acl9 2.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. checksums.yaml +5 -5
  2. data/.gitignore +3 -0
  3. data/.ruby-version +1 -1
  4. data/.travis.yml +27 -11
  5. data/Appraisals +13 -6
  6. data/Gemfile +0 -2
  7. data/Gemfile.lock +125 -112
  8. data/README.md +11 -4
  9. data/Rakefile +0 -2
  10. data/acl9.gemspec +1 -3
  11. data/gemfiles/.bundle/config +2 -0
  12. data/gemfiles/rails_5.0.gemfile +10 -0
  13. data/gemfiles/rails_5.1.gemfile +10 -0
  14. data/gemfiles/{rails_4.0.gemfile → rails_5.2.gemfile} +2 -4
  15. data/gemfiles/{rails_4.1.gemfile → rails_6.0.gemfile} +2 -4
  16. data/gemfiles/{rails_4.2.gemfile → rails_6.1.gemfile} +2 -4
  17. data/lib/acl9.rb +40 -0
  18. data/lib/acl9/controller_extensions.rb +1 -1
  19. data/lib/acl9/controller_extensions/dsl_base.rb +8 -7
  20. data/lib/acl9/controller_extensions/generators.rb +4 -35
  21. data/lib/acl9/model_extensions.rb +3 -3
  22. data/lib/acl9/model_extensions/for_subject.rb +52 -31
  23. data/lib/acl9/version.rb +1 -1
  24. data/lib/generators/acl9/setup/setup_generator.rb +10 -3
  25. data/lib/generators/acl9/setup/templates/create_role_tables.rb +10 -1
  26. data/lib/generators/acl9/setup/templates/role.rb +1 -1
  27. data/test/controller_extensions/actions_test.rb +1 -1
  28. data/test/controller_extensions/multiple_role_arguments_test.rb +11 -10
  29. data/test/controllers/acl_action_override_test.rb +4 -4
  30. data/test/controllers/acl_helper_method_test.rb +6 -3
  31. data/test/controllers/acl_ivars_test.rb +2 -2
  32. data/test/controllers/acl_object_hash_test.rb +1 -1
  33. data/test/controllers/acl_query_mixin.rb +5 -2
  34. data/test/controllers/acl_subject_method_test.rb +1 -1
  35. data/test/controllers/arguments_checking_test.rb +4 -4
  36. data/test/dummy/app/assets/config/manifest.js +0 -0
  37. data/test/dummy/app/controllers/acl_action_override.rb +5 -5
  38. data/test/dummy/app/controllers/acl_boolean_method.rb +6 -6
  39. data/test/dummy/app/controllers/acl_ivars.rb +3 -3
  40. data/test/dummy/app/controllers/acl_query_method_named.rb +2 -0
  41. data/test/dummy/app/controllers/application_controller.rb +6 -0
  42. data/test/dummy/app/controllers/empty_controller.rb +1 -1
  43. data/test/dummy/app/models/string_object_role.rb +3 -0
  44. data/test/dummy/app/models/string_user.rb +3 -0
  45. data/test/dummy/app/models/uuid.rb +1 -1
  46. data/test/dummy/config/environments/test.rb +2 -2
  47. data/test/dummy/config/routes.rb +12 -1
  48. data/test/dummy/db/migrate/20141117132218_create_tables.rb +68 -18
  49. data/test/models/roles_test.rb +13 -1
  50. data/test/test_helper.rb +31 -28
  51. metadata +26 -29
  52. data/test/dummy/config/environments/production.rb +0 -78
@@ -1,22 +1,31 @@
1
- class Create<%= role_class_name %>Tables < ActiveRecord::Migration
1
+ class Create<%= role_class_name %>Tables < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
2
2
  def change
3
3
  create_table :<%= role_table_name %> do |t|
4
4
  t.string :name, null: false
5
+ <% if r5? %>
6
+ t.references :authorizable, polymorphic: true
7
+ <% else %>
5
8
  t.string :authorizable_type, null: true
6
9
  t.integer :authorizable_id, null: true
10
+ <% end %>
7
11
  t.boolean :system, default: false, null: false
8
12
  t.timestamps null: false
9
13
  end
10
14
 
11
15
  add_index :<%= role_table_name %>, :name
16
+
17
+ <% unless r5? %>
12
18
  add_index :<%= role_table_name %>, [:authorizable_type, :authorizable_id]
19
+ <% end -%>
13
20
 
14
21
  create_table :<%= habtm_table %>, id: false do |t|
15
22
  t.references :<%= subject_name %>, null: false
16
23
  t.references :<%= role_name %>, null: false
17
24
  end
18
25
 
26
+ <% unless r5? %>
19
27
  add_index :<%= habtm_table %>, :<%= subject_name %>_id
20
28
  add_index :<%= habtm_table %>, :<%= role_name %>_id
29
+ <% end %>
21
30
  end
22
31
  end
@@ -1,3 +1,3 @@
1
- class <%= role_class_name %> < ActiveRecord::Base
1
+ class <%= role_class_name %> < <%= model_base_name %>
2
2
  <%= role_helper %>
3
3
  end
@@ -121,7 +121,7 @@ module ControllerExtensions
121
121
 
122
122
  assert set_all_actions
123
123
  permit_some owner, @all_actions, :foo => foo
124
- permit_some hacker, %w(show index destroy)
124
+ permit_some hacker, %w(show index destroy), foo: foo
125
125
  permit_some another_owner, %w(show index destroy), :foo => foo
126
126
  end
127
127
 
@@ -107,29 +107,30 @@ module ControllerExtensions
107
107
 
108
108
  test "should also respect :to and :except" do
109
109
  assert foo = Foo.create
110
+ assert too = Foo.create
110
111
 
111
- assert ( foo = User.create ).has_role! :foo
112
+ assert ( goo = User.create ).has_role! :goo
112
113
  assert ( joo = User.create ).has_role! :joo, foo
113
114
  assert ( qoo = User.create ).has_role! :qoo, Bar
114
115
 
115
116
  @tester.acl_block! do
116
- allow :foo, :boo, :to => [:index, :show]
117
+ allow :goo, :boo, :to => [:index, :show]
117
118
  allow :zoo, :joo, :by => :foo, :to => [:edit, :update]
118
119
  allow :qoo, :woo, :of => Bar
119
120
  deny :qoo, :woo, :of => Bar, :except => [:delete, :destroy]
120
121
  end
121
122
 
122
- assert_permitted foo, 'index'
123
- assert_permitted foo, 'show'
124
- assert_forbidden foo, 'edit'
123
+ assert_permitted goo, 'index'
124
+ assert_permitted goo, 'show'
125
+ assert_forbidden goo, 'edit', foo: too
125
126
  assert_permitted joo, 'edit', :foo => foo
126
127
  assert_permitted joo, 'update', :foo => foo
127
128
  assert_forbidden joo, 'show', :foo => foo
128
- assert_forbidden joo, 'show'
129
- assert_permitted qoo, 'delete'
130
- assert_permitted qoo, 'destroy'
131
- assert_forbidden qoo, 'edit'
132
- assert_forbidden qoo, 'show'
129
+ assert_forbidden joo, 'show', foo: foo
130
+ assert_permitted qoo, 'delete', foo: too
131
+ assert_permitted qoo, 'destroy', foo: too
132
+ assert_forbidden qoo, 'edit', foo: too
133
+ assert_forbidden qoo, 'show', foo: too
133
134
  end
134
135
  end
135
136
  end
@@ -2,23 +2,23 @@ require 'test_helper'
2
2
 
3
3
  class ACLActionOverrideTest < ActionController::TestCase
4
4
  test "anon can index" do
5
- assert get :check_allow, :_action => :index
5
+ assert get :check_allow, params: { _action: :index }
6
6
  assert_response :ok
7
7
  end
8
8
 
9
9
  test "anon can't show" do
10
- assert get :check_allow, :_action => :show
10
+ assert get :check_allow, params: { _action: :show }
11
11
  assert_response :unauthorized
12
12
  end
13
13
 
14
14
  test "normal user can't edit" do
15
- assert get :check_allow_with_foo, :_action => :edit, :user_id => User.create.id
15
+ assert get :check_allow_with_foo, params: { _action: :edit, user_id: User.create.id }
16
16
  assert_response :unauthorized
17
17
  end
18
18
 
19
19
  test "foo owner can edit" do
20
20
  assert ( user = User.create ).has_role! :owner, Foo.first_or_create
21
- assert get :check_allow_with_foo, :_action => :edit, :user_id => user.id
21
+ assert get :check_allow_with_foo, params: { _action: :edit, user_id: user.id }
22
22
  assert_response :ok
23
23
  end
24
24
  end
@@ -8,15 +8,18 @@ class ACLHelperMethodTest < ActionController::TestCase
8
8
  test "foo owner allowed" do
9
9
  assert @user.has_role! :owner, Foo.first_or_create
10
10
 
11
- assert get :allow, :user_id => @user.id
11
+ assert get :allow, params: { user_id: @user.id }
12
12
  assert_select 'div', 'OK'
13
13
  end
14
14
 
15
15
  test "another user denied" do
16
+ assert @another = User.create
17
+ assert @another.has_role! :owner, Foo.first_or_create
18
+
16
19
  assert @user.has_role! :owner
17
20
 
18
- assert get :allow, :user_id => @user.id
19
- assert_select 'div', 'OK'
21
+ assert get :allow, params: { user_id: @user.id }
22
+ assert_select 'div', 'AccessDenied'
20
23
  end
21
24
 
22
25
  test "anon denied" do
@@ -3,13 +3,13 @@ require 'test_helper'
3
3
  class ACLIvarsTest < ActionController::TestCase
4
4
  test "owner of foo destroys" do
5
5
  assert ( user = User.create ).has_role! :owner, Bar
6
- assert delete :destroy, :id => 1, :user_id => user.id
6
+ assert delete :destroy, params: { id: 1, user_id: user.id }
7
7
  assert_response :ok
8
8
  end
9
9
 
10
10
  test "bartender at Foo destroys" do
11
11
  assert ( user = User.create ).has_role! :bartender, Foo
12
- assert delete :destroy, :id => 1, :user_id => user.id
12
+ assert delete :destroy, params: { id: 1, user_id: user.id }
13
13
  assert_response :ok
14
14
  end
15
15
  end
@@ -7,7 +7,7 @@ class ACLObjectsHashTest < ActionController::TestCase
7
7
  end
8
8
 
9
9
  test "objects hash preferred to @ivar" do
10
- assert get :allow, :user_id => @user.id
10
+ assert get :allow, params: { user_id: @user.id }
11
11
  assert_response :ok
12
12
  end
13
13
 
@@ -6,7 +6,10 @@ module ACLQueryMixin
6
6
  setup do
7
7
  assert ( @editor = User.create ).has_role! :editor
8
8
  assert ( @viewer = User.create ).has_role! :viewer
9
- assert ( @owneroffoo = User.create ).has_role! :owner, Foo.first_or_create
9
+ assert ( @foo = Foo.first_or_create )
10
+ assert ( @owneroffoo = User.create ).has_role! :owner, @foo
11
+
12
+ @controller.before_action
10
13
  end
11
14
 
12
15
  %i[edit update destroy].each do |meth|
@@ -44,7 +47,7 @@ module ACLQueryMixin
44
47
 
45
48
  test "should return true for foo owner" do
46
49
  assert @controller.current_user = @owneroffoo
47
- assert @controller.acl? :fooize, :foo => Foo.first
50
+ assert @controller.acl? :fooize, foo: Foo.first
48
51
  end
49
52
  end
50
53
  end
@@ -3,7 +3,7 @@ require 'test_helper'
3
3
  class ACLSubjectMethodTest < ActionController::TestCase
4
4
  test "allow the only user to index" do
5
5
  assert ( user = User.create ).has_role! :the_only_one
6
- assert get :index, :user_id => user.id
6
+ assert get :index, params: { user_id: user.id }
7
7
  assert_response :ok
8
8
  end
9
9
 
@@ -25,18 +25,18 @@ class ArgumentsCheckingTest < ActionController::TestCase
25
25
  end
26
26
  end
27
27
 
28
- test "raise ArgumentError with :helper => true and no method name" do
28
+ test "raise ArgumentError with helper: true and no method name" do
29
29
  assert_raise ArgumentError do
30
30
  class FailureController < ApplicationController
31
- access_control :helper => true do end
31
+ access_control helper: true do end
32
32
  end
33
33
  end
34
34
  end
35
35
 
36
- test "raise ArgumentError with :helper => :method and a method name" do
36
+ test "raise ArgumentError with helper: :method and a method name" do
37
37
  assert_raise ArgumentError do
38
38
  class FailureController < ApplicationController
39
- access_control :meth, :helper => :another_meth do end
39
+ access_control :meth, helper: :another_meth do end
40
40
  end
41
41
  end
42
42
  end
File without changes
@@ -1,8 +1,8 @@
1
1
  class ACLActionOverride < ApplicationController
2
- access_control :allowed?, :filter => false do
3
- allow all, :to => :index
4
- deny all, :to => :show
5
- allow :owner, :of => :foo, :to => :edit
2
+ access_control :allowed?, filter: false do
3
+ allow all, to: :index
4
+ deny all, to: :show
5
+ allow :owner, of: :foo, to: :edit
6
6
  end
7
7
 
8
8
  def check_allow
@@ -10,6 +10,6 @@ class ACLActionOverride < ApplicationController
10
10
  end
11
11
 
12
12
  def check_allow_with_foo
13
- head allowed?(params[:_action], :foo => Foo.first) ? :ok : :unauthorized
13
+ head allowed?(params[:_action], foo: Foo.first) ? :ok : :unauthorized
14
14
  end
15
15
  end
@@ -1,12 +1,12 @@
1
1
  class ACLBooleanMethod < EmptyController
2
- access_control :acl, :filter => false do
3
- allow all, :to => [:index, :show], :if => :true_meth
4
- allow :admin, :unless => :false_meth
5
- allow all, :if => :false_meth
6
- allow all, :unless => :true_meth
2
+ access_control :acl, filter: false do
3
+ allow all, to: [:index, :show], if: :true_meth
4
+ allow :admin, unless: :false_meth
5
+ allow all, if: :false_meth
6
+ allow all, unless: :true_meth
7
7
  end
8
8
 
9
- before_filter :check_acl
9
+ before_action :check_acl
10
10
 
11
11
  def check_acl
12
12
  if self.acl
@@ -1,11 +1,11 @@
1
1
  class ACLIvars < EmptyController
2
2
 
3
- before_filter :set_ivars
3
+ before_action :set_ivars
4
4
 
5
5
  access_control do
6
6
  action :destroy do
7
- allow :owner, :of => :foo
8
- allow :bartender, :at => Foo
7
+ allow :owner, of: :foo
8
+ allow :bartender, at: Foo
9
9
  end
10
10
  end
11
11
 
@@ -8,6 +8,8 @@ class ACLQueryMethodNamed < ApplicationController
8
8
  end
9
9
 
10
10
  def acl?(*args)
11
+ @foo = Foo.first
12
+
11
13
  allow_ay(*args)
12
14
  end
13
15
  end
@@ -1,7 +1,13 @@
1
1
  class ApplicationController < ActionController::Base
2
+ before_action :before_action
3
+
2
4
  attr_accessor :current_user
3
5
 
4
6
  def current_user
5
7
  @current_user ||= User.find params[:user_id] if params[:user_id]
6
8
  end
9
+
10
+ def before_action
11
+ @foo = Foo.first
12
+ end
7
13
  end
@@ -1,5 +1,5 @@
1
1
  class EmptyController < ApplicationController
2
2
  %i[index show new edit create update destroy].each do |action|
3
- define_method(action) { render :text => 'OK' }
3
+ define_method(action) { render plain: 'OK' }
4
4
  end
5
5
  end
@@ -0,0 +1,3 @@
1
+ class StringObjectRole < ActiveRecord::Base
2
+ acts_as_authorization_role subject_class_name: "StringUser"
3
+ end
@@ -0,0 +1,3 @@
1
+ class StringUser < ActiveRecord::Base
2
+ acts_as_authorization_subject role_class_name: "StringObjectRole"
3
+ end
@@ -1,4 +1,4 @@
1
1
  class Uuid < ActiveRecord::Base
2
2
  self.primary_key = "uuid"
3
- acts_as_authorization_object
3
+ acts_as_authorization_object role_class_name: "StringObjectRole", subject_class_name: "StringUser"
4
4
  end
@@ -13,8 +13,8 @@ Dummy::Application.configure do
13
13
  config.eager_load = false
14
14
 
15
15
  # Configure static asset server for tests with Cache-Control for performance.
16
- config.serve_static_files = true
17
- config.static_cache_control = 'public, max-age=3600'
16
+ config.public_file_server.enabled = true
17
+ config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
18
18
 
19
19
  # Show full error reports and disable caching.
20
20
  config.consider_all_requests_local = true
@@ -1,3 +1,14 @@
1
1
  Dummy::Application.routes.draw do
2
- get ':controller(/:action(/:id))'
2
+ resources :acl_action_override do
3
+ collection do
4
+ get :check_allow_with_foo
5
+ get :check_allow
6
+ end
7
+ end
8
+
9
+ resources :acl_boolean_method, :acl_block, :acl_ivars, :acl_method, :acl_method2, :acl_subject_method, :acl_arguments
10
+
11
+ get :acl_helper_method, to: "acl_helper_method#allow"
12
+ get :acl_objects_hash, to: "acl_objects_hash#allow"
13
+
3
14
  end
@@ -1,23 +1,38 @@
1
- class CreateTables < ActiveRecord::Migration
1
+ class CreateTables < ActiveRecord::Migration[ActiveRecord::Migration.current_version]
2
+ def self.r5?
3
+ Rails.gem_version >= Gem::Version.new(5)
4
+ end
5
+ def r5?
6
+ self.class.r5?
7
+ end
8
+
2
9
  def change
3
10
  create_table :roles do |t|
4
11
  t.string :name, :limit => 40
5
12
  t.boolean :system
6
- t.string :authorizable_type, :limit => 40
7
- t.integer :authorizable_id
13
+ if r5?
14
+ t.references :authorizable, polymorphic: true
15
+ else
16
+ t.string :authorizable_type, :limit => 40
17
+ t.integer :authorizable_id
18
+ end
8
19
  t.timestamps null: false
9
20
  end
10
21
 
11
- add_index :roles, [:authorizable_type, :authorizable_id]
22
+ unless r5?
23
+ add_index :roles, [:authorizable_type, :authorizable_id]
24
+ end
12
25
 
13
26
  create_table :roles_users, id: false do |t|
14
27
  t.references :user
15
28
  t.references :role
16
29
  end
17
30
 
18
- add_index :roles_users, :user_id
19
- add_index :roles_users, :role_id
20
-
31
+ unless r5?
32
+ add_index :roles_users, :user_id
33
+ add_index :roles_users, :role_id
34
+ end
35
+
21
36
  create_table :users do |t|
22
37
  t.string :name
23
38
  t.timestamps null: false
@@ -39,6 +54,25 @@ class CreateTables < ActiveRecord::Migration
39
54
  t.timestamps null: false
40
55
  end
41
56
 
57
+ create_table :string_object_roles do |t|
58
+ t.string :name
59
+ t.boolean :system
60
+ t.string :authorizable_type
61
+ t.string :authorizable_id
62
+ t.timestamps null: false
63
+ end
64
+
65
+ create_table :string_object_roles_string_users, id: false do |t|
66
+ t.references :string_user, index: { name: "susor" }
67
+ t.references :string_object_role, index: { name: "sorsu" }
68
+ end
69
+
70
+ create_table :string_users do |t|
71
+ t.string :name
72
+ t.timestamps null: false
73
+ end
74
+
75
+
42
76
  create_table :accounts do |t|
43
77
  t.string :name
44
78
  t.timestamps null: false
@@ -47,20 +81,28 @@ class CreateTables < ActiveRecord::Migration
47
81
  create_table :accesses do |t|
48
82
  t.string :name
49
83
  t.boolean :system
50
- t.string :authorizable_type, :limit => 40
51
- t.integer :authorizable_id
84
+ if r5?
85
+ t.references :authorizable, polymorphic: true
86
+ else
87
+ t.string :authorizable_type, :limit => 40
88
+ t.integer :authorizable_id
89
+ end
52
90
  t.timestamps null: false
53
91
  end
54
92
 
55
- add_index :accesses, [:authorizable_type, :authorizable_id]
93
+ unless r5?
94
+ add_index :accesses, [:authorizable_type, :authorizable_id]
95
+ end
56
96
 
57
97
  create_table :accesses_accounts, id: false do |t|
58
98
  t.references :account
59
99
  t.references :access
60
100
  end
61
101
 
62
- add_index :accesses_accounts, :access_id
63
- add_index :accesses_accounts, :account_id
102
+ unless r5?
103
+ add_index :accesses_accounts, :access_id
104
+ add_index :accesses_accounts, :account_id
105
+ end
64
106
 
65
107
  create_table :foo_bars do |t|
66
108
  t.string :name
@@ -71,21 +113,29 @@ class CreateTables < ActiveRecord::Migration
71
113
  create_table :other_roles do |t|
72
114
  t.string :name, :limit => 40
73
115
  t.boolean :system
74
- t.string :authorizable_type, :limit => 40
75
- t.integer :authorizable_id
116
+ if r5?
117
+ t.references :authorizable, polymorphic: true
118
+ else
119
+ t.string :authorizable_type, :limit => 40
120
+ t.integer :authorizable_id
121
+ end
76
122
  t.timestamps null: false
77
123
  end
78
124
 
79
- add_index :other_roles, [:authorizable_type, :authorizable_id]
125
+ unless r5?
126
+ add_index :other_roles, [:authorizable_type, :authorizable_id]
127
+ end
80
128
 
81
129
  create_table :other_roles_users, id: false do |t|
82
130
  t.references :user
83
131
  t.references :role
84
132
  end
85
133
 
86
- add_index :other_roles_users, :user_id
87
- add_index :other_roles_users, :role_id
88
-
134
+ unless r5?
135
+ add_index :other_roles_users, :user_id
136
+ add_index :other_roles_users, :role_id
137
+ end
138
+
89
139
  create_table :other_users do |t|
90
140
  t.string :name
91
141
  t.timestamps null: false