ez-permissions 0.4.1 → 0.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +11 -11
- data/app/models/ez/permissions/model.rb +3 -3
- data/lib/ez/permissions/api/authorize.rb +2 -2
- data/lib/ez/permissions/api/models.rb +4 -4
- data/lib/ez/permissions/api/permissions.rb +2 -2
- data/lib/ez/permissions/dsl.rb +2 -2
- data/lib/ez/permissions/resource.rb +2 -1
- data/lib/ez/permissions/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 145430f6d759fbe5bbba86465d89d3bb184777997ce7d731a46f86118e62c5ca
|
|
4
|
+
data.tar.gz: 9845fee84a035d8210793505514de5de55b9a1a22445ea6fe08c0fc990933be0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2b1088848755c808ed70bbdc57a14089b5aa86a7bbaf5e065cde35e9f58b89afcdb835d542addcfd8c1b2be273f8ac34c592699722292ca314946dae0a799805
|
|
7
|
+
data.tar.gz: 376a1aa4d0e4742dd2fc47462f839650c5bc8507cf14fd883ef50cb9b0f73b1f0971df905881875f51fd37f623f447671a220caf88663c49229e65b0baa52c5c
|
data/README.md
CHANGED
|
@@ -7,9 +7,9 @@
|
|
|
7
7
|
**Ez Permissions** (read as "easy permissions") - one of the [ez-engines](https://github.com/ez-engines) collection that helps easily add permissions interface to your [Rails](http://rubyonrails.org/) application.
|
|
8
8
|
|
|
9
9
|
- Most advanced RBAC model:
|
|
10
|
-
- Flexible tool with simple DSL and
|
|
10
|
+
- Flexible tool with simple DSL and configuration
|
|
11
11
|
- All in one solution
|
|
12
|
-
-
|
|
12
|
+
- Convention over configuration principles.
|
|
13
13
|
- Depends on [ez-core](https://github.com/ez-engines/ez-core)
|
|
14
14
|
|
|
15
15
|
## Installation
|
|
@@ -36,7 +36,7 @@ Ez::Permissions.configure do |config|
|
|
|
36
36
|
config.models_roles_table_name = 'my_model_roles'
|
|
37
37
|
config.permissions_roles_table_name = 'my_permissions_roles'
|
|
38
38
|
|
|
39
|
-
# Suppress
|
|
39
|
+
# Suppress STDOUT messages for test environment
|
|
40
40
|
config.mute_stdout = true if Rails.env.test?
|
|
41
41
|
|
|
42
42
|
# Define your custom callbacks
|
|
@@ -61,7 +61,7 @@ rails generate ez:permissions:migrations
|
|
|
61
61
|
|
|
62
62
|
## DSL
|
|
63
63
|
|
|
64
|
-
Simple DSL for
|
|
64
|
+
Simple DSL for definition of permission relationships
|
|
65
65
|
```ruby
|
|
66
66
|
Ez::Permissions::DSL.define do |setup|
|
|
67
67
|
# You need add all resources of your application and possible actions
|
|
@@ -89,7 +89,7 @@ user = User.first
|
|
|
89
89
|
|
|
90
90
|
# User model become permission model
|
|
91
91
|
user.roles #=> [application level roles]
|
|
92
|
-
user.assigned_roles #=> [user owned roles,
|
|
92
|
+
user.assigned_roles #=> [user owned roles, global and scoped]
|
|
93
93
|
user.permissions #=> [user available permissions through assigned_roles]
|
|
94
94
|
```
|
|
95
95
|
|
|
@@ -180,7 +180,7 @@ end
|
|
|
180
180
|
# otherwise you will get an exception
|
|
181
181
|
Ez::Permissions::NotAuthorized
|
|
182
182
|
|
|
183
|
-
# Both .
|
|
183
|
+
# Both .authorize and .authorize! methods can be used without blocks.
|
|
184
184
|
|
|
185
185
|
# if you don't want raise exception, just use
|
|
186
186
|
Permissions.authorize(user, :create, :users) { puts 'Yeahh!' } #=> false
|
|
@@ -204,7 +204,7 @@ user_permissions.permissions_map # => { :read_users => true}
|
|
|
204
204
|
|
|
205
205
|
# and the in your code just fetch by the key:
|
|
206
206
|
if user_permissions.permissions_map[:read_users]
|
|
207
|
-
# execute
|
|
207
|
+
# execute authorized code
|
|
208
208
|
end
|
|
209
209
|
|
|
210
210
|
# or user #can? and #authorize! helper methods
|
|
@@ -217,7 +217,7 @@ user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuth
|
|
|
217
217
|
EzPermissions ships with bunch of RSpec helper methods that helps mock permission.
|
|
218
218
|
For large test suite (more than 5000 specs) it saves up to 30% of test runs time.
|
|
219
219
|
|
|
220
|
-
Add test helpers
|
|
220
|
+
Add test helpers to your rspec config
|
|
221
221
|
```ruby
|
|
222
222
|
require 'ez/permissions/rspec_helpers'
|
|
223
223
|
|
|
@@ -248,7 +248,7 @@ mock_model_role(:worker, user)
|
|
|
248
248
|
mock_permission(:users, :create)
|
|
249
249
|
```
|
|
250
250
|
|
|
251
|
-
###
|
|
251
|
+
### Cleanup redundant permissions
|
|
252
252
|
If you changed your permissions DSL and removed redundant resources and actions
|
|
253
253
|
|
|
254
254
|
```sh
|
|
@@ -256,7 +256,7 @@ rake ez:permissions:outdated # display list of outdated permissions
|
|
|
256
256
|
rake ez:permissions:cleanup # remove outdated permissions from the DB
|
|
257
257
|
```
|
|
258
258
|
|
|
259
|
-
###
|
|
259
|
+
### Keep it explicit!
|
|
260
260
|
You can wonder, why we just not add authorization methods to user instance, like:
|
|
261
261
|
```ruby
|
|
262
262
|
user.can?(:something)
|
|
@@ -270,7 +270,7 @@ Of course, you can use them as mixins, but it's up to you.
|
|
|
270
270
|
- User can has role in scope of some resource (Project, Company, Business, etc.)
|
|
271
271
|
- User can has role in global scope (without scope)
|
|
272
272
|
- If user want access data in scope of resource - user must has assigned role scoped for this resource
|
|
273
|
-
- If user want access data in global scope - user must has assigned role
|
|
273
|
+
- If user want access data in global scope - user must has assigned role without any scoped resource (global role)
|
|
274
274
|
- User with global role - can't access scoped resources.
|
|
275
275
|
- User with scoped role - can't access global resources.
|
|
276
276
|
|
|
@@ -7,16 +7,16 @@ module Ez
|
|
|
7
7
|
def self.included(base)
|
|
8
8
|
base.has_many :assigned_roles,
|
|
9
9
|
class_name: 'Ez::Permissions::ModelRole',
|
|
10
|
-
as:
|
|
10
|
+
as: :model
|
|
11
11
|
|
|
12
12
|
base.has_many :roles,
|
|
13
13
|
-> { distinct },
|
|
14
|
-
through:
|
|
14
|
+
through: :assigned_roles,
|
|
15
15
|
class_name: 'Ez::Permissions::Role'
|
|
16
16
|
|
|
17
17
|
base.has_many :permissions,
|
|
18
18
|
-> { distinct },
|
|
19
|
-
through:
|
|
19
|
+
through: :roles,
|
|
20
20
|
class_name: 'Ez::Permissions::Permission'
|
|
21
21
|
end
|
|
22
22
|
# rubocop:enable Metrics/MethodLength
|
|
@@ -53,9 +53,9 @@ module Ez
|
|
|
53
53
|
permission_ids = Ez::Permissions::PermissionRole.where(role_id: role_ids).pluck(:permission_id)
|
|
54
54
|
|
|
55
55
|
Ez::Permissions::Permission.where(
|
|
56
|
-
id:
|
|
56
|
+
id: permission_ids,
|
|
57
57
|
resource: resource,
|
|
58
|
-
action:
|
|
58
|
+
action: actions.map(&:to_s)
|
|
59
59
|
)
|
|
60
60
|
end
|
|
61
61
|
|
|
@@ -8,8 +8,8 @@ module Ez
|
|
|
8
8
|
role = Ez::Permissions::API.get_role!(role_name)
|
|
9
9
|
|
|
10
10
|
Ez::Permissions::ModelRole.find_or_create_by!(
|
|
11
|
-
role:
|
|
12
|
-
model:
|
|
11
|
+
role: role,
|
|
12
|
+
model: model,
|
|
13
13
|
scoped: scoped
|
|
14
14
|
)
|
|
15
15
|
end
|
|
@@ -30,8 +30,8 @@ module Ez
|
|
|
30
30
|
|
|
31
31
|
def model_role(role, model, scoped)
|
|
32
32
|
Ez::Permissions::ModelRole.find_by(
|
|
33
|
-
role:
|
|
34
|
-
model:
|
|
33
|
+
role: role,
|
|
34
|
+
model: model,
|
|
35
35
|
scoped: scoped
|
|
36
36
|
)
|
|
37
37
|
end
|
|
@@ -28,7 +28,7 @@ module Ez
|
|
|
28
28
|
permission = get_permission!(action, resource)
|
|
29
29
|
|
|
30
30
|
Ez::Permissions::PermissionRole.find_by(
|
|
31
|
-
role:
|
|
31
|
+
role: role,
|
|
32
32
|
permission: permission
|
|
33
33
|
)&.delete
|
|
34
34
|
end
|
|
@@ -37,7 +37,7 @@ module Ez
|
|
|
37
37
|
|
|
38
38
|
def grant_single_permission(role, permission)
|
|
39
39
|
Ez::Permissions::PermissionRole.find_or_create_by!(
|
|
40
|
-
role:
|
|
40
|
+
role: role,
|
|
41
41
|
permission: permission
|
|
42
42
|
)
|
|
43
43
|
end
|
data/lib/ez/permissions/dsl.rb
CHANGED
|
@@ -42,7 +42,7 @@ module Ez
|
|
|
42
42
|
return unless seed_to_db(resource)
|
|
43
43
|
|
|
44
44
|
message(
|
|
45
|
-
"Resource [#{name}] has been successfully
|
|
45
|
+
"Resource [#{name}] has been successfully registered with actions: [#{resource.actions.join(', ')}]",
|
|
46
46
|
'SUCCESS'
|
|
47
47
|
)
|
|
48
48
|
end
|
|
@@ -62,7 +62,7 @@ module Ez
|
|
|
62
62
|
resource.actions.each do |action|
|
|
63
63
|
Ez::Permissions::Permission.where(
|
|
64
64
|
resource: resource.name,
|
|
65
|
-
action:
|
|
65
|
+
action: action
|
|
66
66
|
).first_or_create!
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -5,12 +5,13 @@ module Ez
|
|
|
5
5
|
class Resource
|
|
6
6
|
ACTIONS = %i[create read update delete].freeze
|
|
7
7
|
|
|
8
|
-
attr_reader :name, :model, :actions
|
|
8
|
+
attr_reader :name, :model, :actions, :group
|
|
9
9
|
|
|
10
10
|
def initialize(name, options = {})
|
|
11
11
|
@name = name
|
|
12
12
|
@model = options.fetch(:model, nil)
|
|
13
13
|
@actions = process_actions(options.fetch(:actions, []))
|
|
14
|
+
@group = options.fetch(:group, nil)
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def <=>(other)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ez-permissions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodya Sveredyuk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-03-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ez-core
|