four_eyes 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +24 -5
- data/lib/four_eyes/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 50fdcf432e727f3c0b6f2a78ce41868b5988aad4
|
|
4
|
+
data.tar.gz: 15663bb4f542714eadb56fa44c19e5b05bca28dc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5053d22ef3d8fa86cd48b2ff9ba935598f1a649fa9a64f0bb398c2b4c9323dafdcf4152df52e9d6200f7575a111e262cdbeeac8b87097d94d1f58ff230522855
|
|
7
|
+
data.tar.gz: 7407011253cbf4f0f9d5b4161677ac46600682884941c25a45d265705fc148f4f4296ba0dd9f076911b0853dd6025621e0767c6ad57406c6af2349c83ff73fca
|
data/README.md
CHANGED
|
@@ -20,9 +20,9 @@ responsible for performing the validation check to see if the resource is indeed
|
|
|
20
20
|
the system state may change before authorization to a state that renders the action invalid. In such a scenario, the action
|
|
21
21
|
would need to be cancelled and created again.
|
|
22
22
|
|
|
23
|
-
A listing of all pending actions can be availed and depending on any authorization
|
|
23
|
+
A listing of all pending actions can be availed and depending on any authorization mechanism that you have implemented, a user can then access a pending
|
|
24
24
|
action and authorize it.
|
|
25
|
-
|
|
25
|
+
|
|
26
26
|
## Installation
|
|
27
27
|
|
|
28
28
|
Add this line to your application's Gemfile:
|
|
@@ -66,12 +66,12 @@ To add maker checker functionality, add the following before_filter to the contr
|
|
|
66
66
|
|
|
67
67
|
Once that is done, in the create, update or delete action you would call the following
|
|
68
68
|
|
|
69
|
-
maker_create([User resource
|
|
69
|
+
maker_create([User resource performing the action],
|
|
70
70
|
[ID of resource performing the action],
|
|
71
71
|
[Class name of the resource being worked on],
|
|
72
72
|
[Parameters of oject/resource in JSON format])
|
|
73
73
|
|
|
74
|
-
For
|
|
74
|
+
For example, in a system where the users are called Administrators, and the resource we are trying to create via
|
|
75
75
|
maker checker is a Student, the call to create a student via maker-checker would look like this.
|
|
76
76
|
|
|
77
77
|
|
|
@@ -96,7 +96,26 @@ To add maker checker functionality, add the following before_filter to the contr
|
|
|
96
96
|
student.to_json)
|
|
97
97
|
end
|
|
98
98
|
|
|
99
|
-
|
|
99
|
+
Minimal vies have been provided for viewing pending and authorized actions. You will probably want to override these
|
|
100
|
+
and style them accordingly to your application.
|
|
101
|
+
|
|
102
|
+
Please note four_ayes is agnostic for the type of authorization system you are using. Right now the only check that is performed is
|
|
103
|
+
ensuring that the maker of an action cannot be the same person to authorize an action. You can extend this to your own authorization
|
|
104
|
+
system. For example using CanCan you can have something like this for a certain role:
|
|
105
|
+
|
|
106
|
+
|
|
107
|
+
|
|
108
|
+
class AdminAbility
|
|
109
|
+
include CanCan::Ability
|
|
110
|
+
|
|
111
|
+
def initialize(admin)
|
|
112
|
+
admin ||= Administrator.new
|
|
113
|
+
if admin.role? :Manager
|
|
114
|
+
can :authorize, FourEyes::Action, object_resource_class_name: %w(Student Teacher)
|
|
115
|
+
can :cancel, FourEyes::Action
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
end
|
|
100
119
|
|
|
101
120
|
## TODO - Write spec tests.
|
|
102
121
|
|
data/lib/four_eyes/version.rb
CHANGED