ae_declarative_authorization 0.12.1 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE.txt +1 -1
- data/declarative_authorization.gemspec +19 -20
- data/lib/declarative_authorization/authorization.rb +4 -0
- data/lib/declarative_authorization/controller_permission.rb +2 -1
- data/lib/declarative_authorization/test/helpers.rb +1 -1
- data/lib/declarative_authorization/version.rb +1 -1
- metadata +27 -32
- data/.circleci/config.yml +0 -29
- data/.gitignore +0 -32
- data/.ruby-version +0 -1
- data/Appraisals +0 -27
- data/CHANGELOG +0 -189
- data/Gemfile +0 -9
- data/README.md +0 -620
- data/README.rdoc +0 -597
- data/Rakefile +0 -35
- data/authorization_rules.dist.rb +0 -20
- data/init.rb +0 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 25a8212f21bb76701233314163ecdc43a91245dda378125f45f0dd819637f933
|
|
4
|
+
data.tar.gz: 1f91baaa43b7c905f0e263c5ac6a5824d7754764806d13e5da8e7f8ebd5d0b40
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 34e5b75e9ab125ade50e801701982cb7a2db33aaab837246fb03900b7edcaba2ec39d981a3fcc94821de54190adbe9e6eed5bd29146f3732b867dc3625e6cc02
|
|
7
|
+
data.tar.gz: bc6fc502242c55259f8b2736bdd0fa221b21fde64c288e3a16b7baa1451d0c13b754012ab159bea47969838287c89db69b12c3746fb6bdd7465a9ebc2aebc5fe
|
data/LICENSE.txt
CHANGED
|
@@ -1,24 +1,23 @@
|
|
|
1
|
-
#
|
|
2
|
-
lib = File.expand_path('../lib', __FILE__)
|
|
3
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
-
require 'declarative_authorization/version'
|
|
1
|
+
# frozen_string_literal: true
|
|
5
2
|
|
|
6
|
-
|
|
7
|
-
s.name = 'ae_declarative_authorization'
|
|
8
|
-
s.version = DeclarativeAuthorization::VERSION
|
|
9
|
-
s.platform = Gem::Platform::RUBY
|
|
10
|
-
s.authors = ['AppFolio', 'Steffen Bartsch']
|
|
11
|
-
s.email = 'dev@appfolio.com'
|
|
12
|
-
s.description = 'ae_declarative_authorization is a Rails gem for maintainable authorization based on readable authorization rules.'
|
|
13
|
-
s.summary = s.description
|
|
14
|
-
s.homepage = 'http://github.com/appfolio/ae_declarative_authorization'
|
|
15
|
-
s.licenses = ['MIT']
|
|
3
|
+
require_relative 'lib/declarative_authorization/version'
|
|
16
4
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
5
|
+
Gem::Specification.new do |spec|
|
|
6
|
+
spec.name = 'ae_declarative_authorization'
|
|
7
|
+
spec.version = DeclarativeAuthorization::VERSION
|
|
8
|
+
spec.platform = Gem::Platform::RUBY
|
|
9
|
+
spec.author = 'AppFolio'
|
|
10
|
+
spec.email = 'opensource@appfolio.com'
|
|
11
|
+
spec.description = 'Rails gem for maintainable authorization based on readable authorization rules.'
|
|
12
|
+
spec.summary = spec.description
|
|
13
|
+
spec.homepage = 'https://github.com/appfolio/ae_declarative_authorization'
|
|
14
|
+
spec.license = 'MIT'
|
|
15
|
+
spec.files = Dir['**/*'].select { |f| f[%r{^(lib/|LICENSE.txt|.*gemspec)}] }
|
|
16
|
+
spec.require_paths = ['lib']
|
|
17
|
+
spec.required_ruby_version = Gem::Requirement.new('>= 2.6.3')
|
|
21
18
|
|
|
22
|
-
|
|
23
|
-
|
|
19
|
+
spec.metadata['allowed_push_host'] = 'https://rubygems.org'
|
|
20
|
+
|
|
21
|
+
spec.add_dependency('blockenspiel', ['>= 0.5', '< 1'])
|
|
22
|
+
spec.add_dependency('rails', ['>= 4.2.5.2', '< 7.1'])
|
|
24
23
|
end
|
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
require File.dirname(__FILE__) + '/reader.rb'
|
|
3
3
|
require "set"
|
|
4
4
|
require "forwardable"
|
|
5
|
+
require 'rails'
|
|
5
6
|
|
|
6
7
|
module Authorization
|
|
7
8
|
# An exception raised if anything goes wrong in the Authorization realm
|
|
@@ -175,6 +176,9 @@ module Authorization
|
|
|
175
176
|
|
|
176
177
|
user, roles, privileges = user_roles_privleges_from_options(privilege, options)
|
|
177
178
|
|
|
179
|
+
callback = Rails.application.config.try(:ae_declarative_authorization_permit_callback)
|
|
180
|
+
callback.call(controller: options[:controller], privilege: privilege) if callback && options.include?(:controller)
|
|
181
|
+
|
|
178
182
|
return true if roles.is_a?(Hash) && !(roles.keys & omnipotent_roles).empty?
|
|
179
183
|
|
|
180
184
|
# find a authorization rule that matches for at least one of the roles and
|
|
@@ -29,7 +29,8 @@ module Authorization
|
|
|
29
29
|
:user => contr.send(:current_user),
|
|
30
30
|
:object => object,
|
|
31
31
|
:skip_attribute_test => !@attribute_check,
|
|
32
|
-
:context => @context || controller_class(contr).decl_auth_context
|
|
32
|
+
:context => @context || controller_class(contr).decl_auth_context,
|
|
33
|
+
:controller => contr)
|
|
33
34
|
end
|
|
34
35
|
|
|
35
36
|
def remove_actions(actions)
|
|
@@ -135,7 +135,7 @@ module DeclarativeAuthorization
|
|
|
135
135
|
def access_tests(&block)
|
|
136
136
|
@access_tests_defined = true
|
|
137
137
|
file_output ||= [ 'test/profiles/access_checking', ENV['TEST_ENV_NUMBER'] ].compact.join('.')
|
|
138
|
-
unless File.
|
|
138
|
+
unless File.exist?(file_output)
|
|
139
139
|
FileUtils.mkdir_p(File.dirname(file_output))
|
|
140
140
|
end
|
|
141
141
|
File.open(file_output, "a+") do |file|
|
metadata
CHANGED
|
@@ -1,30 +1,35 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ae_declarative_authorization
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- AppFolio
|
|
8
|
-
|
|
9
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
10
9
|
bindir: bin
|
|
11
10
|
cert_chain: []
|
|
12
|
-
date:
|
|
11
|
+
date: 2022-02-23 00:00:00.000000000 Z
|
|
13
12
|
dependencies:
|
|
14
13
|
- !ruby/object:Gem::Dependency
|
|
15
14
|
name: blockenspiel
|
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
|
17
16
|
requirements:
|
|
18
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '0.5'
|
|
20
|
+
- - "<"
|
|
19
21
|
- !ruby/object:Gem::Version
|
|
20
|
-
version:
|
|
22
|
+
version: '1'
|
|
21
23
|
type: :runtime
|
|
22
24
|
prerelease: false
|
|
23
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
24
26
|
requirements:
|
|
25
|
-
- - "
|
|
27
|
+
- - ">="
|
|
26
28
|
- !ruby/object:Gem::Version
|
|
27
|
-
version: 0.5
|
|
29
|
+
version: '0.5'
|
|
30
|
+
- - "<"
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
32
|
+
version: '1'
|
|
28
33
|
- !ruby/object:Gem::Dependency
|
|
29
34
|
name: rails
|
|
30
35
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -34,7 +39,7 @@ dependencies:
|
|
|
34
39
|
version: 4.2.5.2
|
|
35
40
|
- - "<"
|
|
36
41
|
- !ruby/object:Gem::Version
|
|
37
|
-
version: '7'
|
|
42
|
+
version: '7.1'
|
|
38
43
|
type: :runtime
|
|
39
44
|
prerelease: false
|
|
40
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -44,27 +49,16 @@ dependencies:
|
|
|
44
49
|
version: 4.2.5.2
|
|
45
50
|
- - "<"
|
|
46
51
|
- !ruby/object:Gem::Version
|
|
47
|
-
version: '7'
|
|
48
|
-
description:
|
|
49
|
-
|
|
50
|
-
email:
|
|
52
|
+
version: '7.1'
|
|
53
|
+
description: Rails gem for maintainable authorization based on readable authorization
|
|
54
|
+
rules.
|
|
55
|
+
email: opensource@appfolio.com
|
|
51
56
|
executables: []
|
|
52
57
|
extensions: []
|
|
53
58
|
extra_rdoc_files: []
|
|
54
59
|
files:
|
|
55
|
-
- ".circleci/config.yml"
|
|
56
|
-
- ".gitignore"
|
|
57
|
-
- ".ruby-version"
|
|
58
|
-
- Appraisals
|
|
59
|
-
- CHANGELOG
|
|
60
|
-
- Gemfile
|
|
61
60
|
- LICENSE.txt
|
|
62
|
-
- README.md
|
|
63
|
-
- README.rdoc
|
|
64
|
-
- Rakefile
|
|
65
|
-
- authorization_rules.dist.rb
|
|
66
61
|
- declarative_authorization.gemspec
|
|
67
|
-
- init.rb
|
|
68
62
|
- lib/declarative_authorization.rb
|
|
69
63
|
- lib/declarative_authorization/authorization.rb
|
|
70
64
|
- lib/declarative_authorization/controller/dsl.rb
|
|
@@ -84,11 +78,12 @@ files:
|
|
|
84
78
|
- lib/generators/authorization/rules/rules_generator.rb
|
|
85
79
|
- lib/generators/authorization/rules/templates/authorization_rules.rb
|
|
86
80
|
- lib/tasks/authorization_tasks.rake
|
|
87
|
-
homepage:
|
|
81
|
+
homepage: https://github.com/appfolio/ae_declarative_authorization
|
|
88
82
|
licenses:
|
|
89
83
|
- MIT
|
|
90
|
-
metadata:
|
|
91
|
-
|
|
84
|
+
metadata:
|
|
85
|
+
allowed_push_host: https://rubygems.org
|
|
86
|
+
post_install_message:
|
|
92
87
|
rdoc_options: []
|
|
93
88
|
require_paths:
|
|
94
89
|
- lib
|
|
@@ -96,16 +91,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
96
91
|
requirements:
|
|
97
92
|
- - ">="
|
|
98
93
|
- !ruby/object:Gem::Version
|
|
99
|
-
version:
|
|
94
|
+
version: 2.6.3
|
|
100
95
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
101
96
|
requirements:
|
|
102
97
|
- - ">="
|
|
103
98
|
- !ruby/object:Gem::Version
|
|
104
99
|
version: '0'
|
|
105
100
|
requirements: []
|
|
106
|
-
rubygems_version: 3.
|
|
107
|
-
signing_key:
|
|
101
|
+
rubygems_version: 3.3.3
|
|
102
|
+
signing_key:
|
|
108
103
|
specification_version: 4
|
|
109
|
-
summary:
|
|
110
|
-
|
|
104
|
+
summary: Rails gem for maintainable authorization based on readable authorization
|
|
105
|
+
rules.
|
|
111
106
|
test_files: []
|
data/.circleci/config.yml
DELETED
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
version: 2.1
|
|
2
|
-
commands:
|
|
3
|
-
bundle_install_and_test:
|
|
4
|
-
steps:
|
|
5
|
-
- checkout
|
|
6
|
-
- run: bundle install
|
|
7
|
-
- run: bundle exec appraisal install
|
|
8
|
-
- run: bundle exec appraisal rake test
|
|
9
|
-
|
|
10
|
-
jobs:
|
|
11
|
-
test-ruby-253:
|
|
12
|
-
docker:
|
|
13
|
-
- image: circleci/ruby:2.5.3
|
|
14
|
-
steps:
|
|
15
|
-
- bundle_install_and_test
|
|
16
|
-
|
|
17
|
-
test-ruby-263:
|
|
18
|
-
docker:
|
|
19
|
-
- image: circleci/ruby:2.6.3
|
|
20
|
-
steps:
|
|
21
|
-
- bundle_install_and_test
|
|
22
|
-
|
|
23
|
-
workflows:
|
|
24
|
-
rc:
|
|
25
|
-
jobs:
|
|
26
|
-
- test-ruby-253:
|
|
27
|
-
context: appfolio_test_context
|
|
28
|
-
- test-ruby-263:
|
|
29
|
-
context: appfolio_test_context
|
data/.gitignore
DELETED
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
# Because this is a gem, ignore Gemfile.lock:
|
|
2
|
-
|
|
3
|
-
Gemfile.lock
|
|
4
|
-
gemfiles/*.gemfile.lock
|
|
5
|
-
|
|
6
|
-
# And because this is Ruby, ignore the following
|
|
7
|
-
# (source: https://github.com/github/gitignore/blob/master/Ruby.gitignore):
|
|
8
|
-
|
|
9
|
-
*.gem
|
|
10
|
-
*.rbc
|
|
11
|
-
.bundle
|
|
12
|
-
.config
|
|
13
|
-
coverage
|
|
14
|
-
InstalledFiles
|
|
15
|
-
lib/bundler/man
|
|
16
|
-
pkg
|
|
17
|
-
log
|
|
18
|
-
rdoc
|
|
19
|
-
spec/reports
|
|
20
|
-
test/test.log
|
|
21
|
-
test/tmp
|
|
22
|
-
test/version_tmp
|
|
23
|
-
test/test_app/log
|
|
24
|
-
tmp
|
|
25
|
-
test/profiles
|
|
26
|
-
|
|
27
|
-
# YARD artifacts
|
|
28
|
-
.yardoc
|
|
29
|
-
_yardoc
|
|
30
|
-
doc/
|
|
31
|
-
|
|
32
|
-
.idea
|
data/.ruby-version
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
ruby-2.6.3
|
data/Appraisals
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
RAILS_VERSIONS = ['5.2.2.1', '6.0.2.1']
|
|
2
|
-
GRAPE_VERSIONS = ['1.1.0', '1.2.3', '1.3.0']
|
|
3
|
-
|
|
4
|
-
case RUBY_VERSION
|
|
5
|
-
|
|
6
|
-
when '2.5.3', '2.6.3' then
|
|
7
|
-
RAILS_VERSIONS.product(GRAPE_VERSIONS).each do |rails_version, grape_version|
|
|
8
|
-
appraise "ruby-#{RUBY_VERSION}-rails#{rails_version}-grape#{grape_version}" do
|
|
9
|
-
gem 'rails', rails_version
|
|
10
|
-
gem 'grape', grape_version
|
|
11
|
-
|
|
12
|
-
if Gem::Version.new(grape_version) < Gem::Version.new('1.3.0')
|
|
13
|
-
# https://github.com/ruby-grape/grape/pull/1956
|
|
14
|
-
gem "rack", "< 2.1.0"
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
if Gem::Version.new(rails_version) >= Gem::Version.new('6')
|
|
18
|
-
gem 'sqlite3', '~> 1.4'
|
|
19
|
-
else
|
|
20
|
-
gem 'sqlite3', '~> 1.3.0'
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
else
|
|
25
|
-
raise "Unsupported Ruby version #{RUBY_VERSION}"
|
|
26
|
-
|
|
27
|
-
end
|
data/CHANGELOG
DELETED
|
@@ -1,189 +0,0 @@
|
|
|
1
|
-
** RELEASE 0.5.7 (Mar 10, 2013)
|
|
2
|
-
|
|
3
|
-
* Ruby 2.0 compatibility [jhawthorn]
|
|
4
|
-
|
|
5
|
-
** RELEASE 0.5.6 (Sep 23, 2012)
|
|
6
|
-
|
|
7
|
-
* Fix handling of stray object associations [jhawthorn]
|
|
8
|
-
|
|
9
|
-
* Improve test infrastructure [jhawthorn]
|
|
10
|
-
|
|
11
|
-
* Allow decl_auth to be used without ActiveRecord [bterkuile]
|
|
12
|
-
|
|
13
|
-
* Rule reloading in development based on changes [urkle/sb]
|
|
14
|
-
|
|
15
|
-
** RELEASE 0.5.5 (Jan 10, 2012)
|
|
16
|
-
|
|
17
|
-
* Update of handling of association proxies for Rails 3.2
|
|
18
|
-
|
|
19
|
-
** RELEASE 0.5.4 (Nov 30, 2011)
|
|
20
|
-
|
|
21
|
-
* Cumulative loading of authorization rules [Damian Curso/sb]
|
|
22
|
-
|
|
23
|
-
* Improved used_privileges rake task [urkle]
|
|
24
|
-
|
|
25
|
-
* Performance improvements [John Hawthorn]
|
|
26
|
-
|
|
27
|
-
** RELEASE 0.5.3 (May 25, 2011)
|
|
28
|
-
|
|
29
|
-
* Bugfixes and documentation cleanup
|
|
30
|
-
|
|
31
|
-
* Rails 3.1.rc1 compatibility [sb]
|
|
32
|
-
|
|
33
|
-
* Added has_any_role?, has_any_role_with_hierarchy? [t.pickett66]
|
|
34
|
-
|
|
35
|
-
* Allow changing the default role [dbloete]
|
|
36
|
-
|
|
37
|
-
** RELEASE 0.5.2 (Dec 31, 2010) **
|
|
38
|
-
|
|
39
|
-
* Bugfixes and documentation updates
|
|
40
|
-
|
|
41
|
-
** RELEASE 0.5.1 (Sep 12, 2010) **
|
|
42
|
-
|
|
43
|
-
** RELEASE 0.5 (July 21, 2010) **
|
|
44
|
-
|
|
45
|
-
* Ruby 1.9.2 compatibility [sb]
|
|
46
|
-
|
|
47
|
-
* Comparisons in authorization roles: lt, lte, gt, gte [aepstein,hollownest]
|
|
48
|
-
|
|
49
|
-
* DSL optimization: allow array being passed to to
|
|
50
|
-
|
|
51
|
-
* Omnipotent roles [timcharper]
|
|
52
|
-
|
|
53
|
-
* Meaningful error in case of missing authorization rules file [timcharper]
|
|
54
|
-
|
|
55
|
-
* Rails 3 support [sb]
|
|
56
|
-
|
|
57
|
-
* Support shallow nested resources [jjb]
|
|
58
|
-
|
|
59
|
-
* Allow multiple authorization rules files [kaichen]
|
|
60
|
-
|
|
61
|
-
** RELEASE 0.4 (November 15, 2009) **
|
|
62
|
-
|
|
63
|
-
* Implemented controller namespace handling [sb]
|
|
64
|
-
|
|
65
|
-
* Improved if_attribute to allow nesting of has_many associations [sb]
|
|
66
|
-
|
|
67
|
-
* Improved if_permitted_to: allow has_many associations and improved context inference [sb]
|
|
68
|
-
|
|
69
|
-
* Added option on handling non-existant auto-loaded object [sb]
|
|
70
|
-
|
|
71
|
-
* Added with_user as module method [sb]
|
|
72
|
-
|
|
73
|
-
* Change support i18n [sb]
|
|
74
|
-
|
|
75
|
-
** RELEASE 0.3.2.3 (October 12, 2009) **
|
|
76
|
-
|
|
77
|
-
* Switched to gemcutter [sb]
|
|
78
|
-
|
|
79
|
-
* Fixed has_role? for guest user. Closes #8 [sb]
|
|
80
|
-
|
|
81
|
-
* Fixed unnecessary DB query with named scopes [sb, ledermann]
|
|
82
|
-
|
|
83
|
-
* Change support: suggestions: grouping, sorting by affected users [sb]
|
|
84
|
-
|
|
85
|
-
* Fixed context inference from AR objects for STI by switching to #class.name.tableize [sb]
|
|
86
|
-
|
|
87
|
-
* Allow multiple contexts as arguments to has_permission_on [Jeroen van Dijk]
|
|
88
|
-
|
|
89
|
-
** RELEASE 0.3.2.2 (August 27, 2009) **
|
|
90
|
-
|
|
91
|
-
* Fix without_access_control test cases [sb]
|
|
92
|
-
|
|
93
|
-
* Fixed error on debug logging (Closes #6) [sb]
|
|
94
|
-
|
|
95
|
-
* Fixed without_access_control instance method in TestHelper [sb]
|
|
96
|
-
|
|
97
|
-
** RELEASE 0.3.2.1 (August 14, 2009) **
|
|
98
|
-
|
|
99
|
-
* Fix gemspec for Rdoc generation [sb]
|
|
100
|
-
|
|
101
|
-
** RELEASE 0.3.2 (August 13, 2009) **
|
|
102
|
-
|
|
103
|
-
* Fix for model-level permitted_to?/! [sb]
|
|
104
|
-
|
|
105
|
-
** RELEASE 0.3.1 (August 12, 2009) **
|
|
106
|
-
|
|
107
|
-
* Change Support: Suggestion grouping, sort by affected users [sb]
|
|
108
|
-
|
|
109
|
-
* Changed context derived from objects to #class.name.tableize to fix STI [sb]
|
|
110
|
-
|
|
111
|
-
* Simplified controller authorization with filter_resource_access [sb]
|
|
112
|
-
|
|
113
|
-
* Allow passing explicit context in addition to object in permitted_to? [Olly Lylo, sb]
|
|
114
|
-
|
|
115
|
-
* Change Supporter: suggest changes to authorization rules [sb]
|
|
116
|
-
|
|
117
|
-
* Added permitted_to!/? in model [Eike Carls]
|
|
118
|
-
|
|
119
|
-
* New test helper: should_(not_)_be_allowed_to(privilege, object_or_context) [sb]
|
|
120
|
-
|
|
121
|
-
** RELEASE 0.3 (April 20, 2009) **
|
|
122
|
-
|
|
123
|
-
* New option :join_by for has_permission_on to allow AND'ing of statements in one has_permission_on block [sb]
|
|
124
|
-
|
|
125
|
-
* Allow using_access_control to be called directly on ActiveRecord::Base, globally enabling model security [sb]
|
|
126
|
-
|
|
127
|
-
* New operator: intersects_with, comparing two Enumerables in if_attribute [sb]
|
|
128
|
-
|
|
129
|
-
* Improved if_permitted_to syntax: if the attribute is left out, permissions are checked on for the current object [sb]
|
|
130
|
-
|
|
131
|
-
* Added #has_role_with_hierarchy? method to retrieve explicit and calculated roles [jeremyf]
|
|
132
|
-
|
|
133
|
-
* Added a simple rules analyzer to help improve authorization rules [sb]
|
|
134
|
-
|
|
135
|
-
* Gemified plugin. Needed to restructure the lib path contents [sb]
|
|
136
|
-
|
|
137
|
-
* Added handling of Authorization::AuthorizationInController::ClassMethods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]
|
|
138
|
-
|
|
139
|
-
* Added authorization usage helper for checking filter_access_to usage in controllers [sb]
|
|
140
|
-
|
|
141
|
-
* Added a authorization rules browser. See README for more information [sb]
|
|
142
|
-
|
|
143
|
-
* Added Model.using_access_control? to check if a model has model security activated [sb]
|
|
144
|
-
|
|
145
|
-
* Changed Authorization::ObligationScope#map_table_alias_for [Brian Langenfeld]
|
|
146
|
-
* Fixed to prevent bad aliases from being produced.
|
|
147
|
-
|
|
148
|
-
* Changed Authorization::Attribute#validate? [Brian Langenfeld]
|
|
149
|
-
* Encountering a nil value when evaluating an attribute now raises a NilAttributeValueError, instead of an AuthorizationError. We leave it to the caller to decide what to do about it.
|
|
150
|
-
|
|
151
|
-
* Changed Authorization::Engine#permit! [Brian Langenfeld]
|
|
152
|
-
* We now convert incoming privileges to symbols (e.g. 'read' is made equivalent to :read). This ensures the privileges will match those defined in the authorization rules file.
|
|
153
|
-
* The method now properly infers context when checking against an association (e.g. user.posts). We do this by leveraging ActiveRecord builder method 'new' to instantiate a proper object we can work with.
|
|
154
|
-
* When testing rules for positive results (via Authorization::Attribute#validate?), we now rescue NilAttributeValueError exceptions, simply causing the rule to return a negative result (instead of barfing).
|
|
155
|
-
|
|
156
|
-
* Changed Authorization::ObligationScope#rebuild_join_options! [Brian Langenfeld]
|
|
157
|
-
* If we're dealing with multiple obligations we have to check (i.e. ones that result in OR'd conditions), we now use :include instead of :joins for our generated scope. This does seem like a kludge, but until ActiveRecord scopes support unions (for checking obligations individually and consolidating the results), we don't have much choice. Something to revisit later, for sure.
|
|
158
|
-
|
|
159
|
-
** RELEASE 0.2 (February 2, 2009) **
|
|
160
|
-
|
|
161
|
-
* added negative operators: is_not, not_in, does_not_contain [sb]
|
|
162
|
-
|
|
163
|
-
* changed user.roles to user.role_symbols to reduce interferance with associations [sb]
|
|
164
|
-
|
|
165
|
-
* Ruby 1.9 and Rails 2.3 compatibility [sb]
|
|
166
|
-
|
|
167
|
-
* if_permitted_to for has_permission_on blocks for DRYer auth rules [sb]
|
|
168
|
-
|
|
169
|
-
* ObligationScope rewrite of query rewriting [Brian Langenfeld]
|
|
170
|
-
|
|
171
|
-
* changed exception hierarchy to begin at StandardError [sb]
|
|
172
|
-
|
|
173
|
-
* :is_in operator [sb]
|
|
174
|
-
|
|
175
|
-
* added has_role? helper [sb]
|
|
176
|
-
|
|
177
|
-
* made plugin thread-safe [sb]
|
|
178
|
-
|
|
179
|
-
* added maintenance and test helpers [sb]
|
|
180
|
-
|
|
181
|
-
* changed default permission denied response to 403 Forbidden [sb]
|
|
182
|
-
|
|
183
|
-
* descriptions for titles and roles [sb]
|
|
184
|
-
|
|
185
|
-
* fixed for PostgreSQL [Mark Mansour]
|
|
186
|
-
|
|
187
|
-
* improved DSL syntax: allow for array of contexts in has_permission_on [sb]
|
|
188
|
-
|
|
189
|
-
** RELEASE 0.1 (August 22, 2008) **
|