ae_declarative_authorization 2.2.0 → 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/declarative_authorization/authorization.rb +5 -0
  3. data/lib/declarative_authorization/controller/grape.rb +10 -1
  4. data/lib/declarative_authorization/controller/observability.rb +18 -0
  5. data/lib/declarative_authorization/controller/rails.rb +7 -1
  6. data/lib/declarative_authorization/version.rb +1 -1
  7. metadata +2 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0a7b71e8b588137b1b2b96bc7e214cb6ab58ca778b9bdbafd34d6887897d7537
4
- data.tar.gz: 98662f0d7b0d3ef4fcbec3bae6b71bb3ab8f97051e7fe3c9042c55f1f9c5391b
3
+ metadata.gz: 544398ffcc10dc4f2d5ee81e02b598c3bff5a79d329f3c58400b15319c2b784e
4
+ data.tar.gz: 8602306d8e14deb9b8799677de3c1bd640523ddc6700a1a3380d803971b7fa86
5
5
  SHA512:
6
- metadata.gz: f7c3fe0957edf2aebac772624e17ba87157a0c99181ec7e64794cec22865acd1d74ab2f051b5429fe2a25abbee2665a4cef7b63235b6e26999df5c998bf51ad5
7
- data.tar.gz: cc90c97438fc87fef2a014296abed704e56f37a810d8e858327caaec39cf71d3a46201a82cd4640106d7b70ffe3708163f8db0b9a72ed9612580f9c4d2d23944
6
+ metadata.gz: 8d9060dc0fe103609fb3eda69a0823982b857a0d9953723adb7bd10e817c12dd985e9f8ce396cdf146dcac74cda24df5f485ab9a71ad9e92138ebde0d065a9af
7
+ data.tar.gz: f5850595bf61b211ed0bf981c297bb1a823480b163de4d3a3cb90a25dbf48ec75cb3766c5c1f20a960d1876e61c679a9f2cf2b5a5c65567f5984bfca3c93e6fa
data/lib/declarative_authorization/authorization.rb CHANGED
@@ -27,8 +27,13 @@ module Authorization
27
27
  # - event details (hash)
28
28
  attr_accessor :authorization_denied_callback
29
29
 
30
+ # Optional callback to wrap authorization check execution.
31
+ # Must return the result of executing the authorization check block.
32
+ attr_accessor :trace_authorization
33
+
30
34
  def initialize
31
35
  @authorization_denied_callback = nil
36
+ @trace_authorization = nil
32
37
  end
33
38
  end
34
39
 
data/lib/declarative_authorization/controller/grape.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  require File.dirname(__FILE__) + '/../authorization.rb'
2
2
  require File.dirname(__FILE__) + '/dsl.rb'
3
3
  require File.dirname(__FILE__) + '/runtime.rb'
4
+ require File.dirname(__FILE__) + '/observability.rb'
4
5
 
5
6
  #
6
7
  # This mixin can be used to add declarative authorization support to APIs built using Grape
@@ -31,6 +32,7 @@ module Authorization
31
32
 
32
33
  base.helpers do
33
34
  include ::Authorization::Controller::Runtime
35
+ include ::Authorization::Controller::Observability
34
36
 
35
37
  def authorization_engine
36
38
  ::Authorization::Engine.instance
@@ -43,7 +45,14 @@ module Authorization
43
45
  # Acceessing route raises an exception when the response is a 405 MethodNotAllowed
44
46
  return
45
47
  end
46
- unless allowed?("#{request.request_method} #{route.origin}")
48
+
49
+ action = "#{request.request_method} #{route.origin}"
50
+
51
+ allowed = trace_authorization(api: api_class&.name, action: action) do
52
+ allowed?(action)
53
+ end
54
+
55
+ unless allowed
47
56
  if respond_to?(:permission_denied, true)
48
57
  # permission_denied needs to render or redirect
49
58
  send(:permission_denied)
data/lib/declarative_authorization/controller/observability.rb ADDED
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ #
4
+ # Observability support for declarative authorization
5
+ #
6
+ module Authorization
7
+ module Controller
8
+ module Observability
9
+ def trace_authorization(*args, &block)
10
+ if ::Authorization.config.trace_authorization
11
+ ::Authorization.config.trace_authorization.call(*args, &block)
12
+ else
13
+ yield
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
data/lib/declarative_authorization/controller/rails.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  require File.dirname(__FILE__) + '/../authorization.rb'
2
2
  require File.dirname(__FILE__) + '/dsl.rb'
3
3
  require File.dirname(__FILE__) + '/runtime.rb'
4
+ require File.dirname(__FILE__) + '/observability.rb'
4
5
 
5
6
  #
6
7
  # Mixin to be added to rails controllers
@@ -18,6 +19,7 @@ module Authorization
18
19
  end
19
20
 
20
21
  base.include Runtime
22
+ base.include Observability
21
23
  end
22
24
 
23
25
  module ClassMethods
@@ -280,7 +282,11 @@ module Authorization
280
282
  protected
281
283
 
282
284
  def filter_access_filter # :nodoc:
283
- unless allowed?(action_name)
285
+ allowed = trace_authorization(controller: self.class.name, action: action_name) do
286
+ allowed?(action_name)
287
+ end
288
+
289
+ unless allowed
284
290
  if respond_to?(:permission_denied, true)
285
291
  # permission_denied needs to render or redirect
286
292
  send(:permission_denied)
data/lib/declarative_authorization/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module DeclarativeAuthorization
2
- VERSION = '2.2.0'.freeze
2
+ VERSION = '2.3.0'.freeze
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ae_declarative_authorization
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.2.0
4
+ version: 2.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - AppFolio
@@ -63,6 +63,7 @@ files:
63
63
  - lib/declarative_authorization/authorization.rb
64
64
  - lib/declarative_authorization/controller/dsl.rb
65
65
  - lib/declarative_authorization/controller/grape.rb
66
+ - lib/declarative_authorization/controller/observability.rb
66
67
  - lib/declarative_authorization/controller/rails.rb
67
68
  - lib/declarative_authorization/controller/runtime.rb
68
69
  - lib/declarative_authorization/controller_permission.rb