authority 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +4 -5
- data/lib/authority/abilities.rb +9 -1
- data/lib/authority/authorizer.rb +2 -0
- data/lib/authority/controller.rb +1 -1
- data/lib/authority/railtie.rb +1 -1
- data/lib/authority/version.rb +1 -1
- data/spec/authority/abilities_spec.rb +5 -0
- data/spec/authority/controller_spec.rb +1 -1
- data/spec/support/no_authorizer_model.rb +5 -0
- metadata +7 -5
data/README.md
CHANGED
@@ -7,11 +7,11 @@
|
|
7
7
|
No time for reading! Reading is for chumps! Here's the skinny:
|
8
8
|
|
9
9
|
- Install in your Rails project
|
10
|
-
- Put this in your controllers: `check_authorization_on
|
10
|
+
- Put this in your controllers: `check_authorization_on YourModelNameHere` (the model that controller works with)
|
11
11
|
- Put this in your models: `include Authority::Abilities`
|
12
|
-
- For each model you have, create a corresponding
|
13
|
-
- Add class methods to that
|
14
|
-
- Add instance methods to that
|
12
|
+
- For each model you have, create a corresponding `YourModelNameHereAuthorizer`. For example, for `app/models/lolcat.rb`, create `app/authorizers/lolcat_authorizer.rb` with an empty class inheriting from `Authority::Authorizer`.
|
13
|
+
- Add class methods to that authorizer to set rules that can be enforced just by looking at the resource class, like "this user cannot create Lolcats, period."
|
14
|
+
- Add instance methods to that authorizer to set rules that need to look at a resource instance, like "a user can only edit a Lolcat if it belongs to that user and has not been marked as 'classic'".
|
15
15
|
|
16
16
|
## Overview
|
17
17
|
|
@@ -148,7 +148,6 @@ If you update your authorizer as follows:
|
|
148
148
|
## TODO
|
149
149
|
|
150
150
|
- Document syntax for checking rules during a controller action
|
151
|
-
- Rename Authorization to Authorizer
|
152
151
|
- Update generator to create an authorizer for every model
|
153
152
|
- Generator
|
154
153
|
- Add generators or hook into existing rails generators
|
data/lib/authority/abilities.rb
CHANGED
@@ -21,7 +21,15 @@ module Authority
|
|
21
21
|
end
|
22
22
|
|
23
23
|
def authorizer
|
24
|
-
|
24
|
+
begin
|
25
|
+
@authorizer ||= authorizer_name.constantize
|
26
|
+
rescue StandardError => e
|
27
|
+
if e.is_a?(NameError)
|
28
|
+
raise Authority::NoAuthorizerError.new("#{authorizer_name} does not exist in your application")
|
29
|
+
else
|
30
|
+
raise e
|
31
|
+
end
|
32
|
+
end
|
25
33
|
end
|
26
34
|
end
|
27
35
|
|
data/lib/authority/authorizer.rb
CHANGED
data/lib/authority/controller.rb
CHANGED
@@ -3,7 +3,7 @@ module Authority
|
|
3
3
|
extend ActiveSupport::Concern
|
4
4
|
|
5
5
|
included do
|
6
|
-
rescue_from Authority::SecurityTransgression, :with =>
|
6
|
+
rescue_from Authority::SecurityTransgression, :with => :authority_forbidden
|
7
7
|
class_attribute :authority_resource
|
8
8
|
class_attribute :authority_actions
|
9
9
|
end
|
data/lib/authority/railtie.rb
CHANGED
data/lib/authority/version.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'support/ability_model'
|
3
|
+
require 'support/no_authorizer_model'
|
3
4
|
require 'support/user'
|
4
5
|
|
5
6
|
describe Authority::Abilities do
|
@@ -34,6 +35,10 @@ describe Authority::Abilities do
|
|
34
35
|
AbilityModel.authorizer
|
35
36
|
end
|
36
37
|
|
38
|
+
it "should raise a friendly error if the authorizer doesn't exist" do
|
39
|
+
expect { NoAuthorizerModel.authorizer }.to raise_error(Authority::NoAuthorizerError)
|
40
|
+
end
|
41
|
+
|
37
42
|
end
|
38
43
|
|
39
44
|
describe "class methods" do
|
@@ -9,7 +9,7 @@ describe Authority::Controller do
|
|
9
9
|
describe "when including" do
|
10
10
|
it "should specify rescuing security transgressions" do
|
11
11
|
class DummyController < ExampleController ; end
|
12
|
-
DummyController.should_receive(:rescue_from).with(Authority::SecurityTransgression, :with =>
|
12
|
+
DummyController.should_receive(:rescue_from).with(Authority::SecurityTransgression, :with => :authority_forbidden)
|
13
13
|
DummyController.send(:include, Authority::Controller)
|
14
14
|
end
|
15
15
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authority
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -14,7 +14,7 @@ date: 2012-03-13 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rails
|
17
|
-
requirement: &
|
17
|
+
requirement: &2160392740 !ruby/object:Gem::Requirement
|
18
18
|
none: false
|
19
19
|
requirements:
|
20
20
|
- - ! '>='
|
@@ -22,10 +22,10 @@ dependencies:
|
|
22
22
|
version: 3.0.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
|
-
version_requirements: *
|
25
|
+
version_requirements: *2160392740
|
26
26
|
- !ruby/object:Gem::Dependency
|
27
27
|
name: bundler
|
28
|
-
requirement: &
|
28
|
+
requirement: &2160392220 !ruby/object:Gem::Requirement
|
29
29
|
none: false
|
30
30
|
requirements:
|
31
31
|
- - ! '>='
|
@@ -33,7 +33,7 @@ dependencies:
|
|
33
33
|
version: 1.0.0
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
|
-
version_requirements: *
|
36
|
+
version_requirements: *2160392220
|
37
37
|
description: Gem for managing authorization on model actions in Rails
|
38
38
|
email:
|
39
39
|
- nathanmlong@gmail.com
|
@@ -70,6 +70,7 @@ files:
|
|
70
70
|
- spec/support/ability_model.rb
|
71
71
|
- spec/support/example_controller.rb
|
72
72
|
- spec/support/mock_rails.rb
|
73
|
+
- spec/support/no_authorizer_model.rb
|
73
74
|
- spec/support/user.rb
|
74
75
|
homepage: https://github.com/nathanl/authority
|
75
76
|
licenses: []
|
@@ -107,4 +108,5 @@ test_files:
|
|
107
108
|
- spec/support/ability_model.rb
|
108
109
|
- spec/support/example_controller.rb
|
109
110
|
- spec/support/mock_rails.rb
|
111
|
+
- spec/support/no_authorizer_model.rb
|
110
112
|
- spec/support/user.rb
|