action_authorizer 1.3.1 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -13
- data/README.md +77 -328
- data/lib/action_authorizer.rb +0 -3
- data/lib/action_authorizer/result_error.rb +5 -0
- data/lib/action_authorizer/version.rb +2 -2
- data/lib/generators/action_authorizer/authorizer/authorizer_generator.rb +1 -1
- data/lib/generators/action_authorizer/authorizer/templates/authorizer.rb +7 -58
- data/lib/generators/action_authorizer/authorizer/templates/authorizer_spec.rb +64 -92
- data/lib/generators/action_authorizer/install/install_generator.rb +10 -25
- data/lib/generators/action_authorizer/install/templates/app/authorizers/action_authorizer/base.rb +29 -0
- data/lib/generators/action_authorizer/install/templates/app/authorizers/application_authorizer.rb +2 -0
- data/lib/generators/action_authorizer/install/templates/app/helpers/action_authorizer_helper.rb +9 -0
- data/lib/generators/action_authorizer/install/templates/spec/action_authorizer_matchers_helper.rb +13 -0
- metadata +12 -11
- data/lib/action_authorizer/base.rb +0 -60
- data/lib/action_authorizer/config.rb +0 -31
- data/lib/action_authorizer/helper.rb +0 -19
- data/lib/tasks/action_authorizer_tasks.rake +0 -4
checksums.yaml
CHANGED
@@ -1,15 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
YWM4Y2JmNzczOTViMWU0YWFmMTIxZmQ1YjUyMzBjODdlM2RmZTU4Yg==
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 90d160822d4c7bb97bc552cbe80ba6c85a5c8429a45ba280889cd075addaf566
|
4
|
+
data.tar.gz: 44a7d8a8fbef87fa728f1c283c0df7fb4d7f0f344c6a33621094ea17d740a65e
|
7
5
|
SHA512:
|
8
|
-
metadata.gz:
|
9
|
-
|
10
|
-
ODQyM2EwMzA5MWJjZWIwNDBhN2Q1ZDIyYjJlOWUyYmFkNzgwZThlOGFhNjA0
|
11
|
-
MzQ2NDI2OGJjMGJlNDFmYjJjNDMxMGExMGRlNTNhZTI2YTNjOGE=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
YjQ2NmZmYzdhOWRlNWZiMWE4ZTYyNDAwNTZlNjM1M2MxNjEwZDIxZmIyZmE5
|
14
|
-
ZDU2YjE1YzYxNjFiMzc4MGVlZjhiYmJmZDcxYzUzNTU3YTBkNWIyOTQ5YTNk
|
15
|
-
OTc2YWRkZTBjNmI1YjkwZGU5NjdlZjQwMmM5Y2IyMGYzZjI1ZTg=
|
6
|
+
metadata.gz: 7d8cfe06dcb980139f9ff6cb7fd3aeee3707d00b1442cf1b1a1642328edb4ea89d4921fa6781282a10187d32d5ce14d9edb5111e1b0d5cee965e42e33e99468c
|
7
|
+
data.tar.gz: d5be7d4105b275536bb5206427b546254c8d37585259890fedbdc9350567bb9d9491ede5de45293733a5057b691d96528f36f57f664d74af760272cd24aa845f
|
data/README.md
CHANGED
@@ -5,72 +5,63 @@
|
|
5
5
|
|
6
6
|
Rails authorization with controllers's actions.
|
7
7
|
|
8
|
-
ActionAuthorizer is a gem to authorize the controllers's actions. Designed to work with RSpec and Devise. Where each controller will have an authorizer with the same actions. Each authorizer's action will return
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
[![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.1)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
|
16
|
-
- Rails 3.2 and Ruby 2.0
|
17
|
-
[![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.2)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
|
18
|
-
- Rails 4.0 and Ruby 2.0
|
19
|
-
[![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
|
20
|
-
- Rails 4.1 and Ruby 2.1
|
21
|
-
[![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.1)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
|
22
|
-
- Rails 4.2 and Ruby 2.2
|
23
|
-
[![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.2)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
|
24
|
-
- Rails 5.0 and Ruby 2.3
|
25
|
-
[![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-5.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
|
8
|
+
ActionAuthorizer is a gem to authorize the controllers's actions. Designed to work with RSpec and Devise. Where each controller will have an authorizer with the same actions. Each authorizer's action will return permission's result.
|
9
|
+
|
10
|
+
```erb
|
11
|
+
<% if authorized? :new %>
|
12
|
+
<a hre="<%= new_model_path %>">New</a>
|
13
|
+
<% end %>
|
14
|
+
```
|
26
15
|
|
27
16
|
## Getting Started
|
28
17
|
|
29
|
-
After setting up
|
18
|
+
After setting up Rspec and Devise! Set up ActionAuthorizer.
|
30
19
|
|
31
|
-
|
20
|
+
- Edit: Gemfile
|
32
21
|
```ruby
|
33
|
-
gem 'action_authorizer', '~>
|
22
|
+
gem 'action_authorizer', '~> 2.0'
|
34
23
|
```
|
35
24
|
|
36
|
-
|
25
|
+
- Run
|
37
26
|
```console
|
38
27
|
bundle install
|
39
28
|
rails generate action_authorizer:install
|
40
29
|
```
|
41
30
|
|
42
|
-
|
31
|
+
- Edit: app/controllers/application_controller.rb
|
43
32
|
```ruby
|
44
|
-
class
|
45
|
-
|
46
|
-
|
33
|
+
class ApplicationController < ActionController::Base
|
34
|
+
include ActionAuthorizer
|
35
|
+
...
|
36
|
+
before_action :authenticate_user!
|
37
|
+
before_action :authorize!, unless: :devise_controller?
|
38
|
+
...
|
39
|
+
private
|
40
|
+
...
|
41
|
+
def authorize!
|
42
|
+
unauthorize! unless authorized?
|
43
|
+
end
|
47
44
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
# <%= link_to 'Models Dashboard', dashboard_models_path if unauthorized? 'dashborad/models', :index %>
|
62
|
-
# <%= link_to 'Model', model_path(@model) if unauthorized? :models, :show, id: @model.id %>
|
63
|
-
# <%= link_to 'Model', edit_model_path(@model) if unauthorized? :models, :edit, id: @model.to_param %>
|
64
|
-
include ActionAuthorizer::Helper
|
65
|
-
|
66
|
-
# def authenticated
|
67
|
-
# current_user
|
68
|
-
# end
|
45
|
+
def authorized?
|
46
|
+
ActionAuthorizer::Base.authorized?(current_user, controller_path, action_name, params.except(:controller, :action))
|
47
|
+
end
|
48
|
+
|
49
|
+
def unauthorize!
|
50
|
+
if request.format.json?
|
51
|
+
render(json: {status: 404, error: 'Not Found'}, status: :not_found)
|
52
|
+
elsif Rails.env.production?
|
53
|
+
render(file: Rails.root.join('public/404'), layout: false, status: :not_found)
|
54
|
+
else
|
55
|
+
raise(ActionController::RoutingError, "No route matches [#{request.env['REQUEST_METHOD']}] #{request.env['PATH_INFO'].inspect}")
|
56
|
+
end
|
57
|
+
end
|
69
58
|
end
|
70
59
|
```
|
71
60
|
|
72
|
-
|
61
|
+
- Edit: spec/rails_helper.rb
|
73
62
|
```ruby
|
63
|
+
require 'action_authorizer_matchers_helper'
|
64
|
+
...
|
74
65
|
RSpec.configure do |config|
|
75
66
|
# Controllers Spec with ActionAuthorizer
|
76
67
|
config.before :each, type: :controller do
|
@@ -85,265 +76,30 @@ RSpec.configure do |config|
|
|
85
76
|
end
|
86
77
|
```
|
87
78
|
|
88
|
-
now configure your: app/controllers/application_controller.rb
|
89
|
-
```ruby
|
90
|
-
class ApplicationController < ActionController::Base
|
91
|
-
include ActionAuthorizer::Config
|
92
|
-
|
93
|
-
# Prevent CSRF attacks by raising an exception.
|
94
|
-
# For APIs, you may want to use :null_session instead.
|
95
|
-
protect_from_forgery with: :exception
|
96
|
-
|
97
|
-
before_action :authenticate_user!
|
98
|
-
before_action :authorize!, unless: :devise_controller?
|
99
|
-
|
100
|
-
# def authenticated
|
101
|
-
# current_user
|
102
|
-
# end
|
103
|
-
|
104
|
-
# def respond_unauthorized_on_production_environment
|
105
|
-
# render file: Rails.root.join('public/404'), layout: false, status: :not_found
|
106
|
-
# end
|
107
|
-
end
|
108
|
-
```
|
109
|
-
|
110
79
|
### Authorizing models with module
|
111
80
|
|
112
|
-
|
81
|
+
- Run
|
113
82
|
```console
|
114
83
|
rails generate action_authorizer:authorizer namespace/model
|
115
84
|
```
|
116
85
|
|
117
86
|
### Authorizing models without module
|
118
87
|
|
119
|
-
|
88
|
+
- Run
|
120
89
|
```console
|
121
90
|
rails generate action_authorizer:authorizer model
|
122
91
|
```
|
123
92
|
|
124
|
-
it will be generated: app/authorizers/models_authorizer.rb
|
125
|
-
```ruby
|
126
|
-
# Authorize reference controller actions when return:
|
127
|
-
# Present values different hash:
|
128
|
-
# ex.:
|
129
|
-
# true
|
130
|
-
# 'nil'
|
131
|
-
# 'false'
|
132
|
-
# 0
|
133
|
-
# '0'
|
134
|
-
# [0]
|
135
|
-
# Empty requested params:
|
136
|
-
# ex. to requested params {}:
|
137
|
-
# { id: [1, 2] }
|
138
|
-
# { id: ['1', '2'] }
|
139
|
-
# { id: ['one', 'two'] }
|
140
|
-
# A hash with key:values including requested params key:value:
|
141
|
-
# ex. to requested params {id: 1, other: 3}:
|
142
|
-
# { id: [1, 2] }
|
143
|
-
# { id: ['1', '2'] }
|
144
|
-
# ex. to requested params {id: 'one', other: 'three'}:
|
145
|
-
# { id: ['one', 'two'] }
|
146
|
-
# A hash with keys different requested params keys:
|
147
|
-
# ex. to requested params {other: 3}:
|
148
|
-
# { id: [1, 2] }
|
149
|
-
# { id: ['1', '2'] }
|
150
|
-
# ex. to requested params {other: 'three'}:
|
151
|
-
# { id: ['one', 'two'] }
|
152
|
-
#
|
153
|
-
# Unauthorize reference controller actions when return:
|
154
|
-
# Blank values different hash:
|
155
|
-
# ex.:
|
156
|
-
# nil
|
157
|
-
# false
|
158
|
-
# ''
|
159
|
-
# ' '
|
160
|
-
# []
|
161
|
-
# A hash with key:values excluding requested params key:value:
|
162
|
-
# ex. to requested params {id: 3, other: 3}:
|
163
|
-
# { id: [1, 2] }
|
164
|
-
# { id: ['1', '2'] }
|
165
|
-
# ex. to requested params {id: 'three', other: 'three'}:
|
166
|
-
# { id: ['one', 'two'] }
|
167
|
-
class ModelsAuthorizer < ApplicationAuthorizer
|
168
|
-
# All actions automatically validating the need of user logged.
|
169
|
-
# Skip this check for all actions:
|
170
|
-
# skip_authentication
|
171
|
-
# Or skip_authentication_only for some actions:
|
172
|
-
# skip_authentication_only :index, :new, :destroy, ...
|
173
|
-
|
174
|
-
def index
|
175
|
-
# true
|
176
|
-
end
|
177
|
-
|
178
|
-
def show
|
179
|
-
# true
|
180
|
-
# Model.where(user: authenticated).find(params[:id]).avaliable?
|
181
|
-
# { id: authenticated.model_ids }
|
182
|
-
end
|
183
|
-
|
184
|
-
def new
|
185
|
-
# true
|
186
|
-
# Model.where(user: authenticated).find(params[:id]).avaliable?
|
187
|
-
end
|
188
|
-
|
189
|
-
def edit
|
190
|
-
# true
|
191
|
-
# Model.where(user: authenticated).find(params[:id]).avaliable?
|
192
|
-
# { id: authenticated.model_ids }
|
193
|
-
end
|
194
|
-
|
195
|
-
def create
|
196
|
-
# true
|
197
|
-
# Model.where(user: authenticated).find(params[:id]).avaliable?
|
198
|
-
end
|
199
|
-
|
200
|
-
def update
|
201
|
-
# true
|
202
|
-
# Model.where(user: authenticated).find(params[:id]).avaliable?
|
203
|
-
# { id: authenticated.model_ids }
|
204
|
-
end
|
205
|
-
|
206
|
-
def destroy
|
207
|
-
# true
|
208
|
-
# Model.where(user: authenticated).find(params[:id]).avaliable?
|
209
|
-
# { id: authenticated.model_ids }
|
210
|
-
end
|
211
|
-
|
212
|
-
end
|
213
|
-
```
|
214
|
-
|
215
|
-
it will be generated: spec/authorizers/models_authorizer_spec.rb
|
216
|
-
```ruby
|
217
|
-
require 'rails_helper'
|
218
|
-
|
219
|
-
RSpec.describe ModelsAuthorizer, type: :authorizer do
|
220
|
-
|
221
|
-
# let(:guest_user) { nil }
|
222
|
-
# let(:one_user) { double('Authenticated', user_group?: true, model_ids: [1]) }
|
223
|
-
# let(:two_user) { double('Authenticated', user_group?: true, model_ids: [2]) }
|
224
|
-
# let(:admin_user) { double('Authenticated', admin_group?: true) }
|
225
|
-
|
226
|
-
# context '#index' do
|
227
|
-
# describe 'authorize' do
|
228
|
-
# it { expect(ModelsAuthorizer.new(one_user, :index)).to be_authorized }
|
229
|
-
# it { expect(ModelsAuthorizer.new(two_user, :index)).to be_authorized }
|
230
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :index)).to be_authorized }
|
231
|
-
# end
|
232
|
-
#
|
233
|
-
# describe 'not authorize' do
|
234
|
-
# it { expect(ModelsAuthorizer.new(guest_user, :index)).to be_unauthorized }
|
235
|
-
# end
|
236
|
-
# end
|
237
|
-
|
238
|
-
# context '#show' do
|
239
|
-
# describe 'authorize' do
|
240
|
-
# it { expect(ModelsAuthorizer.new(one_user, :show, id: 1)).to be_authorized }
|
241
|
-
# it { expect(ModelsAuthorizer.new(two_user, :show, id: 2)).to be_authorized }
|
242
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :show, id: 1)).to be_authorized }
|
243
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :show, id: 2)).to be_authorized }
|
244
|
-
# end
|
245
|
-
#
|
246
|
-
# describe 'not authorize' do
|
247
|
-
# it { expect(ModelsAuthorizer.new(guest_user, :show, id: 1)).to be_unauthorized }
|
248
|
-
# it { expect(ModelsAuthorizer.new(one_user, :show, id: 2)).to be_unauthorized }
|
249
|
-
# it { expect(ModelsAuthorizer.new(two_user, :show, id: 1)).to be_unauthorized }
|
250
|
-
# end
|
251
|
-
# end
|
252
|
-
|
253
|
-
# context '#new' do
|
254
|
-
# describe 'authorize' do
|
255
|
-
# it { expect(ModelsAuthorizer.new(one_user, :new)).to be_authorized }
|
256
|
-
# it { expect(ModelsAuthorizer.new(two_user, :new)).to be_authorized }
|
257
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :new)).to be_authorized }
|
258
|
-
# end
|
259
|
-
#
|
260
|
-
# describe 'not authorize' do
|
261
|
-
# it { expect(ModelsAuthorizer.new(guest_user, :new)).to be_unauthorized }
|
262
|
-
# end
|
263
|
-
# end
|
264
|
-
|
265
|
-
# context '#edit' do
|
266
|
-
# describe 'authorize' do
|
267
|
-
# it { expect(ModelsAuthorizer.new(one_user, :edit, id: 1)).to be_authorized }
|
268
|
-
# it { expect(ModelsAuthorizer.new(two_user, :edit, id: 2)).to be_authorized }
|
269
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :edit, id: 1)).to be_authorized }
|
270
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :edit, id: 2)).to be_authorized }
|
271
|
-
# end
|
272
|
-
#
|
273
|
-
# describe 'not authorize' do
|
274
|
-
# it { expect(ModelsAuthorizer.new(guest_user, :edit, id: 1)).to be_unauthorized }
|
275
|
-
# it { expect(ModelsAuthorizer.new(one_user, :edit, id: 2)).to be_unauthorized }
|
276
|
-
# it { expect(ModelsAuthorizer.new(two_user, :edit, id: 1)).to be_unauthorized }
|
277
|
-
# end
|
278
|
-
# end
|
279
|
-
|
280
|
-
# context '#create' do
|
281
|
-
# describe 'authorize' do
|
282
|
-
# it { expect(ModelsAuthorizer.new(one_user, :create)).to be_authorized }
|
283
|
-
# it { expect(ModelsAuthorizer.new(two_user, :create)).to be_authorized }
|
284
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :create)).to be_authorized }
|
285
|
-
# end
|
286
|
-
#
|
287
|
-
# describe 'not authorize' do
|
288
|
-
# it { expect(ModelsAuthorizer.new(guest_user, :create)).to be_unauthorized }
|
289
|
-
# end
|
290
|
-
# end
|
291
|
-
|
292
|
-
# context '#update' do
|
293
|
-
# describe 'authorize' do
|
294
|
-
# it { expect(ModelsAuthorizer.new(one_user, :update, id: 1)).to be_authorized }
|
295
|
-
# it { expect(ModelsAuthorizer.new(two_user, :update, id: 2)).to be_authorized }
|
296
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :update, id: 1)).to be_authorized }
|
297
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :update, id: 2)).to be_authorized }
|
298
|
-
# end
|
299
|
-
#
|
300
|
-
# describe 'not authorize' do
|
301
|
-
# it { expect(ModelsAuthorizer.new(guest_user, :update, id: 1)).to be_unauthorized }
|
302
|
-
# it { expect(ModelsAuthorizer.new(one_user, :update, id: 2)).to be_unauthorized }
|
303
|
-
# it { expect(ModelsAuthorizer.new(two_user, :update, id: 1)).to be_unauthorized }
|
304
|
-
# end
|
305
|
-
# end
|
306
|
-
|
307
|
-
# context '#destroy' do
|
308
|
-
# describe 'authorize' do
|
309
|
-
# it { expect(ModelsAuthorizer.new(one_user, :destroy, id: 1)).to be_authorized }
|
310
|
-
# it { expect(ModelsAuthorizer.new(two_user, :destroy, id: 2)).to be_authorized }
|
311
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :destroy, id: 1)).to be_authorized }
|
312
|
-
# it { expect(ModelsAuthorizer.new(admin_user, :destroy, id: 2)).to be_authorized }
|
313
|
-
# end
|
314
|
-
#
|
315
|
-
# describe 'not authorize' do
|
316
|
-
# it { expect(ModelsAuthorizer.new(guest_user, :destroy, id: 1)).to be_unauthorized }
|
317
|
-
# it { expect(ModelsAuthorizer.new(one_user, :destroy, id: 2)).to be_unauthorized }
|
318
|
-
# it { expect(ModelsAuthorizer.new(two_user, :destroy, id: 1)).to be_unauthorized }
|
319
|
-
# end
|
320
|
-
# end
|
321
|
-
|
322
|
-
end
|
323
|
-
```
|
324
|
-
|
325
93
|
## Authorizing Account's Record or Cancellation (Optional)
|
326
94
|
|
327
|
-
|
95
|
+
- Edit: app/controllers/application_controller.rb
|
328
96
|
```ruby
|
329
97
|
class ApplicationController < ActionController::Base
|
330
98
|
include ActionAuthorizer::Config
|
331
|
-
|
332
|
-
# Prevent CSRF attacks by raising an exception.
|
333
|
-
# For APIs, you may want to use :null_session instead.
|
334
|
-
protect_from_forgery with: :exception
|
335
|
-
|
99
|
+
...
|
336
100
|
before_action :authenticate_user!
|
337
101
|
before_action :authorize!, if: :authorizer_controller?
|
338
102
|
|
339
|
-
# def authenticated
|
340
|
-
# current_user
|
341
|
-
# end
|
342
|
-
|
343
|
-
# def respond_unauthorized_on_production_environment
|
344
|
-
# render file: Rails.root.join('public/404'), layout: false, status: :not_found
|
345
|
-
# end
|
346
|
-
|
347
103
|
private
|
348
104
|
|
349
105
|
def authorizer_controller?
|
@@ -352,8 +108,8 @@ class ApplicationController < ActionController::Base
|
|
352
108
|
end
|
353
109
|
```
|
354
110
|
|
355
|
-
|
356
|
-
```
|
111
|
+
- Edit: /app/views/devise/registrations/edit.html.erb
|
112
|
+
```erb
|
357
113
|
<% if authorized? 'devise/registrations', :cancel %>
|
358
114
|
<h3>Cancel my account</h3>
|
359
115
|
|
@@ -361,22 +117,22 @@ now edit your: /app/views/devise/registrations/edit.html.erb
|
|
361
117
|
<% end %>
|
362
118
|
```
|
363
119
|
|
364
|
-
|
365
|
-
```
|
120
|
+
- Edit: /app/views/devise/shared/_links.html.erb
|
121
|
+
```erb
|
366
122
|
<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
|
367
123
|
<%= link_to "Sign up", new_registration_path(resource_name) if authorized? 'devise/registrations', :new %><br />
|
368
124
|
<% end -%>
|
369
125
|
```
|
370
126
|
|
371
|
-
|
127
|
+
- Run
|
372
128
|
```console
|
373
129
|
rails generate action_authorizer:authorizer devise/registration
|
374
130
|
```
|
375
131
|
|
376
|
-
|
132
|
+
- Edit: app/authorizers/devise/registrations_authorizer.rb
|
377
133
|
```ruby
|
378
134
|
class Devise::RegistrationsAuthorizer < ApplicationAuthorizer
|
379
|
-
|
135
|
+
skip_authentication only: %i[new create]
|
380
136
|
|
381
137
|
# Account registration page
|
382
138
|
def new
|
@@ -403,70 +159,63 @@ class Devise::RegistrationsAuthorizer < ApplicationAuthorizer
|
|
403
159
|
# Account cancellation submition
|
404
160
|
def cancel
|
405
161
|
end
|
406
|
-
|
407
162
|
end
|
408
163
|
```
|
409
164
|
|
410
|
-
|
165
|
+
- Edit: /spec/authorizers/devise/registrations_authorizer_spec.rb
|
411
166
|
```ruby
|
412
167
|
require 'rails_helper'
|
413
168
|
|
414
169
|
RSpec.describe Devise::RegistrationsAuthorizer, type: :authorizer do
|
415
|
-
|
416
170
|
let(:guest_user) { nil }
|
417
|
-
let(:user) { double('
|
418
|
-
|
419
|
-
context '#new' do
|
420
|
-
describe 'not authorize' do
|
421
|
-
it { expect(Devise::RegistrationsAuthorizer.new(user, :new)).to be_unauthorized }
|
171
|
+
let(:user) { double('User') }
|
422
172
|
|
423
|
-
|
173
|
+
describe '#new' do
|
174
|
+
context 'when not authorize' do
|
175
|
+
it { expect(user).to be_unauthorized(:new) }
|
176
|
+
it { expect(guest_user).to be_unauthorized(:new) }
|
424
177
|
end
|
425
178
|
end
|
426
179
|
|
427
|
-
|
428
|
-
|
429
|
-
it { expect(
|
180
|
+
describe '#edit' do
|
181
|
+
context 'when authorize' do
|
182
|
+
it { expect(user).to be_authorized(:edit) }
|
430
183
|
end
|
431
184
|
|
432
|
-
|
433
|
-
it { expect(
|
185
|
+
context 'when not authorize' do
|
186
|
+
it { expect(guest_user).to be_unauthorized(:edit) }
|
434
187
|
end
|
435
188
|
end
|
436
189
|
|
437
|
-
|
438
|
-
|
439
|
-
it { expect(
|
440
|
-
|
441
|
-
it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :create)).to be_unauthorized }
|
190
|
+
describe '#create' do
|
191
|
+
context 'when not authorize' do
|
192
|
+
it { expect(user).to be_unauthorized(:create) }
|
193
|
+
it { expect(guest_user).to be_unauthorized(:create) }
|
442
194
|
end
|
443
195
|
end
|
444
196
|
|
445
|
-
|
446
|
-
|
447
|
-
it { expect(
|
197
|
+
describe '#update' do
|
198
|
+
context 'when authorize' do
|
199
|
+
it { expect(user).to be_authorized(:update) }
|
448
200
|
end
|
449
201
|
|
450
202
|
describe 'not authorize' do
|
451
|
-
it { expect(
|
203
|
+
it { expect(guest_user).to be_unauthorized(:update) }
|
452
204
|
end
|
453
205
|
end
|
454
206
|
|
455
|
-
|
456
|
-
|
457
|
-
it { expect(
|
458
|
-
|
459
|
-
it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :destroy)).to be_unauthorized }
|
207
|
+
describe '#destroy' do
|
208
|
+
context 'when not authorize' do
|
209
|
+
it { expect(user).to be_unauthorized(:destroy) }
|
210
|
+
it { expect(guest_user).to be_unauthorized(:destroy) }
|
460
211
|
end
|
461
212
|
end
|
462
213
|
|
463
|
-
|
464
|
-
|
465
|
-
it { expect(
|
466
|
-
|
467
|
-
it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :cancel)).to be_unauthorized }
|
214
|
+
describe '#cancel' do
|
215
|
+
context 'when not authorize' do
|
216
|
+
it { expect(user).to be_unauthorized(:cancel) }
|
217
|
+
it { expect(guest_user).to be_unauthorized(:cancel) }
|
468
218
|
end
|
469
219
|
end
|
470
|
-
|
471
220
|
end
|
472
221
|
```
|
data/lib/action_authorizer.rb
CHANGED
@@ -1,3 +1,3 @@
|
|
1
1
|
module ActionAuthorizer
|
2
|
-
VERSION =
|
3
|
-
end
|
2
|
+
VERSION = '2.0.1'.freeze
|
3
|
+
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
require 'rails/generators/resource_helpers'
|
2
2
|
|
3
|
-
class ActionAuthorizer::AuthorizerGenerator < Rails::Generators::NamedBase
|
3
|
+
class ActionAuthorizer::AuthorizerGenerator < Rails::Generators::NamedBase # :nodoc:
|
4
4
|
include Rails::Generators::ResourceHelpers
|
5
5
|
|
6
6
|
source_root File.expand_path('../templates', __FILE__)
|
@@ -1,50 +1,7 @@
|
|
1
|
-
# Authorize reference controller actions when return:
|
2
|
-
# Present values different hash:
|
3
|
-
# ex.:
|
4
|
-
# true
|
5
|
-
# 'nil'
|
6
|
-
# 'false'
|
7
|
-
# 0
|
8
|
-
# '0'
|
9
|
-
# [0]
|
10
|
-
# Empty requested params:
|
11
|
-
# ex. to requested params {}:
|
12
|
-
# { id: [1, 2] }
|
13
|
-
# { id: ['1', '2'] }
|
14
|
-
# { id: ['one', 'two'] }
|
15
|
-
# A hash with key:values including requested params key:value:
|
16
|
-
# ex. to requested params {id: 1, other: 3}:
|
17
|
-
# { id: [1, 2] }
|
18
|
-
# { id: ['1', '2'] }
|
19
|
-
# ex. to requested params {id: 'one', other: 'three'}:
|
20
|
-
# { id: ['one', 'two'] }
|
21
|
-
# A hash with keys different requested params keys:
|
22
|
-
# ex. to requested params {other: 3}:
|
23
|
-
# { id: [1, 2] }
|
24
|
-
# { id: ['1', '2'] }
|
25
|
-
# ex. to requested params {other: 'three'}:
|
26
|
-
# { id: ['one', 'two'] }
|
27
|
-
|
28
|
-
# Unauthorize reference controller actions when return:
|
29
|
-
# Blank values different hash:
|
30
|
-
# ex.:
|
31
|
-
# nil
|
32
|
-
# false
|
33
|
-
# ''
|
34
|
-
# ' '
|
35
|
-
# []
|
36
|
-
# A hash with key:values excluding requested params key:value:
|
37
|
-
# ex. to requested params {id: 3, other: 3}:
|
38
|
-
# { id: [1, 2] }
|
39
|
-
# { id: ['1', '2'] }
|
40
|
-
# ex. to requested params {id: 'three', other: 'three'}:
|
41
|
-
# { id: ['one', 'two'] }
|
42
1
|
class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
|
43
|
-
# All actions automatically validating the need of user logged.
|
44
|
-
# Skip this check for all actions:
|
45
2
|
# skip_authentication
|
46
|
-
#
|
47
|
-
#
|
3
|
+
# skip_authentication only: :index
|
4
|
+
# skip_authentication only: %i[:index, :show]
|
48
5
|
|
49
6
|
<% unless options[:singleton] -%>
|
50
7
|
def index
|
@@ -53,9 +10,8 @@ class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
|
|
53
10
|
<% end -%>
|
54
11
|
|
55
12
|
def show
|
56
|
-
#
|
57
|
-
# <%= singular_table_name.classify %>.
|
58
|
-
# { id: authenticated.<%= singular_table_name %>_ids }
|
13
|
+
# current_user.<%= plural_table_name %>.exists?(id: params[:id])
|
14
|
+
# <%= singular_table_name.classify %>.exists?(id: params[:id])
|
59
15
|
end
|
60
16
|
|
61
17
|
def new
|
@@ -63,9 +19,7 @@ class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
|
|
63
19
|
end
|
64
20
|
|
65
21
|
def edit
|
66
|
-
#
|
67
|
-
# <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
|
68
|
-
# { id: authenticated.<%= singular_table_name %>_ids }
|
22
|
+
# current_user.<%= plural_table_name %>.exists?(id: params[:id])
|
69
23
|
end
|
70
24
|
|
71
25
|
def create
|
@@ -73,15 +27,10 @@ class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
|
|
73
27
|
end
|
74
28
|
|
75
29
|
def update
|
76
|
-
#
|
77
|
-
# <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
|
78
|
-
# { id: authenticated.<%= singular_table_name %>_ids }
|
30
|
+
# current_user.<%= plural_table_name %>.exists?(id: params[:id])
|
79
31
|
end
|
80
32
|
|
81
33
|
def destroy
|
82
|
-
#
|
83
|
-
# <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
|
84
|
-
# { id: authenticated.<%= singular_table_name %>_ids }
|
34
|
+
# current_user.<%= plural_table_name %>.exists?(id: params[:id])
|
85
35
|
end
|
86
|
-
|
87
36
|
end
|
@@ -1,134 +1,106 @@
|
|
1
1
|
require 'rails_helper'
|
2
2
|
|
3
3
|
RSpec.describe <%= controller_class_name %>Authorizer, type: :authorizer do
|
4
|
-
|
5
4
|
# let(:guest_user) { nil }
|
6
|
-
# let(:one_user) { double('
|
7
|
-
# let(:two_user) { double('
|
8
|
-
# let(:admin_user) { double('
|
5
|
+
# let(:one_user) { double('User', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [1]) }
|
6
|
+
# let(:two_user) { double('User', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [2]) }
|
7
|
+
# let(:admin_user) { double('User', admin_group?: true, user_group?: false) }
|
9
8
|
|
10
9
|
<% unless options[:singleton] -%>
|
11
|
-
#
|
12
|
-
#
|
13
|
-
# it { expect(
|
14
|
-
|
15
|
-
# it { expect(
|
16
|
-
|
17
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :index)).to be_authorized }
|
10
|
+
# describe '#index' do
|
11
|
+
# context 'when authorize' do
|
12
|
+
# it { expect(one_user).to be_authorized(:index) }
|
13
|
+
# it { expect(two_user).to be_authorized(:index) }
|
14
|
+
# it { expect(admin_user).to be_authorized(:index) }
|
18
15
|
# end
|
19
16
|
|
20
|
-
#
|
21
|
-
# it { expect(
|
17
|
+
# context 'when not authorize' do
|
18
|
+
# it { expect(guest_user).to be_unauthorized(:index) }
|
22
19
|
# end
|
23
20
|
# end
|
24
21
|
<% end -%>
|
25
22
|
|
26
|
-
#
|
27
|
-
#
|
28
|
-
# it { expect(
|
29
|
-
|
30
|
-
# it { expect(
|
31
|
-
|
32
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :show, id: 1)).to be_authorized }
|
33
|
-
|
34
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :show, id: 2)).to be_authorized }
|
23
|
+
# describe '#show' do
|
24
|
+
# context 'when authorize' do
|
25
|
+
# it { expect(one_user).to be_authorized(:show, id: 1) }
|
26
|
+
# it { expect(two_user).to be_authorized(:show, id: 2) }
|
27
|
+
# it { expect(admin_user).to be_authorized(:show, id: 1) }
|
28
|
+
# it { expect(admin_user).to be_authorized(:show, id: 2) }
|
35
29
|
# end
|
36
30
|
|
37
|
-
#
|
38
|
-
# it { expect(
|
39
|
-
|
40
|
-
# it { expect(
|
41
|
-
|
42
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(two_user, :show, id: 1)).to be_unauthorized }
|
31
|
+
# context 'when not authorize' do
|
32
|
+
# it { expect(guest_user).to be_unauthorized(:show, id: 1) }
|
33
|
+
# it { expect(one_user).to be_unauthorized(:show, id: 2) }
|
34
|
+
# it { expect(two_user).to be_unauthorized(:show, id: 1) }
|
43
35
|
# end
|
44
36
|
# end
|
45
37
|
|
46
|
-
#
|
47
|
-
#
|
48
|
-
# it { expect(
|
49
|
-
|
50
|
-
# it { expect(
|
51
|
-
|
52
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :new)).to be_authorized }
|
38
|
+
# describe '#new' do
|
39
|
+
# context 'when authorize' do
|
40
|
+
# it { expect(one_user).to be_authorized(:new) }
|
41
|
+
# it { expect(two_user).to be_authorized(:new) }
|
42
|
+
# it { expect(admin_user).to be_authorized(:new) }
|
53
43
|
# end
|
54
44
|
|
55
|
-
#
|
56
|
-
# it { expect(
|
45
|
+
# context 'when not authorize' do
|
46
|
+
# it { expect(guest_user).to be_unauthorized(:new) }
|
57
47
|
# end
|
58
48
|
# end
|
59
49
|
|
60
|
-
#
|
61
|
-
#
|
62
|
-
# it { expect(
|
63
|
-
|
64
|
-
# it { expect(
|
65
|
-
|
66
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :edit, id: 1)).to be_authorized }
|
67
|
-
|
68
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :edit, id: 2)).to be_authorized }
|
50
|
+
# describe '#edit' do
|
51
|
+
# context 'when authorize' do
|
52
|
+
# it { expect(one_user).to be_authorized(:edit, id: 1) }
|
53
|
+
# it { expect(two_user).to be_authorized(:edit, id: 2) }
|
54
|
+
# it { expect(admin_user).to be_authorized(:edit, id: 1) }
|
55
|
+
# it { expect(admin_user).to be_authorized(:edit, id: 2) }
|
69
56
|
# end
|
70
57
|
|
71
|
-
#
|
72
|
-
# it { expect(
|
73
|
-
|
74
|
-
# it { expect(
|
75
|
-
|
76
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(two_user, :edit, id: 1)).to be_unauthorized }
|
58
|
+
# context 'when not authorize' do
|
59
|
+
# it { expect(guest_user).to be_unauthorized(:edit, id: 1) }
|
60
|
+
# it { expect(one_user).to be_unauthorized(:edit, id: 2) }
|
61
|
+
# it { expect(two_user).to be_unauthorized(:edit, id: 1) }
|
77
62
|
# end
|
78
63
|
# end
|
79
64
|
|
80
|
-
#
|
81
|
-
#
|
82
|
-
# it { expect(
|
83
|
-
|
84
|
-
# it { expect(
|
85
|
-
|
86
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :create)).to be_authorized }
|
65
|
+
# describe '#create' do
|
66
|
+
# context 'when authorize' do
|
67
|
+
# it { expect(one_user).to be_authorized(:create) }
|
68
|
+
# it { expect(two_user).to be_authorized(:create) }
|
69
|
+
# it { expect(admin_user).to be_authorized(:create) }
|
87
70
|
# end
|
88
71
|
|
89
|
-
#
|
90
|
-
# it { expect(
|
72
|
+
# context 'when not authorize' do
|
73
|
+
# it { expect(guest_user).to be_unauthorized(:create) }
|
91
74
|
# end
|
92
75
|
# end
|
93
76
|
|
94
|
-
#
|
95
|
-
#
|
96
|
-
# it { expect(
|
97
|
-
|
98
|
-
# it { expect(
|
99
|
-
|
100
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :update, id: 1)).to be_authorized }
|
101
|
-
|
102
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :update, id: 2)).to be_authorized }
|
77
|
+
# describe '#update' do
|
78
|
+
# context 'when authorize' do
|
79
|
+
# it { expect(one_user).to be_authorized(:update, id: 1) }
|
80
|
+
# it { expect(two_user).to be_authorized(:update, id: 2) }
|
81
|
+
# it { expect(admin_user).to be_authorized(:update, id: 1) }
|
82
|
+
# it { expect(admin_user).to be_authorized(:update, id: 2) }
|
103
83
|
# end
|
104
84
|
|
105
|
-
#
|
106
|
-
# it { expect(
|
107
|
-
|
108
|
-
# it { expect(
|
109
|
-
|
110
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(two_user, :update, id: 1)).to be_unauthorized }
|
85
|
+
# context 'when not authorize' do
|
86
|
+
# it { expect(guest_user).to be_unauthorized(:update, id: 1) }
|
87
|
+
# it { expect(one_user).to be_unauthorized(:update, id: 2) }
|
88
|
+
# it { expect(two_user).to be_unauthorized(:update, id: 1) }
|
111
89
|
# end
|
112
90
|
# end
|
113
91
|
|
114
|
-
#
|
115
|
-
#
|
116
|
-
# it { expect(
|
117
|
-
|
118
|
-
# it { expect(
|
119
|
-
|
120
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :destroy, id: 1)).to be_authorized }
|
121
|
-
|
122
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :destroy, id: 2)).to be_authorized }
|
92
|
+
# describe '#destroy' do
|
93
|
+
# context 'when authorize' do
|
94
|
+
# it { expect(one_user).to be_authorized(:destroy, id: 1) }
|
95
|
+
# it { expect(two_user).to be_authorized(:destroy, id: 2) }
|
96
|
+
# it { expect(admin_user).to be_authorized(:destroy, id: 1) }
|
97
|
+
# it { expect(admin_user).to be_authorized(:destroy, id: 2) }
|
123
98
|
# end
|
124
99
|
|
125
|
-
#
|
126
|
-
# it { expect(
|
127
|
-
|
128
|
-
# it { expect(
|
129
|
-
|
130
|
-
# it { expect(<%= controller_class_name %>Authorizer.new(two_user, :destroy, id: 1)).to be_unauthorized }
|
100
|
+
# context 'when not authorize' do
|
101
|
+
# it { expect(guest_user).to be_unauthorized(:destroy, id: 1) }
|
102
|
+
# it { expect(one_user).to be_unauthorized(:destroy, id: 2) }
|
103
|
+
# it { expect(two_user).to be_unauthorized(:destroy, id: 1) }
|
131
104
|
# end
|
132
105
|
# end
|
133
|
-
|
134
106
|
end
|
@@ -1,31 +1,16 @@
|
|
1
1
|
class ActionAuthorizer::InstallGenerator < Rails::Generators::Base # :nodoc:
|
2
|
-
|
2
|
+
source_root File.expand_path('../templates', __FILE__)
|
3
3
|
|
4
|
-
def
|
5
|
-
|
6
|
-
|
7
|
-
end
|
8
|
-
RUBY
|
4
|
+
def create_authorizers
|
5
|
+
template 'app/authorizers/action_authorizer/base.rb'
|
6
|
+
template 'app/authorizers/application_authorizer.rb'
|
9
7
|
end
|
10
8
|
|
11
|
-
def
|
12
|
-
|
13
|
-
module ActionAuthorizerHelper
|
14
|
-
# Add helpers to check authorization authenticated.
|
15
|
-
# def unauthorized? controller, action, params = {}
|
16
|
-
# def authorized? controller, action, params = {}
|
17
|
-
# ex.:
|
18
|
-
# <%= link_to 'Models', models_path if authorized? :models, :index %>
|
19
|
-
# <%= link_to 'Models Dashboard', dashboard_models_path if authorized? 'dashborad/models', :index %>
|
20
|
-
# <%= link_to 'Model', model_path(@model) if authorized? :models, :show, id: @model.id %>
|
21
|
-
# <%= link_to 'Model', edit_model_path(@model) if authorized? :models, :edit, id: @model.to_param %>
|
22
|
-
include ActionAuthorizer::Helper
|
23
|
-
|
24
|
-
# def authenticated
|
25
|
-
# current_user
|
26
|
-
# end
|
27
|
-
end
|
28
|
-
RUBY
|
9
|
+
def create_helpers
|
10
|
+
template 'app/helpers/action_authorizer_helper.rb'
|
29
11
|
end
|
30
12
|
|
31
|
-
|
13
|
+
def create_spec_helpers
|
14
|
+
template 'spec/action_authorizer_matchers_helper.rb'
|
15
|
+
end
|
16
|
+
end
|
data/lib/generators/action_authorizer/install/templates/app/authorizers/action_authorizer/base.rb
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
require 'action_authorizer/result_error.rb'
|
2
|
+
|
3
|
+
class ActionAuthorizer::Base
|
4
|
+
attr_reader :current_user, :params
|
5
|
+
|
6
|
+
def initialize(current_user, params)
|
7
|
+
@current_user = current_user
|
8
|
+
@params = params
|
9
|
+
end
|
10
|
+
|
11
|
+
def skip?(action)
|
12
|
+
false
|
13
|
+
end
|
14
|
+
|
15
|
+
class << self
|
16
|
+
def authorized?(current_user, controller, action, params)
|
17
|
+
authorizer = "#{controller}_authorizer".classify.constantize.new(current_user, params)
|
18
|
+
result = (authorizer.skip?(action) || !!current_user&.persisted?) && authorizer.respond_to?(action.to_sym) && authorizer.send(action.to_sym)
|
19
|
+
raise ActionAuthorizer::ResultError.new(result) if [true, false].exclude?(result)
|
20
|
+
result
|
21
|
+
end
|
22
|
+
|
23
|
+
def skip_authentication(only: nil)
|
24
|
+
define_method(:skip?) do |action|
|
25
|
+
only.blank? || [only].compact.flatten.map!(&:to_sym).include?(action.to_sym)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
data/lib/generators/action_authorizer/install/templates/app/helpers/action_authorizer_helper.rb
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
module ActionAuthorizerHelper
|
2
|
+
def authorized?(action, params = {})
|
3
|
+
authozired_controller? controller_path, action, params
|
4
|
+
end
|
5
|
+
|
6
|
+
def authozired_controller?(controller, action, params = {})
|
7
|
+
ActionAuthorizer::Base.authorized?(current_user, controller, action, params)
|
8
|
+
end
|
9
|
+
end
|
data/lib/generators/action_authorizer/install/templates/spec/action_authorizer_matchers_helper.rb
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
RSpec::Matchers.define :be_authorized do |action, params = {}|
|
2
|
+
match do |current_user|
|
3
|
+
controller = described_class.to_s.underscore.gsub('_authorizer', '')
|
4
|
+
ActionAuthorizer::Base.authorized?(current_user, controller, action, params)
|
5
|
+
end
|
6
|
+
end
|
7
|
+
|
8
|
+
RSpec::Matchers.define :be_unauthorized do |action, params = {}|
|
9
|
+
match do |current_user|
|
10
|
+
controller = described_class.to_s.underscore.gsub('_authorizer', '')
|
11
|
+
!ActionAuthorizer::Base.authorized?(current_user, controller, action, params)
|
12
|
+
end
|
13
|
+
end
|
metadata
CHANGED
@@ -1,27 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: action_authorizer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marcelo Junior
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2018-12-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- -
|
17
|
+
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
19
|
version: '3.0'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- -
|
24
|
+
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '3.0'
|
27
27
|
description: Rails authorization with controllers's actions.
|
@@ -33,9 +33,7 @@ files:
|
|
33
33
|
- MIT-LICENSE
|
34
34
|
- README.md
|
35
35
|
- lib/action_authorizer.rb
|
36
|
-
- lib/action_authorizer/
|
37
|
-
- lib/action_authorizer/config.rb
|
38
|
-
- lib/action_authorizer/helper.rb
|
36
|
+
- lib/action_authorizer/result_error.rb
|
39
37
|
- lib/action_authorizer/version.rb
|
40
38
|
- lib/generators/action_authorizer/authorizer/USAGE
|
41
39
|
- lib/generators/action_authorizer/authorizer/authorizer_generator.rb
|
@@ -43,7 +41,10 @@ files:
|
|
43
41
|
- lib/generators/action_authorizer/authorizer/templates/authorizer_spec.rb
|
44
42
|
- lib/generators/action_authorizer/install/USAGE
|
45
43
|
- lib/generators/action_authorizer/install/install_generator.rb
|
46
|
-
- lib/
|
44
|
+
- lib/generators/action_authorizer/install/templates/app/authorizers/action_authorizer/base.rb
|
45
|
+
- lib/generators/action_authorizer/install/templates/app/authorizers/application_authorizer.rb
|
46
|
+
- lib/generators/action_authorizer/install/templates/app/helpers/action_authorizer_helper.rb
|
47
|
+
- lib/generators/action_authorizer/install/templates/spec/action_authorizer_matchers_helper.rb
|
47
48
|
homepage: https://github.com/juniormesquitadandao/action_authorizer
|
48
49
|
licenses:
|
49
50
|
- MIT
|
@@ -54,17 +55,17 @@ require_paths:
|
|
54
55
|
- lib
|
55
56
|
required_ruby_version: !ruby/object:Gem::Requirement
|
56
57
|
requirements:
|
57
|
-
- -
|
58
|
+
- - ">="
|
58
59
|
- !ruby/object:Gem::Version
|
59
60
|
version: '1.9'
|
60
61
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
61
62
|
requirements:
|
62
|
-
- -
|
63
|
+
- - ">="
|
63
64
|
- !ruby/object:Gem::Version
|
64
65
|
version: '0'
|
65
66
|
requirements: []
|
66
67
|
rubyforge_project:
|
67
|
-
rubygems_version: 2.
|
68
|
+
rubygems_version: 2.7.7
|
68
69
|
signing_key:
|
69
70
|
specification_version: 4
|
70
71
|
summary: Action Authorizer
|
@@ -1,60 +0,0 @@
|
|
1
|
-
class ActionAuthorizer::Base
|
2
|
-
|
3
|
-
def initialize(authenticated, action, params = {})
|
4
|
-
@authenticated = authenticated
|
5
|
-
@action = action.to_sym
|
6
|
-
@params = params
|
7
|
-
end
|
8
|
-
|
9
|
-
def unauthorized?
|
10
|
-
return true if !authenticated && !skip_authentication && skip_authentication_only.exclude?(action)
|
11
|
-
|
12
|
-
@result = send(action)
|
13
|
-
if !result.kind_of?(Hash)
|
14
|
-
result.blank?
|
15
|
-
elsif params.empty?
|
16
|
-
false
|
17
|
-
else
|
18
|
-
unauthorized_params?
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
def authorized?
|
23
|
-
!unauthorized?
|
24
|
-
end
|
25
|
-
|
26
|
-
class << self
|
27
|
-
def skip_authentication
|
28
|
-
define_method(:skip_authentication) do
|
29
|
-
true
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
def skip_authentication_only *actions
|
34
|
-
define_method(:skip_authentication_only) do
|
35
|
-
actions
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
private
|
41
|
-
|
42
|
-
attr_reader :authenticated, :action, :params, :result
|
43
|
-
|
44
|
-
def unauthorized_params?
|
45
|
-
unauthorized_params = result.select do |name, values|
|
46
|
-
param_value = params[name].to_s
|
47
|
-
param_value.present? && values.map!{|v| v.to_s}.exclude?(param_value)
|
48
|
-
end
|
49
|
-
unauthorized_params.any?
|
50
|
-
end
|
51
|
-
|
52
|
-
def skip_authentication
|
53
|
-
false
|
54
|
-
end
|
55
|
-
|
56
|
-
def skip_authentication_only
|
57
|
-
[]
|
58
|
-
end
|
59
|
-
|
60
|
-
end
|
@@ -1,31 +0,0 @@
|
|
1
|
-
require 'active_support/concern'
|
2
|
-
|
3
|
-
module ActionAuthorizer::Config
|
4
|
-
extend ActiveSupport::Concern
|
5
|
-
|
6
|
-
def authenticated
|
7
|
-
current_user
|
8
|
-
end
|
9
|
-
|
10
|
-
def respond_unauthorized_on_production_environment
|
11
|
-
render file: Rails.root.join('public/404'), layout: false, status: :not_found
|
12
|
-
end
|
13
|
-
|
14
|
-
def authorize!
|
15
|
-
unauthorize! if unauthorized?
|
16
|
-
end
|
17
|
-
|
18
|
-
def unauthorized?
|
19
|
-
authorizer = "#{controller_path}_authorizer".classify.constantize
|
20
|
-
authorizer.new(authenticated, action_name.to_sym, params.except(:controller, :action)).unauthorized?
|
21
|
-
end
|
22
|
-
|
23
|
-
def unauthorize!
|
24
|
-
if Rails.env.production?
|
25
|
-
respond_unauthorized_on_production_environment
|
26
|
-
else
|
27
|
-
raise ActionController::RoutingError, "No route matches [#{env['REQUEST_METHOD']}] #{env['PATH_INFO'].inspect}"
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
end
|
@@ -1,19 +0,0 @@
|
|
1
|
-
require 'active_support/concern'
|
2
|
-
|
3
|
-
module ActionAuthorizer::Helper
|
4
|
-
extend ActiveSupport::Concern
|
5
|
-
|
6
|
-
def authenticated
|
7
|
-
current_user
|
8
|
-
end
|
9
|
-
|
10
|
-
def authorized? controller, action, params = {}
|
11
|
-
!unauthorized? controller, action, params
|
12
|
-
end
|
13
|
-
|
14
|
-
def unauthorized? controller, action, params = {}
|
15
|
-
authorizer = "#{controller.to_s}_authorizer".classify.constantize
|
16
|
-
authorizer.new(authenticated, action.to_sym, params).unauthorized?
|
17
|
-
end
|
18
|
-
|
19
|
-
end
|