ez-permissions 0.2.3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 283631e0353e45353ed08297b64b0d2b00b44264b8b1b98b941834236c8313e1
-  data.tar.gz: 0f4281977ff55d2e57fc6d845cd06854334544f0bc3ba5742819c5602c3d41a7
+  metadata.gz: 2561daddeb0d81e3d7916f64a0d334eeb181cc1bc1244fbfd96090abb6d0b5a3
+  data.tar.gz: 648bd08668a2def0f908fa5be6125fbce12d186a760f1c2e51bc87b1e935041d
 SHA512:
-  metadata.gz: 8a0a0d1d268c6ee6a9358eaeb75d6ea2d3ab311670fbe1ffa03e3f35257869630b488cddd02c3f7762ac8fe0355f67f82ed165ac19ccd7f1f86adf5f06f7e307
-  data.tar.gz: 3b7072cefc9aaa7ec1311b4775c6486ec092e8de3af7b5aa7c31c5249d526d92e51190bc7c5048158d567d216580830cd3c8e4ab2783302773ae283d50227f20
+  metadata.gz: a43ee4b3d8416de6d87e2dec796528698a3dc51e44e1b4357153f59081033ebdf8525fb9acf9c4b3263df7a745292ba9a7095a93dd119624f7844c18a5e4d3cf
+  data.tar.gz: f945fff2beff8c9543e8e6d1fa8742c8e8dc5259d055b82b31930010be0e1f37a2d0196af9b57855e7c786b3a87406b5d5b532a28039abf68726f5abe19e76e9

data/README.md

@@ -97,7 +97,7 @@ user.permissions #=> [user available permissions through assigned_roles]
 
 **Please, do not use direct rails code like:** `Ez::Permissions::Permission.create(name: 'admin')`
 
-Instead you should use public api. You can extend you custom module with `API` mixin
+Instead you should use `Ez::Permissions` public API. Please, extend your custom module with `API` mixin
 ```ruby
 # Use engine facade methods
 Ez::Permissions::API
@@ -117,6 +117,9 @@ end
 Permissions.create_role(:user)
 Permissions.create_role(:admin)
 
+# List all roles
+Permissions.list_roles # => [#<Ez::Permissions::Role..., #<Ez::Permissions::Role...]
+
 # Get role object by name
 Permissions.get_role(:user)
 
@@ -174,8 +177,10 @@ Permissions.authorize!(user, :create, :users, scoped: project) do
   # for user creation in particular project
 end
 
-# otherwise catch exception
-Ez::Permissions::API::Authrozation::NotAuthorized
+# otherwise you will get an exception
+Ez::Permissions::NotAuthorized
+
+# Both .authrorize and .authorize! methods can be used without blocks.
 
 # if you don't want raise exception, just use
 Permissions.authorize(user, :create, :users) { puts 'Yeahh!' } #=> false
@@ -221,6 +226,14 @@ mock_model_role(:worker, user)
 mock_permission(:users, :create)
 ```
 
+### Cleaup redundant permissions
+If you changed your permissions DSL and removed redundant resources and actions
+
+```sh
+rake ez:permissions:outdated # display list of outdated permissions
+rake ez:permissions:cleanup # remove outdated permissions from the DB
+```
+
 ### Kepp it excplicit!
 You can wonder, why we just not add authorization methods to user instance, like:
 ```ruby
@@ -240,19 +253,9 @@ Of course, you can use them as mixins, but it's up to you.
 - User with scoped role - can't access global resources.
 
 ## TODO
-- [x] Add README
-- [x] Add Role model
-- [x] Add Permissions model
-- [x] Add PermissionsRole model
-- [x] Add rails generators for migrations
-- [x] Add rails generators for configuration
-- [x] Add configuration DSL
-- [x] Add Permissions API for managing relationships
-- [x] User can has multiple roles
-- [x] Better errors for non-existing records
-- [x] Add permissions helpers `authorize` and `authorize!`
-- [x] Move all erros under `Ez::Permissions::API` namespace and add `Error` suffix
 - [ ] Add helper methods for seed grant permissions
+- [ ] Cached permissions. If single UI has multiple checks for one user - we can cache it!
+- [ ] Not all permissions should be manageable through UI, like roles and permissions.
 
 ## Contributing
 Contribution directions go here.

data/app/models/ez/permissions/permission.rb

@@ -7,6 +7,8 @@ module Ez
 
       validates :resource, presence: true
       validates :action, presence: true
+
+      has_many :permission_roles, dependent: :destroy
     end
   end
 end

data/app/models/ez/permissions/role.rb

@@ -9,6 +9,10 @@ module Ez
 
       validates :name, presence: true
       validates :name, uniqueness: true
+
+      before_validation do
+        self.name = name&.parameterize
+      end
     end
   end
 end

data/lib/ez/permissions.rb

@@ -15,5 +15,7 @@ module Ez
       config.models_roles_table_name      = 'ez_permissions_model_roles'
       config.permissions_roles_table_name = 'ez_permissions_permissions_roles'
     end
+
+    NotAuthorizedError = Class.new(StandardError)
   end
 end

data/lib/ez/permissions/api/authorize.rb

@@ -4,23 +4,32 @@ module Ez
   module Permissions
     module API
       module Authorize
-        NotAuthorized = Class.new(StandardError)
-
         def authorize!(model, *actions, resource, scoped: nil, &block)
           authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
         end
 
+        # TODO: Extract object
+        # rubocop:disable all
         def authorize(model, *actions, resource, scoped: nil, raise_exception: false)
           return handle_no_permission_model_callback.call(self) if handle_no_permission_model_callback && !model
 
-          return yield if can?(model, *actions, resource, scoped: scoped)
-
-          return handle_not_authorized_callback.call(self) if handle_not_authorized_callback
-
-          raise NotAuthorized, not_authorized_msg(model, actions, resource, scoped) if raise_exception
+          if can?(model, *actions, resource, scoped: scoped)
+            if block_given?
+              return yield
+            else
+              return true
+            end
+          end
 
-          false
+          if handle_not_authorized_callback
+            handle_not_authorized_callback.call(self)
+          elsif raise_exception
+            raise NotAuthorizedError, not_authorized_msg(model, actions, resource, scoped)
+          else
+            false
+          end
         end
+        # rubocop:enable all
 
         def can?(model, *actions, resource, scoped: nil)
           permissions(model, *actions, resource, scoped: scoped).any?

data/lib/ez/permissions/api/roles.rb

@@ -6,6 +6,10 @@ module Ez
       module Roles
         RoleNotFound = Class.new(StandardError)
 
+        def list_roles
+          Role.all
+        end
+
         def create_role(name)
           Role.create(name: name)
         end

data/lib/ez/permissions/dsl.rb

@@ -19,6 +19,13 @@ module Ez
         DSL.instance.resources.find { |r| r.name.to_sym == name.to_sym }
       end
 
+      def self.resource_action?(resource_name, action_name)
+        registed_resource = resource(resource_name)
+        action = registed_resource.actions.include?(action_name.to_sym) if registed_resource
+
+        registed_resource && action ? true : false
+      end
+
       attr_reader :resources
 
       def initialize

data/lib/ez/permissions/engine.rb

@@ -3,7 +3,6 @@
 module Ez
   module Permissions
     class Engine < ::Rails::Engine
-      isolate_namespace Ez::Permissions
     end
   end
 end

data/lib/ez/permissions/version.rb

@@ -2,6 +2,6 @@
 
 module Ez
   module Permissions
-    VERSION = '0.2.3'
+    VERSION = '0.3.0'
   end
 end

data/lib/tasks/ez/permissions_tasks.rake

@@ -1,6 +1,25 @@
 # frozen_string_literal: true
 
-# desc "Explaining what the task does"
-# task :ez_permissions do
-#   # Task goes here
-# end
+desc 'List outdated permissions that present in the DB but not using anymore in the DSL'
+namespace :ez do
+  namespace :permissions do
+    task outdated: :environment do
+      Ez::Permissions::Permission.find_each do |permission|
+        next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
+
+        STDOUT.puts "[WARNING] Ez::Permissions: \n"
+        "Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is redundant"
+      end
+    end
+
+    task cleanup: :environment do
+      Ez::Permissions::Permission.find_each do |permission|
+        next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
+
+        permission.destroy
+        STDOUT.puts "[WARNING] Ez::Permissions: \n"
+        "Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is removed"
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ez-permissions
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.3.0
 platform: ruby
 authors:
 - Volodya Sveredyuk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-05-15 00:00:00.000000000 Z
+date: 2019-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ez-core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: '0.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.1.1
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -31,6 +31,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -38,6 +41,9 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.2'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -53,7 +59,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: faker
+  name: capybara
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -175,7 +181,6 @@ files:
 - lib/ez/permissions/api/roles.rb
 - lib/ez/permissions/dsl.rb
 - lib/ez/permissions/engine.rb
-- lib/ez/permissions/railtie.rb
 - lib/ez/permissions/resource.rb
 - lib/ez/permissions/rspec_helpers.rb
 - lib/ez/permissions/version.rb
@@ -202,8 +207,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Easy permissions engine for Rails app.

data/lib/ez/permissions/railtie.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-# TODO: Use this for potential UI or API features
-# module Ez
-#   module Permissions
-#     class Railtie < ::Rails::Railtie
-#     end
-#   end
-# end