authoreyes 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 2043aee1461c027a8e709798ca08a034bef0730a
4
- data.tar.gz: fc7c8229de1c9edbe95af17b27e12c617a149be7
3
+ metadata.gz: 6aa29842232cabee5e1657ec96b6b9a691073e7b
4
+ data.tar.gz: 9ed619116c26b67aa9f3c9dd3d1e4d7480e82b7c
5
5
  SHA512:
6
- metadata.gz: 64f245dae1fd0a68e7044e653788d1e799d28116c746e63de7398e8b250a5f2e644845baa4969b45670ff5f793a75e5b3e243d7c221951f260b8d8cd0b926513
7
- data.tar.gz: 8cee745304c642ca106f61d528ad563c067bcd1661d9fc0ae49c45727af8771e7699bb3551d3a56315917dc32683013d0eaae0cb2a015674c23244386a38846b
6
+ metadata.gz: e6191f4c46865ff31009ecdad20232240700e79a51be00f1ad73346b4f96415e404297ccae1a519cb5619a3f041d819294e43e85b41341ce93069bb154187a24
7
+ data.tar.gz: 3580773d5184bcd805586440c15b48082dd9795c778d252d26e58b0ccf5e7ba3e5e1022117403a00386c00b905579ec18ea400e1c3d46b5c4ff4321335048d06
@@ -0,0 +1,2 @@
1
+ * __v0.2.0__
2
+ * Add _very_ basic functionality for Rails API: Authoreyes now has different behavior for ActionController::Base and ActionController::API. On ::API, Authoreyes will return a ActiveModel::Serializers JSON API compliant error JSON object.
@@ -11,7 +11,7 @@ module Authoreyes
11
11
  require 'authoreyes/helpers/in_controller'
12
12
 
13
13
  # Include Controller helpers
14
- ActionController::Base.include Authoreyes::Helpers::InController
14
+ ActionController::Metal.include Authoreyes::Helpers::InController
15
15
  end
16
16
  end
17
17
  end
@@ -10,29 +10,50 @@ module Authoreyes
10
10
  # extend
11
11
  # end
12
12
 
13
- ApplicationController.send :before_action, :redirect_if_unauthorized
13
+ # ApplicationController.send :before_action, :redirect_if_unauthorized
14
14
 
15
15
  # TODO: Implement this!
16
16
  def filter_resource_access(options = {})
17
17
 
18
18
  end
19
19
 
20
- def redirect_if_unauthorized
21
- unless permitted_to? action_name
20
+ ActionController::Base.send(:define_method, :redirect_if_unauthorized) do
21
+ begin
22
+ permitted_to! action_name
23
+ rescue Authoreyes::Authorization::NotAuthorized => e
22
24
  session[:request_unauthorized] = true
25
+ puts e
23
26
  redirect_back fallback_location: root_path,
24
27
  status: :found,
25
28
  alert: 'You are not allowed to do that.'
26
29
  end
27
30
  end
28
31
 
29
- def set_unauthorized_status_code
32
+ ActionController::Base.send(:define_method, :set_unauthorized_status_code) do
30
33
  if session[:request_unauthorized] == true
31
34
  session.delete :request_unauthorized
32
35
  response.status = :forbidden
33
36
  end
34
37
  end
35
38
 
39
+ ActionController::API.send(:define_method, :render_unauthorized) do
40
+ begin
41
+ permitted_to! action_name
42
+ rescue Authoreyes::Authorization::NotAuthorized => e
43
+ puts e
44
+ response_object = ActiveModelSerializers::Model.new()
45
+ response_object.attributes.merge!({
46
+ action: action_name,
47
+ controller: controller_name
48
+ })
49
+ response_object.errors.add :action, e
50
+ # Assumes ActiveModel::Serializers is used.
51
+ # If not used, you will have to override `render_unauthorized`
52
+ # in your ApplicationController.
53
+ render json: response_object, status: :forbidden, adapter: :json_api, serializer: ActiveModel::Serializer::ErrorSerializer
54
+ end
55
+ end
56
+
36
57
  # If the current user meets the given privilege, permitted_to? returns true
37
58
  # and yields to the optional block. The attribute checks that are defined
38
59
  # in the authorization rules are only evaluated if an object is given
@@ -30,8 +30,12 @@ module Authoreyes
30
30
  # Controller integration
31
31
  initializer 'authoreyes.in_controller' do |app|
32
32
  ActiveSupport.on_load :action_controller do
33
- before_action :redirect_if_unauthorized
34
- after_action :set_unauthorized_status_code
33
+ if Rails.application.config.api_only
34
+ before_action :render_unauthorized
35
+ else
36
+ before_action :redirect_if_unauthorized
37
+ after_action :set_unauthorized_status_code
38
+ end
35
39
  end
36
40
  end
37
41
 
@@ -1,3 +1,3 @@
1
1
  module Authoreyes
2
- VERSION = "0.2.0"
2
+ VERSION = "0.2.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authoreyes
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tektite Software
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2016-07-30 00:00:00.000000000 Z
12
+ date: 2016-08-03 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rails
@@ -122,6 +122,7 @@ extra_rdoc_files: []
122
122
  files:
123
123
  - ".gitignore"
124
124
  - ".travis.yml"
125
+ - CHANGELOG.md
125
126
  - Gemfile
126
127
  - LICENSE.txt
127
128
  - MIT-LICENSE