ae_declarative_authorization 0.12.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 719562dc167a376019c1cbf5ef98fd3156bbd0420345b49499fb4e2932f7760b
4
- data.tar.gz: 5e730141340ca6205f1c43616c0e4585fb203d3f992848911a778433c01b7da9
3
+ metadata.gz: 25a8212f21bb76701233314163ecdc43a91245dda378125f45f0dd819637f933
4
+ data.tar.gz: 1f91baaa43b7c905f0e263c5ac6a5824d7754764806d13e5da8e7f8ebd5d0b40
5
5
  SHA512:
6
- metadata.gz: 954e5d140855c4db4c1be63431e64357bcb1c2a3cdf54fd36bd2ecdd3b45bbf75315da5ca6762af8cab7d6cb582831f5b57e0e57d87e7b9bb05ebbf4c065017c
7
- data.tar.gz: 15132703089d3c1b7c84a474dbf5d3445c21d41580e128c7120bc6a6a3ae184a5c2945b397417463a3c4190ad17453dca442e8c37d93685629179c879cbc7d9c
6
+ metadata.gz: 34e5b75e9ab125ade50e801701982cb7a2db33aaab837246fb03900b7edcaba2ec39d981a3fcc94821de54190adbe9e6eed5bd29146f3732b867dc3625e6cc02
7
+ data.tar.gz: bc6fc502242c55259f8b2736bdd0fa221b21fde64c288e3a16b7baa1451d0c13b754012ab159bea47969838287c89db69b12c3746fb6bdd7465a9ebc2aebc5fe
data/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2017 AppFolio, Inc., Steffen Bartsch
1
+ Copyright (c) 2017-2022 AppFolio, Inc., Steffen Bartsch
2
2
 
3
3
  Permission is hereby granted, free of charge, to any person obtaining
4
4
  a copy of this software and associated documentation files (the
@@ -1,24 +1,23 @@
1
- # -*- encoding: utf-8 -*-
2
- lib = File.expand_path('../lib', __FILE__)
3
- $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
- require 'declarative_authorization/version'
1
+ # frozen_string_literal: true
5
2
 
6
- Gem::Specification.new do |s|
7
- s.name = 'ae_declarative_authorization'
8
- s.version = DeclarativeAuthorization::VERSION
9
- s.platform = Gem::Platform::RUBY
10
- s.authors = ['AppFolio', 'Steffen Bartsch']
11
- s.email = 'dev@appfolio.com'
12
- s.description = 'ae_declarative_authorization is a Rails gem for maintainable authorization based on readable authorization rules.'
13
- s.summary = s.description
14
- s.homepage = 'http://github.com/appfolio/ae_declarative_authorization'
15
- s.licenses = ['MIT']
3
+ require_relative 'lib/declarative_authorization/version'
16
4
 
17
- s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features|gemfiles)/}) }
18
- s.executables = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
19
- s.test_files = s.files.grep(%r{^(test|spec|features)/})
20
- s.require_paths = ['lib']
5
+ Gem::Specification.new do |spec|
6
+ spec.name = 'ae_declarative_authorization'
7
+ spec.version = DeclarativeAuthorization::VERSION
8
+ spec.platform = Gem::Platform::RUBY
9
+ spec.author = 'AppFolio'
10
+ spec.email = 'opensource@appfolio.com'
11
+ spec.description = 'Rails gem for maintainable authorization based on readable authorization rules.'
12
+ spec.summary = spec.description
13
+ spec.homepage = 'https://github.com/appfolio/ae_declarative_authorization'
14
+ spec.license = 'MIT'
15
+ spec.files = Dir['**/*'].select { |f| f[%r{^(lib/|LICENSE.txt|.*gemspec)}] }
16
+ spec.require_paths = ['lib']
17
+ spec.required_ruby_version = Gem::Requirement.new('>= 2.6.3')
21
18
 
22
- s.add_dependency(%q<blockenspiel>, ['~> 0.5.0'])
23
- s.add_dependency(%q<rails>, ['>= 4.2.5.2', '< 7'])
19
+ spec.metadata['allowed_push_host'] = 'https://rubygems.org'
20
+
21
+ spec.add_dependency('blockenspiel', ['>= 0.5', '< 1'])
22
+ spec.add_dependency('rails', ['>= 4.2.5.2', '< 7.1'])
24
23
  end
@@ -2,6 +2,7 @@
2
2
  require File.dirname(__FILE__) + '/reader.rb'
3
3
  require "set"
4
4
  require "forwardable"
5
+ require 'rails'
5
6
 
6
7
  module Authorization
7
8
  # An exception raised if anything goes wrong in the Authorization realm
@@ -175,6 +176,9 @@ module Authorization
175
176
 
176
177
  user, roles, privileges = user_roles_privleges_from_options(privilege, options)
177
178
 
179
+ callback = Rails.application.config.try(:ae_declarative_authorization_permit_callback)
180
+ callback.call(controller: options[:controller], privilege: privilege) if callback && options.include?(:controller)
181
+
178
182
  return true if roles.is_a?(Hash) && !(roles.keys & omnipotent_roles).empty?
179
183
 
180
184
  # find a authorization rule that matches for at least one of the roles and
@@ -29,7 +29,8 @@ module Authorization
29
29
  :user => contr.send(:current_user),
30
30
  :object => object,
31
31
  :skip_attribute_test => !@attribute_check,
32
- :context => @context || controller_class(contr).decl_auth_context)
32
+ :context => @context || controller_class(contr).decl_auth_context,
33
+ :controller => contr)
33
34
  end
34
35
 
35
36
  def remove_actions(actions)
@@ -135,7 +135,7 @@ module DeclarativeAuthorization
135
135
  def access_tests(&block)
136
136
  @access_tests_defined = true
137
137
  file_output ||= [ 'test/profiles/access_checking', ENV['TEST_ENV_NUMBER'] ].compact.join('.')
138
- unless File.exists?(file_output)
138
+ unless File.exist?(file_output)
139
139
  FileUtils.mkdir_p(File.dirname(file_output))
140
140
  end
141
141
  File.open(file_output, "a+") do |file|
@@ -1,3 +1,3 @@
1
1
  module DeclarativeAuthorization
2
- VERSION = '0.12.1'.freeze
2
+ VERSION = '1.0.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,30 +1,35 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ae_declarative_authorization
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.12.1
4
+ version: 1.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - AppFolio
8
- - Steffen Bartsch
9
- autorequire:
8
+ autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2020-08-11 00:00:00.000000000 Z
11
+ date: 2022-02-23 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: blockenspiel
16
15
  requirement: !ruby/object:Gem::Requirement
17
16
  requirements:
18
- - - "~>"
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0.5'
20
+ - - "<"
19
21
  - !ruby/object:Gem::Version
20
- version: 0.5.0
22
+ version: '1'
21
23
  type: :runtime
22
24
  prerelease: false
23
25
  version_requirements: !ruby/object:Gem::Requirement
24
26
  requirements:
25
- - - "~>"
27
+ - - ">="
26
28
  - !ruby/object:Gem::Version
27
- version: 0.5.0
29
+ version: '0.5'
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '1'
28
33
  - !ruby/object:Gem::Dependency
29
34
  name: rails
30
35
  requirement: !ruby/object:Gem::Requirement
@@ -34,7 +39,7 @@ dependencies:
34
39
  version: 4.2.5.2
35
40
  - - "<"
36
41
  - !ruby/object:Gem::Version
37
- version: '7'
42
+ version: '7.1'
38
43
  type: :runtime
39
44
  prerelease: false
40
45
  version_requirements: !ruby/object:Gem::Requirement
@@ -44,27 +49,16 @@ dependencies:
44
49
  version: 4.2.5.2
45
50
  - - "<"
46
51
  - !ruby/object:Gem::Version
47
- version: '7'
48
- description: ae_declarative_authorization is a Rails gem for maintainable authorization
49
- based on readable authorization rules.
50
- email: dev@appfolio.com
52
+ version: '7.1'
53
+ description: Rails gem for maintainable authorization based on readable authorization
54
+ rules.
55
+ email: opensource@appfolio.com
51
56
  executables: []
52
57
  extensions: []
53
58
  extra_rdoc_files: []
54
59
  files:
55
- - ".circleci/config.yml"
56
- - ".gitignore"
57
- - ".ruby-version"
58
- - Appraisals
59
- - CHANGELOG
60
- - Gemfile
61
60
  - LICENSE.txt
62
- - README.md
63
- - README.rdoc
64
- - Rakefile
65
- - authorization_rules.dist.rb
66
61
  - declarative_authorization.gemspec
67
- - init.rb
68
62
  - lib/declarative_authorization.rb
69
63
  - lib/declarative_authorization/authorization.rb
70
64
  - lib/declarative_authorization/controller/dsl.rb
@@ -84,11 +78,12 @@ files:
84
78
  - lib/generators/authorization/rules/rules_generator.rb
85
79
  - lib/generators/authorization/rules/templates/authorization_rules.rb
86
80
  - lib/tasks/authorization_tasks.rake
87
- homepage: http://github.com/appfolio/ae_declarative_authorization
81
+ homepage: https://github.com/appfolio/ae_declarative_authorization
88
82
  licenses:
89
83
  - MIT
90
- metadata: {}
91
- post_install_message:
84
+ metadata:
85
+ allowed_push_host: https://rubygems.org
86
+ post_install_message:
92
87
  rdoc_options: []
93
88
  require_paths:
94
89
  - lib
@@ -96,16 +91,16 @@ required_ruby_version: !ruby/object:Gem::Requirement
96
91
  requirements:
97
92
  - - ">="
98
93
  - !ruby/object:Gem::Version
99
- version: '0'
94
+ version: 2.6.3
100
95
  required_rubygems_version: !ruby/object:Gem::Requirement
101
96
  requirements:
102
97
  - - ">="
103
98
  - !ruby/object:Gem::Version
104
99
  version: '0'
105
100
  requirements: []
106
- rubygems_version: 3.1.4
107
- signing_key:
101
+ rubygems_version: 3.3.3
102
+ signing_key:
108
103
  specification_version: 4
109
- summary: ae_declarative_authorization is a Rails gem for maintainable authorization
110
- based on readable authorization rules.
104
+ summary: Rails gem for maintainable authorization based on readable authorization
105
+ rules.
111
106
  test_files: []
data/.circleci/config.yml DELETED
@@ -1,29 +0,0 @@
1
- version: 2.1
2
- commands:
3
- bundle_install_and_test:
4
- steps:
5
- - checkout
6
- - run: bundle install
7
- - run: bundle exec appraisal install
8
- - run: bundle exec appraisal rake test
9
-
10
- jobs:
11
- test-ruby-253:
12
- docker:
13
- - image: circleci/ruby:2.5.3
14
- steps:
15
- - bundle_install_and_test
16
-
17
- test-ruby-263:
18
- docker:
19
- - image: circleci/ruby:2.6.3
20
- steps:
21
- - bundle_install_and_test
22
-
23
- workflows:
24
- rc:
25
- jobs:
26
- - test-ruby-253:
27
- context: appfolio_test_context
28
- - test-ruby-263:
29
- context: appfolio_test_context
data/.gitignore DELETED
@@ -1,32 +0,0 @@
1
- # Because this is a gem, ignore Gemfile.lock:
2
-
3
- Gemfile.lock
4
- gemfiles/*.gemfile.lock
5
-
6
- # And because this is Ruby, ignore the following
7
- # (source: https://github.com/github/gitignore/blob/master/Ruby.gitignore):
8
-
9
- *.gem
10
- *.rbc
11
- .bundle
12
- .config
13
- coverage
14
- InstalledFiles
15
- lib/bundler/man
16
- pkg
17
- log
18
- rdoc
19
- spec/reports
20
- test/test.log
21
- test/tmp
22
- test/version_tmp
23
- test/test_app/log
24
- tmp
25
- test/profiles
26
-
27
- # YARD artifacts
28
- .yardoc
29
- _yardoc
30
- doc/
31
-
32
- .idea
data/.ruby-version DELETED
@@ -1 +0,0 @@
1
- ruby-2.6.3
data/Appraisals DELETED
@@ -1,27 +0,0 @@
1
- RAILS_VERSIONS = ['5.2.2.1', '6.0.2.1']
2
- GRAPE_VERSIONS = ['1.1.0', '1.2.3', '1.3.0']
3
-
4
- case RUBY_VERSION
5
-
6
- when '2.5.3', '2.6.3' then
7
- RAILS_VERSIONS.product(GRAPE_VERSIONS).each do |rails_version, grape_version|
8
- appraise "ruby-#{RUBY_VERSION}-rails#{rails_version}-grape#{grape_version}" do
9
- gem 'rails', rails_version
10
- gem 'grape', grape_version
11
-
12
- if Gem::Version.new(grape_version) < Gem::Version.new('1.3.0')
13
- # https://github.com/ruby-grape/grape/pull/1956
14
- gem "rack", "< 2.1.0"
15
- end
16
-
17
- if Gem::Version.new(rails_version) >= Gem::Version.new('6')
18
- gem 'sqlite3', '~> 1.4'
19
- else
20
- gem 'sqlite3', '~> 1.3.0'
21
- end
22
- end
23
- end
24
- else
25
- raise "Unsupported Ruby version #{RUBY_VERSION}"
26
-
27
- end
data/CHANGELOG DELETED
@@ -1,189 +0,0 @@
1
- ** RELEASE 0.5.7 (Mar 10, 2013)
2
-
3
- * Ruby 2.0 compatibility [jhawthorn]
4
-
5
- ** RELEASE 0.5.6 (Sep 23, 2012)
6
-
7
- * Fix handling of stray object associations [jhawthorn]
8
-
9
- * Improve test infrastructure [jhawthorn]
10
-
11
- * Allow decl_auth to be used without ActiveRecord [bterkuile]
12
-
13
- * Rule reloading in development based on changes [urkle/sb]
14
-
15
- ** RELEASE 0.5.5 (Jan 10, 2012)
16
-
17
- * Update of handling of association proxies for Rails 3.2
18
-
19
- ** RELEASE 0.5.4 (Nov 30, 2011)
20
-
21
- * Cumulative loading of authorization rules [Damian Curso/sb]
22
-
23
- * Improved used_privileges rake task [urkle]
24
-
25
- * Performance improvements [John Hawthorn]
26
-
27
- ** RELEASE 0.5.3 (May 25, 2011)
28
-
29
- * Bugfixes and documentation cleanup
30
-
31
- * Rails 3.1.rc1 compatibility [sb]
32
-
33
- * Added has_any_role?, has_any_role_with_hierarchy? [t.pickett66]
34
-
35
- * Allow changing the default role [dbloete]
36
-
37
- ** RELEASE 0.5.2 (Dec 31, 2010) **
38
-
39
- * Bugfixes and documentation updates
40
-
41
- ** RELEASE 0.5.1 (Sep 12, 2010) **
42
-
43
- ** RELEASE 0.5 (July 21, 2010) **
44
-
45
- * Ruby 1.9.2 compatibility [sb]
46
-
47
- * Comparisons in authorization roles: lt, lte, gt, gte [aepstein,hollownest]
48
-
49
- * DSL optimization: allow array being passed to to
50
-
51
- * Omnipotent roles [timcharper]
52
-
53
- * Meaningful error in case of missing authorization rules file [timcharper]
54
-
55
- * Rails 3 support [sb]
56
-
57
- * Support shallow nested resources [jjb]
58
-
59
- * Allow multiple authorization rules files [kaichen]
60
-
61
- ** RELEASE 0.4 (November 15, 2009) **
62
-
63
- * Implemented controller namespace handling [sb]
64
-
65
- * Improved if_attribute to allow nesting of has_many associations [sb]
66
-
67
- * Improved if_permitted_to: allow has_many associations and improved context inference [sb]
68
-
69
- * Added option on handling non-existant auto-loaded object [sb]
70
-
71
- * Added with_user as module method [sb]
72
-
73
- * Change support i18n [sb]
74
-
75
- ** RELEASE 0.3.2.3 (October 12, 2009) **
76
-
77
- * Switched to gemcutter [sb]
78
-
79
- * Fixed has_role? for guest user. Closes #8 [sb]
80
-
81
- * Fixed unnecessary DB query with named scopes [sb, ledermann]
82
-
83
- * Change support: suggestions: grouping, sorting by affected users [sb]
84
-
85
- * Fixed context inference from AR objects for STI by switching to #class.name.tableize [sb]
86
-
87
- * Allow multiple contexts as arguments to has_permission_on [Jeroen van Dijk]
88
-
89
- ** RELEASE 0.3.2.2 (August 27, 2009) **
90
-
91
- * Fix without_access_control test cases [sb]
92
-
93
- * Fixed error on debug logging (Closes #6) [sb]
94
-
95
- * Fixed without_access_control instance method in TestHelper [sb]
96
-
97
- ** RELEASE 0.3.2.1 (August 14, 2009) **
98
-
99
- * Fix gemspec for Rdoc generation [sb]
100
-
101
- ** RELEASE 0.3.2 (August 13, 2009) **
102
-
103
- * Fix for model-level permitted_to?/! [sb]
104
-
105
- ** RELEASE 0.3.1 (August 12, 2009) **
106
-
107
- * Change Support: Suggestion grouping, sort by affected users [sb]
108
-
109
- * Changed context derived from objects to #class.name.tableize to fix STI [sb]
110
-
111
- * Simplified controller authorization with filter_resource_access [sb]
112
-
113
- * Allow passing explicit context in addition to object in permitted_to? [Olly Lylo, sb]
114
-
115
- * Change Supporter: suggest changes to authorization rules [sb]
116
-
117
- * Added permitted_to!/? in model [Eike Carls]
118
-
119
- * New test helper: should_(not_)_be_allowed_to(privilege, object_or_context) [sb]
120
-
121
- ** RELEASE 0.3 (April 20, 2009) **
122
-
123
- * New option :join_by for has_permission_on to allow AND'ing of statements in one has_permission_on block [sb]
124
-
125
- * Allow using_access_control to be called directly on ActiveRecord::Base, globally enabling model security [sb]
126
-
127
- * New operator: intersects_with, comparing two Enumerables in if_attribute [sb]
128
-
129
- * Improved if_permitted_to syntax: if the attribute is left out, permissions are checked on for the current object [sb]
130
-
131
- * Added #has_role_with_hierarchy? method to retrieve explicit and calculated roles [jeremyf]
132
-
133
- * Added a simple rules analyzer to help improve authorization rules [sb]
134
-
135
- * Gemified plugin. Needed to restructure the lib path contents [sb]
136
-
137
- * Added handling of Authorization::AuthorizationInController::ClassMethods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]
138
-
139
- * Added authorization usage helper for checking filter_access_to usage in controllers [sb]
140
-
141
- * Added a authorization rules browser. See README for more information [sb]
142
-
143
- * Added Model.using_access_control? to check if a model has model security activated [sb]
144
-
145
- * Changed Authorization::ObligationScope#map_table_alias_for [Brian Langenfeld]
146
- * Fixed to prevent bad aliases from being produced.
147
-
148
- * Changed Authorization::Attribute#validate? [Brian Langenfeld]
149
- * Encountering a nil value when evaluating an attribute now raises a NilAttributeValueError, instead of an AuthorizationError. We leave it to the caller to decide what to do about it.
150
-
151
- * Changed Authorization::Engine#permit! [Brian Langenfeld]
152
- * We now convert incoming privileges to symbols (e.g. 'read' is made equivalent to :read). This ensures the privileges will match those defined in the authorization rules file.
153
- * The method now properly infers context when checking against an association (e.g. user.posts). We do this by leveraging ActiveRecord builder method 'new' to instantiate a proper object we can work with.
154
- * When testing rules for positive results (via Authorization::Attribute#validate?), we now rescue NilAttributeValueError exceptions, simply causing the rule to return a negative result (instead of barfing).
155
-
156
- * Changed Authorization::ObligationScope#rebuild_join_options! [Brian Langenfeld]
157
- * If we're dealing with multiple obligations we have to check (i.e. ones that result in OR'd conditions), we now use :include instead of :joins for our generated scope. This does seem like a kludge, but until ActiveRecord scopes support unions (for checking obligations individually and consolidating the results), we don't have much choice. Something to revisit later, for sure.
158
-
159
- ** RELEASE 0.2 (February 2, 2009) **
160
-
161
- * added negative operators: is_not, not_in, does_not_contain [sb]
162
-
163
- * changed user.roles to user.role_symbols to reduce interferance with associations [sb]
164
-
165
- * Ruby 1.9 and Rails 2.3 compatibility [sb]
166
-
167
- * if_permitted_to for has_permission_on blocks for DRYer auth rules [sb]
168
-
169
- * ObligationScope rewrite of query rewriting [Brian Langenfeld]
170
-
171
- * changed exception hierarchy to begin at StandardError [sb]
172
-
173
- * :is_in operator [sb]
174
-
175
- * added has_role? helper [sb]
176
-
177
- * made plugin thread-safe [sb]
178
-
179
- * added maintenance and test helpers [sb]
180
-
181
- * changed default permission denied response to 403 Forbidden [sb]
182
-
183
- * descriptions for titles and roles [sb]
184
-
185
- * fixed for PostgreSQL [Mark Mansour]
186
-
187
- * improved DSL syntax: allow for array of contexts in has_permission_on [sb]
188
-
189
- ** RELEASE 0.1 (August 22, 2008) **
data/Gemfile DELETED
@@ -1,9 +0,0 @@
1
- source 'http://rubygems.org'
2
-
3
- gemspec
4
-
5
- gem 'appraisal', '~> 2.1'
6
- gem 'mocha', '~> 1.0', require: false
7
- gem 'sprockets', '< 4'
8
-
9
- gem 'rails-controller-testing'