consul 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d8813ddd163ea3311ae0e4c9e950cf8e137dda6895716b9b6310f8a5a473f878
4
- data.tar.gz: 21b2326f340de4b564cd21bb85fbb119cc7725117ffbe89e35b16b0cfd14710f
3
+ metadata.gz: b4353c2826677ae7283e623e01d8ec94c938a1e10345f2e1183018addce57280
4
+ data.tar.gz: 30ea39cc54aca7d6af2ec4078860c7fd76c6e7e2470dca4c9b960069e96f4afd
5
5
  SHA512:
6
- metadata.gz: 55901b69063d2f73f1b592e2cc23ec5265554190271c2c36b622d203531191a17b7c2a97023cff855da2004c37d956a354f97bf62753dce83c9ec2c731c17159
7
- data.tar.gz: 45678b4b38406f39124d1f18ec9d7b76fdfc268113d10565fa0b41d4cfc4d43d6f0c923fc834ee850fbc2e96035e03939cf56c39b3921590f860dc19df9a2bd7
6
+ metadata.gz: 979b71686ab38dea13b71e943e87749b1dcf481499f46ffa443c0ea0a24d13dc05d1b86ecbb64fa42a40dc83ed8d15f13eaedf8d458747f79f7c7115aacee10d
7
+ data.tar.gz: f35d55647a4edc20c19b383356e08aa92c7256d9e12cd50059cee282f8d98ffe71cbe5df3f2c9df9571dcc0ab929e5951150678929ed28f9a90ab7924e17ed51
@@ -0,0 +1,38 @@
1
+ ---
2
+ name: Tests
3
+ on:
4
+ push:
5
+ branches:
6
+ - master
7
+ pull_request:
8
+ branches:
9
+ - master
10
+ jobs:
11
+ test:
12
+ runs-on: ubuntu-20.04
13
+ strategy:
14
+ fail-fast: false
15
+ matrix:
16
+ include:
17
+ - ruby: 2.5.3
18
+ gemfile: Gemfile.5-2
19
+ - ruby: 2.5.3
20
+ gemfile: Gemfile.6-1
21
+ - ruby: 2.7.3
22
+ gemfile: Gemfile.6-1
23
+ - ruby: 3.0.1
24
+ gemfile: Gemfile.6-1
25
+ env:
26
+ BUNDLE_GEMFILE: "${{ matrix.gemfile }}"
27
+ steps:
28
+ - uses: actions/checkout@v2
29
+ - name: Install ruby
30
+ uses: ruby/setup-ruby@v1
31
+ with:
32
+ ruby-version: "${{ matrix.ruby }}"
33
+ - name: Bundle
34
+ run: |
35
+ gem install bundler:1.17.3
36
+ bundle install --no-deployment
37
+ - name: Run tests
38
+ run: bundle exec rspec
data/.gitignore CHANGED
@@ -6,4 +6,4 @@ pkg
6
6
  *.log
7
7
  .bundle
8
8
  spec/support/database.yml
9
-
9
+ .byebug_history
data/.ruby-version CHANGED
@@ -1 +1 @@
1
- 2.3.8
1
+ 2.5.3
data/CHANGELOG.md CHANGED
@@ -7,11 +7,64 @@ This project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html
7
7
 
8
8
  ### Breaking changes
9
9
 
10
- -
10
+ ### Compatible changes
11
+
12
+ ## 1.1.0 - 2021-09-28
13
+
14
+ ### Breaking changes
15
+
16
+ - remove no longer supported ruby versions (2.3.8, 2.4.5)
17
+ - Consul no longer depends on the whole rails framework
18
+
19
+ ### Compatible changes
20
+
21
+ - add Ruby 3 compatibility
22
+
23
+ ## 1.0.3 - 2019-09-23
24
+
25
+ ### Security fix
26
+
27
+ This releases fix a security issue where in a controller with multiple `power` directives, the `:only` and `:except` options of the last directive was applied to all directives.
28
+
29
+ Affected code looks like this:
30
+
31
+ ```ruby
32
+ class UsersController < ApplicationController
33
+ power :foo
34
+ power :bar, only: :index
35
+
36
+ ...
37
+ end
38
+ ```
39
+
40
+ In this example both the powers `:foo` and `:bar` were only checked for the `#index` action. Other actions were left unprotected by powers checks.
41
+
42
+ Controllers with a single `power` directive are unaffected.
43
+ Contollers where neither `power` uses `:only` or `:except` options are unaffected.
44
+
45
+ This vulnerability has been assigned the CVE identifier CVE-2019-16377.
46
+
47
+
48
+ ### Compatible changes
49
+
50
+ - The RSpec matcher `check_power` now also sees powers inherited by a parent controller.
51
+
52
+
53
+ ## 1.0.2 - 2019-05-22
54
+
55
+ ### Compatible changes
56
+
57
+ - The `#arity` of power methods with optional arguments is now preserved.
58
+
59
+
60
+
61
+ ## 1.0.1 - 2019-02-27
11
62
 
12
63
  ### Compatible changes
13
64
 
14
- -
65
+ - Methods defined with `power` now preserve the [arity](https://apidock.com/ruby/Method/arity) of their block.
66
+
67
+
15
68
 
16
69
  ## 1.0.0 - 2019-02-15
17
70
 
@@ -65,4 +118,3 @@ Thanks to derekprior.
65
118
  ## Older releases
66
119
 
67
120
  Please check commits.
68
-
data/Gemfile CHANGED
@@ -1 +1 @@
1
- ./Gemfile.5-2
1
+ ./Gemfile.6-1
data/Gemfile.5-2 CHANGED
@@ -1,7 +1,7 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
3
  # Runtime dependencies
4
- gem 'rails', '~> 5.2.0'
4
+ gem 'railties', '>= 3.2'
5
5
  gem 'assignable_values'
6
6
 
7
7
  # Development dependencies
@@ -12,6 +12,7 @@ gem 'shoulda-matchers'
12
12
  gem 'sqlite3'
13
13
  gem 'database_cleaner'
14
14
  gem 'gemika'
15
+ gem 'byebug'
15
16
 
16
17
  # Gem under test
17
18
  gem 'consul', :path => '.'
data/Gemfile.5-2.lock CHANGED
@@ -1,24 +1,16 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- consul (1.0.0)
4
+ consul (1.1.0)
5
+ activerecord (>= 3.2)
6
+ activesupport (>= 3.2)
5
7
  edge_rider (>= 0.3.0)
6
- memoizer
7
- rails (>= 3.2)
8
+ memoized (>= 1.0.2)
9
+ railties (>= 3.2)
8
10
 
9
11
  GEM
10
12
  remote: https://rubygems.org/
11
13
  specs:
12
- actioncable (5.2.2)
13
- actionpack (= 5.2.2)
14
- nio4r (~> 2.0)
15
- websocket-driver (>= 0.6.1)
16
- actionmailer (5.2.2)
17
- actionpack (= 5.2.2)
18
- actionview (= 5.2.2)
19
- activejob (= 5.2.2)
20
- mail (~> 2.5, >= 2.5.4)
21
- rails-dom-testing (~> 2.0)
22
14
  actionpack (5.2.2)
23
15
  actionview (= 5.2.2)
24
16
  activesupport (= 5.2.2)
@@ -32,19 +24,12 @@ GEM
32
24
  erubi (~> 1.4)
33
25
  rails-dom-testing (~> 2.0)
34
26
  rails-html-sanitizer (~> 1.0, >= 1.0.3)
35
- activejob (5.2.2)
36
- activesupport (= 5.2.2)
37
- globalid (>= 0.3.6)
38
27
  activemodel (5.2.2)
39
28
  activesupport (= 5.2.2)
40
29
  activerecord (5.2.2)
41
30
  activemodel (= 5.2.2)
42
31
  activesupport (= 5.2.2)
43
32
  arel (>= 9.0)
44
- activestorage (5.2.2)
45
- actionpack (= 5.2.2)
46
- activerecord (= 5.2.2)
47
- marcel (~> 0.3.1)
48
33
  activesupport (5.2.2)
49
34
  concurrent-ruby (~> 1.0, >= 1.0.2)
50
35
  i18n (>= 0.7, < 2)
@@ -54,50 +39,29 @@ GEM
54
39
  assignable_values (0.12.1)
55
40
  activerecord (>= 2.3)
56
41
  builder (3.2.3)
42
+ byebug (11.0.1)
57
43
  concurrent-ruby (1.1.4)
58
44
  crass (1.0.4)
59
45
  database_cleaner (1.7.0)
60
46
  diff-lcs (1.3)
61
- edge_rider (0.3.3)
62
- activerecord
47
+ edge_rider (2.0.0)
48
+ activerecord (>= 3.2)
63
49
  erubi (1.8.0)
64
- gemika (0.3.4)
65
- globalid (0.4.2)
66
- activesupport (>= 4.2.0)
50
+ gemika (0.5.0)
67
51
  i18n (1.5.3)
68
52
  concurrent-ruby (~> 1.0)
69
53
  loofah (2.2.3)
70
54
  crass (~> 1.0.2)
71
55
  nokogiri (>= 1.5.9)
72
- mail (2.7.1)
73
- mini_mime (>= 0.1.1)
74
- marcel (0.3.3)
75
- mimemagic (~> 0.3.2)
76
- memoizer (1.0.3)
56
+ memoized (1.0.2)
77
57
  method_source (0.9.2)
78
- mimemagic (0.3.3)
79
- mini_mime (1.0.1)
80
58
  mini_portile2 (2.4.0)
81
59
  minitest (5.11.3)
82
- nio4r (2.3.1)
83
60
  nokogiri (1.10.1)
84
61
  mini_portile2 (~> 2.4.0)
85
62
  rack (2.0.6)
86
63
  rack-test (1.1.0)
87
64
  rack (>= 1.0, < 3)
88
- rails (5.2.2)
89
- actioncable (= 5.2.2)
90
- actionmailer (= 5.2.2)
91
- actionpack (= 5.2.2)
92
- actionview (= 5.2.2)
93
- activejob (= 5.2.2)
94
- activemodel (= 5.2.2)
95
- activerecord (= 5.2.2)
96
- activestorage (= 5.2.2)
97
- activesupport (= 5.2.2)
98
- bundler (>= 1.3.0)
99
- railties (= 5.2.2)
100
- sprockets-rails (>= 2.0.0)
101
65
  rails-dom-testing (2.0.3)
102
66
  activesupport (>= 4.2.0)
103
67
  nokogiri (>= 1.6)
@@ -138,31 +102,22 @@ GEM
138
102
  activesupport (>= 4.0.0)
139
103
  sneaky-save (0.1.2)
140
104
  activerecord (>= 3.2.0)
141
- sprockets (3.7.2)
142
- concurrent-ruby (~> 1.0)
143
- rack (> 1, < 3)
144
- sprockets-rails (3.2.1)
145
- actionpack (>= 4.0)
146
- activesupport (>= 4.0)
147
- sprockets (>= 3.0.0)
148
105
  sqlite3 (1.3.13)
149
106
  thor (0.20.3)
150
107
  thread_safe (0.3.6)
151
108
  tzinfo (1.2.5)
152
109
  thread_safe (~> 0.1)
153
- websocket-driver (0.7.0)
154
- websocket-extensions (>= 0.1.0)
155
- websocket-extensions (0.1.3)
156
110
 
157
111
  PLATFORMS
158
112
  ruby
159
113
 
160
114
  DEPENDENCIES
161
115
  assignable_values
116
+ byebug
162
117
  consul!
163
118
  database_cleaner
164
119
  gemika
165
- rails (~> 5.2.0)
120
+ railties (>= 3.2)
166
121
  rspec
167
122
  rspec-rails
168
123
  rspec_candy
@@ -170,4 +125,4 @@ DEPENDENCIES
170
125
  sqlite3
171
126
 
172
127
  BUNDLED WITH
173
- 1.16.3
128
+ 1.17.3
@@ -1,7 +1,7 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
3
  # Runtime dependencies
4
- gem 'rails', '~> 4.2.7'
4
+ gem 'railties', '>= 3.2'
5
5
  gem 'assignable_values'
6
6
 
7
7
  # Development dependencies
data/Gemfile.6-1.lock ADDED
@@ -0,0 +1,127 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ consul (1.1.0)
5
+ activerecord (>= 3.2)
6
+ activesupport (>= 3.2)
7
+ edge_rider (>= 0.3.0)
8
+ memoized (>= 1.0.2)
9
+ railties (>= 3.2)
10
+
11
+ GEM
12
+ remote: https://rubygems.org/
13
+ specs:
14
+ actionpack (6.1.3)
15
+ actionview (= 6.1.3)
16
+ activesupport (= 6.1.3)
17
+ rack (~> 2.0, >= 2.0.9)
18
+ rack-test (>= 0.6.3)
19
+ rails-dom-testing (~> 2.0)
20
+ rails-html-sanitizer (~> 1.0, >= 1.2.0)
21
+ actionview (6.1.3)
22
+ activesupport (= 6.1.3)
23
+ builder (~> 3.1)
24
+ erubi (~> 1.4)
25
+ rails-dom-testing (~> 2.0)
26
+ rails-html-sanitizer (~> 1.1, >= 1.2.0)
27
+ activemodel (6.1.3)
28
+ activesupport (= 6.1.3)
29
+ activerecord (6.1.3)
30
+ activemodel (= 6.1.3)
31
+ activesupport (= 6.1.3)
32
+ activesupport (6.1.3)
33
+ concurrent-ruby (~> 1.0, >= 1.0.2)
34
+ i18n (>= 1.6, < 2)
35
+ minitest (>= 5.1)
36
+ tzinfo (~> 2.0)
37
+ zeitwerk (~> 2.3)
38
+ assignable_values (0.16.1)
39
+ activerecord (>= 2.3)
40
+ builder (3.2.4)
41
+ concurrent-ruby (1.1.8)
42
+ crass (1.0.6)
43
+ database_cleaner (1.7.0)
44
+ diff-lcs (1.3)
45
+ edge_rider (1.1.0)
46
+ activerecord (>= 3.2)
47
+ erubi (1.10.0)
48
+ gemika (0.6.1)
49
+ i18n (1.8.9)
50
+ concurrent-ruby (~> 1.0)
51
+ loofah (2.9.0)
52
+ crass (~> 1.0.2)
53
+ nokogiri (>= 1.5.9)
54
+ memoized (1.0.2)
55
+ method_source (1.0.0)
56
+ mini_portile2 (2.5.0)
57
+ minitest (5.14.4)
58
+ nokogiri (1.11.2)
59
+ mini_portile2 (~> 2.5.0)
60
+ racc (~> 1.4)
61
+ racc (1.5.2)
62
+ rack (2.2.3)
63
+ rack-test (1.1.0)
64
+ rack (>= 1.0, < 3)
65
+ rails-dom-testing (2.0.3)
66
+ activesupport (>= 4.2.0)
67
+ nokogiri (>= 1.6)
68
+ rails-html-sanitizer (1.3.0)
69
+ loofah (~> 2.3)
70
+ railties (6.1.3)
71
+ actionpack (= 6.1.3)
72
+ activesupport (= 6.1.3)
73
+ method_source
74
+ rake (>= 0.8.7)
75
+ thor (~> 1.0)
76
+ rake (13.0.3)
77
+ rspec (3.6.0)
78
+ rspec-core (~> 3.6.0)
79
+ rspec-expectations (~> 3.6.0)
80
+ rspec-mocks (~> 3.6.0)
81
+ rspec-core (3.6.0)
82
+ rspec-support (~> 3.6.0)
83
+ rspec-expectations (3.6.0)
84
+ diff-lcs (>= 1.2.0, < 2.0)
85
+ rspec-support (~> 3.6.0)
86
+ rspec-mocks (3.6.0)
87
+ diff-lcs (>= 1.2.0, < 2.0)
88
+ rspec-support (~> 3.6.0)
89
+ rspec-rails (3.6.0)
90
+ actionpack (>= 3.0)
91
+ activesupport (>= 3.0)
92
+ railties (>= 3.0)
93
+ rspec-core (~> 3.6.0)
94
+ rspec-expectations (~> 3.6.0)
95
+ rspec-mocks (~> 3.6.0)
96
+ rspec-support (~> 3.6.0)
97
+ rspec-support (3.6.0)
98
+ rspec_candy (0.4.1)
99
+ rspec
100
+ sneaky-save
101
+ shoulda-matchers (3.1.1)
102
+ activesupport (>= 4.0.0)
103
+ sneaky-save (0.1.2)
104
+ activerecord (>= 3.2.0)
105
+ sqlite3 (1.4.2)
106
+ thor (1.1.0)
107
+ tzinfo (2.0.4)
108
+ concurrent-ruby (~> 1.0)
109
+ zeitwerk (2.4.2)
110
+
111
+ PLATFORMS
112
+ ruby
113
+
114
+ DEPENDENCIES
115
+ assignable_values
116
+ consul!
117
+ database_cleaner
118
+ gemika
119
+ railties (>= 3.2)
120
+ rspec
121
+ rspec-rails
122
+ rspec_candy
123
+ shoulda-matchers
124
+ sqlite3
125
+
126
+ BUNDLED WITH
127
+ 2.2.15
data/Gemfile.lock CHANGED
@@ -1 +1 @@
1
- ./Gemfile.5-2.lock
1
+ ./Gemfile.6-1.lock
data/README.md CHANGED
@@ -1,14 +1,15 @@
1
1
  Consul — A next gen authorization solution
2
2
  ==========================================
3
3
 
4
- [![Build Status](https://secure.travis-ci.org/makandra/consul.png?branch=master)](https://travis-ci.org/makandra/consul) [![Code Climate](https://codeclimate.com/github/makandra/consul.png)](https://codeclimate.com/github/makandra/consul)
4
+ [![Tests](https://github.com/makandra/consul/workflows/Tests/badge.svg)](https://github.com/makandra/consul/actions) [![Code Climate](https://codeclimate.com/github/makandra/consul.png)](https://codeclimate.com/github/makandra/consul)
5
+
5
6
 
6
7
  Consul is an authorization solution for Ruby on Rails where you describe *sets of accessible things* to control what a user can see or edit.
7
8
 
8
9
  We have used Consul in combination with [assignable_values](https://github.com/makandra/assignable_values) to solve a variety of authorization requirements ranging from boring to bizarre.
9
10
  Also see our crash course video: [Solving bizare authorization requirements with Rails](http://bizarre-authorization.talks.makandra.com/).
10
11
 
11
- Consul is tested with Rails 3.2, 4.2, and 5.2 on Ruby 1.8.7, 2.1, and 2.4 (only if supported, for each Ruby/Rails combination). If you need support for Rails 3.2, please use [v0.13.2](https://github.com/makandra/consul/tree/v0.13.2).
12
+ Consul is tested with Rails 5.2 and 6.0 on Ruby 2.5, 2.7 and 3.0 (only if supported, for each Ruby/Rails combination). If you need support for Rails 3.2, please use [v0.13.2](https://github.com/makandra/consul/tree/v0.13.2).
12
13
 
13
14
 
14
15
  Describing access to your application
@@ -46,7 +47,7 @@ class Power
46
47
  end
47
48
  ```
48
49
 
49
- There are no restrictions on the name or constructor arguments of your this class.
50
+ There are no restrictions on the name or constructor arguments of this class.
50
51
 
51
52
  You can deposit all kinds of objects in your power. See the sections below for details.
52
53
 
@@ -90,7 +91,7 @@ Or you can ask if the power is given (meaning it's not `nil`):
90
91
  power.notes? # => returns true if Power#notes returns a scope and not nil
91
92
  ```
92
93
 
93
- Or you can raise an error unless a power its given, e.g. to guard access into a controller action:
94
+ Or you can raise an error unless a power is given, e.g. to guard access into a controller action:
94
95
 
95
96
  ```rb
96
97
  power.notes! # => raises Consul::Powerless unless Power#notes returns a scope (even if it's empty)
@@ -497,7 +498,7 @@ And the following power definitions:
497
498
  class Power
498
499
  ...
499
500
 
500
- power :clients do |client|
501
+ power :clients do
501
502
  Client.active if signed_in?
502
503
  end
503
504
 
@@ -547,7 +548,9 @@ class ApplicationController < ActionController::Base
547
548
  end
548
549
  ```
549
550
 
550
- Should you for some obscure reason want to forego the power check:
551
+ Note that this check is satisfied by *any* `.power` directive in the controller class or its ancestors, even if that `.power` directive has `:only` or `:except` options that do not apply to the current action.
552
+
553
+ Should you want to forego the power check (e.g. to remove authorization checks from an entirely public controller):
551
554
 
552
555
  ```rb
553
556
  class ApiController < ApplicationController
@@ -763,6 +766,16 @@ This section Some hints for testing authorization with Consul.
763
766
 
764
767
  ### Test that a controller checks against a power
765
768
 
769
+ Include the Consul Matcher `spec/support/consul_matchers.rb`:
770
+
771
+ ```
772
+ require 'consul/spec/matchers'
773
+
774
+ RSpec.configure do |c|
775
+ c.include Consul::Spec::Matchers
776
+ end
777
+ ```
778
+
766
779
  You can say this in any controller spec:
767
780
 
768
781
  ```rb
@@ -834,12 +847,16 @@ Now run `bundle install` to lock the gem into your project.
834
847
  Development
835
848
  -----------
836
849
 
837
- Test applications for various Rails versions lives in `spec`. You can run specs from the project root by saying:
850
+ We currently develop using Ruby 2.5.3 (see `.ruby-version`) since that version works for current versions of ActiveRecord that we support. GitHub Actions will test additional Ruby versions (2.3.8, 2.4.5, and 3.0.1).
838
851
 
839
- ```
840
- rake all:bundle
841
- rake all:spec
842
- ```
852
+ There are tests in `spec`. We only accept PRs with tests. To run tests:
853
+
854
+ - Install Ruby 2.5.3
855
+ - run `bundle install`
856
+ - Put your database credentials into `spec/support/database.yml`. There's a `database.sample.yml` you can use as a template.
857
+ - There are gem bundles in the project root for each rails version that we support.
858
+ - You can bundle all test applications by saying `bundle exec rake matrix:install`
859
+ - You can run specs from the project root by saying `bundle exec rake matrix:spec`. This will run all gemfiles compatible with your current Ruby.
843
860
 
844
861
  If you would like to contribute:
845
862
 
@@ -847,6 +864,8 @@ If you would like to contribute:
847
864
  - Push your changes **with specs**.
848
865
  - Send me a pull request.
849
866
 
867
+ Note that we have configured GitHub Actions to automatically run tests in all supported Ruby versions and dependency sets after each push. We will only merge pull requests after a green GitHub Actions run.
868
+
850
869
  I'm very eager to keep this gem leightweight and on topic. If you're unsure whether a change would make it into the gem, [talk to me beforehand](mailto:henning.koch@makandra.de).
851
870
 
852
871
 
data/consul.gemspec CHANGED
@@ -23,7 +23,9 @@ Gem::Specification.new do |s|
23
23
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
24
24
  s.require_paths = ["lib"]
25
25
 
26
- s.add_dependency('memoizer')
27
- s.add_dependency('rails', '>=3.2')
26
+ s.add_dependency('memoized', '>=1.0.2')
27
+ s.add_dependency('activerecord', '>= 3.2')
28
+ s.add_dependency('activesupport', '>= 3.2')
29
+ s.add_dependency('railties', '>= 3.2')
28
30
  s.add_dependency('edge_rider', '>= 0.3.0')
29
31
  end
@@ -5,11 +5,7 @@ module Consul
5
5
  base.send :include, InstanceMethods
6
6
  base.send :extend, ClassMethods
7
7
  if ensure_power_initializer_present?
8
- if Rails.version.to_i < 4
9
- base.before_filter :ensure_power_initializer_present
10
- else
11
- base.before_action :ensure_power_initializer_present
12
- end
8
+ Util.before_action(base, :ensure_power_initializer_present)
13
9
  end
14
10
  end
15
11
 
@@ -32,68 +28,35 @@ module Consul
32
28
  private
33
29
 
34
30
  def require_power_check(options = {})
35
- if Rails.version.to_i < 4
36
- before_filter :unchecked_power, options
37
- else
38
- before_action :unchecked_power, options
39
- end
31
+ Util.before_action(self, :unchecked_power, options)
40
32
  end
41
33
 
42
34
  # This is badly named, since it doesn't actually skip the :check_power filter
43
35
  def skip_power_check(options = {})
44
- if Rails.version.to_i < 4
45
- skip_before_filter :unchecked_power, options
46
- elsif Rails.version.to_i < 5
47
- skip_before_action :unchecked_power, options
48
- else
49
- # Every `power` in a controller will skip the power check filter. After the 1st time, Rails 5+ will raise
50
- # an error because there is no `unchecked_power` action to skip any more.
51
- # To avoid this, we add the following extra option. Note that it must not be added in Rails 4 to avoid errors.
52
- # See http://api.rubyonrails.org/classes/ActiveSupport/Callbacks/ClassMethods.html#method-i-skip_callback
53
- skip_before_action :unchecked_power, { :raise => false }.merge!(options)
54
- end
36
+ Util.skip_before_action(self, :unchecked_power, options)
55
37
  end
56
38
 
57
39
  def current_power(&initializer)
58
40
  self.current_power_initializer = initializer
59
- if Rails.version.to_i < 4
60
- around_filter :with_current_power
61
- else
62
- around_action :with_current_power
63
- end
41
+ Util.around_action(self, :with_current_power)
64
42
 
65
43
  if respond_to?(:helper_method)
66
44
  helper_method :current_power
67
45
  end
68
46
  end
69
47
 
70
- attr_writer :consul_guards
71
-
72
- def consul_guards
73
- unless @consul_guards_initialized
74
- if superclass && superclass.respond_to?(:consul_guards, true)
75
- @consul_guards = superclass.send(:consul_guards).dup
76
- else
77
- @consul_guards = []
78
- end
79
- @consul_guards_initialized = true
80
- end
81
- @consul_guards
82
- end
83
-
84
48
  def power(*args)
85
-
86
49
  guard = Consul::Guard.new(*args)
87
- consul_guards << guard
88
- skip_power_check guard.filter_options
50
+
51
+ # One .power directive will skip the check for all actions, even
52
+ # if that .power directive has :only or :except options.
53
+ skip_power_check
89
54
 
90
55
  # Store arguments for testing
91
- (@consul_power_args ||= []) << args
56
+ consul_power_args << args
92
57
 
93
- if Rails.version.to_i < 4
94
- before_filter :check_power, guard.filter_options
95
- else
96
- before_action :check_power, guard.filter_options
58
+ Util.before_action(self, guard.filter_options) do |controller|
59
+ guard.ensure!(controller, controller.action_name)
97
60
  end
98
61
 
99
62
  if guard.direct_access_method
@@ -105,18 +68,26 @@ module Consul
105
68
 
106
69
  end
107
70
 
71
+ # On first access we inherit .consul_power_args from our ancestor classes.
72
+ # We also copy inherited args so we don't change our parent's .consul_power_args
73
+ def consul_power_args
74
+ unless @consul_power_args_initialized
75
+ if superclass && superclass.respond_to?(:consul_power_args, true)
76
+ @consul_power_args = superclass.send(:consul_power_args).dup
77
+ else
78
+ @consul_power_args = []
79
+ end
80
+ @consul_power_args_initialized = true
81
+ end
82
+ @consul_power_args
83
+ end
84
+
108
85
  end
109
86
 
110
87
  module InstanceMethods
111
88
 
112
89
  private
113
90
 
114
- define_method :check_power do
115
- self.class.send(:consul_guards).each do |guard|
116
- guard.ensure!(self, action_name)
117
- end
118
- end
119
-
120
91
  def unchecked_power
121
92
  raise Consul::UncheckedPower, "This controller does not check against a power"
122
93
  end
data/lib/consul/power.rb CHANGED
@@ -4,7 +4,7 @@ module Consul
4
4
 
5
5
  def self.included(base)
6
6
  base.extend ClassMethods
7
- base.send :include, Memoizer
7
+ base.send :include, Memoized
8
8
  end
9
9
 
10
10
  private
@@ -173,7 +173,7 @@ module Consul
173
173
  name = name.to_s
174
174
  singularized = name.singularize
175
175
  if singularized == name
176
- raise Consul::PowerNotSingularizable, "Power name can not have an singular form: #{name}"
176
+ raise Consul::PowerNotSingularizable, "Power name can not have a singular form: #{name}"
177
177
  else
178
178
  singularized
179
179
  end
@@ -10,7 +10,7 @@ module Consul
10
10
 
11
11
  def matches?(controller)
12
12
  @controller_class = controller.class
13
- @actual_args = @controller_class.instance_variable_get('@consul_power_args')
13
+ @actual_args = @controller_class.send(:consul_power_args)
14
14
  @actual_args.present? && @actual_args.include?(@expected_args)
15
15
  end
16
16
 
data/lib/consul/util.rb CHANGED
@@ -31,9 +31,9 @@ module Consul
31
31
  options = lambda.call(*args)
32
32
  klass.scoped(options.slice *EdgeRider::Scoped::VALID_FIND_OPTIONS)
33
33
  }
34
- end
34
+ end
35
35
  end
36
-
36
+
37
37
  # This method does not support dynamic default scopes via lambdas
38
38
  # (as does #define_scope), because it is currently not required.
39
39
  def define_default_scope(klass, conditions)
@@ -57,6 +57,36 @@ module Consul
57
57
  [adjective, record]
58
58
  end
59
59
 
60
+ def skip_before_action(controller_class, name, options)
61
+ if Rails.version.to_i < 4
62
+ controller_class.skip_before_filter name, options
63
+ elsif Rails.version.to_i < 5
64
+ controller_class.skip_before_action name, options
65
+ else
66
+ # Every `power` in a controller will skip the power check filter. After the 1st time, Rails 5+ will raise
67
+ # an error because there is no `unchecked_power` action to skip any more.
68
+ # To avoid this, we add the following extra option. Note that it must not be added in Rails 4 to avoid errors.
69
+ # See http://api.rubyonrails.org/classes/ActiveSupport/Callbacks/ClassMethods.html#method-i-skip_callback
70
+ controller_class.skip_before_action name, { :raise => false }.merge!(options)
71
+ end
72
+ end
73
+
74
+ def before_action(controller_class, *args, &block)
75
+ if Rails.version.to_i < 4
76
+ controller_class.before_filter *args, &block
77
+ else
78
+ controller_class.before_action *args, &block
79
+ end
80
+ end
81
+
82
+ def around_action(controller_class, *args, &block)
83
+ if Rails.version.to_i < 4
84
+ controller_class.around_filter *args, &block
85
+ else
86
+ controller_class.around_action *args, &block
87
+ end
88
+ end
89
+
60
90
  end
61
91
  end
62
92
 
@@ -1,3 +1,3 @@
1
1
  module Consul
2
- VERSION = '1.0.0'
2
+ VERSION = '1.1.0'
3
3
  end
data/lib/consul.rb CHANGED
@@ -1,4 +1,4 @@
1
- require 'memoizer'
1
+ require 'memoized'
2
2
  require 'edge_rider'
3
3
  require 'consul/util'
4
4
  require 'consul/power/dynamic_access'
metadata CHANGED
@@ -1,31 +1,59 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: consul
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Henning Koch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-02-15 00:00:00.000000000 Z
11
+ date: 2021-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: memoizer
14
+ name: memoized
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: 1.0.2
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: 1.0.2
27
27
  - !ruby/object:Gem::Dependency
28
- name: rails
28
+ name: activerecord
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '3.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '3.2'
41
+ - !ruby/object:Gem::Dependency
42
+ name: activesupport
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '3.2'
48
+ type: :runtime
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '3.2'
55
+ - !ruby/object:Gem::Dependency
56
+ name: railties
29
57
  requirement: !ruby/object:Gem::Requirement
30
58
  requirements:
31
59
  - - ">="
@@ -58,17 +86,15 @@ executables: []
58
86
  extensions: []
59
87
  extra_rdoc_files: []
60
88
  files:
89
+ - ".github/workflows/test.yml"
61
90
  - ".gitignore"
62
91
  - ".ruby-version"
63
- - ".travis.yml"
64
92
  - CHANGELOG.md
65
93
  - Gemfile
66
- - Gemfile.3-2
67
- - Gemfile.3-2.lock
68
- - Gemfile.4-2
69
- - Gemfile.4-2.lock
70
94
  - Gemfile.5-2
71
95
  - Gemfile.5-2.lock
96
+ - Gemfile.6-1
97
+ - Gemfile.6-1.lock
72
98
  - Gemfile.lock
73
99
  - LICENSE
74
100
  - README.md
@@ -105,8 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
105
131
  - !ruby/object:Gem::Version
106
132
  version: '0'
107
133
  requirements: []
108
- rubyforge_project:
109
- rubygems_version: 2.7.7
134
+ rubygems_version: 3.0.8
110
135
  signing_key:
111
136
  specification_version: 4
112
137
  summary: A scope-based authorization solution for Ruby on Rails.
data/.travis.yml DELETED
@@ -1,35 +0,0 @@
1
- language: ruby
2
-
3
- sudo: false
4
-
5
- cache: bundler
6
-
7
- rvm:
8
- - 2.3.8
9
- - 2.4.5
10
- - 2.5.3
11
-
12
- gemfile:
13
- - Gemfile.3-2
14
- - Gemfile.4-2
15
- - Gemfile.5-2
16
-
17
- matrix:
18
- exclude:
19
- - gemfile: Gemfile.3-2
20
- rvm: 2.4.5
21
- - gemfile: Gemfile.3-2
22
- rvm: 2.5.3
23
- - gemfile: Gemfile.4-2
24
- rvm: 2.5.3
25
-
26
- install:
27
- # Replace default Travis CI bundler script with a version that doesn't
28
- # explode when lockfile doesn't match recently bumped version
29
- - bundle install --no-deployment --jobs=3 --retry=3 --path=${BUNDLE_PATH:-vendor/bundle}
30
-
31
- script: bundle exec rake current_rspec
32
-
33
- notifications:
34
- email:
35
- - fail@makandra.de
data/Gemfile.3-2 DELETED
@@ -1,20 +0,0 @@
1
- source 'https://rubygems.org'
2
-
3
- # Runtime dependencies
4
- gem 'assignable_values'
5
- gem 'rails', '~> 3.2.22.5'
6
- gem 'rake', '~>10.5.0'
7
- gem 'rack-cache', '~>1.2.0'
8
-
9
- # Development dependencies
10
- gem 'rspec', '~>3.4'
11
- gem 'rspec-rails'
12
- gem 'test-unit', '~> 3.0'
13
- gem 'shoulda-matchers', '<2'
14
- gem 'sqlite3'
15
- gem 'rspec_candy'
16
- gem 'database_cleaner', '~>1.4.1'
17
- gem 'gemika'
18
-
19
- # Gem under test
20
- gem 'consul', :path => '.'
data/Gemfile.3-2.lock DELETED
@@ -1,156 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- consul (1.0.0)
5
- edge_rider (>= 0.3.0)
6
- memoizer
7
- rails (>= 3.2)
8
-
9
- GEM
10
- remote: https://rubygems.org/
11
- specs:
12
- actionmailer (3.2.22.5)
13
- actionpack (= 3.2.22.5)
14
- mail (~> 2.5.4)
15
- actionpack (3.2.22.5)
16
- activemodel (= 3.2.22.5)
17
- activesupport (= 3.2.22.5)
18
- builder (~> 3.0.0)
19
- erubis (~> 2.7.0)
20
- journey (~> 1.0.4)
21
- rack (~> 1.4.5)
22
- rack-cache (~> 1.2)
23
- rack-test (~> 0.6.1)
24
- sprockets (~> 2.2.1)
25
- activemodel (3.2.22.5)
26
- activesupport (= 3.2.22.5)
27
- builder (~> 3.0.0)
28
- activerecord (3.2.22.5)
29
- activemodel (= 3.2.22.5)
30
- activesupport (= 3.2.22.5)
31
- arel (~> 3.0.2)
32
- tzinfo (~> 0.3.29)
33
- activeresource (3.2.22.5)
34
- activemodel (= 3.2.22.5)
35
- activesupport (= 3.2.22.5)
36
- activesupport (3.2.22.5)
37
- i18n (~> 0.6, >= 0.6.4)
38
- multi_json (~> 1.0)
39
- arel (3.0.3)
40
- assignable_values (0.7.1)
41
- activerecord
42
- bourne (1.4.0)
43
- mocha (~> 0.13.2)
44
- builder (3.0.4)
45
- concurrent-ruby (1.1.4)
46
- database_cleaner (1.4.1)
47
- diff-lcs (1.3)
48
- edge_rider (0.3.3)
49
- activerecord
50
- erubis (2.7.0)
51
- gemika (0.3.4)
52
- hike (1.2.3)
53
- i18n (0.9.5)
54
- concurrent-ruby (~> 1.0)
55
- journey (1.0.4)
56
- json (1.8.6)
57
- mail (2.5.5)
58
- mime-types (~> 1.16)
59
- treetop (~> 1.4.8)
60
- memoizer (1.0.3)
61
- metaclass (0.0.1)
62
- mime-types (1.25.1)
63
- mocha (0.13.3)
64
- metaclass (~> 0.0.1)
65
- multi_json (1.13.1)
66
- polyglot (0.3.5)
67
- power_assert (1.1.3)
68
- rack (1.4.7)
69
- rack-cache (1.2)
70
- rack (>= 0.4)
71
- rack-ssl (1.3.4)
72
- rack
73
- rack-test (0.6.3)
74
- rack (>= 1.0)
75
- rails (3.2.22.5)
76
- actionmailer (= 3.2.22.5)
77
- actionpack (= 3.2.22.5)
78
- activerecord (= 3.2.22.5)
79
- activeresource (= 3.2.22.5)
80
- activesupport (= 3.2.22.5)
81
- bundler (~> 1.0)
82
- railties (= 3.2.22.5)
83
- railties (3.2.22.5)
84
- actionpack (= 3.2.22.5)
85
- activesupport (= 3.2.22.5)
86
- rack-ssl (~> 1.3.2)
87
- rake (>= 0.8.7)
88
- rdoc (~> 3.4)
89
- thor (>= 0.14.6, < 2.0)
90
- rake (10.5.0)
91
- rdoc (3.12.2)
92
- json (~> 1.4)
93
- rspec (3.8.0)
94
- rspec-core (~> 3.8.0)
95
- rspec-expectations (~> 3.8.0)
96
- rspec-mocks (~> 3.8.0)
97
- rspec-core (3.8.0)
98
- rspec-support (~> 3.8.0)
99
- rspec-expectations (3.8.1)
100
- diff-lcs (>= 1.2.0, < 2.0)
101
- rspec-support (~> 3.8.0)
102
- rspec-mocks (3.8.0)
103
- diff-lcs (>= 1.2.0, < 2.0)
104
- rspec-support (~> 3.8.0)
105
- rspec-rails (3.8.0)
106
- actionpack (>= 3.0)
107
- activesupport (>= 3.0)
108
- railties (>= 3.0)
109
- rspec-core (~> 3.8.0)
110
- rspec-expectations (~> 3.8.0)
111
- rspec-mocks (~> 3.8.0)
112
- rspec-support (~> 3.8.0)
113
- rspec-support (3.8.0)
114
- rspec_candy (0.2.9)
115
- rspec
116
- sneaky-save
117
- shoulda-matchers (1.5.6)
118
- activesupport (>= 3.0.0)
119
- bourne (~> 1.3)
120
- sneaky-save (0.0.4)
121
- activerecord (>= 3.2.0)
122
- sprockets (2.2.3)
123
- hike (~> 1.2)
124
- multi_json (~> 1.0)
125
- rack (~> 1.0)
126
- tilt (~> 1.1, != 1.3.0)
127
- sqlite3 (1.3.13)
128
- test-unit (3.3.0)
129
- power_assert
130
- thor (0.20.3)
131
- tilt (1.4.1)
132
- treetop (1.4.15)
133
- polyglot
134
- polyglot (>= 0.3.1)
135
- tzinfo (0.3.55)
136
-
137
- PLATFORMS
138
- ruby
139
-
140
- DEPENDENCIES
141
- assignable_values
142
- consul!
143
- database_cleaner (~> 1.4.1)
144
- gemika
145
- rack-cache (~> 1.2.0)
146
- rails (~> 3.2.22.5)
147
- rake (~> 10.5.0)
148
- rspec (~> 3.4)
149
- rspec-rails
150
- rspec_candy
151
- shoulda-matchers (< 2)
152
- sqlite3
153
- test-unit (~> 3.0)
154
-
155
- BUNDLED WITH
156
- 1.16.3
data/Gemfile.4-2.lock DELETED
@@ -1,158 +0,0 @@
1
- PATH
2
- remote: .
3
- specs:
4
- consul (1.0.0)
5
- edge_rider (>= 0.3.0)
6
- memoizer
7
- rails (>= 3.2)
8
-
9
- GEM
10
- remote: https://rubygems.org/
11
- specs:
12
- actionmailer (4.2.11)
13
- actionpack (= 4.2.11)
14
- actionview (= 4.2.11)
15
- activejob (= 4.2.11)
16
- mail (~> 2.5, >= 2.5.4)
17
- rails-dom-testing (~> 1.0, >= 1.0.5)
18
- actionpack (4.2.11)
19
- actionview (= 4.2.11)
20
- activesupport (= 4.2.11)
21
- rack (~> 1.6)
22
- rack-test (~> 0.6.2)
23
- rails-dom-testing (~> 1.0, >= 1.0.5)
24
- rails-html-sanitizer (~> 1.0, >= 1.0.2)
25
- actionview (4.2.11)
26
- activesupport (= 4.2.11)
27
- builder (~> 3.1)
28
- erubis (~> 2.7.0)
29
- rails-dom-testing (~> 1.0, >= 1.0.5)
30
- rails-html-sanitizer (~> 1.0, >= 1.0.3)
31
- activejob (4.2.11)
32
- activesupport (= 4.2.11)
33
- globalid (>= 0.3.0)
34
- activemodel (4.2.11)
35
- activesupport (= 4.2.11)
36
- builder (~> 3.1)
37
- activerecord (4.2.11)
38
- activemodel (= 4.2.11)
39
- activesupport (= 4.2.11)
40
- arel (~> 6.0)
41
- activesupport (4.2.11)
42
- i18n (~> 0.7)
43
- minitest (~> 5.1)
44
- thread_safe (~> 0.3, >= 0.3.4)
45
- tzinfo (~> 1.1)
46
- arel (6.0.4)
47
- assignable_values (0.12.1)
48
- activerecord (>= 2.3)
49
- builder (3.2.3)
50
- concurrent-ruby (1.1.4)
51
- crass (1.0.4)
52
- database_cleaner (1.7.0)
53
- diff-lcs (1.2.5)
54
- edge_rider (0.3.3)
55
- activerecord
56
- erubis (2.7.0)
57
- gemika (0.3.4)
58
- globalid (0.4.2)
59
- activesupport (>= 4.2.0)
60
- i18n (0.9.5)
61
- concurrent-ruby (~> 1.0)
62
- loofah (2.2.3)
63
- crass (~> 1.0.2)
64
- nokogiri (>= 1.5.9)
65
- mail (2.7.1)
66
- mini_mime (>= 0.1.1)
67
- memoizer (1.0.3)
68
- mini_mime (1.0.1)
69
- mini_portile2 (2.4.0)
70
- minitest (5.11.3)
71
- nokogiri (1.10.1)
72
- mini_portile2 (~> 2.4.0)
73
- rack (1.6.11)
74
- rack-test (0.6.3)
75
- rack (>= 1.0)
76
- rails (4.2.11)
77
- actionmailer (= 4.2.11)
78
- actionpack (= 4.2.11)
79
- actionview (= 4.2.11)
80
- activejob (= 4.2.11)
81
- activemodel (= 4.2.11)
82
- activerecord (= 4.2.11)
83
- activesupport (= 4.2.11)
84
- bundler (>= 1.3.0, < 2.0)
85
- railties (= 4.2.11)
86
- sprockets-rails
87
- rails-deprecated_sanitizer (1.0.3)
88
- activesupport (>= 4.2.0.alpha)
89
- rails-dom-testing (1.0.9)
90
- activesupport (>= 4.2.0, < 5.0)
91
- nokogiri (~> 1.6)
92
- rails-deprecated_sanitizer (>= 1.0.1)
93
- rails-html-sanitizer (1.0.4)
94
- loofah (~> 2.2, >= 2.2.2)
95
- railties (4.2.11)
96
- actionpack (= 4.2.11)
97
- activesupport (= 4.2.11)
98
- rake (>= 0.8.7)
99
- thor (>= 0.18.1, < 2.0)
100
- rake (12.3.2)
101
- rspec (3.5.0)
102
- rspec-core (~> 3.5.0)
103
- rspec-expectations (~> 3.5.0)
104
- rspec-mocks (~> 3.5.0)
105
- rspec-core (3.5.4)
106
- rspec-support (~> 3.5.0)
107
- rspec-expectations (3.5.0)
108
- diff-lcs (>= 1.2.0, < 2.0)
109
- rspec-support (~> 3.5.0)
110
- rspec-mocks (3.5.0)
111
- diff-lcs (>= 1.2.0, < 2.0)
112
- rspec-support (~> 3.5.0)
113
- rspec-rails (3.5.2)
114
- actionpack (>= 3.0)
115
- activesupport (>= 3.0)
116
- railties (>= 3.0)
117
- rspec-core (~> 3.5.0)
118
- rspec-expectations (~> 3.5.0)
119
- rspec-mocks (~> 3.5.0)
120
- rspec-support (~> 3.5.0)
121
- rspec-support (3.5.0)
122
- rspec_candy (0.4.1)
123
- rspec
124
- sneaky-save
125
- shoulda-matchers (3.1.1)
126
- activesupport (>= 4.0.0)
127
- sneaky-save (0.1.2)
128
- activerecord (>= 3.2.0)
129
- sprockets (3.7.2)
130
- concurrent-ruby (~> 1.0)
131
- rack (> 1, < 3)
132
- sprockets-rails (3.2.1)
133
- actionpack (>= 4.0)
134
- activesupport (>= 4.0)
135
- sprockets (>= 3.0.0)
136
- sqlite3 (1.3.12)
137
- thor (0.20.3)
138
- thread_safe (0.3.6)
139
- tzinfo (1.2.5)
140
- thread_safe (~> 0.1)
141
-
142
- PLATFORMS
143
- ruby
144
-
145
- DEPENDENCIES
146
- assignable_values
147
- consul!
148
- database_cleaner
149
- gemika
150
- rails (~> 4.2.7)
151
- rspec
152
- rspec-rails
153
- rspec_candy
154
- shoulda-matchers
155
- sqlite3
156
-
157
- BUNDLED WITH
158
- 1.16.3