authority 2.3.0 → 2.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.markdown +11 -2
- data/TODO.markdown +4 -0
- data/lib/authority.rb +4 -0
- data/lib/authority/controller.rb +2 -2
- data/lib/authority/user_abilities.rb +15 -2
- data/lib/authority/version.rb +1 -1
- data/lib/generators/templates/authority_initializer.rb +1 -1
- data/spec/authority/configuration_spec.rb +1 -1
- data/spec/authority/controller_spec.rb +2 -2
- data/spec/authority/user_abilities_spec.rb +50 -3
- metadata +16 -6
data/README.markdown
CHANGED
@@ -370,7 +370,16 @@ If the user isn't allowed to edit widgets, they won't see the link. If they're n
|
|
370
370
|
Authority is organized around protecting resources. But **occasionally** you **may** need to authorize something that has no particular resource. For that, it provides the generic `can?` method. It works like this:
|
371
371
|
|
372
372
|
```ruby
|
373
|
-
|
373
|
+
current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.authorizes_to_view_stats_dashboard?`
|
374
|
+
current_user.can?(:view_stats_dashboard, :on => :tuesdays, :with => :tea) # same, passing the options
|
375
|
+
|
376
|
+
# application_authorizer.rb
|
377
|
+
class ApplicationAuthorizer < Authority::Authorizer
|
378
|
+
# ...
|
379
|
+
def self.authorizes_to_view_stats_dashboard?(user, options = {})
|
380
|
+
user.has_role?(:manager) # or whatever
|
381
|
+
end
|
382
|
+
end
|
374
383
|
```
|
375
384
|
|
376
385
|
Use this very sparingly, and consider it a [code smell](http://en.wikipedia.org/wiki/Code_smell). Overuse will turn your `ApplicationAuthorizer` into a junk drawer of methods. Ask yourself, "am I sure I don't have a resource for this? Should I have one?"
|
@@ -389,7 +398,7 @@ You can define your own `authority_forbidden` method:
|
|
389
398
|
```ruby
|
390
399
|
# Send 'em back where they came from with a slap on the wrist
|
391
400
|
def authority_forbidden(exception)
|
392
|
-
Authority.
|
401
|
+
Authority.logger.warn(error.message)
|
393
402
|
redirect_to request.referrer.presence || root_path, :alert => 'You are not authorized to complete that action.'
|
394
403
|
end
|
395
404
|
```
|
data/TODO.markdown
CHANGED
@@ -6,6 +6,10 @@
|
|
6
6
|
- Test `ActionController` integration
|
7
7
|
- Add tests for the generators
|
8
8
|
|
9
|
+
## Code
|
10
|
+
|
11
|
+
- Look into using the `Forwardable` module for delegation in various places. (Does it handle passing options if given and nothing if not?)
|
12
|
+
|
9
13
|
## Structural changes
|
10
14
|
|
11
15
|
- Consider the huge change from authorizer objects to modules for permissions. This eliminates the awkwardness of "to check a resource instance, let's go instantiate an authorizer and give it this resource instance..." If we make this change, describe a detailed upgrade path.
|
data/lib/authority.rb
CHANGED
data/lib/authority/controller.rb
CHANGED
@@ -38,7 +38,7 @@ module Authority
|
|
38
38
|
end
|
39
39
|
|
40
40
|
def authority_action(action_map)
|
41
|
-
|
41
|
+
Authority.logger.warn "Authority's `authority_action` method has been renamed \
|
42
42
|
to `authority_actions` (plural) to reflect the fact that you can \
|
43
43
|
set multiple actions in one shot. Please update your controllers \
|
44
44
|
accordingly. (called from #{caller.first})".squeeze(' ')
|
@@ -77,7 +77,7 @@ module Authority
|
|
77
77
|
#
|
78
78
|
# @param [Exception] error, an error that indicates the user tried to perform a forbidden action.
|
79
79
|
def authority_forbidden(error)
|
80
|
-
Authority.
|
80
|
+
Authority.logger.warn(error.message)
|
81
81
|
render :file => Rails.root.join('public', '403.html'), :status => 403, :layout => false
|
82
82
|
end
|
83
83
|
|
@@ -20,8 +20,21 @@ module Authority
|
|
20
20
|
RUBY
|
21
21
|
end
|
22
22
|
|
23
|
-
def can?(action)
|
24
|
-
|
23
|
+
def can?(action, options = {})
|
24
|
+
begin
|
25
|
+
ApplicationAuthorizer.send("authorizes_to_#{action}?", self, options)
|
26
|
+
rescue NoMethodError => original_exception
|
27
|
+
begin
|
28
|
+
# For backwards compatibility
|
29
|
+
response = ApplicationAuthorizer.send("can_#{action}?", self, options)
|
30
|
+
Authority.logger.warn(
|
31
|
+
"DEPRECATION WARNING: Please rename `ApplicationAuthorizer.can_#{action}?` to `authorizes_to_#{action}?`"
|
32
|
+
)
|
33
|
+
response
|
34
|
+
rescue NoMethodError => new_exception
|
35
|
+
raise original_exception
|
36
|
+
end
|
37
|
+
end
|
25
38
|
end
|
26
39
|
|
27
40
|
end
|
data/lib/authority/version.rb
CHANGED
@@ -64,7 +64,7 @@ Authority.configure do |config|
|
|
64
64
|
#
|
65
65
|
# Some possible settings:
|
66
66
|
# config.logger = Rails.logger # Log with all your app's other messages
|
67
|
-
# config.logger = Logger.new('log/authority.log')
|
67
|
+
# config.logger = Logger.new('log/authority.log') # Use this file
|
68
68
|
# config.logger = Logger.new('/dev/null') # Don't log at all (on a Unix system)
|
69
69
|
|
70
70
|
end
|
@@ -191,14 +191,14 @@ describe Authority::Controller do
|
|
191
191
|
let(:mock_error) { mock(:message => 'oh noes! an error!') }
|
192
192
|
|
193
193
|
it "logs an error" do
|
194
|
-
Authority.
|
194
|
+
Authority.logger.should_receive(:warn)
|
195
195
|
controller_instance.stub(:render)
|
196
196
|
controller_instance.send(:authority_forbidden, mock_error)
|
197
197
|
end
|
198
198
|
|
199
199
|
it "renders the public/403.html file" do
|
200
200
|
forbidden_page = Rails.root.join('public/403.html')
|
201
|
-
Authority.
|
201
|
+
Authority.logger.stub(:warn)
|
202
202
|
controller_instance.should_receive(:render).with(:file => forbidden_page, :status => 403, :layout => false)
|
203
203
|
controller_instance.send(:authority_forbidden, mock_error)
|
204
204
|
end
|
@@ -39,9 +39,56 @@ describe Authority::UserAbilities do
|
|
39
39
|
|
40
40
|
describe "using `can?` for non-resource-specific checks" do
|
41
41
|
|
42
|
-
|
43
|
-
|
44
|
-
|
42
|
+
context "when ApplicationAuthorizer responds to a matching `authorizes_to?` call" do
|
43
|
+
|
44
|
+
before :each do
|
45
|
+
ApplicationAuthorizer.stub(:authorizes_to_mimic_lemurs?).and_return('yessir')
|
46
|
+
end
|
47
|
+
|
48
|
+
it "uses the `authorizes_to` return value" do
|
49
|
+
expect(user.can?(:mimic_lemurs)).to eq('yessir')
|
50
|
+
end
|
51
|
+
|
52
|
+
end
|
53
|
+
|
54
|
+
context "when ApplicationAuthorizer does not respond to a matching `authorizes_to?` call" do
|
55
|
+
|
56
|
+
before :each do
|
57
|
+
ApplicationAuthorizer.stub(:authorizes_to_mimic_lemurs?).and_raise(NoMethodError.new('eh?'))
|
58
|
+
end
|
59
|
+
|
60
|
+
context "when ApplicationAuthorizer responds to a matching `can` call" do
|
61
|
+
|
62
|
+
before :each do
|
63
|
+
ApplicationAuthorizer.stub(:can_mimic_lemurs?).and_return('thumbs up!')
|
64
|
+
Authority.logger.stub(:warn)
|
65
|
+
end
|
66
|
+
|
67
|
+
it "uses the `can` return value (for backwards compatibility)" do
|
68
|
+
expect(user.can?(:mimic_lemurs)).to eq('thumbs up!')
|
69
|
+
end
|
70
|
+
|
71
|
+
it "sends a deprecation warning" do
|
72
|
+
Authority.logger.should_receive(:warn).with(
|
73
|
+
"DEPRECATION WARNING: Please rename `ApplicationAuthorizer.can_mimic_lemurs?` to `authorizes_to_mimic_lemurs?`"
|
74
|
+
)
|
75
|
+
user.can?(:mimic_lemurs)
|
76
|
+
end
|
77
|
+
|
78
|
+
end
|
79
|
+
|
80
|
+
context "when ApplicationAuthorizer does not respond to a matching `can` call" do
|
81
|
+
|
82
|
+
before(:each) do
|
83
|
+
ApplicationAuthorizer.stub(:can_mimic_lemurs?).and_raise(NoMethodError.new('whaaa?'))
|
84
|
+
end
|
85
|
+
|
86
|
+
it "re-raises the NoMethodError from the missing `authorizes_to?`" do
|
87
|
+
expect{user.can?(:mimic_lemurs)}.to raise_error(NoMethodError, 'eh?')
|
88
|
+
end
|
89
|
+
|
90
|
+
end
|
91
|
+
|
45
92
|
end
|
46
93
|
|
47
94
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authority
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.3.
|
4
|
+
version: 2.3.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,11 +10,11 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2012-12-
|
13
|
+
date: 2012-12-10 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rails
|
17
|
-
requirement: &
|
17
|
+
requirement: &2152639540 !ruby/object:Gem::Requirement
|
18
18
|
none: false
|
19
19
|
requirements:
|
20
20
|
- - ! '>='
|
@@ -22,7 +22,7 @@ dependencies:
|
|
22
22
|
version: 3.0.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
|
-
version_requirements: *
|
25
|
+
version_requirements: *2152639540
|
26
26
|
description: Authority helps you authorize actions in your Rails app. It's ORM-neutral
|
27
27
|
and has very little fancy syntax; just group your models under one or more Authorizer
|
28
28
|
classes and write plain Ruby methods on them.
|
@@ -90,9 +90,19 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
90
90
|
version: '0'
|
91
91
|
requirements: []
|
92
92
|
rubyforge_project:
|
93
|
-
rubygems_version: 1.8.
|
93
|
+
rubygems_version: 1.8.16
|
94
94
|
signing_key:
|
95
95
|
specification_version: 3
|
96
96
|
summary: Authority helps you authorize actions in your Rails app using plain Ruby
|
97
97
|
methods on Authorizer classes.
|
98
|
-
test_files:
|
98
|
+
test_files:
|
99
|
+
- spec/authority/abilities_spec.rb
|
100
|
+
- spec/authority/authorizer_spec.rb
|
101
|
+
- spec/authority/configuration_spec.rb
|
102
|
+
- spec/authority/controller_spec.rb
|
103
|
+
- spec/authority/integration_spec.rb
|
104
|
+
- spec/authority/user_abilities_spec.rb
|
105
|
+
- spec/authority_spec.rb
|
106
|
+
- spec/spec_helper.rb
|
107
|
+
- spec/support/example_classes.rb
|
108
|
+
- spec/support/mock_rails.rb
|