authority 2.4.3 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.markdown +4 -0
- data/README.markdown +6 -3
- data/TODO.markdown +1 -1
- data/lib/authority/abilities.rb +10 -3
- data/lib/authority/version.rb +1 -1
- data/spec/authority/abilities_spec.rb +28 -6
- data/spec/support/example_classes.rb +20 -3
- metadata +6 -27
data/CHANGELOG.markdown
CHANGED
@@ -2,6 +2,10 @@
|
|
2
2
|
|
3
3
|
Authority does its best to use [semantic versioning](http://semver.org).
|
4
4
|
|
5
|
+
## v2.5.0
|
6
|
+
|
7
|
+
Models whose `authorizer_name` is not specified will now check for an authorizer with their own name before falling back to `ApplicationAuthorizer`. Eg, `Comment` will look for `CommentAuthorizer`. Namespacing is respected.
|
8
|
+
|
5
9
|
## v2.4.3
|
6
10
|
|
7
11
|
Bugfix for Rails 3.1 - apparently its `class_attribute` method stepped on instance methods even when given `:instance_reader => false`
|
data/README.markdown
CHANGED
@@ -7,7 +7,7 @@ Authority will work fine with a standalone app or a single sign-on system. You c
|
|
7
7
|
It requires that you already have some kind of user object in your application, accessible from all controllers and views via a method like `current_user` (configurable).
|
8
8
|
|
9
9
|
[![Build Status](https://secure.travis-ci.org/nathanl/authority.png?branch=master)](http://travis-ci.org/nathanl/authority)
|
10
|
-
[![Code Climate](https://codeclimate.com/
|
10
|
+
[![Code Climate](https://codeclimate.com/github/nathanl/authority.png)](https://codeclimate.com/github/nathanl/authority)
|
11
11
|
|
12
12
|
## Contents
|
13
13
|
|
@@ -71,9 +71,12 @@ All you have to do is define the methods you need on your authorizers. You have
|
|
71
71
|
|
72
72
|
Authority encapsulates all authorization logic in `Authorizer` classes. Want to do something with a model? **Ask its authorizer**.
|
73
73
|
|
74
|
-
|
74
|
+
You can specify a model's authorizer using the class method `authorizer_name=`. If you don't specify it, it will:
|
75
75
|
|
76
|
-
|
76
|
+
- Look for an authorizer with its name. Eg, `Comment` will look for `CommentAuthorizer`.
|
77
|
+
- If that's not found, it will use `ApplicationAuthorizer`.
|
78
|
+
|
79
|
+
**Models that have the same authorization rules should use the same authorizer**. In other words, if you would write the exact same methods on two models to determine who can create them, who can edit them, etc, then they should use the same authorizer.
|
77
80
|
|
78
81
|
Some example groupings:
|
79
82
|
|
data/TODO.markdown
CHANGED
data/lib/authority/abilities.rb
CHANGED
@@ -11,10 +11,17 @@ module Authority
|
|
11
11
|
extend ActiveSupport::Concern
|
12
12
|
extend Forwardable
|
13
13
|
|
14
|
-
|
15
|
-
included do
|
14
|
+
included do |base|
|
16
15
|
class_attribute :authorizer_name
|
17
|
-
|
16
|
+
|
17
|
+
# Set the default authorizer for this model.
|
18
|
+
# - Look for an authorizer named like the model inside the model's namespace.
|
19
|
+
# - If there is none, use 'ApplicationAuthorizer'
|
20
|
+
self.authorizer_name = begin
|
21
|
+
"#{base.name}Authorizer".constantize.name
|
22
|
+
rescue NameError => e
|
23
|
+
"ApplicationAuthorizer"
|
24
|
+
end
|
18
25
|
end
|
19
26
|
|
20
27
|
def authorizer
|
data/lib/authority/version.rb
CHANGED
@@ -3,23 +3,45 @@ require 'support/example_classes'
|
|
3
3
|
|
4
4
|
describe Authority::Abilities do
|
5
5
|
|
6
|
-
let(:user)
|
7
|
-
let(:resource_class)
|
6
|
+
let(:user) { ExampleUser.new }
|
7
|
+
let(:resource_class) { ExampleResource }
|
8
|
+
let(:namespaced_resource_class) { Namespaced::SampleResource }
|
9
|
+
let(:other_resource_class) { OtherResource }
|
8
10
|
|
9
11
|
describe "instance methods" do
|
10
12
|
|
11
13
|
describe "authorizer_name" do
|
12
14
|
|
13
|
-
it "has a class attribute getter
|
15
|
+
it "has a class attribute getter" do
|
14
16
|
expect(resource_class).to respond_to(:authorizer_name)
|
15
17
|
end
|
16
18
|
|
17
|
-
it "has a class attribute setter
|
19
|
+
it "has a class attribute setter" do
|
18
20
|
expect(resource_class).to respond_to(:authorizer_name=)
|
19
21
|
end
|
20
22
|
|
21
|
-
|
22
|
-
|
23
|
+
describe "by default" do
|
24
|
+
|
25
|
+
context "when there is an authorizer with a name like the resource's" do
|
26
|
+
|
27
|
+
it "uses that authorizer" do
|
28
|
+
expect(resource_class.authorizer_name).to eq("ExampleResourceAuthorizer")
|
29
|
+
end
|
30
|
+
|
31
|
+
it "respects namespaces when it's looking" do
|
32
|
+
expect(namespaced_resource_class.authorizer_name).to eq("Namespaced::SampleResourceAuthorizer")
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
context "when there is no authorizer with a name like the resource's" do
|
38
|
+
|
39
|
+
it "uses 'ApplicationAuthorizer'" do
|
40
|
+
expect(other_resource_class.authorizer_name).to eq("ApplicationAuthorizer")
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
|
23
45
|
end
|
24
46
|
|
25
47
|
end
|
@@ -1,13 +1,30 @@
|
|
1
|
+
class ApplicationAuthorizer < Authority::Authorizer
|
2
|
+
def self.readable_by?(user)
|
3
|
+
true
|
4
|
+
end
|
5
|
+
end
|
6
|
+
|
1
7
|
class ExampleUser
|
2
8
|
include Authority::UserAbilities
|
3
9
|
end
|
4
10
|
|
11
|
+
class ExampleResourceAuthorizer < ApplicationAuthorizer
|
12
|
+
end
|
13
|
+
|
5
14
|
class ExampleResource
|
6
15
|
include Authority::Abilities
|
7
16
|
end
|
8
17
|
|
9
|
-
|
10
|
-
|
11
|
-
|
18
|
+
module Namespaced
|
19
|
+
class SampleResourceAuthorizer < ApplicationAuthorizer
|
20
|
+
end
|
21
|
+
|
22
|
+
class SampleResource
|
23
|
+
include Authority::Abilities
|
12
24
|
end
|
25
|
+
|
26
|
+
end
|
27
|
+
|
28
|
+
class OtherResource
|
29
|
+
include Authority::Abilities
|
13
30
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authority
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.5.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,11 +10,11 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2013-
|
13
|
+
date: 2013-03-21 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rails
|
17
|
-
requirement: !ruby/object:Gem::Requirement
|
17
|
+
requirement: &74282880 !ruby/object:Gem::Requirement
|
18
18
|
none: false
|
19
19
|
requirements:
|
20
20
|
- - ! '>='
|
@@ -22,12 +22,7 @@ dependencies:
|
|
22
22
|
version: 3.0.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
|
-
version_requirements:
|
26
|
-
none: false
|
27
|
-
requirements:
|
28
|
-
- - ! '>='
|
29
|
-
- !ruby/object:Gem::Version
|
30
|
-
version: 3.0.0
|
25
|
+
version_requirements: *74282880
|
31
26
|
description: Authority helps you authorize actions in your Rails app. It's ORM-neutral
|
32
27
|
and has very little fancy syntax; just group your models under one or more Authorizer
|
33
28
|
classes and write plain Ruby methods on them.
|
@@ -87,33 +82,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
87
82
|
- - ! '>='
|
88
83
|
- !ruby/object:Gem::Version
|
89
84
|
version: '0'
|
90
|
-
segments:
|
91
|
-
- 0
|
92
|
-
hash: 4595590261951067039
|
93
85
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
94
86
|
none: false
|
95
87
|
requirements:
|
96
88
|
- - ! '>='
|
97
89
|
- !ruby/object:Gem::Version
|
98
90
|
version: '0'
|
99
|
-
segments:
|
100
|
-
- 0
|
101
|
-
hash: 4595590261951067039
|
102
91
|
requirements: []
|
103
92
|
rubyforge_project:
|
104
|
-
rubygems_version: 1.8.
|
93
|
+
rubygems_version: 1.8.10
|
105
94
|
signing_key:
|
106
95
|
specification_version: 3
|
107
96
|
summary: Authority helps you authorize actions in your Rails app using plain Ruby
|
108
97
|
methods on Authorizer classes.
|
109
|
-
test_files:
|
110
|
-
- spec/authority/abilities_spec.rb
|
111
|
-
- spec/authority/authorizer_spec.rb
|
112
|
-
- spec/authority/configuration_spec.rb
|
113
|
-
- spec/authority/controller_spec.rb
|
114
|
-
- spec/authority/integration_spec.rb
|
115
|
-
- spec/authority/user_abilities_spec.rb
|
116
|
-
- spec/authority_spec.rb
|
117
|
-
- spec/spec_helper.rb
|
118
|
-
- spec/support/example_classes.rb
|
119
|
-
- spec/support/mock_rails.rb
|
98
|
+
test_files: []
|