consul 0.2.3 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of consul might be problematic. Click here for more details.
- data/README.md +27 -0
- data/lib/consul/controller.rb +12 -3
- data/lib/consul/version.rb +1 -1
- data/spec/app_root/app/controllers/cakes_controller.rb +47 -0
- data/spec/app_root/app/models/power.rb +16 -0
- data/spec/app_root/config/routes.rb +2 -0
- data/spec/controllers/cakes_controller_spec.rb +61 -0
- data/spec/controllers/dashboards_controller_spec.rb +1 -1
- data/spec/controllers/risks_controller_spec.rb +1 -1
- data/spec/controllers/songs_controller_spec.rb +1 -1
- data/spec/controllers/users_controller_spec.rb +1 -1
- metadata +37 -33
data/README.md
CHANGED
@@ -137,6 +137,9 @@ You can now use power scopes to control access:
|
|
137
137
|
|
138
138
|
end
|
139
139
|
|
140
|
+
|
141
|
+
### Protect entry into controller actions
|
142
|
+
|
140
143
|
To make sure a power is given before every action in a controller:
|
141
144
|
|
142
145
|
class NotesController < ApplicationController
|
@@ -151,6 +154,27 @@ You can also map different powers to different actions:
|
|
151
154
|
power :notes, :map => { [:edit, :update, :destroy] => :changable_notes }
|
152
155
|
end
|
153
156
|
|
157
|
+
Actions that are not listed in `:map` will get the default action `:notes`.
|
158
|
+
|
159
|
+
Note that in moderately complex authorization scenarios you will often find yourself writing a map like this:
|
160
|
+
|
161
|
+
class NotesController < ApplicationController
|
162
|
+
power :notes, :map => {
|
163
|
+
[:edit, :update] => :updatable_notes
|
164
|
+
[:new, :create] => :creatable_notes
|
165
|
+
[:destroy] => :destroyable_notes
|
166
|
+
}
|
167
|
+
end
|
168
|
+
|
169
|
+
Because this pattern is so common, there is a shortcut `:crud` to do the same:
|
170
|
+
|
171
|
+
class NotesController < ApplicationController
|
172
|
+
power :crud => :notes
|
173
|
+
end
|
174
|
+
|
175
|
+
|
176
|
+
### Auto-mapping a power scope to a controller method
|
177
|
+
|
154
178
|
It is often convenient to map a power scope to a private controller method:
|
155
179
|
|
156
180
|
class NotesController < ApplicationController
|
@@ -165,6 +189,9 @@ It is often convenient to map a power scope to a private controller method:
|
|
165
189
|
|
166
190
|
This is especially useful when you are using a RESTful controller library like [resource_controller](https://github.com/jamesgolick/resource_controller). The mapped method is aware of the `:map` option.
|
167
191
|
|
192
|
+
|
193
|
+
### How to never forget a power check
|
194
|
+
|
168
195
|
You can force yourself to use a `power` check in every controller. This will raise `Consul::UncheckedPower` if you ever forget it:
|
169
196
|
|
170
197
|
class ApplicationController < ActionController::Base
|
data/lib/consul/controller.rb
CHANGED
@@ -51,8 +51,17 @@ module Consul
|
|
51
51
|
skip_power_check filter_options
|
52
52
|
|
53
53
|
power_method = options[:power] || :current_power
|
54
|
+
|
54
55
|
actions_map = (options[:map] || {})
|
55
56
|
|
57
|
+
if crud_resource = options[:crud]
|
58
|
+
default_power ||= crud_resource
|
59
|
+
actions_map[[:show, :index]] = crud_resource.to_sym
|
60
|
+
actions_map[[:new, :create]] = "creatable_#{crud_resource}".to_sym
|
61
|
+
actions_map[[:edit, :update]] = "updatable_#{crud_resource}".to_sym
|
62
|
+
actions_map[:destroy] = "destroyable_#{crud_resource}".to_sym
|
63
|
+
end
|
64
|
+
|
56
65
|
direct_access_method = options[:as]
|
57
66
|
|
58
67
|
# Store arguments for testing
|
@@ -63,14 +72,14 @@ module Consul
|
|
63
72
|
private
|
64
73
|
|
65
74
|
define_method :check_power do
|
66
|
-
send(power_method).include!(
|
75
|
+
send(power_method).include!(power_method_for_action)
|
67
76
|
end
|
68
77
|
|
69
78
|
define_method direct_access_method do
|
70
|
-
send(power_method).send(
|
79
|
+
send(power_method).send(power_method_for_action)
|
71
80
|
end if direct_access_method
|
72
81
|
|
73
|
-
define_method :
|
82
|
+
define_method :power_method_for_action do
|
74
83
|
key = actions_map.keys.detect do |actions|
|
75
84
|
Array(actions).collect(&:to_s).include?(action_name)
|
76
85
|
end
|
data/lib/consul/version.rb
CHANGED
@@ -0,0 +1,47 @@
|
|
1
|
+
class CakesController < ApplicationController
|
2
|
+
|
3
|
+
power :crud => :cakes, :as => :end_of_association_chain
|
4
|
+
|
5
|
+
def show
|
6
|
+
notify_spy
|
7
|
+
end
|
8
|
+
|
9
|
+
def index
|
10
|
+
notify_spy
|
11
|
+
end
|
12
|
+
|
13
|
+
def new
|
14
|
+
notify_spy
|
15
|
+
end
|
16
|
+
|
17
|
+
def create
|
18
|
+
notify_spy
|
19
|
+
end
|
20
|
+
|
21
|
+
def edit
|
22
|
+
notify_spy
|
23
|
+
end
|
24
|
+
|
25
|
+
def update
|
26
|
+
notify_spy
|
27
|
+
end
|
28
|
+
|
29
|
+
def destroy
|
30
|
+
notify_spy
|
31
|
+
end
|
32
|
+
|
33
|
+
def custom_action
|
34
|
+
notify_spy
|
35
|
+
end
|
36
|
+
|
37
|
+
private
|
38
|
+
|
39
|
+
def notify_spy
|
40
|
+
observe_end_of_association_chain(end_of_association_chain)
|
41
|
+
end
|
42
|
+
|
43
|
+
def observe_end_of_association_chain(scope)
|
44
|
+
# spy for spec
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
@@ -29,6 +29,22 @@ class Power
|
|
29
29
|
nil
|
30
30
|
end
|
31
31
|
|
32
|
+
power :cakes do
|
33
|
+
:cakes
|
34
|
+
end
|
35
|
+
|
36
|
+
power :updatable_cakes do
|
37
|
+
:updatable_cakes
|
38
|
+
end
|
39
|
+
|
40
|
+
power :creatable_cakes do
|
41
|
+
:creatable_cakes
|
42
|
+
end
|
43
|
+
|
44
|
+
power :destroyable_cakes do
|
45
|
+
:destroyable_cakes
|
46
|
+
end
|
47
|
+
|
32
48
|
def assignable_user_roles
|
33
49
|
%w[guest admin]
|
34
50
|
end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe CakesController do
|
4
|
+
|
5
|
+
describe '#show' do
|
6
|
+
it 'should get the power :cakes' do
|
7
|
+
controller.should_receive(:observe_end_of_association_chain).with(:cakes)
|
8
|
+
get :show, :id => 'id'
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
describe '#index' do
|
13
|
+
it 'should get the power :cakes' do
|
14
|
+
controller.should_receive(:observe_end_of_association_chain).with(:cakes)
|
15
|
+
get :index
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
describe '#new' do
|
20
|
+
it 'should get the power :creatable_cakes' do
|
21
|
+
controller.should_receive(:observe_end_of_association_chain).with(:creatable_cakes)
|
22
|
+
get :new
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
describe '#creatable' do
|
27
|
+
it 'should get the power :creatable_cakes' do
|
28
|
+
controller.should_receive(:observe_end_of_association_chain).with(:creatable_cakes)
|
29
|
+
post :create
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
describe '#edit' do
|
34
|
+
it 'should get the power :updatable_cakes' do
|
35
|
+
controller.should_receive(:observe_end_of_association_chain).with(:updatable_cakes)
|
36
|
+
get :edit, :id => 'id'
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
describe '#update' do
|
41
|
+
it 'should get the power :updatable_cakes' do
|
42
|
+
controller.should_receive(:observe_end_of_association_chain).with(:updatable_cakes)
|
43
|
+
put :update, :id => 'id'
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
describe '#destroy' do
|
48
|
+
it 'should get the power :destroyable_cakes' do
|
49
|
+
controller.should_receive(:observe_end_of_association_chain).with(:destroyable_cakes)
|
50
|
+
delete :destroy, :id => '1'
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
describe '#custom_action' do
|
55
|
+
it 'should get the power :cakes' do
|
56
|
+
controller.should_receive(:observe_end_of_association_chain).with(:cakes)
|
57
|
+
get :custom_action, :id => '1'
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: consul
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 19
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
- 2
|
9
8
|
- 3
|
10
|
-
|
9
|
+
- 0
|
10
|
+
version: 0.3.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Henning Koch
|
@@ -15,10 +15,13 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2012-
|
18
|
+
date: 2012-07-04 00:00:00 +02:00
|
19
|
+
default_executable:
|
19
20
|
dependencies:
|
20
21
|
- !ruby/object:Gem::Dependency
|
21
|
-
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
22
25
|
none: false
|
23
26
|
requirements:
|
24
27
|
- - ">="
|
@@ -27,12 +30,12 @@ dependencies:
|
|
27
30
|
segments:
|
28
31
|
- 0
|
29
32
|
version: "0"
|
30
|
-
requirement: *id001
|
31
|
-
prerelease: false
|
32
|
-
type: :runtime
|
33
33
|
name: rails
|
34
|
+
version_requirements: *id001
|
34
35
|
- !ruby/object:Gem::Dependency
|
35
|
-
|
36
|
+
type: :runtime
|
37
|
+
prerelease: false
|
38
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
36
39
|
none: false
|
37
40
|
requirements:
|
38
41
|
- - ">="
|
@@ -41,12 +44,12 @@ dependencies:
|
|
41
44
|
segments:
|
42
45
|
- 0
|
43
46
|
version: "0"
|
44
|
-
requirement: *id002
|
45
|
-
prerelease: false
|
46
|
-
type: :runtime
|
47
47
|
name: assignable_values
|
48
|
+
version_requirements: *id002
|
48
49
|
- !ruby/object:Gem::Dependency
|
49
|
-
|
50
|
+
type: :development
|
51
|
+
prerelease: false
|
52
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
50
53
|
none: false
|
51
54
|
requirements:
|
52
55
|
- - ~>
|
@@ -56,12 +59,12 @@ dependencies:
|
|
56
59
|
- 2
|
57
60
|
- 3
|
58
61
|
version: "2.3"
|
59
|
-
requirement: *id003
|
60
|
-
prerelease: false
|
61
|
-
type: :development
|
62
62
|
name: rails
|
63
|
+
version_requirements: *id003
|
63
64
|
- !ruby/object:Gem::Dependency
|
64
|
-
|
65
|
+
type: :development
|
66
|
+
prerelease: false
|
67
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
65
68
|
none: false
|
66
69
|
requirements:
|
67
70
|
- - ~>
|
@@ -71,12 +74,12 @@ dependencies:
|
|
71
74
|
- 1
|
72
75
|
- 3
|
73
76
|
version: "1.3"
|
74
|
-
requirement: *id004
|
75
|
-
prerelease: false
|
76
|
-
type: :development
|
77
77
|
name: rspec
|
78
|
+
version_requirements: *id004
|
78
79
|
- !ruby/object:Gem::Dependency
|
79
|
-
|
80
|
+
type: :development
|
81
|
+
prerelease: false
|
82
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
80
83
|
none: false
|
81
84
|
requirements:
|
82
85
|
- - ~>
|
@@ -86,12 +89,12 @@ dependencies:
|
|
86
89
|
- 1
|
87
90
|
- 3
|
88
91
|
version: "1.3"
|
89
|
-
requirement: *id005
|
90
|
-
prerelease: false
|
91
|
-
type: :development
|
92
92
|
name: rspec-rails
|
93
|
+
version_requirements: *id005
|
93
94
|
- !ruby/object:Gem::Dependency
|
94
|
-
|
95
|
+
type: :development
|
96
|
+
prerelease: false
|
97
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
95
98
|
none: false
|
96
99
|
requirements:
|
97
100
|
- - ">="
|
@@ -100,12 +103,12 @@ dependencies:
|
|
100
103
|
segments:
|
101
104
|
- 0
|
102
105
|
version: "0"
|
103
|
-
requirement: *id006
|
104
|
-
prerelease: false
|
105
|
-
type: :development
|
106
106
|
name: shoulda-matchers
|
107
|
+
version_requirements: *id006
|
107
108
|
- !ruby/object:Gem::Dependency
|
108
|
-
|
109
|
+
type: :development
|
110
|
+
prerelease: false
|
111
|
+
requirement: &id007 !ruby/object:Gem::Requirement
|
109
112
|
none: false
|
110
113
|
requirements:
|
111
114
|
- - ">="
|
@@ -114,10 +117,8 @@ dependencies:
|
|
114
117
|
segments:
|
115
118
|
- 0
|
116
119
|
version: "0"
|
117
|
-
requirement: *id007
|
118
|
-
prerelease: false
|
119
|
-
type: :development
|
120
120
|
name: sqlite3
|
121
|
+
version_requirements: *id007
|
121
122
|
description: A scope-based authorization solution for Ruby on Rails.
|
122
123
|
email: henning.koch@makandra.de
|
123
124
|
executables: []
|
@@ -140,6 +141,7 @@ files:
|
|
140
141
|
- lib/consul/spec/matchers.rb
|
141
142
|
- lib/consul/version.rb
|
142
143
|
- spec/app_root/app/controllers/application_controller.rb
|
144
|
+
- spec/app_root/app/controllers/cakes_controller.rb
|
143
145
|
- spec/app_root/app/controllers/dashboards_controller.rb
|
144
146
|
- spec/app_root/app/controllers/risks_controller.rb
|
145
147
|
- spec/app_root/app/controllers/songs_controller.rb
|
@@ -165,6 +167,7 @@ files:
|
|
165
167
|
- spec/app_root/script/console
|
166
168
|
- spec/consul/active_record_spec.rb
|
167
169
|
- spec/consul/power_spec.rb
|
170
|
+
- spec/controllers/cakes_controller_spec.rb
|
168
171
|
- spec/controllers/dashboards_controller_spec.rb
|
169
172
|
- spec/controllers/risks_controller_spec.rb
|
170
173
|
- spec/controllers/songs_controller_spec.rb
|
@@ -174,6 +177,7 @@ files:
|
|
174
177
|
- spec/spec_helper.rb
|
175
178
|
- spec/support/spec.opts
|
176
179
|
- spec/support/spec_candy.rb
|
180
|
+
has_rdoc: true
|
177
181
|
homepage: https://github.com/makandra/consul
|
178
182
|
licenses: []
|
179
183
|
|
@@ -203,7 +207,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
203
207
|
requirements: []
|
204
208
|
|
205
209
|
rubyforge_project:
|
206
|
-
rubygems_version: 1.
|
210
|
+
rubygems_version: 1.3.9.4
|
207
211
|
signing_key:
|
208
212
|
specification_version: 3
|
209
213
|
summary: A scope-based authorization solution for Ruby on Rails.
|