RubyGems - action_sentinel - Versions diffs - 0.1.0 → 0.2.0 - Mend

action_sentinel 0.1.0 → 0.2.0

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/README.md +19 -5
data/lib/action_sentinel/authorization.rb +2 -2
data/lib/action_sentinel/permissible.rb +9 -9
data/lib/action_sentinel/version.rb +1 -1
data/lib/generators/action_sentinel/access_permission_generator.rb +6 -2
data/lib/generators/action_sentinel/templates/access_permission.rb +1 -1
data/lib/generators/action_sentinel/templates/migration.rb +4 -4
metadata +7 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fa3b8401bf44885aec2145a79689ff7f38b02dac73c69922fbc22c0fdbd7b307
-  data.tar.gz: 6e4b635a86277548e76d18b6f4f73e5aa73619f5941923e2cfd5433acf7e526f
+  metadata.gz: 204f3d0ef817c0d6cc2d1a1b35885452e3b7d5db74e9568ddd95ef610da7bebd
+  data.tar.gz: 383b26ad27efd68c7a1e463f2238f83ce47af9d229061d2840fbf66ca5aa1664
 SHA512:
-  metadata.gz: b19c9599910bce3915839ee7342090bfc66b5dbe46b8cbb11f6e96da2c55d0efed6a64e2bdae8b20d99b7e256f2bae3a2bf27aeb4b55b4315294a7a98f95d974
-  data.tar.gz: 22dd485c1ba4af40cdd4cd6076a98e267515510c6eb63f3c13e68c4567fce329d59dc940679170d644ef71bc4d3574a54925390c396aee1e258efbf1fc6051c6
+  metadata.gz: 505df6f90e87e78dbbdc7f0aa21ec54302a17fe8938fcbe59f2e899c02dc27ca13f873ddc72e540bf9a59e0ba6b29ac1c588bdde73af271264227a4ccddfe6ec
+  data.tar.gz: c39df3332e792c823e04dbd81e0667e84a877d3c54c076cc698a5f3484a66b21de6b3f28fd781ee7afbb54982dad2af82333d56d72d45345ff17874573aba909

data/CHANGELOG.md CHANGED Viewed

@@ -3,3 +3,8 @@
 ## [0.1.0] - 2023-12-04
 - Initial release
+## [0.2.0] - 2023-12-27
+- Changed `controller_name` attribute to `controller_path` in `AccessPermission` model
+- Allow to create actions permissions to scoped controllers

data/README.md CHANGED Viewed

@@ -40,7 +40,7 @@ The generator will create the AccessPermission model and a migration, and insert
 class AccessPermission < ApplicationRecord
   belongs_to :user
-  validates :controller_name, uniqueness: { scope: :group_id }
+  validates :controller_path, uniqueness: { scope: :user_id }
 end
 # User model with permissions added
@@ -79,9 +79,9 @@ user.add_permissions_to 'show', 'users'
 # Adding permissions to access create and update actions in UsersController
 user.add_permissions_to 'create', 'update', 'users'
 ```
-_The arguments must be related to the actions of a controller, and the last argument is the name of the controller. The actions arguments must be in downcase format and must be equal to the actions methods of the controller. The controller argument, must be in downcase and plural format, ignoring the "Controller" prefix._
+The arguments must be related to the actions of a controller, and the last argument is the name of the controller. The actions arguments must be in downcase format and must be equal to the actions methods of the controller. The controller argument, must be in downcase and plural format, ignoring the "Controller" suffix.
-_For example: a controller called `UsersController` must be passed just as `users`._
+For example, a controller called `UsersController` must be passed just as `users`.
 Also is possible to pass the arguments as symbols:
 ```ruby
@@ -108,6 +108,21 @@ To check if the user has permission to access an action from a controller, you j
 user.has_permission_to? 'create', 'users'
 ```
+### Scoped Controllers
+For controllers that are scoped in a module, its argument also must be informed in the same downcase and plural format, but with the prefix of the module separated by a slash. For example, a controller called `Api::UsersController` must be passed as `api/users`:
+```ruby
+# Adding permissions
+user.add_permissions_to 'create', 'update', 'api/users'
+# Removing permissions
+user.remove_permissions_to 'create', 'update', 'api/users'
+# Checking permission
+user.has_permission_to? 'create', 'api/users'
+```
 ## Authorization
 To authorize the actions in a controller, you must call `authorize_action!`. Action Sentinel will authorize the access if the current user has permission to access the action.
@@ -143,7 +158,6 @@ end
 ```
 ### Rescuing an UnauthorizedAction in ApplicationController
----
 Action Sentinel raises an `ActionSentinel::UnauthorizedAction` if the user does not have the permission to access an action. You can rescue this error and respond in your customized format using `rescue_from` in your `ApplicationController`:
@@ -163,7 +177,7 @@ end
 ## Contributing
-Bug reports and pull requests are welcome on GitHub at https://github.com/Null-Bug-Company/action_sentinel.
+Bug reports and pull requests are welcome on GitHub at https://github.com/denisstael/action_sentinel.
 ## License

data/lib/action_sentinel/authorization.rb CHANGED Viewed

@@ -10,9 +10,9 @@ module ActionSentinel
     # @raise [UnauthorizedAction] if the user is not authorized.
     # @return [void]
     def authorize_action!
-      return if action_user.has_permission_to?(action_name, controller_name)
+      return if action_user.has_permission_to?(action_name, controller_path)
-      raise UnauthorizedAction, "Not allowed to access '#{action_name}' action in #{controller_name}_controller"
+      raise UnauthorizedAction, "Not allowed to access '#{action_name}' action in #{controller_path.camelize}Controller"
     end
     # Retrieve the user associated with the current action.

data/lib/action_sentinel/permissible.rb CHANGED Viewed

@@ -28,10 +28,10 @@ module ActionSentinel
     # Add permissions to the access_permissions association for a specific controller.
     #
     # @param actions [Array<Symbol, String>] The actions to add permissions for.
-    # @param controller_name [String] The name of the controller.
+    # @param controller_path [String] The name of the controller.
     # @return [Boolean] true if the permission was saved, false otherwise.
-    def add_permissions_to(*actions, controller_name)
-      permission = access_permissions.find_or_initialize_by(controller_name: controller_name)
+    def add_permissions_to(*actions, controller_path)
+      permission = access_permissions.find_or_initialize_by(controller_path: controller_path)
       permission.assign_attributes(actions: (permission.actions + sanitize_actions_array(actions)).uniq)
       permission.save
     end
@@ -39,11 +39,11 @@ module ActionSentinel
     # Remove permissions from the access_permissions association for a specific controller.
     #
     # @param actions [Array<Symbol, String>] The actions to remove permissions for.
-    # @param controller_name [String] The name of the controller.
+    # @param controller_path [String] The name of the controller.
     # @return [Boolean, nil] true if the permission was saved, false if it was not or nil
     #   if the permission was not found.
-    def remove_permissions_to(*actions, controller_name)
-      permission = access_permissions.find_by(controller_name: controller_name)
+    def remove_permissions_to(*actions, controller_path)
+      permission = access_permissions.find_by(controller_path: controller_path)
       permission&.update(actions: (permission.actions - sanitize_actions_array(actions)))
     end
@@ -52,10 +52,10 @@ module ActionSentinel
     # Check if the model has permission to perform a specific action in a controller.
     #
     # @param action [Symbol, String] The action to check permission for.
-    # @param controller_name [String] The name of the controller.
+    # @param controller_path [String] The name of the controller.
     # @return [Boolean] true if the model has permission, false otherwise.
-    def has_permission_to?(action, controller_name)
-      query = access_permissions.where(controller_name: controller_name)
+    def has_permission_to?(action, controller_path)
+      query = access_permissions.where(controller_path: controller_path)
       query = if %w[sqlite sqlite3].include? self.class.connection.adapter_name.downcase
                 query.where("actions LIKE ?", "%#{action}%")

data/lib/action_sentinel/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module ActionSentinel
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/generators/action_sentinel/access_permission_generator.rb CHANGED Viewed

@@ -29,10 +29,14 @@ module ActionSentinel
       template "access_permission.rb", File.join("app", "models", "access_permission.rb")
     end
-    def table_id_type
+    def primary_key_type
       options.uuid? ? ", id: :uuid" : ""
     end
+    def foreign_key_type
+      options.uuid? ? ", type: :uuid" : ""
+    end
     def generate_migration
       migration_template "migration.rb", "db/migrate/create_access_permissions.rb"
     end
@@ -52,7 +56,7 @@ module ActionSentinel
     def inject_action_permissible_into_model
       model_file = File.join("app", "models", "#{singular_model_name}.rb")
       inject_into_class(model_file, model_class) do
-        "\taction_permissible\n\n"
+        "\taction_permissible\n"
       end
     end
   end

data/lib/generators/action_sentinel/templates/access_permission.rb CHANGED Viewed

@@ -3,5 +3,5 @@
 class AccessPermission < ApplicationRecord
   belongs_to :<%= singular_model_name %>
-  validates :controller_name, uniqueness: { scope: :<%= singular_model_name %>_id }
+  validates :controller_path, uniqueness: { scope: :<%= singular_model_name %>_id }
 end

data/lib/generators/action_sentinel/templates/migration.rb CHANGED Viewed

@@ -1,13 +1,13 @@
 class CreateAccessPermissions < ActiveRecord::Migration<%= migration_version %>
   def change
-    create_table :access_permissions<%= table_id_type %> do |t|
-      t.string :controller_name, null: false
+    create_table :access_permissions<%= primary_key_type %> do |t|
+      t.string :controller_path, null: false
       t.string :actions, null: false, array: true, default: []
-      t.references :<%= singular_model_name %>, null: false<%= table_id_type %>
+      t.references :<%= singular_model_name %>, null: false<%= foreign_key_type %>
       t.timestamps
     end
-    add_index :access_permissions, [:controller_name, :<%= singular_model_name %>_id], unique: true
+    add_index :access_permissions, [:controller_path, :<%= singular_model_name %>_id], unique: true
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: action_sentinel
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Denis Stael
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-12-06 00:00:00.000000000 Z
+date: 2023-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -55,7 +55,7 @@ dependencies:
 description: "    This gem enables access authorization control, based on the access
   permission settings for \n    each controller and its actions, at the model level.\n"
 email:
-- denis@nullbug.dev
+- denissantistael@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -76,12 +76,13 @@ files:
 - lib/generators/action_sentinel/access_permission_generator.rb
 - lib/generators/action_sentinel/templates/access_permission.rb
 - lib/generators/action_sentinel/templates/migration.rb
-homepage: https://github.com/Null-Bug-Company/action_sentinel
+homepage: https://github.com/denisstael/action_sentinel
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/Null-Bug-Company/action_sentinel
-  source_code_uri: https://github.com/Null-Bug-Company/action_sentinel
+  homepage_uri: https://github.com/denisstael/action_sentinel
+  source_code_uri: https://github.com/denisstael/action_sentinel
+  changelog_uri: https://github.com/denisstael/action_sentinel/blob/main/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths: