authorize_if 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +21 -0
- data/README.md +200 -0
- data/Rakefile +34 -0
- data/lib/authorize_if.rb +138 -0
- data/lib/authorize_if/version.rb +3 -0
- data/lib/tasks/authorize_if_tasks.rake +4 -0
- data/test/dummy/README.rdoc +28 -0
- data/test/dummy/Rakefile +6 -0
- data/test/dummy/app/assets/javascripts/application.js +13 -0
- data/test/dummy/app/assets/stylesheets/application.css +15 -0
- data/test/dummy/app/controllers/application_controller.rb +9 -0
- data/test/dummy/app/controllers/articles_controller.rb +27 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +4 -0
- data/test/dummy/bin/rake +4 -0
- data/test/dummy/bin/setup +29 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +13 -0
- data/test/dummy/config/boot.rb +5 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +35 -0
- data/test/dummy/config/environments/production.rb +72 -0
- data/test/dummy/config/environments/test.rb +37 -0
- data/test/dummy/config/initializers/assets.rb +11 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +16 -0
- data/test/dummy/config/initializers/mime_types.rb +4 -0
- data/test/dummy/config/initializers/session_store.rb +3 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +9 -0
- data/test/dummy/config/locales/en.yml +23 -0
- data/test/dummy/config/routes.rb +3 -0
- data/test/dummy/config/secrets.yml +22 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/test.log +1784 -0
- data/test/dummy/public/404.html +67 -0
- data/test/dummy/public/422.html +67 -0
- data/test/dummy/public/500.html +66 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/integration/authorize_if_integration_test.rb +41 -0
- data/test/test_helper.rb +19 -0
- data/test/unit/authorize_if_unit_test.rb +113 -0
- metadata +170 -0
data/test/dummy/Rakefile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// compiled file.
|
9
|
+
//
|
10
|
+
// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
|
11
|
+
// about supported directives.
|
12
|
+
//
|
13
|
+
//= require_tree .
|
@@ -0,0 +1,15 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the bottom of the
|
9
|
+
* compiled file so the styles you add here take precedence over styles defined in any styles
|
10
|
+
* defined in the other CSS/SCSS files in this directory. It is generally better to create a new
|
11
|
+
* file per style scope.
|
12
|
+
*
|
13
|
+
*= require_tree .
|
14
|
+
*= require_self
|
15
|
+
*/
|
@@ -0,0 +1,9 @@
|
|
1
|
+
class ApplicationController < ActionController::Base
|
2
|
+
# Prevent CSRF attacks by raising an exception.
|
3
|
+
# For APIs, you may want to use :null_session instead.
|
4
|
+
protect_from_forgery with: :exception
|
5
|
+
|
6
|
+
rescue_from "AuthorizeIf::NotAuthorizedError" do |exception|
|
7
|
+
render text: exception.message, status: 403
|
8
|
+
end
|
9
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
class ArticlesController < ApplicationController
|
2
|
+
def index
|
3
|
+
authorize_if(params[:authorized]) do |config|
|
4
|
+
config.error_message = params[:error_message]
|
5
|
+
end
|
6
|
+
|
7
|
+
head 200
|
8
|
+
end
|
9
|
+
|
10
|
+
def show
|
11
|
+
authorize do |config|
|
12
|
+
config.error_message = params[:error_message]
|
13
|
+
end
|
14
|
+
|
15
|
+
head 200
|
16
|
+
end
|
17
|
+
|
18
|
+
def edit
|
19
|
+
authorize
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
def authorize_show?
|
25
|
+
params[:authorized]
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>Dummy</title>
|
5
|
+
<%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %>
|
6
|
+
<%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
|
7
|
+
<%= csrf_meta_tags %>
|
8
|
+
</head>
|
9
|
+
<body>
|
10
|
+
|
11
|
+
<%= yield %>
|
12
|
+
|
13
|
+
</body>
|
14
|
+
</html>
|
data/test/dummy/bin/rake
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'pathname'
|
3
|
+
|
4
|
+
# path to your application root.
|
5
|
+
APP_ROOT = Pathname.new File.expand_path('../../', __FILE__)
|
6
|
+
|
7
|
+
Dir.chdir APP_ROOT do
|
8
|
+
# This script is a starting point to setup your application.
|
9
|
+
# Add necessary setup steps to this file:
|
10
|
+
|
11
|
+
puts "== Installing dependencies =="
|
12
|
+
system "gem install bundler --conservative"
|
13
|
+
system "bundle check || bundle install"
|
14
|
+
|
15
|
+
# puts "\n== Copying sample files =="
|
16
|
+
# unless File.exist?("config/database.yml")
|
17
|
+
# system "cp config/database.yml.sample config/database.yml"
|
18
|
+
# end
|
19
|
+
|
20
|
+
puts "\n== Preparing database =="
|
21
|
+
system "bin/rake db:setup"
|
22
|
+
|
23
|
+
puts "\n== Removing old logs and tempfiles =="
|
24
|
+
system "rm -f log/*"
|
25
|
+
system "rm -rf tmp/cache"
|
26
|
+
|
27
|
+
puts "\n== Restarting application server =="
|
28
|
+
system "touch tmp/restart.txt"
|
29
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require File.expand_path('../boot', __FILE__)
|
2
|
+
|
3
|
+
require "action_controller/railtie"
|
4
|
+
require "rails/test_unit/railtie"
|
5
|
+
|
6
|
+
Bundler.require(*Rails.groups)
|
7
|
+
require "authorize_if"
|
8
|
+
|
9
|
+
module Dummy
|
10
|
+
class Application < Rails::Application
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
@@ -0,0 +1,35 @@
|
|
1
|
+
Rails.application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
3
|
+
|
4
|
+
# In the development environment your application's code is reloaded on
|
5
|
+
# every request. This slows down response time but is perfect for development
|
6
|
+
# since you don't have to restart the web server when you make code changes.
|
7
|
+
config.cache_classes = false
|
8
|
+
|
9
|
+
# Do not eager load code on boot.
|
10
|
+
config.eager_load = false
|
11
|
+
|
12
|
+
# Show full error reports and disable caching.
|
13
|
+
config.consider_all_requests_local = true
|
14
|
+
config.action_controller.perform_caching = false
|
15
|
+
|
16
|
+
# Print deprecation notices to the Rails logger.
|
17
|
+
config.active_support.deprecation = :log
|
18
|
+
|
19
|
+
# Debug mode disables concatenation and preprocessing of assets.
|
20
|
+
# This option may cause significant delays in view rendering with a large
|
21
|
+
# number of complex assets.
|
22
|
+
config.assets.debug = true
|
23
|
+
|
24
|
+
# Asset digests allow you to set far-future HTTP expiration dates on all assets,
|
25
|
+
# yet still be able to expire them through the digest params.
|
26
|
+
config.assets.digest = true
|
27
|
+
|
28
|
+
# Adds additional error checking when serving assets at runtime.
|
29
|
+
# Checks for improperly declared sprockets dependencies.
|
30
|
+
# Raises helpful error messages.
|
31
|
+
config.assets.raise_runtime_errors = true
|
32
|
+
|
33
|
+
# Raises error for missing translations
|
34
|
+
# config.action_view.raise_on_missing_translations = true
|
35
|
+
end
|
@@ -0,0 +1,72 @@
|
|
1
|
+
Rails.application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
3
|
+
|
4
|
+
# Code is not reloaded between requests.
|
5
|
+
config.cache_classes = true
|
6
|
+
|
7
|
+
# Eager load code on boot. This eager loads most of Rails and
|
8
|
+
# your application in memory, allowing both threaded web servers
|
9
|
+
# and those relying on copy on write to perform better.
|
10
|
+
# Rake tasks automatically ignore this option for performance.
|
11
|
+
config.eager_load = true
|
12
|
+
|
13
|
+
# Full error reports are disabled and caching is turned on.
|
14
|
+
config.consider_all_requests_local = false
|
15
|
+
config.action_controller.perform_caching = true
|
16
|
+
|
17
|
+
# Enable Rack::Cache to put a simple HTTP cache in front of your application
|
18
|
+
# Add `rack-cache` to your Gemfile before enabling this.
|
19
|
+
# For large-scale production use, consider using a caching reverse proxy like
|
20
|
+
# NGINX, varnish or squid.
|
21
|
+
# config.action_dispatch.rack_cache = true
|
22
|
+
|
23
|
+
# Disable serving static files from the `/public` folder by default since
|
24
|
+
# Apache or NGINX already handles this.
|
25
|
+
config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'].present?
|
26
|
+
|
27
|
+
# Compress JavaScripts and CSS.
|
28
|
+
config.assets.js_compressor = :uglifier
|
29
|
+
# config.assets.css_compressor = :sass
|
30
|
+
|
31
|
+
# Do not fallback to assets pipeline if a precompiled asset is missed.
|
32
|
+
config.assets.compile = false
|
33
|
+
|
34
|
+
# Asset digests allow you to set far-future HTTP expiration dates on all assets,
|
35
|
+
# yet still be able to expire them through the digest params.
|
36
|
+
config.assets.digest = true
|
37
|
+
|
38
|
+
# `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
|
39
|
+
|
40
|
+
# Specifies the header that your server uses for sending files.
|
41
|
+
# config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
|
42
|
+
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
|
43
|
+
|
44
|
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
|
45
|
+
# config.force_ssl = true
|
46
|
+
|
47
|
+
# Use the lowest log level to ensure availability of diagnostic information
|
48
|
+
# when problems arise.
|
49
|
+
config.log_level = :debug
|
50
|
+
|
51
|
+
# Prepend all log lines with the following tags.
|
52
|
+
# config.log_tags = [ :subdomain, :uuid ]
|
53
|
+
|
54
|
+
# Use a different logger for distributed setups.
|
55
|
+
# config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
|
56
|
+
|
57
|
+
# Use a different cache store in production.
|
58
|
+
# config.cache_store = :mem_cache_store
|
59
|
+
|
60
|
+
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
|
61
|
+
# config.action_controller.asset_host = 'http://assets.example.com'
|
62
|
+
|
63
|
+
# Enable locale fallbacks for I18n (makes lookups for any locale fall back to
|
64
|
+
# the I18n.default_locale when a translation cannot be found).
|
65
|
+
config.i18n.fallbacks = true
|
66
|
+
|
67
|
+
# Send deprecation notices to registered listeners.
|
68
|
+
config.active_support.deprecation = :notify
|
69
|
+
|
70
|
+
# Use default logging formatter so that PID and timestamp are not suppressed.
|
71
|
+
config.log_formatter = ::Logger::Formatter.new
|
72
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
Rails.application.configure do
|
2
|
+
# Settings specified here will take precedence over those in config/application.rb.
|
3
|
+
|
4
|
+
# The test environment is used exclusively to run your application's
|
5
|
+
# test suite. You never need to work with it otherwise. Remember that
|
6
|
+
# your test database is "scratch space" for the test suite and is wiped
|
7
|
+
# and recreated between test runs. Don't rely on the data there!
|
8
|
+
config.cache_classes = true
|
9
|
+
|
10
|
+
# Do not eager load code on boot. This avoids loading your whole application
|
11
|
+
# just for the purpose of running a single test. If you are using a tool that
|
12
|
+
# preloads Rails for running tests, you may have to set it to true.
|
13
|
+
config.eager_load = false
|
14
|
+
|
15
|
+
# Configure static file server for tests with Cache-Control for performance.
|
16
|
+
config.serve_static_files = true
|
17
|
+
config.static_cache_control = 'public, max-age=3600'
|
18
|
+
|
19
|
+
# Show full error reports and disable caching.
|
20
|
+
config.consider_all_requests_local = true
|
21
|
+
config.action_controller.perform_caching = false
|
22
|
+
|
23
|
+
# Raise exceptions instead of rendering exception templates.
|
24
|
+
config.action_dispatch.show_exceptions = true
|
25
|
+
|
26
|
+
# Disable request forgery protection in test environment.
|
27
|
+
config.action_controller.allow_forgery_protection = false
|
28
|
+
|
29
|
+
# Randomize the order test cases are executed.
|
30
|
+
config.active_support.test_order = :random
|
31
|
+
|
32
|
+
# Print deprecation notices to the stderr.
|
33
|
+
config.active_support.deprecation = :stderr
|
34
|
+
|
35
|
+
# Raises error for missing translations
|
36
|
+
# config.action_view.raise_on_missing_translations = true
|
37
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Version of your assets, change this if you want to expire all your assets.
|
4
|
+
Rails.application.config.assets.version = '1.0'
|
5
|
+
|
6
|
+
# Add additional assets to the asset load path
|
7
|
+
# Rails.application.config.assets.paths << Emoji.images_path
|
8
|
+
|
9
|
+
# Precompile additional assets.
|
10
|
+
# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
|
11
|
+
# Rails.application.config.assets.precompile += %w( search.js )
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
+
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
+
|
6
|
+
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
7
|
+
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Add new inflection rules using the following format. Inflections
|
4
|
+
# are locale specific, and you may define rules for as many different
|
5
|
+
# locales as you wish. All of these examples are active by default:
|
6
|
+
# ActiveSupport::Inflector.inflections(:en) do |inflect|
|
7
|
+
# inflect.plural /^(ox)$/i, '\1en'
|
8
|
+
# inflect.singular /^(ox)en/i, '\1'
|
9
|
+
# inflect.irregular 'person', 'people'
|
10
|
+
# inflect.uncountable %w( fish sheep )
|
11
|
+
# end
|
12
|
+
|
13
|
+
# These inflection rules are supported but not enabled by default:
|
14
|
+
# ActiveSupport::Inflector.inflections(:en) do |inflect|
|
15
|
+
# inflect.acronym 'RESTful'
|
16
|
+
# end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# This file contains settings for ActionController::ParamsWrapper which
|
4
|
+
# is enabled by default.
|
5
|
+
|
6
|
+
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
7
|
+
ActiveSupport.on_load(:action_controller) do
|
8
|
+
wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
|
9
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# Files in the config/locales directory are used for internationalization
|
2
|
+
# and are automatically loaded by Rails. If you want to use locales other
|
3
|
+
# than English, add the necessary files in this directory.
|
4
|
+
#
|
5
|
+
# To use the locales, use `I18n.t`:
|
6
|
+
#
|
7
|
+
# I18n.t 'hello'
|
8
|
+
#
|
9
|
+
# In views, this is aliased to just `t`:
|
10
|
+
#
|
11
|
+
# <%= t('hello') %>
|
12
|
+
#
|
13
|
+
# To use a different locale, set it with `I18n.locale`:
|
14
|
+
#
|
15
|
+
# I18n.locale = :es
|
16
|
+
#
|
17
|
+
# This would use the information in config/locales/es.yml.
|
18
|
+
#
|
19
|
+
# To learn more, please read the Rails Internationalization guide
|
20
|
+
# available at http://guides.rubyonrails.org/i18n.html.
|
21
|
+
|
22
|
+
en:
|
23
|
+
hello: "Hello world"
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key is used for verifying the integrity of signed cookies.
|
4
|
+
# If you change this key, all old signed cookies will become invalid!
|
5
|
+
|
6
|
+
# Make sure the secret is at least 30 characters and all random,
|
7
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
8
|
+
# You can use `rake secret` to generate a secure secret key.
|
9
|
+
|
10
|
+
# Make sure the secrets in this file are kept private
|
11
|
+
# if you're sharing your code publicly.
|
12
|
+
|
13
|
+
development:
|
14
|
+
secret_key_base: 97455e94fb3a9e97b955e3385a3fa3c993963f5c8e506c1279ec4fd8eae5074814828622918f838963f14b881e6d6bcf6c31253403141ef74c56c64480600ad5
|
15
|
+
|
16
|
+
test:
|
17
|
+
secret_key_base: f797da3385d588c6240d702479094ee13eaf0c79df017f00b9c4f3d82674a6f2bed019354a79d2580db5fcb72c6e3afe8453bc278c708c2fa5a3a829dcdc9671
|
18
|
+
|
19
|
+
# Do not keep production secrets in the repository,
|
20
|
+
# instead read values from the environment.
|
21
|
+
production:
|
22
|
+
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
|