ez-permissions 0.4.1 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +11 -11
- data/app/models/ez/permissions/model.rb +3 -3
- data/lib/ez/permissions/api/authorize.rb +2 -2
- data/lib/ez/permissions/api/models.rb +4 -4
- data/lib/ez/permissions/api/permissions.rb +2 -2
- data/lib/ez/permissions/dsl.rb +2 -2
- data/lib/ez/permissions/resource.rb +2 -1
- data/lib/ez/permissions/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 145430f6d759fbe5bbba86465d89d3bb184777997ce7d731a46f86118e62c5ca
|
|
4
|
+
data.tar.gz: 9845fee84a035d8210793505514de5de55b9a1a22445ea6fe08c0fc990933be0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2b1088848755c808ed70bbdc57a14089b5aa86a7bbaf5e065cde35e9f58b89afcdb835d542addcfd8c1b2be273f8ac34c592699722292ca314946dae0a799805
|
|
7
|
+
data.tar.gz: 376a1aa4d0e4742dd2fc47462f839650c5bc8507cf14fd883ef50cb9b0f73b1f0971df905881875f51fd37f623f447671a220caf88663c49229e65b0baa52c5c
|
data/README.md
CHANGED
|
@@ -7,9 +7,9 @@
|
|
|
7
7
|
**Ez Permissions** (read as "easy permissions") - one of the [ez-engines](https://github.com/ez-engines) collection that helps easily add permissions interface to your [Rails](http://rubyonrails.org/) application.
|
|
8
8
|
|
|
9
9
|
- Most advanced RBAC model:
|
|
10
|
-
- Flexible tool with simple DSL and
|
|
10
|
+
- Flexible tool with simple DSL and configuration
|
|
11
11
|
- All in one solution
|
|
12
|
-
-
|
|
12
|
+
- Convention over configuration principles.
|
|
13
13
|
- Depends on [ez-core](https://github.com/ez-engines/ez-core)
|
|
14
14
|
|
|
15
15
|
## Installation
|
|
@@ -36,7 +36,7 @@ Ez::Permissions.configure do |config|
|
|
|
36
36
|
config.models_roles_table_name = 'my_model_roles'
|
|
37
37
|
config.permissions_roles_table_name = 'my_permissions_roles'
|
|
38
38
|
|
|
39
|
-
# Suppress
|
|
39
|
+
# Suppress STDOUT messages for test environment
|
|
40
40
|
config.mute_stdout = true if Rails.env.test?
|
|
41
41
|
|
|
42
42
|
# Define your custom callbacks
|
|
@@ -61,7 +61,7 @@ rails generate ez:permissions:migrations
|
|
|
61
61
|
|
|
62
62
|
## DSL
|
|
63
63
|
|
|
64
|
-
Simple DSL for
|
|
64
|
+
Simple DSL for definition of permission relationships
|
|
65
65
|
```ruby
|
|
66
66
|
Ez::Permissions::DSL.define do |setup|
|
|
67
67
|
# You need add all resources of your application and possible actions
|
|
@@ -89,7 +89,7 @@ user = User.first
|
|
|
89
89
|
|
|
90
90
|
# User model become permission model
|
|
91
91
|
user.roles #=> [application level roles]
|
|
92
|
-
user.assigned_roles #=> [user owned roles,
|
|
92
|
+
user.assigned_roles #=> [user owned roles, global and scoped]
|
|
93
93
|
user.permissions #=> [user available permissions through assigned_roles]
|
|
94
94
|
```
|
|
95
95
|
|
|
@@ -180,7 +180,7 @@ end
|
|
|
180
180
|
# otherwise you will get an exception
|
|
181
181
|
Ez::Permissions::NotAuthorized
|
|
182
182
|
|
|
183
|
-
# Both .
|
|
183
|
+
# Both .authorize and .authorize! methods can be used without blocks.
|
|
184
184
|
|
|
185
185
|
# if you don't want raise exception, just use
|
|
186
186
|
Permissions.authorize(user, :create, :users) { puts 'Yeahh!' } #=> false
|
|
@@ -204,7 +204,7 @@ user_permissions.permissions_map # => { :read_users => true}
|
|
|
204
204
|
|
|
205
205
|
# and the in your code just fetch by the key:
|
|
206
206
|
if user_permissions.permissions_map[:read_users]
|
|
207
|
-
# execute
|
|
207
|
+
# execute authorized code
|
|
208
208
|
end
|
|
209
209
|
|
|
210
210
|
# or user #can? and #authorize! helper methods
|
|
@@ -217,7 +217,7 @@ user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuth
|
|
|
217
217
|
EzPermissions ships with bunch of RSpec helper methods that helps mock permission.
|
|
218
218
|
For large test suite (more than 5000 specs) it saves up to 30% of test runs time.
|
|
219
219
|
|
|
220
|
-
Add test helpers
|
|
220
|
+
Add test helpers to your rspec config
|
|
221
221
|
```ruby
|
|
222
222
|
require 'ez/permissions/rspec_helpers'
|
|
223
223
|
|
|
@@ -248,7 +248,7 @@ mock_model_role(:worker, user)
|
|
|
248
248
|
mock_permission(:users, :create)
|
|
249
249
|
```
|
|
250
250
|
|
|
251
|
-
###
|
|
251
|
+
### Cleanup redundant permissions
|
|
252
252
|
If you changed your permissions DSL and removed redundant resources and actions
|
|
253
253
|
|
|
254
254
|
```sh
|
|
@@ -256,7 +256,7 @@ rake ez:permissions:outdated # display list of outdated permissions
|
|
|
256
256
|
rake ez:permissions:cleanup # remove outdated permissions from the DB
|
|
257
257
|
```
|
|
258
258
|
|
|
259
|
-
###
|
|
259
|
+
### Keep it explicit!
|
|
260
260
|
You can wonder, why we just not add authorization methods to user instance, like:
|
|
261
261
|
```ruby
|
|
262
262
|
user.can?(:something)
|
|
@@ -270,7 +270,7 @@ Of course, you can use them as mixins, but it's up to you.
|
|
|
270
270
|
- User can has role in scope of some resource (Project, Company, Business, etc.)
|
|
271
271
|
- User can has role in global scope (without scope)
|
|
272
272
|
- If user want access data in scope of resource - user must has assigned role scoped for this resource
|
|
273
|
-
- If user want access data in global scope - user must has assigned role
|
|
273
|
+
- If user want access data in global scope - user must has assigned role without any scoped resource (global role)
|
|
274
274
|
- User with global role - can't access scoped resources.
|
|
275
275
|
- User with scoped role - can't access global resources.
|
|
276
276
|
|
|
@@ -7,16 +7,16 @@ module Ez
|
|
|
7
7
|
def self.included(base)
|
|
8
8
|
base.has_many :assigned_roles,
|
|
9
9
|
class_name: 'Ez::Permissions::ModelRole',
|
|
10
|
-
as:
|
|
10
|
+
as: :model
|
|
11
11
|
|
|
12
12
|
base.has_many :roles,
|
|
13
13
|
-> { distinct },
|
|
14
|
-
through:
|
|
14
|
+
through: :assigned_roles,
|
|
15
15
|
class_name: 'Ez::Permissions::Role'
|
|
16
16
|
|
|
17
17
|
base.has_many :permissions,
|
|
18
18
|
-> { distinct },
|
|
19
|
-
through:
|
|
19
|
+
through: :roles,
|
|
20
20
|
class_name: 'Ez::Permissions::Permission'
|
|
21
21
|
end
|
|
22
22
|
# rubocop:enable Metrics/MethodLength
|
|
@@ -53,9 +53,9 @@ module Ez
|
|
|
53
53
|
permission_ids = Ez::Permissions::PermissionRole.where(role_id: role_ids).pluck(:permission_id)
|
|
54
54
|
|
|
55
55
|
Ez::Permissions::Permission.where(
|
|
56
|
-
id:
|
|
56
|
+
id: permission_ids,
|
|
57
57
|
resource: resource,
|
|
58
|
-
action:
|
|
58
|
+
action: actions.map(&:to_s)
|
|
59
59
|
)
|
|
60
60
|
end
|
|
61
61
|
|
|
@@ -8,8 +8,8 @@ module Ez
|
|
|
8
8
|
role = Ez::Permissions::API.get_role!(role_name)
|
|
9
9
|
|
|
10
10
|
Ez::Permissions::ModelRole.find_or_create_by!(
|
|
11
|
-
role:
|
|
12
|
-
model:
|
|
11
|
+
role: role,
|
|
12
|
+
model: model,
|
|
13
13
|
scoped: scoped
|
|
14
14
|
)
|
|
15
15
|
end
|
|
@@ -30,8 +30,8 @@ module Ez
|
|
|
30
30
|
|
|
31
31
|
def model_role(role, model, scoped)
|
|
32
32
|
Ez::Permissions::ModelRole.find_by(
|
|
33
|
-
role:
|
|
34
|
-
model:
|
|
33
|
+
role: role,
|
|
34
|
+
model: model,
|
|
35
35
|
scoped: scoped
|
|
36
36
|
)
|
|
37
37
|
end
|
|
@@ -28,7 +28,7 @@ module Ez
|
|
|
28
28
|
permission = get_permission!(action, resource)
|
|
29
29
|
|
|
30
30
|
Ez::Permissions::PermissionRole.find_by(
|
|
31
|
-
role:
|
|
31
|
+
role: role,
|
|
32
32
|
permission: permission
|
|
33
33
|
)&.delete
|
|
34
34
|
end
|
|
@@ -37,7 +37,7 @@ module Ez
|
|
|
37
37
|
|
|
38
38
|
def grant_single_permission(role, permission)
|
|
39
39
|
Ez::Permissions::PermissionRole.find_or_create_by!(
|
|
40
|
-
role:
|
|
40
|
+
role: role,
|
|
41
41
|
permission: permission
|
|
42
42
|
)
|
|
43
43
|
end
|
data/lib/ez/permissions/dsl.rb
CHANGED
|
@@ -42,7 +42,7 @@ module Ez
|
|
|
42
42
|
return unless seed_to_db(resource)
|
|
43
43
|
|
|
44
44
|
message(
|
|
45
|
-
"Resource [#{name}] has been successfully
|
|
45
|
+
"Resource [#{name}] has been successfully registered with actions: [#{resource.actions.join(', ')}]",
|
|
46
46
|
'SUCCESS'
|
|
47
47
|
)
|
|
48
48
|
end
|
|
@@ -62,7 +62,7 @@ module Ez
|
|
|
62
62
|
resource.actions.each do |action|
|
|
63
63
|
Ez::Permissions::Permission.where(
|
|
64
64
|
resource: resource.name,
|
|
65
|
-
action:
|
|
65
|
+
action: action
|
|
66
66
|
).first_or_create!
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -5,12 +5,13 @@ module Ez
|
|
|
5
5
|
class Resource
|
|
6
6
|
ACTIONS = %i[create read update delete].freeze
|
|
7
7
|
|
|
8
|
-
attr_reader :name, :model, :actions
|
|
8
|
+
attr_reader :name, :model, :actions, :group
|
|
9
9
|
|
|
10
10
|
def initialize(name, options = {})
|
|
11
11
|
@name = name
|
|
12
12
|
@model = options.fetch(:model, nil)
|
|
13
13
|
@actions = process_actions(options.fetch(:actions, []))
|
|
14
|
+
@group = options.fetch(:group, nil)
|
|
14
15
|
end
|
|
15
16
|
|
|
16
17
|
def <=>(other)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ez-permissions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodya Sveredyuk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-03-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ez-core
|