cancanright 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +8 -0
- data/LICENSE +21 -0
- data/README.md +52 -0
- data/lib/cancanright.rb +7 -0
- data/lib/cancanright/ability.rb +9 -0
- data/lib/cancanright/controller_additions.rb +18 -0
- data/lib/cancanright/error.rb +3 -0
- data/lib/cancanright/model/right.rb +21 -0
- data/lib/cancanright/model/role.rb +14 -0
- data/lib/cancanright/role_model.rb +10 -0
- data/lib/cancanright/rule.rb +51 -0
- data/lib/cancanright/version.rb +3 -0
- data/lib/generators/cancanright/ability/USAGE +4 -0
- data/lib/generators/cancanright/ability/ability_generator.rb +11 -0
- data/lib/generators/cancanright/ability/templates/ability.rb +47 -0
- metadata +170 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f9a9182e701015c6a9d10c66a2e0a6d5d2535d1a
|
4
|
+
data.tar.gz: 2b1203da16f841429eb56d165b61ba5de04aded3
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 483a8b9a7d281c555924207e2423fe8a6aecf550c31311030e42f42c871e4eff1662b196c743dbe736db7234da88a8e268d3748592b800573729e1ba14530669
|
7
|
+
data.tar.gz: 3dcee5d48dbc3c89c331caccc6e4e1a8ae7738d949c717d1a46f433e70013132ae911f28e3839f2d1ed81969864794c89f039d36c37d949344315ac5b7d88edb
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
# Change Log
|
2
|
+
All notable changes to this project will be documented in this file.
|
3
|
+
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
|
+
This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
|
5
|
+
|
6
|
+
## [0.0.1] - 2016-12-09
|
7
|
+
### Added
|
8
|
+
- Initial release
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 SeaLink Travel Group
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,52 @@
|
|
1
|
+
# CanCanRight - Database driven rules for CanCan
|
2
|
+
|
3
|
+
[](https://travis-ci.org/sealink/cancanright)
|
4
|
+
|
5
|
+
In order to allow for flexible and fine-grained access control across a large application it may
|
6
|
+
be useful to mange your CanCan abilities in your application's database. With CanCanRight users
|
7
|
+
are assigned many Roles which have many Rights. Rights represent CanCan rules.
|
8
|
+
|
9
|
+
CanCanRight is built for Rails 3+
|
10
|
+
|
11
|
+
|
12
|
+
## Installation
|
13
|
+
|
14
|
+
Add this to your Gemfile:
|
15
|
+
|
16
|
+
gem 'cancanright'
|
17
|
+
|
18
|
+
and run the `bundle install` command.
|
19
|
+
|
20
|
+
|
21
|
+
## Getting Started
|
22
|
+
|
23
|
+
CanCanRight extends upon CanCan's features. It expects a `current_user` method to exist in the
|
24
|
+
controller. For information on getting started with CanCan please visit the
|
25
|
+
[CanCanCan Wiki](https://github.com/CanCanCommunity/cancancan/wiki).
|
26
|
+
|
27
|
+
|
28
|
+
## Defining Abilities
|
29
|
+
|
30
|
+
User permissions are defined in an `Ability` class. CanCanRight includes a Rails generator for
|
31
|
+
creating this class.
|
32
|
+
|
33
|
+
rails g cancanright:ability
|
34
|
+
|
35
|
+
This creates an Ability class with an example of how to create CanCan Rules from Rights.
|
36
|
+
Additionally all of the existing CanCan features for defining abilities are available. See
|
37
|
+
[Defining Abilities](https://github.com/CanCanCommunity/cancancan/wiki/defining-abilities) for
|
38
|
+
details.
|
39
|
+
|
40
|
+
|
41
|
+
## Development
|
42
|
+
|
43
|
+
After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec`
|
44
|
+
to run the tests.
|
45
|
+
|
46
|
+
|
47
|
+
## Contributing
|
48
|
+
|
49
|
+
If you find a bug please add an [issue on GitHub](https://github.com/sealink/cancanright/issues)
|
50
|
+
or fork the project and send a pull request. This project is intended to be a safe, welcoming
|
51
|
+
space for collaboration, and contributors are expected to adhere to the
|
52
|
+
[Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
data/lib/cancanright.rb
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
module CanCanRight
|
2
|
+
module ControllerAdditions
|
3
|
+
def authorize_action!
|
4
|
+
controller = self.rights_from || params[:controller]
|
5
|
+
action = params[:action]
|
6
|
+
|
7
|
+
return if can?(:access, controller) || can?(:access, controller + '#' + action)
|
8
|
+
|
9
|
+
fail CanCan::AccessDenied, "You are not authorized to access this page."
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
if defined? ActionController::Base
|
15
|
+
ActionController::Base.class_eval do
|
16
|
+
include CanCanRight::ControllerAdditions
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module CanCanRight
|
2
|
+
module Model
|
3
|
+
class Right < ActiveRecord::Base
|
4
|
+
has_and_belongs_to_many :roles, :class_name => 'CanCan::Model::Role'
|
5
|
+
|
6
|
+
validates :action, presence: true
|
7
|
+
validates :can, presence: true
|
8
|
+
validates :name, presence: true, uniqueness: true
|
9
|
+
|
10
|
+
scope :ordered, -> { order :name }
|
11
|
+
|
12
|
+
def sensible_name
|
13
|
+
name.humanize.titleize.gsub(/#/, ' - ')
|
14
|
+
end
|
15
|
+
|
16
|
+
def to_s
|
17
|
+
name
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
module CanCanRight
|
2
|
+
module Model
|
3
|
+
class Role < ActiveRecord::Base
|
4
|
+
has_and_belongs_to_many :rights, :class_name => 'CanCanRight::Model::Right'
|
5
|
+
|
6
|
+
validates :title, presence: true, uniqueness: true
|
7
|
+
|
8
|
+
def to_s
|
9
|
+
self.title.try(:titleize)
|
10
|
+
end
|
11
|
+
alias_method :name, :to_s
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
module CanCanRight
|
2
|
+
module RoleModel
|
3
|
+
def self.included(base)
|
4
|
+
base.module_eval 'has_and_belongs_to_many :roles, :class_name => "CanCanRight::Model::Role"'
|
5
|
+
base.module_eval 'has_many :rights, through: :roles, :class_name => "CanCanRight::Model::Right"'
|
6
|
+
|
7
|
+
Model::Role.module_eval "has_and_belongs_to_many :#{base.table_name}"
|
8
|
+
end
|
9
|
+
end
|
10
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
module CanCanRight
|
2
|
+
class Rule
|
3
|
+
def self.rule_for(right)
|
4
|
+
self.new(right).call
|
5
|
+
end
|
6
|
+
|
7
|
+
def initialize(right)
|
8
|
+
@right = right
|
9
|
+
end
|
10
|
+
|
11
|
+
def call
|
12
|
+
validate!
|
13
|
+
|
14
|
+
CanCan::Rule.new(can?, action, subject, conditions, nil)
|
15
|
+
end
|
16
|
+
|
17
|
+
private
|
18
|
+
|
19
|
+
def validate!
|
20
|
+
fail CanCanRight::Error, 'must specify an action' unless @right.action.present?
|
21
|
+
end
|
22
|
+
|
23
|
+
def can?
|
24
|
+
@right.can
|
25
|
+
end
|
26
|
+
|
27
|
+
def action
|
28
|
+
@right.action.to_sym
|
29
|
+
end
|
30
|
+
|
31
|
+
def subject
|
32
|
+
model_class || @right.subject
|
33
|
+
end
|
34
|
+
|
35
|
+
def conditions
|
36
|
+
model_class ? @right.conditions : nil
|
37
|
+
end
|
38
|
+
|
39
|
+
def model_class
|
40
|
+
return nil unless @right.subject.present?
|
41
|
+
|
42
|
+
begin
|
43
|
+
model_class = self.class.const_get(@right.subject)
|
44
|
+
rescue NameError
|
45
|
+
model_class = Class
|
46
|
+
end
|
47
|
+
|
48
|
+
return model_class if model_class.ancestors.include?(ActiveRecord::Base)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
class Ability
|
2
|
+
include CanCanRight::Ability
|
3
|
+
|
4
|
+
def initialize(user)
|
5
|
+
# Define abilities for the passed in user here. For example:
|
6
|
+
#
|
7
|
+
# user ||= User.new # guest user (not logged in)
|
8
|
+
# if user.admin?
|
9
|
+
# can :manage, :all
|
10
|
+
# else
|
11
|
+
# can :read, :all
|
12
|
+
# end
|
13
|
+
#
|
14
|
+
# The first argument to `can` is the action you are giving the user
|
15
|
+
# permission to do.
|
16
|
+
# If you pass :manage it will apply to every action. Other common actions
|
17
|
+
# here are :read, :create, :update and :destroy.
|
18
|
+
#
|
19
|
+
# The second argument is the resource the user can perform the action on.
|
20
|
+
# If you pass :all it will apply to every resource. Otherwise pass a Ruby
|
21
|
+
# class of the resource.
|
22
|
+
#
|
23
|
+
# The third argument is an optional hash of conditions to further filter the
|
24
|
+
# objects.
|
25
|
+
# For example, here the user can only update published articles.
|
26
|
+
#
|
27
|
+
# can :update, Article, :published => true
|
28
|
+
#
|
29
|
+
# See the wiki for details:
|
30
|
+
# https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
|
31
|
+
#
|
32
|
+
# CanCanRight extends upon the default CanCan ability with a useful helper.
|
33
|
+
#
|
34
|
+
# To define an ability for a right you can use:
|
35
|
+
#
|
36
|
+
# add_rule_for(right)
|
37
|
+
#
|
38
|
+
# To automatically define all abilities for a user you can just loop over the association.
|
39
|
+
#
|
40
|
+
# user.rights.each do |right|
|
41
|
+
# add_rule_for(right)
|
42
|
+
# end
|
43
|
+
#
|
44
|
+
# Further abilities to extend or override can be defined as usual.
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
metadata
ADDED
@@ -0,0 +1,170 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cancanright
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Grant Colegate
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-11-22 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: cancancan
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 1.15.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 1.15.0
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: bundler
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 1.12.5
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 1.12.5
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 11.3.0
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 11.3.0
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: 3.5.0
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 3.5.0
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: coverage-kit
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0.1'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0.1'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: simplecov-rcov
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0.2'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0.2'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: coveralls
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0.8'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0.8'
|
125
|
+
description: Database driven rules for CanCan
|
126
|
+
email:
|
127
|
+
- support@travellink.com.au
|
128
|
+
executables: []
|
129
|
+
extensions: []
|
130
|
+
extra_rdoc_files: []
|
131
|
+
files:
|
132
|
+
- CHANGELOG.md
|
133
|
+
- LICENSE
|
134
|
+
- README.md
|
135
|
+
- lib/cancanright.rb
|
136
|
+
- lib/cancanright/ability.rb
|
137
|
+
- lib/cancanright/controller_additions.rb
|
138
|
+
- lib/cancanright/error.rb
|
139
|
+
- lib/cancanright/model/right.rb
|
140
|
+
- lib/cancanright/model/role.rb
|
141
|
+
- lib/cancanright/role_model.rb
|
142
|
+
- lib/cancanright/rule.rb
|
143
|
+
- lib/cancanright/version.rb
|
144
|
+
- lib/generators/cancanright/ability/USAGE
|
145
|
+
- lib/generators/cancanright/ability/ability_generator.rb
|
146
|
+
- lib/generators/cancanright/ability/templates/ability.rb
|
147
|
+
homepage: ''
|
148
|
+
licenses: []
|
149
|
+
metadata: {}
|
150
|
+
post_install_message:
|
151
|
+
rdoc_options: []
|
152
|
+
require_paths:
|
153
|
+
- lib
|
154
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
155
|
+
requirements:
|
156
|
+
- - ">="
|
157
|
+
- !ruby/object:Gem::Version
|
158
|
+
version: '0'
|
159
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
160
|
+
requirements:
|
161
|
+
- - ">="
|
162
|
+
- !ruby/object:Gem::Version
|
163
|
+
version: '0'
|
164
|
+
requirements: []
|
165
|
+
rubyforge_project:
|
166
|
+
rubygems_version: 2.5.1
|
167
|
+
signing_key:
|
168
|
+
specification_version: 4
|
169
|
+
summary: Database driven rules for CanCan
|
170
|
+
test_files: []
|