adeia 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -0
- data/Rakefile +1 -1
- data/app/models/adeia/action.rb +4 -1
- data/app/models/adeia/element.rb +2 -0
- data/app/models/adeia/group.rb +4 -1
- data/app/models/adeia/permission.rb +27 -1
- data/app/models/adeia/token.rb +12 -0
- data/config/locales/en.yml +4 -1
- data/config/locales/fr.yml +4 -1
- data/db/migrate/20151003150524_create_adeia_tokens.rb +1 -1
- data/lib/adeia/authorization.rb +19 -8
- data/lib/adeia/controller_methods.rb +2 -2
- data/lib/adeia/controller_resource.rb +8 -5
- data/lib/adeia/database.rb +19 -8
- data/lib/adeia/engine.rb +7 -0
- data/lib/adeia/version.rb +1 -1
- data/spec/authorization_spec.rb +162 -0
- data/spec/controllers/articles_controller_spec.rb +123 -0
- data/spec/factories.rb +53 -0
- data/spec/rails_helper.rb +19 -0
- data/spec/spec_helper.rb +19 -0
- data/spec/support/spec_login_helper.rb +18 -0
- data/{test/dummy → spec/test_app}/Rakefile +0 -0
- data/{test/dummy → spec/test_app}/app/assets/javascripts/application.js +0 -0
- data/{test/dummy → spec/test_app}/app/assets/javascripts/sessions.js +0 -0
- data/{test/dummy → spec/test_app}/app/assets/stylesheets/application.css +0 -0
- data/{test/dummy → spec/test_app}/app/assets/stylesheets/scaffold.css +0 -0
- data/{test/dummy → spec/test_app}/app/assets/stylesheets/sessions.css +0 -0
- data/{test/dummy → spec/test_app}/app/controllers/application_controller.rb +0 -0
- data/{test/dummy → spec/test_app}/app/controllers/articles_controller.rb +4 -11
- data/{test/dummy → spec/test_app}/app/controllers/sessions_controller.rb +1 -1
- data/{test/dummy → spec/test_app}/app/helpers/application_helper.rb +0 -0
- data/{test/dummy → spec/test_app}/app/helpers/sessions_helper.rb +0 -0
- data/{test/dummy → spec/test_app}/app/models/article.rb +0 -0
- data/{test/dummy → spec/test_app}/app/models/user.rb +0 -0
- data/{test/dummy → spec/test_app}/app/views/articles/_form.html.erb +0 -0
- data/{test/dummy → spec/test_app}/app/views/articles/edit.html.erb +0 -0
- data/{test/dummy → spec/test_app}/app/views/articles/index.html.erb +0 -0
- data/{test/dummy → spec/test_app}/app/views/articles/new.html.erb +0 -0
- data/{test/dummy → spec/test_app}/app/views/articles/show.html.erb +0 -0
- data/{test/dummy → spec/test_app}/app/views/layouts/application.html.erb +1 -1
- data/{test/dummy → spec/test_app}/app/views/sessions/new.html.erb +0 -0
- data/{test/dummy → spec/test_app}/bin/bundle +0 -0
- data/{test/dummy → spec/test_app}/bin/rails +0 -0
- data/{test/dummy → spec/test_app}/bin/rake +0 -0
- data/{test/dummy → spec/test_app}/bin/setup +0 -0
- data/{test/dummy → spec/test_app}/config.ru +0 -0
- data/{test/dummy → spec/test_app}/config/application.rb +0 -0
- data/{test/dummy → spec/test_app}/config/boot.rb +0 -0
- data/{test/dummy → spec/test_app}/config/database.yml +0 -0
- data/{test/dummy → spec/test_app}/config/environment.rb +0 -0
- data/{test/dummy → spec/test_app}/config/environments/development.rb +0 -0
- data/{test/dummy → spec/test_app}/config/environments/production.rb +0 -0
- data/{test/dummy → spec/test_app}/config/environments/test.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/assets.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/backtrace_silencers.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/cookies_serializer.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/filter_parameter_logging.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/inflections.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/mime_types.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/session_store.rb +0 -0
- data/{test/dummy → spec/test_app}/config/initializers/wrap_parameters.rb +0 -0
- data/{test/dummy → spec/test_app}/config/locales/en.yml +0 -0
- data/{test/dummy → spec/test_app}/config/routes.rb +1 -1
- data/{test/dummy → spec/test_app}/config/secrets.yml +0 -0
- data/{test/dummy → spec/test_app}/db/development.sqlite3 +0 -0
- data/{test/dummy/db/migrate/20150930161522_create_users.rb → spec/test_app/db/migrate/20151012185720_create_users.rb} +1 -1
- data/{test/dummy/db/migrate/20150930161532_create_articles.rb → spec/test_app/db/migrate/20151012185726_create_articles.rb} +1 -1
- data/{test/dummy → spec/test_app}/db/schema.rb +2 -2
- data/spec/test_app/db/test.sqlite3 +0 -0
- data/{test/dummy → spec/test_app}/lib/tasks/init.rake +0 -0
- data/{test/dummy → spec/test_app}/log/development.log +1314 -0
- data/spec/test_app/log/test.log +24709 -0
- data/{test/dummy → spec/test_app}/public/404.html +0 -0
- data/{test/dummy → spec/test_app}/public/422.html +0 -0
- data/{test/dummy → spec/test_app}/public/500.html +0 -0
- data/{test/dummy → spec/test_app}/public/favicon.ico +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/007YZnzCZDb7P0xbxiEkmAM6-xSsxmYu_W7vnrvcDOs.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/1GiUoKAP-7ewZyzr_eCTMX0R8ML5Z_VN2bfQ05RAW30.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/5Lly_CA8DZvPhQV2jDQx-Y6P_y3Ygra9t5jfSlGhHDA.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/6n6yNyR4eQhIVjw5Anxur-SLgdDc_rzuMuZKj6Q4FqE.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/80nWjD2uxLBuIN1R5NawmTsgZWCB6nln8WXf_5gHri4.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/9Fw_WnCC15QnXUQZ4eYTYLOBv20at5Z5gL-WJx_QsR4.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/D4VyPOMG_wXgPRZtj-mbRdONJXbdgOZKcuwSm-lNNIA.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/DmmfrCpXtt74Hr6NO54lxyOCDv6klnDyBqeDFR7oDU8.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/HggfmBmV-rmvrvzJjqvjmDpwB2BTEQvh6krp0CcrI0U.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/OI6uxGcnsKavdWTtwDAasU3wPx8QXhzBgV0X2n1KjMQ.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/P1NOTKHlk-FIwqlw0wiyLanpgNyubwQi850S1aonsbQ.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/PKcbfub75wwU6UzvVnSMFn_6wsaaPUoXMtWTnyyh5jM.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/S4dXPkh6wlupsMUb-GvZ2Q5PwAZmplTCkViWCnVWWw0.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/UuBE6kIOXtWOmnrnywPI98bzHE-L84SteUEfzexxVtA.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/Xa5LZJIrW7sSuOWWFwCAhDkDQ71pA_cHp6H5kiTZS6E.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/eQqoU12FSWEA4BsL-PjwTnIUr1bZsu27SOzFHPomG4c.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/f3V_hqqK4rH7Z51LFX1Wk9hrWGjYABTZmgSeYvWKgLs.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/gXIpNlfbH4G7-D0grgt2EuWuwHwTymznc1rlxJ1-C0A.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/hX4wt6FzyI47gW66iiVyl2C722yfwvx3KafFEYkreEY.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/hZi1k6tpxxCGYxRe7zY74ItcOI8gZrREOpGuA8JSpGg.cache +0 -0
- data/spec/test_app/tmp/cache/assets/development/sprockets/v3.0/m36EDdApBppvyoX6m8cNCOm1eyt7pipkfASRya0sKqM.cache +1 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/nZCCAAO-XWnPS2Xr9yss0VhSONvnR3emOuEIc_b-1OY.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/pEhaat2KBd5SrT7szC_8R1_6hK17FTpvoRFkmCRSD3M.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/r5qzpye5vWgzwRnRhhSYkUslyNZ11pyYXQZqGe8o930.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/t0GCJAJcd_7X2F172TjwwDZ6rfNJc2FRbDTV5-jSqY0.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/t92Y0f7B0gH-r5W-iNadtkzgjm8gxyEyttnY6AWpdmw.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/tYGZjTIGEDMySqV7qHf43dq0_aB7TuSEhhZtN_9xW54.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/wMjI0_cDi3gmsOV5xXr-QPQOfHCB_qea8St_udeflhE.cache +0 -0
- data/{test/dummy → spec/test_app}/tmp/cache/assets/development/sprockets/v3.0/z2mRCA3647ZviK5pXi1_qLwdxkiCaoIfZj7jHoMfLiI.cache +0 -0
- data/spec/test_app/tmp/pids/server.pid +1 -0
- data/spec/validations_spec.rb +37 -0
- metadata +219 -194
- data/test/dummy/db/migrate/20151003145900_create_adeia_elements.adeia.rb +0 -10
- data/test/dummy/db/migrate/20151003145901_create_adeia_permissions.adeia.rb +0 -17
- data/test/dummy/db/migrate/20151003145902_create_adeia_groups.adeia.rb +0 -10
- data/test/dummy/db/migrate/20151003145903_create_adeia_group_users.adeia.rb +0 -11
- data/test/dummy/db/migrate/20151003150941_create_adeia_tokens.adeia.rb +0 -13
- data/test/dummy/db/migrate/20151003150942_create_adeia_actions.adeia.rb +0 -10
- data/test/dummy/db/migrate/20151003150943_create_adeia_action_permissions.adeia.rb +0 -11
- data/test/dummy/test/controllers/articles_controller_test.rb +0 -49
- data/test/dummy/test/controllers/sessions_controller_test.rb +0 -7
- data/test/dummy/test/controllers/users_controller_test.rb +0 -49
- data/test/dummy/test/fixtures/articles.yml +0 -11
- data/test/dummy/test/fixtures/users.yml +0 -9
- data/test/dummy/test/models/article_test.rb +0 -7
- data/test/dummy/test/models/user_test.rb +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb72e440667ceb322201245578196b58cd73e5f7
|
|
4
|
+
data.tar.gz: 912258e0e88dc60ac9b28b370d6ba64a19f48a90
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 701bcd0c7eeb411ad63f5272160a611351e103409da5a2d61bfc59d97216257535e772eb0c90112b64166422a468c61b091815653c60cd53055e286a3dc9101e
|
|
7
|
+
data.tar.gz: e8c68bc12f8b1b0c799bb7a52cfd35d1a3253f1c4e2cc496febab89be45fa48dbaf66cba1bc879901c0dc31e0269f14a8e263f5d5dcb029ebd4715713a99dee8
|
data/README.md
ADDED
data/Rakefile
CHANGED
data/app/models/adeia/action.rb
CHANGED
data/app/models/adeia/element.rb
CHANGED
data/app/models/adeia/group.rb
CHANGED
|
@@ -1,4 +1,30 @@
|
|
|
1
1
|
class Adeia::Permission < ActiveRecord::Base
|
|
2
|
-
belongs_to :owner
|
|
2
|
+
belongs_to :owner, polymorphic: true
|
|
3
3
|
belongs_to :element
|
|
4
|
+
|
|
5
|
+
has_many :action_permissions, dependent: :destroy
|
|
6
|
+
has_many :actions, through: :action_permissions
|
|
7
|
+
|
|
8
|
+
enum permission_type: [:all_entries, :on_ownerships, :on_entry]
|
|
9
|
+
|
|
10
|
+
validates :owner, presence: true
|
|
11
|
+
validates :element, presence: true
|
|
12
|
+
validates :permission_type, presence: true
|
|
13
|
+
validate :presence_of_resource_id
|
|
14
|
+
validate :presence_of_a_right
|
|
15
|
+
|
|
16
|
+
private
|
|
17
|
+
|
|
18
|
+
def presence_of_resource_id
|
|
19
|
+
if permission_type == "on_entry" && resource_id.nil?
|
|
20
|
+
errors.add(:resource_id, I18n.t("errors.messages.blank"))
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def presence_of_a_right
|
|
25
|
+
if permission_type == "on_ownerships" && !(read_right || update_right || destroy_right || actions.any?)
|
|
26
|
+
errors[:base] << I18n.t("errors.messages.right_required")
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
4
30
|
end
|
data/app/models/adeia/token.rb
CHANGED
|
@@ -1,5 +1,17 @@
|
|
|
1
1
|
module Adeia
|
|
2
2
|
class Token < ActiveRecord::Base
|
|
3
3
|
belongs_to :permission
|
|
4
|
+
|
|
5
|
+
validates :permission_id, presence: true
|
|
6
|
+
validates :exp_at, presence: true
|
|
7
|
+
|
|
8
|
+
before_create :generate_token
|
|
9
|
+
|
|
10
|
+
private
|
|
11
|
+
|
|
12
|
+
def generate_token
|
|
13
|
+
self.token = SecureRandom.urlsafe_base64
|
|
14
|
+
end
|
|
15
|
+
|
|
4
16
|
end
|
|
5
17
|
end
|
data/config/locales/en.yml
CHANGED
|
@@ -3,4 +3,7 @@ en:
|
|
|
3
3
|
messages:
|
|
4
4
|
login_required: "Please login before visiting this page !"
|
|
5
5
|
access_denied: "You don't have access to this page !"
|
|
6
|
-
missing_params: "params %{params} is missing !"
|
|
6
|
+
missing_params: "params %{params} is missing !"
|
|
7
|
+
errors:
|
|
8
|
+
messages:
|
|
9
|
+
right_required: "If you want to add a permission linked to user's ownerships, please check at least one right or add an action"
|
data/config/locales/fr.yml
CHANGED
|
@@ -3,4 +3,7 @@ fr:
|
|
|
3
3
|
messages:
|
|
4
4
|
login_required: "Veuillez vous connecter pour accéder à cette page !"
|
|
5
5
|
access_denied: "Vous n'êtes pas autorisé à accéder à cette page !"
|
|
6
|
-
missing_params: "Le paramètre %{params} est manquant !"
|
|
6
|
+
missing_params: "Le paramètre %{params} est manquant !"
|
|
7
|
+
errors:
|
|
8
|
+
messages:
|
|
9
|
+
right_required: "Lorsque vous voulez créer une permission liée aux possessions de l'utilisateur, vous devez cocher au moins un droit ou ajouter une action"
|
data/lib/adeia/authorization.rb
CHANGED
|
@@ -6,15 +6,21 @@ module Adeia
|
|
|
6
6
|
class Authorization < Database
|
|
7
7
|
|
|
8
8
|
def authorize!
|
|
9
|
-
|
|
10
|
-
raise LoginRequired if
|
|
11
|
-
|
|
12
|
-
|
|
9
|
+
rights = token_rights(right_name)
|
|
10
|
+
raise LoginRequired if rights[:rights].empty? && @user.nil?
|
|
11
|
+
rights = rights.merge(send("#{right_name}_rights")) { |key, v1, v2| v1 + v2 } if @user
|
|
12
|
+
@rights, @resource_ids = rights[:rights], rights[:resource_ids]
|
|
13
|
+
raise AccessDenied unless @rights.any? && authorize?
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def check_permissions!
|
|
17
|
+
load_permissions
|
|
18
|
+
raise AccessDenied unless @rights.any?
|
|
13
19
|
end
|
|
14
20
|
|
|
15
21
|
def can?
|
|
16
|
-
|
|
17
|
-
authorize?
|
|
22
|
+
load_permissions
|
|
23
|
+
@rights.any? && authorize?
|
|
18
24
|
end
|
|
19
25
|
|
|
20
26
|
private
|
|
@@ -28,11 +34,11 @@ module Adeia
|
|
|
28
34
|
end
|
|
29
35
|
|
|
30
36
|
def on_ownerships?
|
|
31
|
-
@rights.any? { |r| r.permission_type == "on_ownerships" } && @
|
|
37
|
+
@user && @resource && @rights.any? { |r| r.permission_type == "on_ownerships" } && @resource.user == @user
|
|
32
38
|
end
|
|
33
39
|
|
|
34
40
|
def on_entry?
|
|
35
|
-
@
|
|
41
|
+
@resource && @resource_ids.include?(@resource.id)
|
|
36
42
|
end
|
|
37
43
|
|
|
38
44
|
def right_names
|
|
@@ -43,6 +49,11 @@ module Adeia
|
|
|
43
49
|
right_names.select { |k, v| v.include? @action.to_sym }.keys[0] || :action
|
|
44
50
|
end
|
|
45
51
|
|
|
52
|
+
def load_permissions
|
|
53
|
+
rights = token_rights(right_name).merge(send("#{right_name}_rights")) { |key, v1, v2| v1 + v2 }
|
|
54
|
+
@rights, @resource_ids = rights[:rights], rights[:resource_ids]
|
|
55
|
+
end
|
|
56
|
+
|
|
46
57
|
end
|
|
47
58
|
|
|
48
59
|
end
|
|
@@ -7,7 +7,7 @@ module Adeia
|
|
|
7
7
|
module ClassMethods
|
|
8
8
|
|
|
9
9
|
def load_and_authorize(**args)
|
|
10
|
-
ControllerResource.add_before_filter(self, :
|
|
10
|
+
ControllerResource.add_before_filter(self, :load_resource_or_records_and_authorize, **args)
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
end
|
|
@@ -26,7 +26,7 @@ module Adeia
|
|
|
26
26
|
|
|
27
27
|
def authorize_and_load_records!(**args)
|
|
28
28
|
controller_resource = ControllerResource.new(self, **args)
|
|
29
|
-
controller_resource.
|
|
29
|
+
controller_resource.check_permissions!
|
|
30
30
|
return controller_resource.load_records
|
|
31
31
|
end
|
|
32
32
|
|
|
@@ -11,7 +11,7 @@ module Adeia
|
|
|
11
11
|
end
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def self.
|
|
14
|
+
def self.load_resource_or_records_and_authorize(controller)
|
|
15
15
|
if controller.action_name == "index"
|
|
16
16
|
controller.authorize_and_load_records!
|
|
17
17
|
else
|
|
@@ -38,12 +38,12 @@ module Adeia
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def load_records
|
|
41
|
-
rights = authorization.read_rights +
|
|
42
|
-
resource_ids = rights
|
|
41
|
+
rights = authorization.read_rights.merge(authorization.token_rights(:read)) { |key, v1, v2| v1 + v2 }
|
|
42
|
+
rights, resource_ids = rights[:rights], rights[:resource_ids]
|
|
43
43
|
@records ||= if rights.any? { |r| r.permission_type == "all_entries" }
|
|
44
44
|
resource_class.all
|
|
45
45
|
elsif rights.any? { |r| r.permission_type == "on_ownerships" }
|
|
46
|
-
resource_class.where(user_id
|
|
46
|
+
resource_class.where("user_id = ? OR id IN (?)", @user.id, resource_ids)
|
|
47
47
|
elsif rights.any? { |r| r.permission_type == "on_entry" }
|
|
48
48
|
resource_class.where(id: resource_ids)
|
|
49
49
|
else
|
|
@@ -56,11 +56,14 @@ module Adeia
|
|
|
56
56
|
@authorization ||= Authorization.new(@controller_name, @action_name, @token, @resource, @user)
|
|
57
57
|
end
|
|
58
58
|
|
|
59
|
-
|
|
60
59
|
def authorize!
|
|
61
60
|
authorization.authorize!
|
|
62
61
|
end
|
|
63
62
|
|
|
63
|
+
def check_permissions!
|
|
64
|
+
authorization.check_permissions!
|
|
65
|
+
end
|
|
66
|
+
|
|
64
67
|
def can?
|
|
65
68
|
authorization.can?
|
|
66
69
|
end
|
data/lib/adeia/database.rb
CHANGED
|
@@ -11,31 +11,42 @@ module Adeia
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def read_rights
|
|
14
|
-
@read_rights ||= Adeia::Permission.joins(:element).where(owner: owners, read_right: true,
|
|
14
|
+
@read_rights ||= Adeia::Permission.joins(:element).where(owner: owners, read_right: true, adeia_elements: {name: @controller})
|
|
15
|
+
@read_resource_ids ||= @read_rights.pluck(:resource_id).compact
|
|
16
|
+
return { rights: @read_rights, resource_ids: @read_resource_ids }
|
|
15
17
|
end
|
|
16
18
|
|
|
17
19
|
def create_rights
|
|
18
|
-
@create_rights ||= Adeia::Permission.joins(:element).where(owner: owners, create_right: true,
|
|
20
|
+
@create_rights ||= Adeia::Permission.joins(:element).where(owner: owners, create_right: true, adeia_elements: {name: @controller})
|
|
21
|
+
return { rights: @create_rights }
|
|
19
22
|
end
|
|
20
23
|
|
|
21
24
|
def update_rights
|
|
22
|
-
@update_rights ||= Adeia::Permission.joins(:element).where(owner: owners, update_right: true,
|
|
25
|
+
@update_rights ||= Adeia::Permission.joins(:element).where(owner: owners, update_right: true, adeia_elements: {name: @controller})
|
|
26
|
+
@update_resource_ids ||= @update_rights.pluck(:resource_id).compact
|
|
27
|
+
return { rights: @update_rights, resource_ids: @update_resource_ids }
|
|
23
28
|
end
|
|
24
29
|
|
|
25
30
|
def destroy_rights
|
|
26
|
-
@destroy_rights ||= Adeia::Permission.joins(:element).where(owner: owners, destroy_right: true,
|
|
31
|
+
@destroy_rights ||= Adeia::Permission.joins(:element).where(owner: owners, destroy_right: true, adeia_elements: {name: @controller})
|
|
32
|
+
@destroy_resource_ids ||= @destroy_rights.pluck(:resource_id).compact
|
|
33
|
+
return { rights: @destroy_rights, resource_ids: @destroy_resource_ids }
|
|
27
34
|
end
|
|
28
35
|
|
|
29
36
|
def action_rights
|
|
30
|
-
@action_rights ||= Adeia::Permission.joins(:actions, :element).where(owner: owners,
|
|
37
|
+
@action_rights ||= Adeia::Permission.joins(:actions, :element).where(owner: owners, adeia_elements: {name: @controller}, adeia_actions: {name: @action})
|
|
38
|
+
@action_resource_ids ||= @action_rights.pluck(:resource_id).compact
|
|
39
|
+
return { rights: @action_rights, resource_ids: @action_resource_ids }
|
|
31
40
|
end
|
|
32
41
|
|
|
33
42
|
def token_rights(right_name)
|
|
34
43
|
@permission_token ||= Adeia::Token.find_by_token(@token)
|
|
35
|
-
if @permission_token && @permission_token.
|
|
36
|
-
@token_rights ||= Adeia::Permission.joins(:element).where(
|
|
44
|
+
if @permission_token && @permission_token.is_valid
|
|
45
|
+
@token_rights ||= Adeia::Permission.joins(:element).where(id: @permission_token.permission_id, adeia_elements: { name: @controller }, "#{right_name}_right": true)
|
|
46
|
+
@token_resource_ids ||= @token_rights.pluck(:resource_id).compact
|
|
47
|
+
return { rights: @token_rights, resource_ids: @token_resource_ids }
|
|
37
48
|
else
|
|
38
|
-
|
|
49
|
+
return { rights: Adeia::Permission.none }
|
|
39
50
|
end
|
|
40
51
|
end
|
|
41
52
|
|
data/lib/adeia/engine.rb
CHANGED
|
@@ -4,6 +4,13 @@ module Adeia
|
|
|
4
4
|
class Engine < ::Rails::Engine
|
|
5
5
|
isolate_namespace Adeia
|
|
6
6
|
|
|
7
|
+
config.generators do |g|
|
|
8
|
+
g.test_framework :rspec
|
|
9
|
+
g.assets false
|
|
10
|
+
g.helper false
|
|
11
|
+
g.factory_girl false
|
|
12
|
+
end
|
|
13
|
+
|
|
7
14
|
initializer 'Adeia.controller' do |app|
|
|
8
15
|
ActionController::Base.send :include, Adeia::ControllerMethods
|
|
9
16
|
end
|
data/lib/adeia/version.rb
CHANGED
|
@@ -0,0 +1,162 @@
|
|
|
1
|
+
require 'rails_helper'
|
|
2
|
+
|
|
3
|
+
module Adeia
|
|
4
|
+
|
|
5
|
+
describe Authorization do
|
|
6
|
+
let(:user) { mock_model(User) }
|
|
7
|
+
|
|
8
|
+
it "does not allow a visitor without a token" do
|
|
9
|
+
authorization = Authorization.new("admin/articles", "new", nil, nil, nil)
|
|
10
|
+
expect { authorization.authorize! }.to raise_error LoginRequired
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "allows a visitor with a valid token" do
|
|
14
|
+
permission = create(:permission, create_right: true)
|
|
15
|
+
token = create(:token, permission: permission).token
|
|
16
|
+
authorization = Authorization.new("admin/articles", "new", token, nil, nil)
|
|
17
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
it "does not allow a user without a permission" do
|
|
21
|
+
authorization = Authorization.new("admin/articles", "new", nil, nil, user)
|
|
22
|
+
expect { authorization.authorize! }.to raise_error AccessDenied
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
it "does not allow a user with a wrong permission" do
|
|
26
|
+
create(:permission, owner: user, read_right: true, update_right: true, destroy_right: true)
|
|
27
|
+
authorization = Authorization.new("admin/articles", "new", nil, nil, user)
|
|
28
|
+
expect { authorization.authorize! }.to raise_error AccessDenied
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
context "with read permission" do
|
|
32
|
+
before(:each) { create(:permission, owner: user, read_right: true) }
|
|
33
|
+
|
|
34
|
+
it "allows the user in the index action" do
|
|
35
|
+
authorization = Authorization.new("admin/articles", "index", nil, nil, user)
|
|
36
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it "allows the user in the show action" do
|
|
40
|
+
authorization = Authorization.new("admin/articles", "show", nil, nil, user)
|
|
41
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
context "with create permission" do
|
|
47
|
+
before(:each) { create(:permission, owner: user, create_right: true) }
|
|
48
|
+
|
|
49
|
+
it "allows the user in the new action" do
|
|
50
|
+
authorization = Authorization.new("admin/articles", "new", nil, nil, user)
|
|
51
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
it "allows the user in the create action" do
|
|
55
|
+
authorization = Authorization.new("admin/articles", "create", nil, nil, user)
|
|
56
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
context "with update permission" do
|
|
62
|
+
before(:each) { create(:permission, owner: user, update_right: true) }
|
|
63
|
+
|
|
64
|
+
it "allows the user in the edit action" do
|
|
65
|
+
authorization = Authorization.new("admin/articles", "edit", nil, nil, user)
|
|
66
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
it "allows the user in the update action" do
|
|
70
|
+
authorization = Authorization.new("admin/articles", "update", nil, nil, user)
|
|
71
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
context "with destroy permission" do
|
|
77
|
+
before(:each) { create(:permission, owner: user, destroy_right: true) }
|
|
78
|
+
|
|
79
|
+
it "allows the user in the destroy action" do
|
|
80
|
+
authorization = Authorization.new("admin/articles", "destroy", nil, nil, user)
|
|
81
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
context "with an specific action permission" do
|
|
87
|
+
before(:each) { create(:permission, owner: user, action: "share") }
|
|
88
|
+
|
|
89
|
+
it "allows the user in the destroy action" do
|
|
90
|
+
authorization = Authorization.new("admin/articles", "share", nil, nil, user)
|
|
91
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
context "with an 'on ownership' permission" do
|
|
97
|
+
let!(:permission) { create(:permission, owner: user, update_right: true, type_name: "on_ownerships") }
|
|
98
|
+
|
|
99
|
+
it "does not allow a visitor" do
|
|
100
|
+
token = create(:token, permission: permission).token
|
|
101
|
+
authorization = Authorization.new("admin/articles", "edit", token, nil, nil)
|
|
102
|
+
expect { authorization.authorize! }.to raise_error AccessDenied
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
it "does not allow when no resource is provided" do
|
|
106
|
+
authorization = Authorization.new("admin/articles", "edit", nil, nil, user)
|
|
107
|
+
expect { authorization.authorize! }.to raise_error AccessDenied
|
|
108
|
+
end
|
|
109
|
+
|
|
110
|
+
it "does not allow when the resource is not his" do
|
|
111
|
+
foreign_user = mock_model(User)
|
|
112
|
+
article = mock_model(Article, user: foreign_user)
|
|
113
|
+
authorization = Authorization.new("admin/articles", "edit", nil, article, user)
|
|
114
|
+
expect { authorization.authorize! }.to raise_error AccessDenied
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
it "allows the user" do
|
|
118
|
+
article = mock_model(Article, user: user)
|
|
119
|
+
authorization = Authorization.new("admin/articles", "edit", nil, article, user)
|
|
120
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
121
|
+
end
|
|
122
|
+
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
context "with an 'on entry' permission" do
|
|
126
|
+
|
|
127
|
+
it "does not allow when there is no resource" do
|
|
128
|
+
permission = create(:permission, owner: user, update_right: true, type_name: "on_entry", resource_id: 1)
|
|
129
|
+
authorization = Authorization.new("admin/articles", "edit", nil, nil, user)
|
|
130
|
+
expect { authorization.authorize! }.to raise_error AccessDenied
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
it "does not allow when the resource is not allowed" do
|
|
134
|
+
article = mock_model(Article)
|
|
135
|
+
permission = create(:permission, owner: user, update_right: true, type_name: "on_entry", resource_id: article.id + 1)
|
|
136
|
+
authorization = Authorization.new("admin/articles", "edit", nil, article, user)
|
|
137
|
+
expect { authorization.authorize! }.to raise_error AccessDenied
|
|
138
|
+
end
|
|
139
|
+
|
|
140
|
+
it "allows the user" do
|
|
141
|
+
article = mock_model(Article)
|
|
142
|
+
permission = create(:permission, owner: user, update_right: true, type_name: "on_entry", resource_id: article.id)
|
|
143
|
+
authorization = Authorization.new("admin/articles", "edit", nil, article, user)
|
|
144
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
context "with an inherited permission" do
|
|
150
|
+
|
|
151
|
+
it "allows the user" do
|
|
152
|
+
group = create(:user_group, user: user).group
|
|
153
|
+
permission = create(:permission, owner: group, create_right: true)
|
|
154
|
+
authorization = Authorization.new("admin/articles", "new", nil, nil, user)
|
|
155
|
+
expect { authorization.authorize! }.not_to raise_error
|
|
156
|
+
end
|
|
157
|
+
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
end
|