access-granted 1.2.0 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.travis.yml +3 -1
- data/CHANGELOG.md +8 -2
- data/README.md +11 -11
- data/access-granted.gemspec +1 -1
- data/benchmarks/README.md +14 -14
- data/lib/access-granted.rb +1 -11
- data/lib/access-granted/railtie.rb +19 -0
- data/spec/permission_spec.rb +2 -2
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 0ce9cfd4d0c980f5f3ba545fa4f2691897b80698fd6fe665c6b29ff226131774
|
|
4
|
+
data.tar.gz: 82802d1c59a69c201f5f9bfd73de5f17e82e47d8532ca22682a4cef140bada80
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7e050411bc42573ce3da74a78672974f4cf589e97c5c320a2774093a4c659bd95302f49796fa1f7ec785a36b93823684c4942b828de675fa24d696bc14a1fb89
|
|
7
|
+
data.tar.gz: '0119c97744988a5c1aea30e5e1e14606cbb53a78c448e2b57d94cc2d7ebcdc0b0ab5220ff7a2672e6c1d56a8ce710f58a20625e288e6d9a4bef069ca1acff56b'
|
data/.travis.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,9 +1,15 @@
|
|
|
1
|
+
# 1.3.0
|
|
2
|
+
|
|
3
|
+
- Drop support for Ruby 1.9.3, it might still work but we are no longer testing against it.
|
|
4
|
+
- Start testing against Rubies 2.3-2.5 in CI
|
|
5
|
+
- Move Rails integration into Railties, this fixes some load order issues ([PR #45](https://github.com/chaps-io/access-granted/pull/45)), thanks [jraqula](https://github.com/jraqula)!
|
|
6
|
+
|
|
1
7
|
# 1.2.0
|
|
2
8
|
|
|
3
9
|
- Cache whole blocks of identical permissions when one of them is checked.
|
|
4
10
|
For example, assuming we have a given permissions set:
|
|
5
11
|
|
|
6
|
-
```
|
|
12
|
+
```ruby
|
|
7
13
|
can [:update, :destroy, :archive], Post do |post, user|
|
|
8
14
|
post.user_id == user.id
|
|
9
15
|
end
|
|
@@ -11,7 +17,7 @@
|
|
|
11
17
|
|
|
12
18
|
When resolving one of them like this:
|
|
13
19
|
|
|
14
|
-
```
|
|
20
|
+
```ruby
|
|
15
21
|
can? :update, @post
|
|
16
22
|
```
|
|
17
23
|
|
data/README.md
CHANGED
|
@@ -31,26 +31,26 @@ AccessGranted is meant as a replacement for CanCan to solve major problems:
|
|
|
31
31
|
|
|
32
32
|
1. Performance
|
|
33
33
|
|
|
34
|
-
|
|
35
|
-
|
|
34
|
+
On average AccessGranted is **20 times faster** in resolving identical permissions and takes less memory.
|
|
35
|
+
See [benchmarks](https://github.com/chaps-io/access-granted/blob/master/benchmarks).
|
|
36
36
|
|
|
37
37
|
2. Roles
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
Adds support for roles, so no more `if`s and `else`s in your Policy file. This makes it extremely easy to maintain and read the code.
|
|
40
40
|
|
|
41
41
|
3. Whitelists
|
|
42
42
|
|
|
43
|
-
|
|
44
|
-
|
|
43
|
+
This means that you define what the user can do, which results in clean, readable policies regardless of application complexity.
|
|
44
|
+
You don't have to worry about juggling `can`s and `cannot`s in a very convoluted way!
|
|
45
45
|
|
|
46
|
-
|
|
46
|
+
_Note_: `cannot` is still available, but has a very specifc use. See [Usage](#usage) below.
|
|
47
47
|
|
|
48
48
|
4. Framework agnostic
|
|
49
49
|
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
50
|
+
Permissions can work on basically any object and AccessGranted is framework-agnostic,
|
|
51
|
+
but it has Rails support out of the box. :)
|
|
52
|
+
It does not depend on any libraries, pure and clean Ruby code. Guaranteed to always work,
|
|
53
|
+
even when software around changes.
|
|
54
54
|
|
|
55
55
|
## Usage
|
|
56
56
|
|
|
@@ -280,7 +280,7 @@ or with `cannot?`:
|
|
|
280
280
|
|
|
281
281
|
```ruby
|
|
282
282
|
policy.cannot?(:create, Post) #=> false
|
|
283
|
-
policy.cannot?(:update, @
|
|
283
|
+
policy.cannot?(:update, @post) #=> true
|
|
284
284
|
```
|
|
285
285
|
|
|
286
286
|
## Common examples
|
data/access-granted.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "access-granted"
|
|
7
|
-
spec.version = "1.
|
|
7
|
+
spec.version = "1.3.0"
|
|
8
8
|
spec.authors = ["Piotrek Okoński"]
|
|
9
9
|
spec.email = ["piotrek@okonski.org"]
|
|
10
10
|
spec.description = %q{Role based authorization gem}
|
data/benchmarks/README.md
CHANGED
|
@@ -1,24 +1,24 @@
|
|
|
1
1
|
# Benchmark results
|
|
2
2
|
|
|
3
|
-
Benchmarks ran on Ubuntu
|
|
3
|
+
Benchmarks ran on Ubuntu 17.04 64bit, i7 6700k @ 4.0Ghz, 32 GB RAM with Ruby 2.3.
|
|
4
4
|
|
|
5
5
|
## permissions.rb
|
|
6
6
|
|
|
7
7
|
This benchmark runs `can?` method for the 3 user roles for 20 seconds each, for both CanCan and AccessGranted.
|
|
8
8
|
|
|
9
9
|
```
|
|
10
|
+
Warming up --------------------------------------
|
|
11
|
+
ag-admin 158.815k i/100ms
|
|
12
|
+
ag-moderator 161.055k i/100ms
|
|
13
|
+
ag-user 161.670k i/100ms
|
|
14
|
+
cancan-admin 14.865k i/100ms
|
|
15
|
+
cancan-moderator 13.181k i/100ms
|
|
16
|
+
cancan-user 18.907k i/100ms
|
|
10
17
|
Calculating -------------------------------------
|
|
11
|
-
ag-admin
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
cancan-user
|
|
17
|
-
-------------------------------------------------
|
|
18
|
-
ag-admin 283.174k (± 1.1%) i/s - 5.682M
|
|
19
|
-
cancan-admin 160.450k (± 1.0%) i/s - 3.217M
|
|
20
|
-
ag-moderator 301.290k (± 1.1%) i/s - 6.029M
|
|
21
|
-
cancan-moderator 134.591k (± 1.3%) i/s - 2.698M
|
|
22
|
-
ag-user 353.259k (± 0.9%) i/s - 7.086M
|
|
23
|
-
cancan-user 198.579k (± 1.6%) i/s - 3.979M
|
|
18
|
+
ag-admin 2.141M (± 3.9%) i/s - 10.799M in 5.052573s
|
|
19
|
+
ag-moderator 2.180M (± 2.1%) i/s - 10.952M in 5.025727s
|
|
20
|
+
ag-user 2.206M (± 0.4%) i/s - 11.155M in 5.056550s
|
|
21
|
+
cancan-admin 158.288k (± 2.4%) i/s - 802.710k in 5.074299s
|
|
22
|
+
cancan-moderator 142.573k (± 2.1%) i/s - 724.955k in 5.087277s
|
|
23
|
+
cancan-user 204.783k (± 2.2%) i/s - 1.040M in 5.080488s
|
|
24
24
|
```
|
data/lib/access-granted.rb
CHANGED
|
@@ -3,19 +3,9 @@ require "access-granted/policy"
|
|
|
3
3
|
require "access-granted/permission"
|
|
4
4
|
require "access-granted/role"
|
|
5
5
|
require "access-granted/rails/controller_methods"
|
|
6
|
+
require "access-granted/railtie" if defined?(Rails)
|
|
6
7
|
|
|
7
8
|
module AccessGranted
|
|
8
9
|
|
|
9
10
|
end
|
|
10
11
|
|
|
11
|
-
if defined? ActionController::Base
|
|
12
|
-
ActionController::Base.class_eval do
|
|
13
|
-
include AccessGranted::Rails::ControllerMethods
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
if defined? ActionController::API
|
|
18
|
-
ActionController::API.class_eval do
|
|
19
|
-
include AccessGranted::Rails::ControllerMethods
|
|
20
|
-
end
|
|
21
|
-
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
require 'rails/railtie'
|
|
2
|
+
|
|
3
|
+
module AccessGranted
|
|
4
|
+
class Railtie < ::Rails::Railtie
|
|
5
|
+
initializer :access_granted do
|
|
6
|
+
if defined? ActionController::Base
|
|
7
|
+
ActionController::Base.class_eval do
|
|
8
|
+
include AccessGranted::Rails::ControllerMethods
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
if defined? ActionController::API
|
|
13
|
+
ActionController::API.class_eval do
|
|
14
|
+
include AccessGranted::Rails::ControllerMethods
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
data/spec/permission_spec.rb
CHANGED
|
@@ -7,13 +7,13 @@ describe AccessGranted::Permission do
|
|
|
7
7
|
|
|
8
8
|
it "matches proc conditions when true" do
|
|
9
9
|
sub = double("Element", published?: true)
|
|
10
|
-
perm = subject.new(true, :read, sub, nil, {}, proc {true})
|
|
10
|
+
perm = subject.new(true, :read, sub, nil, {}, [], proc {true})
|
|
11
11
|
expect(perm.matches_conditions?(sub)).to eq(true)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
it "does not match proc conditions false" do
|
|
15
15
|
sub = double("Element", published?: true)
|
|
16
|
-
perm = subject.new(true, :read, sub, nil, {}, proc {false})
|
|
16
|
+
perm = subject.new(true, :read, sub, nil, {}, [], proc {false})
|
|
17
17
|
expect(perm.matches_conditions?(sub)).to eq(false)
|
|
18
18
|
end
|
|
19
19
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: access-granted
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Piotrek Okoński
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-04-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -62,6 +62,7 @@ files:
|
|
|
62
62
|
- lib/access-granted/permission.rb
|
|
63
63
|
- lib/access-granted/policy.rb
|
|
64
64
|
- lib/access-granted/rails/controller_methods.rb
|
|
65
|
+
- lib/access-granted/railtie.rb
|
|
65
66
|
- lib/access-granted/role.rb
|
|
66
67
|
- lib/generators/access_granted/policy_generator.rb
|
|
67
68
|
- lib/generators/templates/access_policy.rb
|
|
@@ -90,7 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
91
|
version: '0'
|
|
91
92
|
requirements: []
|
|
92
93
|
rubyforge_project:
|
|
93
|
-
rubygems_version: 2.
|
|
94
|
+
rubygems_version: 2.7.6
|
|
94
95
|
signing_key:
|
|
95
96
|
specification_version: 4
|
|
96
97
|
summary: Elegant whitelist and role based authorization with ability to prioritize
|