effective_roles 1.3.7 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d8341f843f44965055d3383dfe315f189492c335
-  data.tar.gz: ad687a36c11392260ae5fcc29797e9b78de69604
+  metadata.gz: 8a5e585f998b2061367570bc40dbff8085f877a6
+  data.tar.gz: a0fab03af238f58c876de0f477d14692391ea8ec
 SHA512:
-  metadata.gz: 27879df95d52bde6c48ab2625c3aeceeb7979d59aa5af59efe0633166532427b535fbb9999c47c903089a4609a3a8c1b24266f20524d0c496ec1773ac8407663
-  data.tar.gz: 5d3688519ff88bd21223cfe026e4628761cd4d886a84da7158c95bb005b4fc63f000d536c5b382266104b43e6d3ddc709f518c00fc51fbf37c1ea5b3b2154402
+  metadata.gz: df1780092055c2617a963a0949999fe988a5aa296f83f6e6ac1ee121d181c7924ac773f8dcc608b1fad274a1181f9b8b00f5b218e1c134cdd4529af656c14807
+  data.tar.gz: 50572e287aae3987ddb2142a7044993f5d87edf80e37ad753145f75210bb81f18d91eb6c5477678dc86735589a52737e69c728291f36900389219f66f7d1b9db

data/README.md

@@ -298,9 +298,6 @@ All roles are get/set through the roles and roles= methods.
 
 MIT License.  Copyright [Code and Effect Inc.](http://www.codeandeffect.com/)
 
-Code and Effect is the product arm of [AgileStyle](http://www.agilestyle.com/), an Edmonton-based shop that specializes in building custom web applications with Ruby on Rails.
-
-
 ## Credits
 
 This model implements the https://github.com/ryanb/cancan/wiki/Role-Based-Authorization multi role based authorization based on the roles_mask field

data/app/controllers/admin/roles_controller.rb

@@ -1,13 +1,13 @@
 module Admin
   class RolesController < ApplicationController
-    before_filter :authenticate_user!   # This is devise, ensure we're logged in.
+    respond_to?(:before_action) ? before_action(:authenticate_user!) : before_filter(:authenticate_user!) # Devise
 
     layout (EffectiveRoles.layout.kind_of?(Hash) ? EffectiveRoles.layout[:admin_roles] : EffectiveRoles.layout)
 
     def index
       @page_title = 'Roles'
 
-      EffectiveOrders.authorized?(self, :admin, :effective_roles)
+      EffectiveRoles.authorized?(self, :admin, :effective_roles)
     end
   end
 end

data/app/helpers/effective_roles_helper.rb

@@ -20,7 +20,7 @@ module EffectiveRolesHelper
     raise 'Expected argument to be a Hash' unless opts.kind_of?(Hash)
 
     roles = Array(opts[:roles]).presence
-    roles ||= EffectiveRoles.roles + [:signed_in, :signed_out]
+    roles ||= [:public, :signed_in] + EffectiveRoles.roles
 
     if opts[:only].present?
       klasses = Array(opts[:only])
@@ -68,7 +68,7 @@ module EffectiveRolesHelper
   def effective_roles_authorization_badge(level)
     case level
     when :manage
-      content_tag(:span, 'Full', class: 'label label-success')
+      content_tag(:span, 'Full', class: 'label label-primary')
     when :update
       content_tag(:span, 'Edit', class: 'label label-success')
     when :update_own
@@ -84,13 +84,13 @@ module EffectiveRolesHelper
     when :none
       content_tag(:span, 'No Access', class: 'label label-danger')
     when :yes
-      content_tag(:span, 'Yes', class: 'label label-success')
+      content_tag(:span, 'Yes', class: 'label label-primary')
     when :no
       content_tag(:span, 'No', class: 'label label-danger')
     when :unknown
       content_tag(:span, 'Unknown', class: 'label')
     else
-      content_tag(:span, level.to_s.titleize, class: 'label label-success')
+      content_tag(:span, level.to_s.titleize, class: 'label label-info')
     end
   end
 
@@ -101,7 +101,7 @@ module EffectiveRolesHelper
     klass = klass.keys.first if klass.kind_of?(Hash)
     label = (klass.respond_to?(:name) ? klass.name : klass.to_s)
 
-    ['Effective::Datatables::', 'Effective::'].each do |replace|
+    ['Effective::Datatables::'].each do |replace|
       label = label.sub(replace, '')
     end
 

data/app/models/effective/access_denied.rb

@@ -0,0 +1,17 @@
+unless defined?(Effective::AccessDenied)
+  module Effective
+    class AccessDenied < StandardError
+      attr_reader :action, :subject
+
+      def initialize(message = nil, action = nil, subject = nil)
+        @message = message
+        @action = action
+        @subject = subject
+      end
+
+      def to_s
+        @message || I18n.t(:'unauthorized.default', :default => 'Access Denied')
+      end
+    end
+  end
+end

data/app/views/admin/roles/index.html.haml

@@ -1,3 +1,8 @@
-%h2= @page_title
+%h1.effective-heading= @page_title
+
+- if defined?(CanCanCan)
+  %p The following roles are computed based on the ability.rb file.
+- else
+  %p The following roles are computed based on the configured authorization_method.
 
 = effective_roles_summary_table

data/app/views/effective/roles/_summary_table.html.haml

@@ -2,7 +2,11 @@
   %thead
     %th
     - roles.each do |role|
-      %th.text-center= role
+      %th.text-center
+        - if [:public, :signed_in].include?(role)
+          = role.to_s.titleize
+        - else
+          = ":#{role}"
   %tbody
     - klasses.each do |klass|
       %tr

data/{lib/generators/templates → config}/effective_roles.rb

@@ -80,17 +80,35 @@ EffectiveRoles.setup do |config|
   # }
 
 
-  # config.authorization_method_for_summary_table
-  # This has absolutely no affect on the any logic involving roles
-  # It's purely for the effective_roles_summary_table() helper method
+  # Authorization Method
+  #
+  # This doesn't have anything to do with the roles themselves.
+  # It's only used in two places:
+  # - For the effective_roles_summary_table() helper method
+  # - The /admin/roles page check
   #
   # It should match the authorization check used by your application
   #
-  # Use CanCan: can?(action, resource)
-  config.authorization_method_for_summary_table = Proc.new { |controller, action, resource| true }
+  # This method is called by all controller actions with the appropriate action and resource
+  # If the method returns false, an Effective::AccessDenied Error will be raised (see README.md for complete info)
+  #
+  # Use via Proc (and with CanCan):
+  # config.authorization_method = Proc.new { |controller, action, resource| can?(action, resource) }
+  #
+  # Use via custom method:
+  # config.authorization_method = :my_authorization_method
+  #
+  # And then in your application_controller.rb:
+  #
+  # def my_authorization_method(action, resource)
+  #   current_user.is?(:admin)
+  # end
+  #
+  # Or disable the check completely:
+  # config.authorization_method = false
+  config.authorization_method = Proc.new { |controller, action, resource| authorize!(action, resource) } # CanCanCan
 
   # Layout Settings
   # Configure the Layout per controller, or all at once
   config.layout = 'application'
-
 end

data/lib/effective_roles.rb

@@ -10,12 +10,19 @@ module EffectiveRoles
   mattr_accessor :assignable_roles
   mattr_accessor :disabled_roles
 
-  mattr_accessor :authorization_method_for_summary_table
+  mattr_accessor :authorization_method
 
   def self.setup
     yield self
   end
 
+  def self.authorized?(controller, action, resource)
+    if authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol)
+      raise Effective::AccessDenied.new() unless (controller || self).instance_exec(controller, action, resource, &authorization_method)
+    end
+    true
+  end
+
   # This method converts whatever is given into its roles
   # Pass an object, Integer, or Symbol to find corresponding role
   def self.roles_for(obj)
@@ -61,7 +68,7 @@ module EffectiveRoles
 
   # This is used by the effective_roles_summary_table helper method
   def self.authorization_level(controller, role, resource)
-    return :unknown unless (authorization_method_for_summary_table.respond_to?(:call) || authorization_method_for_summary_table.kind_of?(Symbol))
+    return :unknown unless (authorization_method.respond_to?(:call) || authorization_method.kind_of?(Symbol))
     return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
 
     # Store the current ability (cancan support) and roles
@@ -72,10 +79,12 @@ module EffectiveRoles
     # Set up the user, so the check is done with the desired permission level
     controller.instance_variable_set(:@current_ability, nil)
 
+    level = nil
+
     case role
     when :signed_in
       controller.current_user.roles = []
-    when :signed_out
+    when :public
       controller.instance_variable_set(:@current_user, nil)
 
       if defined?(EffectiveLogging) && EffectiveLogging.respond_to?(:supressed?)
@@ -88,14 +97,18 @@ module EffectiveRoles
     end
 
     # Find the actual authorization level
-    level = _authorization_level(controller, role, resource, authorization_method_for_summary_table)
+    level = _authorization_level(controller, role, resource, authorization_method)
 
     # Restore the existing current_user stuff
-    if role == :signed_out
-      if defined?(EffectiveLogging) && EffectiveLogging.respond_to?(:supressed?)
-        EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
-      else
-        (controller.request.env['warden'].set_user(current_user) rescue nil)
+    if role == :public
+      ActiveRecord::Base.transaction do
+        if defined?(EffectiveLogging) && EffectiveLogging.respond_to?(:supressed?)
+          EffectiveLogging.supressed { (controller.request.env['warden'].set_user(current_user) rescue nil) }
+        else
+          (controller.request.env['warden'].set_user(current_user) rescue nil)
+        end
+
+        raise ActiveRecord::Rollback
       end
     end
 

data/lib/effective_roles/engine.rb

@@ -20,7 +20,7 @@ module EffectiveRoles
 
     # Set up our default configuration options.
     initializer "effective_roles.defaults", :before => :load_config_initializers do |app|
-      eval File.read("#{config.root}/lib/generators/templates/effective_roles.rb")
+      eval File.read("#{config.root}/config/effective_roles.rb")
     end
 
   end

data/lib/effective_roles/version.rb

@@ -1,3 +1,3 @@
 module EffectiveRoles
-  VERSION = '1.3.7'.freeze
+  VERSION = '1.4.0'.freeze
 end

data/lib/generators/effective_roles/install_generator.rb

@@ -1,16 +1,12 @@
 module EffectiveRoles
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      desc "Creates an EffectiveRoles initializer in your application."
+      desc 'Creates an EffectiveRoles initializer in your application.'
 
-      source_root File.expand_path("../../templates", __FILE__)
+      source_root File.expand_path('../../templates', __FILE__)
 
       def copy_initializer
-        template "effective_roles.rb", "config/initializers/effective_roles.rb"
-      end
-
-      def show_readme
-        readme "README" if behavior == :invoke
+        template ('../' * 3) + 'config/effective_roles.rb', 'config/initializers/effective_roles.rb'
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_roles
 version: !ruby/object:Gem::Version
-  version: 1.3.7
+  version: 1.4.0
 platform: ruby
 authors:
 - Code and Effect
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-03-08 00:00:00.000000000 Z
+date: 2016-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -165,16 +165,16 @@ files:
 - app/controllers/admin/roles_controller.rb
 - app/helpers/effective_roles_helper.rb
 - app/models/concerns/acts_as_role_restricted.rb
+- app/models/effective/access_denied.rb
 - app/views/admin/roles/index.html.haml
 - app/views/effective/roles/_roles_fields.html.haml
 - app/views/effective/roles/_summary_table.html.haml
+- config/effective_roles.rb
 - config/routes.rb
 - lib/effective_roles.rb
 - lib/effective_roles/engine.rb
 - lib/effective_roles/version.rb
 - lib/generators/effective_roles/install_generator.rb
-- lib/generators/templates/README
-- lib/generators/templates/effective_roles.rb
 - lib/tasks/effective_roles_tasks.rake
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile

data/lib/generators/templates/README

@@ -1 +0,0 @@
-Thanks for using EffectiveRoles