access-granted 1.3.1 → 1.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/README.md +16 -1
- data/access-granted.gemspec +1 -1
- data/lib/access-granted/exceptions.rb +3 -2
- data/lib/access-granted/policy.rb +2 -4
- data/lib/access-granted/railtie.rb +17 -7
- data/lib/access-granted/role.rb +2 -5
- data/spec/policy_spec.rb +22 -3
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 115b6ed416c4bfa4b6d94d53520388c382b65966aa8ce7c4072d9991a630d1d3
|
|
4
|
+
data.tar.gz: 0af1baa07da37953f292b4bb8d24680cbebdf70c1495203d7a4312d4735584bb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6554c68a9ddd5f04866afef389d59d48ddbd63fc6173c6955b39075fb9f23ac5c8d1036f13cc8f7ac9fed997217d1d69b725c5f6e0dc83550a1e8eea293e6e6d
|
|
7
|
+
data.tar.gz: 162efc4e19ad3fa554778b00dfd46d28f951ac90a65d94c2f3037f554dc590f9822eb7db6a19c792f65eeaba78adcc77386f9956e88c7f00f9127a2a231141e9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,14 @@
|
|
|
1
|
+
# 1.3.3
|
|
2
|
+
|
|
3
|
+
- Fix compatibility with Rails 6.0 and Zeitwerk ([PR #53](https://github.com/chaps-io/access-granted/pull/53)), thanks [jraqula](https://github.com/dmorehouse)!
|
|
4
|
+
|
|
5
|
+
# 1.3.2
|
|
6
|
+
|
|
7
|
+
- Expose `applicable_roles` method on the policy instance. This allows insight into what roles actually apply to a given user.
|
|
8
|
+
|
|
1
9
|
# 1.3.1
|
|
2
10
|
|
|
3
|
-
- Add information about action and subject when raising AccessDenied exception ([PR #
|
|
11
|
+
- Add information about action and subject when raising AccessDenied exception ([PR #46](https://github.com/chaps-io/access-granted/pull/46)), thanks [jraqula](https://github.com/jraqula)!
|
|
4
12
|
|
|
5
13
|
# 1.3.0
|
|
6
14
|
|
data/README.md
CHANGED
|
@@ -25,7 +25,7 @@ config.autoload_paths += %W(#{config.root}/app/policies #{config.root}/app/roles
|
|
|
25
25
|
|
|
26
26
|
### Supported Ruby versions
|
|
27
27
|
|
|
28
|
-
Because it has **zero** runtime dependencies it is guaranteed to work on all major Ruby versions MRI
|
|
28
|
+
Because it has **zero** runtime dependencies it is guaranteed to work on all major Ruby versions MRI `2.0` - `2.5`, Rubinius `>= 2.X` and JRuby `>= 1.7`.
|
|
29
29
|
|
|
30
30
|
## Summary
|
|
31
31
|
|
|
@@ -232,6 +232,21 @@ if you want to handle authorization errors differently for some cases:
|
|
|
232
232
|
end
|
|
233
233
|
```
|
|
234
234
|
|
|
235
|
+
You can also have a custom exception message while authorizing a request.
|
|
236
|
+
This message will be associated with the exception object thrown.
|
|
237
|
+
|
|
238
|
+
```ruby
|
|
239
|
+
class PostsController
|
|
240
|
+
def show
|
|
241
|
+
@post = Post.find(params[:id])
|
|
242
|
+
authorize! :read, @post, 'You do not have access to this post'
|
|
243
|
+
render json: { post: @post }
|
|
244
|
+
rescue AccessGranted::AccessDenied => e
|
|
245
|
+
render json: { error: e.message }, status: :forbidden
|
|
246
|
+
end
|
|
247
|
+
end
|
|
248
|
+
```
|
|
249
|
+
|
|
235
250
|
#### Checking permissions in controllers
|
|
236
251
|
|
|
237
252
|
To check if the user has a permission to perform an action, use the `can?` and `cannot?` methods.
|
data/access-granted.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "access-granted"
|
|
7
|
-
spec.version = "1.3.
|
|
7
|
+
spec.version = "1.3.3"
|
|
8
8
|
spec.authors = ["Piotrek Okoński"]
|
|
9
9
|
spec.email = ["piotrek@okonski.org"]
|
|
10
10
|
spec.description = %q{Role based authorization gem}
|
|
@@ -4,10 +4,11 @@ module AccessGranted
|
|
|
4
4
|
class DuplicatePermission < Error; end;
|
|
5
5
|
class DuplicateRole < Error; end;
|
|
6
6
|
class AccessDenied < Error
|
|
7
|
-
attr_reader :action, :subject
|
|
8
|
-
def initialize(action = nil, subject = nil)
|
|
7
|
+
attr_reader :action, :subject, :message
|
|
8
|
+
def initialize(action = nil, subject = nil, message = nil)
|
|
9
9
|
@action = action
|
|
10
10
|
@subject = subject
|
|
11
|
+
@message = message
|
|
11
12
|
end
|
|
12
13
|
end
|
|
13
14
|
end
|
|
@@ -56,15 +56,13 @@ module AccessGranted
|
|
|
56
56
|
!can?(*args)
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
-
def authorize!(action, subject)
|
|
59
|
+
def authorize!(action, subject, message = 'Access Denied')
|
|
60
60
|
if cannot?(action, subject)
|
|
61
|
-
raise AccessDenied.new(action, subject)
|
|
61
|
+
raise AccessDenied.new(action, subject, message)
|
|
62
62
|
end
|
|
63
63
|
subject
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
-
private
|
|
67
|
-
|
|
68
66
|
def applicable_roles
|
|
69
67
|
@applicable_roles ||= roles.select do |role|
|
|
70
68
|
role.applies_to?(user)
|
|
@@ -3,15 +3,25 @@ require 'rails/railtie'
|
|
|
3
3
|
module AccessGranted
|
|
4
4
|
class Railtie < ::Rails::Railtie
|
|
5
5
|
initializer :access_granted do
|
|
6
|
-
if
|
|
7
|
-
|
|
8
|
-
include AccessGranted::Rails::ControllerMethods
|
|
6
|
+
if ::Rails::VERSION::MAJOR >= 6
|
|
7
|
+
ActiveSupport.on_load(:action_controller_base) do |base|
|
|
8
|
+
base.include AccessGranted::Rails::ControllerMethods
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
ActiveSupport.on_load(:action_controller_api) do |base|
|
|
12
|
+
base.include AccessGranted::Rails::ControllerMethods
|
|
13
|
+
end
|
|
14
|
+
else
|
|
15
|
+
if defined? ActionController::Base
|
|
16
|
+
ActionController::Base.class_eval do
|
|
17
|
+
include AccessGranted::Rails::ControllerMethods
|
|
18
|
+
end
|
|
9
19
|
end
|
|
10
|
-
end
|
|
11
20
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
21
|
+
if defined? ActionController::API
|
|
22
|
+
ActionController::API.class_eval do
|
|
23
|
+
include AccessGranted::Rails::ControllerMethods
|
|
24
|
+
end
|
|
15
25
|
end
|
|
16
26
|
end
|
|
17
27
|
end
|
data/lib/access-granted/role.rb
CHANGED
|
@@ -69,11 +69,8 @@ module AccessGranted
|
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
def prepare_actions(action)
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
else
|
|
75
|
-
actions = Array(*[action])
|
|
76
|
-
end
|
|
72
|
+
actions = Array(*[action])
|
|
73
|
+
actions.flat_map { |a| a == :manage ? [:create, :read, :update, :destroy ] : [a] }
|
|
77
74
|
end
|
|
78
75
|
end
|
|
79
76
|
end
|
data/spec/policy_spec.rb
CHANGED
|
@@ -143,6 +143,16 @@ describe AccessGranted::Policy do
|
|
|
143
143
|
end
|
|
144
144
|
end
|
|
145
145
|
|
|
146
|
+
it "raises AccessDenied with supplied message if action is not allowed" do
|
|
147
|
+
message = 'You are not allowed to create Integer'
|
|
148
|
+
expect { klass.new(@member).authorize!(:create, Integer, message) }.to raise_error do |err|
|
|
149
|
+
expect(err).to be_a(AccessGranted::AccessDenied)
|
|
150
|
+
expect(err.action).to eq(:create)
|
|
151
|
+
expect(err.subject).to eq(Integer)
|
|
152
|
+
expect(err.message).to eq(message)
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
|
|
146
156
|
it "returns the subject if allowed" do
|
|
147
157
|
expect(klass.new(@member).authorize!(:create, String)).to equal String
|
|
148
158
|
end
|
|
@@ -188,8 +198,9 @@ describe AccessGranted::Policy do
|
|
|
188
198
|
end
|
|
189
199
|
end
|
|
190
200
|
|
|
191
|
-
describe "#
|
|
201
|
+
describe "#applicable_roles" do
|
|
192
202
|
let(:user) { double("User", is_moderator: true, is_admin: true) }
|
|
203
|
+
subject(:policy) { klass.new(user) }
|
|
193
204
|
|
|
194
205
|
before do
|
|
195
206
|
policy.role(:administrator, { is_admin: true })
|
|
@@ -197,9 +208,17 @@ describe AccessGranted::Policy do
|
|
|
197
208
|
policy.role(:member)
|
|
198
209
|
end
|
|
199
210
|
|
|
200
|
-
|
|
211
|
+
context "user matches all roles" do
|
|
201
212
|
it "returns all matching roles in the order of priority" do
|
|
202
|
-
expect(
|
|
213
|
+
expect(policy.applicable_roles.map(&:name)).to eq([:administrator, :moderator, :member])
|
|
214
|
+
end
|
|
215
|
+
end
|
|
216
|
+
|
|
217
|
+
context "user is just an admin" do
|
|
218
|
+
let(:user) { double("User", is_moderator: false, is_admin: true) }
|
|
219
|
+
|
|
220
|
+
it 'returns array with admin and member roles' do
|
|
221
|
+
expect(policy.applicable_roles.map(&:name)).to eq([:administrator, :member])
|
|
203
222
|
end
|
|
204
223
|
end
|
|
205
224
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: access-granted
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Piotrek Okoński
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-08-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -90,8 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
90
|
- !ruby/object:Gem::Version
|
|
91
91
|
version: '0'
|
|
92
92
|
requirements: []
|
|
93
|
-
|
|
94
|
-
rubygems_version: 2.7.6
|
|
93
|
+
rubygems_version: 3.1.4
|
|
95
94
|
signing_key:
|
|
96
95
|
specification_version: 4
|
|
97
96
|
summary: Elegant whitelist and role based authorization with ability to prioritize
|