controller_policies 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: db99c9c096c0c752d9d035f928f7c92e9f6efff716975d2e4672b3c18443b16a
4
- data.tar.gz: 01a131a24ad0f546ada81e5d10c1d27564591147c09004a97e6691150d18be71
3
+ metadata.gz: fa53cf4c7f5bfddf09fdf955300af7495177f5d3410983a43202733504d6169b
4
+ data.tar.gz: 68c2cc086cb3cf7c49cc711a08f39ffa3ef3708bdb18add637a76e2e562b6e80
5
5
  SHA512:
6
- metadata.gz: 05ebbc1bad897b0b6fecf8280f625a5f4d73013255c0dee1e7ab5a6e564fc9aedd21772b9b0bd27d159cf698e09377b3b829dcf5ee60584c95a250841536a336
7
- data.tar.gz: 5e23aa2064c53ea42acea98b1bffaa89767558e4fe2a7a7938b2331b258f0dc0c661f1b8542d866cacf44ec453a222e34019b0c8b7e1b77e1091be89281b84bd
6
+ metadata.gz: c36da060a6497a6655e4affc6404142d29055830819a67ffd441aabe401b4ce6fb3c72061b9905e5a7485c9ebfc68cb1451caf5fef64a3ea7dc333d8c4ef4839
7
+ data.tar.gz: c37a343a64bacc653e06420be3e1c3e5f1563692d996326de1112da645770dca5258cd145038d456c41705b2e79bc4110cc6ae3683db83647a540b72d8acaa69
data/README.md CHANGED
@@ -20,7 +20,7 @@ rails g policy_definition my/namespace
20
20
 
21
21
  This will generate a file: `app/policies/my/namespace/definitions.rb`
22
22
 
23
- The developer should edit this file and add the policies for the app.
23
+ The developer should edit this file and add the policies for the app. **It is important to note that the location of the definitions file should reflect the namespace of the associated controllers.**
24
24
 
25
25
  ### `actions` key
26
26
 
@@ -61,7 +61,7 @@ Simply add the line `has_enforced_policies`, and pass a block with one argument
61
61
  ```ruby
62
62
  class MyController < ApplicationController
63
63
  has_enforced_policies do |ability_code|
64
- current_user.abilities.include? ability_code
64
+ render 'unauthorized' unless current_user.abilities.include? ability_code
65
65
  end
66
66
 
67
67
  # ...
@@ -73,14 +73,28 @@ class MyController < ApplicationController
73
73
  has_enforced_policies
74
74
 
75
75
  def ability?(ability_code)
76
- current_user.abilities.include? ability_code
76
+ render 'unauthorized' unless current_user.abilities.include? ability_code
77
77
  end
78
78
  # ...
79
79
  end
80
80
  ```
81
81
 
82
+ It is recommended to use `render` or `redirect_to` within this block **to prevent the controllers from executing the action** when the ability did not exist in the data. The ability checking is done in a `before_action` callback, hence using `render` or `redirect_to` will stop further controller actions. This is a Rails behavior.
83
+
82
84
  Since storing abilities are very flexible and there are truly infinite ways of doing it, *this gem did not support that feature.* Instead, the developer must define their own ability checking.
83
85
 
86
+ ## Skipping Policy Enforcement in Certain Actions
87
+
88
+ There might be an event where there is a need to skip automatic policy enforcements in certain actions. As explained above, the policy enforcement is done in a `before_action` callback. To skip a policy enforcement, simply use the `skip_before_action :check_abilities_by_definition` method from Rails. The `:only` and `:except` options are also available to filter actions.
89
+
90
+ ```ruby
91
+ class MyOtherController < MyController
92
+ skip_before_action :check_abilities_by_definition, only: [:new, :edit]
93
+
94
+ # ...
95
+ end
96
+ ```
97
+
84
98
  ## Ability
85
99
 
86
100
  The Ability class is a model for abilities that come from the definition files.
@@ -91,25 +105,33 @@ The Ability class is a model for abilities that come from the definition files.
91
105
 
92
106
  Get all abilities from all definitions.
93
107
 
108
+ ```ruby
109
+ Ability.all
110
+ ```
111
+
94
112
  #### #all_codes
95
113
 
96
114
  Get all ability codes from all definitions.
97
115
 
98
- #### #where(query)
116
+ ```ruby
117
+ Ability.all_codes
118
+ ```
99
119
 
100
- Filter abilities based on namespace. `query` can be a String, Module or Class.
120
+ #### #where(*queries)
101
121
 
102
- #### #find(query)
122
+ Filter abilities based on namespace. `queries` can be an array of Strings, Modules or Classes.
103
123
 
104
- Find an ability within a namespace. `query` can be a String, Module or Class.
124
+ ```ruby
125
+ Ability.where(FeatureOne, FeatureTwo, FeatureOne::SubFeatureA)
126
+ ```
105
127
 
106
128
  #### #match(expression)
107
129
 
108
130
  Match abilities based on a matching string or regex. The matcher is based on the namespace. `expression` can be a Regexp or String.
109
131
 
110
- #### #mill(expression)
111
-
112
- Find an ability based on a matching string or regex. The matcher is based on the namespace. `expression` can be a Regexp or String.
132
+ ```ruby
133
+ Ability.match(/FeatureOne(::)?(.)*/)
134
+ ```
113
135
 
114
136
  ### Instance Methods
115
137
 
@@ -117,18 +139,34 @@ Find an ability based on a matching string or regex. The matcher is based on the
117
139
 
118
140
  The code of the ability.
119
141
 
142
+ ```ruby
143
+ ability.code
144
+ ```
145
+
120
146
  #### #name
121
147
 
122
148
  The name of the ability.
123
149
 
150
+ ```ruby
151
+ ability.name
152
+ ```
153
+
124
154
  #### #description
125
155
 
126
156
  The description of the ability.
127
157
 
158
+ ```ruby
159
+ ability.description
160
+ ```
161
+
128
162
  #### #actions
129
163
 
130
164
  Controller actions that the ability can check against.
131
165
 
166
+ ```ruby
167
+ ability.actions
168
+ ```
169
+
132
170
  ## Contributing
133
171
 
134
172
  Bug reports and pull requests are welcome on GitHub at https://github.com/tieeeeen1994/controller_policies. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/tieeeeen1994/controller_policies/blob/master/CODE_OF_CONDUCT.md).
data/lib/ability.rb CHANGED
@@ -33,19 +33,23 @@ class Ability
33
33
  end
34
34
 
35
35
  # Filter abilities based on namespace.
36
- def where(query)
37
- case query.class.to_s
38
- when 'String'
39
- all.select { |ability| ability.namespace.to_s == trim(query).camelize }
40
- when 'Module', 'Class'
41
- all.select { |ability| ability.namespace == query }
36
+ def where(*queries)
37
+ results = []
38
+ queries.each do |query|
39
+ case query.class.to_s
40
+ when 'String'
41
+ results += all.select { |ability| ability.namespace.to_s == trim(query).camelize }
42
+ when 'Module', 'Class'
43
+ results += all.select { |ability| ability.namespace == query }
44
+ end
42
45
  end
46
+ results
43
47
  end
44
48
 
45
49
  # Find an ability within a namespace.
46
- def find(query_string)
47
- where(query_string).first
48
- end
50
+ # def find(query_string)
51
+ # where(query_string).first
52
+ # end
49
53
 
50
54
  # Match abilities based on a matching string or regex. The matcher is based on the namespace.
51
55
  def match(expression)
@@ -56,9 +60,9 @@ class Ability
56
60
  end
57
61
 
58
62
  # Find an ability based on a matching string or regex. The matcher is based on the namespace.
59
- def mill(expression)
60
- match(expression).first
61
- end
63
+ # def mill(expression)
64
+ # match(expression).first
65
+ # end
62
66
 
63
67
  # Path to the policy folder.
64
68
  def policy_path
@@ -19,10 +19,10 @@ module ControllerPolicies
19
19
 
20
20
  initializer 'controller_policies.autoloaders' do
21
21
  Rails.autoloaders.each do |autoloader|
22
- autoloader.ignore(Rails.root.join('app/policies'))
22
+ autoloader.ignore(Ability.policy_path)
23
23
  end
24
24
 
25
- Dir[Rails.root.join('app/policies/**/*.rb')].each { |definition| require definition }
25
+ Dir[Ability.policy_path.join('**/*.rb')].each { |definition| require definition }
26
26
  end
27
27
  end
28
28
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module ControllerPolicies
4
- VERSION = '0.1.0'
4
+ VERSION = '0.2.0'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: controller_policies
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tien
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-12 00:00:00.000000000 Z
11
+ date: 2024-05-07 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails