ez-permissions 0.6.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5514714fbd59dcc2567a76cf7170c88ba2493ad654aa232ee464b386d7d73ca9
4
- data.tar.gz: 988f18fad5072711f3699cbd78386647822745975314ef57bb6ab4848ea66cf6
3
+ metadata.gz: cab72e814bf5bc7883df8e8f069958543d29a009eff5f3f1449c8f601417b731
4
+ data.tar.gz: 415e76d721038d89e81515b240bbe81fee10dbbe04e4781c6b3fa42adc9e340a
5
5
  SHA512:
6
- metadata.gz: 547ec67bb10c87d4d4b6c04258d1491afaa8cd1f4c85b17403502d82b29fc7574b2f96c2327d12064be5dd0385cc6cfc4395b635a9c88bba2cb7a5f97d33d91a
7
- data.tar.gz: a24ca354fd87426c2fee1aa94b660e410886288218dcb29dfe4439e68735a7b582ea2c2627d54c6d74ee1fa9efdc7d64eb26efeb489af409bb46f960168e5e1d
6
+ metadata.gz: 726fd87afd239f261fb02c3c8ed57ab178807bd31fb5b46bfbad8b08e9e860cdc9066f2fa297c0208d9ad7717e63a147964d92a24db008b193d91516a3d68122
7
+ data.tar.gz: 620fbc36e4b13bc1e3f4a07636d13515decc9ff380cc76b199373e6cb28ca472f338571e2a474535780225ee0ea58eb59999fb0d5254ef812023f27021c6379d
data/README.md CHANGED
@@ -157,7 +157,7 @@ Permissions.list_by_role(:manager, scoped: project)
157
157
  # Create a role
158
158
  Permissions.create_role(:user)
159
159
 
160
- # Grant role's possibility to have action per resource
160
+ # Grant role's ability to have action per resource
161
161
  Permissions.grant_permission(:user, :read, :projects)
162
162
 
163
163
  # Grant all defined actions per resource
@@ -200,7 +200,7 @@ Permissions.can?(user, :create, :users, scoped: project) => # false
200
200
  If in one HTTP request (e.g. navigation menu rendering) you don't want to hit the database with dozens of queries, you can cache all user permission in a hash
201
201
 
202
202
  ```ruby
203
- user_permissions = Permissions.model_permissions_map(user)
203
+ user_permissions = Permissions.model_permissions(user)
204
204
  user_permissions # => #<Ez::Permissions::API::Authorize::ModelPermissions...
205
205
 
206
206
  # You can fetch permissions as a hash
@@ -214,6 +214,7 @@ end
214
214
  # or user #can? and #authorize! helper methods
215
215
  user_permissions.can?(:read, :users) # => true
216
216
  user_permissions.can?(:create, :users) # => false
217
+ user_permissions.can?(:create, :users, scoped: project) # => false
217
218
  user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuthorized
218
219
  ```
219
220
 
@@ -280,8 +281,6 @@ Of course, you can use them as mixins, but it's up to you.
280
281
 
281
282
  ## TODO
282
283
  - [ ] Add helper methods for seed grant permissions
283
- - [ ] Cached permissions. If single UI has multiple checks for one user - we can cache it!
284
- - [ ] Not all permissions should be manageable through UI, like roles and permissions.
285
284
 
286
285
  ## Contributing
287
286
  Contribution directions go here.
@@ -7,16 +7,16 @@ module Ez
7
7
  def self.included(base)
8
8
  base.has_many :assigned_roles,
9
9
  class_name: 'Ez::Permissions::ModelRole',
10
- as: :model
10
+ as: :model
11
11
 
12
12
  base.has_many :roles,
13
13
  -> { distinct },
14
- through: :assigned_roles,
14
+ through: :assigned_roles,
15
15
  class_name: 'Ez::Permissions::Role'
16
16
 
17
17
  base.has_many :permissions,
18
18
  -> { distinct },
19
- through: :roles,
19
+ through: :roles,
20
20
  class_name: 'Ez::Permissions::Permission'
21
21
  end
22
22
  # rubocop:enable Metrics/MethodLength
@@ -5,7 +5,7 @@ module Ez
5
5
  class Role < ApplicationRecord
6
6
  self.table_name = Ez::Permissions.config.roles_table_name
7
7
 
8
- has_and_belongs_to_many :permissions
8
+ has_and_belongs_to_many :permissions, join_table: Ez::Permissions.config.permissions_roles_table_name
9
9
 
10
10
  validates :name, presence: true
11
11
  validates :name, uniqueness: true
@@ -0,0 +1,19 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Ez
4
+ module Permissions
5
+ module API
6
+ module Authorize
7
+ class GodmodPermissions < ModelPermissions
8
+ def can?(_action_name, _resource_name, **)
9
+ true
10
+ end
11
+
12
+ def authorize!(_action_name, _resource_name, **)
13
+ true
14
+ end
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -11,20 +11,21 @@ module Ez
11
11
  @permissions_map = permissions_map
12
12
  end
13
13
 
14
- def can?(action_name, resource_name)
15
- permissions_map[to_key(action_name, resource_name)] == true
14
+ def can?(action_name, resource_name, scoped: nil)
15
+ permissions_map[to_key(action_name, resource_name, scoped)] == true
16
16
  end
17
17
 
18
- def authorize!(action_name, resource_name)
19
- permissions_map.fetch(to_key(action_name, resource_name))
18
+ def authorize!(action_name, resource_name, scoped: nil)
19
+ permissions_map.fetch(to_key(action_name, resource_name, scoped))
20
20
  rescue KeyError
21
21
  raise Ez::Permissions::NotAuthorizedError
22
22
  end
23
23
 
24
24
  private
25
25
 
26
- def to_key(action_name, resource_name)
27
- "#{action_name}_#{resource_name}".to_sym
26
+ def to_key(action_name, resource_name, scoped = nil)
27
+ scoped_key = [scoped&.class, scoped&.id].compact.join('_')
28
+ "#{action_name}_#{resource_name}_#{scoped_key}".to_sym
28
29
  end
29
30
  end
30
31
  end
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require_relative 'authorize/model_permissions'
4
+ require_relative 'authorize/godmode_permissions'
4
5
 
5
6
  module Ez
6
7
  module Permissions
@@ -8,12 +9,19 @@ module Ez
8
9
  module Authorize
9
10
  def model_permissions(model)
10
11
  ModelPermissions.new(
11
- model.permissions.each_with_object({}) do |permission, acum|
12
- acum["#{permission.action}_#{permission.resource}".to_sym] = true
12
+ model.class.includes(assigned_roles: { role: :permissions }).find(model.id).assigned_roles.each_with_object({}) do |assigned_role, acum|
13
+ scoped_key = [assigned_role.scoped_type, assigned_role.scoped_id].compact.join('_')
14
+ assigned_role.role.permissions.each do |permission|
15
+ acum["#{permission.action}_#{permission.resource}_#{scoped_key}".to_sym] = true
16
+ end
13
17
  end
14
18
  )
15
19
  end
16
20
 
21
+ def godmode_permissions
22
+ GodmodPermissions.new({})
23
+ end
24
+
17
25
  def authorize!(model, *actions, resource, scoped: nil, &block)
18
26
  authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
19
27
  end
@@ -53,9 +61,9 @@ module Ez
53
61
  permission_ids = Ez::Permissions::PermissionRole.where(role_id: role_ids).pluck(:permission_id)
54
62
 
55
63
  Ez::Permissions::Permission.where(
56
- id: permission_ids,
64
+ id: permission_ids,
57
65
  resource: resource,
58
- action: actions.map(&:to_s)
66
+ action: actions.map(&:to_s)
59
67
  )
60
68
  end
61
69
 
@@ -8,8 +8,8 @@ module Ez
8
8
  role = Ez::Permissions::API.get_role!(role_name)
9
9
 
10
10
  Ez::Permissions::ModelRole.find_or_create_by!(
11
- role: role,
12
- model: model,
11
+ role: role,
12
+ model: model,
13
13
  scoped: scoped
14
14
  )
15
15
  end
@@ -30,7 +30,7 @@ module Ez
30
30
  role = Ez::Permissions::API.get_role!(role_name)
31
31
 
32
32
  Ez::Permissions::ModelRole.where(
33
- role: role,
33
+ role: role,
34
34
  scoped: scoped
35
35
  ).map(&:model)
36
36
  end
@@ -39,8 +39,8 @@ module Ez
39
39
 
40
40
  def model_role(role, model, scoped)
41
41
  Ez::Permissions::ModelRole.find_by(
42
- role: role,
43
- model: model,
42
+ role: role,
43
+ model: model,
44
44
  scoped: scoped
45
45
  )
46
46
  end
@@ -28,7 +28,7 @@ module Ez
28
28
  permission = get_permission!(action, resource)
29
29
 
30
30
  Ez::Permissions::PermissionRole.find_by(
31
- role: role,
31
+ role: role,
32
32
  permission: permission
33
33
  )&.delete
34
34
  end
@@ -37,7 +37,7 @@ module Ez
37
37
 
38
38
  def grant_single_permission(role, permission)
39
39
  Ez::Permissions::PermissionRole.find_or_create_by!(
40
- role: role,
40
+ role: role,
41
41
  permission: permission
42
42
  )
43
43
  end
@@ -62,7 +62,7 @@ module Ez
62
62
  resource.actions.each do |action|
63
63
  Ez::Permissions::Permission.where(
64
64
  resource: resource.name,
65
- action: action
65
+ action: action
66
66
  ).first_or_create!
67
67
  end
68
68
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Ez
4
4
  module Permissions
5
- VERSION = '0.6.1'
5
+ VERSION = '0.7.0'
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ez-permissions
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.1
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Volodya Sveredyuk
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-07 00:00:00.000000000 Z
11
+ date: 2021-11-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ez-core
@@ -176,6 +176,7 @@ files:
176
176
  - lib/ez/permissions.rb
177
177
  - lib/ez/permissions/api.rb
178
178
  - lib/ez/permissions/api/authorize.rb
179
+ - lib/ez/permissions/api/authorize/godmode_permissions.rb
179
180
  - lib/ez/permissions/api/authorize/model_permissions.rb
180
181
  - lib/ez/permissions/api/models.rb
181
182
  - lib/ez/permissions/api/permissions.rb