cuba-api 0.6.2 → 0.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/lib/cuba_api.rb +19 -0
- data/lib/cuba_api/guard.rb +16 -2
- data/spec/guard_spec.rb +6 -6
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 10e2d38b71c73518d8dc210febc45beb6839678e
|
|
4
|
+
data.tar.gz: 3021c0638361a9ec6891a48a34f0aee6d413eef8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c7e2615360b8c22f90d11d9cc24e0108326b6e9e676da31edc713bbdece45c218cf79d82c4a9486c007d80f5af0db2d1dd27e5d02c379dd905173a8ef73578f3
|
|
7
|
+
data.tar.gz: 6c7676016b48332b795e2640dc899f506c05cd47eff024014ef2bac23ac9cc99ef8e4ff7c41b64aef540bafd97791f18315aa878af7d24f8b1d4f87a63997ecb
|
data/README.md
CHANGED
|
@@ -5,7 +5,7 @@ cuba-api
|
|
|
5
5
|
* [](https://gemnasium.com/mkristian/cuba-api)
|
|
6
6
|
* [](https://codeclimate.com/github/mkristian/cuba-api)
|
|
7
7
|
|
|
8
|
-
these are just a handful for [cuba](https://github.com/soveran/cuba)
|
|
8
|
+
these are just a handful plugins for [cuba](https://github.com/soveran/cuba) it as API server.
|
|
9
9
|
|
|
10
10
|
security
|
|
11
11
|
--------
|
data/lib/cuba_api.rb
CHANGED
|
@@ -31,6 +31,25 @@ require 'cuba_api/aspects/response_status'
|
|
|
31
31
|
|
|
32
32
|
class CubaAPI < Cuba
|
|
33
33
|
|
|
34
|
+
class Response < Cuba::Response
|
|
35
|
+
|
|
36
|
+
def self.new
|
|
37
|
+
Thread.current[ :cuba_api_response ] ||= super
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def initialize( status = 404,
|
|
41
|
+
headers = { "Content-Type" => "text/plain; charset=utf-8" } )
|
|
42
|
+
super
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def finish
|
|
46
|
+
Thread.current[ :cuba_api_response ] = nil
|
|
47
|
+
super
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
settings[ :res ] = CubaAPI::Response
|
|
52
|
+
|
|
34
53
|
plugin CubaApi::Config
|
|
35
54
|
plugin CubaApi::Loggers
|
|
36
55
|
plugin CubaApi::Aspects
|
data/lib/cuba_api/guard.rb
CHANGED
|
@@ -22,6 +22,10 @@
|
|
|
22
22
|
|
|
23
23
|
require 'ixtlan/user_management/guard'
|
|
24
24
|
|
|
25
|
+
# TODO move to upstream
|
|
26
|
+
class Ixtlan::UserManagement::GuardException < StandardError
|
|
27
|
+
end
|
|
28
|
+
|
|
25
29
|
# TODO move to upstream
|
|
26
30
|
class Ixtlan::UserManagement::Permission
|
|
27
31
|
attribute :parent, Ixtlan::UserManagement::Permission
|
|
@@ -48,7 +52,11 @@ module CubaApi
|
|
|
48
52
|
end
|
|
49
53
|
|
|
50
54
|
def current_groups
|
|
51
|
-
current_user
|
|
55
|
+
if current_user
|
|
56
|
+
current_user.groups
|
|
57
|
+
else
|
|
58
|
+
[]
|
|
59
|
+
end
|
|
52
60
|
end
|
|
53
61
|
|
|
54
62
|
def allowed_associations
|
|
@@ -56,12 +64,18 @@ module CubaApi
|
|
|
56
64
|
end
|
|
57
65
|
|
|
58
66
|
def on_context( name, &block )
|
|
59
|
-
guard.check_parent( name, guard_context )
|
|
60
67
|
on name do
|
|
61
68
|
begin
|
|
69
|
+
guard.check_parent( name, guard_context )
|
|
62
70
|
old = guard_context
|
|
63
71
|
guard_context( name )
|
|
64
72
|
yield( *captures )
|
|
73
|
+
rescue Ixtlan::UserManagement::GuardException
|
|
74
|
+
if respond_to?( :authenticated? ) && authenticated?
|
|
75
|
+
no_body :not_found
|
|
76
|
+
else
|
|
77
|
+
no_body :forbidden
|
|
78
|
+
end
|
|
65
79
|
ensure
|
|
66
80
|
guard_context( old )
|
|
67
81
|
end
|
data/spec/guard_spec.rb
CHANGED
|
@@ -81,7 +81,7 @@ describe CubaApi::Guard do
|
|
|
81
81
|
|
|
82
82
|
describe 'guarded context with nested context' do
|
|
83
83
|
|
|
84
|
-
it 'should
|
|
84
|
+
it 'should response forbidden' do
|
|
85
85
|
env = { 'PATH_INFO' => '/users/accounts',
|
|
86
86
|
'SCRIPT_NAME' => '/users/accounts' }
|
|
87
87
|
|
|
@@ -94,7 +94,8 @@ describe CubaApi::Guard do
|
|
|
94
94
|
end
|
|
95
95
|
|
|
96
96
|
env[ 'REQUEST_METHOD' ] = 'GET'
|
|
97
|
-
|
|
97
|
+
status, _, _ = Cuba.call( env )
|
|
98
|
+
status.must.eq 403
|
|
98
99
|
end
|
|
99
100
|
|
|
100
101
|
it 'allow all' do
|
|
@@ -124,10 +125,9 @@ describe CubaApi::Guard do
|
|
|
124
125
|
|
|
125
126
|
describe 'guarded context with association' do
|
|
126
127
|
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
}
|
|
128
|
+
before do
|
|
129
|
+
env[ 'PATH_INFO' ] = '/users/42'
|
|
130
|
+
env[ 'SCRIPT_NAME'] = '/users/42'
|
|
131
131
|
end
|
|
132
132
|
|
|
133
133
|
it 'denies all requests without associated id' do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cuba-api
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Christian Meier
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2014-02-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cuba
|