active_record_api-rest 1.0.4 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/active_record_api/rest/application_policy.rb +7 -7
- data/lib/active_record_api/rest/controller.rb +3 -3
- data/lib/active_record_api/rest/session_data.rb +14 -0
- data/lib/active_record_api/rest/version.rb +1 -1
- data/lib/active_record_api-rest.rb +1 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d68b145e695905bba559d0c28db4f50ce452fd81d67abf4227c8dcb9a823a936
|
4
|
+
data.tar.gz: 4bc55f74cf9bc0a0a0197fd7f671cb551ee8e0a38d975337538547f7975e4a96
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bcc3b88d74ee20f89e6b8bf61c247dc98f8a154445210ef724a4dd3dfcd4183a130a814a5d383976b3fedb93163cf4f77639f0dc56aef7f447a7c10e1038ead7
|
7
|
+
data.tar.gz: 8a9e09b0e5f75aff12eebfe6e5b961c8a4ed391dfea65fb642ce56db2310eb99e8bd02a13cffcee03aabdc5a14a8d3743765eb0dc2edf7ffb5dd65d6ab6d3fe7
|
data/Gemfile.lock
CHANGED
@@ -2,10 +2,10 @@ module ActiveRecordApi
|
|
2
2
|
module Rest
|
3
3
|
class ApplicationPolicy
|
4
4
|
class Scope
|
5
|
-
attr_reader :
|
5
|
+
attr_reader :session, :scope
|
6
6
|
|
7
|
-
def initialize(
|
8
|
-
@
|
7
|
+
def initialize(session, scope)
|
8
|
+
@session = session
|
9
9
|
@scope = scope
|
10
10
|
end
|
11
11
|
|
@@ -14,14 +14,14 @@ module ActiveRecordApi
|
|
14
14
|
end
|
15
15
|
end
|
16
16
|
|
17
|
-
attr_reader :
|
17
|
+
attr_reader :session
|
18
18
|
attr_reader :model_class
|
19
19
|
|
20
20
|
READ = 'read'.freeze
|
21
21
|
MANAGE = 'manage'.freeze
|
22
22
|
|
23
|
-
def initialize(
|
24
|
-
@
|
23
|
+
def initialize(session, model_class)
|
24
|
+
@session = session
|
25
25
|
@model_class = model_class
|
26
26
|
end
|
27
27
|
|
@@ -48,7 +48,7 @@ module ActiveRecordApi
|
|
48
48
|
protected
|
49
49
|
|
50
50
|
def can?(action)
|
51
|
-
|
51
|
+
session.permissions.include?("#{service_name}__#{@model_class.name.downcase}:#{action}")
|
52
52
|
end
|
53
53
|
|
54
54
|
private
|
@@ -68,16 +68,16 @@ module ActiveRecordApi
|
|
68
68
|
end
|
69
69
|
|
70
70
|
def authorize
|
71
|
-
raise BadSessionException.new(controller_name, action_name) if
|
71
|
+
raise BadSessionException.new(controller_name, action_name) if session_data.nil?
|
72
72
|
raise AccessDeniedException.new(controller_name, action_name, 'Insufficient permissions') unless policy.send("#{action_name}?")
|
73
73
|
end
|
74
74
|
|
75
75
|
def scope_filter(scope)
|
76
|
-
"#{policy.class.name}::Scope".constantize.new(
|
76
|
+
"#{policy.class.name}::Scope".constantize.new(session_data, scope).resolve
|
77
77
|
end
|
78
78
|
|
79
79
|
def policy
|
80
|
-
@policy ||= ("#{controller_name.classify}Policy".safe_constantize) ? "#{controller_name.classify}Policy".constantize.new(
|
80
|
+
@policy ||= ("#{controller_name.classify}Policy".safe_constantize) ? "#{controller_name.classify}Policy".constantize.new(session_data, model_klass) : ApplicationPolicy.new(session_data, model_klass)
|
81
81
|
end
|
82
82
|
end
|
83
83
|
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
module ActiveRecordApi
|
2
|
+
module Rest
|
3
|
+
class SessionData
|
4
|
+
attr_reader :user_id
|
5
|
+
attr_reader :permissions
|
6
|
+
attr_reader :permission_attributes
|
7
|
+
def initialize(user_id, permissions, permission_attributes)
|
8
|
+
@user_id = user_id
|
9
|
+
@permissions = permissions
|
10
|
+
@permission_attributes = permission_attributes
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: active_record_api-rest
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Full Measure Education
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-03-
|
11
|
+
date: 2019-03-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -151,6 +151,7 @@ files:
|
|
151
151
|
- lib/active_record_api/rest/graceful_errors.rb
|
152
152
|
- lib/active_record_api/rest/index_controller.rb
|
153
153
|
- lib/active_record_api/rest/request_url_generator.rb
|
154
|
+
- lib/active_record_api/rest/session_data.rb
|
154
155
|
- lib/active_record_api/rest/spec.rb
|
155
156
|
- lib/active_record_api/rest/spec/rest_controller_shared_example.rb
|
156
157
|
- lib/active_record_api/rest/version.rb
|