RubyGems - authoreyes - Versions diffs - 0.2.0 → 0.2.1 - Mend

authoreyes 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +2 -0
data/lib/authoreyes.rb +1 -1
data/lib/authoreyes/helpers/in_controller.rb +25 -4
data/lib/authoreyes/railtie.rb +6 -2
data/lib/authoreyes/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2043aee1461c027a8e709798ca08a034bef0730a
-  data.tar.gz: fc7c8229de1c9edbe95af17b27e12c617a149be7
+  metadata.gz: 6aa29842232cabee5e1657ec96b6b9a691073e7b
+  data.tar.gz: 9ed619116c26b67aa9f3c9dd3d1e4d7480e82b7c
 SHA512:
-  metadata.gz: 64f245dae1fd0a68e7044e653788d1e799d28116c746e63de7398e8b250a5f2e644845baa4969b45670ff5f793a75e5b3e243d7c221951f260b8d8cd0b926513
-  data.tar.gz: 8cee745304c642ca106f61d528ad563c067bcd1661d9fc0ae49c45727af8771e7699bb3551d3a56315917dc32683013d0eaae0cb2a015674c23244386a38846b
+  metadata.gz: e6191f4c46865ff31009ecdad20232240700e79a51be00f1ad73346b4f96415e404297ccae1a519cb5619a3f041d819294e43e85b41341ce93069bb154187a24
+  data.tar.gz: 3580773d5184bcd805586440c15b48082dd9795c778d252d26e58b0ccf5e7ba3e5e1022117403a00386c00b905579ec18ea400e1c3d46b5c4ff4321335048d06

data/CHANGELOG.md ADDED

	@@ -0,0 +1,2 @@
1	+ * __v0.2.0__
2	+ * Add _very_ basic functionality for Rails API: Authoreyes now has different behavior for ActionController::Base and ActionController::API. On ::API, Authoreyes will return a ActiveModel::Serializers JSON API compliant error JSON object.

data/lib/authoreyes.rb CHANGED

@@ -11,7 +11,7 @@ module Authoreyes
       require 'authoreyes/helpers/in_controller'
       # Include Controller helpers
-      ActionController::Base.include Authoreyes::Helpers::InController
+      ActionController::Metal.include Authoreyes::Helpers::InController
     end
   end
 end

data/lib/authoreyes/helpers/in_controller.rb CHANGED

@@ -10,29 +10,50 @@ module Authoreyes
       #   extend
       # end
-      ApplicationController.send :before_action, :redirect_if_unauthorized
+      # ApplicationController.send :before_action, :redirect_if_unauthorized
       # TODO: Implement this!
       def filter_resource_access(options = {})
       end
-      def redirect_if_unauthorized
-        unless permitted_to? action_name
+      ActionController::Base.send(:define_method, :redirect_if_unauthorized) do
+        begin
+          permitted_to! action_name
+        rescue Authoreyes::Authorization::NotAuthorized => e
           session[:request_unauthorized] = true
+          puts e
           redirect_back fallback_location: root_path,
                         status: :found,
                         alert: 'You are not allowed to do that.'
         end
       end
-      def set_unauthorized_status_code
+      ActionController::Base.send(:define_method, :set_unauthorized_status_code) do
         if session[:request_unauthorized] == true
           session.delete :request_unauthorized
           response.status = :forbidden
         end
       end
+      ActionController::API.send(:define_method, :render_unauthorized) do
+        begin
+          permitted_to! action_name
+        rescue Authoreyes::Authorization::NotAuthorized => e
+          puts e
+          response_object = ActiveModelSerializers::Model.new()
+          response_object.attributes.merge!({
+            action: action_name,
+            controller: controller_name
+          })
+          response_object.errors.add :action, e
+          # Assumes ActiveModel::Serializers is used.
+          # If not used, you will have to override `render_unauthorized`
+          # in your ApplicationController.
+          render json: response_object, status: :forbidden, adapter: :json_api, serializer: ActiveModel::Serializer::ErrorSerializer
+        end
+      end
       # If the current user meets the given privilege, permitted_to? returns true
       # and yields to the optional block.  The attribute checks that are defined
       # in the authorization rules are only evaluated if an object is given

data/lib/authoreyes/railtie.rb CHANGED

@@ -30,8 +30,12 @@ module Authoreyes
     # Controller integration
     initializer 'authoreyes.in_controller' do |app|
       ActiveSupport.on_load :action_controller do
-        before_action :redirect_if_unauthorized
-        after_action :set_unauthorized_status_code
+        if Rails.application.config.api_only
+          before_action :render_unauthorized
+        else
+          before_action :redirect_if_unauthorized
+          after_action :set_unauthorized_status_code
+        end
       end
     end

data/lib/authoreyes/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Authoreyes
-  VERSION = "0.2.0"
+  VERSION = "0.2.1"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authoreyes
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Tektite Software
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2016-07-30 00:00:00.000000000 Z
+date: 2016-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -122,6 +122,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - LICENSE.txt
 - MIT-LICENSE