RubyGems - aserto-rails - Versions diffs - 0.20.2 → 0.30.0 - Mend

aserto-rails 0.20.2 → 0.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/README.md +34 -0
data/VERSION +1 -1
data/lib/aserto/rails/controller_additions.rb +21 -0
data/lib/aserto/rails/controller_resource.rb +16 -0
metadata +4 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c73023472e4a2c16c1d7f2d54302cfd533a63f592f2ca039c26ecdbc00945adc
-  data.tar.gz: 5ba34c354dd5e34970da2e76114055eaf14b58a7e72507a6df63966fac7fcecd
+  metadata.gz: db5e72e6292b71ced35b0f37998cc46901356c44dfce224981a1196a0d978f0f
+  data.tar.gz: 72a97cb5107d799c1087636838d283b60ddd1092fcff6c9c06c5fe4cca9fe3ed
 SHA512:
-  metadata.gz: b5883461dedf1448f933c1dbdc02d66d526e437c16e8696f70e5d7023cf03efe537674bbb32ce6a66420f26ee2609d7e100d0dc9a974909c56d6164ab47196b7
-  data.tar.gz: 133daa61ff2ee17d32746948b14974f9bbb81a5119399fa8826a31034fdb8785fc5ec495dabbd904cce923d767db80f45465ec66f2ad509f851c7511008c3dba
+  metadata.gz: 30f24678897474717e27bc9120ce84a5535472efede444fa0054c48b403fd3ba3a4501f60824da2a126e560f94c245bbbda0b8a47bd34184f8d8cfa9358d9905
+  data.tar.gz: abd7814fc2cb926ed1e0f1e99b57f550e91c3cdc54f1b8b6ac0629cc67529d5c223e7647a432614ca82590bedf1550c91c313650e3c55fdee3587910b010ac18

data/README.md CHANGED Viewed

@@ -138,6 +138,8 @@ end
 ## Controller helpers
+### aserto_authorize!
 The `aserto_authorize!` method in the controller will raise an exception if the user is not able to perform the given action.
 ```ruby
@@ -167,6 +169,38 @@ class PostsController < ApplicationController
 end
 ```
+### check!
+The `check!` method in the controller will raise an exception if the user is not able to perform the given action.
+```ruby
+def show
+  # only users in the "evil_genius" group are allowed to get this resource
+  check!(object_id: "evil_genius", object_type: "group", relation: "member")
+  @post = Post.find(params[:id])
+end
+```
+Setting this for every action can be tedious, therefore the `aserto_check_resource` method is provided to
+automatically authorize all actions in a RESTful style resource controller.
+It will use a before action to load the resource into an instance variable and authorize it for every action.
+```ruby
+class PostsController < ApplicationController
+  aserto_authorize_resource
+  # aserto_check_resource only: %i[show], params: { object_id: "evil_genius", object_type: "group", relation: "member" }
+  # aserto_check_resource except: %i[index], params: { object_id: "evil_genius", object_type: "group", relation: "member" }
+  def show
+    # getting a single post authorized
+  end
+  def index
+    # getting all posts is authorized
+  end
+end
+```
 ## Check Permissions
 The current user's permissions can then be checked using the `allowed?`, `visible?` and `enabled?` methods in views and controllers.

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.20.2
1	+ 0.30.0

data/lib/aserto/rails/controller_additions.rb CHANGED Viewed

@@ -8,6 +8,10 @@ module Aserto
           aserto_resource_class.add_before_action(self, :authorize_resource, *args)
         end
+        def aserto_check_resource(*args)
+          aserto_resource_class.add_before_action(self, :check_resource, *args)
+        end
         def aserto_resource_class
           ControllerResource
         end
@@ -38,6 +42,23 @@ module Aserto
         raise Aserto::AccessDenied unless Aserto::AuthClient.new(request).is
       end
+      #
+      # Authorization call based on check relation
+      #
+      # @param [String] object_id
+      # @param [String] object_type
+      # @param [String] relation
+      #
+      # @return [nil]
+      #
+      # @raise Aserto::AccessDenied
+      #
+      def check!(object_id:, object_type:, relation:)
+        raise Aserto::AccessDenied unless Aserto::AuthClient.new(request).check(
+          object_id: object_id, object_type: object_type, relation: relation
+        )
+      end
       private
       def augment_request!(action, path, resource)

data/lib/aserto/rails/controller_resource.rb CHANGED Viewed

@@ -10,6 +10,22 @@ module Aserto
         @name = args.first
       end
+      #
+      # Authorization call based on check relation
+      #
+      # @param [String] object_id
+      # @param [String] object_type
+      # @param [String] relation
+      #
+      # @return [nil]
+      #
+      # @raise Aserto::AccessDenied
+      #
+      def check_resource
+        client = Aserto::AuthClient.new(@controller.request)
+        raise Aserto::AccessDenied unless client.check(**(@options[:params] || {}))
+      end
       def authorize_resource
         raise Aserto::AccessDenied unless Aserto::AuthClient.new(@controller.request).is
       end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aserto-rails
 version: !ruby/object:Gem::Version
-  version: 0.20.2
+  version: 0.30.0
 platform: ruby
 authors:
 - Aserto
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-23 00:00:00.000000000 Z
+date: 2023-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aserto
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.20.5
+        version: 0.30.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.20.5
+        version: 0.30.1
 description: Aserto authorization library for Ruby and Ruby on Rails
 email:
 - aserto@aserto.com