ez-permissions 0.4.4 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +4 -5
- data/app/models/ez/permissions/role.rb +1 -1
- data/lib/ez/permissions/api/authorize/godmode_permissions.rb +19 -0
- data/lib/ez/permissions/api/authorize/model_permissions.rb +7 -6
- data/lib/ez/permissions/api/authorize.rb +10 -2
- data/lib/ez/permissions/dsl.rb +1 -1
- data/lib/ez/permissions/resource.rb +2 -1
- data/lib/ez/permissions/version.rb +1 -1
- data/lib/generators/ez/permissions/install_generator.rb +1 -1
- data/lib/tasks/ez/permissions_tasks.rake +2 -2
- metadata +7 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cab72e814bf5bc7883df8e8f069958543d29a009eff5f3f1449c8f601417b731
|
|
4
|
+
data.tar.gz: 415e76d721038d89e81515b240bbe81fee10dbbe04e4781c6b3fa42adc9e340a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 726fd87afd239f261fb02c3c8ed57ab178807bd31fb5b46bfbad8b08e9e860cdc9066f2fa297c0208d9ad7717e63a147964d92a24db008b193d91516a3d68122
|
|
7
|
+
data.tar.gz: 620fbc36e4b13bc1e3f4a07636d13515decc9ff380cc76b199373e6cb28ca472f338571e2a474535780225ee0ea58eb59999fb0d5254ef812023f27021c6379d
|
data/README.md
CHANGED
|
@@ -31,7 +31,7 @@ Configuration interface allows you to change default behavior
|
|
|
31
31
|
```ruby
|
|
32
32
|
Ez::Permissions.configure do |config|
|
|
33
33
|
# If in generated migrations you changed table names, please configure them here:
|
|
34
|
-
config.
|
|
34
|
+
config.permissions_table_name = 'my_permissions'
|
|
35
35
|
config.roles_table_name = 'my_roles'
|
|
36
36
|
config.models_roles_table_name = 'my_model_roles'
|
|
37
37
|
config.permissions_roles_table_name = 'my_permissions_roles'
|
|
@@ -157,7 +157,7 @@ Permissions.list_by_role(:manager, scoped: project)
|
|
|
157
157
|
# Create a role
|
|
158
158
|
Permissions.create_role(:user)
|
|
159
159
|
|
|
160
|
-
# Grant role's
|
|
160
|
+
# Grant role's ability to have action per resource
|
|
161
161
|
Permissions.grant_permission(:user, :read, :projects)
|
|
162
162
|
|
|
163
163
|
# Grant all defined actions per resource
|
|
@@ -200,7 +200,7 @@ Permissions.can?(user, :create, :users, scoped: project) => # false
|
|
|
200
200
|
If in one HTTP request (e.g. navigation menu rendering) you don't want to hit the database with dozens of queries, you can cache all user permission in a hash
|
|
201
201
|
|
|
202
202
|
```ruby
|
|
203
|
-
user_permissions = Permissions.
|
|
203
|
+
user_permissions = Permissions.model_permissions(user)
|
|
204
204
|
user_permissions # => #<Ez::Permissions::API::Authorize::ModelPermissions...
|
|
205
205
|
|
|
206
206
|
# You can fetch permissions as a hash
|
|
@@ -214,6 +214,7 @@ end
|
|
|
214
214
|
# or user #can? and #authorize! helper methods
|
|
215
215
|
user_permissions.can?(:read, :users) # => true
|
|
216
216
|
user_permissions.can?(:create, :users) # => false
|
|
217
|
+
user_permissions.can?(:create, :users, scoped: project) # => false
|
|
217
218
|
user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuthorized
|
|
218
219
|
```
|
|
219
220
|
|
|
@@ -280,8 +281,6 @@ Of course, you can use them as mixins, but it's up to you.
|
|
|
280
281
|
|
|
281
282
|
## TODO
|
|
282
283
|
- [ ] Add helper methods for seed grant permissions
|
|
283
|
-
- [ ] Cached permissions. If single UI has multiple checks for one user - we can cache it!
|
|
284
|
-
- [ ] Not all permissions should be manageable through UI, like roles and permissions.
|
|
285
284
|
|
|
286
285
|
## Contributing
|
|
287
286
|
Contribution directions go here.
|
|
@@ -5,7 +5,7 @@ module Ez
|
|
|
5
5
|
class Role < ApplicationRecord
|
|
6
6
|
self.table_name = Ez::Permissions.config.roles_table_name
|
|
7
7
|
|
|
8
|
-
has_and_belongs_to_many :permissions
|
|
8
|
+
has_and_belongs_to_many :permissions, join_table: Ez::Permissions.config.permissions_roles_table_name
|
|
9
9
|
|
|
10
10
|
validates :name, presence: true
|
|
11
11
|
validates :name, uniqueness: true
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Ez
|
|
4
|
+
module Permissions
|
|
5
|
+
module API
|
|
6
|
+
module Authorize
|
|
7
|
+
class GodmodPermissions < ModelPermissions
|
|
8
|
+
def can?(_action_name, _resource_name, **)
|
|
9
|
+
true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def authorize!(_action_name, _resource_name, **)
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -11,20 +11,21 @@ module Ez
|
|
|
11
11
|
@permissions_map = permissions_map
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def can?(action_name, resource_name)
|
|
15
|
-
permissions_map[to_key(action_name, resource_name)] == true
|
|
14
|
+
def can?(action_name, resource_name, scoped: nil)
|
|
15
|
+
permissions_map[to_key(action_name, resource_name, scoped)] == true
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def authorize!(action_name, resource_name)
|
|
19
|
-
permissions_map.fetch(to_key(action_name, resource_name))
|
|
18
|
+
def authorize!(action_name, resource_name, scoped: nil)
|
|
19
|
+
permissions_map.fetch(to_key(action_name, resource_name, scoped))
|
|
20
20
|
rescue KeyError
|
|
21
21
|
raise Ez::Permissions::NotAuthorizedError
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
private
|
|
25
25
|
|
|
26
|
-
def to_key(action_name, resource_name)
|
|
27
|
-
|
|
26
|
+
def to_key(action_name, resource_name, scoped = nil)
|
|
27
|
+
scoped_key = [scoped&.class, scoped&.id].compact.join('_')
|
|
28
|
+
"#{action_name}_#{resource_name}_#{scoped_key}".to_sym
|
|
28
29
|
end
|
|
29
30
|
end
|
|
30
31
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require_relative 'authorize/model_permissions'
|
|
4
|
+
require_relative 'authorize/godmode_permissions'
|
|
4
5
|
|
|
5
6
|
module Ez
|
|
6
7
|
module Permissions
|
|
@@ -8,12 +9,19 @@ module Ez
|
|
|
8
9
|
module Authorize
|
|
9
10
|
def model_permissions(model)
|
|
10
11
|
ModelPermissions.new(
|
|
11
|
-
model.permissions.each_with_object({}) do |
|
|
12
|
-
|
|
12
|
+
model.class.includes(assigned_roles: { role: :permissions }).find(model.id).assigned_roles.each_with_object({}) do |assigned_role, acum|
|
|
13
|
+
scoped_key = [assigned_role.scoped_type, assigned_role.scoped_id].compact.join('_')
|
|
14
|
+
assigned_role.role.permissions.each do |permission|
|
|
15
|
+
acum["#{permission.action}_#{permission.resource}_#{scoped_key}".to_sym] = true
|
|
16
|
+
end
|
|
13
17
|
end
|
|
14
18
|
)
|
|
15
19
|
end
|
|
16
20
|
|
|
21
|
+
def godmode_permissions
|
|
22
|
+
GodmodPermissions.new({})
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
def authorize!(model, *actions, resource, scoped: nil, &block)
|
|
18
26
|
authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
|
|
19
27
|
end
|
data/lib/ez/permissions/dsl.rb
CHANGED
|
@@ -5,13 +5,14 @@ module Ez
|
|
|
5
5
|
class Resource
|
|
6
6
|
ACTIONS = %i[create read update delete].freeze
|
|
7
7
|
|
|
8
|
-
attr_reader :name, :model, :actions, :group
|
|
8
|
+
attr_reader :name, :model, :actions, :group, :label
|
|
9
9
|
|
|
10
10
|
def initialize(name, options = {})
|
|
11
11
|
@name = name
|
|
12
12
|
@model = options.fetch(:model, nil)
|
|
13
13
|
@actions = process_actions(options.fetch(:actions, []))
|
|
14
14
|
@group = options.fetch(:group, :others)
|
|
15
|
+
@label = options.fetch(:label, name.to_s.humanize)
|
|
15
16
|
end
|
|
16
17
|
|
|
17
18
|
def <=>(other)
|
|
@@ -8,7 +8,7 @@ module Ez
|
|
|
8
8
|
"# frozen_string_literal: true
|
|
9
9
|
|
|
10
10
|
Ez::Permissions.configure do |config|
|
|
11
|
-
# config.
|
|
11
|
+
# config.permissions_table_name = 'ez_permissions_permissions'
|
|
12
12
|
# config.roles_table_name = 'ez_permissions_roles'
|
|
13
13
|
# config.models_roles_table_name = 'ez_permissions_model_roles'
|
|
14
14
|
# config.permissions_roles_table_name = 'ez_permissions_permissions_roles'
|
|
@@ -7,7 +7,7 @@ namespace :ez do
|
|
|
7
7
|
Ez::Permissions::Permission.find_each do |permission|
|
|
8
8
|
next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
|
|
9
9
|
|
|
10
|
-
|
|
10
|
+
$stdout.puts '[WARNING] Ez::Permissions:'\
|
|
11
11
|
"Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is redundant"
|
|
12
12
|
end
|
|
13
13
|
end
|
|
@@ -17,7 +17,7 @@ namespace :ez do
|
|
|
17
17
|
next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
|
|
18
18
|
|
|
19
19
|
permission.destroy
|
|
20
|
-
|
|
20
|
+
$stdout.puts '[WARNING] Ez::Permissions:'\
|
|
21
21
|
"Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is removed"
|
|
22
22
|
end
|
|
23
23
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ez-permissions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodya Sveredyuk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ez-core
|
|
@@ -148,14 +148,14 @@ dependencies:
|
|
|
148
148
|
requirements:
|
|
149
149
|
- - "~>"
|
|
150
150
|
- !ruby/object:Gem::Version
|
|
151
|
-
version: 1.
|
|
151
|
+
version: '1.4'
|
|
152
152
|
type: :development
|
|
153
153
|
prerelease: false
|
|
154
154
|
version_requirements: !ruby/object:Gem::Requirement
|
|
155
155
|
requirements:
|
|
156
156
|
- - "~>"
|
|
157
157
|
- !ruby/object:Gem::Version
|
|
158
|
-
version: 1.
|
|
158
|
+
version: '1.4'
|
|
159
159
|
description: Easy permissions engine for Rails app.
|
|
160
160
|
email:
|
|
161
161
|
- sveredyuk@gmail.com
|
|
@@ -176,6 +176,7 @@ files:
|
|
|
176
176
|
- lib/ez/permissions.rb
|
|
177
177
|
- lib/ez/permissions/api.rb
|
|
178
178
|
- lib/ez/permissions/api/authorize.rb
|
|
179
|
+
- lib/ez/permissions/api/authorize/godmode_permissions.rb
|
|
179
180
|
- lib/ez/permissions/api/authorize/model_permissions.rb
|
|
180
181
|
- lib/ez/permissions/api/models.rb
|
|
181
182
|
- lib/ez/permissions/api/permissions.rb
|
|
@@ -201,14 +202,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
201
202
|
requirements:
|
|
202
203
|
- - ">="
|
|
203
204
|
- !ruby/object:Gem::Version
|
|
204
|
-
version:
|
|
205
|
+
version: 2.5.0
|
|
205
206
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
206
207
|
requirements:
|
|
207
208
|
- - ">="
|
|
208
209
|
- !ruby/object:Gem::Version
|
|
209
210
|
version: '0'
|
|
210
211
|
requirements: []
|
|
211
|
-
rubygems_version: 3.1.
|
|
212
|
+
rubygems_version: 3.1.6
|
|
212
213
|
signing_key:
|
|
213
214
|
specification_version: 4
|
|
214
215
|
summary: Easy permissions engine for Rails app.
|