access-granted 1.3.1 → 1.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +9 -1
- data/README.md +16 -1
- data/access-granted.gemspec +1 -1
- data/lib/access-granted/exceptions.rb +3 -2
- data/lib/access-granted/policy.rb +2 -4
- data/lib/access-granted/railtie.rb +17 -7
- data/lib/access-granted/role.rb +2 -5
- data/spec/policy_spec.rb +22 -3
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 115b6ed416c4bfa4b6d94d53520388c382b65966aa8ce7c4072d9991a630d1d3
|
|
4
|
+
data.tar.gz: 0af1baa07da37953f292b4bb8d24680cbebdf70c1495203d7a4312d4735584bb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6554c68a9ddd5f04866afef389d59d48ddbd63fc6173c6955b39075fb9f23ac5c8d1036f13cc8f7ac9fed997217d1d69b725c5f6e0dc83550a1e8eea293e6e6d
|
|
7
|
+
data.tar.gz: 162efc4e19ad3fa554778b00dfd46d28f951ac90a65d94c2f3037f554dc590f9822eb7db6a19c792f65eeaba78adcc77386f9956e88c7f00f9127a2a231141e9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,14 @@
|
|
|
1
|
+
# 1.3.3
|
|
2
|
+
|
|
3
|
+
- Fix compatibility with Rails 6.0 and Zeitwerk ([PR #53](https://github.com/chaps-io/access-granted/pull/53)), thanks [jraqula](https://github.com/dmorehouse)!
|
|
4
|
+
|
|
5
|
+
# 1.3.2
|
|
6
|
+
|
|
7
|
+
- Expose `applicable_roles` method on the policy instance. This allows insight into what roles actually apply to a given user.
|
|
8
|
+
|
|
1
9
|
# 1.3.1
|
|
2
10
|
|
|
3
|
-
- Add information about action and subject when raising AccessDenied exception ([PR #
|
|
11
|
+
- Add information about action and subject when raising AccessDenied exception ([PR #46](https://github.com/chaps-io/access-granted/pull/46)), thanks [jraqula](https://github.com/jraqula)!
|
|
4
12
|
|
|
5
13
|
# 1.3.0
|
|
6
14
|
|
data/README.md
CHANGED
|
@@ -25,7 +25,7 @@ config.autoload_paths += %W(#{config.root}/app/policies #{config.root}/app/roles
|
|
|
25
25
|
|
|
26
26
|
### Supported Ruby versions
|
|
27
27
|
|
|
28
|
-
Because it has **zero** runtime dependencies it is guaranteed to work on all major Ruby versions MRI
|
|
28
|
+
Because it has **zero** runtime dependencies it is guaranteed to work on all major Ruby versions MRI `2.0` - `2.5`, Rubinius `>= 2.X` and JRuby `>= 1.7`.
|
|
29
29
|
|
|
30
30
|
## Summary
|
|
31
31
|
|
|
@@ -232,6 +232,21 @@ if you want to handle authorization errors differently for some cases:
|
|
|
232
232
|
end
|
|
233
233
|
```
|
|
234
234
|
|
|
235
|
+
You can also have a custom exception message while authorizing a request.
|
|
236
|
+
This message will be associated with the exception object thrown.
|
|
237
|
+
|
|
238
|
+
```ruby
|
|
239
|
+
class PostsController
|
|
240
|
+
def show
|
|
241
|
+
@post = Post.find(params[:id])
|
|
242
|
+
authorize! :read, @post, 'You do not have access to this post'
|
|
243
|
+
render json: { post: @post }
|
|
244
|
+
rescue AccessGranted::AccessDenied => e
|
|
245
|
+
render json: { error: e.message }, status: :forbidden
|
|
246
|
+
end
|
|
247
|
+
end
|
|
248
|
+
```
|
|
249
|
+
|
|
235
250
|
#### Checking permissions in controllers
|
|
236
251
|
|
|
237
252
|
To check if the user has a permission to perform an action, use the `can?` and `cannot?` methods.
|
data/access-granted.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "access-granted"
|
|
7
|
-
spec.version = "1.3.
|
|
7
|
+
spec.version = "1.3.3"
|
|
8
8
|
spec.authors = ["Piotrek Okoński"]
|
|
9
9
|
spec.email = ["piotrek@okonski.org"]
|
|
10
10
|
spec.description = %q{Role based authorization gem}
|
|
@@ -4,10 +4,11 @@ module AccessGranted
|
|
|
4
4
|
class DuplicatePermission < Error; end;
|
|
5
5
|
class DuplicateRole < Error; end;
|
|
6
6
|
class AccessDenied < Error
|
|
7
|
-
attr_reader :action, :subject
|
|
8
|
-
def initialize(action = nil, subject = nil)
|
|
7
|
+
attr_reader :action, :subject, :message
|
|
8
|
+
def initialize(action = nil, subject = nil, message = nil)
|
|
9
9
|
@action = action
|
|
10
10
|
@subject = subject
|
|
11
|
+
@message = message
|
|
11
12
|
end
|
|
12
13
|
end
|
|
13
14
|
end
|
|
@@ -56,15 +56,13 @@ module AccessGranted
|
|
|
56
56
|
!can?(*args)
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
-
def authorize!(action, subject)
|
|
59
|
+
def authorize!(action, subject, message = 'Access Denied')
|
|
60
60
|
if cannot?(action, subject)
|
|
61
|
-
raise AccessDenied.new(action, subject)
|
|
61
|
+
raise AccessDenied.new(action, subject, message)
|
|
62
62
|
end
|
|
63
63
|
subject
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
-
private
|
|
67
|
-
|
|
68
66
|
def applicable_roles
|
|
69
67
|
@applicable_roles ||= roles.select do |role|
|
|
70
68
|
role.applies_to?(user)
|
|
@@ -3,15 +3,25 @@ require 'rails/railtie'
|
|
|
3
3
|
module AccessGranted
|
|
4
4
|
class Railtie < ::Rails::Railtie
|
|
5
5
|
initializer :access_granted do
|
|
6
|
-
if
|
|
7
|
-
|
|
8
|
-
include AccessGranted::Rails::ControllerMethods
|
|
6
|
+
if ::Rails::VERSION::MAJOR >= 6
|
|
7
|
+
ActiveSupport.on_load(:action_controller_base) do |base|
|
|
8
|
+
base.include AccessGranted::Rails::ControllerMethods
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
ActiveSupport.on_load(:action_controller_api) do |base|
|
|
12
|
+
base.include AccessGranted::Rails::ControllerMethods
|
|
13
|
+
end
|
|
14
|
+
else
|
|
15
|
+
if defined? ActionController::Base
|
|
16
|
+
ActionController::Base.class_eval do
|
|
17
|
+
include AccessGranted::Rails::ControllerMethods
|
|
18
|
+
end
|
|
9
19
|
end
|
|
10
|
-
end
|
|
11
20
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
21
|
+
if defined? ActionController::API
|
|
22
|
+
ActionController::API.class_eval do
|
|
23
|
+
include AccessGranted::Rails::ControllerMethods
|
|
24
|
+
end
|
|
15
25
|
end
|
|
16
26
|
end
|
|
17
27
|
end
|
data/lib/access-granted/role.rb
CHANGED
|
@@ -69,11 +69,8 @@ module AccessGranted
|
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
def prepare_actions(action)
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
else
|
|
75
|
-
actions = Array(*[action])
|
|
76
|
-
end
|
|
72
|
+
actions = Array(*[action])
|
|
73
|
+
actions.flat_map { |a| a == :manage ? [:create, :read, :update, :destroy ] : [a] }
|
|
77
74
|
end
|
|
78
75
|
end
|
|
79
76
|
end
|
data/spec/policy_spec.rb
CHANGED
|
@@ -143,6 +143,16 @@ describe AccessGranted::Policy do
|
|
|
143
143
|
end
|
|
144
144
|
end
|
|
145
145
|
|
|
146
|
+
it "raises AccessDenied with supplied message if action is not allowed" do
|
|
147
|
+
message = 'You are not allowed to create Integer'
|
|
148
|
+
expect { klass.new(@member).authorize!(:create, Integer, message) }.to raise_error do |err|
|
|
149
|
+
expect(err).to be_a(AccessGranted::AccessDenied)
|
|
150
|
+
expect(err.action).to eq(:create)
|
|
151
|
+
expect(err.subject).to eq(Integer)
|
|
152
|
+
expect(err.message).to eq(message)
|
|
153
|
+
end
|
|
154
|
+
end
|
|
155
|
+
|
|
146
156
|
it "returns the subject if allowed" do
|
|
147
157
|
expect(klass.new(@member).authorize!(:create, String)).to equal String
|
|
148
158
|
end
|
|
@@ -188,8 +198,9 @@ describe AccessGranted::Policy do
|
|
|
188
198
|
end
|
|
189
199
|
end
|
|
190
200
|
|
|
191
|
-
describe "#
|
|
201
|
+
describe "#applicable_roles" do
|
|
192
202
|
let(:user) { double("User", is_moderator: true, is_admin: true) }
|
|
203
|
+
subject(:policy) { klass.new(user) }
|
|
193
204
|
|
|
194
205
|
before do
|
|
195
206
|
policy.role(:administrator, { is_admin: true })
|
|
@@ -197,9 +208,17 @@ describe AccessGranted::Policy do
|
|
|
197
208
|
policy.role(:member)
|
|
198
209
|
end
|
|
199
210
|
|
|
200
|
-
|
|
211
|
+
context "user matches all roles" do
|
|
201
212
|
it "returns all matching roles in the order of priority" do
|
|
202
|
-
expect(
|
|
213
|
+
expect(policy.applicable_roles.map(&:name)).to eq([:administrator, :moderator, :member])
|
|
214
|
+
end
|
|
215
|
+
end
|
|
216
|
+
|
|
217
|
+
context "user is just an admin" do
|
|
218
|
+
let(:user) { double("User", is_moderator: false, is_admin: true) }
|
|
219
|
+
|
|
220
|
+
it 'returns array with admin and member roles' do
|
|
221
|
+
expect(policy.applicable_roles.map(&:name)).to eq([:administrator, :member])
|
|
203
222
|
end
|
|
204
223
|
end
|
|
205
224
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: access-granted
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.3.
|
|
4
|
+
version: 1.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Piotrek Okoński
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-08-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -90,8 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
90
90
|
- !ruby/object:Gem::Version
|
|
91
91
|
version: '0'
|
|
92
92
|
requirements: []
|
|
93
|
-
|
|
94
|
-
rubygems_version: 2.7.6
|
|
93
|
+
rubygems_version: 3.1.4
|
|
95
94
|
signing_key:
|
|
96
95
|
specification_version: 4
|
|
97
96
|
summary: Elegant whitelist and role based authorization with ability to prioritize
|