exits 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/README.md +43 -34
- data/lib/exits/rules.rb +1 -0
- data/lib/exits/version.rb +1 -1
- data/test/test_controller.rb +7 -0
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
YzllMzlhZmZlMjNhNzhiNzRkN2NiMDIyMDFhZjI5YWM4OTRhZjk0Zg==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
YmQ0YjNmMTAwODM3YjEwMDFmNTM1ZmFlZWEyZGJiMjlhMTcxNjZlZA==
|
7
7
|
!binary "U0hBNTEy":
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
MWE2ODkyMGFjYjgxYTBmOTNjOTkxNmUzNzcxNTQ4ZDc2ZDkyMTkxY2M3MjAy
|
10
|
+
M2NlYWQwOTQ0OTBhYjIzZTFmODdkMzE3ZDgyMjg3M2M2NWFiNDRjYjJmMWNk
|
11
|
+
YjUwZDQ2ODQ3N2Q4ZDIxMTQ1OGY4MmVmNTU3OWQ0ODMyZGIyMmE=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
NmNkYjQ1NmVmZTEyMjQ5NzA3YjkxYmMzODE2MjA2NGFlZmEwNzU4ZTcwMTZj
|
14
|
+
YzUwYWRiNDNkODhhMzM5NTYwMzM1MTFhN2YwZTI3ZDhkOWM2NWFkYmU2MTEz
|
15
|
+
ODIyOWEyY2YxNDc5NDBiMGRhN2FkMjY4ZmViZWM4OWQ2NzQxYzA=
|
data/README.md
CHANGED
@@ -11,28 +11,30 @@ Designed with an emphasis on readability, it also is designed to work with your
|
|
11
11
|
|
12
12
|
Let's assume you have Admin & User and want to let admin have access to everything and restrict User to edit their own stuff.
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
14
|
+
```ruby
|
15
|
+
# controllers/application_controller.rb
|
16
|
+
class ApplicationController < ActionController::Base
|
17
|
+
before_action :restrict_routes!
|
18
|
+
end
|
19
|
+
|
20
|
+
# controllers/posts_controller.rb
|
21
|
+
class PostsController < ActionController::Base
|
22
|
+
allow Admin, :all
|
23
|
+
allow User, :show, :new, :create, :edit
|
24
|
+
|
25
|
+
def admin
|
26
|
+
end
|
27
|
+
|
28
|
+
def edit
|
29
|
+
@post = Post.find params[:id].to_i
|
30
|
+
allow! User do
|
31
|
+
current_user.eql? @post.user
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
```
|
36
|
+
|
37
|
+
First of all, for Exits to work, you need to add `before_action :restrict_routes!` to your ApplicationController.
|
36
38
|
|
37
39
|
Exits takes a very strict approach to handling access. If you don't allow access to an action for a given user class, _it won't be authorized to access such action._
|
38
40
|
|
@@ -51,30 +53,37 @@ When a user is unauthorized the default behavior is to set a flash message and r
|
|
51
53
|
|
52
54
|
You can override this behavior.
|
53
55
|
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
56
|
+
```ruby
|
57
|
+
# controllers/application_controller.rb
|
58
|
+
class ApplicationController < ActionController::Base
|
59
|
+
before_action :restrict_routes!
|
60
|
+
|
61
|
+
def unauthorized (exception)
|
62
|
+
# Handle unauthorized user here
|
63
|
+
end
|
64
|
+
end
|
65
|
+
```
|
63
66
|
|
64
67
|
## Installation
|
65
68
|
|
66
69
|
Add this line to your application's Gemfile:
|
67
70
|
|
68
|
-
|
71
|
+
```ruby
|
72
|
+
gem 'exits'
|
73
|
+
```
|
69
74
|
|
70
75
|
And then execute:
|
71
76
|
|
72
|
-
|
77
|
+
```bash
|
78
|
+
$ bundle
|
79
|
+
```
|
73
80
|
|
74
81
|
## Test
|
75
82
|
Exits comes with a test suite.
|
76
83
|
|
77
|
-
|
84
|
+
```bash
|
85
|
+
$ rake test
|
86
|
+
```
|
78
87
|
|
79
88
|
## Contributing
|
80
89
|
|
data/lib/exits/rules.rb
CHANGED
data/lib/exits/version.rb
CHANGED
data/test/test_controller.rb
CHANGED
@@ -43,6 +43,13 @@ describe Exits::ActionController::Helpers do
|
|
43
43
|
end
|
44
44
|
end
|
45
45
|
|
46
|
+
it 'should authorize if no user exists (Guest)' do
|
47
|
+
@controller.action_name = :index
|
48
|
+
@controller.current_user = nil
|
49
|
+
|
50
|
+
assert @controller.class.rules.authorized? @controller.class, @controller.current_user.class, @controller.action_name
|
51
|
+
end
|
52
|
+
|
46
53
|
it 'should not authorize a user at the action level' do
|
47
54
|
@controller.action_name = :edit
|
48
55
|
@controller.current_user = User.new
|