glib-web 0.5.78 → 0.5.82
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/concerns/glib/auth/policy.rb +21 -20
- data/app/helpers/glib/json_ui/view_builder.rb +7 -1
- data/app/policies/glib/application_policy.rb +93 -68
- data/app/views/json_ui/garage/views/index.json.jbuilder +28 -23
- data/app/views/json_ui/garage/views/progress.json.jbuilder +31 -0
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 10f17a267280748f96fbdba46d76cd4edd1cb818d9da92c377a394e92fa5bcf8
|
4
|
+
data.tar.gz: 4abd9e1e1ae1ee191d26461629dea9ef30d5abd4c2a59a181071dab37ae0ad19
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 982c859db558abc31c8fd3162f4011e4e6f99d69d3e061cf4af39cdb1da326ff545639be739815394459c916864b58852e995dae0bfc309de6c7519a24c2ece8
|
7
|
+
data.tar.gz: 4012bb2d1a0fe749918f8f7bb54f26f2800a50811426c9cc053164fb9f77492bac954c88e142669e7626e700278d5895d716d9a30df2b07a941c21dcea2b94a9
|
@@ -20,7 +20,7 @@ module Glib::Auth
|
|
20
20
|
module Overrides
|
21
21
|
|
22
22
|
public # Override
|
23
|
-
def policy(record, policy_name = nil)
|
23
|
+
def policy(record, policy_name = nil, attributes = {})
|
24
24
|
policy_name ||= record
|
25
25
|
|
26
26
|
@__pundit_policies ||= {}
|
@@ -34,7 +34,7 @@ module Glib::Auth
|
|
34
34
|
|
35
35
|
raise "Policy not found for #{policy_name.is_a?(Symbol) || policy_name.is_a?(Class) ? policy_name : policy_name.class}" unless policy_class
|
36
36
|
|
37
|
-
@__pundit_policies[policy_name] = policy_class.new(current_user, record, policy_name, self, request, params,
|
37
|
+
@__pundit_policies[policy_name] = policy_class.new(current_user, record, policy_name, self, request, params, attributes: attributes)
|
38
38
|
end
|
39
39
|
|
40
40
|
# Expose protected method
|
@@ -42,16 +42,17 @@ module Glib::Auth
|
|
42
42
|
def policy_scope(*args)
|
43
43
|
super
|
44
44
|
end
|
45
|
+
|
45
46
|
end
|
46
47
|
|
47
48
|
private
|
48
|
-
|
49
|
-
|
50
|
-
|
49
|
+
def raise_access_denied(record, policy)
|
50
|
+
raise UnauthorizedError.new(record: record, policy: policy, query: "#{action_name}?")
|
51
|
+
end
|
51
52
|
|
52
53
|
public
|
53
|
-
def can?(action, record)
|
54
|
-
policy(record).send("#{action}?")
|
54
|
+
def can?(action, record, attributes = {})
|
55
|
+
policy(record, nil, attributes).send("#{action}?")
|
55
56
|
end
|
56
57
|
|
57
58
|
public
|
@@ -71,19 +72,19 @@ module Glib::Auth
|
|
71
72
|
policy_name = resource_name.camelize.constantize
|
72
73
|
else
|
73
74
|
policy_name = case resource_key
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
75
|
+
when false
|
76
|
+
resource_name.to_sym
|
77
|
+
when Symbol, Class
|
78
|
+
resource_key
|
79
|
+
else
|
80
|
+
raise "Invalid resource class: #{resource_key}"
|
80
81
|
end
|
81
82
|
end
|
82
83
|
|
83
84
|
resource_instance = instance_variable_get("@#{resource_name}") || policy_name
|
84
85
|
|
85
86
|
query = "#{action_name}?"
|
86
|
-
policy_instance = policy(resource_instance, policy_name)
|
87
|
+
policy_instance = policy(resource_instance, policy_name, options.except(:class))
|
87
88
|
raise_access_denied(resource_instance, policy_instance) unless policy_instance.public_send(query)
|
88
89
|
end
|
89
90
|
|
@@ -118,12 +119,12 @@ module Glib::Auth
|
|
118
119
|
begin
|
119
120
|
if !(resource_key = options[:class]).nil?
|
120
121
|
resource = case resource_key
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
122
|
+
when false
|
123
|
+
resource_name.to_sym
|
124
|
+
when Symbol, Class
|
125
|
+
resource_key
|
126
|
+
else
|
127
|
+
raise "Invalid resource class: #{resource_key}"
|
127
128
|
end
|
128
129
|
|
129
130
|
authorize resource
|
@@ -75,7 +75,7 @@ module Glib
|
|
75
75
|
|
76
76
|
### View definitions
|
77
77
|
|
78
|
-
class AbstractText < View
|
78
|
+
class AbstractText < View
|
79
79
|
string :textAlign
|
80
80
|
text :text
|
81
81
|
color :color
|
@@ -235,6 +235,12 @@ module Glib
|
|
235
235
|
bool :tick
|
236
236
|
end
|
237
237
|
|
238
|
+
class ProgressBar < View
|
239
|
+
float :value
|
240
|
+
color :color
|
241
|
+
color :backgroundColor
|
242
|
+
bool :reversed
|
243
|
+
end
|
238
244
|
end
|
239
245
|
end
|
240
246
|
end
|
@@ -3,98 +3,123 @@
|
|
3
3
|
module Glib
|
4
4
|
class ApplicationPolicy
|
5
5
|
attr_reader :user, :record, :policy_name, :controller, :request, :params
|
6
|
+
class_attribute :should_exist_attributes, instance_writer: false, default: []
|
6
7
|
|
7
8
|
private
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
9
|
+
def initialize(user, record, policy_name, controller, request, params, attributes: {})
|
10
|
+
@user = user
|
11
|
+
@record = record
|
12
|
+
@controller = controller
|
13
|
+
@request = request
|
14
|
+
# Don't get params from request because we might not have a proper request object. This might execute in Sidekiq.
|
15
|
+
# See Presenter::Model::inside_mock_controller()
|
16
|
+
@params = params
|
17
|
+
@policy_name = policy_name
|
18
|
+
|
19
|
+
if attributes.present? && controller.action_name != 'index'
|
20
|
+
self.class.module_eval { attr_accessor(*attributes.keys) }
|
21
|
+
attributes.each do |key, value|
|
22
|
+
send("#{key}=", value)
|
23
|
+
end
|
24
|
+
end
|
18
25
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
private # Used by child
|
25
|
-
def authorize(*actions, &block)
|
26
|
-
actions.each do |action|
|
27
|
-
if action == :glib_all
|
28
|
-
# Serve as a catch-all to all actions that have not been specified in the policy.
|
29
|
-
@catch_all = block
|
30
|
-
else
|
31
|
-
method_name = "#{action}?"
|
32
|
-
# Avoid accidentally redefining multiple times from child policies. But it's okay if the child policy
|
33
|
-
# wants to override the parent's authorization method.
|
34
|
-
raise "Action authorization has been declared: #{action}" if instance_methods(false).include?(method_name.to_sym)
|
35
|
-
define_method method_name, &block
|
26
|
+
if controller.user_signed_in?
|
27
|
+
should_exist_attributes.each do |attribute|
|
28
|
+
if try(attribute).blank? && !['index'].include?(controller.action_name)
|
29
|
+
raise "Attribute #{attribute} is blank, policy will not working properly"
|
30
|
+
end
|
36
31
|
end
|
37
32
|
end
|
38
33
|
end
|
39
|
-
|
34
|
+
|
35
|
+
class << self
|
36
|
+
attr_reader :catch_all
|
37
|
+
|
38
|
+
def inherited(base)
|
39
|
+
base.should_exist_attributes = should_exist_attributes.dup
|
40
|
+
super
|
41
|
+
end
|
42
|
+
|
43
|
+
# This is to define the authorization logic for an action (or a group of actions). It's different from controller's
|
44
|
+
# authorize().
|
45
|
+
private # Used by child
|
46
|
+
def authorize(*actions, &block)
|
47
|
+
actions.each do |action|
|
48
|
+
if action == :glib_all
|
49
|
+
# Serve as a catch-all to all actions that have not been specified in the policy.
|
50
|
+
@catch_all = block
|
51
|
+
else
|
52
|
+
method_name = "#{action}?"
|
53
|
+
# Avoid accidentally redefining multiple times from child policies. But it's okay if the child policy
|
54
|
+
# wants to override the parent's authorization method.
|
55
|
+
raise "Action authorization has been declared: #{action}" if instance_methods(false).include?(method_name.to_sym)
|
56
|
+
define_method method_name, &block
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
def should_exist(*attributes)
|
62
|
+
should_exist_attributes.push(*attributes)
|
63
|
+
end
|
64
|
+
end
|
40
65
|
|
41
66
|
private
|
42
|
-
|
43
|
-
|
44
|
-
|
67
|
+
def catch_all
|
68
|
+
self.class.catch_all
|
69
|
+
end
|
45
70
|
|
46
71
|
private
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
72
|
+
# To ensure the block is called on the policy's instance instead class.
|
73
|
+
def call_catch_all
|
74
|
+
instance_eval(&catch_all)
|
75
|
+
end
|
51
76
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
77
|
+
authorize :index do
|
78
|
+
# We need this line because in `index` action, this method will be called instead of method_missing().
|
79
|
+
# Having this line ensures that the catch_all behaviour works according to the priority below:
|
80
|
+
# - child_policy#index?
|
81
|
+
# - child_policy#manage? -- catch_all
|
82
|
+
# - application_policy@index?
|
83
|
+
return call_catch_all if catch_all
|
59
84
|
|
60
|
-
|
61
|
-
|
85
|
+
false
|
86
|
+
end
|
62
87
|
|
63
|
-
|
64
|
-
|
88
|
+
authorize :show do
|
89
|
+
return call_catch_all if catch_all
|
65
90
|
|
66
|
-
|
67
|
-
|
91
|
+
scope.where(id: record.id).exists?
|
92
|
+
end
|
68
93
|
|
69
|
-
|
70
|
-
|
94
|
+
authorize :create do
|
95
|
+
return call_catch_all if catch_all
|
71
96
|
|
72
|
-
|
73
|
-
|
97
|
+
false
|
98
|
+
end
|
74
99
|
|
75
|
-
|
76
|
-
|
100
|
+
authorize :new do
|
101
|
+
return call_catch_all if catch_all
|
77
102
|
|
78
|
-
|
79
|
-
|
103
|
+
create?
|
104
|
+
end
|
80
105
|
|
81
|
-
|
82
|
-
|
106
|
+
authorize :update do
|
107
|
+
return call_catch_all if catch_all
|
83
108
|
|
84
|
-
|
85
|
-
|
109
|
+
false
|
110
|
+
end
|
86
111
|
|
87
|
-
|
88
|
-
|
112
|
+
authorize :edit do
|
113
|
+
return call_catch_all if catch_all
|
89
114
|
|
90
|
-
|
91
|
-
|
115
|
+
update?
|
116
|
+
end
|
92
117
|
|
93
|
-
|
94
|
-
|
118
|
+
authorize :destroy do
|
119
|
+
return call_catch_all if catch_all
|
95
120
|
|
96
|
-
|
97
|
-
|
121
|
+
false
|
122
|
+
end
|
98
123
|
|
99
124
|
public
|
100
125
|
def method_missing(name, *args, &block)
|
@@ -10,30 +10,35 @@ json_ui_page json do |page|
|
|
10
10
|
end
|
11
11
|
|
12
12
|
section.rows builder: ->(template) do
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
action.windows_open url: json_ui_garage_url(path: 'views/controls')
|
18
|
-
end
|
19
|
-
template.thumbnail title: 'Images', onClick: ->(action) do
|
20
|
-
action.windows_open url: json_ui_garage_url(path: 'views/images')
|
21
|
-
end
|
22
|
-
template.thumbnail title: 'Charts', onClick: ->(action) do
|
23
|
-
action.windows_open url: json_ui_garage_url(path: 'views/charts')
|
24
|
-
end
|
25
|
-
template.thumbnail title: 'Banners', onClick: ->(action) do
|
26
|
-
action.windows_open url: json_ui_garage_url(path: 'views/banners')
|
27
|
-
end
|
28
|
-
template.thumbnail title: 'Maps', onClick: ->(action) do
|
29
|
-
action.windows_open url: json_ui_garage_url(path: 'views/maps')
|
30
|
-
end
|
31
|
-
template.thumbnail title: 'Misc', onClick: ->(action) do
|
32
|
-
action.windows_open url: json_ui_garage_url(path: 'views/misc')
|
33
|
-
end
|
34
|
-
template.thumbnail title: 'Icons', onClick: ->(action) do
|
35
|
-
action.windows_open url: json_ui_garage_url(path: 'views/icons')
|
13
|
+
['texts', 'controls', 'images', 'charts', 'banners', 'maps', 'misc', 'icons', 'progress'].each do |component|
|
14
|
+
template.thumbnail title: component.humanize, onClick: ->(action) do
|
15
|
+
action.windows_open url: json_ui_garage_url(path: "views/#{component}")
|
16
|
+
end
|
36
17
|
end
|
18
|
+
# template.thumbnail title: 'Texts', onClick: ->(action) do
|
19
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/texts')
|
20
|
+
# end
|
21
|
+
# template.thumbnail title: 'Controls', onClick: ->(action) do
|
22
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/controls')
|
23
|
+
# end
|
24
|
+
# template.thumbnail title: 'Images', onClick: ->(action) do
|
25
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/images')
|
26
|
+
# end
|
27
|
+
# template.thumbnail title: 'Charts', onClick: ->(action) do
|
28
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/charts')
|
29
|
+
# end
|
30
|
+
# template.thumbnail title: 'Banners', onClick: ->(action) do
|
31
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/banners')
|
32
|
+
# end
|
33
|
+
# template.thumbnail title: 'Maps', onClick: ->(action) do
|
34
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/maps')
|
35
|
+
# end
|
36
|
+
# template.thumbnail title: 'Misc', onClick: ->(action) do
|
37
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/misc')
|
38
|
+
# end
|
39
|
+
# template.thumbnail title: 'Icons', onClick: ->(action) do
|
40
|
+
# action.windows_open url: json_ui_garage_url(path: 'views/icons')
|
41
|
+
# end
|
37
42
|
end
|
38
43
|
end,
|
39
44
|
->(section) do
|
@@ -0,0 +1,31 @@
|
|
1
|
+
json.title 'Views'
|
2
|
+
|
3
|
+
page = json_ui_page json
|
4
|
+
render "#{@path_prefix}/nav_menu", json: json, page: page
|
5
|
+
|
6
|
+
page.scroll padding: glib_json_padding_body, childViews: ->(scroll) do
|
7
|
+
scroll.h2 text: 'Progress Bar'
|
8
|
+
scroll.spacer height: 6
|
9
|
+
scroll.progressBar value: 0.1
|
10
|
+
scroll.spacer height: 20
|
11
|
+
|
12
|
+
scroll.h2 text: 'Thin Progress Bar'
|
13
|
+
scroll.spacer height: 6
|
14
|
+
scroll.progressBar value: 0.25, height: 5, styleClass: 'no-text'
|
15
|
+
scroll.spacer height: 20
|
16
|
+
|
17
|
+
scroll.h2 text: 'Striped Progress Bar'
|
18
|
+
scroll.spacer height: 6
|
19
|
+
scroll.progressBar value: 0.5, styleClass: 'striped'
|
20
|
+
scroll.spacer height: 20
|
21
|
+
|
22
|
+
scroll.h2 text: 'Progress Bar with custom colors'
|
23
|
+
scroll.spacer height: 6
|
24
|
+
scroll.progressBar value: 0.75, color: '#272551', backgroundColor: '#FFFF00', styleClass: 'light'
|
25
|
+
scroll.spacer height: 20
|
26
|
+
|
27
|
+
scroll.h2 text: 'Reversed Progress Bar'
|
28
|
+
scroll.spacer height: 6
|
29
|
+
scroll.progressBar value: 0.1, reversed: true
|
30
|
+
scroll.spacer height: 20
|
31
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: glib-web
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.82
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- ''
|
@@ -230,6 +230,7 @@ files:
|
|
230
230
|
- app/views/json_ui/garage/views/maps.json.jbuilder
|
231
231
|
- app/views/json_ui/garage/views/markdowns.json.jbuilder
|
232
232
|
- app/views/json_ui/garage/views/misc.json.jbuilder
|
233
|
+
- app/views/json_ui/garage/views/progress.json.jbuilder
|
233
234
|
- app/views/json_ui/garage/views/texts.json.jbuilder
|
234
235
|
- app/views/layouts/json_ui/renderer.html.erb
|
235
236
|
- config/routes.rb
|