authority 2.8.1 → 2.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.markdown +10 -6
- data/README.markdown +12 -0
- data/lib/authority/controller.rb +10 -2
- data/lib/authority/version.rb +1 -1
- data/spec/authority/controller_spec.rb +45 -3
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 49f7f09d33ece9e1d0f128c629d5963fbcf55c5b
|
4
|
+
data.tar.gz: 7978825534fc7412ed65cba9a531b0733d331100
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dd93e0ddda2bec80acf414af069344af29ee3ee287b1143d9bd7fff623bbf3bcdee6d2ca582665c8f9e60ccbbf4c6a3e223fb0414d4ec99bd840543864455ea0
|
7
|
+
data.tar.gz: a499cccc078b3777bf4543266976eb0d1df26951fca5a4419b7c7b813a1bbcae279b7ac4c0a03c03b3c54f4230fcb67d8c0d163deb16e9162579adeef39cab20
|
data/CHANGELOG.markdown
CHANGED
@@ -2,9 +2,13 @@
|
|
2
2
|
|
3
3
|
Authority does its best to use [semantic versioning](http://semver.org).
|
4
4
|
|
5
|
+
## v2.9.0
|
6
|
+
|
7
|
+
Add `all_actions` option for `authorize_actions_for`, thanks to [Igor Davydov](https://github.com/div).
|
8
|
+
|
5
9
|
## v2.8.1
|
6
10
|
|
7
|
-
Add license to gemspec, thanks to notice from Benjamin Fleischer - see [his blog post](http://www.benjaminfleischer.com/2013/07/12/make-the-world-a-better-place-put-a-license-in-your-gemspec/)
|
11
|
+
Add license to gemspec, thanks to notice from [Benjamin Fleischer](https://github.com/bf4) - see [his blog post](http://www.benjaminfleischer.com/2013/07/12/make-the-world-a-better-place-put-a-license-in-your-gemspec/)
|
8
12
|
|
9
13
|
## v2.8.0
|
10
14
|
|
@@ -12,12 +16,12 @@ New controller method `ensure_authorization_performed`, thanks to [Igor Davydov]
|
|
12
16
|
|
13
17
|
## 2.7.0
|
14
18
|
|
15
|
-
Allows setting authorizer by class (`authorizer = FooAuthorizer`) as well as by name (`authorizer_name = 'FooAuthorizer'`), thanks to [
|
19
|
+
Allows setting authorizer by class (`authorizer = FooAuthorizer`) as well as by name (`authorizer_name = 'FooAuthorizer'`), thanks to [Michael Guymon](https://github.com/mguymon)
|
16
20
|
|
17
21
|
## v2.6.0
|
18
22
|
|
19
|
-
- Now dependent on ActiveSupport, not all of Rails, as a step toward easier use with other frameworks. Thanks to [
|
20
|
-
- Testing with Rails 4.0, thanks to [
|
23
|
+
- Now dependent on ActiveSupport, not all of Rails, as a step toward easier use with other frameworks. Thanks to [Christopher Keele](https://github.com/christhekeele)
|
24
|
+
- Testing with Rails 4.0, thanks to [Murahashi Sanemat Kenichi](https://github.com/sanemat)
|
21
25
|
- Clearer backtraces in certain situations
|
22
26
|
|
23
27
|
## v2.5.0
|
@@ -56,7 +60,7 @@ Controller method `authorize_actions_for` can now be given a method name to dyna
|
|
56
60
|
|
57
61
|
## v2.2.0
|
58
62
|
|
59
|
-
Allow passing options hash to `authorize_action_for`, like `authorize_action_for(@llama, :sporting => @hat_style)`. Thanks to [
|
63
|
+
Allow passing options hash to `authorize_action_for`, like `authorize_action_for(@llama, :sporting => @hat_style)`. Thanks to [Mike Paulo](https://github.com/MP211).
|
60
64
|
|
61
65
|
## v2.1.0
|
62
66
|
|
@@ -73,7 +77,7 @@ Documentation and test cleanup.
|
|
73
77
|
|
74
78
|
## v1.1.0
|
75
79
|
|
76
|
-
- Added `Authority::Authorizer.default` class method which is called before the `default_strategy` proc and delegates to that proc. This can be overridden per authorizer. Thanks to [
|
80
|
+
- Added `Authority::Authorizer.default` class method which is called before the `default_strategy` proc and delegates to that proc. This can be overridden per authorizer. Thanks to [Kevin Moore](https://github.com/kevmoo)
|
77
81
|
|
78
82
|
## v1.0.0
|
79
83
|
|
data/README.markdown
CHANGED
@@ -397,6 +397,18 @@ class LlamasController < ApplicationController
|
|
397
397
|
end
|
398
398
|
```
|
399
399
|
|
400
|
+
If you want to authorize all actions the same way, use the special `all_actions` hash key. For instance, if you have nested resources, you might say "you're allowed to do anything you like with an employee if you're allowed to update their organization".
|
401
|
+
|
402
|
+
```ruby
|
403
|
+
class EmployeesController < ApplicationController
|
404
|
+
authorize_actions_for :parent_resource, all_actions: :update
|
405
|
+
private
|
406
|
+
def parent_resource
|
407
|
+
Employer.find(params[:employer_id])
|
408
|
+
end
|
409
|
+
end
|
410
|
+
```
|
411
|
+
|
400
412
|
Finally, you can enforce that every controller action runs an authorization check using the class method `ensure_authorization_performed`, which sets up an `after_filter` to raise an exception if it wasn't. Any `only` or `except` arguments will be passed to `after_filter`. You can also use `if` or `unless` to specify the name of a controller method which determines whether it's necessary.
|
401
413
|
|
402
414
|
Since this runs in an `after_filter`, it obviously doesn't prevent the action, it just alerts you that no authorization was performed. Therefore, it's most useful in development. An example usage might be:
|
data/lib/authority/controller.rb
CHANGED
@@ -43,7 +43,7 @@ module Authority
|
|
43
43
|
# ones and any other options applicable to a before_filter
|
44
44
|
def authorize_actions_for(resource_or_finder, options = {})
|
45
45
|
self.authority_resource = resource_or_finder
|
46
|
-
authority_actions(options
|
46
|
+
authority_actions(overridden_actions(options))
|
47
47
|
before_filter :run_authorization_check, options
|
48
48
|
end
|
49
49
|
|
@@ -51,6 +51,7 @@ module Authority
|
|
51
51
|
#
|
52
52
|
# @param [Hash] action_map - controller actions and methods, to be merged with existing action_map
|
53
53
|
def authority_actions(action_map)
|
54
|
+
authority_action_map.merge!(overridden_actions(action_map))
|
54
55
|
authority_action_map.merge!(action_map.symbolize_keys)
|
55
56
|
end
|
56
57
|
|
@@ -77,6 +78,13 @@ module Authority
|
|
77
78
|
@authority_action_map ||= Authority.configuration.controller_action_map.dup
|
78
79
|
end
|
79
80
|
|
81
|
+
def overridden_actions(options = {})
|
82
|
+
if forced_action = options.fetch(:all_actions, false)
|
83
|
+
overridden_actions = authority_action_map.inject({}) { |hash, (key, val)| hash.tap { |h| h[key] = forced_action } }
|
84
|
+
end
|
85
|
+
overridden_actions || options.fetch(:actions, {})
|
86
|
+
end
|
87
|
+
|
80
88
|
end
|
81
89
|
|
82
90
|
protected
|
@@ -118,7 +126,7 @@ module Authority
|
|
118
126
|
def instance_authority_resource
|
119
127
|
return self.class.authority_resource if self.class.authority_resource.is_a?(Class)
|
120
128
|
send(self.class.authority_resource)
|
121
|
-
rescue NoMethodError
|
129
|
+
rescue NoMethodError
|
122
130
|
raise MissingResource.new(
|
123
131
|
"Trying to authorize actions for '#{self.class.authority_resource}', but can't. \
|
124
132
|
Must be either a resource class OR the name of a controller instance method that \
|
data/lib/authority/version.rb
CHANGED
@@ -2,6 +2,7 @@ require 'spec_helper'
|
|
2
2
|
require 'support/example_classes'
|
3
3
|
require 'support/mock_rails'
|
4
4
|
require 'active_support/core_ext/proc'
|
5
|
+
require 'set'
|
5
6
|
|
6
7
|
describe Authority::Controller do
|
7
8
|
|
@@ -87,6 +88,8 @@ describe Authority::Controller do
|
|
87
88
|
|
88
89
|
describe "authorize_actions_for" do
|
89
90
|
|
91
|
+
let(:child_controller) { Class.new(controller_class) }
|
92
|
+
|
90
93
|
it "allows specifying the class of the model to protect" do
|
91
94
|
controller_class.authorize_actions_for(resource_class)
|
92
95
|
expect(controller_class.authority_resource).to eq(resource_class)
|
@@ -103,8 +106,14 @@ describe Authority::Controller do
|
|
103
106
|
controller_class.authorize_actions_for(resource_class, filter_options)
|
104
107
|
end
|
105
108
|
|
106
|
-
it "
|
107
|
-
|
109
|
+
it "if :all_actions option is given, it overrides the action hash to use the action given" do
|
110
|
+
overridden_action_map = controller_class.authority_action_map
|
111
|
+
overridden_action_map.update(overridden_action_map) {|k,v| v = :annihilate}
|
112
|
+
child_controller.should_receive(:authority_actions).with(overridden_action_map)
|
113
|
+
child_controller.authorize_actions_for(resource_class, :all_actions => :annihilate)
|
114
|
+
end
|
115
|
+
|
116
|
+
it "passes the action hash to the `authority_actions` method" do
|
108
117
|
new_actions = {:synthesize => :create, :annihilate => 'delete'}
|
109
118
|
child_controller.should_receive(:authority_actions).with(new_actions)
|
110
119
|
child_controller.authorize_actions_for(resource_class, :actions => new_actions)
|
@@ -137,7 +146,7 @@ describe Authority::Controller do
|
|
137
146
|
|
138
147
|
end
|
139
148
|
|
140
|
-
describe "
|
149
|
+
describe "authority_actions" do
|
141
150
|
|
142
151
|
it "modifies this controller's authority action map" do
|
143
152
|
new_actions = {:show => :display, :synthesize => :create, :annihilate => 'delete'}
|
@@ -147,6 +156,20 @@ describe Authority::Controller do
|
|
147
156
|
)
|
148
157
|
end
|
149
158
|
|
159
|
+
it "forces to use a single method when :all_actions option is given" do
|
160
|
+
force_actions = {:all_actions => :utilize}
|
161
|
+
controller_class.authority_actions(force_actions)
|
162
|
+
expect(controller_class.authority_action_map.values.uniq).to eq([:utilize])
|
163
|
+
end
|
164
|
+
|
165
|
+
it "can be used multiple times; each usage appends methods to authority_action_map" do
|
166
|
+
controller_class.authority_actions({:all_actions => :utilize})
|
167
|
+
controller_class.authority_actions({:synthesize => :create})
|
168
|
+
controller_class.authority_actions({:transmogrify => :update})
|
169
|
+
expect(controller_class.authority_action_map.values.uniq.to_set).to eq([:create, :update, :utilize].to_set)
|
170
|
+
expect(controller_class.authority_action_map[:synthesize]).to eq(:create)
|
171
|
+
end
|
172
|
+
|
150
173
|
it "does not modify any other controller" do
|
151
174
|
child_controller = Class.new(controller_class)
|
152
175
|
child_controller.authority_actions(:smite => 'delete')
|
@@ -155,6 +178,25 @@ describe Authority::Controller do
|
|
155
178
|
|
156
179
|
end
|
157
180
|
|
181
|
+
describe "overridden_actions" do
|
182
|
+
|
183
|
+
it "overrides authority action map if option :all_actions is present" do
|
184
|
+
options = { :all_actions => :display, :actions => {:show => :display, :synthesize => :create} }
|
185
|
+
expect(controller_class.overridden_actions(options).values.uniq).to eq([:display])
|
186
|
+
end
|
187
|
+
|
188
|
+
it "returns :actions hash if option :all_actions is not present" do
|
189
|
+
options = { :actions => {:show => :display, :synthesize => :create, :annihilate => 'delete'} }
|
190
|
+
expect(controller_class.overridden_actions(options)).to eq(options[:actions])
|
191
|
+
end
|
192
|
+
|
193
|
+
it "returns an empty hash if no :all_actions nor :actions options present" do
|
194
|
+
options = { :show => :display, :synthesize => :create, :annihilate => 'delete' }
|
195
|
+
expect(controller_class.overridden_actions(options)).to eq({})
|
196
|
+
end
|
197
|
+
|
198
|
+
end
|
199
|
+
|
158
200
|
describe "ensure_authorization_performed" do
|
159
201
|
|
160
202
|
let(:controller_instance) { controller_class.new }
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authority
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.9.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nathan Long
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-10-03 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|