authorized_persona 0.1.0 → 0.9.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4c94ee11ec5cc61e600479f513dbd1977768ff146b61ec18ae34f34aeaa2e223
4
- data.tar.gz: 687dde9d36b005ab6a8b8d08e6b40ea7349819d765fb93c1cd4c06fb568dfc5d
3
+ metadata.gz: 3072dc5f8b435349401f93116e4b0b7e3b7186f575edc9b8445d8cb57b0dff5a
4
+ data.tar.gz: b667896c39b2f9707949556f27bbaf38da5c98c59e0bdd2ef7fe201eb078f6b4
5
5
  SHA512:
6
- metadata.gz: 7d146c61b9932e9eea82aea03ac7f48798ce42c47bf3eb8eb9cffc403631db58e56559a1098c7b9a640e4598858552a37ca75e6749c564882f248188c8bcd00c
7
- data.tar.gz: e371dc3c7752412945d46cb76716d8973ad6d1cdc3149d49bf31dde852b5b12c37e10b3d05490f0b4711694bdb0d1108ea683e28bef6d6ecd9dd322919095db6
6
+ metadata.gz: 359023dc6e9a4a3404fba063afc428cab6054910c7f495acbd3e8eaac045d1a3e8145f57b9b2e3355b7518110b57dcf6977338d75981ef6e93e5d267a01ba9e7
7
+ data.tar.gz: 6109174ab892f4585d4a6cec4300d29184d55db985b100aae70a299b0a1f5f555bf50b97f20065b34e282cec13a633047989e759d2141cbca578b571e7ac84da
data/.gitignore CHANGED
@@ -9,3 +9,5 @@
9
9
 
10
10
  # rspec failure tracking
11
11
  .rspec_status
12
+
13
+ /Gemfile.lock
data/README.md CHANGED
@@ -34,7 +34,7 @@ your data model and trust root chaining. But even when more access
34
34
  control logic is required, you will develop simpler, better-fit
35
35
  solutions within your application.
36
36
 
37
- Which lead us to the following conclusions:
37
+ Which led us to the following conclusions:
38
38
 
39
39
  * Applications should be built for a single persona each.
40
40
  * In Rails applications, authorization should be granted and enforced
@@ -73,7 +73,7 @@ We'll assume you're using an authentication library like `devise` or
73
73
 
74
74
  1. Integrate AuthorizedPersona into your user model.
75
75
 
76
- The example uses ActiveRecord, but any ActiveModel-based ORM will do.
76
+ The example uses ActiveRecord, but any ActiveModel-like ORM will do.
77
77
  Your model only needs to have a string attribute named
78
78
  `authorization_tier`.
79
79
 
@@ -107,6 +107,11 @@ end
107
107
  class ApplicationController < ActionController::Base
108
108
  include AuthorizedPersona::Authorization
109
109
 
110
+ # Any needed hooks your authentication library needs to ensure
111
+ # `current_user` is set before # authorization, e.g.:
112
+ #
113
+ # before_filter :authenticate_user!
114
+
110
115
  authorize_persona class_name: "User"
111
116
 
112
117
  # or optionally override the method name we use to fetch current_[class_name] e.g.:
@@ -187,6 +192,24 @@ class BillSearch
187
192
  end
188
193
  ```
189
194
 
195
+ 6. (Advanced) If you need to determine which users are at or above an
196
+ authorization tier, e.g. for fanning out notifications:
197
+
198
+ ```ruby
199
+ # app/jobs/sensitive_bill_notification_job.rb
200
+ class SensitiveBillNotificationJob < ApplicationJob
201
+
202
+ def perform(bill_id)
203
+ bill = Bill.find(bill_id)
204
+ # AuthorizedPersona::Persona provides a `.[tier]_or_above` scope if
205
+ # your ORM supports a `.where` method
206
+ User.admin_or_above.find_each do |admin|
207
+ AdminMailer.with(user: admin, bill: bill).sensitive_bill_notification.deliver_later
208
+ end
209
+ end
210
+ end
211
+ ```
212
+
190
213
  ## Development
191
214
 
192
215
  After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -24,9 +24,9 @@ Gem::Specification.new do |spec|
24
24
 
25
25
  rails_version_range = [">= 5.1.6.2", "< 7"]
26
26
 
27
- spec.add_dependency "activemodel", *rails_version_range
28
- spec.add_dependency "railties", *rails_version_range
27
+ spec.add_dependency "railties", *rails_version_range
29
28
 
29
+ spec.add_development_dependency "activemodel", *rails_version_range
30
30
  spec.add_development_dependency "bundler", "~> 2.0"
31
31
  spec.add_development_dependency "rake", "~> 10.0"
32
32
  spec.add_development_dependency "rspec", "~> 3.0"
@@ -1,7 +1,6 @@
1
1
  require "authorized_persona/version"
2
2
 
3
3
  require "rails"
4
- require "active_model"
5
4
 
6
5
  require "authorized_persona/persona"
7
6
  require "authorized_persona/authorization"
@@ -9,13 +9,11 @@ module AuthorizedPersona
9
9
  self.authorized_actions = {}
10
10
 
11
11
  helper_method :authorization_current_user
12
-
13
- before_action :authorize!
14
12
  end
15
13
 
16
14
  class_methods do
17
15
  # Configure authorization for an authorized persona class
18
- def authorize_persona(class_name:, current_user_method: nil) # rubocop:disable Metrics/AbcSize
16
+ def authorize_persona(class_name:, current_user_method: nil) # rubocop:disable Metrics/AbcSize, Metrics/PerceivedComplexity, Metrics/MethodLength, Metrics/LineLength
19
17
  raise AuthorizedPersona::Error, "you can only configure authorization once" if authorization_persona_class_name.present?
20
18
  raise AuthorizedPersona::Error, "class_name must be a string" unless class_name.is_a?(String)
21
19
  raise AuthorizedPersona::Error, "current_user_method must be a symbol" if current_user_method && !current_user_method.is_a?(Symbol)
@@ -26,7 +24,14 @@ module AuthorizedPersona
26
24
  raise AuthorizedPersona::Error, "#{class_name} must be an AuthorizedPersona::Persona"
27
25
  end
28
26
 
29
- self.authorization_current_user_method = current_user_method || :"current_#{authorization_persona.model_name.singular_route_key}"
27
+ model_name = if authorization_persona.respond_to?(:model_name)
28
+ authorization_persona.model_name.singular_route_key
29
+ else
30
+ authorization_persona.name.underscore
31
+ end
32
+ self.authorization_current_user_method = current_user_method || :"current_#{model_name}"
33
+
34
+ before_action :authorize!
30
35
  end
31
36
 
32
37
  # Grants replace all previous grants to avoid privilege leakage
@@ -2,6 +2,14 @@ module AuthorizedPersona
2
2
  module Persona
3
3
  extend ActiveSupport::Concern
4
4
 
5
+ included do
6
+ if respond_to?(:where)
7
+ def self.with_authorization_tier_at_or_above(tier)
8
+ where(authorization_tier_attribute_name => authorization_tier_names.drop(authorization_tier_level(tier)))
9
+ end
10
+ end
11
+ end
12
+
5
13
  class_methods do
6
14
  # Get the attribute name for authorization_tier
7
15
  def authorization_tier_attribute_name
@@ -45,6 +53,19 @@ module AuthorizedPersona
45
53
  end
46
54
  end
47
55
 
56
+ if respond_to?(:with_authorization_tier_at_or_above)
57
+ class_methods = Module.new
58
+ extend class_methods
59
+
60
+ class_methods.module_eval do
61
+ tiers.keys.each do |tier|
62
+ define_method "#{tier}_or_above" do
63
+ with_authorization_tier_at_or_above(tier)
64
+ end
65
+ end
66
+ end
67
+ end
68
+
48
69
  @authorization_tiers = tiers.freeze
49
70
  end
50
71
 
@@ -1,3 +1,3 @@
1
1
  module AuthorizedPersona
2
- VERSION = "0.1.0".freeze
2
+ VERSION = "0.9.0".freeze
3
3
  end
metadata CHANGED
@@ -1,17 +1,17 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authorized_persona
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - John Mileham
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-06-07 00:00:00.000000000 Z
11
+ date: 2019-06-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: activemodel
14
+ name: railties
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - ">="
@@ -31,7 +31,7 @@ dependencies:
31
31
  - !ruby/object:Gem::Version
32
32
  version: '7'
33
33
  - !ruby/object:Gem::Dependency
34
- name: railties
34
+ name: activemodel
35
35
  requirement: !ruby/object:Gem::Requirement
36
36
  requirements:
37
37
  - - ">="
@@ -40,7 +40,7 @@ dependencies:
40
40
  - - "<"
41
41
  - !ruby/object:Gem::Version
42
42
  version: '7'
43
- type: :runtime
43
+ type: :development
44
44
  prerelease: false
45
45
  version_requirements: !ruby/object:Gem::Requirement
46
46
  requirements:
@@ -120,7 +120,6 @@ files:
120
120
  - ".travis.yml"
121
121
  - CODE_OF_CONDUCT.md
122
122
  - Gemfile
123
- - Gemfile.lock
124
123
  - LICENSE.txt
125
124
  - README.md
126
125
  - Rakefile
@@ -1,112 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- authorized_persona (0.1.0)
5
- activemodel (>= 5.1.6.2, < 7)
6
- railties (>= 5.1.6.2, < 7)
7
-
8
- GEM
9
- remote: https://rubygems.org/
10
- specs:
11
- actionpack (5.2.3)
12
- actionview (= 5.2.3)
13
- activesupport (= 5.2.3)
14
- rack (~> 2.0)
15
- rack-test (>= 0.6.3)
16
- rails-dom-testing (~> 2.0)
17
- rails-html-sanitizer (~> 1.0, >= 1.0.2)
18
- actionview (5.2.3)
19
- activesupport (= 5.2.3)
20
- builder (~> 3.1)
21
- erubi (~> 1.4)
22
- rails-dom-testing (~> 2.0)
23
- rails-html-sanitizer (~> 1.0, >= 1.0.3)
24
- activemodel (5.2.3)
25
- activesupport (= 5.2.3)
26
- activesupport (5.2.3)
27
- concurrent-ruby (~> 1.0, >= 1.0.2)
28
- i18n (>= 0.7, < 2)
29
- minitest (~> 5.1)
30
- tzinfo (~> 1.1)
31
- ast (2.4.0)
32
- builder (3.2.3)
33
- concurrent-ruby (1.1.5)
34
- crass (1.0.4)
35
- diff-lcs (1.3)
36
- erubi (1.8.0)
37
- i18n (1.6.0)
38
- concurrent-ruby (~> 1.0)
39
- jaro_winkler (1.5.2)
40
- loofah (2.2.3)
41
- crass (~> 1.0.2)
42
- nokogiri (>= 1.5.9)
43
- method_source (0.9.2)
44
- mini_portile2 (2.4.0)
45
- minitest (5.11.3)
46
- nokogiri (1.10.3)
47
- mini_portile2 (~> 2.4.0)
48
- parallel (1.17.0)
49
- parser (2.6.3.0)
50
- ast (~> 2.4.0)
51
- powerpack (0.1.2)
52
- rack (2.0.7)
53
- rack-test (1.1.0)
54
- rack (>= 1.0, < 3)
55
- rails-dom-testing (2.0.3)
56
- activesupport (>= 4.2.0)
57
- nokogiri (>= 1.6)
58
- rails-html-sanitizer (1.0.4)
59
- loofah (~> 2.2, >= 2.2.2)
60
- railties (5.2.3)
61
- actionpack (= 5.2.3)
62
- activesupport (= 5.2.3)
63
- method_source
64
- rake (>= 0.8.7)
65
- thor (>= 0.19.0, < 2.0)
66
- rainbow (3.0.0)
67
- rake (10.5.0)
68
- rspec (3.8.0)
69
- rspec-core (~> 3.8.0)
70
- rspec-expectations (~> 3.8.0)
71
- rspec-mocks (~> 3.8.0)
72
- rspec-core (3.8.0)
73
- rspec-support (~> 3.8.0)
74
- rspec-expectations (3.8.3)
75
- diff-lcs (>= 1.2.0, < 2.0)
76
- rspec-support (~> 3.8.0)
77
- rspec-mocks (3.8.0)
78
- diff-lcs (>= 1.2.0, < 2.0)
79
- rspec-support (~> 3.8.0)
80
- rspec-support (3.8.0)
81
- rubocop (0.61.1)
82
- jaro_winkler (~> 1.5.1)
83
- parallel (~> 1.10)
84
- parser (>= 2.5, != 2.5.1.1)
85
- powerpack (~> 0.1)
86
- rainbow (>= 2.2.2, < 4.0)
87
- ruby-progressbar (~> 1.7)
88
- unicode-display_width (~> 1.4.0)
89
- rubocop-betterment (1.8.0)
90
- rubocop (~> 0.61.1)
91
- rubocop-rspec (= 1.28.0)
92
- rubocop-rspec (1.28.0)
93
- rubocop (>= 0.58.0)
94
- ruby-progressbar (1.10.1)
95
- thor (0.20.3)
96
- thread_safe (0.3.6)
97
- tzinfo (1.2.5)
98
- thread_safe (~> 0.1)
99
- unicode-display_width (1.4.1)
100
-
101
- PLATFORMS
102
- ruby
103
-
104
- DEPENDENCIES
105
- authorized_persona!
106
- bundler (~> 2.0)
107
- rake (~> 10.0)
108
- rspec (~> 3.0)
109
- rubocop-betterment
110
-
111
- BUNDLED WITH
112
- 2.0.1