authoreyes 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -0
  3. data/lib/authoreyes.rb +1 -1
  4. data/lib/authoreyes/helpers/in_controller.rb +25 -4
  5. data/lib/authoreyes/railtie.rb +6 -2
  6. data/lib/authoreyes/version.rb +1 -1
  7. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2043aee1461c027a8e709798ca08a034bef0730a
4
- data.tar.gz: fc7c8229de1c9edbe95af17b27e12c617a149be7
3
+ metadata.gz: 6aa29842232cabee5e1657ec96b6b9a691073e7b
4
+ data.tar.gz: 9ed619116c26b67aa9f3c9dd3d1e4d7480e82b7c
5
5
  SHA512:
6
- metadata.gz: 64f245dae1fd0a68e7044e653788d1e799d28116c746e63de7398e8b250a5f2e644845baa4969b45670ff5f793a75e5b3e243d7c221951f260b8d8cd0b926513
7
- data.tar.gz: 8cee745304c642ca106f61d528ad563c067bcd1661d9fc0ae49c45727af8771e7699bb3551d3a56315917dc32683013d0eaae0cb2a015674c23244386a38846b
6
+ metadata.gz: e6191f4c46865ff31009ecdad20232240700e79a51be00f1ad73346b4f96415e404297ccae1a519cb5619a3f041d819294e43e85b41341ce93069bb154187a24
7
+ data.tar.gz: 3580773d5184bcd805586440c15b48082dd9795c778d252d26e58b0ccf5e7ba3e5e1022117403a00386c00b905579ec18ea400e1c3d46b5c4ff4321335048d06
data/CHANGELOG.md ADDED
@@ -0,0 +1,2 @@
1
+ * __v0.2.0__
2
+ * Add _very_ basic functionality for Rails API: Authoreyes now has different behavior for ActionController::Base and ActionController::API. On ::API, Authoreyes will return a ActiveModel::Serializers JSON API compliant error JSON object.
data/lib/authoreyes.rb CHANGED
@@ -11,7 +11,7 @@ module Authoreyes
11
11
  require 'authoreyes/helpers/in_controller'
12
12
 
13
13
  # Include Controller helpers
14
- ActionController::Base.include Authoreyes::Helpers::InController
14
+ ActionController::Metal.include Authoreyes::Helpers::InController
15
15
  end
16
16
  end
17
17
  end
data/lib/authoreyes/helpers/in_controller.rb CHANGED
@@ -10,29 +10,50 @@ module Authoreyes
10
10
  # extend
11
11
  # end
12
12
 
13
- ApplicationController.send :before_action, :redirect_if_unauthorized
13
+ # ApplicationController.send :before_action, :redirect_if_unauthorized
14
14
 
15
15
  # TODO: Implement this!
16
16
  def filter_resource_access(options = {})
17
17
 
18
18
  end
19
19
 
20
- def redirect_if_unauthorized
21
- unless permitted_to? action_name
20
+ ActionController::Base.send(:define_method, :redirect_if_unauthorized) do
21
+ begin
22
+ permitted_to! action_name
23
+ rescue Authoreyes::Authorization::NotAuthorized => e
22
24
  session[:request_unauthorized] = true
25
+ puts e
23
26
  redirect_back fallback_location: root_path,
24
27
  status: :found,
25
28
  alert: 'You are not allowed to do that.'
26
29
  end
27
30
  end
28
31
 
29
- def set_unauthorized_status_code
32
+ ActionController::Base.send(:define_method, :set_unauthorized_status_code) do
30
33
  if session[:request_unauthorized] == true
31
34
  session.delete :request_unauthorized
32
35
  response.status = :forbidden
33
36
  end
34
37
  end
35
38
 
39
+ ActionController::API.send(:define_method, :render_unauthorized) do
40
+ begin
41
+ permitted_to! action_name
42
+ rescue Authoreyes::Authorization::NotAuthorized => e
43
+ puts e
44
+ response_object = ActiveModelSerializers::Model.new()
45
+ response_object.attributes.merge!({
46
+ action: action_name,
47
+ controller: controller_name
48
+ })
49
+ response_object.errors.add :action, e
50
+ # Assumes ActiveModel::Serializers is used.
51
+ # If not used, you will have to override `render_unauthorized`
52
+ # in your ApplicationController.
53
+ render json: response_object, status: :forbidden, adapter: :json_api, serializer: ActiveModel::Serializer::ErrorSerializer
54
+ end
55
+ end
56
+
36
57
  # If the current user meets the given privilege, permitted_to? returns true
37
58
  # and yields to the optional block. The attribute checks that are defined
38
59
  # in the authorization rules are only evaluated if an object is given
data/lib/authoreyes/railtie.rb CHANGED
@@ -30,8 +30,12 @@ module Authoreyes
30
30
  # Controller integration
31
31
  initializer 'authoreyes.in_controller' do |app|
32
32
  ActiveSupport.on_load :action_controller do
33
- before_action :redirect_if_unauthorized
34
- after_action :set_unauthorized_status_code
33
+ if Rails.application.config.api_only
34
+ before_action :render_unauthorized
35
+ else
36
+ before_action :redirect_if_unauthorized
37
+ after_action :set_unauthorized_status_code
38
+ end
35
39
  end
36
40
  end
37
41
 
data/lib/authoreyes/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Authoreyes
2
- VERSION = "0.2.0"
2
+ VERSION = "0.2.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authoreyes
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tektite Software
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2016-07-30 00:00:00.000000000 Z
12
+ date: 2016-08-03 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rails
@@ -122,6 +122,7 @@ extra_rdoc_files: []
122
122
  files:
123
123
  - ".gitignore"
124
124
  - ".travis.yml"
125
+ - CHANGELOG.md
125
126
  - Gemfile
126
127
  - LICENSE.txt
127
128
  - MIT-LICENSE