access-granted 1.1.2 → 1.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: b6d400982e35b05842762be3929a3bfb9d1a9de6
4
- data.tar.gz: 3825d04d00c581e55b21339c92e6b8b3b5e90672
3
+ metadata.gz: 99c759ed2b314ec49877c1ba6b0673650b9c3fba
4
+ data.tar.gz: b77fa0ed9b87a7fd2bb3aa853a767f6e43cfe014
5
5
  SHA512:
6
- metadata.gz: f1fa9bad01415dc1642a0d7d4c6396f4db625f88f87c81f59649fb230547da4f32cbbcb01bb3362a4716cdfba702ed97719afc2eecee688a8383c05901e2f9b6
7
- data.tar.gz: bc6346e03d9d8502f4e42fce4ec0eba1939fd5e3c01846380f480c1e0feb4936af16840d2caf507f8b75e4b66f9e7b9b03841e42cac2c34200d512d409d2e738
6
+ metadata.gz: 270c16d0e319ac997679178287cbfb323b69c210b6f57ce8dbb1b34b42d566ec1c415936df32004d2a0f65f8622a777cb02c58b8c4514d14563412dd153e35c5
7
+ data.tar.gz: 112f93450a81eac894aeb55fb007fc6b1dabec4626e5b561c62a9ceb52e31c29254b0c2a3aae693bb20786e74d77d4376badfaa497e33e0b29a1b3103b1c67d6
@@ -1,3 +1,24 @@
1
+ # 1.2.0
2
+
3
+ - Cache whole blocks of identical permissions when one of them is checked.
4
+ For example, assuming we have a given permissions set:
5
+
6
+ ```
7
+ can [:update, :destroy, :archive], Post do |post, user|
8
+ post.user_id == user.id
9
+ end
10
+ ```
11
+
12
+ When resolving one of them like this:
13
+
14
+ ```
15
+ can? :update, @post
16
+ ```
17
+
18
+ Access Granted will cache the result for each of the remaining actions, too.
19
+ So next time when checking permissions `:destroy` or `:archive`, AG will serve the result from cache instead of running the block again.
20
+
21
+
1
22
  # 1.1.2
2
23
 
3
24
  - Expose internal `block` instance variable in Permission class
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "access-granted"
7
- spec.version = "1.1.2"
7
+ spec.version = "1.2.0"
8
8
  spec.authors = ["Piotrek Okoński"]
9
9
  spec.email = ["piotrek@okonski.org"]
10
10
  spec.description = %q{Role based authorization gem}
@@ -1,13 +1,14 @@
1
1
  module AccessGranted
2
2
  class Permission
3
- attr_reader :action, :subject, :granted, :conditions, :block
3
+ attr_reader :action, :subject, :granted, :conditions, :actions, :block
4
4
 
5
- def initialize(granted, action, subject, user = nil, conditions = {}, block = nil)
5
+ def initialize(granted, action, subject, user = nil, conditions = {}, actions = [], block = nil)
6
6
  @action = action
7
7
  @user = user
8
8
  @granted = granted
9
9
  @subject = subject
10
10
  @conditions = conditions
11
+ @actions = actions
11
12
  @block = block
12
13
  end
13
14
 
@@ -20,10 +21,12 @@ module AccessGranted
20
21
  end
21
22
 
22
23
  def matches_conditions?(subject)
23
- if @block && !subject.is_a?(Class)
24
+ if @block
24
25
  @block.call(subject, @user)
25
- else
26
+ elsif !@conditions.empty?
26
27
  matches_hash_conditions?(subject)
28
+ else
29
+ true
27
30
  end
28
31
  end
29
32
 
@@ -29,16 +29,27 @@ module AccessGranted
29
29
 
30
30
  def can?(action, subject = nil)
31
31
  cache[action] ||= {}
32
- cache[action][subject] ||= check_permission(action, subject)
32
+
33
+ if cache[action][subject]
34
+ cache[action][subject]
35
+ else
36
+ granted, actions = check_permission(action, subject)
37
+ actions.each do |a|
38
+ cache[a] ||= {}
39
+ cache[a][subject] ||= granted
40
+ end
41
+
42
+ granted
43
+ end
33
44
  end
34
45
 
35
46
  def check_permission(action, subject)
36
47
  applicable_roles.each do |role|
37
48
  permission = role.find_permission(action, subject)
38
- return permission.granted if permission
49
+ return [permission.granted, permission.actions] if permission
39
50
  end
40
51
 
41
- false
52
+ [false, []]
42
53
  end
43
54
 
44
55
  def cannot?(*args)
@@ -53,9 +53,10 @@ module AccessGranted
53
53
  end
54
54
 
55
55
  def add_permission(granted, action, subject, conditions, block)
56
- prepare_actions(action).each do |a|
56
+ prepared_actions = prepare_actions(action)
57
+ prepared_actions.each do |a|
57
58
  raise DuplicatePermission, "Permission `#{a}` is already defined for #{subject} in role `#{name}`" if find_permission(a, subject)
58
- permissions << Permission.new(granted, a, subject, @user, conditions, block)
59
+ permissions << Permission.new(granted, a, subject, @user, conditions, prepared_actions, block)
59
60
  end
60
61
  end
61
62
 
@@ -3,30 +3,23 @@ require 'spec_helper'
3
3
  describe AccessGranted::Permission do
4
4
  subject { AccessGranted::Permission }
5
5
 
6
- describe "#matches_conditions?" do
7
- it "matches when no conditions given" do
8
- perm = subject.new(true, :read, String)
9
- expect(perm.matches_conditions?(String)).to eq(true)
10
- end
6
+ describe "#matches_proc_conditions?" do
11
7
 
12
- it "matches proc conditions" do
8
+ it "matches proc conditions when true" do
13
9
  sub = double("Element", published?: true)
14
- perm = subject.new(true, :read, sub.class, nil, {}, proc {|el| el.published? })
10
+ perm = subject.new(true, :read, sub, nil, {}, proc {true})
15
11
  expect(perm.matches_conditions?(sub)).to eq(true)
16
12
  end
17
13
 
18
- it "does not match proc conditions when given a class instead of an instance" do
14
+ it "does not match proc conditions false" do
19
15
  sub = double("Element", published?: true)
20
- perm = subject.new(true, :read, sub.class, nil, {}, proc {|el| el.published? })
21
- expect(perm.matches_conditions?(sub.class)).to eq(true)
16
+ perm = subject.new(true, :read, sub, nil, {}, proc {false})
17
+ expect(perm.matches_conditions?(sub)).to eq(false)
22
18
  end
19
+
23
20
  end
24
21
 
25
22
  describe "#matches_hash_conditions?" do
26
- it "matches condition hash is empty" do
27
- perm = subject.new(true, :read, String)
28
- expect(perm.matches_hash_conditions?(String)).to eq(true)
29
- end
30
23
 
31
24
  it "matches when conditions given" do
32
25
  sub = double("Element", published: true)
@@ -39,6 +32,7 @@ describe AccessGranted::Permission do
39
32
  perm = subject.new(true, :read, sub, nil, { published: true, readable: true })
40
33
  expect(perm.matches_hash_conditions?(sub)).to eq(false)
41
34
  end
35
+
42
36
  end
43
37
 
44
38
  describe "#matches_action?" do
@@ -46,6 +40,7 @@ describe AccessGranted::Permission do
46
40
  perm = subject.new(true, :read, String)
47
41
  expect(perm.matches_action?(:read)).to_not be_nil
48
42
  end
43
+
49
44
  end
50
45
 
51
46
  describe "#matches_subject?" do
@@ -73,5 +68,15 @@ describe AccessGranted::Permission do
73
68
  perm = subject.new(true, :read, String)
74
69
  expect(perm.matches_subject? Object.new).to eq(false)
75
70
  end
71
+
76
72
  end
73
+
74
+ describe "#matches_empty_conditions?" do
75
+ it "matches when no conditions given" do
76
+ perm = subject.new(true, :read, String)
77
+ expect(perm.matches_conditions?(String)).to eq(true)
78
+ end
79
+
80
+ end
81
+
77
82
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: access-granted
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.2
4
+ version: 1.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Piotrek Okoński
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-01-02 00:00:00.000000000 Z
11
+ date: 2017-05-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -90,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
90
90
  version: '0'
91
91
  requirements: []
92
92
  rubyforge_project:
93
- rubygems_version: 2.5.1
93
+ rubygems_version: 2.5.2
94
94
  signing_key:
95
95
  specification_version: 4
96
96
  summary: Elegant whitelist and role based authorization with ability to prioritize
@@ -101,4 +101,3 @@ test_files:
101
101
  - spec/policy_spec.rb
102
102
  - spec/role_spec.rb
103
103
  - spec/spec_helper.rb
104
- has_rdoc: