bullet_train-roles 0.1.10 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +25 -0
- data/bullet_train-roles.gemspec +1 -1
- data/lib/bullet_train/roles/version.rb +1 -1
- data/lib/roles/permit.rb +13 -13
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 30730d97710a95ccb3a1607d68ec6e41316d421555be035900fbb7e112546bd1
|
4
|
+
data.tar.gz: f22d482d9382f630b7fb200f48469644bca171d12535fef117880a69cfcca5e3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bf8243e967c09351262fbc615f2b61f3d78d72d741a5c6c18ba62cfe8a0c3621ad4219a65768e640d91eaea4b52c930652ecf94323c31861d5222b5738e71790
|
7
|
+
data.tar.gz: 6a8048e3d64762d1578f25b202660606768d38ba6508e89cc7ec33812878d87e139b015286840360d66f04a248b87c2dc3d6b7ef05b76bda70bc1905aa57491b
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -142,6 +142,31 @@ permit user, through: :projects_collaborators, parent: :project
|
|
142
142
|
|
143
143
|
In this example, `permit` is smart enough to only apply the permissions granted by a `Projects::Collaborator` record at the level of the `Project` it belongs to. You can turn any model into a grant model by adding `include Roles::Support` and adding a `role_ids:jsonb` attribute. You can look at `Scaffolding::AbsolutelyAbstract::CreativeConcepts::Collaborator` for an example.
|
144
144
|
|
145
|
+
|
146
|
+
## Restricting Available Roles
|
147
|
+
|
148
|
+
In some situations, you don't want all roles to be available to all Grant Models. For example, you might have a `project_editor` role that only makes sense when applied at the Project level. Note that this is only necessary if you want your project_editor to have more limited permissions than an admin user. If a `project_editor` has full control of their project, you should probably just use the `admin` role.
|
149
|
+
|
150
|
+
By default all Grant Models will show all roles as options. If you want to limit the roles available to a model, use the `roles_only` class method:
|
151
|
+
|
152
|
+
```
|
153
|
+
class Membership < ApplicationRecord
|
154
|
+
include Roles::Support
|
155
|
+
roles_only :admin, :editor, :reader # Add this line to restrict the Membership model to only these roles
|
156
|
+
end
|
157
|
+
```
|
158
|
+
|
159
|
+
To access the array of all roles available for a particular model, use the `assignable_roles` class method. For example, in your Membership form, you probably _only_ want to show the assignable_roles as options. Your view could look like this:
|
160
|
+
|
161
|
+
```
|
162
|
+
<% Membership.assignable_roles.each do |role| %>
|
163
|
+
<% if role.manageable_by?(current_membership.roles) %>
|
164
|
+
<!-- View component for showing a role option. Probably a checkbox -->
|
165
|
+
<% end %>
|
166
|
+
<% end %>
|
167
|
+
```
|
168
|
+
|
169
|
+
|
145
170
|
## Debugging
|
146
171
|
If you want to see what CanCanCan directives are being created by your permit calls, you can add the `debug: true` option to your `permit` statement in `app/models/ability.rb`.
|
147
172
|
|
data/bullet_train-roles.gemspec
CHANGED
@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
|
|
12
12
|
spec.description = "Yaml-backed ApplicationHash for CanCan Roles"
|
13
13
|
spec.homepage = "https://github.com/bullet-train-co/bullet_train-roles"
|
14
14
|
spec.license = "MIT"
|
15
|
-
spec.required_ruby_version = Gem::Requirement.new(">= 2.
|
15
|
+
spec.required_ruby_version = Gem::Requirement.new(">= 2.7.0")
|
16
16
|
|
17
17
|
spec.metadata["homepage_uri"] = spec.homepage
|
18
18
|
spec.metadata["source_code_uri"] = "https://github.com/bullet-train-co/bullet_train-roles"
|
data/lib/roles/permit.rb
CHANGED
@@ -2,11 +2,11 @@
|
|
2
2
|
|
3
3
|
module Roles
|
4
4
|
module Permit
|
5
|
-
def permit(user, through:, parent:, debug: false, intermediary: nil,
|
5
|
+
def permit(user, through:, parent:, debug: false, intermediary: nil, rails_cache_key: nil)
|
6
6
|
# When changing permissions during development, you may also want to do this on each request:
|
7
7
|
# User.update_all ability_cache: nil if Rails.env.development?
|
8
|
-
permissions = if
|
9
|
-
Rails.cache.fetch(
|
8
|
+
permissions = if rails_cache_key
|
9
|
+
Rails.cache.fetch(rails_cache_key) do
|
10
10
|
build_permissions(user, through, parent, intermediary)
|
11
11
|
end
|
12
12
|
else
|
@@ -16,10 +16,10 @@ module Roles
|
|
16
16
|
begin
|
17
17
|
assign_permissions(permissions)
|
18
18
|
rescue NameError => e
|
19
|
-
if
|
19
|
+
if rails_cache_key
|
20
20
|
# Cache has become stale with model classes that no longer exist
|
21
21
|
Rails.logger.info "Found missing models in cache - #{e.message.squish} - building fresh permissions"
|
22
|
-
Rails.cache.delete(
|
22
|
+
Rails.cache.delete(rails_cache_key)
|
23
23
|
permissions = build_permissions(user, through, parent, intermediary)
|
24
24
|
assign_permissions(permissions)
|
25
25
|
else
|
@@ -31,10 +31,10 @@ module Roles
|
|
31
31
|
puts "###########################"
|
32
32
|
puts "Auto generated `ability.rb` content:"
|
33
33
|
permissions.map do |permission|
|
34
|
-
if permission
|
35
|
-
puts permission
|
34
|
+
if permission[:is_debug]
|
35
|
+
puts permission[:info]
|
36
36
|
else
|
37
|
-
puts "can #{permission
|
37
|
+
puts "can #{permission[:actions]}, #{permission[:model]}, #{permission[:condition]}"
|
38
38
|
end
|
39
39
|
end
|
40
40
|
puts "############################"
|
@@ -43,7 +43,7 @@ module Roles
|
|
43
43
|
|
44
44
|
def assign_permissions(permissions)
|
45
45
|
permissions.each do |permission|
|
46
|
-
can(permission
|
46
|
+
can(permission[:actions], permission[:model].constantize, permission[:condition]) unless permission[:is_debug]
|
47
47
|
end
|
48
48
|
end
|
49
49
|
|
@@ -52,14 +52,14 @@ module Roles
|
|
52
52
|
permissions = []
|
53
53
|
user.send(through).map(&:roles).flatten.uniq.each do |role|
|
54
54
|
unless added_roles.include?(role)
|
55
|
-
permissions <<
|
55
|
+
permissions << {is_debug: true, info: "########### ROLE: #{role.key}"}
|
56
56
|
permissions += add_abilities_for(role, user, through, parent, intermediary)
|
57
57
|
added_roles << role
|
58
58
|
end
|
59
59
|
|
60
60
|
role.included_roles.each do |included_role|
|
61
61
|
unless added_roles.include?(included_role)
|
62
|
-
permissions <<
|
62
|
+
permissions << {is_debug: true, info: "############# INCLUDED ROLE: #{included_role.key}"}
|
63
63
|
permissions += add_abilities_for(included_role, user, through, parent, intermediary)
|
64
64
|
end
|
65
65
|
end
|
@@ -72,9 +72,9 @@ module Roles
|
|
72
72
|
permissions = []
|
73
73
|
role.ability_generator(user, through, parent, intermediary) do |ag|
|
74
74
|
permissions << if ag.valid?
|
75
|
-
|
75
|
+
{is_debug: false, actions: ag.actions, model: ag.model.to_s, condition: ag.condition}
|
76
76
|
else
|
77
|
-
|
77
|
+
{is_debug: true, info: "# #{ag.model} does not respond to #{parent} so we're not going to add an ability for the #{through} context"}
|
78
78
|
end
|
79
79
|
end
|
80
80
|
permissions
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: bullet_train-roles
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Prabin Poudel
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2022-
|
12
|
+
date: 2022-12-15 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: byebug
|
@@ -209,7 +209,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
209
209
|
requirements:
|
210
210
|
- - ">="
|
211
211
|
- !ruby/object:Gem::Version
|
212
|
-
version: 2.
|
212
|
+
version: 2.7.0
|
213
213
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
214
214
|
requirements:
|
215
215
|
- - ">="
|