access-granted 1.1.2 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b6d400982e35b05842762be3929a3bfb9d1a9de6
4
- data.tar.gz: 3825d04d00c581e55b21339c92e6b8b3b5e90672
3
+ metadata.gz: 99c759ed2b314ec49877c1ba6b0673650b9c3fba
4
+ data.tar.gz: b77fa0ed9b87a7fd2bb3aa853a767f6e43cfe014
5
5
  SHA512:
6
- metadata.gz: f1fa9bad01415dc1642a0d7d4c6396f4db625f88f87c81f59649fb230547da4f32cbbcb01bb3362a4716cdfba702ed97719afc2eecee688a8383c05901e2f9b6
7
- data.tar.gz: bc6346e03d9d8502f4e42fce4ec0eba1939fd5e3c01846380f480c1e0feb4936af16840d2caf507f8b75e4b66f9e7b9b03841e42cac2c34200d512d409d2e738
6
+ metadata.gz: 270c16d0e319ac997679178287cbfb323b69c210b6f57ce8dbb1b34b42d566ec1c415936df32004d2a0f65f8622a777cb02c58b8c4514d14563412dd153e35c5
7
+ data.tar.gz: 112f93450a81eac894aeb55fb007fc6b1dabec4626e5b561c62a9ceb52e31c29254b0c2a3aae693bb20786e74d77d4376badfaa497e33e0b29a1b3103b1c67d6
@@ -1,3 +1,24 @@
1
+ # 1.2.0
2
+
3
+ - Cache whole blocks of identical permissions when one of them is checked.
4
+ For example, assuming we have a given permissions set:
5
+
6
+ ```
7
+ can [:update, :destroy, :archive], Post do |post, user|
8
+ post.user_id == user.id
9
+ end
10
+ ```
11
+
12
+ When resolving one of them like this:
13
+
14
+ ```
15
+ can? :update, @post
16
+ ```
17
+
18
+ Access Granted will cache the result for each of the remaining actions, too.
19
+ So next time when checking permissions `:destroy` or `:archive`, AG will serve the result from cache instead of running the block again.
20
+
21
+
1
22
  # 1.1.2
2
23
 
3
24
  - Expose internal `block` instance variable in Permission class
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "access-granted"
7
- spec.version = "1.1.2"
7
+ spec.version = "1.2.0"
8
8
  spec.authors = ["Piotrek Okoński"]
9
9
  spec.email = ["piotrek@okonski.org"]
10
10
  spec.description = %q{Role based authorization gem}
@@ -1,13 +1,14 @@
1
1
  module AccessGranted
2
2
  class Permission
3
- attr_reader :action, :subject, :granted, :conditions, :block
3
+ attr_reader :action, :subject, :granted, :conditions, :actions, :block
4
4
 
5
- def initialize(granted, action, subject, user = nil, conditions = {}, block = nil)
5
+ def initialize(granted, action, subject, user = nil, conditions = {}, actions = [], block = nil)
6
6
  @action = action
7
7
  @user = user
8
8
  @granted = granted
9
9
  @subject = subject
10
10
  @conditions = conditions
11
+ @actions = actions
11
12
  @block = block
12
13
  end
13
14
 
@@ -20,10 +21,12 @@ module AccessGranted
20
21
  end
21
22
 
22
23
  def matches_conditions?(subject)
23
- if @block && !subject.is_a?(Class)
24
+ if @block
24
25
  @block.call(subject, @user)
25
- else
26
+ elsif !@conditions.empty?
26
27
  matches_hash_conditions?(subject)
28
+ else
29
+ true
27
30
  end
28
31
  end
29
32
 
@@ -29,16 +29,27 @@ module AccessGranted
29
29
 
30
30
  def can?(action, subject = nil)
31
31
  cache[action] ||= {}
32
- cache[action][subject] ||= check_permission(action, subject)
32
+
33
+ if cache[action][subject]
34
+ cache[action][subject]
35
+ else
36
+ granted, actions = check_permission(action, subject)
37
+ actions.each do |a|
38
+ cache[a] ||= {}
39
+ cache[a][subject] ||= granted
40
+ end
41
+
42
+ granted
43
+ end
33
44
  end
34
45
 
35
46
  def check_permission(action, subject)
36
47
  applicable_roles.each do |role|
37
48
  permission = role.find_permission(action, subject)
38
- return permission.granted if permission
49
+ return [permission.granted, permission.actions] if permission
39
50
  end
40
51
 
41
- false
52
+ [false, []]
42
53
  end
43
54
 
44
55
  def cannot?(*args)
@@ -53,9 +53,10 @@ module AccessGranted
53
53
  end
54
54
 
55
55
  def add_permission(granted, action, subject, conditions, block)
56
- prepare_actions(action).each do |a|
56
+ prepared_actions = prepare_actions(action)
57
+ prepared_actions.each do |a|
57
58
  raise DuplicatePermission, "Permission `#{a}` is already defined for #{subject} in role `#{name}`" if find_permission(a, subject)
58
- permissions << Permission.new(granted, a, subject, @user, conditions, block)
59
+ permissions << Permission.new(granted, a, subject, @user, conditions, prepared_actions, block)
59
60
  end
60
61
  end
61
62
 
@@ -3,30 +3,23 @@ require 'spec_helper'
3
3
  describe AccessGranted::Permission do
4
4
  subject { AccessGranted::Permission }
5
5
 
6
- describe "#matches_conditions?" do
7
- it "matches when no conditions given" do
8
- perm = subject.new(true, :read, String)
9
- expect(perm.matches_conditions?(String)).to eq(true)
10
- end
6
+ describe "#matches_proc_conditions?" do
11
7
 
12
- it "matches proc conditions" do
8
+ it "matches proc conditions when true" do
13
9
  sub = double("Element", published?: true)
14
- perm = subject.new(true, :read, sub.class, nil, {}, proc {|el| el.published? })
10
+ perm = subject.new(true, :read, sub, nil, {}, proc {true})
15
11
  expect(perm.matches_conditions?(sub)).to eq(true)
16
12
  end
17
13
 
18
- it "does not match proc conditions when given a class instead of an instance" do
14
+ it "does not match proc conditions false" do
19
15
  sub = double("Element", published?: true)
20
- perm = subject.new(true, :read, sub.class, nil, {}, proc {|el| el.published? })
21
- expect(perm.matches_conditions?(sub.class)).to eq(true)
16
+ perm = subject.new(true, :read, sub, nil, {}, proc {false})
17
+ expect(perm.matches_conditions?(sub)).to eq(false)
22
18
  end
19
+
23
20
  end
24
21
 
25
22
  describe "#matches_hash_conditions?" do
26
- it "matches condition hash is empty" do
27
- perm = subject.new(true, :read, String)
28
- expect(perm.matches_hash_conditions?(String)).to eq(true)
29
- end
30
23
 
31
24
  it "matches when conditions given" do
32
25
  sub = double("Element", published: true)
@@ -39,6 +32,7 @@ describe AccessGranted::Permission do
39
32
  perm = subject.new(true, :read, sub, nil, { published: true, readable: true })
40
33
  expect(perm.matches_hash_conditions?(sub)).to eq(false)
41
34
  end
35
+
42
36
  end
43
37
 
44
38
  describe "#matches_action?" do
@@ -46,6 +40,7 @@ describe AccessGranted::Permission do
46
40
  perm = subject.new(true, :read, String)
47
41
  expect(perm.matches_action?(:read)).to_not be_nil
48
42
  end
43
+
49
44
  end
50
45
 
51
46
  describe "#matches_subject?" do
@@ -73,5 +68,15 @@ describe AccessGranted::Permission do
73
68
  perm = subject.new(true, :read, String)
74
69
  expect(perm.matches_subject? Object.new).to eq(false)
75
70
  end
71
+
76
72
  end
73
+
74
+ describe "#matches_empty_conditions?" do
75
+ it "matches when no conditions given" do
76
+ perm = subject.new(true, :read, String)
77
+ expect(perm.matches_conditions?(String)).to eq(true)
78
+ end
79
+
80
+ end
81
+
77
82
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: access-granted
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Piotrek Okoński
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-02 00:00:00.000000000 Z
11
+ date: 2017-05-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -90,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
90
90
  version: '0'
91
91
  requirements: []
92
92
  rubyforge_project:
93
- rubygems_version: 2.5.1
93
+ rubygems_version: 2.5.2
94
94
  signing_key:
95
95
  specification_version: 4
96
96
  summary: Elegant whitelist and role based authorization with ability to prioritize
@@ -101,4 +101,3 @@ test_files:
101
101
  - spec/policy_spec.rb
102
102
  - spec/role_spec.rb
103
103
  - spec/spec_helper.rb
104
- has_rdoc: