avo 0.4.5 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of avo might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/app/controllers/avo/application_controller.rb +12 -1
- data/app/controllers/avo/resource_overview_controller.rb +1 -6
- data/app/controllers/avo/resources_controller.rb +8 -14
- data/app/controllers/avo/search_controller.rb +3 -3
- data/app/views/layouts/avo/_javascript.html.erb +1 -1
- data/lib/avo/app/services/authorization_service.rb +8 -0
- data/lib/avo/configuration.rb +12 -0
- data/lib/avo/version.rb +1 -1
- data/lib/generators/avo/templates/initializer/avo.rb +37 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f524eb45dfab913083b9fc23de6c35146d59436336d3e444ae8b525b9a70e6b2
|
|
4
|
+
data.tar.gz: 4075e8ca48aff4aa7cbd21a52ee6b6e67535a0bcf69652ed3f9298d39fbfde2f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e3c1a13390fee90c6fb892eeae21d66151a66aa29055d16437251060f341bd86eba8315caf0a249330ee5d5f4b1943276cf79862e0bb361ec07f5ba7df50fc1d
|
|
7
|
+
data.tar.gz: 402ded6bc6111f30321d03eb2282895acdc25761567efb42e260e7c971854a305022f13afe8d300c947792796e2e5fe17c0f36204938ce14c05f4679cc214ccc
|
data/Gemfile.lock
CHANGED
|
@@ -3,6 +3,9 @@ module Avo
|
|
|
3
3
|
rescue_from ActiveRecord::RecordInvalid, with: :exception_logger
|
|
4
4
|
protect_from_forgery with: :exception
|
|
5
5
|
before_action :init_app
|
|
6
|
+
before_action :_authenticate!
|
|
7
|
+
|
|
8
|
+
helper_method :_current_user
|
|
6
9
|
|
|
7
10
|
def init_app
|
|
8
11
|
Avo::App.boot if Avo::IN_DEVELOPMENT
|
|
@@ -22,6 +25,10 @@ module Avo
|
|
|
22
25
|
end
|
|
23
26
|
end
|
|
24
27
|
|
|
28
|
+
def _current_user
|
|
29
|
+
instance_eval(&Avo.configuration.current_user)
|
|
30
|
+
end
|
|
31
|
+
|
|
25
32
|
private
|
|
26
33
|
def resource
|
|
27
34
|
eager_load_files(resource_model).find params[:id]
|
|
@@ -54,11 +61,15 @@ module Avo
|
|
|
54
61
|
record = resource
|
|
55
62
|
end
|
|
56
63
|
|
|
57
|
-
return render_unauthorized unless AuthorizationService::authorize_action
|
|
64
|
+
return render_unauthorized unless AuthorizationService::authorize_action _current_user, record, params[:action]
|
|
58
65
|
end
|
|
59
66
|
|
|
60
67
|
def render_unauthorized
|
|
61
68
|
render json: { message: I18n.t('avo.unauthorized') }, status: 403
|
|
62
69
|
end
|
|
70
|
+
|
|
71
|
+
def _authenticate!
|
|
72
|
+
instance_eval(&Avo.configuration.authenticate)
|
|
73
|
+
end
|
|
63
74
|
end
|
|
64
75
|
end
|
|
@@ -4,7 +4,7 @@ module Avo
|
|
|
4
4
|
class ResourceOverviewController < ApplicationController
|
|
5
5
|
def index
|
|
6
6
|
resources = App.get_resources
|
|
7
|
-
.select { |resource| AuthorizationService::authorize
|
|
7
|
+
.select { |resource| AuthorizationService::authorize _current_user, resource.model, Avo.configuration.authorization_methods.stringify_keys['index'] }
|
|
8
8
|
.sort_by(&:name)
|
|
9
9
|
.map do |resource|
|
|
10
10
|
{
|
|
@@ -20,10 +20,5 @@ module Avo
|
|
|
20
20
|
hide_docs: Avo.configuration.hide_documentation_link,
|
|
21
21
|
}
|
|
22
22
|
end
|
|
23
|
-
|
|
24
|
-
private
|
|
25
|
-
def session_user
|
|
26
|
-
current_user.present? ? current_user : nil
|
|
27
|
-
end
|
|
28
23
|
end
|
|
29
24
|
end
|
|
@@ -10,14 +10,14 @@ module Avo
|
|
|
10
10
|
params[:sort_by] = params[:sort_by].present? ? params[:sort_by] : :created_at
|
|
11
11
|
params[:sort_direction] = params[:sort_direction].present? ? params[:sort_direction] : :desc
|
|
12
12
|
|
|
13
|
-
query = AuthorizationService.with_policy
|
|
13
|
+
query = AuthorizationService.with_policy _current_user, resource_model
|
|
14
14
|
|
|
15
15
|
if params[:via_resource_name].present? and params[:via_resource_id].present? and params[:via_relationship].present?
|
|
16
16
|
# get the related resource (via_resource)
|
|
17
17
|
related_model = App.get_resource_by_name(params[:via_resource_name]).model
|
|
18
18
|
|
|
19
19
|
relation = related_model.find(params[:via_resource_id]).public_send(params[:via_relationship])
|
|
20
|
-
query = AuthorizationService.with_policy
|
|
20
|
+
query = AuthorizationService.with_policy _current_user, relation
|
|
21
21
|
|
|
22
22
|
params[:per_page] = Avo.configuration.via_per_page
|
|
23
23
|
elsif ['has_many', 'has_and_belongs_to_many'].include? params[:for_relation]
|
|
@@ -52,7 +52,7 @@ module Avo
|
|
|
52
52
|
|
|
53
53
|
resources_with_fields = []
|
|
54
54
|
resources.each do |resource|
|
|
55
|
-
resources_with_fields << Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :index, user:
|
|
55
|
+
resources_with_fields << Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :index, user: _current_user)
|
|
56
56
|
end
|
|
57
57
|
|
|
58
58
|
render json: {
|
|
@@ -66,7 +66,7 @@ module Avo
|
|
|
66
66
|
|
|
67
67
|
def show
|
|
68
68
|
render json: {
|
|
69
|
-
resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: @view || :show, user:
|
|
69
|
+
resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: @view || :show, user: _current_user),
|
|
70
70
|
}
|
|
71
71
|
end
|
|
72
72
|
|
|
@@ -94,7 +94,7 @@ module Avo
|
|
|
94
94
|
|
|
95
95
|
render json: {
|
|
96
96
|
success: true,
|
|
97
|
-
resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :show, user:
|
|
97
|
+
resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :show, user: _current_user),
|
|
98
98
|
message: I18n.t('avo.resource_updated'),
|
|
99
99
|
}
|
|
100
100
|
end
|
|
@@ -117,14 +117,14 @@ module Avo
|
|
|
117
117
|
|
|
118
118
|
render json: {
|
|
119
119
|
success: true,
|
|
120
|
-
resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :create, user:
|
|
120
|
+
resource: Avo::Resources::Resource.hydrate_resource(model: resource, resource: avo_resource, view: :create, user: _current_user),
|
|
121
121
|
message: I18n.t('avo.resource_created'),
|
|
122
122
|
}
|
|
123
123
|
end
|
|
124
124
|
|
|
125
125
|
def new
|
|
126
126
|
render json: {
|
|
127
|
-
resource: Avo::Resources::Resource.hydrate_resource(model: resource_model.new, resource: avo_resource, view: :create, user:
|
|
127
|
+
resource: Avo::Resources::Resource.hydrate_resource(model: resource_model.new, resource: avo_resource, view: :create, user: _current_user),
|
|
128
128
|
}
|
|
129
129
|
end
|
|
130
130
|
|
|
@@ -256,13 +256,7 @@ module Avo
|
|
|
256
256
|
available_view_types: avo_resource.available_view_types,
|
|
257
257
|
default_view_type: avo_resource.default_view_type || Avo.configuration.default_view_type,
|
|
258
258
|
translation_key: avo_resource.translation_key,
|
|
259
|
-
authorization:
|
|
260
|
-
create: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['create']),
|
|
261
|
-
edit: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['edit']),
|
|
262
|
-
update: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['update']),
|
|
263
|
-
show: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['show']),
|
|
264
|
-
destroy: AuthorizationService::authorize(current_user, avo_resource.model, Avo.configuration.authorization_methods.stringify_keys['destroy']),
|
|
265
|
-
},
|
|
259
|
+
authorization: AuthorizationService::authorized_methods(_current_user, avo_resource.model)
|
|
266
260
|
}
|
|
267
261
|
end
|
|
268
262
|
end
|
|
@@ -9,7 +9,7 @@ module Avo
|
|
|
9
9
|
|
|
10
10
|
resources_to_search_through = App.get_resources
|
|
11
11
|
.select { |resource| resource.search.present? }
|
|
12
|
-
.select { |resource| AuthorizationService.authorize_action
|
|
12
|
+
.select { |resource| AuthorizationService.authorize_action _current_user, resource.model, 'index' }
|
|
13
13
|
.each do |resource_model|
|
|
14
14
|
found_resources = add_link_to_search_results(search_resource(resource_model), resource_model)
|
|
15
15
|
resources.push({
|
|
@@ -41,7 +41,7 @@ module Avo
|
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
def search_resource(avo_resource)
|
|
44
|
-
avo_resource.query_search(query: params[:q], via_resource_name: params[:via_resource_name], via_resource_id: params[:via_resource_id], user:
|
|
44
|
+
avo_resource.query_search(query: params[:q], via_resource_name: params[:via_resource_name], via_resource_id: params[:via_resource_id], user: _current_user)
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
def authorize_user
|
|
@@ -49,7 +49,7 @@ module Avo
|
|
|
49
49
|
|
|
50
50
|
action = params[:action] == 'resource' ? :index : params[:action]
|
|
51
51
|
|
|
52
|
-
return render_unauthorized unless AuthorizationService::authorize_action
|
|
52
|
+
return render_unauthorized unless AuthorizationService::authorize_action _current_user, avo_resource.model, action
|
|
53
53
|
end
|
|
54
54
|
end
|
|
55
55
|
end
|
|
@@ -4,5 +4,5 @@
|
|
|
4
4
|
var locale = '<%= Avo.configuration.locale %>';
|
|
5
5
|
var defaultViewType = '<%= Avo.configuration.default_view_type %>';
|
|
6
6
|
var license = <%= Avo::App.license.properties.to_json.html_safe %>;
|
|
7
|
-
var avoResources = <%= Avo::App.get_available_resources(
|
|
7
|
+
var avoResources = <%= Avo::App.get_available_resources(_current_user).as_json.html_safe %>;
|
|
8
8
|
<% end %>
|
|
@@ -3,6 +3,7 @@ module Avo
|
|
|
3
3
|
class << self
|
|
4
4
|
def authorize(user, record, action)
|
|
5
5
|
return true if skip_authorization
|
|
6
|
+
return true if user.nil?
|
|
6
7
|
|
|
7
8
|
begin
|
|
8
9
|
if Pundit.policy user, record
|
|
@@ -24,6 +25,7 @@ module Avo
|
|
|
24
25
|
|
|
25
26
|
def with_policy(user, model)
|
|
26
27
|
return model if skip_authorization
|
|
28
|
+
return model if user.nil?
|
|
27
29
|
|
|
28
30
|
begin
|
|
29
31
|
Pundit.policy_scope! user, model
|
|
@@ -35,6 +37,12 @@ module Avo
|
|
|
35
37
|
def skip_authorization
|
|
36
38
|
Avo::App.license.lacks :authorization
|
|
37
39
|
end
|
|
40
|
+
|
|
41
|
+
def authorized_methods(user, record)
|
|
42
|
+
[:create, :edit, :update, :show, :destroy].map do |method|
|
|
43
|
+
[method, authorize(user, record, Avo.configuration.authorization_methods[method])]
|
|
44
|
+
end.to_h
|
|
45
|
+
end
|
|
38
46
|
end
|
|
39
47
|
end
|
|
40
48
|
end
|
data/lib/avo/configuration.rb
CHANGED
|
@@ -14,6 +14,8 @@ module Avo
|
|
|
14
14
|
attr_accessor :license
|
|
15
15
|
attr_accessor :license_key
|
|
16
16
|
attr_accessor :authorization_methods
|
|
17
|
+
attr_accessor :authenticate
|
|
18
|
+
attr_accessor :current_user
|
|
17
19
|
|
|
18
20
|
def initialize
|
|
19
21
|
@root_path = '/avo'
|
|
@@ -29,6 +31,8 @@ module Avo
|
|
|
29
31
|
@hide_documentation_link = false
|
|
30
32
|
@license = 'community'
|
|
31
33
|
@license_key = nil
|
|
34
|
+
@current_user = proc {}
|
|
35
|
+
@authenticate = proc {}
|
|
32
36
|
@authorization_methods = {
|
|
33
37
|
index: 'index?',
|
|
34
38
|
show: 'show?',
|
|
@@ -51,6 +55,14 @@ module Avo
|
|
|
51
55
|
'en'
|
|
52
56
|
end
|
|
53
57
|
end
|
|
58
|
+
|
|
59
|
+
def current_user_method(&block)
|
|
60
|
+
@current_user = block if block.present?
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def authenticate_with(&block)
|
|
64
|
+
@authenticate = block if block.present?
|
|
65
|
+
end
|
|
54
66
|
end
|
|
55
67
|
|
|
56
68
|
def self.configuration
|
data/lib/avo/version.rb
CHANGED
|
@@ -1,5 +1,41 @@
|
|
|
1
1
|
Avo.configure do |config|
|
|
2
|
+
## == Routing ==
|
|
2
3
|
config.root_path = '/<%= options[:path] %>'
|
|
4
|
+
|
|
5
|
+
## == Licensing ==
|
|
3
6
|
config.license = 'community'
|
|
4
|
-
config.license_key =
|
|
7
|
+
# config.license_key = ENV['AVO_LICENSE_KEY']
|
|
8
|
+
|
|
9
|
+
## == Authentication ==
|
|
10
|
+
# config.current_user_method(&:current_user)
|
|
11
|
+
# config.authenticate_with do
|
|
12
|
+
# warden.authenticate! scope: :user
|
|
13
|
+
# end
|
|
14
|
+
|
|
15
|
+
## == Authorization ==
|
|
16
|
+
# config.authorization_methods = {
|
|
17
|
+
# index: 'index?',
|
|
18
|
+
# show: 'show?',
|
|
19
|
+
# edit: 'edit?',
|
|
20
|
+
# new: 'new?',
|
|
21
|
+
# update: 'update?',
|
|
22
|
+
# create: 'create?',
|
|
23
|
+
# destroy: 'destroy?',
|
|
24
|
+
# }
|
|
25
|
+
|
|
26
|
+
## == Localization ==
|
|
27
|
+
|
|
28
|
+
## == Customization ==
|
|
29
|
+
# config.app_name = 'Avocadelicious'
|
|
30
|
+
# config.locale = 'en-US'
|
|
31
|
+
# config.timezone = 'UTC'
|
|
32
|
+
# config.currency = 'USD'
|
|
33
|
+
# config.per_page = 24
|
|
34
|
+
# config.per_page_steps = [12, 24, 48, 72]
|
|
35
|
+
# config.via_per_page = 8
|
|
36
|
+
# config.default_view_type = :table
|
|
37
|
+
|
|
38
|
+
## == Beta version ==
|
|
39
|
+
# config.hide_resource_overview_component = false
|
|
40
|
+
# config.hide_documentation_link = false
|
|
5
41
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: avo
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adrian Marin
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2020-12-
|
|
12
|
+
date: 2020-12-28 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|