effective_datatables 3.3.6 → 3.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/effective/datatables_controller.rb +2 -2
- data/app/helpers/effective_datatables_helper.rb +1 -3
- data/app/models/effective/effective_datatable/format.rb +22 -37
- data/app/views/effective/datatables/_actions_column.html.haml +6 -9
- data/app/views/effective/datatables/_resource_column.html.haml +6 -6
- data/config/effective_datatables.rb +14 -13
- data/lib/effective_datatables/version.rb +1 -1
- data/lib/effective_datatables.rb +13 -3
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6e5ba7e9014cdedb565e735b68524303cbfaa929
|
4
|
+
data.tar.gz: 1ac9fef5c0813e8de5a8dd165b4cc19172980e23
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 892e67bedf81da91c2a66f9ac1e3fcf58dd4727503ca7336de967eea241a0b0fcc1b7749e428fd44af72192cbba4c2bef66c85e6a553806e6e8b54f33b2e79d4
|
7
|
+
data.tar.gz: f73e528fd21c6934bc6f0219554c33947c6e1e054059da70a38f1e561ebe7ecf0c171162e6a030feb17b0086ea344484ca87151d1976a706d4f3e3e3548402bf
|
@@ -8,11 +8,11 @@ module Effective
|
|
8
8
|
@datatable = find_datatable(params[:id]).try(:new) || raise('unable to find datatable')
|
9
9
|
@datatable.view = view_context
|
10
10
|
|
11
|
-
EffectiveDatatables.
|
11
|
+
EffectiveDatatables.authorize!(self, :index, @datatable.collection_class)
|
12
12
|
|
13
13
|
render json: @datatable.to_json
|
14
14
|
rescue => e
|
15
|
-
|
15
|
+
EffectiveDatatables.authorized?(self, :index, @datatable.try(:collection_class))
|
16
16
|
|
17
17
|
render json: error_json(e)
|
18
18
|
end
|
@@ -6,9 +6,7 @@ module EffectiveDatatablesHelper
|
|
6
6
|
|
7
7
|
datatable.view ||= self
|
8
8
|
|
9
|
-
|
10
|
-
EffectiveDatatables.authorized?(controller, :index, datatable.collection_class) || raise(Effective::AccessDenied)
|
11
|
-
rescue Effective::AccessDenied => e
|
9
|
+
unless EffectiveDatatables.authorized?(controller, :index, datatable.collection_class)
|
12
10
|
return content_tag(:p, "You are not authorized to view this datatable. (cannot :index, #{datatable.collection_class})")
|
13
11
|
end
|
14
12
|
|
@@ -103,57 +103,42 @@ module Effective
|
|
103
103
|
|
104
104
|
def actions_col_locals(opts)
|
105
105
|
return {} unless opts[:as] == :actions
|
106
|
-
return { show_path: false, edit_path: false, destroy_path: false } unless active_record_collection?
|
107
106
|
|
108
|
-
locals = {
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
locals[:edit_path] = false
|
124
|
-
end
|
125
|
-
|
126
|
-
if locals[:destroy_action] && (EffectiveDatatables.authorized?(view.controller, :destroy, collection_class) rescue false)
|
127
|
-
locals[:destroy_path] = resource.destroy_path(check: true)
|
128
|
-
else
|
129
|
-
locals[:destroy_path] = false
|
130
|
-
end
|
131
|
-
|
132
|
-
locals
|
107
|
+
locals = {
|
108
|
+
show_action: (
|
109
|
+
active_record_collection? && opts[:show] && resource.routes[:show] &&
|
110
|
+
EffectiveDatatables.authorized?(view.controller, :show, collection_class)
|
111
|
+
),
|
112
|
+
edit_action: (
|
113
|
+
active_record_collection? && opts[:edit] && resource.routes[:edit] &&
|
114
|
+
EffectiveDatatables.authorized?(view.controller, :edit, collection_class)
|
115
|
+
),
|
116
|
+
destroy_action: (
|
117
|
+
active_record_collection? && opts[:destroy] && resource.routes[:destroy] &&
|
118
|
+
EffectiveDatatables.authorized?(view.controller, :destroy, collection_class)
|
119
|
+
),
|
120
|
+
effective_resource: resource
|
121
|
+
}
|
133
122
|
end
|
134
123
|
|
135
124
|
def resource_col_locals(opts)
|
136
125
|
return {} unless (resource = opts[:resource]).present?
|
137
126
|
|
138
|
-
locals = { name: opts[:name],
|
127
|
+
locals = { name: opts[:name], effective_resource: resource, show_action: false, edit_action: false }
|
139
128
|
|
140
129
|
case opts[:action]
|
141
130
|
when :edit
|
142
|
-
|
143
|
-
locals[:edit_path] = resource.edit_path(check: true)
|
144
|
-
end
|
131
|
+
locals[:edit_action] = (resource.routes[:edit] && EffectiveDatatables.authorized?(view.controller, :edit, resource.klass))
|
145
132
|
when :show
|
146
|
-
|
147
|
-
locals[:show_path] = resource.show_path(check: true)
|
148
|
-
end
|
133
|
+
locals[:show_action] = (resource.routes[:show] && EffectiveDatatables.authorized?(view.controller, :show, resource.klass))
|
149
134
|
when false
|
150
135
|
# Nothing
|
151
136
|
else
|
152
137
|
# Fallback to defaults - check edit then show
|
153
|
-
if
|
154
|
-
locals[:
|
155
|
-
elsif
|
156
|
-
locals[:
|
138
|
+
if resource.routes[:edit] && EffectiveDatatables.authorized?(view.controller, :edit, resource.klass)
|
139
|
+
locals[:edit_action] = true
|
140
|
+
elsif resource.routes[:show] && EffectiveDatatables.authorized?(view.controller, :show, resource.klass)
|
141
|
+
locals[:show_action] = true
|
157
142
|
end
|
158
143
|
end
|
159
144
|
|
@@ -1,11 +1,8 @@
|
|
1
|
-
- if
|
2
|
-
|
3
|
-
= show_icon_to send(show_path, resource.to_param)
|
1
|
+
- if show_action && EffectiveDatatables.authorized?(self, :show, resource)
|
2
|
+
= show_icon_to effective_resource.action_path(:show, resource)
|
4
3
|
|
5
|
-
- if
|
6
|
-
|
7
|
-
= edit_icon_to send(edit_path, resource.to_param)
|
4
|
+
- if edit_action && EffectiveDatatables.authorized?(self, :edit, resource)
|
5
|
+
= edit_icon_to effective_resource.action_path(:edit, resource)
|
8
6
|
|
9
|
-
- if
|
10
|
-
|
11
|
-
= destroy_icon_to send(destroy_path, resource.to_param), data: { method: :delete, confirm: "Delete #{resource}?" }
|
7
|
+
- if destroy_action && EffectiveDatatables.authorized?(self, :destroy, resource)
|
8
|
+
= destroy_icon_to effective_resource.action_path(:destroy, resource), data: { method: :delete, confirm: "Delete #{resource}?" }
|
@@ -1,8 +1,8 @@
|
|
1
|
-
- Array(datatable.array_collection? ? resource : resource.send(name)).each do |
|
1
|
+
- Array(datatable.array_collection? ? resource : resource.send(name)).each do |resource|
|
2
2
|
.col-resource_item
|
3
|
-
- if
|
4
|
-
= link_to
|
5
|
-
- elsif
|
6
|
-
= link_to
|
3
|
+
- if show_action
|
4
|
+
= link_to resource.to_s, effective_resource.action_path(:show, resource), title: resource.to_s
|
5
|
+
- elsif edit_action
|
6
|
+
= link_to resource.to_s, effective_resource.action_path(:edit, resource), title: resource.to_s
|
7
7
|
- else
|
8
|
-
=
|
8
|
+
= resource.to_s.html_safe
|
@@ -2,23 +2,24 @@ EffectiveDatatables.setup do |config|
|
|
2
2
|
# Authorization Method
|
3
3
|
#
|
4
4
|
# This method is called by all controller actions with the appropriate action and resource
|
5
|
-
# If
|
5
|
+
# If it raises an exception or returns false, an Effective::AccessDenied Error will be raised
|
6
6
|
#
|
7
|
-
# Use via Proc
|
8
|
-
#
|
7
|
+
# Use via Proc:
|
8
|
+
# Proc.new { |controller, action, resource| authorize!(action, resource) } # CanCan
|
9
|
+
# Proc.new { |controller, action, resource| can?(action, resource) } # CanCan with skip_authorization_check
|
10
|
+
# Proc.new { |controller, action, resource| authorize "#{action}?", resource } # Pundit
|
11
|
+
# Proc.new { |controller, action, resource| current_user.is?(:admin) } # Custom logic
|
9
12
|
#
|
10
|
-
# Use via
|
11
|
-
# config.authorization_method =
|
12
|
-
#
|
13
|
-
# And then in your application_controller.rb:
|
13
|
+
# Use via Boolean:
|
14
|
+
# config.authorization_method = true # Always authorized
|
15
|
+
# config.authorization_method = false # Always unauthorized
|
14
16
|
#
|
15
|
-
#
|
16
|
-
#
|
17
|
+
# Use via Method (probably in your application_controller.rb):
|
18
|
+
# config.authorization_method = :my_authorization_method
|
19
|
+
# def my_authorization_method(resource, action)
|
20
|
+
# true
|
17
21
|
# end
|
18
|
-
|
19
|
-
# Or disable the check completely:
|
20
|
-
# config.authorization_method = false
|
21
|
-
config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) } # CanCanCan
|
22
|
+
config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) }
|
22
23
|
|
23
24
|
# Default number of entries shown per page
|
24
25
|
# Valid options are: 5, 10, 25, 50, 100, 250, 500, :all
|
data/lib/effective_datatables.rb
CHANGED
@@ -17,10 +17,20 @@ module EffectiveDatatables
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def self.authorized?(controller, action, resource)
|
20
|
-
if
|
21
|
-
|
20
|
+
@_exceptions ||= [Effective::AccessDenied, (CanCan::AccessDenied if defined?(CanCan)), (Pundit::NotAuthorizedError if defined?(Pundit))].compact
|
21
|
+
|
22
|
+
return !!authorization_method unless authorization_method.respond_to?(:call)
|
23
|
+
controller = controller.controller if controller.respond_to?(:controller) # Do the right thing with a view
|
24
|
+
|
25
|
+
begin
|
26
|
+
!!(controller || self).instance_exec((controller || self), action, resource, &authorization_method)
|
27
|
+
rescue *@_exceptions
|
28
|
+
false
|
22
29
|
end
|
23
|
-
|
30
|
+
end
|
31
|
+
|
32
|
+
def self.authorize!(controller, action, resource)
|
33
|
+
raise Effective::AccessDenied unless authorized?(controller, action, resource)
|
24
34
|
end
|
25
35
|
|
26
36
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: effective_datatables
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.3.
|
4
|
+
version: 3.3.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Code and Effect
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-11-
|
11
|
+
date: 2017-11-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -44,14 +44,14 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - ">="
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 0.
|
47
|
+
version: 0.7.0
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 0.
|
54
|
+
version: 0.7.0
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: sass-rails
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|