exits 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/README.md +43 -34
- data/lib/exits/rules.rb +1 -0
- data/lib/exits/version.rb +1 -1
- data/test/test_controller.rb +7 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
YzllMzlhZmZlMjNhNzhiNzRkN2NiMDIyMDFhZjI5YWM4OTRhZjk0Zg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
YmQ0YjNmMTAwODM3YjEwMDFmNTM1ZmFlZWEyZGJiMjlhMTcxNjZlZA==
|
7
7
|
!binary "U0hBNTEy":
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
MWE2ODkyMGFjYjgxYTBmOTNjOTkxNmUzNzcxNTQ4ZDc2ZDkyMTkxY2M3MjAy
|
10
|
+
M2NlYWQwOTQ0OTBhYjIzZTFmODdkMzE3ZDgyMjg3M2M2NWFiNDRjYjJmMWNk
|
11
|
+
YjUwZDQ2ODQ3N2Q4ZDIxMTQ1OGY4MmVmNTU3OWQ0ODMyZGIyMmE=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
NmNkYjQ1NmVmZTEyMjQ5NzA3YjkxYmMzODE2MjA2NGFlZmEwNzU4ZTcwMTZj
|
14
|
+
YzUwYWRiNDNkODhhMzM5NTYwMzM1MTFhN2YwZTI3ZDhkOWM2NWFkYmU2MTEz
|
15
|
+
ODIyOWEyY2YxNDc5NDBiMGRhN2FkMjY4ZmViZWM4OWQ2NzQxYzA=
|
data/README.md
CHANGED
@@ -11,28 +11,30 @@ Designed with an emphasis on readability, it also is designed to work with your
|
|
11
11
|
|
12
12
|
Let's assume you have Admin & User and want to let admin have access to everything and restrict User to edit their own stuff.
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
14
|
+
```ruby
|
15
|
+
# controllers/application_controller.rb
|
16
|
+
class ApplicationController < ActionController::Base
|
17
|
+
before_action :restrict_routes!
|
18
|
+
end
|
19
|
+
|
20
|
+
# controllers/posts_controller.rb
|
21
|
+
class PostsController < ActionController::Base
|
22
|
+
allow Admin, :all
|
23
|
+
allow User, :show, :new, :create, :edit
|
24
|
+
|
25
|
+
def admin
|
26
|
+
end
|
27
|
+
|
28
|
+
def edit
|
29
|
+
@post = Post.find params[:id].to_i
|
30
|
+
allow! User do
|
31
|
+
current_user.eql? @post.user
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
```
|
36
|
+
|
37
|
+
First of all, for Exits to work, you need to add `before_action :restrict_routes!` to your ApplicationController.
|
36
38
|
|
37
39
|
Exits takes a very strict approach to handling access. If you don't allow access to an action for a given user class, _it won't be authorized to access such action._
|
38
40
|
|
@@ -51,30 +53,37 @@ When a user is unauthorized the default behavior is to set a flash message and r
|
|
51
53
|
|
52
54
|
You can override this behavior.
|
53
55
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
56
|
+
```ruby
|
57
|
+
# controllers/application_controller.rb
|
58
|
+
class ApplicationController < ActionController::Base
|
59
|
+
before_action :restrict_routes!
|
60
|
+
|
61
|
+
def unauthorized (exception)
|
62
|
+
# Handle unauthorized user here
|
63
|
+
end
|
64
|
+
end
|
65
|
+
```
|
63
66
|
|
64
67
|
## Installation
|
65
68
|
|
66
69
|
Add this line to your application's Gemfile:
|
67
70
|
|
68
|
-
|
71
|
+
```ruby
|
72
|
+
gem 'exits'
|
73
|
+
```
|
69
74
|
|
70
75
|
And then execute:
|
71
76
|
|
72
|
-
|
77
|
+
```bash
|
78
|
+
$ bundle
|
79
|
+
```
|
73
80
|
|
74
81
|
## Test
|
75
82
|
Exits comes with a test suite.
|
76
83
|
|
77
|
-
|
84
|
+
```bash
|
85
|
+
$ rake test
|
86
|
+
```
|
78
87
|
|
79
88
|
## Contributing
|
80
89
|
|
data/lib/exits/rules.rb
CHANGED
data/lib/exits/version.rb
CHANGED
data/test/test_controller.rb
CHANGED
@@ -43,6 +43,13 @@ describe Exits::ActionController::Helpers do
|
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
46
|
+
it 'should authorize if no user exists (Guest)' do
|
47
|
+
@controller.action_name = :index
|
48
|
+
@controller.current_user = nil
|
49
|
+
|
50
|
+
assert @controller.class.rules.authorized? @controller.class, @controller.current_user.class, @controller.action_name
|
51
|
+
end
|
52
|
+
|
46
53
|
it 'should not authorize a user at the action level' do
|
47
54
|
@controller.action_name = :edit
|
48
55
|
@controller.current_user = User.new
|