authority 3.2.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +23 -2
- data/CHANGELOG.markdown +3 -2
- data/README.markdown +6 -1
- data/gemfiles/3.2.gemfile +6 -0
- data/gemfiles/4.0.gemfile +10 -0
- data/gemfiles/4.1.gemfile +10 -0
- data/gemfiles/4.2.gemfile +10 -0
- data/lib/authority/controller.rb +10 -4
- data/lib/authority/version.rb +1 -1
- data/spec/authority/controller_spec.rb +31 -0
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6807a134d4eaf6379becb0f913924baa5f03e396
|
|
4
|
+
data.tar.gz: 2cf81ed57c186516dd26a6bfc63394e1b0784400
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7f09a2d8e2bbf1107fcbb641fc3449073312ddf869f2d0ab4eed34c0a2d407a932e9160db59bacf7dd25a7cc66742227595a974d2aaab1b5f1db4443e37c4786
|
|
7
|
+
data.tar.gz: d51cf95c7d1c6353faa3843194a1824ace890c38125f2b9c08b0ee7bf9cb3e4a127478c507669b9df2b25c41892dcd183f4644da833cc7fc233a4c3e434bd4ca
|
data/.travis.yml
CHANGED
|
@@ -1,6 +1,27 @@
|
|
|
1
1
|
language: ruby
|
|
2
2
|
rvm:
|
|
3
|
-
-
|
|
3
|
+
- 1.9.3
|
|
4
|
+
- 2.0
|
|
5
|
+
- 2.1
|
|
6
|
+
- 2.2
|
|
7
|
+
- jruby-19mode # JRuby in 1.9 mode
|
|
8
|
+
# - rbx-2
|
|
9
|
+
|
|
10
|
+
before_install:
|
|
11
|
+
- gem update bundler && bundle --version
|
|
4
12
|
|
|
5
13
|
gemfile:
|
|
6
|
-
- gemfiles/
|
|
14
|
+
- gemfiles/3.2.gemfile
|
|
15
|
+
- gemfiles/4.0.gemfile
|
|
16
|
+
- gemfiles/4.1.gemfile
|
|
17
|
+
- gemfiles/4.2.gemfile
|
|
18
|
+
|
|
19
|
+
matrix:
|
|
20
|
+
exclude:
|
|
21
|
+
- rvm: rbx
|
|
22
|
+
gemfile: gemfiles/4.0.gemfile
|
|
23
|
+
include:
|
|
24
|
+
- rvm: 2.2.2
|
|
25
|
+
gemfile: gemfiles/5.0.gemfile
|
|
26
|
+
- rvm: 2.3.1
|
|
27
|
+
gemfile: gemfiles/5.0.gemfile
|
data/CHANGELOG.markdown
CHANGED
|
@@ -2,9 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
Authority does its best to use [semantic versioning](http://semver.org).
|
|
4
4
|
|
|
5
|
-
##
|
|
5
|
+
## 3.2.1
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
- Allow supplying extra arguments to authorizers in `authorize_actions_for` via the `:args` parameter.
|
|
8
|
+
- Resume CI testing against multiple versions of Ruby and Rails, thanks to [Douglas Teoh's work](https://github.com/nathanl/authority/pull/112).
|
|
8
9
|
|
|
9
10
|
## 3.2.0
|
|
10
11
|
|
data/README.markdown
CHANGED
|
@@ -370,7 +370,12 @@ class LlamasController < ApplicationController
|
|
|
370
370
|
end
|
|
371
371
|
```
|
|
372
372
|
|
|
373
|
-
|
|
373
|
+
You can pass extra arguments to your authorization checks in these controller helpers:
|
|
374
|
+
|
|
375
|
+
- `authorize_actions_for(Llama, args: [{:mamma => true}]`
|
|
376
|
+
- `authorize_action_for(@llama, :sporting => @hat_style)`
|
|
377
|
+
|
|
378
|
+
Generally, though, your authorization will depend on some attribute or association of the model instance, so the authorizer can check `@llama.neck_strength` and `@llama.owner.nationality`, etc, without needing any additional information.
|
|
374
379
|
|
|
375
380
|
Note that you can also call `authority_actions` as many times as you like, so you can specify one mapping at a time if you prefer:
|
|
376
381
|
|
data/lib/authority/controller.rb
CHANGED
|
@@ -15,7 +15,8 @@ module Authority
|
|
|
15
15
|
|
|
16
16
|
included do
|
|
17
17
|
rescue_from(Authority::SecurityViolation, :with => Authority::Controller.security_violation_callback)
|
|
18
|
-
class_attribute :authority_resource,
|
|
18
|
+
class_attribute :authority_resource, :instance_reader => false
|
|
19
|
+
class_attribute :authority_arguments, :instance_writer => false
|
|
19
20
|
end
|
|
20
21
|
|
|
21
22
|
attr_writer :authorization_performed
|
|
@@ -40,11 +41,16 @@ module Authority
|
|
|
40
41
|
# determine that class when the request is made
|
|
41
42
|
# @param [Hash] options - can contain :actions to
|
|
42
43
|
# be merged with existing
|
|
43
|
-
# ones and any other options applicable to a before_filter
|
|
44
|
+
# ones and any other options applicable to a before_filter,
|
|
45
|
+
# and can contain an array of :opts to pass to the authorizer
|
|
44
46
|
def authorize_actions_for(resource_or_finder, options = {})
|
|
45
47
|
self.authority_resource = resource_or_finder
|
|
46
48
|
add_actions(options.fetch(:actions, {}))
|
|
47
49
|
force_action(options[:all_actions]) if options[:all_actions]
|
|
50
|
+
|
|
51
|
+
# Capture custom authorization options
|
|
52
|
+
self.authority_arguments = options.delete(:args)
|
|
53
|
+
|
|
48
54
|
if respond_to? :before_action
|
|
49
55
|
before_action :run_authorization_check, options
|
|
50
56
|
else
|
|
@@ -139,11 +145,11 @@ module Authority
|
|
|
139
145
|
def run_authorization_check
|
|
140
146
|
if instance_authority_resource.is_a?(Array)
|
|
141
147
|
# Array includes options; pass as separate args
|
|
142
|
-
authorize_action_for(*instance_authority_resource)
|
|
148
|
+
authorize_action_for(*instance_authority_resource, *authority_arguments)
|
|
143
149
|
else
|
|
144
150
|
# *resource would be interpreted as resource.to_a, which is wrong and
|
|
145
151
|
# actually triggers a query if it's a Sequel model
|
|
146
|
-
authorize_action_for(instance_authority_resource)
|
|
152
|
+
authorize_action_for(instance_authority_resource, *authority_arguments)
|
|
147
153
|
end
|
|
148
154
|
end
|
|
149
155
|
|
data/lib/authority/version.rb
CHANGED
|
@@ -138,6 +138,16 @@ describe Authority::Controller do
|
|
|
138
138
|
expect(child_controller.authority_action_map).to eq(updated_map)
|
|
139
139
|
end
|
|
140
140
|
|
|
141
|
+
it "if :opts option is given, it extracts extra options for the authorization check" do
|
|
142
|
+
controller_class.authorize_actions_for(resource_class, :args => [:foo, :bar])
|
|
143
|
+
expect(controller_class.authority_arguments).to eq([:foo, :bar])
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
it "if :opts option wasn't given, no extra options are set" do
|
|
147
|
+
controller_class.authorize_actions_for(resource_class)
|
|
148
|
+
expect(controller_class.authority_arguments?).not_to be true
|
|
149
|
+
end
|
|
150
|
+
|
|
141
151
|
end
|
|
142
152
|
|
|
143
153
|
describe "authority_resource" do
|
|
@@ -282,6 +292,27 @@ describe Authority::Controller do
|
|
|
282
292
|
|
|
283
293
|
end
|
|
284
294
|
|
|
295
|
+
context "if extra opts were specified" do
|
|
296
|
+
|
|
297
|
+
let(:resource_class) { Hash }
|
|
298
|
+
let(:controller_class) do
|
|
299
|
+
Class.new(ExampleController).tap do |c|
|
|
300
|
+
c.send(:include, Authority::Controller)
|
|
301
|
+
c.authorize_actions_for(:method_to_find_class, args: [:extra, :args])
|
|
302
|
+
end
|
|
303
|
+
end
|
|
304
|
+
|
|
305
|
+
before :each do
|
|
306
|
+
allow(controller_instance).to receive(:method_to_find_class).and_return(resource_class)
|
|
307
|
+
end
|
|
308
|
+
|
|
309
|
+
it "uses extra args in authorization check" do
|
|
310
|
+
expect(controller_instance).to receive(:authorize_action_for).with(resource_class, :extra, :args)
|
|
311
|
+
controller_instance.send(:run_authorization_check)
|
|
312
|
+
end
|
|
313
|
+
|
|
314
|
+
end
|
|
315
|
+
|
|
285
316
|
context "if a method for determining the class was specified" do
|
|
286
317
|
|
|
287
318
|
let(:resource_class) { Hash }
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authority
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Long
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-
|
|
12
|
+
date: 2016-10-05 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
@@ -75,6 +75,10 @@ files:
|
|
|
75
75
|
- Rakefile
|
|
76
76
|
- TODO.markdown
|
|
77
77
|
- authority.gemspec
|
|
78
|
+
- gemfiles/3.2.gemfile
|
|
79
|
+
- gemfiles/4.0.gemfile
|
|
80
|
+
- gemfiles/4.1.gemfile
|
|
81
|
+
- gemfiles/4.2.gemfile
|
|
78
82
|
- gemfiles/5.0.gemfile
|
|
79
83
|
- lib/authority.rb
|
|
80
84
|
- lib/authority/abilities.rb
|