ae_declarative_authorization 2.0.0 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a2ca63e37d30027563b26e6c28b7fc79fd2db70199f0ca99943db814d745cec8
|
|
4
|
+
data.tar.gz: 9a3fea3211ed89316963093f7cb5e9de1bf0746f43ad144365b0e42ffd280a9d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 99a84b5518cd24595e6e411b3cbd59ed30367cd6cd862d3457e7313aa52ff5e85eadaccef200ceb3ecb7b78702399d2bd22642209663cefa6e19ef13ec7d0153
|
|
7
|
+
data.tar.gz: 69916da3d5a336647991102d2e9fa6b17bc9f50cc87999727c1e8b20b174218b0fd747741d45136e10e5aadeb1e71f195e7d0bc48693ef29bbc3a0bef5643237
|
|
@@ -3,6 +3,7 @@ require File.dirname(__FILE__) + '/reader.rb'
|
|
|
3
3
|
require "set"
|
|
4
4
|
require "forwardable"
|
|
5
5
|
require 'rails'
|
|
6
|
+
require 'uri'
|
|
6
7
|
|
|
7
8
|
module Authorization
|
|
8
9
|
# An exception raised if anything goes wrong in the Authorization realm
|
|
@@ -21,6 +22,24 @@ module Authorization
|
|
|
21
22
|
# The exception is raised to ensure that the entire rule is invalidated.
|
|
22
23
|
class NilAttributeValueError < AuthorizationError; end
|
|
23
24
|
|
|
25
|
+
class Config
|
|
26
|
+
# A function that takes one argument:
|
|
27
|
+
# - event details (hash)
|
|
28
|
+
attr_accessor :authorization_denied_callback
|
|
29
|
+
|
|
30
|
+
def initialize
|
|
31
|
+
@authorization_denied_callback = nil
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def self.config
|
|
36
|
+
@config ||= Config.new
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def self.configure
|
|
40
|
+
yield config
|
|
41
|
+
end
|
|
42
|
+
|
|
24
43
|
AUTH_DSL_FILES = [Pathname.new(Rails.root || '').join("config", "authorization_rules.rb").to_s] unless defined? AUTH_DSL_FILES
|
|
25
44
|
|
|
26
45
|
# Controller-independent method for retrieving the current user.
|
|
@@ -192,6 +211,28 @@ module Authorization
|
|
|
192
211
|
end
|
|
193
212
|
|
|
194
213
|
if options[:bang]
|
|
214
|
+
# Call authorization_denied_callback if configured
|
|
215
|
+
if Authorization.config.authorization_denied_callback
|
|
216
|
+
action = if options[:controller]&.respond_to?(:action_name)
|
|
217
|
+
options[:controller].action_name
|
|
218
|
+
elsif options[:controller]&.respond_to?(:route) # Grape API
|
|
219
|
+
options[:controller].route&.request_method
|
|
220
|
+
end
|
|
221
|
+
|
|
222
|
+
referer_url = options[:controller]&.respond_to?(:request) ? options[:controller].request&.referer : nil
|
|
223
|
+
referer_path = referer_url ? (URI.parse(referer_url).path rescue nil) : nil
|
|
224
|
+
|
|
225
|
+
Authorization.config.authorization_denied_callback.call(
|
|
226
|
+
{
|
|
227
|
+
action: action,
|
|
228
|
+
path: options[:controller]&.respond_to?(:request) ? options[:controller].request&.path : nil,
|
|
229
|
+
context: options[:context].to_s,
|
|
230
|
+
attribute_check_denial: !rules.empty?,
|
|
231
|
+
referer: referer_path
|
|
232
|
+
}
|
|
233
|
+
)
|
|
234
|
+
end
|
|
235
|
+
|
|
195
236
|
if rules.empty?
|
|
196
237
|
raise NotAuthorized, "No matching rules found for #{privilege} for User with id #{user.try(:id)} " +
|
|
197
238
|
"(roles #{roles.inspect}, privileges #{privileges.inspect}, " +
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ae_declarative_authorization
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- AppFolio
|
|
8
8
|
bindir: bin
|
|
9
9
|
cert_chain: []
|
|
10
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
11
11
|
dependencies:
|
|
12
12
|
- !ruby/object:Gem::Dependency
|
|
13
13
|
name: blockenspiel
|
|
@@ -98,7 +98,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
98
98
|
- !ruby/object:Gem::Version
|
|
99
99
|
version: '0'
|
|
100
100
|
requirements: []
|
|
101
|
-
rubygems_version: 3.
|
|
101
|
+
rubygems_version: 3.7.2
|
|
102
102
|
specification_version: 4
|
|
103
103
|
summary: Rails gem for maintainable authorization based on readable authorization
|
|
104
104
|
rules.
|