authorizy 0.3.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1bdbf8fe26ec2fa456858b922f21efa63830f329018f07d6c2bed196d7e5cd8a
4
- data.tar.gz: 49ad3862405c7707a3ab83c458e8c950d4fcf8b3e6488d7edc6fa6416e912cd9
3
+ metadata.gz: d5aa4cb2402214093d2887dcd0760f1087586e28d558c52bfcb4999ff18f72cc
4
+ data.tar.gz: e189e2a283e745c6cb37ddab2683b362d86a4355d776866f031d4cc2c2913079
5
5
  SHA512:
6
- metadata.gz: 88568952618d7984a5ec9b548a74adaa64a263d4bfecdae71ec5e28225df8a5a93d5febf6aedb5a27a87f22ced4c066da8b330a5e8c96bc77abc7cea71cbde20
7
- data.tar.gz: 2be439b99e310b42fca0122ba1a2c7bdf79d932a38be47e09722f6308763f73f25f76ad3481874ac0f7bd3b3e6ea7f33728c1605d372aba71a15c6de8143ffc7
6
+ metadata.gz: bc846ae164fabea516698ef5ddfaec65618a30f2949ec59cc8d93a7b380f240a1a1e25afd53ea6cdfb4f0db7b43cb5a1b26fdd8f87220ef47f9de0d8064b4508
7
+ data.tar.gz: 24e3e907dc28f062932bcc41387f5075ca3865b3406dc80cef0da09439c9db47a52d9c1b3d6ef1871138292f888e43608711e0fc3167a02da5e0d439fcc83091
data/CHANGELOG.md CHANGED
@@ -1,3 +1,13 @@
1
+ # v0.4.0
2
+
3
+ ## Fixes
4
+
5
+ - Returns `403` status code, to represent recognized but not authorized, instead `401`;
6
+
7
+ ## Features
8
+
9
+ - Added `denied` callback allowing a custom acess denied treatment;
10
+
1
11
  # v0.3.0
2
12
 
3
13
  ## Features
data/README.md CHANGED
@@ -8,10 +8,6 @@
8
8
 
9
9
  A JSON based Authorization.
10
10
 
11
- ##### Why not [cancancan](https://github.com/CanCanCommunity/cancancan)?
12
-
13
- I have been working with cancan/cancancan for years. Since the beginning with [database access](https://github.com/CanCanCommunity/cancancan/blob/develop/docs/Abilities-in-Database.md). After a while, I realised I built a couple of abstractions around `ability` class and suddenly migrated to JSON for better performance. As I need a full role admin I decided to start to extract this logic to a gem.
14
-
15
11
  ## Install
16
12
 
17
13
  Add the following code on your `Gemfile` and run `bundle install`:
@@ -142,6 +138,14 @@ Authorizy.configure do |config|
142
138
  end
143
139
  ```
144
140
 
141
+ ### Denied
142
+
143
+ When some access is denied, by default, Authorizy checks if it is a XHR request or not and then redirect or serializes a message with status code `403`. You can rescue it by yourself:
144
+
145
+ ```ruby
146
+ config.denied = ->(context) { context.redirect_to(subscription_path, info: 'Subscription expired!') }
147
+ ```
148
+
145
149
  ### Dependencies
146
150
 
147
151
  You can allow access to one or more controllers and actions based on your permissions. It'll consider not only the `action`, like [aliases](#aliases) but the controller either.
@@ -2,12 +2,21 @@
2
2
 
3
3
  module Authorizy
4
4
  class Config
5
- attr_accessor :aliases, :cop, :current_user, :dependencies, :field, :redirect_url
5
+ attr_accessor :aliases, :cop, :current_user, :denied, :dependencies, :field, :redirect_url
6
6
 
7
7
  def initialize
8
8
  @aliases = {}
9
9
  @cop = Authorizy::BaseCop
10
10
  @current_user = ->(context) { context.respond_to?(:current_user) ? context.current_user : nil }
11
+
12
+ @denied = lambda { |context|
13
+ info = I18n.t('authorizy.denied', controller: context.params[:controller], action: context.params[:action])
14
+
15
+ return context.render(json: { message: info }, status: 403) if context.request.xhr?
16
+
17
+ context.redirect_to(redirect_url.call(self), info: info)
18
+ }
19
+
11
20
  @dependencies = {}
12
21
  @field = ->(current_user) { current_user.respond_to?(:authorizy) ? current_user.authorizy : {} }
13
22
  @redirect_url = ->(context) { context.respond_to?(:root_url) ? context.root_url : '/' }
@@ -10,11 +10,7 @@ module Authorizy
10
10
  def authorizy
11
11
  return if Authorizy::Core.new(authorizy_user, params, session, cop: authorizy_cop).access?
12
12
 
13
- info = I18n.t('authorizy.denied', controller: params[:controller], action: params[:action])
14
-
15
- return render(json: { message: info }, status: 401) if request.xhr?
16
-
17
- redirect_to Authorizy.config.redirect_url.call(self), info: info
13
+ Authorizy.config.denied.call(self)
18
14
  end
19
15
 
20
16
  def authorizy?(controller, action)
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Authorizy
4
- VERSION = '0.3.0'
4
+ VERSION = '0.4.0'
5
5
  end
@@ -9,14 +9,28 @@ Authorizy.configure do |config|
9
9
  # https://github.com/wbotelhos/authorizy#cop
10
10
  # config.cop = Authorizy::BaseCop
11
11
 
12
- # The current user from we fetch the permissions
12
+ # The current user from where we fetch the permissions
13
13
  # https://github.com/wbotelhos/authorizy#current-user
14
14
  # config.current_user = -> (context) { context.respond_to?(:current_user) ? context.current_user : nil }
15
15
 
16
+ # Callback called when access is denied
17
+ # https://github.com/wbotelhos/authorizy#denied
18
+ # config.denied = lambda { |context|
19
+ # info = I18n.t('authorizy.denied', controller: context.params[:controller], action: context.params[:action])
20
+
21
+ # return context.render(json: { message: info }, status: 403) if context.request.xhr?
22
+
23
+ # context.redirect_to(redirect_url.call(self), info: info)
24
+ # }
25
+
16
26
  # Inherited permissions from some other permission the user already has
17
27
  # https://github.com/wbotelhos/authorizy#dependencies
18
28
  # config.dependencies = {}
19
29
 
30
+ # Field used to fetch the Authorizy permissions
31
+ # https://github.com/wbotelhos/authorizy#field
32
+ # config.field = ->(current_user) { current_user.respond_to?(:authorizy) ? current_user.authorizy : {} }
33
+
20
34
  # URL to be redirect when user has no permission to access some resource
21
35
  # https://github.com/wbotelhos/authorizy#dependencies
22
36
  # config.redirect_url = -> (context) { context.respond_to?(:root_url) ? context.root_url : '/' }
@@ -0,0 +1,49 @@
1
+ # frozen_string_literal: true
2
+
3
+ RSpec.describe Authorizy::Config, '#denied' do
4
+ let!(:config) { described_class.new }
5
+
6
+ context 'with default denied callback' do
7
+ context 'when is a xhr request' do
8
+ let!(:context) do
9
+ double('context',
10
+ params: { controller: 'users', action: 'index' },
11
+ request: OpenStruct.new(xhr?: true)
12
+ )
13
+ end
14
+
15
+ it 'renders' do
16
+ allow(context).to receive(:render)
17
+
18
+ config.denied.call(context)
19
+
20
+ expect(context).to have_received(:render).with(json: { message: 'Action denied for users#index' }, status: 403)
21
+ end
22
+ end
23
+
24
+ context 'when is not a xhr request' do
25
+ let!(:context) do
26
+ double('context',
27
+ params: { controller: 'users', action: 'index' },
28
+ request: OpenStruct.new(xhr?: false)
29
+ )
30
+ end
31
+
32
+ it 'renders' do
33
+ allow(context).to receive(:redirect_to)
34
+
35
+ config.denied.call(context)
36
+
37
+ expect(context).to have_received(:redirect_to).with('/', info: 'Action denied for users#index')
38
+ end
39
+ end
40
+ end
41
+
42
+ context 'with custom denied callback' do
43
+ it 'calls the callback' do
44
+ config.denied = ->(context) { context[:key] }
45
+
46
+ expect(config.denied.call(key: :value)).to eq(:value)
47
+ end
48
+ end
49
+ end
@@ -23,9 +23,9 @@ RSpec.describe Authorizy::Config, '#redirect_url' do
23
23
 
24
24
  context 'when uses custom value' do
25
25
  it 'executes what you want' do
26
- config.redirect_url = ->(context) { context[:value] }
26
+ config.redirect_url = ->(context) { context[:key] }
27
27
 
28
- expect(config.redirect_url.call({ value: 'value' })).to eq('value')
28
+ expect(config.redirect_url.call({ key: :value })).to eq(:value)
29
29
  end
30
30
  end
31
31
  end
@@ -3,18 +3,15 @@
3
3
  require 'support/controllers/dummy_controller'
4
4
 
5
5
  RSpec.describe DummyController, '#authorizy', type: :controller do
6
- let!(:config) { Authorizy.config }
7
6
  let!(:parameters) { ActionController::Parameters.new(key: 'value', controller: 'dummy', action: 'action') }
8
7
  let!(:user) { nil }
9
8
 
10
- before { allow(Authorizy).to receive(:config).and_return(config) }
11
-
12
9
  context 'when user has access' do
13
10
  let!(:authorizy_core) { instance_double('Authorizy::Core', access?: true) }
14
11
 
15
12
  before do
16
13
  allow(Authorizy::Core).to receive(:new)
17
- .with(user, parameters, session, cop: config.cop)
14
+ .with(user, parameters, session, cop: Authorizy.config.cop)
18
15
  .and_return(authorizy_core)
19
16
  end
20
17
 
@@ -42,27 +39,16 @@ RSpec.describe DummyController, '#authorizy', type: :controller do
42
39
 
43
40
  before do
44
41
  allow(Authorizy::Core).to receive(:new)
45
- .with(user, parameters, session, cop: config.cop)
42
+ .with(user, parameters, session, cop: Authorizy.config.cop)
46
43
  .and_return(authorizy_core)
47
44
  end
48
45
 
49
- context 'when is a xhr request' do
50
- it 'receives the default values and denied the access' do
51
- get :action, xhr: true, params: { key: 'value' }
46
+ it 'calls denied callback' do
47
+ allow(Authorizy.config.denied).to receive(:call)
52
48
 
53
- expect(response.body).to eq('{"message":"Action denied for dummy#action"}')
54
- expect(response.status).to be(401)
55
- end
56
- end
49
+ get :action, xhr: true, params: { key: 'value' }
57
50
 
58
- context 'when is a html request' do
59
- it 'receives the default values and do not denied the access' do
60
- get :action, params: { key: 'value' }
61
-
62
- expect(response).to redirect_to '/'
63
-
64
- # expect(flash[:info]).to eq('Action denied for dummy#action') # TODO: get flash message
65
- end
51
+ expect(Authorizy.config.denied).to have_received(:call).with(subject)
66
52
  end
67
53
  end
68
54
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authorizy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Washington Botelho
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-07 00:00:00.000000000 Z
11
+ date: 2021-09-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord
@@ -163,6 +163,7 @@ files:
163
163
  - spec/authorizy/config/aliases_spec.rb
164
164
  - spec/authorizy/config/cop_spec.rb
165
165
  - spec/authorizy/config/current_user_spec.rb
166
+ - spec/authorizy/config/denied_spec.rb
166
167
  - spec/authorizy/config/dependencies_spec.rb
167
168
  - spec/authorizy/config/field_spec.rb
168
169
  - spec/authorizy/config/initialize_spec.rb
@@ -217,6 +218,7 @@ test_files:
217
218
  - spec/authorizy/config/aliases_spec.rb
218
219
  - spec/authorizy/config/cop_spec.rb
219
220
  - spec/authorizy/config/current_user_spec.rb
221
+ - spec/authorizy/config/denied_spec.rb
220
222
  - spec/authorizy/config/dependencies_spec.rb
221
223
  - spec/authorizy/config/field_spec.rb
222
224
  - spec/authorizy/config/initialize_spec.rb