acl9 2.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.gitignore +3 -0
- data/.ruby-version +1 -1
- data/.travis.yml +27 -11
- data/Appraisals +13 -6
- data/Gemfile +0 -2
- data/Gemfile.lock +125 -112
- data/README.md +11 -4
- data/Rakefile +0 -2
- data/acl9.gemspec +1 -3
- data/gemfiles/.bundle/config +2 -0
- data/gemfiles/rails_5.0.gemfile +10 -0
- data/gemfiles/rails_5.1.gemfile +10 -0
- data/gemfiles/{rails_4.0.gemfile → rails_5.2.gemfile} +2 -4
- data/gemfiles/{rails_4.1.gemfile → rails_6.0.gemfile} +2 -4
- data/gemfiles/{rails_4.2.gemfile → rails_6.1.gemfile} +2 -4
- data/lib/acl9.rb +40 -0
- data/lib/acl9/controller_extensions.rb +1 -1
- data/lib/acl9/controller_extensions/dsl_base.rb +8 -7
- data/lib/acl9/controller_extensions/generators.rb +4 -35
- data/lib/acl9/model_extensions.rb +3 -3
- data/lib/acl9/model_extensions/for_subject.rb +52 -31
- data/lib/acl9/version.rb +1 -1
- data/lib/generators/acl9/setup/setup_generator.rb +10 -3
- data/lib/generators/acl9/setup/templates/create_role_tables.rb +10 -1
- data/lib/generators/acl9/setup/templates/role.rb +1 -1
- data/test/controller_extensions/actions_test.rb +1 -1
- data/test/controller_extensions/multiple_role_arguments_test.rb +11 -10
- data/test/controllers/acl_action_override_test.rb +4 -4
- data/test/controllers/acl_helper_method_test.rb +6 -3
- data/test/controllers/acl_ivars_test.rb +2 -2
- data/test/controllers/acl_object_hash_test.rb +1 -1
- data/test/controllers/acl_query_mixin.rb +5 -2
- data/test/controllers/acl_subject_method_test.rb +1 -1
- data/test/controllers/arguments_checking_test.rb +4 -4
- data/test/dummy/app/assets/config/manifest.js +0 -0
- data/test/dummy/app/controllers/acl_action_override.rb +5 -5
- data/test/dummy/app/controllers/acl_boolean_method.rb +6 -6
- data/test/dummy/app/controllers/acl_ivars.rb +3 -3
- data/test/dummy/app/controllers/acl_query_method_named.rb +2 -0
- data/test/dummy/app/controllers/application_controller.rb +6 -0
- data/test/dummy/app/controllers/empty_controller.rb +1 -1
- data/test/dummy/app/models/string_object_role.rb +3 -0
- data/test/dummy/app/models/string_user.rb +3 -0
- data/test/dummy/app/models/uuid.rb +1 -1
- data/test/dummy/config/environments/test.rb +2 -2
- data/test/dummy/config/routes.rb +12 -1
- data/test/dummy/db/migrate/20141117132218_create_tables.rb +68 -18
- data/test/models/roles_test.rb +13 -1
- data/test/test_helper.rb +31 -28
- metadata +26 -29
- data/test/dummy/config/environments/production.rb +0 -78
@@ -1,22 +1,31 @@
|
|
1
|
-
class Create<%= role_class_name %>Tables < ActiveRecord::Migration
|
1
|
+
class Create<%= role_class_name %>Tables < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
|
2
2
|
def change
|
3
3
|
create_table :<%= role_table_name %> do |t|
|
4
4
|
t.string :name, null: false
|
5
|
+
<% if r5? %>
|
6
|
+
t.references :authorizable, polymorphic: true
|
7
|
+
<% else %>
|
5
8
|
t.string :authorizable_type, null: true
|
6
9
|
t.integer :authorizable_id, null: true
|
10
|
+
<% end %>
|
7
11
|
t.boolean :system, default: false, null: false
|
8
12
|
t.timestamps null: false
|
9
13
|
end
|
10
14
|
|
11
15
|
add_index :<%= role_table_name %>, :name
|
16
|
+
|
17
|
+
<% unless r5? %>
|
12
18
|
add_index :<%= role_table_name %>, [:authorizable_type, :authorizable_id]
|
19
|
+
<% end -%>
|
13
20
|
|
14
21
|
create_table :<%= habtm_table %>, id: false do |t|
|
15
22
|
t.references :<%= subject_name %>, null: false
|
16
23
|
t.references :<%= role_name %>, null: false
|
17
24
|
end
|
18
25
|
|
26
|
+
<% unless r5? %>
|
19
27
|
add_index :<%= habtm_table %>, :<%= subject_name %>_id
|
20
28
|
add_index :<%= habtm_table %>, :<%= role_name %>_id
|
29
|
+
<% end %>
|
21
30
|
end
|
22
31
|
end
|
@@ -121,7 +121,7 @@ module ControllerExtensions
|
|
121
121
|
|
122
122
|
assert set_all_actions
|
123
123
|
permit_some owner, @all_actions, :foo => foo
|
124
|
-
permit_some hacker, %w(show index destroy)
|
124
|
+
permit_some hacker, %w(show index destroy), foo: foo
|
125
125
|
permit_some another_owner, %w(show index destroy), :foo => foo
|
126
126
|
end
|
127
127
|
|
@@ -107,29 +107,30 @@ module ControllerExtensions
|
|
107
107
|
|
108
108
|
test "should also respect :to and :except" do
|
109
109
|
assert foo = Foo.create
|
110
|
+
assert too = Foo.create
|
110
111
|
|
111
|
-
assert (
|
112
|
+
assert ( goo = User.create ).has_role! :goo
|
112
113
|
assert ( joo = User.create ).has_role! :joo, foo
|
113
114
|
assert ( qoo = User.create ).has_role! :qoo, Bar
|
114
115
|
|
115
116
|
@tester.acl_block! do
|
116
|
-
allow :
|
117
|
+
allow :goo, :boo, :to => [:index, :show]
|
117
118
|
allow :zoo, :joo, :by => :foo, :to => [:edit, :update]
|
118
119
|
allow :qoo, :woo, :of => Bar
|
119
120
|
deny :qoo, :woo, :of => Bar, :except => [:delete, :destroy]
|
120
121
|
end
|
121
122
|
|
122
|
-
assert_permitted
|
123
|
-
assert_permitted
|
124
|
-
assert_forbidden
|
123
|
+
assert_permitted goo, 'index'
|
124
|
+
assert_permitted goo, 'show'
|
125
|
+
assert_forbidden goo, 'edit', foo: too
|
125
126
|
assert_permitted joo, 'edit', :foo => foo
|
126
127
|
assert_permitted joo, 'update', :foo => foo
|
127
128
|
assert_forbidden joo, 'show', :foo => foo
|
128
|
-
assert_forbidden joo, 'show'
|
129
|
-
assert_permitted qoo, 'delete'
|
130
|
-
assert_permitted qoo, 'destroy'
|
131
|
-
assert_forbidden qoo, 'edit'
|
132
|
-
assert_forbidden qoo, 'show'
|
129
|
+
assert_forbidden joo, 'show', foo: foo
|
130
|
+
assert_permitted qoo, 'delete', foo: too
|
131
|
+
assert_permitted qoo, 'destroy', foo: too
|
132
|
+
assert_forbidden qoo, 'edit', foo: too
|
133
|
+
assert_forbidden qoo, 'show', foo: too
|
133
134
|
end
|
134
135
|
end
|
135
136
|
end
|
@@ -2,23 +2,23 @@ require 'test_helper'
|
|
2
2
|
|
3
3
|
class ACLActionOverrideTest < ActionController::TestCase
|
4
4
|
test "anon can index" do
|
5
|
-
assert get :check_allow, :
|
5
|
+
assert get :check_allow, params: { _action: :index }
|
6
6
|
assert_response :ok
|
7
7
|
end
|
8
8
|
|
9
9
|
test "anon can't show" do
|
10
|
-
assert get :check_allow, :
|
10
|
+
assert get :check_allow, params: { _action: :show }
|
11
11
|
assert_response :unauthorized
|
12
12
|
end
|
13
13
|
|
14
14
|
test "normal user can't edit" do
|
15
|
-
assert get :check_allow_with_foo, :
|
15
|
+
assert get :check_allow_with_foo, params: { _action: :edit, user_id: User.create.id }
|
16
16
|
assert_response :unauthorized
|
17
17
|
end
|
18
18
|
|
19
19
|
test "foo owner can edit" do
|
20
20
|
assert ( user = User.create ).has_role! :owner, Foo.first_or_create
|
21
|
-
assert get :check_allow_with_foo, :
|
21
|
+
assert get :check_allow_with_foo, params: { _action: :edit, user_id: user.id }
|
22
22
|
assert_response :ok
|
23
23
|
end
|
24
24
|
end
|
@@ -8,15 +8,18 @@ class ACLHelperMethodTest < ActionController::TestCase
|
|
8
8
|
test "foo owner allowed" do
|
9
9
|
assert @user.has_role! :owner, Foo.first_or_create
|
10
10
|
|
11
|
-
assert get :allow, :user_id
|
11
|
+
assert get :allow, params: { user_id: @user.id }
|
12
12
|
assert_select 'div', 'OK'
|
13
13
|
end
|
14
14
|
|
15
15
|
test "another user denied" do
|
16
|
+
assert @another = User.create
|
17
|
+
assert @another.has_role! :owner, Foo.first_or_create
|
18
|
+
|
16
19
|
assert @user.has_role! :owner
|
17
20
|
|
18
|
-
assert get :allow, :user_id
|
19
|
-
assert_select 'div', '
|
21
|
+
assert get :allow, params: { user_id: @user.id }
|
22
|
+
assert_select 'div', 'AccessDenied'
|
20
23
|
end
|
21
24
|
|
22
25
|
test "anon denied" do
|
@@ -3,13 +3,13 @@ require 'test_helper'
|
|
3
3
|
class ACLIvarsTest < ActionController::TestCase
|
4
4
|
test "owner of foo destroys" do
|
5
5
|
assert ( user = User.create ).has_role! :owner, Bar
|
6
|
-
assert delete :destroy, :id
|
6
|
+
assert delete :destroy, params: { id: 1, user_id: user.id }
|
7
7
|
assert_response :ok
|
8
8
|
end
|
9
9
|
|
10
10
|
test "bartender at Foo destroys" do
|
11
11
|
assert ( user = User.create ).has_role! :bartender, Foo
|
12
|
-
assert delete :destroy, :id
|
12
|
+
assert delete :destroy, params: { id: 1, user_id: user.id }
|
13
13
|
assert_response :ok
|
14
14
|
end
|
15
15
|
end
|
@@ -6,7 +6,10 @@ module ACLQueryMixin
|
|
6
6
|
setup do
|
7
7
|
assert ( @editor = User.create ).has_role! :editor
|
8
8
|
assert ( @viewer = User.create ).has_role! :viewer
|
9
|
-
assert ( @
|
9
|
+
assert ( @foo = Foo.first_or_create )
|
10
|
+
assert ( @owneroffoo = User.create ).has_role! :owner, @foo
|
11
|
+
|
12
|
+
@controller.before_action
|
10
13
|
end
|
11
14
|
|
12
15
|
%i[edit update destroy].each do |meth|
|
@@ -44,7 +47,7 @@ module ACLQueryMixin
|
|
44
47
|
|
45
48
|
test "should return true for foo owner" do
|
46
49
|
assert @controller.current_user = @owneroffoo
|
47
|
-
assert @controller.acl? :fooize, :
|
50
|
+
assert @controller.acl? :fooize, foo: Foo.first
|
48
51
|
end
|
49
52
|
end
|
50
53
|
end
|
@@ -3,7 +3,7 @@ require 'test_helper'
|
|
3
3
|
class ACLSubjectMethodTest < ActionController::TestCase
|
4
4
|
test "allow the only user to index" do
|
5
5
|
assert ( user = User.create ).has_role! :the_only_one
|
6
|
-
assert get :index, :user_id
|
6
|
+
assert get :index, params: { user_id: user.id }
|
7
7
|
assert_response :ok
|
8
8
|
end
|
9
9
|
|
@@ -25,18 +25,18 @@ class ArgumentsCheckingTest < ActionController::TestCase
|
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
28
|
-
test "raise ArgumentError with :
|
28
|
+
test "raise ArgumentError with helper: true and no method name" do
|
29
29
|
assert_raise ArgumentError do
|
30
30
|
class FailureController < ApplicationController
|
31
|
-
access_control :
|
31
|
+
access_control helper: true do end
|
32
32
|
end
|
33
33
|
end
|
34
34
|
end
|
35
35
|
|
36
|
-
test "raise ArgumentError with :
|
36
|
+
test "raise ArgumentError with helper: :method and a method name" do
|
37
37
|
assert_raise ArgumentError do
|
38
38
|
class FailureController < ApplicationController
|
39
|
-
access_control :meth, :
|
39
|
+
access_control :meth, helper: :another_meth do end
|
40
40
|
end
|
41
41
|
end
|
42
42
|
end
|
File without changes
|
@@ -1,8 +1,8 @@
|
|
1
1
|
class ACLActionOverride < ApplicationController
|
2
|
-
access_control :allowed?, :
|
3
|
-
allow all, :
|
4
|
-
deny all, :
|
5
|
-
allow :owner, :
|
2
|
+
access_control :allowed?, filter: false do
|
3
|
+
allow all, to: :index
|
4
|
+
deny all, to: :show
|
5
|
+
allow :owner, of: :foo, to: :edit
|
6
6
|
end
|
7
7
|
|
8
8
|
def check_allow
|
@@ -10,6 +10,6 @@ class ACLActionOverride < ApplicationController
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def check_allow_with_foo
|
13
|
-
head allowed?(params[:_action], :
|
13
|
+
head allowed?(params[:_action], foo: Foo.first) ? :ok : :unauthorized
|
14
14
|
end
|
15
15
|
end
|
@@ -1,12 +1,12 @@
|
|
1
1
|
class ACLBooleanMethod < EmptyController
|
2
|
-
access_control :acl, :
|
3
|
-
allow all, :
|
4
|
-
allow :admin,
|
5
|
-
allow all,
|
6
|
-
allow all,
|
2
|
+
access_control :acl, filter: false do
|
3
|
+
allow all, to: [:index, :show], if: :true_meth
|
4
|
+
allow :admin, unless: :false_meth
|
5
|
+
allow all, if: :false_meth
|
6
|
+
allow all, unless: :true_meth
|
7
7
|
end
|
8
8
|
|
9
|
-
|
9
|
+
before_action :check_acl
|
10
10
|
|
11
11
|
def check_acl
|
12
12
|
if self.acl
|
@@ -1,11 +1,11 @@
|
|
1
1
|
class ACLIvars < EmptyController
|
2
2
|
|
3
|
-
|
3
|
+
before_action :set_ivars
|
4
4
|
|
5
5
|
access_control do
|
6
6
|
action :destroy do
|
7
|
-
allow :owner, :
|
8
|
-
allow :bartender, :
|
7
|
+
allow :owner, of: :foo
|
8
|
+
allow :bartender, at: Foo
|
9
9
|
end
|
10
10
|
end
|
11
11
|
|
@@ -1,7 +1,13 @@
|
|
1
1
|
class ApplicationController < ActionController::Base
|
2
|
+
before_action :before_action
|
3
|
+
|
2
4
|
attr_accessor :current_user
|
3
5
|
|
4
6
|
def current_user
|
5
7
|
@current_user ||= User.find params[:user_id] if params[:user_id]
|
6
8
|
end
|
9
|
+
|
10
|
+
def before_action
|
11
|
+
@foo = Foo.first
|
12
|
+
end
|
7
13
|
end
|
@@ -13,8 +13,8 @@ Dummy::Application.configure do
|
|
13
13
|
config.eager_load = false
|
14
14
|
|
15
15
|
# Configure static asset server for tests with Cache-Control for performance.
|
16
|
-
config.
|
17
|
-
config.
|
16
|
+
config.public_file_server.enabled = true
|
17
|
+
config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
|
18
18
|
|
19
19
|
# Show full error reports and disable caching.
|
20
20
|
config.consider_all_requests_local = true
|
data/test/dummy/config/routes.rb
CHANGED
@@ -1,3 +1,14 @@
|
|
1
1
|
Dummy::Application.routes.draw do
|
2
|
-
|
2
|
+
resources :acl_action_override do
|
3
|
+
collection do
|
4
|
+
get :check_allow_with_foo
|
5
|
+
get :check_allow
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
resources :acl_boolean_method, :acl_block, :acl_ivars, :acl_method, :acl_method2, :acl_subject_method, :acl_arguments
|
10
|
+
|
11
|
+
get :acl_helper_method, to: "acl_helper_method#allow"
|
12
|
+
get :acl_objects_hash, to: "acl_objects_hash#allow"
|
13
|
+
|
3
14
|
end
|
@@ -1,23 +1,38 @@
|
|
1
|
-
class CreateTables < ActiveRecord::Migration
|
1
|
+
class CreateTables < ActiveRecord::Migration[ActiveRecord::Migration.current_version]
|
2
|
+
def self.r5?
|
3
|
+
Rails.gem_version >= Gem::Version.new(5)
|
4
|
+
end
|
5
|
+
def r5?
|
6
|
+
self.class.r5?
|
7
|
+
end
|
8
|
+
|
2
9
|
def change
|
3
10
|
create_table :roles do |t|
|
4
11
|
t.string :name, :limit => 40
|
5
12
|
t.boolean :system
|
6
|
-
|
7
|
-
|
13
|
+
if r5?
|
14
|
+
t.references :authorizable, polymorphic: true
|
15
|
+
else
|
16
|
+
t.string :authorizable_type, :limit => 40
|
17
|
+
t.integer :authorizable_id
|
18
|
+
end
|
8
19
|
t.timestamps null: false
|
9
20
|
end
|
10
21
|
|
11
|
-
|
22
|
+
unless r5?
|
23
|
+
add_index :roles, [:authorizable_type, :authorizable_id]
|
24
|
+
end
|
12
25
|
|
13
26
|
create_table :roles_users, id: false do |t|
|
14
27
|
t.references :user
|
15
28
|
t.references :role
|
16
29
|
end
|
17
30
|
|
18
|
-
|
19
|
-
|
20
|
-
|
31
|
+
unless r5?
|
32
|
+
add_index :roles_users, :user_id
|
33
|
+
add_index :roles_users, :role_id
|
34
|
+
end
|
35
|
+
|
21
36
|
create_table :users do |t|
|
22
37
|
t.string :name
|
23
38
|
t.timestamps null: false
|
@@ -39,6 +54,25 @@ class CreateTables < ActiveRecord::Migration
|
|
39
54
|
t.timestamps null: false
|
40
55
|
end
|
41
56
|
|
57
|
+
create_table :string_object_roles do |t|
|
58
|
+
t.string :name
|
59
|
+
t.boolean :system
|
60
|
+
t.string :authorizable_type
|
61
|
+
t.string :authorizable_id
|
62
|
+
t.timestamps null: false
|
63
|
+
end
|
64
|
+
|
65
|
+
create_table :string_object_roles_string_users, id: false do |t|
|
66
|
+
t.references :string_user, index: { name: "susor" }
|
67
|
+
t.references :string_object_role, index: { name: "sorsu" }
|
68
|
+
end
|
69
|
+
|
70
|
+
create_table :string_users do |t|
|
71
|
+
t.string :name
|
72
|
+
t.timestamps null: false
|
73
|
+
end
|
74
|
+
|
75
|
+
|
42
76
|
create_table :accounts do |t|
|
43
77
|
t.string :name
|
44
78
|
t.timestamps null: false
|
@@ -47,20 +81,28 @@ class CreateTables < ActiveRecord::Migration
|
|
47
81
|
create_table :accesses do |t|
|
48
82
|
t.string :name
|
49
83
|
t.boolean :system
|
50
|
-
|
51
|
-
|
84
|
+
if r5?
|
85
|
+
t.references :authorizable, polymorphic: true
|
86
|
+
else
|
87
|
+
t.string :authorizable_type, :limit => 40
|
88
|
+
t.integer :authorizable_id
|
89
|
+
end
|
52
90
|
t.timestamps null: false
|
53
91
|
end
|
54
92
|
|
55
|
-
|
93
|
+
unless r5?
|
94
|
+
add_index :accesses, [:authorizable_type, :authorizable_id]
|
95
|
+
end
|
56
96
|
|
57
97
|
create_table :accesses_accounts, id: false do |t|
|
58
98
|
t.references :account
|
59
99
|
t.references :access
|
60
100
|
end
|
61
101
|
|
62
|
-
|
63
|
-
|
102
|
+
unless r5?
|
103
|
+
add_index :accesses_accounts, :access_id
|
104
|
+
add_index :accesses_accounts, :account_id
|
105
|
+
end
|
64
106
|
|
65
107
|
create_table :foo_bars do |t|
|
66
108
|
t.string :name
|
@@ -71,21 +113,29 @@ class CreateTables < ActiveRecord::Migration
|
|
71
113
|
create_table :other_roles do |t|
|
72
114
|
t.string :name, :limit => 40
|
73
115
|
t.boolean :system
|
74
|
-
|
75
|
-
|
116
|
+
if r5?
|
117
|
+
t.references :authorizable, polymorphic: true
|
118
|
+
else
|
119
|
+
t.string :authorizable_type, :limit => 40
|
120
|
+
t.integer :authorizable_id
|
121
|
+
end
|
76
122
|
t.timestamps null: false
|
77
123
|
end
|
78
124
|
|
79
|
-
|
125
|
+
unless r5?
|
126
|
+
add_index :other_roles, [:authorizable_type, :authorizable_id]
|
127
|
+
end
|
80
128
|
|
81
129
|
create_table :other_roles_users, id: false do |t|
|
82
130
|
t.references :user
|
83
131
|
t.references :role
|
84
132
|
end
|
85
133
|
|
86
|
-
|
87
|
-
|
88
|
-
|
134
|
+
unless r5?
|
135
|
+
add_index :other_roles_users, :user_id
|
136
|
+
add_index :other_roles_users, :role_id
|
137
|
+
end
|
138
|
+
|
89
139
|
create_table :other_users do |t|
|
90
140
|
t.string :name
|
91
141
|
t.timestamps null: false
|