authorize_rbac 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/authorize_rbac.rb +64 -0
- data/lib/authorize_rbac/authorize_rbac_methods.rb +24 -0
- data/lib/authorize_rbac/configuration.rb +39 -0
- data/lib/authorize_rbac/version.rb +3 -0
- data/lib/generators/authorize_rbac/USAGE +44 -0
- data/lib/generators/authorize_rbac/authorize_rbac_generator.rb +61 -0
- data/lib/generators/authorize_rbac/templates/initializer.rb +5 -0
- metadata +108 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 37f104963cfd49645af2755dc226ce87d81c21dc
|
4
|
+
data.tar.gz: a0c10f66541a762c607b414e99b24a6286b17427
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 358b211fde4f2f55a1b9129c2e68eeb823f64cfea8668bc8918cdb5590d30ce3f49025a99044961f56ff54d0a6697f3f4624e5e8a1b810a69cf8b17c49dd0a36
|
7
|
+
data.tar.gz: bff086372e0feb28a0c951b0466da5ca04a15bbb9ce3410ced04822cbb9dd14454ffcefe278c11f63c8a56fe5f1cbf505cd0c3e9bc9dafec6294c4ef275e1e50
|
@@ -0,0 +1,64 @@
|
|
1
|
+
require "authorize_rbac/version"
|
2
|
+
require "authorize_rbac/authorize_rbac_methods"
|
3
|
+
require "authorize_rbac/configuration"
|
4
|
+
require 'rails'
|
5
|
+
|
6
|
+
module AuthorizeRbac
|
7
|
+
def self.included(base)
|
8
|
+
base.extend(AuthorizeRbacMethods)
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.configuration
|
12
|
+
@configration ||= Configuration.new
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.configure
|
16
|
+
yield(configuration)
|
17
|
+
end
|
18
|
+
|
19
|
+
def authorization_filter
|
20
|
+
if access_allowed?
|
21
|
+
logger.debug "Authorized to access #{request.original_url}, User: #{auth_user.user_name} (role: #{user_role})"
|
22
|
+
return true
|
23
|
+
else
|
24
|
+
logger.info "#{auth_user.user_name} (role: #{user_role}) attempted to access\
|
25
|
+
#{self.class}##{action_name} without the proper permissions."
|
26
|
+
flash[:notice] = "Not authorized to access #{request.original_url}!"
|
27
|
+
redirect_to :controller => AuthorizeRbac.configuration.default_controller , :action => AuthorizeRbac.configuration.default_action
|
28
|
+
return false
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def user_role
|
33
|
+
auth_user.role.nil? ? "user" : auth_user.role.name.to_s
|
34
|
+
end
|
35
|
+
|
36
|
+
def action_roles
|
37
|
+
self.class.rbac[action_name]
|
38
|
+
end
|
39
|
+
|
40
|
+
def action_name
|
41
|
+
request.parameters[:action].to_sym
|
42
|
+
end
|
43
|
+
|
44
|
+
def access_allowed?
|
45
|
+
return true if action_roles.nil?
|
46
|
+
|
47
|
+
allowed_from_source = action_roles.include? user_role.to_sym
|
48
|
+
allowed_from_db = user_permissions.include?(permission_name(self.class, action_name))
|
49
|
+
|
50
|
+
allowed_from_source || allowed_from_db
|
51
|
+
end
|
52
|
+
|
53
|
+
def permission_name(cotroller, action)
|
54
|
+
"#{cotroller.to_s.chomp("Controller").downcase}_#{action}"
|
55
|
+
end
|
56
|
+
|
57
|
+
def auth_user
|
58
|
+
self.send(AuthorizeRbac.configuration.current_user_method)
|
59
|
+
end
|
60
|
+
|
61
|
+
def user_permissions
|
62
|
+
auth_user.role.permissions
|
63
|
+
end
|
64
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module AuthorizeRbac
|
2
|
+
module AuthorizeRbacMethods
|
3
|
+
def self.extended(base)
|
4
|
+
class <<base
|
5
|
+
@rbac = {}
|
6
|
+
attr_reader :rbac
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
def roles(*roles)
|
11
|
+
@roles = roles
|
12
|
+
end
|
13
|
+
|
14
|
+
def method_added(method)
|
15
|
+
return if private_method_defined? method
|
16
|
+
access_list[method] = @roles
|
17
|
+
@roles = nil
|
18
|
+
end
|
19
|
+
|
20
|
+
def access_list
|
21
|
+
@rbac ||= {}
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module AuthorizeRbac
|
2
|
+
class Configuration
|
3
|
+
|
4
|
+
CONFIG_KEYS = [
|
5
|
+
:current_user_method,
|
6
|
+
:default_controller,
|
7
|
+
:default_action
|
8
|
+
]
|
9
|
+
|
10
|
+
def initialize
|
11
|
+
@configs = {}
|
12
|
+
end
|
13
|
+
|
14
|
+
def []=(key, value)
|
15
|
+
raise InvalidKey, key unless CONFIG_KEYS.include?(key)
|
16
|
+
|
17
|
+
@configs[key] = value
|
18
|
+
end
|
19
|
+
|
20
|
+
def [](key)
|
21
|
+
@configs[key]
|
22
|
+
end
|
23
|
+
|
24
|
+
CONFIG_KEYS.each do |config_key|
|
25
|
+
define_method(config_key) do
|
26
|
+
@configs[config_key]
|
27
|
+
end
|
28
|
+
define_method("#{config_key}=") do |value|
|
29
|
+
@configs[config_key] = value
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
class InvalidKey < StandardError
|
34
|
+
def initialize(key)
|
35
|
+
super("Configuration option '#{key.inspect}' is not a valid key")
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
Description:
|
2
|
+
Explain the generator
|
3
|
+
|
4
|
+
Command:
|
5
|
+
rails generate authorize_rbac install
|
6
|
+
|
7
|
+
This will:
|
8
|
+
- Role Role Model and database migration.
|
9
|
+
- Create AddRoleToUsers database migration.
|
10
|
+
- Add the following lines to the ApplicationController
|
11
|
+
```
|
12
|
+
include AuthorizeRbac
|
13
|
+
before_action :authorization_filter, except: [ :logout ]
|
14
|
+
```
|
15
|
+
|
16
|
+
Command:
|
17
|
+
rails generate authorize_rbac user_migrate
|
18
|
+
|
19
|
+
This will:
|
20
|
+
- Create AddRoleToUsers database migration.
|
21
|
+
|
22
|
+
Command:
|
23
|
+
rails generate authorize_rbac role_migrate
|
24
|
+
|
25
|
+
This will:
|
26
|
+
- Role Role Model and database migration.
|
27
|
+
|
28
|
+
Command:
|
29
|
+
rails generate authorize_rbac update_application_controller
|
30
|
+
|
31
|
+
This will:
|
32
|
+
- Add the following lines to the ApplicationController
|
33
|
+
```
|
34
|
+
include AuthorizeRbac
|
35
|
+
before_action :authorization_filter, except: [ :logout ]
|
36
|
+
```
|
37
|
+
Command:
|
38
|
+
rails generate authorize_rbac update_user_model
|
39
|
+
|
40
|
+
This will:
|
41
|
+
- Add the following lines to the User Model
|
42
|
+
```
|
43
|
+
belongs_to :role
|
44
|
+
```
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'rails/generators'
|
2
|
+
module AuthorizeRbac
|
3
|
+
class AuthorizeRbacGenerator < Rails::Generators::NamedBase
|
4
|
+
source_root File.expand_path('../', __FILE__)
|
5
|
+
ACTIONS = %w(intall user_migrate role_migrate update_application_controller update_user_model initializer help).freeze
|
6
|
+
def generate_controllers
|
7
|
+
ACTIONS.include?(action_name) ? self.send(action_name) : help
|
8
|
+
end
|
9
|
+
|
10
|
+
private
|
11
|
+
def action_name
|
12
|
+
name.to_s.downcase
|
13
|
+
end
|
14
|
+
|
15
|
+
def install
|
16
|
+
user_migrate
|
17
|
+
role_migrate
|
18
|
+
update_application_controller
|
19
|
+
update_user_model
|
20
|
+
end
|
21
|
+
|
22
|
+
def initializer
|
23
|
+
copy_file "#{AuthorizeRbacGenerator.source_root}/templates/initializer.rb", "config/initializers/authorize_rbac.rb"
|
24
|
+
end
|
25
|
+
|
26
|
+
def user_migrate
|
27
|
+
generate "migration", "AddRoleToUsers role:references"
|
28
|
+
end
|
29
|
+
|
30
|
+
def role_migrate
|
31
|
+
generate "model", "Role name:string permissions:text"
|
32
|
+
update_role_model
|
33
|
+
end
|
34
|
+
|
35
|
+
def update_application_controller
|
36
|
+
inject_into_file 'app/controllers/application_controller.rb',
|
37
|
+
" include AuthorizeRbac\n",
|
38
|
+
after: "class ApplicationController < ActionController::Base\n"
|
39
|
+
|
40
|
+
inject_into_file 'app/controllers/application_controller.rb',
|
41
|
+
" before_action :authorization_filter, except: [ :logout ]\n",
|
42
|
+
after: "protect_from_forgery with: :exception\n"
|
43
|
+
end
|
44
|
+
|
45
|
+
def update_user_model
|
46
|
+
inject_into_file 'app/models/user.rb',
|
47
|
+
" belongs_to :role\n",
|
48
|
+
after: "class User < ActiveRecord::Base\n"
|
49
|
+
end
|
50
|
+
|
51
|
+
def update_role_model
|
52
|
+
inject_into_file 'app/models/role.rb',
|
53
|
+
" serialize :permissions, JSON\n",
|
54
|
+
after: "class Role < ApplicationRecord\n"
|
55
|
+
end
|
56
|
+
|
57
|
+
def help
|
58
|
+
puts File.read "#{AuthorizeRbacGenerator.source_root}/USAGE"
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
metadata
ADDED
@@ -0,0 +1,108 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: authorize_rbac
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Al-waleed shihadeh
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-09-24 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.13'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.13'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rails
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '5.0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '5.0'
|
69
|
+
description: Rule Based Access Control gem for Ruby on Rails applications
|
70
|
+
email:
|
71
|
+
- wshihadh@gmail.com
|
72
|
+
executables: []
|
73
|
+
extensions: []
|
74
|
+
extra_rdoc_files: []
|
75
|
+
files:
|
76
|
+
- lib/authorize_rbac.rb
|
77
|
+
- lib/authorize_rbac/authorize_rbac_methods.rb
|
78
|
+
- lib/authorize_rbac/configuration.rb
|
79
|
+
- lib/authorize_rbac/version.rb
|
80
|
+
- lib/generators/authorize_rbac/USAGE
|
81
|
+
- lib/generators/authorize_rbac/authorize_rbac_generator.rb
|
82
|
+
- lib/generators/authorize_rbac/templates/initializer.rb
|
83
|
+
homepage: https://github.com/wshihadeh/authorize_rbac
|
84
|
+
licenses:
|
85
|
+
- MIT
|
86
|
+
metadata:
|
87
|
+
allowed_push_host: https://rubygems.org
|
88
|
+
post_install_message:
|
89
|
+
rdoc_options: []
|
90
|
+
require_paths:
|
91
|
+
- lib
|
92
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
98
|
+
requirements:
|
99
|
+
- - ">="
|
100
|
+
- !ruby/object:Gem::Version
|
101
|
+
version: '0'
|
102
|
+
requirements: []
|
103
|
+
rubyforge_project:
|
104
|
+
rubygems_version: 2.5.1
|
105
|
+
signing_key:
|
106
|
+
specification_version: 4
|
107
|
+
summary: Rule Based Access Control gem for Ruby on Rails
|
108
|
+
test_files: []
|