acl9 2.1.0 → 3.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +3 -0
- data/.ruby-version +1 -1
- data/.travis.yml +27 -11
- data/Appraisals +13 -6
- data/Gemfile +0 -2
- data/Gemfile.lock +125 -112
- data/README.md +11 -4
- data/Rakefile +0 -2
- data/acl9.gemspec +1 -3
- data/gemfiles/.bundle/config +2 -0
- data/gemfiles/rails_5.0.gemfile +10 -0
- data/gemfiles/rails_5.1.gemfile +10 -0
- data/gemfiles/{rails_4.0.gemfile → rails_5.2.gemfile} +2 -4
- data/gemfiles/{rails_4.1.gemfile → rails_6.0.gemfile} +2 -4
- data/gemfiles/{rails_4.2.gemfile → rails_6.1.gemfile} +2 -4
- data/lib/acl9.rb +40 -0
- data/lib/acl9/controller_extensions.rb +1 -1
- data/lib/acl9/controller_extensions/dsl_base.rb +8 -7
- data/lib/acl9/controller_extensions/generators.rb +4 -35
- data/lib/acl9/model_extensions.rb +3 -3
- data/lib/acl9/model_extensions/for_subject.rb +52 -31
- data/lib/acl9/version.rb +1 -1
- data/lib/generators/acl9/setup/setup_generator.rb +10 -3
- data/lib/generators/acl9/setup/templates/create_role_tables.rb +10 -1
- data/lib/generators/acl9/setup/templates/role.rb +1 -1
- data/test/controller_extensions/actions_test.rb +1 -1
- data/test/controller_extensions/multiple_role_arguments_test.rb +11 -10
- data/test/controllers/acl_action_override_test.rb +4 -4
- data/test/controllers/acl_helper_method_test.rb +6 -3
- data/test/controllers/acl_ivars_test.rb +2 -2
- data/test/controllers/acl_object_hash_test.rb +1 -1
- data/test/controllers/acl_query_mixin.rb +5 -2
- data/test/controllers/acl_subject_method_test.rb +1 -1
- data/test/controllers/arguments_checking_test.rb +4 -4
- data/test/dummy/app/assets/config/manifest.js +0 -0
- data/test/dummy/app/controllers/acl_action_override.rb +5 -5
- data/test/dummy/app/controllers/acl_boolean_method.rb +6 -6
- data/test/dummy/app/controllers/acl_ivars.rb +3 -3
- data/test/dummy/app/controllers/acl_query_method_named.rb +2 -0
- data/test/dummy/app/controllers/application_controller.rb +6 -0
- data/test/dummy/app/controllers/empty_controller.rb +1 -1
- data/test/dummy/app/models/string_object_role.rb +3 -0
- data/test/dummy/app/models/string_user.rb +3 -0
- data/test/dummy/app/models/uuid.rb +1 -1
- data/test/dummy/config/environments/test.rb +2 -2
- data/test/dummy/config/routes.rb +12 -1
- data/test/dummy/db/migrate/20141117132218_create_tables.rb +68 -18
- data/test/models/roles_test.rb +13 -1
- data/test/test_helper.rb +31 -28
- metadata +26 -29
- data/test/dummy/config/environments/production.rb +0 -78
@@ -1,22 +1,31 @@
|
|
1
|
-
class Create<%= role_class_name %>Tables < ActiveRecord::Migration
|
1
|
+
class Create<%= role_class_name %>Tables < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
2
2
|
def change
|
3
3
|
create_table :<%= role_table_name %> do |t|
|
4
4
|
t.string :name, null: false
|
5
|
+
<% if r5? %>
|
6
|
+
t.references :authorizable, polymorphic: true
|
7
|
+
<% else %>
|
5
8
|
t.string :authorizable_type, null: true
|
6
9
|
t.integer :authorizable_id, null: true
|
10
|
+
<% end %>
|
7
11
|
t.boolean :system, default: false, null: false
|
8
12
|
t.timestamps null: false
|
9
13
|
end
|
10
14
|
|
11
15
|
add_index :<%= role_table_name %>, :name
|
16
|
+
|
17
|
+
<% unless r5? %>
|
12
18
|
add_index :<%= role_table_name %>, [:authorizable_type, :authorizable_id]
|
19
|
+
<% end -%>
|
13
20
|
|
14
21
|
create_table :<%= habtm_table %>, id: false do |t|
|
15
22
|
t.references :<%= subject_name %>, null: false
|
16
23
|
t.references :<%= role_name %>, null: false
|
17
24
|
end
|
18
25
|
|
26
|
+
<% unless r5? %>
|
19
27
|
add_index :<%= habtm_table %>, :<%= subject_name %>_id
|
20
28
|
add_index :<%= habtm_table %>, :<%= role_name %>_id
|
29
|
+
<% end %>
|
21
30
|
end
|
22
31
|
end
|
@@ -121,7 +121,7 @@ module ControllerExtensions
|
|
121
121
|
|
122
122
|
assert set_all_actions
|
123
123
|
permit_some owner, @all_actions, :foo => foo
|
124
|
-
permit_some hacker, %w(show index destroy)
|
124
|
+
permit_some hacker, %w(show index destroy), foo: foo
|
125
125
|
permit_some another_owner, %w(show index destroy), :foo => foo
|
126
126
|
end
|
127
127
|
|
@@ -107,29 +107,30 @@ module ControllerExtensions
|
|
107
107
|
|
108
108
|
test "should also respect :to and :except" do
|
109
109
|
assert foo = Foo.create
|
110
|
+
assert too = Foo.create
|
110
111
|
|
111
|
-
assert (
|
112
|
+
assert ( goo = User.create ).has_role! :goo
|
112
113
|
assert ( joo = User.create ).has_role! :joo, foo
|
113
114
|
assert ( qoo = User.create ).has_role! :qoo, Bar
|
114
115
|
|
115
116
|
@tester.acl_block! do
|
116
|
-
allow :
|
117
|
+
allow :goo, :boo, :to => [:index, :show]
|
117
118
|
allow :zoo, :joo, :by => :foo, :to => [:edit, :update]
|
118
119
|
allow :qoo, :woo, :of => Bar
|
119
120
|
deny :qoo, :woo, :of => Bar, :except => [:delete, :destroy]
|
120
121
|
end
|
121
122
|
|
122
|
-
assert_permitted
|
123
|
-
assert_permitted
|
124
|
-
assert_forbidden
|
123
|
+
assert_permitted goo, 'index'
|
124
|
+
assert_permitted goo, 'show'
|
125
|
+
assert_forbidden goo, 'edit', foo: too
|
125
126
|
assert_permitted joo, 'edit', :foo => foo
|
126
127
|
assert_permitted joo, 'update', :foo => foo
|
127
128
|
assert_forbidden joo, 'show', :foo => foo
|
128
|
-
assert_forbidden joo, 'show'
|
129
|
-
assert_permitted qoo, 'delete'
|
130
|
-
assert_permitted qoo, 'destroy'
|
131
|
-
assert_forbidden qoo, 'edit'
|
132
|
-
assert_forbidden qoo, 'show'
|
129
|
+
assert_forbidden joo, 'show', foo: foo
|
130
|
+
assert_permitted qoo, 'delete', foo: too
|
131
|
+
assert_permitted qoo, 'destroy', foo: too
|
132
|
+
assert_forbidden qoo, 'edit', foo: too
|
133
|
+
assert_forbidden qoo, 'show', foo: too
|
133
134
|
end
|
134
135
|
end
|
135
136
|
end
|
@@ -2,23 +2,23 @@ require 'test_helper'
|
|
2
2
|
|
3
3
|
class ACLActionOverrideTest < ActionController::TestCase
|
4
4
|
test "anon can index" do
|
5
|
-
assert get :check_allow, :
|
5
|
+
assert get :check_allow, params: { _action: :index }
|
6
6
|
assert_response :ok
|
7
7
|
end
|
8
8
|
|
9
9
|
test "anon can't show" do
|
10
|
-
assert get :check_allow, :
|
10
|
+
assert get :check_allow, params: { _action: :show }
|
11
11
|
assert_response :unauthorized
|
12
12
|
end
|
13
13
|
|
14
14
|
test "normal user can't edit" do
|
15
|
-
assert get :check_allow_with_foo, :
|
15
|
+
assert get :check_allow_with_foo, params: { _action: :edit, user_id: User.create.id }
|
16
16
|
assert_response :unauthorized
|
17
17
|
end
|
18
18
|
|
19
19
|
test "foo owner can edit" do
|
20
20
|
assert ( user = User.create ).has_role! :owner, Foo.first_or_create
|
21
|
-
assert get :check_allow_with_foo, :
|
21
|
+
assert get :check_allow_with_foo, params: { _action: :edit, user_id: user.id }
|
22
22
|
assert_response :ok
|
23
23
|
end
|
24
24
|
end
|
@@ -8,15 +8,18 @@ class ACLHelperMethodTest < ActionController::TestCase
|
|
8
8
|
test "foo owner allowed" do
|
9
9
|
assert @user.has_role! :owner, Foo.first_or_create
|
10
10
|
|
11
|
-
assert get :allow, :user_id
|
11
|
+
assert get :allow, params: { user_id: @user.id }
|
12
12
|
assert_select 'div', 'OK'
|
13
13
|
end
|
14
14
|
|
15
15
|
test "another user denied" do
|
16
|
+
assert @another = User.create
|
17
|
+
assert @another.has_role! :owner, Foo.first_or_create
|
18
|
+
|
16
19
|
assert @user.has_role! :owner
|
17
20
|
|
18
|
-
assert get :allow, :user_id
|
19
|
-
assert_select 'div', '
|
21
|
+
assert get :allow, params: { user_id: @user.id }
|
22
|
+
assert_select 'div', 'AccessDenied'
|
20
23
|
end
|
21
24
|
|
22
25
|
test "anon denied" do
|
@@ -3,13 +3,13 @@ require 'test_helper'
|
|
3
3
|
class ACLIvarsTest < ActionController::TestCase
|
4
4
|
test "owner of foo destroys" do
|
5
5
|
assert ( user = User.create ).has_role! :owner, Bar
|
6
|
-
assert delete :destroy, :id
|
6
|
+
assert delete :destroy, params: { id: 1, user_id: user.id }
|
7
7
|
assert_response :ok
|
8
8
|
end
|
9
9
|
|
10
10
|
test "bartender at Foo destroys" do
|
11
11
|
assert ( user = User.create ).has_role! :bartender, Foo
|
12
|
-
assert delete :destroy, :id
|
12
|
+
assert delete :destroy, params: { id: 1, user_id: user.id }
|
13
13
|
assert_response :ok
|
14
14
|
end
|
15
15
|
end
|
@@ -6,7 +6,10 @@ module ACLQueryMixin
|
|
6
6
|
setup do
|
7
7
|
assert ( @editor = User.create ).has_role! :editor
|
8
8
|
assert ( @viewer = User.create ).has_role! :viewer
|
9
|
-
assert ( @
|
9
|
+
assert ( @foo = Foo.first_or_create )
|
10
|
+
assert ( @owneroffoo = User.create ).has_role! :owner, @foo
|
11
|
+
|
12
|
+
@controller.before_action
|
10
13
|
end
|
11
14
|
|
12
15
|
%i[edit update destroy].each do |meth|
|
@@ -44,7 +47,7 @@ module ACLQueryMixin
|
|
44
47
|
|
45
48
|
test "should return true for foo owner" do
|
46
49
|
assert @controller.current_user = @owneroffoo
|
47
|
-
assert @controller.acl? :fooize, :
|
50
|
+
assert @controller.acl? :fooize, foo: Foo.first
|
48
51
|
end
|
49
52
|
end
|
50
53
|
end
|
@@ -3,7 +3,7 @@ require 'test_helper'
|
|
3
3
|
class ACLSubjectMethodTest < ActionController::TestCase
|
4
4
|
test "allow the only user to index" do
|
5
5
|
assert ( user = User.create ).has_role! :the_only_one
|
6
|
-
assert get :index, :user_id
|
6
|
+
assert get :index, params: { user_id: user.id }
|
7
7
|
assert_response :ok
|
8
8
|
end
|
9
9
|
|
@@ -25,18 +25,18 @@ class ArgumentsCheckingTest < ActionController::TestCase
|
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
28
|
-
test "raise ArgumentError with :
|
28
|
+
test "raise ArgumentError with helper: true and no method name" do
|
29
29
|
assert_raise ArgumentError do
|
30
30
|
class FailureController < ApplicationController
|
31
|
-
access_control :
|
31
|
+
access_control helper: true do end
|
32
32
|
end
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
|
-
test "raise ArgumentError with :
|
36
|
+
test "raise ArgumentError with helper: :method and a method name" do
|
37
37
|
assert_raise ArgumentError do
|
38
38
|
class FailureController < ApplicationController
|
39
|
-
access_control :meth, :
|
39
|
+
access_control :meth, helper: :another_meth do end
|
40
40
|
end
|
41
41
|
end
|
42
42
|
end
|
File without changes
|
@@ -1,8 +1,8 @@
|
|
1
1
|
class ACLActionOverride < ApplicationController
|
2
|
-
access_control :allowed?, :
|
3
|
-
allow all, :
|
4
|
-
deny all, :
|
5
|
-
allow :owner, :
|
2
|
+
access_control :allowed?, filter: false do
|
3
|
+
allow all, to: :index
|
4
|
+
deny all, to: :show
|
5
|
+
allow :owner, of: :foo, to: :edit
|
6
6
|
end
|
7
7
|
|
8
8
|
def check_allow
|
@@ -10,6 +10,6 @@ class ACLActionOverride < ApplicationController
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def check_allow_with_foo
|
13
|
-
head allowed?(params[:_action], :
|
13
|
+
head allowed?(params[:_action], foo: Foo.first) ? :ok : :unauthorized
|
14
14
|
end
|
15
15
|
end
|
@@ -1,12 +1,12 @@
|
|
1
1
|
class ACLBooleanMethod < EmptyController
|
2
|
-
access_control :acl, :
|
3
|
-
allow all, :
|
4
|
-
allow :admin,
|
5
|
-
allow all,
|
6
|
-
allow all,
|
2
|
+
access_control :acl, filter: false do
|
3
|
+
allow all, to: [:index, :show], if: :true_meth
|
4
|
+
allow :admin, unless: :false_meth
|
5
|
+
allow all, if: :false_meth
|
6
|
+
allow all, unless: :true_meth
|
7
7
|
end
|
8
8
|
|
9
|
-
|
9
|
+
before_action :check_acl
|
10
10
|
|
11
11
|
def check_acl
|
12
12
|
if self.acl
|
@@ -1,11 +1,11 @@
|
|
1
1
|
class ACLIvars < EmptyController
|
2
2
|
|
3
|
-
|
3
|
+
before_action :set_ivars
|
4
4
|
|
5
5
|
access_control do
|
6
6
|
action :destroy do
|
7
|
-
allow :owner, :
|
8
|
-
allow :bartender, :
|
7
|
+
allow :owner, of: :foo
|
8
|
+
allow :bartender, at: Foo
|
9
9
|
end
|
10
10
|
end
|
11
11
|
|
@@ -1,7 +1,13 @@
|
|
1
1
|
class ApplicationController < ActionController::Base
|
2
|
+
before_action :before_action
|
3
|
+
|
2
4
|
attr_accessor :current_user
|
3
5
|
|
4
6
|
def current_user
|
5
7
|
@current_user ||= User.find params[:user_id] if params[:user_id]
|
6
8
|
end
|
9
|
+
|
10
|
+
def before_action
|
11
|
+
@foo = Foo.first
|
12
|
+
end
|
7
13
|
end
|
@@ -13,8 +13,8 @@ Dummy::Application.configure do
|
|
13
13
|
config.eager_load = false
|
14
14
|
|
15
15
|
# Configure static asset server for tests with Cache-Control for performance.
|
16
|
-
config.
|
17
|
-
config.
|
16
|
+
config.public_file_server.enabled = true
|
17
|
+
config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
|
18
18
|
|
19
19
|
# Show full error reports and disable caching.
|
20
20
|
config.consider_all_requests_local = true
|
data/test/dummy/config/routes.rb
CHANGED
@@ -1,3 +1,14 @@
|
|
1
1
|
Dummy::Application.routes.draw do
|
2
|
-
|
2
|
+
resources :acl_action_override do
|
3
|
+
collection do
|
4
|
+
get :check_allow_with_foo
|
5
|
+
get :check_allow
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
resources :acl_boolean_method, :acl_block, :acl_ivars, :acl_method, :acl_method2, :acl_subject_method, :acl_arguments
|
10
|
+
|
11
|
+
get :acl_helper_method, to: "acl_helper_method#allow"
|
12
|
+
get :acl_objects_hash, to: "acl_objects_hash#allow"
|
13
|
+
|
3
14
|
end
|
@@ -1,23 +1,38 @@
|
|
1
|
-
class CreateTables < ActiveRecord::Migration
|
1
|
+
class CreateTables < ActiveRecord::Migration[ActiveRecord::Migration.current_version]
|
2
|
+
def self.r5?
|
3
|
+
Rails.gem_version >= Gem::Version.new(5)
|
4
|
+
end
|
5
|
+
def r5?
|
6
|
+
self.class.r5?
|
7
|
+
end
|
8
|
+
|
2
9
|
def change
|
3
10
|
create_table :roles do |t|
|
4
11
|
t.string :name, :limit => 40
|
5
12
|
t.boolean :system
|
6
|
-
|
7
|
-
|
13
|
+
if r5?
|
14
|
+
t.references :authorizable, polymorphic: true
|
15
|
+
else
|
16
|
+
t.string :authorizable_type, :limit => 40
|
17
|
+
t.integer :authorizable_id
|
18
|
+
end
|
8
19
|
t.timestamps null: false
|
9
20
|
end
|
10
21
|
|
11
|
-
|
22
|
+
unless r5?
|
23
|
+
add_index :roles, [:authorizable_type, :authorizable_id]
|
24
|
+
end
|
12
25
|
|
13
26
|
create_table :roles_users, id: false do |t|
|
14
27
|
t.references :user
|
15
28
|
t.references :role
|
16
29
|
end
|
17
30
|
|
18
|
-
|
19
|
-
|
20
|
-
|
31
|
+
unless r5?
|
32
|
+
add_index :roles_users, :user_id
|
33
|
+
add_index :roles_users, :role_id
|
34
|
+
end
|
35
|
+
|
21
36
|
create_table :users do |t|
|
22
37
|
t.string :name
|
23
38
|
t.timestamps null: false
|
@@ -39,6 +54,25 @@ class CreateTables < ActiveRecord::Migration
|
|
39
54
|
t.timestamps null: false
|
40
55
|
end
|
41
56
|
|
57
|
+
create_table :string_object_roles do |t|
|
58
|
+
t.string :name
|
59
|
+
t.boolean :system
|
60
|
+
t.string :authorizable_type
|
61
|
+
t.string :authorizable_id
|
62
|
+
t.timestamps null: false
|
63
|
+
end
|
64
|
+
|
65
|
+
create_table :string_object_roles_string_users, id: false do |t|
|
66
|
+
t.references :string_user, index: { name: "susor" }
|
67
|
+
t.references :string_object_role, index: { name: "sorsu" }
|
68
|
+
end
|
69
|
+
|
70
|
+
create_table :string_users do |t|
|
71
|
+
t.string :name
|
72
|
+
t.timestamps null: false
|
73
|
+
end
|
74
|
+
|
75
|
+
|
42
76
|
create_table :accounts do |t|
|
43
77
|
t.string :name
|
44
78
|
t.timestamps null: false
|
@@ -47,20 +81,28 @@ class CreateTables < ActiveRecord::Migration
|
|
47
81
|
create_table :accesses do |t|
|
48
82
|
t.string :name
|
49
83
|
t.boolean :system
|
50
|
-
|
51
|
-
|
84
|
+
if r5?
|
85
|
+
t.references :authorizable, polymorphic: true
|
86
|
+
else
|
87
|
+
t.string :authorizable_type, :limit => 40
|
88
|
+
t.integer :authorizable_id
|
89
|
+
end
|
52
90
|
t.timestamps null: false
|
53
91
|
end
|
54
92
|
|
55
|
-
|
93
|
+
unless r5?
|
94
|
+
add_index :accesses, [:authorizable_type, :authorizable_id]
|
95
|
+
end
|
56
96
|
|
57
97
|
create_table :accesses_accounts, id: false do |t|
|
58
98
|
t.references :account
|
59
99
|
t.references :access
|
60
100
|
end
|
61
101
|
|
62
|
-
|
63
|
-
|
102
|
+
unless r5?
|
103
|
+
add_index :accesses_accounts, :access_id
|
104
|
+
add_index :accesses_accounts, :account_id
|
105
|
+
end
|
64
106
|
|
65
107
|
create_table :foo_bars do |t|
|
66
108
|
t.string :name
|
@@ -71,21 +113,29 @@ class CreateTables < ActiveRecord::Migration
|
|
71
113
|
create_table :other_roles do |t|
|
72
114
|
t.string :name, :limit => 40
|
73
115
|
t.boolean :system
|
74
|
-
|
75
|
-
|
116
|
+
if r5?
|
117
|
+
t.references :authorizable, polymorphic: true
|
118
|
+
else
|
119
|
+
t.string :authorizable_type, :limit => 40
|
120
|
+
t.integer :authorizable_id
|
121
|
+
end
|
76
122
|
t.timestamps null: false
|
77
123
|
end
|
78
124
|
|
79
|
-
|
125
|
+
unless r5?
|
126
|
+
add_index :other_roles, [:authorizable_type, :authorizable_id]
|
127
|
+
end
|
80
128
|
|
81
129
|
create_table :other_roles_users, id: false do |t|
|
82
130
|
t.references :user
|
83
131
|
t.references :role
|
84
132
|
end
|
85
133
|
|
86
|
-
|
87
|
-
|
88
|
-
|
134
|
+
unless r5?
|
135
|
+
add_index :other_roles_users, :user_id
|
136
|
+
add_index :other_roles_users, :role_id
|
137
|
+
end
|
138
|
+
|
89
139
|
create_table :other_users do |t|
|
90
140
|
t.string :name
|
91
141
|
t.timestamps null: false
|