authorizy 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +8 -4
- data/lib/authorizy/config.rb +10 -1
- data/lib/authorizy/extension.rb +1 -5
- data/lib/authorizy/version.rb +1 -1
- data/lib/generators/authorizy/templates/config/initializers/authorizy.rb +15 -1
- data/spec/authorizy/config/denied_spec.rb +49 -0
- data/spec/authorizy/config/redirect_url_spec.rb +2 -2
- data/spec/authorizy/extension/authorizy_spec.rb +6 -20
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d5aa4cb2402214093d2887dcd0760f1087586e28d558c52bfcb4999ff18f72cc
|
|
4
|
+
data.tar.gz: e189e2a283e745c6cb37ddab2683b362d86a4355d776866f031d4cc2c2913079
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bc846ae164fabea516698ef5ddfaec65618a30f2949ec59cc8d93a7b380f240a1a1e25afd53ea6cdfb4f0db7b43cb5a1b26fdd8f87220ef47f9de0d8064b4508
|
|
7
|
+
data.tar.gz: 24e3e907dc28f062932bcc41387f5075ca3865b3406dc80cef0da09439c9db47a52d9c1b3d6ef1871138292f888e43608711e0fc3167a02da5e0d439fcc83091
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -8,10 +8,6 @@
|
|
|
8
8
|
|
|
9
9
|
A JSON based Authorization.
|
|
10
10
|
|
|
11
|
-
##### Why not [cancancan](https://github.com/CanCanCommunity/cancancan)?
|
|
12
|
-
|
|
13
|
-
I have been working with cancan/cancancan for years. Since the beginning with [database access](https://github.com/CanCanCommunity/cancancan/blob/develop/docs/Abilities-in-Database.md). After a while, I realised I built a couple of abstractions around `ability` class and suddenly migrated to JSON for better performance. As I need a full role admin I decided to start to extract this logic to a gem.
|
|
14
|
-
|
|
15
11
|
## Install
|
|
16
12
|
|
|
17
13
|
Add the following code on your `Gemfile` and run `bundle install`:
|
|
@@ -142,6 +138,14 @@ Authorizy.configure do |config|
|
|
|
142
138
|
end
|
|
143
139
|
```
|
|
144
140
|
|
|
141
|
+
### Denied
|
|
142
|
+
|
|
143
|
+
When some access is denied, by default, Authorizy checks if it is a XHR request or not and then redirect or serializes a message with status code `403`. You can rescue it by yourself:
|
|
144
|
+
|
|
145
|
+
```ruby
|
|
146
|
+
config.denied = ->(context) { context.redirect_to(subscription_path, info: 'Subscription expired!') }
|
|
147
|
+
```
|
|
148
|
+
|
|
145
149
|
### Dependencies
|
|
146
150
|
|
|
147
151
|
You can allow access to one or more controllers and actions based on your permissions. It'll consider not only the `action`, like [aliases](#aliases) but the controller either.
|
data/lib/authorizy/config.rb
CHANGED
|
@@ -2,12 +2,21 @@
|
|
|
2
2
|
|
|
3
3
|
module Authorizy
|
|
4
4
|
class Config
|
|
5
|
-
attr_accessor :aliases, :cop, :current_user, :dependencies, :field, :redirect_url
|
|
5
|
+
attr_accessor :aliases, :cop, :current_user, :denied, :dependencies, :field, :redirect_url
|
|
6
6
|
|
|
7
7
|
def initialize
|
|
8
8
|
@aliases = {}
|
|
9
9
|
@cop = Authorizy::BaseCop
|
|
10
10
|
@current_user = ->(context) { context.respond_to?(:current_user) ? context.current_user : nil }
|
|
11
|
+
|
|
12
|
+
@denied = lambda { |context|
|
|
13
|
+
info = I18n.t('authorizy.denied', controller: context.params[:controller], action: context.params[:action])
|
|
14
|
+
|
|
15
|
+
return context.render(json: { message: info }, status: 403) if context.request.xhr?
|
|
16
|
+
|
|
17
|
+
context.redirect_to(redirect_url.call(self), info: info)
|
|
18
|
+
}
|
|
19
|
+
|
|
11
20
|
@dependencies = {}
|
|
12
21
|
@field = ->(current_user) { current_user.respond_to?(:authorizy) ? current_user.authorizy : {} }
|
|
13
22
|
@redirect_url = ->(context) { context.respond_to?(:root_url) ? context.root_url : '/' }
|
data/lib/authorizy/extension.rb
CHANGED
|
@@ -10,11 +10,7 @@ module Authorizy
|
|
|
10
10
|
def authorizy
|
|
11
11
|
return if Authorizy::Core.new(authorizy_user, params, session, cop: authorizy_cop).access?
|
|
12
12
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
return render(json: { message: info }, status: 401) if request.xhr?
|
|
16
|
-
|
|
17
|
-
redirect_to Authorizy.config.redirect_url.call(self), info: info
|
|
13
|
+
Authorizy.config.denied.call(self)
|
|
18
14
|
end
|
|
19
15
|
|
|
20
16
|
def authorizy?(controller, action)
|
data/lib/authorizy/version.rb
CHANGED
|
@@ -9,14 +9,28 @@ Authorizy.configure do |config|
|
|
|
9
9
|
# https://github.com/wbotelhos/authorizy#cop
|
|
10
10
|
# config.cop = Authorizy::BaseCop
|
|
11
11
|
|
|
12
|
-
# The current user from we fetch the permissions
|
|
12
|
+
# The current user from where we fetch the permissions
|
|
13
13
|
# https://github.com/wbotelhos/authorizy#current-user
|
|
14
14
|
# config.current_user = -> (context) { context.respond_to?(:current_user) ? context.current_user : nil }
|
|
15
15
|
|
|
16
|
+
# Callback called when access is denied
|
|
17
|
+
# https://github.com/wbotelhos/authorizy#denied
|
|
18
|
+
# config.denied = lambda { |context|
|
|
19
|
+
# info = I18n.t('authorizy.denied', controller: context.params[:controller], action: context.params[:action])
|
|
20
|
+
|
|
21
|
+
# return context.render(json: { message: info }, status: 403) if context.request.xhr?
|
|
22
|
+
|
|
23
|
+
# context.redirect_to(redirect_url.call(self), info: info)
|
|
24
|
+
# }
|
|
25
|
+
|
|
16
26
|
# Inherited permissions from some other permission the user already has
|
|
17
27
|
# https://github.com/wbotelhos/authorizy#dependencies
|
|
18
28
|
# config.dependencies = {}
|
|
19
29
|
|
|
30
|
+
# Field used to fetch the Authorizy permissions
|
|
31
|
+
# https://github.com/wbotelhos/authorizy#field
|
|
32
|
+
# config.field = ->(current_user) { current_user.respond_to?(:authorizy) ? current_user.authorizy : {} }
|
|
33
|
+
|
|
20
34
|
# URL to be redirect when user has no permission to access some resource
|
|
21
35
|
# https://github.com/wbotelhos/authorizy#dependencies
|
|
22
36
|
# config.redirect_url = -> (context) { context.respond_to?(:root_url) ? context.root_url : '/' }
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
RSpec.describe Authorizy::Config, '#denied' do
|
|
4
|
+
let!(:config) { described_class.new }
|
|
5
|
+
|
|
6
|
+
context 'with default denied callback' do
|
|
7
|
+
context 'when is a xhr request' do
|
|
8
|
+
let!(:context) do
|
|
9
|
+
double('context',
|
|
10
|
+
params: { controller: 'users', action: 'index' },
|
|
11
|
+
request: OpenStruct.new(xhr?: true)
|
|
12
|
+
)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it 'renders' do
|
|
16
|
+
allow(context).to receive(:render)
|
|
17
|
+
|
|
18
|
+
config.denied.call(context)
|
|
19
|
+
|
|
20
|
+
expect(context).to have_received(:render).with(json: { message: 'Action denied for users#index' }, status: 403)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
context 'when is not a xhr request' do
|
|
25
|
+
let!(:context) do
|
|
26
|
+
double('context',
|
|
27
|
+
params: { controller: 'users', action: 'index' },
|
|
28
|
+
request: OpenStruct.new(xhr?: false)
|
|
29
|
+
)
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
it 'renders' do
|
|
33
|
+
allow(context).to receive(:redirect_to)
|
|
34
|
+
|
|
35
|
+
config.denied.call(context)
|
|
36
|
+
|
|
37
|
+
expect(context).to have_received(:redirect_to).with('/', info: 'Action denied for users#index')
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
context 'with custom denied callback' do
|
|
43
|
+
it 'calls the callback' do
|
|
44
|
+
config.denied = ->(context) { context[:key] }
|
|
45
|
+
|
|
46
|
+
expect(config.denied.call(key: :value)).to eq(:value)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
@@ -23,9 +23,9 @@ RSpec.describe Authorizy::Config, '#redirect_url' do
|
|
|
23
23
|
|
|
24
24
|
context 'when uses custom value' do
|
|
25
25
|
it 'executes what you want' do
|
|
26
|
-
config.redirect_url = ->(context) { context[:
|
|
26
|
+
config.redirect_url = ->(context) { context[:key] }
|
|
27
27
|
|
|
28
|
-
expect(config.redirect_url.call({
|
|
28
|
+
expect(config.redirect_url.call({ key: :value })).to eq(:value)
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
31
|
end
|
|
@@ -3,18 +3,15 @@
|
|
|
3
3
|
require 'support/controllers/dummy_controller'
|
|
4
4
|
|
|
5
5
|
RSpec.describe DummyController, '#authorizy', type: :controller do
|
|
6
|
-
let!(:config) { Authorizy.config }
|
|
7
6
|
let!(:parameters) { ActionController::Parameters.new(key: 'value', controller: 'dummy', action: 'action') }
|
|
8
7
|
let!(:user) { nil }
|
|
9
8
|
|
|
10
|
-
before { allow(Authorizy).to receive(:config).and_return(config) }
|
|
11
|
-
|
|
12
9
|
context 'when user has access' do
|
|
13
10
|
let!(:authorizy_core) { instance_double('Authorizy::Core', access?: true) }
|
|
14
11
|
|
|
15
12
|
before do
|
|
16
13
|
allow(Authorizy::Core).to receive(:new)
|
|
17
|
-
.with(user, parameters, session, cop: config.cop)
|
|
14
|
+
.with(user, parameters, session, cop: Authorizy.config.cop)
|
|
18
15
|
.and_return(authorizy_core)
|
|
19
16
|
end
|
|
20
17
|
|
|
@@ -42,27 +39,16 @@ RSpec.describe DummyController, '#authorizy', type: :controller do
|
|
|
42
39
|
|
|
43
40
|
before do
|
|
44
41
|
allow(Authorizy::Core).to receive(:new)
|
|
45
|
-
.with(user, parameters, session, cop: config.cop)
|
|
42
|
+
.with(user, parameters, session, cop: Authorizy.config.cop)
|
|
46
43
|
.and_return(authorizy_core)
|
|
47
44
|
end
|
|
48
45
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
get :action, xhr: true, params: { key: 'value' }
|
|
46
|
+
it 'calls denied callback' do
|
|
47
|
+
allow(Authorizy.config.denied).to receive(:call)
|
|
52
48
|
|
|
53
|
-
|
|
54
|
-
expect(response.status).to be(401)
|
|
55
|
-
end
|
|
56
|
-
end
|
|
49
|
+
get :action, xhr: true, params: { key: 'value' }
|
|
57
50
|
|
|
58
|
-
|
|
59
|
-
it 'receives the default values and do not denied the access' do
|
|
60
|
-
get :action, params: { key: 'value' }
|
|
61
|
-
|
|
62
|
-
expect(response).to redirect_to '/'
|
|
63
|
-
|
|
64
|
-
# expect(flash[:info]).to eq('Action denied for dummy#action') # TODO: get flash message
|
|
65
|
-
end
|
|
51
|
+
expect(Authorizy.config.denied).to have_received(:call).with(subject)
|
|
66
52
|
end
|
|
67
53
|
end
|
|
68
54
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authorizy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Washington Botelho
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-09-
|
|
11
|
+
date: 2021-09-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -163,6 +163,7 @@ files:
|
|
|
163
163
|
- spec/authorizy/config/aliases_spec.rb
|
|
164
164
|
- spec/authorizy/config/cop_spec.rb
|
|
165
165
|
- spec/authorizy/config/current_user_spec.rb
|
|
166
|
+
- spec/authorizy/config/denied_spec.rb
|
|
166
167
|
- spec/authorizy/config/dependencies_spec.rb
|
|
167
168
|
- spec/authorizy/config/field_spec.rb
|
|
168
169
|
- spec/authorizy/config/initialize_spec.rb
|
|
@@ -217,6 +218,7 @@ test_files:
|
|
|
217
218
|
- spec/authorizy/config/aliases_spec.rb
|
|
218
219
|
- spec/authorizy/config/cop_spec.rb
|
|
219
220
|
- spec/authorizy/config/current_user_spec.rb
|
|
221
|
+
- spec/authorizy/config/denied_spec.rb
|
|
220
222
|
- spec/authorizy/config/dependencies_spec.rb
|
|
221
223
|
- spec/authorizy/config/field_spec.rb
|
|
222
224
|
- spec/authorizy/config/initialize_spec.rb
|