dynamican 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -0
- data/dynamican.gemspec +1 -1
- data/lib/dynamican.rb +1 -0
- data/lib/dynamican/authorization.rb +25 -0
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ee2ebd9f3470a7ad1002ee3344a357fc1549e8065dffc09986f9c466577de8a9
|
|
4
|
+
data.tar.gz: e1cac4d8aa2b6f209dc6885cebe31d9ec5548af8578514aa9bf44fe1836fb697
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 63e6761a9fed8385830c6f10697a0448ec08a8e2a781612ac54544ed810635bbfec6006c26e5054b653131a495815c6da5ed1842e11262736f9b1a274c9b0882
|
|
7
|
+
data.tar.gz: be88310e037fb8cb2e71af8f8616f1441a2963b4b65a6599762e92b6800e30cec6ede2216c5558d2ff8c8ffc7407c94e866c5894a3f8e15c31517dcb213ac5a6
|
data/README.md
CHANGED
|
@@ -120,3 +120,7 @@ You can apply the scope `for_action(action_name)` to Permission to find permissi
|
|
|
120
120
|
There is a `for_item(item_name)` scope, which turns to string and then classifies automatically the argument to match it with the classified item name. The scope filters all Permission records that have an item with the specified name in its items list.
|
|
121
121
|
There is also a `without_item` scope to filter records that are not linked to any item.
|
|
122
122
|
As mentioned before, you can also use `conditional` and `unconditional` scopes to find objects with or without any condition attached.
|
|
123
|
+
|
|
124
|
+
### Controller usage
|
|
125
|
+
|
|
126
|
+
Your controllers now all have the `authorize!` method, which accepts one or two arguments: the first is the action, and the second (optional) is the item (or list of items) you want to check permissions for. As you can see, the usage is similar to the `can?` method. The reason is that is actually calls that method on the instance of `@current_user` and, whether permissions are evaluated as false, it raises an exception which is rescued by an `unauthorized` response rendered.
|
data/dynamican.gemspec
CHANGED
data/lib/dynamican.rb
CHANGED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
module Dynamican
|
|
2
|
+
module Authorization
|
|
3
|
+
extend ActiveSupport::Concern
|
|
4
|
+
|
|
5
|
+
class UnauthorizedResource < StandardError; end
|
|
6
|
+
|
|
7
|
+
included do
|
|
8
|
+
rescue_from UnauthorizedResource, with: :unauthorized
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def authorize!(action, item = nil)
|
|
12
|
+
raise UnauthorizedResource unless @current_user.can? action, item
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def unauthorized
|
|
16
|
+
render status: :unauthorized
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
if defined? ActiveSupport
|
|
22
|
+
ActiveSupport.on_load(:action_controller) do
|
|
23
|
+
include Dynamican::Authorization
|
|
24
|
+
end
|
|
25
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dynamican
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Valerio Bellaveglia
|
|
@@ -20,6 +20,7 @@ files:
|
|
|
20
20
|
- README.md
|
|
21
21
|
- dynamican.gemspec
|
|
22
22
|
- lib/dynamican.rb
|
|
23
|
+
- lib/dynamican/authorization.rb
|
|
23
24
|
- lib/dynamican/evaluator.rb
|
|
24
25
|
- lib/dynamican/model.rb
|
|
25
26
|
- lib/generators/dynamican_migration_generator.rb
|