flexible_accessibility 0.3.0 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +1 -7
- data/Gemfile +1 -0
- data/Gemfile.lock +1 -1
- data/LICENSE.txt +1 -1
- data/README.md +7 -1
- data/README.rdoc +0 -0
- data/Rakefile +1 -1
- data/flexible_accessibility.gemspec +2 -2
- data/lib/flexible_accessibility.rb +3 -1
- data/lib/flexible_accessibility/access_provider.rb +16 -0
- data/lib/flexible_accessibility/access_rule.rb +4 -0
- data/lib/flexible_accessibility/controller_methods.rb +7 -5
- data/lib/flexible_accessibility/exceptions.rb +24 -3
- data/lib/flexible_accessibility/filters.rb +11 -5
- data/lib/flexible_accessibility/permission.rb +14 -23
- data/lib/flexible_accessibility/resource.rb +1 -1
- data/lib/generators/flexible_accessibility/install/install_generator.rb +24 -0
- data/lib/generators/flexible_accessibility/install/templates/create_access_rules.rb +15 -0
- metadata +7 -2
data/.gitignore
CHANGED
@@ -2,8 +2,6 @@
|
|
2
2
|
*.rbc
|
3
3
|
.bundle
|
4
4
|
.config
|
5
|
-
*.sublime-project
|
6
|
-
*.sublime-workspace
|
7
5
|
coverage
|
8
6
|
InstalledFiles
|
9
7
|
lib/bundler/man
|
@@ -13,11 +11,7 @@ spec/reports
|
|
13
11
|
test/tmp
|
14
12
|
test/version_tmp
|
15
13
|
tmp
|
16
|
-
.rvmrc
|
17
|
-
.DS_Store
|
18
|
-
.idea
|
19
|
-
|
20
|
-
# YARD artifacts
|
21
14
|
.yardoc
|
22
15
|
_yardoc
|
23
16
|
doc/
|
17
|
+
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
data/LICENSE.txt
CHANGED
data/README.md
CHANGED
@@ -10,9 +10,15 @@ Installation:
|
|
10
10
|
|
11
11
|
gem "flexible_accessibility", "~> 0.3.0"
|
12
12
|
|
13
|
+
Do
|
14
|
+
|
15
|
+
rails g flexible_accessibility:install
|
16
|
+
|
17
|
+
to install migrations
|
18
|
+
|
13
19
|
======================
|
14
20
|
|
15
21
|
## Copyright
|
16
|
-
Copyright (c) 2012 Sergey Awanesov and 7 Pikes, Inc.
|
22
|
+
Copyright (c) 2012-2013 Sergey Awanesov and 7 Pikes, Inc.
|
17
23
|
|
18
24
|
![7pikes logo](https://github.com/7Pikes/flexible_accessibility/wiki/Logo.png)
|
data/README.rdoc
ADDED
File without changes
|
data/Rakefile
CHANGED
@@ -10,8 +10,8 @@ rescue Bundler::BundlerError => e
|
|
10
10
|
$stderr.puts "Run `bundle install` to install missing gems"
|
11
11
|
exit e.status_code
|
12
12
|
end
|
13
|
-
require 'rake'
|
14
13
|
|
14
|
+
require 'rake'
|
15
15
|
require 'rake/testtask'
|
16
16
|
Rake::TestTask.new(:test) do |test|
|
17
17
|
test.libs << 'lib' << 'test'
|
@@ -2,9 +2,9 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = "flexible_accessibility"
|
5
|
-
s.version = "0.3.
|
5
|
+
s.version = "0.3.1"
|
6
6
|
s.authors = ["Sergey Awanesov"]
|
7
|
-
s.date = "
|
7
|
+
s.date = "2013-09-30"
|
8
8
|
s.summary = "Flexible access control system"
|
9
9
|
s.description = "Flexible access control system for your rails application. Based on analysis of controller actions"
|
10
10
|
s.email = "sergey.awanesov@gmail.com"
|
@@ -4,4 +4,6 @@ require 'flexible_accessibility/exceptions.rb'
|
|
4
4
|
require 'flexible_accessibility/permission.rb'
|
5
5
|
require 'flexible_accessibility/filters.rb'
|
6
6
|
require 'flexible_accessibility/resource.rb'
|
7
|
-
require 'flexible_accessibility/utils.rb'
|
7
|
+
require 'flexible_accessibility/utils.rb'
|
8
|
+
require 'flexible_accessibility/access_provider.rb'
|
9
|
+
require 'flexible_accessibility/access_rule.rb'
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module FlexibleAccessibility
|
2
|
+
class AccessProvider
|
3
|
+
class << self
|
4
|
+
def preload_permissions(user)
|
5
|
+
if user.instance_variable_get(:@_available_permissions).nil?
|
6
|
+
user.instance_variable_set(:@_available_permissions, AccessRule.where(:owner => user.id).map(&:permission))
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
def is_action_permitted_for_user?(permission, user)
|
11
|
+
preload_permissions(user)
|
12
|
+
user.instance_variable_get(:@_available_permissions).include? permission
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -7,7 +7,7 @@ module FlexibleAccessibility
|
|
7
7
|
valid_arguments = parse_and_validate_arguments(args)
|
8
8
|
self.instance_variable_set(:@_non_verifiable_routes, self.action_methods) if valid_arguments[:all]
|
9
9
|
self.instance_variable_set(:@_non_verifiable_routes, valid_arguments[:on]) unless valid_arguments[:on].nil?
|
10
|
-
self.instance_variable_set(:@_verifiable_routes, [])
|
10
|
+
self.instance_variable_set(:@_verifiable_routes, []) if self.instance_variable_get(:@_non_verifiable_routes).nil?
|
11
11
|
end
|
12
12
|
|
13
13
|
# Macro for define actions with authorization
|
@@ -16,9 +16,10 @@ module FlexibleAccessibility
|
|
16
16
|
self.instance_variable_set(:@_verifiable_routes, valid_arguments[:only]) unless valid_arguments[:only].nil?
|
17
17
|
self.instance_variable_set(:@_verifiable_routes, self.action_methods - valid_arguments[:except]) unless valid_arguments[:except].nil?
|
18
18
|
self.instance_variable_set(:@_verifiable_routes, self.action_methods) if valid_arguments[:all]
|
19
|
-
self.instance_variable_set(:@_non_verifiable_routes, [])
|
19
|
+
self.instance_variable_set(:@_non_verifiable_routes, []) if self.instance_variable_get(:@_non_verifiable_routes).nil?
|
20
|
+
# TODO: get info from routes
|
20
21
|
end
|
21
|
-
|
22
|
+
|
22
23
|
private
|
23
24
|
# Parse arguments from macro calls
|
24
25
|
def parse_and_validate_arguments(args={})
|
@@ -42,7 +43,8 @@ module FlexibleAccessibility
|
|
42
43
|
|
43
44
|
# Check the url for each link in view to show it
|
44
45
|
def has_access?(permission, user)
|
45
|
-
|
46
|
+
raise UnknownUserException if user.nil?
|
47
|
+
AccessProvider.is_action_permitted_for_user?(permission, user)
|
46
48
|
end
|
47
49
|
end
|
48
50
|
end
|
@@ -50,6 +52,6 @@ end
|
|
50
52
|
# Include methods in ActionController::Base
|
51
53
|
if defined?(ActionController::Base)
|
52
54
|
ActionController::Base.class_eval do
|
53
|
-
include FlexibleAccessibility::ControllerMethods
|
55
|
+
include FlexibleAccessibility::ControllerMethods
|
54
56
|
end
|
55
57
|
end
|
@@ -21,11 +21,10 @@ module FlexibleAccessibility
|
|
21
21
|
end
|
22
22
|
end
|
23
23
|
|
24
|
-
|
25
24
|
class AccessDeniedException < FlexibleAccessibilityException
|
26
25
|
private
|
27
26
|
def message
|
28
|
-
I18n.t
|
27
|
+
I18n.t('flexible_accessibility.errors.access_denied', :action => @action)
|
29
28
|
end
|
30
29
|
|
31
30
|
def default_message
|
@@ -36,7 +35,7 @@ module FlexibleAccessibility
|
|
36
35
|
class UserNotLoggedInException < FlexibleAccessibilityException
|
37
36
|
private
|
38
37
|
def message
|
39
|
-
I18n.t
|
38
|
+
I18n.t('flexible_accessibility.errors.user_is_not_logged_in')
|
40
39
|
end
|
41
40
|
|
42
41
|
def default_message
|
@@ -44,6 +43,28 @@ module FlexibleAccessibility
|
|
44
43
|
end
|
45
44
|
end
|
46
45
|
|
46
|
+
class NoWayToDetectLoggerUserException < FlexibleAccessibilityException
|
47
|
+
private
|
48
|
+
def message
|
49
|
+
I18n.t('flexible_accessibility.errors.no_way_to_detect_logged_user')
|
50
|
+
end
|
51
|
+
|
52
|
+
def default_message
|
53
|
+
"No way to detect a logged user - may you have forgot to define a current_user helper"
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
class UnknownUserException < FlexibleAccessibilityException
|
58
|
+
private
|
59
|
+
def message
|
60
|
+
I18n.t('flexible_accessibility.errors.unknown_user')
|
61
|
+
end
|
62
|
+
|
63
|
+
def default_message
|
64
|
+
"Probably you have forgot to send a user in has_access?"
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
47
68
|
class ActionsValueException < FlexibleAccessibilityException
|
48
69
|
private
|
49
70
|
def message
|
@@ -6,7 +6,7 @@ module FlexibleAccessibility
|
|
6
6
|
append_before_filter(:check_permission_to_route)
|
7
7
|
append_before_filter(:check_if_route_is_permitted)
|
8
8
|
end
|
9
|
-
|
9
|
+
|
10
10
|
private
|
11
11
|
# Detect current controller and action and return a permission
|
12
12
|
def current_resource
|
@@ -23,11 +23,17 @@ module FlexibleAccessibility
|
|
23
23
|
"#{current_resource}##{current_action}"
|
24
24
|
end
|
25
25
|
|
26
|
-
|
26
|
+
# Expected the existing of current_user helper
|
27
|
+
def logged_user
|
28
|
+
return current_user if defined?(current_user)
|
29
|
+
raise NoWayToDetectLoggerUserException unless defined?(current_user)
|
30
|
+
end
|
31
|
+
|
32
|
+
# Check access to route and we expected the existing of current_user helper
|
27
33
|
def check_permission_to_route
|
28
34
|
if self.class.instance_variable_get(:@_verifiable_routes).include? current_action
|
29
|
-
raise UserNotLoggedInException.new(current_route, nil) if
|
30
|
-
self.class.instance_variable_set(:@_route_permitted,
|
35
|
+
raise UserNotLoggedInException.new(current_route, nil) if logged_user.nil?
|
36
|
+
self.class.instance_variable_set(:@_route_permitted, AccessProvider.is_action_permitted_for_user?(current_route, logged_user))
|
31
37
|
elsif self.class.instance_variable_get(:@_non_verifiable_routes).include? current_action
|
32
38
|
self.class.instance_variable_set(:@_route_permitted, true)
|
33
39
|
else
|
@@ -35,7 +41,7 @@ module FlexibleAccessibility
|
|
35
41
|
end
|
36
42
|
end
|
37
43
|
|
38
|
-
#
|
44
|
+
# Check the @authorized variable state
|
39
45
|
def check_if_route_is_permitted
|
40
46
|
raise AccessDeniedException.new(current_route, nil) unless self.class.instance_variable_get(:@_route_permitted)
|
41
47
|
end
|
@@ -16,28 +16,19 @@ module FlexibleAccessibility
|
|
16
16
|
ApplicationResource.new(self.resource).namespace
|
17
17
|
end
|
18
18
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
def is_action_permitted? permission
|
34
|
-
self.is_action_permitted_for_user?(permission, current_user)
|
35
|
-
end
|
36
|
-
|
37
|
-
def is_action_permitted_for_user? permission, user
|
38
|
-
# TODO: Avoid these code, maybe handle a callback included in application
|
39
|
-
!AccessRule.where(["permission = ? and user_id = ?", permission, user.id]).empty?
|
40
|
-
end
|
41
|
-
end
|
19
|
+
# TODO: this function may be recursive because nesting may be existed
|
20
|
+
class << self
|
21
|
+
def all
|
22
|
+
permissions = []
|
23
|
+
Utils.new.get_controllers.each do |scope|
|
24
|
+
namespace = scope.first.to_s
|
25
|
+
scope.last.each do |resource|
|
26
|
+
resource = "#{namespace}/#{resource}" unless namespace == "default"
|
27
|
+
permissions << Permission.new(:resource => resource.gsub(/_controller/, ""), :actions => ApplicationResource.new(resource).klass.instance_variable_get(:@_verifiable_routes))
|
28
|
+
end
|
29
|
+
end
|
30
|
+
permissions
|
31
|
+
end
|
32
|
+
end
|
42
33
|
end
|
43
34
|
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails/generators/migration'
|
2
|
+
|
3
|
+
module FlexibleAccessibility
|
4
|
+
module Generators
|
5
|
+
class InstallGenerator < ::Rails::Generators::Base
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
desc "Add the migrations"
|
9
|
+
|
10
|
+
def self.next_migration_number(path)
|
11
|
+
unless @prev_migration_nr
|
12
|
+
@prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
|
13
|
+
else
|
14
|
+
@prev_migration_nr += 1
|
15
|
+
end
|
16
|
+
@prev_migration_nr.to_s
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_migrations
|
20
|
+
migration_template "create_access_rules.rb", "db/migrate/create_access_rules.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
class CreateAccessRules < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :access_rules do |t|
|
4
|
+
t.string :permission
|
5
|
+
t.integer :owner
|
6
|
+
t.timestamps
|
7
|
+
|
8
|
+
t.index [:owner], :name => "access_rules_index_on_owner"
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.down
|
13
|
+
drop_table :access_rules
|
14
|
+
end
|
15
|
+
end
|
metadata
CHANGED
@@ -2,14 +2,14 @@
|
|
2
2
|
name: flexible_accessibility
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 0.3.
|
5
|
+
version: 0.3.1
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Sergey Awanesov
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2013-09-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
prerelease: false
|
@@ -87,16 +87,21 @@ files:
|
|
87
87
|
- Gemfile.lock
|
88
88
|
- LICENSE.txt
|
89
89
|
- README.md
|
90
|
+
- README.rdoc
|
90
91
|
- Rakefile
|
91
92
|
- flexible_accessibility.gemspec
|
92
93
|
- init.rb
|
93
94
|
- lib/flexible_accessibility.rb
|
95
|
+
- lib/flexible_accessibility/access_provider.rb
|
96
|
+
- lib/flexible_accessibility/access_rule.rb
|
94
97
|
- lib/flexible_accessibility/controller_methods.rb
|
95
98
|
- lib/flexible_accessibility/exceptions.rb
|
96
99
|
- lib/flexible_accessibility/filters.rb
|
97
100
|
- lib/flexible_accessibility/permission.rb
|
98
101
|
- lib/flexible_accessibility/resource.rb
|
99
102
|
- lib/flexible_accessibility/utils.rb
|
103
|
+
- lib/generators/flexible_accessibility/install/install_generator.rb
|
104
|
+
- lib/generators/flexible_accessibility/install/templates/create_access_rules.rb
|
100
105
|
- test/helper.rb
|
101
106
|
- test/test_flexible_accessibility.rb
|
102
107
|
homepage: http://github.com/mochnatiy/flexible_accessibility
|