ez-permissions 0.4.4 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +4 -5
- data/app/models/ez/permissions/role.rb +1 -1
- data/lib/ez/permissions/api/authorize/godmode_permissions.rb +19 -0
- data/lib/ez/permissions/api/authorize/model_permissions.rb +7 -6
- data/lib/ez/permissions/api/authorize.rb +10 -2
- data/lib/ez/permissions/dsl.rb +1 -1
- data/lib/ez/permissions/resource.rb +2 -1
- data/lib/ez/permissions/version.rb +1 -1
- data/lib/generators/ez/permissions/install_generator.rb +1 -1
- data/lib/tasks/ez/permissions_tasks.rake +2 -2
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cab72e814bf5bc7883df8e8f069958543d29a009eff5f3f1449c8f601417b731
|
|
4
|
+
data.tar.gz: 415e76d721038d89e81515b240bbe81fee10dbbe04e4781c6b3fa42adc9e340a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 726fd87afd239f261fb02c3c8ed57ab178807bd31fb5b46bfbad8b08e9e860cdc9066f2fa297c0208d9ad7717e63a147964d92a24db008b193d91516a3d68122
|
|
7
|
+
data.tar.gz: 620fbc36e4b13bc1e3f4a07636d13515decc9ff380cc76b199373e6cb28ca472f338571e2a474535780225ee0ea58eb59999fb0d5254ef812023f27021c6379d
|
data/README.md
CHANGED
|
@@ -31,7 +31,7 @@ Configuration interface allows you to change default behavior
|
|
|
31
31
|
```ruby
|
|
32
32
|
Ez::Permissions.configure do |config|
|
|
33
33
|
# If in generated migrations you changed table names, please configure them here:
|
|
34
|
-
config.
|
|
34
|
+
config.permissions_table_name = 'my_permissions'
|
|
35
35
|
config.roles_table_name = 'my_roles'
|
|
36
36
|
config.models_roles_table_name = 'my_model_roles'
|
|
37
37
|
config.permissions_roles_table_name = 'my_permissions_roles'
|
|
@@ -157,7 +157,7 @@ Permissions.list_by_role(:manager, scoped: project)
|
|
|
157
157
|
# Create a role
|
|
158
158
|
Permissions.create_role(:user)
|
|
159
159
|
|
|
160
|
-
# Grant role's
|
|
160
|
+
# Grant role's ability to have action per resource
|
|
161
161
|
Permissions.grant_permission(:user, :read, :projects)
|
|
162
162
|
|
|
163
163
|
# Grant all defined actions per resource
|
|
@@ -200,7 +200,7 @@ Permissions.can?(user, :create, :users, scoped: project) => # false
|
|
|
200
200
|
If in one HTTP request (e.g. navigation menu rendering) you don't want to hit the database with dozens of queries, you can cache all user permission in a hash
|
|
201
201
|
|
|
202
202
|
```ruby
|
|
203
|
-
user_permissions = Permissions.
|
|
203
|
+
user_permissions = Permissions.model_permissions(user)
|
|
204
204
|
user_permissions # => #<Ez::Permissions::API::Authorize::ModelPermissions...
|
|
205
205
|
|
|
206
206
|
# You can fetch permissions as a hash
|
|
@@ -214,6 +214,7 @@ end
|
|
|
214
214
|
# or user #can? and #authorize! helper methods
|
|
215
215
|
user_permissions.can?(:read, :users) # => true
|
|
216
216
|
user_permissions.can?(:create, :users) # => false
|
|
217
|
+
user_permissions.can?(:create, :users, scoped: project) # => false
|
|
217
218
|
user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuthorized
|
|
218
219
|
```
|
|
219
220
|
|
|
@@ -280,8 +281,6 @@ Of course, you can use them as mixins, but it's up to you.
|
|
|
280
281
|
|
|
281
282
|
## TODO
|
|
282
283
|
- [ ] Add helper methods for seed grant permissions
|
|
283
|
-
- [ ] Cached permissions. If single UI has multiple checks for one user - we can cache it!
|
|
284
|
-
- [ ] Not all permissions should be manageable through UI, like roles and permissions.
|
|
285
284
|
|
|
286
285
|
## Contributing
|
|
287
286
|
Contribution directions go here.
|
|
@@ -5,7 +5,7 @@ module Ez
|
|
|
5
5
|
class Role < ApplicationRecord
|
|
6
6
|
self.table_name = Ez::Permissions.config.roles_table_name
|
|
7
7
|
|
|
8
|
-
has_and_belongs_to_many :permissions
|
|
8
|
+
has_and_belongs_to_many :permissions, join_table: Ez::Permissions.config.permissions_roles_table_name
|
|
9
9
|
|
|
10
10
|
validates :name, presence: true
|
|
11
11
|
validates :name, uniqueness: true
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Ez
|
|
4
|
+
module Permissions
|
|
5
|
+
module API
|
|
6
|
+
module Authorize
|
|
7
|
+
class GodmodPermissions < ModelPermissions
|
|
8
|
+
def can?(_action_name, _resource_name, **)
|
|
9
|
+
true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def authorize!(_action_name, _resource_name, **)
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -11,20 +11,21 @@ module Ez
|
|
|
11
11
|
@permissions_map = permissions_map
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def can?(action_name, resource_name)
|
|
15
|
-
permissions_map[to_key(action_name, resource_name)] == true
|
|
14
|
+
def can?(action_name, resource_name, scoped: nil)
|
|
15
|
+
permissions_map[to_key(action_name, resource_name, scoped)] == true
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def authorize!(action_name, resource_name)
|
|
19
|
-
permissions_map.fetch(to_key(action_name, resource_name))
|
|
18
|
+
def authorize!(action_name, resource_name, scoped: nil)
|
|
19
|
+
permissions_map.fetch(to_key(action_name, resource_name, scoped))
|
|
20
20
|
rescue KeyError
|
|
21
21
|
raise Ez::Permissions::NotAuthorizedError
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
private
|
|
25
25
|
|
|
26
|
-
def to_key(action_name, resource_name)
|
|
27
|
-
|
|
26
|
+
def to_key(action_name, resource_name, scoped = nil)
|
|
27
|
+
scoped_key = [scoped&.class, scoped&.id].compact.join('_')
|
|
28
|
+
"#{action_name}_#{resource_name}_#{scoped_key}".to_sym
|
|
28
29
|
end
|
|
29
30
|
end
|
|
30
31
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require_relative 'authorize/model_permissions'
|
|
4
|
+
require_relative 'authorize/godmode_permissions'
|
|
4
5
|
|
|
5
6
|
module Ez
|
|
6
7
|
module Permissions
|
|
@@ -8,12 +9,19 @@ module Ez
|
|
|
8
9
|
module Authorize
|
|
9
10
|
def model_permissions(model)
|
|
10
11
|
ModelPermissions.new(
|
|
11
|
-
model.permissions.each_with_object({}) do |
|
|
12
|
-
|
|
12
|
+
model.class.includes(assigned_roles: { role: :permissions }).find(model.id).assigned_roles.each_with_object({}) do |assigned_role, acum|
|
|
13
|
+
scoped_key = [assigned_role.scoped_type, assigned_role.scoped_id].compact.join('_')
|
|
14
|
+
assigned_role.role.permissions.each do |permission|
|
|
15
|
+
acum["#{permission.action}_#{permission.resource}_#{scoped_key}".to_sym] = true
|
|
16
|
+
end
|
|
13
17
|
end
|
|
14
18
|
)
|
|
15
19
|
end
|
|
16
20
|
|
|
21
|
+
def godmode_permissions
|
|
22
|
+
GodmodPermissions.new({})
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
def authorize!(model, *actions, resource, scoped: nil, &block)
|
|
18
26
|
authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
|
|
19
27
|
end
|
data/lib/ez/permissions/dsl.rb
CHANGED
|
@@ -5,13 +5,14 @@ module Ez
|
|
|
5
5
|
class Resource
|
|
6
6
|
ACTIONS = %i[create read update delete].freeze
|
|
7
7
|
|
|
8
|
-
attr_reader :name, :model, :actions, :group
|
|
8
|
+
attr_reader :name, :model, :actions, :group, :label
|
|
9
9
|
|
|
10
10
|
def initialize(name, options = {})
|
|
11
11
|
@name = name
|
|
12
12
|
@model = options.fetch(:model, nil)
|
|
13
13
|
@actions = process_actions(options.fetch(:actions, []))
|
|
14
14
|
@group = options.fetch(:group, :others)
|
|
15
|
+
@label = options.fetch(:label, name.to_s.humanize)
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def <=>(other)
|
|
@@ -8,7 +8,7 @@ module Ez
|
|
|
8
8
|
"# frozen_string_literal: true
|
|
9
9
|
|
|
10
10
|
Ez::Permissions.configure do |config|
|
|
11
|
-
# config.
|
|
11
|
+
# config.permissions_table_name = 'ez_permissions_permissions'
|
|
12
12
|
# config.roles_table_name = 'ez_permissions_roles'
|
|
13
13
|
# config.models_roles_table_name = 'ez_permissions_model_roles'
|
|
14
14
|
# config.permissions_roles_table_name = 'ez_permissions_permissions_roles'
|
|
@@ -7,7 +7,7 @@ namespace :ez do
|
|
|
7
7
|
Ez::Permissions::Permission.find_each do |permission|
|
|
8
8
|
next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
$stdout.puts '[WARNING] Ez::Permissions:'\
|
|
11
11
|
"Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is redundant"
|
|
12
12
|
end
|
|
13
13
|
end
|
|
@@ -17,7 +17,7 @@ namespace :ez do
|
|
|
17
17
|
next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
|
|
18
18
|
|
|
19
19
|
permission.destroy
|
|
20
|
-
|
|
20
|
+
$stdout.puts '[WARNING] Ez::Permissions:'\
|
|
21
21
|
"Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is removed"
|
|
22
22
|
end
|
|
23
23
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ez-permissions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodya Sveredyuk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ez-core
|
|
@@ -148,14 +148,14 @@ dependencies:
|
|
|
148
148
|
requirements:
|
|
149
149
|
- - "~>"
|
|
150
150
|
- !ruby/object:Gem::Version
|
|
151
|
-
version: 1.
|
|
151
|
+
version: '1.4'
|
|
152
152
|
type: :development
|
|
153
153
|
prerelease: false
|
|
154
154
|
version_requirements: !ruby/object:Gem::Requirement
|
|
155
155
|
requirements:
|
|
156
156
|
- - "~>"
|
|
157
157
|
- !ruby/object:Gem::Version
|
|
158
|
-
version: 1.
|
|
158
|
+
version: '1.4'
|
|
159
159
|
description: Easy permissions engine for Rails app.
|
|
160
160
|
email:
|
|
161
161
|
- sveredyuk@gmail.com
|
|
@@ -176,6 +176,7 @@ files:
|
|
|
176
176
|
- lib/ez/permissions.rb
|
|
177
177
|
- lib/ez/permissions/api.rb
|
|
178
178
|
- lib/ez/permissions/api/authorize.rb
|
|
179
|
+
- lib/ez/permissions/api/authorize/godmode_permissions.rb
|
|
179
180
|
- lib/ez/permissions/api/authorize/model_permissions.rb
|
|
180
181
|
- lib/ez/permissions/api/models.rb
|
|
181
182
|
- lib/ez/permissions/api/permissions.rb
|
|
@@ -201,14 +202,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
201
202
|
requirements:
|
|
202
203
|
- - ">="
|
|
203
204
|
- !ruby/object:Gem::Version
|
|
204
|
-
version:
|
|
205
|
+
version: 2.5.0
|
|
205
206
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
206
207
|
requirements:
|
|
207
208
|
- - ">="
|
|
208
209
|
- !ruby/object:Gem::Version
|
|
209
210
|
version: '0'
|
|
210
211
|
requirements: []
|
|
211
|
-
rubygems_version: 3.1.
|
|
212
|
+
rubygems_version: 3.1.6
|
|
212
213
|
signing_key:
|
|
213
214
|
specification_version: 4
|
|
214
215
|
summary: Easy permissions engine for Rails app.
|