dscf-payment 0.1.8 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/bypass/bypass.rb +42 -0
- data/app/controllers/dscf/payment/application_controller.rb +33 -0
- data/app/controllers/dscf/payment/payment_requests_controller.rb +1 -1
- data/app/controllers/dscf/payment/payments_controller.rb +1 -0
- data/lib/dscf/payment/version.rb +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9b5116a4b95714fdf6a96b3f228adee2b18b4de5e79f25758114a0350752e476
|
|
4
|
+
data.tar.gz: 562407c99ff44e1d93531ed2f1d3cf77b498fc22571af1835d150cc24e7346ff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 90fcef25348fe02e322c5074302d7322c7be0bbf71d8fe1161d478ef074498c62ed325a44a5532de7ae2150f2f55c69f377f937c81cd297a57688c8f3ca840e8
|
|
7
|
+
data.tar.gz: 315d96e31c7f0f70d7fc87c7c58bbcbc681e6dee2b30500449d6e8b83308cfc87a7c081ff7564ef099d7da4cd5db06582589bd94b3dbe046fed5ac9cfa377914
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module Dscf
|
|
2
|
+
module Banking
|
|
3
|
+
class ApplicationController < ActionController::API
|
|
4
|
+
include Dscf::Core::Authenticatable
|
|
5
|
+
include Dscf::Core::JsonResponse
|
|
6
|
+
before_action :authenticate_user
|
|
7
|
+
before_action :demo_bypass_permissions!
|
|
8
|
+
|
|
9
|
+
# TEMPORARY DEMO BYPASS:
|
|
10
|
+
# Bypass banking authorization checks for authenticated users only.
|
|
11
|
+
# Remove after the demo.
|
|
12
|
+
def bypass_permissions_for_demo?
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def pundit_user
|
|
17
|
+
user = current_user
|
|
18
|
+
return nil unless user
|
|
19
|
+
|
|
20
|
+
bypass_permissions_on_user!(user)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
private
|
|
24
|
+
|
|
25
|
+
def demo_bypass_permissions!
|
|
26
|
+
skip_authorization if respond_to?(:skip_authorization, true)
|
|
27
|
+
skip_policy_scope if respond_to?(:skip_policy_scope, true)
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def bypass_permissions_on_user!(user)
|
|
31
|
+
return user if user.instance_variable_defined?(:@_banking_demo_permission_bypass)
|
|
32
|
+
|
|
33
|
+
user.define_singleton_method(:has_permission?) { |_permission_code| true }
|
|
34
|
+
user.define_singleton_method(:can?) { |permission_code| has_permission?(permission_code) }
|
|
35
|
+
user.define_singleton_method(:super_admin?) { true }
|
|
36
|
+
user.instance_variable_set(:@_banking_demo_permission_bypass, true)
|
|
37
|
+
|
|
38
|
+
user
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -8,6 +8,23 @@ module Dscf
|
|
|
8
8
|
# Handle CORS for authentication
|
|
9
9
|
before_action :set_cors_headers
|
|
10
10
|
|
|
11
|
+
before_action :authenticate_user
|
|
12
|
+
before_action :demo_bypass_permissions!
|
|
13
|
+
|
|
14
|
+
# TEMPORARY DEMO BYPASS:
|
|
15
|
+
# Bypass payment authorization checks for authenticated users only.
|
|
16
|
+
# Remove after the demo.
|
|
17
|
+
def bypass_permissions_for_demo?
|
|
18
|
+
true
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def pundit_user
|
|
22
|
+
user = current_user
|
|
23
|
+
return nil unless user
|
|
24
|
+
|
|
25
|
+
bypass_permissions_on_user!(user)
|
|
26
|
+
end
|
|
27
|
+
|
|
11
28
|
private
|
|
12
29
|
|
|
13
30
|
def set_cors_headers
|
|
@@ -17,6 +34,22 @@ module Dscf
|
|
|
17
34
|
headers["Access-Control-Allow-Credentials"] = "false"
|
|
18
35
|
end
|
|
19
36
|
|
|
37
|
+
def demo_bypass_permissions!
|
|
38
|
+
skip_authorization if respond_to?(:skip_authorization, true)
|
|
39
|
+
skip_policy_scope if respond_to?(:skip_policy_scope, true)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def bypass_permissions_on_user!(user)
|
|
43
|
+
return user if user.instance_variable_defined?(:@_payment_demo_permission_bypass)
|
|
44
|
+
|
|
45
|
+
user.define_singleton_method(:has_permission?) { |_permission_code| true }
|
|
46
|
+
user.define_singleton_method(:can?) { |permission_code| has_permission?(permission_code) }
|
|
47
|
+
user.define_singleton_method(:super_admin?) { true }
|
|
48
|
+
user.instance_variable_set(:@_payment_demo_permission_bypass, true)
|
|
49
|
+
|
|
50
|
+
user
|
|
51
|
+
end
|
|
52
|
+
|
|
20
53
|
def authentication_required?
|
|
21
54
|
false # Override in specific controllers
|
|
22
55
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Dscf::Payment
|
|
2
2
|
class PaymentRequestsController < ApplicationController
|
|
3
|
-
skip_before_action :authorize, only: [:process_payment]
|
|
4
3
|
include Dscf::Core::Common
|
|
4
|
+
include Dscf::Payment::DemoPermissionBypass
|
|
5
5
|
|
|
6
6
|
rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
|
|
7
7
|
|
data/lib/dscf/payment/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dscf-payment
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Asrat
|
|
@@ -460,6 +460,7 @@ files:
|
|
|
460
460
|
- MIT-LICENSE
|
|
461
461
|
- README.md
|
|
462
462
|
- Rakefile
|
|
463
|
+
- app/bypass/bypass.rb
|
|
463
464
|
- app/controllers/dscf/payment/application_controller.rb
|
|
464
465
|
- app/controllers/dscf/payment/payment_requests_controller.rb
|
|
465
466
|
- app/controllers/dscf/payment/payments_controller.rb
|