ez-permissions 0.6.1 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -4
- data/app/models/ez/permissions/model.rb +3 -3
- data/app/models/ez/permissions/role.rb +1 -1
- data/lib/ez/permissions/api/authorize/godmode_permissions.rb +19 -0
- data/lib/ez/permissions/api/authorize/model_permissions.rb +7 -6
- data/lib/ez/permissions/api/authorize.rb +12 -4
- data/lib/ez/permissions/api/models.rb +5 -5
- data/lib/ez/permissions/api/permissions.rb +2 -2
- data/lib/ez/permissions/dsl.rb +1 -1
- data/lib/ez/permissions/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cab72e814bf5bc7883df8e8f069958543d29a009eff5f3f1449c8f601417b731
|
|
4
|
+
data.tar.gz: 415e76d721038d89e81515b240bbe81fee10dbbe04e4781c6b3fa42adc9e340a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 726fd87afd239f261fb02c3c8ed57ab178807bd31fb5b46bfbad8b08e9e860cdc9066f2fa297c0208d9ad7717e63a147964d92a24db008b193d91516a3d68122
|
|
7
|
+
data.tar.gz: 620fbc36e4b13bc1e3f4a07636d13515decc9ff380cc76b199373e6cb28ca472f338571e2a474535780225ee0ea58eb59999fb0d5254ef812023f27021c6379d
|
data/README.md
CHANGED
|
@@ -157,7 +157,7 @@ Permissions.list_by_role(:manager, scoped: project)
|
|
|
157
157
|
# Create a role
|
|
158
158
|
Permissions.create_role(:user)
|
|
159
159
|
|
|
160
|
-
# Grant role's
|
|
160
|
+
# Grant role's ability to have action per resource
|
|
161
161
|
Permissions.grant_permission(:user, :read, :projects)
|
|
162
162
|
|
|
163
163
|
# Grant all defined actions per resource
|
|
@@ -200,7 +200,7 @@ Permissions.can?(user, :create, :users, scoped: project) => # false
|
|
|
200
200
|
If in one HTTP request (e.g. navigation menu rendering) you don't want to hit the database with dozens of queries, you can cache all user permission in a hash
|
|
201
201
|
|
|
202
202
|
```ruby
|
|
203
|
-
user_permissions = Permissions.
|
|
203
|
+
user_permissions = Permissions.model_permissions(user)
|
|
204
204
|
user_permissions # => #<Ez::Permissions::API::Authorize::ModelPermissions...
|
|
205
205
|
|
|
206
206
|
# You can fetch permissions as a hash
|
|
@@ -214,6 +214,7 @@ end
|
|
|
214
214
|
# or user #can? and #authorize! helper methods
|
|
215
215
|
user_permissions.can?(:read, :users) # => true
|
|
216
216
|
user_permissions.can?(:create, :users) # => false
|
|
217
|
+
user_permissions.can?(:create, :users, scoped: project) # => false
|
|
217
218
|
user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuthorized
|
|
218
219
|
```
|
|
219
220
|
|
|
@@ -280,8 +281,6 @@ Of course, you can use them as mixins, but it's up to you.
|
|
|
280
281
|
|
|
281
282
|
## TODO
|
|
282
283
|
- [ ] Add helper methods for seed grant permissions
|
|
283
|
-
- [ ] Cached permissions. If single UI has multiple checks for one user - we can cache it!
|
|
284
|
-
- [ ] Not all permissions should be manageable through UI, like roles and permissions.
|
|
285
284
|
|
|
286
285
|
## Contributing
|
|
287
286
|
Contribution directions go here.
|
|
@@ -7,16 +7,16 @@ module Ez
|
|
|
7
7
|
def self.included(base)
|
|
8
8
|
base.has_many :assigned_roles,
|
|
9
9
|
class_name: 'Ez::Permissions::ModelRole',
|
|
10
|
-
as:
|
|
10
|
+
as: :model
|
|
11
11
|
|
|
12
12
|
base.has_many :roles,
|
|
13
13
|
-> { distinct },
|
|
14
|
-
through:
|
|
14
|
+
through: :assigned_roles,
|
|
15
15
|
class_name: 'Ez::Permissions::Role'
|
|
16
16
|
|
|
17
17
|
base.has_many :permissions,
|
|
18
18
|
-> { distinct },
|
|
19
|
-
through:
|
|
19
|
+
through: :roles,
|
|
20
20
|
class_name: 'Ez::Permissions::Permission'
|
|
21
21
|
end
|
|
22
22
|
# rubocop:enable Metrics/MethodLength
|
|
@@ -5,7 +5,7 @@ module Ez
|
|
|
5
5
|
class Role < ApplicationRecord
|
|
6
6
|
self.table_name = Ez::Permissions.config.roles_table_name
|
|
7
7
|
|
|
8
|
-
has_and_belongs_to_many :permissions
|
|
8
|
+
has_and_belongs_to_many :permissions, join_table: Ez::Permissions.config.permissions_roles_table_name
|
|
9
9
|
|
|
10
10
|
validates :name, presence: true
|
|
11
11
|
validates :name, uniqueness: true
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Ez
|
|
4
|
+
module Permissions
|
|
5
|
+
module API
|
|
6
|
+
module Authorize
|
|
7
|
+
class GodmodPermissions < ModelPermissions
|
|
8
|
+
def can?(_action_name, _resource_name, **)
|
|
9
|
+
true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def authorize!(_action_name, _resource_name, **)
|
|
13
|
+
true
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -11,20 +11,21 @@ module Ez
|
|
|
11
11
|
@permissions_map = permissions_map
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def can?(action_name, resource_name)
|
|
15
|
-
permissions_map[to_key(action_name, resource_name)] == true
|
|
14
|
+
def can?(action_name, resource_name, scoped: nil)
|
|
15
|
+
permissions_map[to_key(action_name, resource_name, scoped)] == true
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
def authorize!(action_name, resource_name)
|
|
19
|
-
permissions_map.fetch(to_key(action_name, resource_name))
|
|
18
|
+
def authorize!(action_name, resource_name, scoped: nil)
|
|
19
|
+
permissions_map.fetch(to_key(action_name, resource_name, scoped))
|
|
20
20
|
rescue KeyError
|
|
21
21
|
raise Ez::Permissions::NotAuthorizedError
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
private
|
|
25
25
|
|
|
26
|
-
def to_key(action_name, resource_name)
|
|
27
|
-
|
|
26
|
+
def to_key(action_name, resource_name, scoped = nil)
|
|
27
|
+
scoped_key = [scoped&.class, scoped&.id].compact.join('_')
|
|
28
|
+
"#{action_name}_#{resource_name}_#{scoped_key}".to_sym
|
|
28
29
|
end
|
|
29
30
|
end
|
|
30
31
|
end
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require_relative 'authorize/model_permissions'
|
|
4
|
+
require_relative 'authorize/godmode_permissions'
|
|
4
5
|
|
|
5
6
|
module Ez
|
|
6
7
|
module Permissions
|
|
@@ -8,12 +9,19 @@ module Ez
|
|
|
8
9
|
module Authorize
|
|
9
10
|
def model_permissions(model)
|
|
10
11
|
ModelPermissions.new(
|
|
11
|
-
model.permissions.each_with_object({}) do |
|
|
12
|
-
|
|
12
|
+
model.class.includes(assigned_roles: { role: :permissions }).find(model.id).assigned_roles.each_with_object({}) do |assigned_role, acum|
|
|
13
|
+
scoped_key = [assigned_role.scoped_type, assigned_role.scoped_id].compact.join('_')
|
|
14
|
+
assigned_role.role.permissions.each do |permission|
|
|
15
|
+
acum["#{permission.action}_#{permission.resource}_#{scoped_key}".to_sym] = true
|
|
16
|
+
end
|
|
13
17
|
end
|
|
14
18
|
)
|
|
15
19
|
end
|
|
16
20
|
|
|
21
|
+
def godmode_permissions
|
|
22
|
+
GodmodPermissions.new({})
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
def authorize!(model, *actions, resource, scoped: nil, &block)
|
|
18
26
|
authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
|
|
19
27
|
end
|
|
@@ -53,9 +61,9 @@ module Ez
|
|
|
53
61
|
permission_ids = Ez::Permissions::PermissionRole.where(role_id: role_ids).pluck(:permission_id)
|
|
54
62
|
|
|
55
63
|
Ez::Permissions::Permission.where(
|
|
56
|
-
id:
|
|
64
|
+
id: permission_ids,
|
|
57
65
|
resource: resource,
|
|
58
|
-
action:
|
|
66
|
+
action: actions.map(&:to_s)
|
|
59
67
|
)
|
|
60
68
|
end
|
|
61
69
|
|
|
@@ -8,8 +8,8 @@ module Ez
|
|
|
8
8
|
role = Ez::Permissions::API.get_role!(role_name)
|
|
9
9
|
|
|
10
10
|
Ez::Permissions::ModelRole.find_or_create_by!(
|
|
11
|
-
role:
|
|
12
|
-
model:
|
|
11
|
+
role: role,
|
|
12
|
+
model: model,
|
|
13
13
|
scoped: scoped
|
|
14
14
|
)
|
|
15
15
|
end
|
|
@@ -30,7 +30,7 @@ module Ez
|
|
|
30
30
|
role = Ez::Permissions::API.get_role!(role_name)
|
|
31
31
|
|
|
32
32
|
Ez::Permissions::ModelRole.where(
|
|
33
|
-
role:
|
|
33
|
+
role: role,
|
|
34
34
|
scoped: scoped
|
|
35
35
|
).map(&:model)
|
|
36
36
|
end
|
|
@@ -39,8 +39,8 @@ module Ez
|
|
|
39
39
|
|
|
40
40
|
def model_role(role, model, scoped)
|
|
41
41
|
Ez::Permissions::ModelRole.find_by(
|
|
42
|
-
role:
|
|
43
|
-
model:
|
|
42
|
+
role: role,
|
|
43
|
+
model: model,
|
|
44
44
|
scoped: scoped
|
|
45
45
|
)
|
|
46
46
|
end
|
|
@@ -28,7 +28,7 @@ module Ez
|
|
|
28
28
|
permission = get_permission!(action, resource)
|
|
29
29
|
|
|
30
30
|
Ez::Permissions::PermissionRole.find_by(
|
|
31
|
-
role:
|
|
31
|
+
role: role,
|
|
32
32
|
permission: permission
|
|
33
33
|
)&.delete
|
|
34
34
|
end
|
|
@@ -37,7 +37,7 @@ module Ez
|
|
|
37
37
|
|
|
38
38
|
def grant_single_permission(role, permission)
|
|
39
39
|
Ez::Permissions::PermissionRole.find_or_create_by!(
|
|
40
|
-
role:
|
|
40
|
+
role: role,
|
|
41
41
|
permission: permission
|
|
42
42
|
)
|
|
43
43
|
end
|
data/lib/ez/permissions/dsl.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ez-permissions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.7.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Volodya Sveredyuk
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-11-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ez-core
|
|
@@ -176,6 +176,7 @@ files:
|
|
|
176
176
|
- lib/ez/permissions.rb
|
|
177
177
|
- lib/ez/permissions/api.rb
|
|
178
178
|
- lib/ez/permissions/api/authorize.rb
|
|
179
|
+
- lib/ez/permissions/api/authorize/godmode_permissions.rb
|
|
179
180
|
- lib/ez/permissions/api/authorize/model_permissions.rb
|
|
180
181
|
- lib/ez/permissions/api/models.rb
|
|
181
182
|
- lib/ez/permissions/api/permissions.rb
|