authorizy 0.3.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +8 -4
- data/lib/authorizy/config.rb +10 -1
- data/lib/authorizy/extension.rb +1 -5
- data/lib/authorizy/version.rb +1 -1
- data/lib/generators/authorizy/templates/config/initializers/authorizy.rb +15 -1
- data/spec/authorizy/config/denied_spec.rb +49 -0
- data/spec/authorizy/config/redirect_url_spec.rb +2 -2
- data/spec/authorizy/extension/authorizy_spec.rb +6 -20
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d5aa4cb2402214093d2887dcd0760f1087586e28d558c52bfcb4999ff18f72cc
|
|
4
|
+
data.tar.gz: e189e2a283e745c6cb37ddab2683b362d86a4355d776866f031d4cc2c2913079
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc846ae164fabea516698ef5ddfaec65618a30f2949ec59cc8d93a7b380f240a1a1e25afd53ea6cdfb4f0db7b43cb5a1b26fdd8f87220ef47f9de0d8064b4508
|
|
7
|
+
data.tar.gz: 24e3e907dc28f062932bcc41387f5075ca3865b3406dc80cef0da09439c9db47a52d9c1b3d6ef1871138292f888e43608711e0fc3167a02da5e0d439fcc83091
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -8,10 +8,6 @@
|
|
|
8
8
|
|
|
9
9
|
A JSON based Authorization.
|
|
10
10
|
|
|
11
|
-
##### Why not [cancancan](https://github.com/CanCanCommunity/cancancan)?
|
|
12
|
-
|
|
13
|
-
I have been working with cancan/cancancan for years. Since the beginning with [database access](https://github.com/CanCanCommunity/cancancan/blob/develop/docs/Abilities-in-Database.md). After a while, I realised I built a couple of abstractions around `ability` class and suddenly migrated to JSON for better performance. As I need a full role admin I decided to start to extract this logic to a gem.
|
|
14
|
-
|
|
15
11
|
## Install
|
|
16
12
|
|
|
17
13
|
Add the following code on your `Gemfile` and run `bundle install`:
|
|
@@ -142,6 +138,14 @@ Authorizy.configure do |config|
|
|
|
142
138
|
end
|
|
143
139
|
```
|
|
144
140
|
|
|
141
|
+
### Denied
|
|
142
|
+
|
|
143
|
+
When some access is denied, by default, Authorizy checks if it is a XHR request or not and then redirect or serializes a message with status code `403`. You can rescue it by yourself:
|
|
144
|
+
|
|
145
|
+
```ruby
|
|
146
|
+
config.denied = ->(context) { context.redirect_to(subscription_path, info: 'Subscription expired!') }
|
|
147
|
+
```
|
|
148
|
+
|
|
145
149
|
### Dependencies
|
|
146
150
|
|
|
147
151
|
You can allow access to one or more controllers and actions based on your permissions. It'll consider not only the `action`, like [aliases](#aliases) but the controller either.
|
data/lib/authorizy/config.rb
CHANGED
|
@@ -2,12 +2,21 @@
|
|
|
2
2
|
|
|
3
3
|
module Authorizy
|
|
4
4
|
class Config
|
|
5
|
-
attr_accessor :aliases, :cop, :current_user, :dependencies, :field, :redirect_url
|
|
5
|
+
attr_accessor :aliases, :cop, :current_user, :denied, :dependencies, :field, :redirect_url
|
|
6
6
|
|
|
7
7
|
def initialize
|
|
8
8
|
@aliases = {}
|
|
9
9
|
@cop = Authorizy::BaseCop
|
|
10
10
|
@current_user = ->(context) { context.respond_to?(:current_user) ? context.current_user : nil }
|
|
11
|
+
|
|
12
|
+
@denied = lambda { |context|
|
|
13
|
+
info = I18n.t('authorizy.denied', controller: context.params[:controller], action: context.params[:action])
|
|
14
|
+
|
|
15
|
+
return context.render(json: { message: info }, status: 403) if context.request.xhr?
|
|
16
|
+
|
|
17
|
+
context.redirect_to(redirect_url.call(self), info: info)
|
|
18
|
+
}
|
|
19
|
+
|
|
11
20
|
@dependencies = {}
|
|
12
21
|
@field = ->(current_user) { current_user.respond_to?(:authorizy) ? current_user.authorizy : {} }
|
|
13
22
|
@redirect_url = ->(context) { context.respond_to?(:root_url) ? context.root_url : '/' }
|
data/lib/authorizy/extension.rb
CHANGED
|
@@ -10,11 +10,7 @@ module Authorizy
|
|
|
10
10
|
def authorizy
|
|
11
11
|
return if Authorizy::Core.new(authorizy_user, params, session, cop: authorizy_cop).access?
|
|
12
12
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
return render(json: { message: info }, status: 401) if request.xhr?
|
|
16
|
-
|
|
17
|
-
redirect_to Authorizy.config.redirect_url.call(self), info: info
|
|
13
|
+
Authorizy.config.denied.call(self)
|
|
18
14
|
end
|
|
19
15
|
|
|
20
16
|
def authorizy?(controller, action)
|
data/lib/authorizy/version.rb
CHANGED
|
@@ -9,14 +9,28 @@ Authorizy.configure do |config|
|
|
|
9
9
|
# https://github.com/wbotelhos/authorizy#cop
|
|
10
10
|
# config.cop = Authorizy::BaseCop
|
|
11
11
|
|
|
12
|
-
# The current user from we fetch the permissions
|
|
12
|
+
# The current user from where we fetch the permissions
|
|
13
13
|
# https://github.com/wbotelhos/authorizy#current-user
|
|
14
14
|
# config.current_user = -> (context) { context.respond_to?(:current_user) ? context.current_user : nil }
|
|
15
15
|
|
|
16
|
+
# Callback called when access is denied
|
|
17
|
+
# https://github.com/wbotelhos/authorizy#denied
|
|
18
|
+
# config.denied = lambda { |context|
|
|
19
|
+
# info = I18n.t('authorizy.denied', controller: context.params[:controller], action: context.params[:action])
|
|
20
|
+
|
|
21
|
+
# return context.render(json: { message: info }, status: 403) if context.request.xhr?
|
|
22
|
+
|
|
23
|
+
# context.redirect_to(redirect_url.call(self), info: info)
|
|
24
|
+
# }
|
|
25
|
+
|
|
16
26
|
# Inherited permissions from some other permission the user already has
|
|
17
27
|
# https://github.com/wbotelhos/authorizy#dependencies
|
|
18
28
|
# config.dependencies = {}
|
|
19
29
|
|
|
30
|
+
# Field used to fetch the Authorizy permissions
|
|
31
|
+
# https://github.com/wbotelhos/authorizy#field
|
|
32
|
+
# config.field = ->(current_user) { current_user.respond_to?(:authorizy) ? current_user.authorizy : {} }
|
|
33
|
+
|
|
20
34
|
# URL to be redirect when user has no permission to access some resource
|
|
21
35
|
# https://github.com/wbotelhos/authorizy#dependencies
|
|
22
36
|
# config.redirect_url = -> (context) { context.respond_to?(:root_url) ? context.root_url : '/' }
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
RSpec.describe Authorizy::Config, '#denied' do
|
|
4
|
+
let!(:config) { described_class.new }
|
|
5
|
+
|
|
6
|
+
context 'with default denied callback' do
|
|
7
|
+
context 'when is a xhr request' do
|
|
8
|
+
let!(:context) do
|
|
9
|
+
double('context',
|
|
10
|
+
params: { controller: 'users', action: 'index' },
|
|
11
|
+
request: OpenStruct.new(xhr?: true)
|
|
12
|
+
)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it 'renders' do
|
|
16
|
+
allow(context).to receive(:render)
|
|
17
|
+
|
|
18
|
+
config.denied.call(context)
|
|
19
|
+
|
|
20
|
+
expect(context).to have_received(:render).with(json: { message: 'Action denied for users#index' }, status: 403)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
context 'when is not a xhr request' do
|
|
25
|
+
let!(:context) do
|
|
26
|
+
double('context',
|
|
27
|
+
params: { controller: 'users', action: 'index' },
|
|
28
|
+
request: OpenStruct.new(xhr?: false)
|
|
29
|
+
)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it 'renders' do
|
|
33
|
+
allow(context).to receive(:redirect_to)
|
|
34
|
+
|
|
35
|
+
config.denied.call(context)
|
|
36
|
+
|
|
37
|
+
expect(context).to have_received(:redirect_to).with('/', info: 'Action denied for users#index')
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
context 'with custom denied callback' do
|
|
43
|
+
it 'calls the callback' do
|
|
44
|
+
config.denied = ->(context) { context[:key] }
|
|
45
|
+
|
|
46
|
+
expect(config.denied.call(key: :value)).to eq(:value)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -23,9 +23,9 @@ RSpec.describe Authorizy::Config, '#redirect_url' do
|
|
|
23
23
|
|
|
24
24
|
context 'when uses custom value' do
|
|
25
25
|
it 'executes what you want' do
|
|
26
|
-
config.redirect_url = ->(context) { context[:
|
|
26
|
+
config.redirect_url = ->(context) { context[:key] }
|
|
27
27
|
|
|
28
|
-
expect(config.redirect_url.call({
|
|
28
|
+
expect(config.redirect_url.call({ key: :value })).to eq(:value)
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
end
|
|
@@ -3,18 +3,15 @@
|
|
|
3
3
|
require 'support/controllers/dummy_controller'
|
|
4
4
|
|
|
5
5
|
RSpec.describe DummyController, '#authorizy', type: :controller do
|
|
6
|
-
let!(:config) { Authorizy.config }
|
|
7
6
|
let!(:parameters) { ActionController::Parameters.new(key: 'value', controller: 'dummy', action: 'action') }
|
|
8
7
|
let!(:user) { nil }
|
|
9
8
|
|
|
10
|
-
before { allow(Authorizy).to receive(:config).and_return(config) }
|
|
11
|
-
|
|
12
9
|
context 'when user has access' do
|
|
13
10
|
let!(:authorizy_core) { instance_double('Authorizy::Core', access?: true) }
|
|
14
11
|
|
|
15
12
|
before do
|
|
16
13
|
allow(Authorizy::Core).to receive(:new)
|
|
17
|
-
.with(user, parameters, session, cop: config.cop)
|
|
14
|
+
.with(user, parameters, session, cop: Authorizy.config.cop)
|
|
18
15
|
.and_return(authorizy_core)
|
|
19
16
|
end
|
|
20
17
|
|
|
@@ -42,27 +39,16 @@ RSpec.describe DummyController, '#authorizy', type: :controller do
|
|
|
42
39
|
|
|
43
40
|
before do
|
|
44
41
|
allow(Authorizy::Core).to receive(:new)
|
|
45
|
-
.with(user, parameters, session, cop: config.cop)
|
|
42
|
+
.with(user, parameters, session, cop: Authorizy.config.cop)
|
|
46
43
|
.and_return(authorizy_core)
|
|
47
44
|
end
|
|
48
45
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
get :action, xhr: true, params: { key: 'value' }
|
|
46
|
+
it 'calls denied callback' do
|
|
47
|
+
allow(Authorizy.config.denied).to receive(:call)
|
|
52
48
|
|
|
53
|
-
|
|
54
|
-
expect(response.status).to be(401)
|
|
55
|
-
end
|
|
56
|
-
end
|
|
49
|
+
get :action, xhr: true, params: { key: 'value' }
|
|
57
50
|
|
|
58
|
-
|
|
59
|
-
it 'receives the default values and do not denied the access' do
|
|
60
|
-
get :action, params: { key: 'value' }
|
|
61
|
-
|
|
62
|
-
expect(response).to redirect_to '/'
|
|
63
|
-
|
|
64
|
-
# expect(flash[:info]).to eq('Action denied for dummy#action') # TODO: get flash message
|
|
65
|
-
end
|
|
51
|
+
expect(Authorizy.config.denied).to have_received(:call).with(subject)
|
|
66
52
|
end
|
|
67
53
|
end
|
|
68
54
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authorizy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Washington Botelho
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-09-
|
|
11
|
+
date: 2021-09-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -163,6 +163,7 @@ files:
|
|
|
163
163
|
- spec/authorizy/config/aliases_spec.rb
|
|
164
164
|
- spec/authorizy/config/cop_spec.rb
|
|
165
165
|
- spec/authorizy/config/current_user_spec.rb
|
|
166
|
+
- spec/authorizy/config/denied_spec.rb
|
|
166
167
|
- spec/authorizy/config/dependencies_spec.rb
|
|
167
168
|
- spec/authorizy/config/field_spec.rb
|
|
168
169
|
- spec/authorizy/config/initialize_spec.rb
|
|
@@ -217,6 +218,7 @@ test_files:
|
|
|
217
218
|
- spec/authorizy/config/aliases_spec.rb
|
|
218
219
|
- spec/authorizy/config/cop_spec.rb
|
|
219
220
|
- spec/authorizy/config/current_user_spec.rb
|
|
221
|
+
- spec/authorizy/config/denied_spec.rb
|
|
220
222
|
- spec/authorizy/config/dependencies_spec.rb
|
|
221
223
|
- spec/authorizy/config/field_spec.rb
|
|
222
224
|
- spec/authorizy/config/initialize_spec.rb
|