cancancan_resource_controller 0.0.2 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/cancancan/abstract_resource_controller.rb +18 -149
- data/lib/cancancan/configuration.rb +10 -0
- data/lib/cancancan/version.rb +5 -0
- data/lib/cancancan_resource_controller.rb +24 -1
- metadata +17 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d65b84894faeb3238628a9b7171979e7b6e472aaac77c0a6012e03393560a38b
|
4
|
+
data.tar.gz: 610df250cf0731176e364771e64e0fbc5e0c661e143d26060a7b580472811fd8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2be5a3c7cbcdf9589435a6b2b57da0c5fde6454768441528da2a2e1ddaa80526aaf668a68ceee8b3c5f311dec7da16bf6c2445e831bad7fab4165faa2a93a656
|
7
|
+
data.tar.gz: 80caf64d6786139549aca8617c2fb4e8f194589877b477d5f67ecc947c40e47ff6768afce7cd3722af8b063432cb4e71478502fa32a1c2fb60bfd1df4b5da47a
|
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'cancancan_nested_assignment_and_authorization'
|
1
2
|
# How to utilize CanCan Permissions to work with this controller:
|
2
3
|
module CanCanCan
|
3
4
|
module AbstractResourceController
|
@@ -11,14 +12,6 @@ module CanCanCan
|
|
11
12
|
MAX_ASSOCIATIVE_NESTED_DEPTH = 60
|
12
13
|
REGEX_FOR_HTML_TAG_DETECTION = /.*\<\/?[^_\W]+\>.*/
|
13
14
|
|
14
|
-
# to handle adding/removing associations by "_ids" suffix
|
15
|
-
IDS_ATTIB_PERMISSION_KEY_GEN = Proc.new { |assoc_key| "#{assoc_key.to_s.singularize}_ids".to_sym }
|
16
|
-
IDS_ACTION_PERMISSION_KEY_GEN = Proc.new { |assoc_key| "_can_add_or_remove_association_#{assoc_key.to_s}".to_sym }
|
17
|
-
|
18
|
-
# to handle updating nested attributes
|
19
|
-
NESTED_ATTIB_PERMISSION_KEY_GEN = Proc.new { |assoc_key| "#{assoc_key.to_s}_attributes".to_sym }
|
20
|
-
NESTED_ACTION_PERMISSION_KEY_GEN = Proc.new { |assoc_key| "_can_update_association_#{assoc_key.to_s}".to_sym }
|
21
|
-
|
22
15
|
# For Read-Only fields
|
23
16
|
# - define this on your class model
|
24
17
|
# optional allowlist for incoming parameters for the implemented resource
|
@@ -95,15 +88,13 @@ module CanCanCan
|
|
95
88
|
# Allow @resource to be set from subclass controller
|
96
89
|
@resource ||= @resource_class.find(params[:id])
|
97
90
|
authorize! :show, @resource
|
98
|
-
|
91
|
+
|
99
92
|
respond_with_resource
|
100
93
|
end
|
101
94
|
|
102
95
|
def new
|
103
96
|
authorize! :create, @resource_class
|
104
97
|
@resource ||= @resource_class.new(resource_params)
|
105
|
-
# 2nd auth on the object itself
|
106
|
-
# Not authing on the nested resources, that could have come in as nested attributes.
|
107
98
|
authorize! :create, @resource
|
108
99
|
|
109
100
|
respond_with_resource
|
@@ -125,17 +116,16 @@ module CanCanCan
|
|
125
116
|
|
126
117
|
def create
|
127
118
|
authorize! :create, @resource_class
|
128
|
-
|
119
|
+
@resource ||= @resource_class.new
|
129
120
|
|
130
|
-
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
authorize! :create, @resource
|
121
|
+
service = CanCanCan::AssignmentAndAuthorization.new(
|
122
|
+
current_ability,
|
123
|
+
action_name,
|
124
|
+
@resource,
|
125
|
+
clean_parameter_data(params)
|
126
|
+
)
|
137
127
|
|
138
|
-
if
|
128
|
+
if service.call
|
139
129
|
respond_with_resource
|
140
130
|
else
|
141
131
|
begin
|
@@ -152,25 +142,14 @@ module CanCanCan
|
|
152
142
|
def update
|
153
143
|
authorize! :update, @resource_class
|
154
144
|
@resource ||= @resource_class.find(params[:id])
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
163
|
-
raise ActiveRecord::Rollback
|
164
|
-
end
|
165
|
-
end
|
166
|
-
|
167
|
-
unless second_authorize
|
168
|
-
raise CanCan::AccessDenied.new("Not authorized!", action_name.to_sym, @resource)
|
169
|
-
end
|
170
|
-
|
171
|
-
# 2nd auth, on the updates of the object, without saving, so we can rollback without auth.
|
172
|
-
# authorize! :update, @resource
|
173
|
-
if @resource.save
|
145
|
+
service = CanCanCan::AssignmentAndAuthorization.new(
|
146
|
+
current_ability,
|
147
|
+
action_name,
|
148
|
+
@resource,
|
149
|
+
clean_parameter_data(params)
|
150
|
+
)
|
151
|
+
|
152
|
+
if service.call
|
174
153
|
respond_with_resource
|
175
154
|
else
|
176
155
|
begin
|
@@ -245,36 +224,6 @@ module CanCanCan
|
|
245
224
|
return resource_query
|
246
225
|
end
|
247
226
|
|
248
|
-
# can pass in custom method to supplant 'param.permit', like if you wanted to whitelist a hash instead of params.
|
249
|
-
# ex: CanCanCanResourceController#deactivate_helper, permits on fake params: ActionController::Parameters.new(deactive_params)
|
250
|
-
def resource_params resource_object = nil, opts = {}, &block
|
251
|
-
local_action_name = opts[:custom_action_name] || action_name
|
252
|
-
allowlist_permitted = get_nested_attributes_for_class(@resource_class, local_action_name.to_sym, resource_object)
|
253
|
-
|
254
|
-
# # Rails kludge, issue with allowing parameters with empty arrays
|
255
|
-
# # Needs to be nested, recursive
|
256
|
-
# # Updating params in-place
|
257
|
-
# params.each do |key, value|
|
258
|
-
# if key.to_s =~ /(.*)_ids/ && (value == "remove" || value == ["remove"])
|
259
|
-
# params[key] = []
|
260
|
-
# end
|
261
|
-
# end
|
262
|
-
|
263
|
-
if block_given?
|
264
|
-
params_with_only_allowed_parameters = yield(allowlist_permitted)
|
265
|
-
else
|
266
|
-
params_with_only_allowed_parameters = param_permit(allowlist_permitted)
|
267
|
-
end
|
268
|
-
|
269
|
-
# sanitize all input.
|
270
|
-
sanitized_params_with_only_allowed_parameters = clean_parameter_data(params_with_only_allowed_parameters)
|
271
|
-
|
272
|
-
# recast type (and have to re-permit)
|
273
|
-
sanitized_params_with_only_allowed_parameters = ActionController::Parameters.new(sanitized_params_with_only_allowed_parameters).permit(allowlist_permitted)
|
274
|
-
|
275
|
-
return sanitized_params_with_only_allowed_parameters
|
276
|
-
end
|
277
|
-
|
278
227
|
# recursive
|
279
228
|
# src: https://apidock.com/rails/v5.2.3/ActionView/Helpers/SanitizeHelper/sanitize
|
280
229
|
def clean_parameter_data param_value
|
@@ -311,86 +260,6 @@ module CanCanCan
|
|
311
260
|
end
|
312
261
|
end
|
313
262
|
|
314
|
-
# Not checking instances of classes. What if they are object-state dependent?
|
315
|
-
# Need to run them again, after object instantiation, but in a different method.
|
316
|
-
def get_nested_attributes_for_class resource_class, action_name, root_level_object, depth = 0
|
317
|
-
raise "invalid action class: #{action_name.class}" if !action_name.is_a?(Symbol)
|
318
|
-
association_parameters = []
|
319
|
-
if depth > MAX_ASSOCIATIVE_NESTED_DEPTH
|
320
|
-
return association_parameters
|
321
|
-
end
|
322
|
-
|
323
|
-
# Handle resource_class attribs
|
324
|
-
# issue here is the 'action_name' on the root 'resource_class' may not be the action that the user has for the 'assoc_class'
|
325
|
-
# i.e:
|
326
|
-
# We may want the user to update Account, and create attachments on it, but not 'update' attachments.
|
327
|
-
if depth == 0
|
328
|
-
association_parameters = current_ability.permitted_attributes(action_name, (root_level_object || resource_class))
|
329
|
-
else
|
330
|
-
association_parameters = current_ability.permitted_attributes(action_name, resource_class)
|
331
|
-
end
|
332
|
-
|
333
|
-
if resource_class.const_defined?('RESOURCE_CONTROLLER_ATTRIB_ALLOWLIST') && !resource_class::RESOURCE_CONTROLLER_ATTRIB_ALLOWLIST.nil?
|
334
|
-
association_parameters &= resource_class::RESOURCE_CONTROLLER_ATTRIB_ALLOWLIST
|
335
|
-
end
|
336
|
-
|
337
|
-
# remove customized, non-params, assoc' attrib data by only allowing class columns
|
338
|
-
association_parameters &= resource_class.column_names.collect(&:to_sym)
|
339
|
-
|
340
|
-
resource_class.reflect_on_all_associations(:has_many).each do |assoc_class|
|
341
|
-
resource_key = assoc_class.name
|
342
|
-
# attrib_permission_key = (resource_key.to_s.singularize + '_ids').to_sym
|
343
|
-
attrib_permission_key = IDS_ATTIB_PERMISSION_KEY_GEN.call(resource_key)
|
344
|
-
# action_permission_key = ('_can_add_or_remove_association_' + resource_key.to_s).to_sym
|
345
|
-
action_permission_key = IDS_ACTION_PERMISSION_KEY_GEN.call(resource_key)
|
346
|
-
# i.e. can?(:can_participation_ids, Account)
|
347
|
-
# Check to see if we manually gave the user a custom permission
|
348
|
-
# # (i.e.: can [:update, :can_account_sector_ids], Account)
|
349
|
-
# OR
|
350
|
-
# see if it has the attribute on the class's allowed params
|
351
|
-
if can?(action_permission_key, resource_class) || can?(action_name, resource_class, attrib_permission_key)
|
352
|
-
association_parameters << {
|
353
|
-
attrib_permission_key => []
|
354
|
-
}
|
355
|
-
end
|
356
|
-
end
|
357
|
-
|
358
|
-
resource_class.nested_attributes_options.each do |resource_key, options|
|
359
|
-
reflection_class = resource_class.reflect_on_association(resource_key).class
|
360
|
-
reflection_type = reflection_class.name
|
361
|
-
assoc_class = resource_class.reflect_on_association(resource_key).klass
|
362
|
-
|
363
|
-
if [
|
364
|
-
"ActiveRecord::Reflection::BelongsToReflection",
|
365
|
-
"ActiveRecord::Reflection::HasOneReflection",
|
366
|
-
"ActiveRecord::Reflection::HasManyReflection"
|
367
|
-
].include?(reflection_type)
|
368
|
-
parameter_key = NESTED_ATTIB_PERMISSION_KEY_GEN.call(resource_key)
|
369
|
-
permission_key = NESTED_ACTION_PERMISSION_KEY_GEN.call(resource_key)
|
370
|
-
|
371
|
-
# Can check if permission to update assoc is defined as an action OR as an attrib on the parent resource_class
|
372
|
-
if can?(permission_key, resource_class) || can?(action_name, resource_class, parameter_key)
|
373
|
-
# Handle recursion
|
374
|
-
assoc_parameters = get_nested_attributes_for_class(assoc_class, action_name, root_level_object, depth + 1)
|
375
|
-
|
376
|
-
if options[:allow_destroy] && can?(:destroy, resource_class)
|
377
|
-
assoc_parameters << :_destroy
|
378
|
-
end
|
379
|
-
|
380
|
-
association_parameters << {
|
381
|
-
parameter_key => assoc_parameters
|
382
|
-
}
|
383
|
-
end
|
384
|
-
end
|
385
|
-
end
|
386
|
-
|
387
|
-
return association_parameters
|
388
|
-
end
|
389
|
-
|
390
|
-
def param_permit base_parameters
|
391
|
-
params.permit(base_parameters)
|
392
|
-
end
|
393
|
-
|
394
263
|
def initialize_resource_class
|
395
264
|
# First priority is the namespaced model, e.g. User::Group
|
396
265
|
@resource_class ||= begin
|
@@ -1,4 +1,27 @@
|
|
1
|
+
require_relative 'cancancan/configuration'
|
1
2
|
require_relative 'cancancan/abstract_resource_controller'
|
3
|
+
require_relative 'cancancan/version'
|
2
4
|
|
3
5
|
# include the extension
|
4
|
-
# ActiveRecord::Base.send(:include, Serializer::Concern)
|
6
|
+
# ActiveRecord::Base.send(:include, Serializer::Concern)
|
7
|
+
|
8
|
+
module CanCanCan
|
9
|
+
module AbstractResourceController
|
10
|
+
# config src: http://lizabinante.com/blog/creating-a-configurable-ruby-gem/
|
11
|
+
class << self
|
12
|
+
attr_accessor :configuration
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.configuration
|
16
|
+
@configuration ||= Configuration.new
|
17
|
+
end
|
18
|
+
|
19
|
+
def self.reset
|
20
|
+
@configuration = Configuration.new
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.configure
|
24
|
+
yield(configuration)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cancancan_resource_controller
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- benjamin.dana.software.dev@gmail.com
|
@@ -30,6 +30,20 @@ dependencies:
|
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: 3.5.0
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: cancancan_nested_auth
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ">="
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
type: :runtime
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - ">="
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '0'
|
33
47
|
- !ruby/object:Gem::Dependency
|
34
48
|
name: rails
|
35
49
|
requirement: !ruby/object:Gem::Requirement
|
@@ -121,6 +135,8 @@ extensions: []
|
|
121
135
|
extra_rdoc_files: []
|
122
136
|
files:
|
123
137
|
- lib/cancancan/abstract_resource_controller.rb
|
138
|
+
- lib/cancancan/configuration.rb
|
139
|
+
- lib/cancancan/version.rb
|
124
140
|
- lib/cancancan_resource_controller.rb
|
125
141
|
homepage: https://github.com/danabr75/cancancan_resource_controller
|
126
142
|
licenses:
|