true, :read, sub, nil, { published: true, readable: true })
|
40
33
|
expect(perm.matches_hash_conditions?(sub)).to eq(false)
|
41
34
|
end
|
35
|
+
|
42
36
|
end
|
43
37
|
|
44
38
|
describe "#matches_action?" do
|
@@ -46,6 +40,7 @@ describe AccessGranted::Permission do
|
|
46
40
|
perm = subject.new(true, :read, String)
|
47
41
|
expect(perm.matches_action?(:read)).to_not be_nil
|
48
42
|
end
|
43
|
+
|
49
44
|
end
|
50
45
|
|
51
46
|
describe "#matches_subject?" do
|
@@ -73,5 +68,15 @@ describe AccessGranted::Permission do
|
|
73
68
|
perm = subject.new(true, :read, String)
|
74
69
|
expect(perm.matches_subject? Object.new).to eq(false)
|
75
70
|
end
|
71
|
+
|
76
72
|
end
|
73
|
+
|
74
|
+
describe "#matches_empty_conditions?" do
|
75
|
+
it "matches when no conditions given" do
|
76
|
+
perm = subject.new(true, :read, String)
|
77
|
+
expect(perm.matches_conditions?(String)).to eq(true)
|
78
|
+
end
|
79
|
+
|
80
|
+
end
|
81
|
+
|
77
82
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: access-granted
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Piotrek Okoński
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-05-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -90,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
90
90
|
version: '0'
|
91
91
|
requirements: []
|
92
92
|
rubyforge_project:
|
93
|
-
rubygems_version: 2.5.
|
93
|
+
rubygems_version: 2.5.2
|
94
94
|
signing_key:
|
95
95
|
specification_version: 4
|
96
96
|
summary: Elegant whitelist and role based authorization with ability to prioritize
|
@@ -101,4 +101,3 @@ test_files:
|
|
101
101
|
- spec/policy_spec.rb
|
102
102
|
- spec/role_spec.rb
|
103
103
|
- spec/spec_helper.rb
|
104
|
-
has_rdoc:
|