action_permission 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +84 -16
- data/lib/action_permission/controller.rb +1 -1
- data/lib/action_permission/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed9979494907e04aeaa65a5e7512e1eab1b4a2b0
|
|
4
|
+
data.tar.gz: 6e57506a7aaa20833b6f76cf56fe1eaa35a73b3b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8af6fe719487ddc81abdd1346ffafd9a4f291124d29e756e6abc70555839a16f5698e9360ac5dca13f2d6decd486300e4df11d2c8ddb7b256175840baabe08bb
|
|
7
|
+
data.tar.gz: 78390c60745981427dee34acc884c8b4479cdbec7e1f69de1ed62827a9470fe95848c1b64a924d55202843374de3ffa2667ccf7e516fec01cdded8ecdae16686
|
data/README.md
CHANGED
|
@@ -1,11 +1,9 @@
|
|
|
1
|
-
__NOTICE: The gem as it stands is not production-ready.__
|
|
2
|
-
_See [issues](https://github.com/mttdffy/action_permission/issues) for details_
|
|
3
|
-
|
|
4
|
-
----
|
|
5
|
-
|
|
6
1
|
# ActionPermission
|
|
7
2
|
|
|
8
|
-
|
|
3
|
+
[](http://badge.fury.io/rb/action_permission)
|
|
4
|
+
[](https://codeclimate.com/github/mttdffy/action_permission)
|
|
5
|
+
|
|
6
|
+
A permission structure for defining both action-based and attribute-based permissions for rails 4+ applications.
|
|
9
7
|
|
|
10
8
|
## Installation
|
|
11
9
|
|
|
@@ -24,10 +22,10 @@ $ rails generate action_permission:install
|
|
|
24
22
|
|
|
25
23
|
## Usage
|
|
26
24
|
|
|
27
|
-
ActionPermission assumes you have the concept of user roles. This can be any field
|
|
25
|
+
ActionPermission assumes you have the concept of user roles/levels/segments. This can be any field on any object. It's core action is to load permissions that correspond to the controller handling the current request, determine the user's access level, and call a method on the permission object that corresponds to that level. A permission file might look like this:
|
|
28
26
|
|
|
29
27
|
```ruby
|
|
30
|
-
class
|
|
28
|
+
class BooksPermission < ApplicationPermission
|
|
31
29
|
|
|
32
30
|
def params
|
|
33
31
|
[:name, :author, :isbn, :page_count, :price]
|
|
@@ -36,8 +34,10 @@ class BookPermission < ApplicationPermission
|
|
|
36
34
|
def guest
|
|
37
35
|
allow [:index, :show]
|
|
38
36
|
end
|
|
37
|
+
|
|
38
|
+
match_with :guest, :member
|
|
39
39
|
|
|
40
|
-
def
|
|
40
|
+
def editor
|
|
41
41
|
allow [:index, :show, :new]
|
|
42
42
|
allow [:create, :edit, :update, :destroy] do |user|
|
|
43
43
|
@membership.id == user.id
|
|
@@ -53,8 +53,8 @@ class BookPermission < ApplicationPermission
|
|
|
53
53
|
end
|
|
54
54
|
```
|
|
55
55
|
|
|
56
|
-
- the `params` method can be used to define attributes allowed to be modified by that user level in addition to their allowed actions
|
|
57
|
-
- the `@membership` attribute is set on initialization
|
|
56
|
+
- the `params` method can be used to define attributes allowed to be modified by that user level in addition to their allowed actions, which can be further refined for each level using `except` and `only options`.
|
|
57
|
+
- the `@membership` attribute is set on initialization of the permission object. See setup for details in 'Setup'
|
|
58
58
|
|
|
59
59
|
|
|
60
60
|
## Setup
|
|
@@ -63,11 +63,11 @@ end
|
|
|
63
63
|
$ rails generate action_permission:install
|
|
64
64
|
```
|
|
65
65
|
|
|
66
|
-
This generator
|
|
66
|
+
This generator creates the `app/permissions` directory along with a `application_perimission.rb` file.
|
|
67
67
|
|
|
68
|
-
Permissions should be placed in the `app/permissions` directory. Each permission will typically extend from `ApplicationPermission`, allowing you to set default permissions for each role.
|
|
68
|
+
Permissions should be placed in the `app/permissions` directory and mimic the structure of your controllers. Each permission will typically extend from `ApplicationPermission`, allowing you to set default permissions for each role.
|
|
69
69
|
|
|
70
|
-
Additionally, the install generator will add some boilerplate code into your `ApplicationController` for setting up
|
|
70
|
+
Additionally, the install generator will add some boilerplate code into your `ApplicationController` required for setting up ActionPermission. It will look much like this:
|
|
71
71
|
|
|
72
72
|
```ruby
|
|
73
73
|
#app/controllers/application_controller.rb
|
|
@@ -91,7 +91,11 @@ end
|
|
|
91
91
|
|
|
92
92
|
This is a basic implementation that you can change and modify to work with your application's user role structure.
|
|
93
93
|
|
|
94
|
-
Ultimately, ActionPermission looks to receive a string representing the name of the role/level of current user. It requires you to
|
|
94
|
+
Ultimately, ActionPermission looks to receive a string representing the name of the role/level of current user. It requires you to pass a method to `authorize_with` in your `ApplicationController` to call when loading permissions.
|
|
95
|
+
|
|
96
|
+
- This method should return an object that can repond to an `#identify` method.
|
|
97
|
+
- Object returned is set as `@membership` for use in `#allow` blocks (see example permission class above)
|
|
98
|
+
- `#identify` is expected to return a string or symbol representing the user's role/level. A method with a name matching this return value will be called on the permission object.
|
|
95
99
|
|
|
96
100
|
```ruby
|
|
97
101
|
# app/models/user.rb
|
|
@@ -114,7 +118,7 @@ class ApplicationPermission < ActionPermission::Base
|
|
|
114
118
|
|
|
115
119
|
def load(user)
|
|
116
120
|
@membership = user
|
|
117
|
-
send @membership.
|
|
121
|
+
send @membership.access_level
|
|
118
122
|
end
|
|
119
123
|
|
|
120
124
|
end
|
|
@@ -138,6 +142,70 @@ ApplicationController < ActionController::Base
|
|
|
138
142
|
end
|
|
139
143
|
```
|
|
140
144
|
|
|
145
|
+
You can set this at a global level in `ApplicationController`, or be specific about how it handles unauthorized access by checking `#authorized?` in an individual controller. Or both.
|
|
146
|
+
|
|
147
|
+
## Parameters
|
|
148
|
+
|
|
149
|
+
You can enforce the user level's parameter access by using the `#allowed_params_for` method in each controller to retrieve the parameters to be passed into create or update methods.
|
|
150
|
+
|
|
151
|
+
```ruby
|
|
152
|
+
class BooksController < ApplicationController
|
|
153
|
+
|
|
154
|
+
# ...
|
|
155
|
+
def create
|
|
156
|
+
@book = Book.new(book_params)
|
|
157
|
+
if @book.save
|
|
158
|
+
redirect_to @book
|
|
159
|
+
else
|
|
160
|
+
render :new
|
|
161
|
+
end
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
private
|
|
165
|
+
|
|
166
|
+
def book_params
|
|
167
|
+
allowed_params_for :book, params
|
|
168
|
+
end
|
|
169
|
+
|
|
170
|
+
# ...
|
|
171
|
+
|
|
172
|
+
end
|
|
173
|
+
|
|
174
|
+
```
|
|
175
|
+
|
|
176
|
+
The example above will load the `BooksPermission` class, call the method corresponding to the user's level, then filter the parameters in `params[:book]` based on the permission instance and return the allowed parameters. This uses and hooks into strong_parameters.
|
|
177
|
+
|
|
178
|
+
### `allowed_params_for(resource, params [, controller])`
|
|
179
|
+
|
|
180
|
+
`#allowed_params_for` requires two arguments, and takes an options third.
|
|
181
|
+
|
|
182
|
+
Both `resource` and `controller` can be a string, symbol, Class, or Class instance.
|
|
183
|
+
|
|
184
|
+
By default, resource will be used to guess which permission to load, but you can explicity tell it which controller (thus corresponding permission file), you intend to check. This comes into play when controllers and models are namespaced and may not be namespaced in the same way.
|
|
185
|
+
|
|
186
|
+
```ruby
|
|
187
|
+
|
|
188
|
+
# would load BooksPermission
|
|
189
|
+
# and filter :book key of params
|
|
190
|
+
allowed_params_for @book, params
|
|
191
|
+
|
|
192
|
+
# would load Libraries::BooksPermission
|
|
193
|
+
# and filter :library_book key of params
|
|
194
|
+
allowed_params_for 'library/book', params
|
|
195
|
+
|
|
196
|
+
# would load permission corresponding to current controller
|
|
197
|
+
# and filter :book key from params
|
|
198
|
+
allowed_params_for :book, params, self
|
|
199
|
+
|
|
200
|
+
# would load Admin::BooksPermission
|
|
201
|
+
# and filter :user_book key of params
|
|
202
|
+
allowed_params_for 'user/book', params, Admin::BooksController
|
|
203
|
+
|
|
204
|
+
# would load Library::BooksPermission
|
|
205
|
+
# and filter :user_book key of params
|
|
206
|
+
allowed_params_for User::Book, params, 'library/books'
|
|
207
|
+
```
|
|
208
|
+
|
|
141
209
|
## Generators
|
|
142
210
|
|
|
143
211
|
rails g action_permission:install
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: action_permission
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matt Duffy
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2014-03-
|
|
13
|
+
date: 2014-03-17 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rails
|