ez-permissions 0.6.0 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc03e8e58f184793c6e903393db062e06d8a8887fe4887f455807d4c624cbaa0
-  data.tar.gz: f6b5695a2a45a9908846b72b09c75455605cc28d25583cdc8439c14a8479a538
+  metadata.gz: 14233de27c1a87232242a256615faa9443996ce14e9b56129b1afdc38dfd7816
+  data.tar.gz: 8a8244a9cd54adbbed779753187de42ec20b3b84450f83af916ea3307b61711f
 SHA512:
-  metadata.gz: 76ab990a4c789b1da51a2265ec5af08f4fad689a5a958be1b947c4cff33e7cd18dfe035f4a375f0fa8df616481dbf2401273d6eba36164a1cdae844ea6925852
-  data.tar.gz: 995f632e48f0bc79d6785cd7ad27fea4e9b6bf36c7aace149729d573ab25aa0f0b16d6a7bce39fa38f33ae50b3a6d9fe994d8785452890823a58f45efc65e097
+  metadata.gz: 177882488f847bf944c1fba31e35e269ad2a7135012012d1ad7584f0956794127a464b735ada592a9fee6bf0fcf01095918908a1096e77f65112b005e92f5393
+  data.tar.gz: 294759120b1ea3e348e0f65b3dcc4079299986834ee6c1d14a81d23bf8c1e19c85dda262ea8b6096911269daaa297199f1dd1bd5ef52cedcb57947465ff5e632

data/README.md

@@ -31,7 +31,7 @@ Configuration interface allows you to change default behavior
 ```ruby
 Ez::Permissions.configure do |config|
   # If in generated migrations you changed table names, please configure them here:
-  config.permission_table_name = 'my_permissions'
+  config.permissions_table_name = 'my_permissions'
   config.roles_table_name = 'my_roles'
   config.models_roles_table_name = 'my_model_roles'
   config.permissions_roles_table_name = 'my_permissions_roles'
@@ -157,7 +157,7 @@ Permissions.list_by_role(:manager, scoped: project)
 # Create a role
 Permissions.create_role(:user)
 
-# Grant role's possibility to have action per resource
+# Grant role's ability to have action per resource
 Permissions.grant_permission(:user, :read, :projects)
 
 # Grant all defined actions per resource
@@ -200,7 +200,7 @@ Permissions.can?(user, :create, :users, scoped: project) => # false
 If in one HTTP request (e.g. navigation menu rendering) you don't want to hit the database with dozens of queries, you can cache all user permission in a hash
 
 ```ruby
-user_permissions =  Permissions.model_permissions_map(user)
+user_permissions =  Permissions.model_permissions(user)
 user_permissions # => #<Ez::Permissions::API::Authorize::ModelPermissions...
 
 # You can fetch permissions as a hash
@@ -214,6 +214,7 @@ end
 # or user #can? and #authorize! helper methods
 user_permissions.can?(:read, :users) # => true
 user_permissions.can?(:create, :users) # => false
+user_permissions.can?(:create, :users, scoped: project) # => false
 user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuthorized
 ```
 
@@ -280,8 +281,6 @@ Of course, you can use them as mixins, but it's up to you.
 
 ## TODO
 - [ ] Add helper methods for seed grant permissions
-- [ ] Cached permissions. If single UI has multiple checks for one user - we can cache it!
-- [ ] Not all permissions should be manageable through UI, like roles and permissions.
 
 ## Contributing
 Contribution directions go here.

data/app/models/ez/permissions/role.rb

@@ -5,7 +5,7 @@ module Ez
     class Role < ApplicationRecord
       self.table_name = Ez::Permissions.config.roles_table_name
 
-      has_and_belongs_to_many :permissions
+      has_and_belongs_to_many :permissions, join_table: Ez::Permissions.config.permissions_roles_table_name
 
       validates :name, presence: true
       validates :name, uniqueness: true

data/lib/ez/permissions/api/authorize/godmode_permissions.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    module API
+      module Authorize
+        class GodmodPermissions < ModelPermissions
+          def can?(_action_name, _resource_name, **)
+            true
+          end
+
+          def authorize!(_action_name, _resource_name, **)
+            true
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ez/permissions/api/authorize/model_permissions.rb

@@ -11,20 +11,21 @@ module Ez
             @permissions_map = permissions_map
           end
 
-          def can?(action_name, resource_name)
-            permissions_map[to_key(action_name, resource_name)] == true
+          def can?(action_name, resource_name, scoped: nil)
+            permissions_map[to_key(action_name, resource_name, scoped)] == true
           end
 
-          def authorize!(action_name, resource_name)
-            permissions_map.fetch(to_key(action_name, resource_name))
+          def authorize!(action_name, resource_name, scoped: nil)
+            permissions_map.fetch(to_key(action_name, resource_name, scoped))
           rescue KeyError
             raise Ez::Permissions::NotAuthorizedError
           end
 
           private
 
-          def to_key(action_name, resource_name)
-            "#{action_name}_#{resource_name}".to_sym
+          def to_key(action_name, resource_name, scoped = nil)
+            scoped_key = [scoped&.class, scoped&.id].compact.join('_')
+            "#{action_name}_#{resource_name}_#{scoped_key}".to_sym
           end
         end
       end

data/lib/ez/permissions/api/authorize.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require_relative 'authorize/model_permissions'
+require_relative 'authorize/godmode_permissions'
 
 module Ez
   module Permissions
@@ -8,12 +9,19 @@ module Ez
       module Authorize
         def model_permissions(model)
           ModelPermissions.new(
-            model.permissions.each_with_object({}) do |permission, acum|
-              acum["#{permission.action}_#{permission.resource}".to_sym] = true
+            model.class.includes(assigned_roles: { role: :permissions }).find(model.id).assigned_roles.each_with_object({}) do |assigned_role, acum|
+              scoped_key = [assigned_role.scoped_type, assigned_role.scoped_id].compact.join('_')
+              assigned_role.role.permissions.each do |permission|
+                acum["#{permission.action}_#{permission.resource}_#{scoped_key}".to_sym] = true
+              end
             end
           )
         end
 
+        def godmode_permissions
+          GodmodPermissions.new({})
+        end
+
         def authorize!(model, *actions, resource, scoped: nil, &block)
           authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
         end

data/lib/ez/permissions/version.rb

@@ -2,6 +2,6 @@
 
 module Ez
   module Permissions
-    VERSION = '0.6.0'
+    VERSION = '0.8.0'
   end
 end

data/lib/generators/ez/permissions/install_generator.rb

@@ -8,7 +8,7 @@ module Ez
                     "# frozen_string_literal: true
 
 Ez::Permissions.configure do |config|
-  # config.permission_table_name = 'ez_permissions_permissions'
+  # config.permissions_table_name = 'ez_permissions_permissions'
   # config.roles_table_name = 'ez_permissions_roles'
   # config.models_roles_table_name = 'ez_permissions_model_roles'
   # config.permissions_roles_table_name = 'ez_permissions_permissions_roles'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ez-permissions
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.8.0
 platform: ruby
 authors:
 - Volodya Sveredyuk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-01 00:00:00.000000000 Z
+date: 2022-09-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ez-core
@@ -31,9 +31,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
-    - - "<="
-      - !ruby/object:Gem::Version
-        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -41,9 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
-    - - "<="
-      - !ruby/object:Gem::Version
-        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -176,6 +170,7 @@ files:
 - lib/ez/permissions.rb
 - lib/ez/permissions/api.rb
 - lib/ez/permissions/api/authorize.rb
+- lib/ez/permissions/api/authorize/godmode_permissions.rb
 - lib/ez/permissions/api/authorize/model_permissions.rb
 - lib/ez/permissions/api/models.rb
 - lib/ez/permissions/api/permissions.rb