controlist 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +37 -11
- data/lib/controlist.rb +30 -1
- data/lib/controlist/interceptor.rb +0 -5
- data/lib/controlist/permissions/ordered_package.rb +7 -0
- data/lib/controlist/version.rb +1 -1
- data/test/feature_test.rb +10 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 865e5bff5b151ade402fd35e38acd252bdf5e901
|
|
4
|
+
data.tar.gz: 02524edfe03062a87bf1fec159ec6903ceaf715b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 219e463aae3771abe5bb1f1ce92354c63aca4fad5b134f6617dfd12ef4cccb9978e8b4a337bcfd75677c9b4c065cc4d367cc70eb2e09187e2b9c69a4329c51c5
|
|
7
|
+
data.tar.gz: 02c56861870bf5ac7a06c91fae55830dc6d2984bd05bb7ea50779a5181e8859a6e84d8fa90897843063ca4a8db436b662ac253e8990c498bc3b7f0a4eeeca314
|
data/README.md
CHANGED
|
@@ -17,7 +17,7 @@ Controlist support Ruby 1.9 and 2.x, ActiveRecord 3.2 and 4.1+
|
|
|
17
17
|
* Support association level permission
|
|
18
18
|
* Filter attributes for READ permission
|
|
19
19
|
* Check changed and previous value for persistence operation
|
|
20
|
-
* CRUD permission support lambda, argument is "Relation" for READ or "Object" for persistence
|
|
20
|
+
* CRUD permission support lambda, argument is "Relation" for READ or "Object" for persistence
|
|
21
21
|
* Attribute value check support lambda and raw sql
|
|
22
22
|
* Modify permissions on the fly
|
|
23
23
|
* Skip permission check on demand
|
|
@@ -52,17 +52,19 @@ You can use your customized manager or configuration to initialize Controlist
|
|
|
52
52
|
|
|
53
53
|
```ruby
|
|
54
54
|
require 'controlist'
|
|
55
|
-
Controlist.initialize YourManager
|
|
55
|
+
Controlist.initialize YourManager #logger: Logger.new(STDOUT)
|
|
56
56
|
|
|
57
57
|
```
|
|
58
58
|
|
|
59
59
|
## Example
|
|
60
60
|
|
|
61
61
|
```ruby
|
|
62
|
+
|
|
63
|
+
# For read
|
|
62
64
|
Controlist.permission_manager.set_permission_package(OrderedPackage.new(
|
|
63
65
|
Controlist::Permission.new(User, READ, true, [
|
|
64
66
|
SimpleConstrain.new("name", "Tom"),
|
|
65
|
-
|
|
67
|
+
AdvancedConstrain.new(property: "name", value: ["Grade 1", "Grade 2"], relation: "clazz"),
|
|
66
68
|
AdvancedConstrain.new(property: "age", value: 5, operator: ">="),
|
|
67
69
|
SimpleConstrain.new("age", "null"),
|
|
68
70
|
SimpleConstrain.new("age", [1,2,3]),
|
|
@@ -70,14 +72,38 @@ Controlist.permission_manager.set_permission_package(OrderedPackage.new(
|
|
|
70
72
|
AdvancedConstrain.new(clause: "age != 100"),
|
|
71
73
|
AdvancedConstrain.new(proc_read: lambda{|relation| relation.order("id DESC").limit(3) })
|
|
72
74
|
])))
|
|
73
|
-
|
|
74
|
-
relation.
|
|
75
|
-
|
|
76
|
-
assert_equal
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
75
|
+
|
|
76
|
+
relation = User.unscoped
|
|
77
|
+
sql = relation.to_sql
|
|
78
|
+
assert_equal true, sql.include?("((users.name = 'Tom') and (clazzs.name in ('Grade 1','Grade 2')) and (users.age >= 5) and (users.age is null) and (users.age in (1,2,3)) and (users.clazz_id in (1,2,3)) and (age != 100)) ORDER BY id DESC LIMIT 3")
|
|
79
|
+
|
|
80
|
+
# For persistence
|
|
81
|
+
...
|
|
82
|
+
Controlist::Permission.new(User, UPDATE, false, AdvancedConstrain.new(property: "name", value: "To", operator: "include?")),
|
|
83
|
+
Controlist::Permission.new(User, UPDATE, false, AdvancedConstrain.new(proc_persistence: lambda{|object, operation| object.name == "Block"})),
|
|
84
|
+
Controlist::Permission.new(User, [UPDATE, DELETE], false, AdvancedConstrain.new(property: "name", value: ["Grade 1", "Grade 3"], relation: "clazz")),
|
|
85
|
+
...
|
|
86
|
+
|
|
87
|
+
# For apply attribute
|
|
88
|
+
...
|
|
89
|
+
Controlist::Permission.new(User, READ).apply(:name)
|
|
90
|
+
Controlist::Permission.new(User, UPDATE, true, SimpleConstrain.new("name", "Tom")).apply(name: "Test", clazz_id: [1, 2]),
|
|
91
|
+
|
|
92
|
+
# For skip
|
|
93
|
+
|
|
94
|
+
...
|
|
95
|
+
Controlist.skip do
|
|
96
|
+
relation = User.unscoped
|
|
97
|
+
sql = relation.to_sql
|
|
98
|
+
assert_equal "SELECT \"users\".* FROM \"users\"", sql.strip
|
|
99
|
+
end
|
|
100
|
+
...
|
|
101
|
+
|
|
102
|
+
# For modification on the fly
|
|
103
|
+
package = Controlist.permission_manager.get_permission_package
|
|
104
|
+
package.remove_permissions package.permissions.last
|
|
105
|
+
package.add_permissions Controlist::Permission.new(User, READ)
|
|
106
|
+
|
|
81
107
|
```
|
|
82
108
|
|
|
83
109
|
And more examples, please see [more examples](https://github.com/alo7/controlist/blob/master/test/feature_test.rb)
|
data/lib/controlist.rb
CHANGED
|
@@ -10,6 +10,21 @@ module Controlist
|
|
|
10
10
|
|
|
11
11
|
attr_accessor :permission_manager, :attribute_proxy, :value_object_proxy, :logger
|
|
12
12
|
|
|
13
|
+
##
|
|
14
|
+
# example:
|
|
15
|
+
# Controlist.initialize Controlist::Managers::ThreadBasedManager
|
|
16
|
+
# attribute_proxy: "_val",
|
|
17
|
+
# value_object_proxy: "_value_object",
|
|
18
|
+
# logger: Logger.new(STDOUT)
|
|
19
|
+
#
|
|
20
|
+
# attribute_proxy and value_object_proxy are to avoid ActiveModel::MissingAttributeError
|
|
21
|
+
# due to select(attributes) according to constrains, suppose attribute_proxy is :_val,
|
|
22
|
+
# value_object_proxy is :_value_object
|
|
23
|
+
# user = User.find 1
|
|
24
|
+
# user.id
|
|
25
|
+
# user._val(:attr_might_not_be_accessed)
|
|
26
|
+
# user._value_object.attr_might_not_be_accessed
|
|
27
|
+
#
|
|
13
28
|
def initialize(permission_manager, config={})
|
|
14
29
|
@permission_manager = permission_manager
|
|
15
30
|
@attribute_proxy = config[:attribute_proxy] || "_val"
|
|
@@ -18,6 +33,15 @@ module Controlist
|
|
|
18
33
|
Interceptor.hook
|
|
19
34
|
end
|
|
20
35
|
|
|
36
|
+
|
|
37
|
+
##
|
|
38
|
+
# Skip Controlist interceptor
|
|
39
|
+
#
|
|
40
|
+
# Controlist.skip do
|
|
41
|
+
# relation = User.unscoped
|
|
42
|
+
# sql = relation.to_sql
|
|
43
|
+
# assert_equal "SELECT \"users\".* FROM \"users\"", sql.strip
|
|
44
|
+
# end
|
|
21
45
|
def skip
|
|
22
46
|
@permission_manager.enable_skip
|
|
23
47
|
result = yield
|
|
@@ -36,6 +60,11 @@ module Controlist
|
|
|
36
60
|
def enable_logger
|
|
37
61
|
@logger_enabled = true
|
|
38
62
|
end
|
|
39
|
-
end
|
|
40
63
|
|
|
64
|
+
def has_permission(klass, operation)
|
|
65
|
+
permission_package = @permission_manager.get_permission_package
|
|
66
|
+
permission_package && permission_package.has_permission(klass, operation)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
end
|
|
41
70
|
end
|
|
@@ -21,11 +21,6 @@ module Controlist
|
|
|
21
21
|
|
|
22
22
|
private
|
|
23
23
|
|
|
24
|
-
# Avoid ActiveModel::MissingAttributeError due to select(attributes) according to constrains
|
|
25
|
-
# #suppose attribute_proxy is :_val, value_object_proxy is :_value_object
|
|
26
|
-
# user = User.find 1
|
|
27
|
-
# user._val(:name)
|
|
28
|
-
# user._value_object.name
|
|
29
24
|
def hook_attribute
|
|
30
25
|
ActiveRecord::Persistence.class_eval %Q{
|
|
31
26
|
def #{Controlist.attribute_proxy}(attr)
|
|
@@ -40,6 +40,13 @@ module Controlist
|
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
def has_permission(klass, operation)
|
|
44
|
+
permission_list = instance_variable_get("@list_#{operation}")
|
|
45
|
+
if permission_list && (permissions = permission_list[klass])
|
|
46
|
+
permissions.any?(&:is_allowed)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
43
50
|
private
|
|
44
51
|
|
|
45
52
|
def add(list, permission)
|
data/lib/controlist/version.rb
CHANGED
data/test/feature_test.rb
CHANGED
|
@@ -209,4 +209,14 @@ class FeatureTest < ActiveSupport::TestCase
|
|
|
209
209
|
end
|
|
210
210
|
end
|
|
211
211
|
|
|
212
|
+
def test_has_permission_check
|
|
213
|
+
Controlist.permission_manager.set_permission_package(OrderedPackage.new(
|
|
214
|
+
Controlist::Permission.new(User, READ, true, "age != 100"),
|
|
215
|
+
Controlist::Permission.new(Clazz, CREATE, false)
|
|
216
|
+
))
|
|
217
|
+
assert_equal true, Controlist.has_permission(User, READ)
|
|
218
|
+
assert_nil Controlist.has_permission(User, CREATE)
|
|
219
|
+
assert_equal false, Controlist.has_permission(Clazz, CREATE)
|
|
220
|
+
end
|
|
221
|
+
|
|
212
222
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: controlist
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Leon Li
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-08-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|