ez-permissions 0.6.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -4
- data/app/models/ez/permissions/model.rb +3 -3
- data/app/models/ez/permissions/role.rb +1 -1
- data/lib/ez/permissions/api/authorize/godmode_permissions.rb +19 -0
- data/lib/ez/permissions/api/authorize/model_permissions.rb +7 -6
- data/lib/ez/permissions/api/authorize.rb +12 -4
- data/lib/ez/permissions/api/models.rb +5 -5
- data/lib/ez/permissions/api/permissions.rb +2 -2
- data/lib/ez/permissions/dsl.rb +1 -1
- data/lib/ez/permissions/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cab72e814bf5bc7883df8e8f069958543d29a009eff5f3f1449c8f601417b731
|
|
4
|
+
data.tar.gz: 415e76d721038d89e81515b240bbe81fee10dbbe04e4781c6b3fa42adc9e340a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 726fd87afd239f261fb02c3c8ed57ab178807bd31fb5b46bfbad8b08e9e860cdc9066f2fa297c0208d9ad7717e63a147964d92a24db008b193d91516a3d68122
|
|
7
|
+
data.tar.gz: 620fbc36e4b13bc1e3f4a07636d13515decc9ff380cc76b199373e6cb28ca472f338571e2a474535780225ee0ea58eb59999fb0d5254ef812023f27021c6379d
|
data/README.md
CHANGED
|
@@ -157,7 +157,7 @@ Permissions.list_by_role(:manager, scoped: project)
|
|
|
157
157
|
# Create a role
|
|
158
158
|
Permissions.create_role(:user)
|
|
159
159
|
|
|
160
|
-
# Grant role's
|
|
160
|
+
# Grant role's ability to have action per resource
|
|
161
161
|
Permissions.grant_permission(:user, :read, :projects)
|
|
162
162
|
|
|
163
163
|
# Grant all defined actions per resource
|
|
@@ -200,7 +200,7 @@ Permissions.can?(user, :create, :users, scoped: project) => # false
|
|
|
200
200
|
If in one HTTP request (e.g. navigation menu rendering) you don't want to hit the database with dozens of queries, you can cache all user permission in a hash
|
|
201
201
|
|
|
202
202
|
```ruby
|
|
203
|
-
user_permissions = Permissions.
|
|
203
|
+
user_permissions = Permissions.model_permissions(user)
|
|
204
204
|
user_permissions # => #<Ez::Permissions::API::Authorize::ModelPermissions...
|
|
205
205
|
|
|
206
206
|
# You can fetch permissions as a hash
|
|
@@ -214,6 +214,7 @@ end
|
|
|
214
214
|
# or user #can? and #authorize! helper methods
|
|
215
215
|
user_permissions.can?(:read, :users) # => true
|
|
216
216
|
user_permissions.can?(:create, :users) # => false
|
|
217
|
+
user_permissions.can?(:create, :users, scoped: project) # => false
|
|
217
218
|
user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuthorized
|
|
218
219
|
```
|
|
219
220
|
|
|
@@ -280,8 +281,6 @@ Of course, you can use them as mixins, but it's up to you.
|
|
|
280
281
|
|
|
281
282
|
## TODO
|
|
282
283
|
- [ ] Add helper methods for seed grant permissions
|
|
283
|
-
- [ ] Cached permissions. If single UI has multiple checks for one user - we can cache it!
|
|
284
|
-
- [ ] Not all permissions should be manageable through UI, like roles and permissions.
|
|
285
284
|
|
|
286
285
|
## Contributing
|
|
287
286
|
Contribution directions go here.
|
|
@@ -7,16 +7,16 @@ module Ez
|
|
|
7
7
|
def self.included(base)
|
|
8
8
|
base.has_many :assigned_roles,
|
|
9
9
|
class_name: 'Ez::Permissions::ModelRole',
|
|
10
|
-
as:
|
|
10
|
+
as: :model
|
|
11
11
|
|
|
12
12
|
base.has_many :roles,
|
|
13
13
|
-> { distinct },
|
|
14
|
-
through:
|
|
14
|
+
through: :assigned_roles,
|
|
15
15
|
class_name: 'Ez::Permissions::Role'
|
|
16
16
|
|
|
17
17
|
base.has_many :permissions,
|
|
18
18
|
-> { distinct },
|
|
19
|
-
through:
|
|
19
|
+
through: :roles,
|
|
20
20
|
class_name: 'Ez::Permissions::Permission'
|
|
21
21
|
end
|
|
22
22
|
# rubocop:enable Metrics/MethodLength
|
|
@@ -5,7 +5,7 @@ module Ez
|
|
|
5
5
|
class Role < ApplicationRecord
|
|
6
6
|
self.table_name = Ez::Permissions.config.roles_table_name
|
|
7
7
|
|
|
8
|
-
has_and_belongs_to_many :permissions
|
|
8
|
+
has_and_belongs_to_many :permissions, join_table: Ez::Permissions.config.permissions_roles_table_name
|
|
9
9
|
|
|
10
10
|
validates :name, presence: true
|
|
11
11
|
validates :name, uniqueness: true
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Ez
|
|
4
|
+
module Permissions
|
|
5
|
+
module API
|
|
6
|
+
module Authorize
|
|
7
|
+
class GodmodPermissions < ModelPermissions
|
|
8
|
+
def can?(_action_name, _resource_name, **)
|
|
9
|
+
true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def authorize!(_action_name, _resource_name, **)
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -11,20 +11,21 @@ module Ez
|
|
|
11
11
|
@permissions_map = permissions_map
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def can?(action_name, resource_name)
|
|
15
|
-
permissions_map[to_key(action_name, resource_name)] == true
|
|
14
|
+
def can?(action_name, resource_name, scoped: nil)
|
|
15
|
+
permissions_map[to_key(action_name, resource_name, scoped)] == true
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def authorize!(action_name, resource_name)
|
|
19
|
-
permissions_map.fetch(to_key(action_name, resource_name))
|
|
18
|
+
def authorize!(action_name, resource_name, scoped: nil)
|
|
19
|
+
permissions_map.fetch(to_key(action_name, resource_name, scoped))
|
|
20
20
|
rescue KeyError
|
|
21
21
|
raise Ez::Permissions::NotAuthorizedError
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
private
|
|
25
25
|
|
|
26
|
-
def to_key(action_name, resource_name)
|
|
27
|
-
|
|
26
|
+
def to_key(action_name, resource_name, scoped = nil)
|
|
27
|
+
scoped_key = [scoped&.class, scoped&.id].compact.join('_')
|
|
28
|
+
"#{action_name}_#{resource_name}_#{scoped_key}".to_sym
|
|
28
29
|
end
|
|
29
30
|
end
|
|
30
31
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require_relative 'authorize/model_permissions'
|
|
4
|
+
require_relative 'authorize/godmode_permissions'
|
|
4
5
|
|
|
5
6
|
module Ez
|
|
6
7
|
module Permissions
|
|
@@ -8,12 +9,19 @@ module Ez
|
|
|
8
9
|
module Authorize
|
|
9
10
|
def model_permissions(model)
|
|
10
11
|
ModelPermissions.new(
|
|
11
|
-
model.permissions.each_with_object({}) do |
|
|
12
|
-
|
|
12
|
+
model.class.includes(assigned_roles: { role: :permissions }).find(model.id).assigned_roles.each_with_object({}) do |assigned_role, acum|
|
|
13
|
+
scoped_key = [assigned_role.scoped_type, assigned_role.scoped_id].compact.join('_')
|
|
14
|
+
assigned_role.role.permissions.each do |permission|
|
|
15
|
+
acum["#{permission.action}_#{permission.resource}_#{scoped_key}".to_sym] = true
|
|
16
|
+
end
|
|
13
17
|
end
|
|
14
18
|
)
|
|
15
19
|
end
|
|
16
20
|
|
|
21
|
+
def godmode_permissions
|
|
22
|
+
GodmodPermissions.new({})
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
def authorize!(model, *actions, resource, scoped: nil, &block)
|
|
18
26
|
authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
|
|
19
27
|
end
|
|
@@ -53,9 +61,9 @@ module Ez
|
|
|
53
61
|
permission_ids = Ez::Permissions::PermissionRole.where(role_id: role_ids).pluck(:permission_id)
|
|
54
62
|
|
|
55
63
|
Ez::Permissions::Permission.where(
|
|
56
|
-
id:
|
|
64
|
+
id: permission_ids,
|
|
57
65
|
resource: resource,
|
|
58
|
-
action:
|
|
66
|
+
action: actions.map(&:to_s)
|
|
59
67
|
)
|
|
60
68
|
end
|
|
61
69
|
|
|
@@ -8,8 +8,8 @@ module Ez
|
|
|
8
8
|
role = Ez::Permissions::API.get_role!(role_name)
|
|
9
9
|
|
|
10
10
|
Ez::Permissions::ModelRole.find_or_create_by!(
|
|
11
|
-
role:
|
|
12
|
-
model:
|
|
11
|
+
role: role,
|
|
12
|
+
model: model,
|
|
13
13
|
scoped: scoped
|
|
14
14
|
)
|
|
15
15
|
end
|
|
@@ -30,7 +30,7 @@ module Ez
|
|
|
30
30
|
role = Ez::Permissions::API.get_role!(role_name)
|
|
31
31
|
|
|
32
32
|
Ez::Permissions::ModelRole.where(
|
|
33
|
-
role:
|
|
33
|
+
role: role,
|
|
34
34
|
scoped: scoped
|
|
35
35
|
).map(&:model)
|
|
36
36
|
end
|
|
@@ -39,8 +39,8 @@ module Ez
|
|
|
39
39
|
|
|
40
40
|
def model_role(role, model, scoped)
|
|
41
41
|
Ez::Permissions::ModelRole.find_by(
|
|
42
|
-
role:
|
|
43
|
-
model:
|
|
42
|
+
role: role,
|
|
43
|
+
model: model,
|
|
44
44
|
scoped: scoped
|
|
45
45
|
)
|
|
46
46
|
end
|
|
@@ -28,7 +28,7 @@ module Ez
|
|
|
28
28
|
permission = get_permission!(action, resource)
|
|
29
29
|
|
|
30
30
|
Ez::Permissions::PermissionRole.find_by(
|
|
31
|
-
role:
|
|
31
|
+
role: role,
|
|
32
32
|
permission: permission
|
|
33
33
|
)&.delete
|
|
34
34
|
end
|
|
@@ -37,7 +37,7 @@ module Ez
|
|
|
37
37
|
|
|
38
38
|
def grant_single_permission(role, permission)
|
|
39
39
|
Ez::Permissions::PermissionRole.find_or_create_by!(
|
|
40
|
-
role:
|
|
40
|
+
role: role,
|
|
41
41
|
permission: permission
|
|
42
42
|
)
|
|
43
43
|
end
|
data/lib/ez/permissions/dsl.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ez-permissions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodya Sveredyuk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ez-core
|
|
@@ -176,6 +176,7 @@ files:
|
|
|
176
176
|
- lib/ez/permissions.rb
|
|
177
177
|
- lib/ez/permissions/api.rb
|
|
178
178
|
- lib/ez/permissions/api/authorize.rb
|
|
179
|
+
- lib/ez/permissions/api/authorize/godmode_permissions.rb
|
|
179
180
|
- lib/ez/permissions/api/authorize/model_permissions.rb
|
|
180
181
|
- lib/ez/permissions/api/models.rb
|
|
181
182
|
- lib/ez/permissions/api/permissions.rb
|