caber 0.2.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 32626bb698069dab3797b3fe532bce89def4fc6a91c0662e030b93df58c7b0c4
4
- data.tar.gz: 999efb197f1567376feb709b6d2e77d83d2d4d0f79e42ecdae8c7e2429997f9d
3
+ metadata.gz: 3e3022bcc88c31576a8e8f204063bb1cb3a3a2365cee60f5d5d8769779821719
4
+ data.tar.gz: 9509f57e488c365e11cba921957db94d0f518e476f5457f56c8f12a39c160f54
5
5
  SHA512:
6
- metadata.gz: 67c2028ca5dd0aead722b9ea20961c41e2fe8fe6733c4b68b732f08f4292b32b568ac7f3b6e49d0f30168b01cc7c78ff457f319410c7e504856640c57800c605
7
- data.tar.gz: 868d630bf81d19a45b9ff058cdac098ccb6115f985e1a9c0426e30243ed6b36e8dbf2b16b3da1a68e889906d2b571cf1aed9beac62ed9ce4940f6ee638cec7a9
6
+ metadata.gz: 6c3fb313ae9125c1bf96a857be7abc2b8c2dead1aa4a8e1c9347d08c3e3b2dbe634e6919dac1ccafb673e97002855d0b1ded604fc77d64e4da1b0055b8ba744e
7
+ data.tar.gz: bb2d952b4fe708bc50194f167bf11cd01fdfdaf5d02a64a50a9c2cd8d3d8f66d0980d84f1c1922f54237cf216bd958788edbbe0b447f7229381c6bf211ed9f52
data/README.md CHANGED
@@ -1,6 +1,11 @@
1
1
  # Caber
2
2
 
3
- A simple ReBAC / Zanzibar gem for Rails apps.
3
+ ![Gem Downloads (for latest version)](https://img.shields.io/gem/dtv/caber)
4
+ ![Libraries.io dependency status for latest release](https://img.shields.io/librariesio/release/rubygems/caber)
5
+ ![Dependent repos (via libraries.io)](https://img.shields.io/librariesio/dependent-repos/rubygems/caber)
6
+
7
+
8
+ A simple [ReBAC](https://en.wikipedia.org/wiki/Relationship-based_access_control) / [Zanzibar](https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/) backend plugin for Rails apps. Allows you to easily specify permission relationships between pairs of objects, e.g. granting edit permission on a document to a specific user, like in Google Docs.
4
9
 
5
10
  ## Installation
6
11
 
@@ -114,6 +119,57 @@ document.revoke_permission("viewer", user)
114
119
  document.revoke_all_permissions(user)
115
120
  ```
116
121
 
122
+ ### Finding objects
123
+
124
+ You can get lists of objects that a user has some permission on:
125
+
126
+ ```
127
+ Document.granted_to "viewer", user
128
+ # => All the documents that user has "viewer" permission on
129
+ ```
130
+
131
+ ## Usage with other gems
132
+
133
+ ### Pundit
134
+
135
+ Caber makes for nice clear [Pundit](https://github.com/varvet/pundit) policies:
136
+
137
+ ```
138
+ class DocumentPolicy < ApplicationPolicy
139
+ class Scope < ApplicationPolicy::Scope
140
+ def resolve
141
+ scope.granted_to(["viewer", "editor", "owner"], user)
142
+ end
143
+ end
144
+
145
+ def update?
146
+ record.grants_permission_to? ["editor", "owner"], user
147
+ end
148
+ end
149
+ ```
150
+
151
+ ### Rolify
152
+
153
+ Caber doesn't include groups specifically, but you can integrate it easily with a role management gem like [Rolify](https://github.com/RolifyCommunity/rolify) pretty easily. Make your Role class a subject, and you can grant permissions to roles:
154
+
155
+ ```
156
+ class Document < ApplicationRecord
157
+ include Caber::Object
158
+ can_grant_permissions_to Role
159
+ end
160
+
161
+ class Role < ApplicationRecord
162
+ include Caber::Subject
163
+ can_have_permissions_on Document
164
+
165
+ scopify
166
+ end
167
+
168
+ document.grant_permission_to "editor", Role.find_by(name: "editor")
169
+
170
+ User.with_role(document.permitted_roles.with_permission("editor"))
171
+ # => all users with a role that can edit the document
172
+ ```
117
173
 
118
174
  ## Development
119
175
 
@@ -123,11 +179,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
123
179
 
124
180
  ## Contributing
125
181
 
126
- Bug reports and pull requests are welcome on GitHub at https://github.com/manyfold3d/caber. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
127
-
128
- ## Code of Conduct
129
-
130
- Everyone interacting in the Caber project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/manyfold3d/caber/blob/master/CODE_OF_CONDUCT.md).
182
+ Bug reports and pull requests are welcome on GitHub at https://github.com/manyfold3d/caber. This project is intended to be a safe, welcoming space for collaboration; everyone interacting in the Caber project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/manyfold3d/caber/blob/master/CODE_OF_CONDUCT.md).
131
183
 
132
184
  ## Acknowledgements
133
185
 
@@ -135,3 +187,5 @@ This gem was created as part of [Manyfold](https://manyfold.app), with funding f
135
187
 
136
188
  [<img src="https://nlnet.nl/logo/banner.png" alt="NLnet foundation logo" width="20%" />](https://nlnet.nl)
137
189
  [<img src="https://nlnet.nl/image/logos/NGI0_tag.svg" alt="NGI Zero Logo" width="20%" />](https://nlnet.nl/entrust)
190
+
191
+ Name: `"ReBAC".downcase.reverse`
@@ -8,6 +8,13 @@ module Caber::Object
8
8
  def self.can_grant_permissions_to(model)
9
9
  has_many :"permitted_#{model.name.pluralize.parameterize}", through: :caber_relations, source: :subject, source_type: model.name
10
10
  end
11
+
12
+ scope :granted_to, ->(permission, subject) {
13
+ includes(:caber_relations).where(
14
+ "caber_relations.subject": subject,
15
+ "caber_relations.permission": permission
16
+ )
17
+ }
11
18
  end
12
19
 
13
20
  def grant_permission_to(permission, subject)
data/lib/caber/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Caber
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: caber
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Smith