grabli 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +26 -3
- data/lib/grabli.rb +24 -9
- data/lib/grabli/version.rb +1 -1
- data/yarn-error.log +32 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e92851163c7bdfdc005eb3482c9885328ac15365d1a0fd023a6a8d00d12b255c
|
|
4
|
+
data.tar.gz: bd5ec4baadac745a7969bc4a72cecd98c1f704688fd2f9d13b8f6d5165437142
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 96c5344afd2760f47c596d810fc6e9c4a930db262ff93bc9c0dbb71fa4343c7f1d0237b6447274da3fc17cee567d50450cc5ea425c311d17f376218901db0e28
|
|
7
|
+
data.tar.gz: bc6419b071928f1bc225462c59d9ea141e9ab1c30b28a0e2c9b35c71f8d10daf8e36a4bbd60ead44b725df94f67bede05f93c7fd75a3673acba4b203f252378f
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -6,7 +6,7 @@ The very specific goal of this gem is to extract pundit policy permissions to so
|
|
|
6
6
|
|
|
7
7
|
## Usage
|
|
8
8
|
|
|
9
|
-
With a given `
|
|
9
|
+
With a given `CompanyPolicy` you can do:
|
|
10
10
|
|
|
11
11
|
```ruby
|
|
12
12
|
require 'grabli'
|
|
@@ -45,7 +45,6 @@ class ApplicationController
|
|
|
45
45
|
def collect_permissions_for(subject)
|
|
46
46
|
Grabli.new.collect(current_user, subject)
|
|
47
47
|
end
|
|
48
|
-
helper_method :collect_permissions_for
|
|
49
48
|
end
|
|
50
49
|
|
|
51
50
|
|
|
@@ -60,6 +59,30 @@ class Api::UsersController < ApplicationController
|
|
|
60
59
|
end
|
|
61
60
|
```
|
|
62
61
|
|
|
62
|
+
### Namespaced policies
|
|
63
|
+
|
|
64
|
+
If you have namespaced policies, something like
|
|
65
|
+
|
|
66
|
+
```ruby
|
|
67
|
+
class User
|
|
68
|
+
class PetPolicy < ApplicationPolicy
|
|
69
|
+
def feed?
|
|
70
|
+
true
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
You can specify the namespace by passing it to `#new`
|
|
77
|
+
|
|
78
|
+
```ruby
|
|
79
|
+
Grabli.new(namespace: User).collect(@current_user, @pet)
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
## Permissions lookup
|
|
83
|
+
|
|
84
|
+
While fetching permissions, Grabli looks for *public instance methods* defined on particular policy class. It means Grabli *will ignore inherited and private permissions*. It will also ignore all `permitted_attributes` methods on your policy.
|
|
85
|
+
|
|
63
86
|
## Further plans
|
|
64
87
|
|
|
65
88
|
1) Improve cases when subject is a `Symbol`
|
|
@@ -70,4 +93,4 @@ Make `Intruder` a bit more clever proxy object which delegates to the subject an
|
|
|
70
93
|
|
|
71
94
|
## Contributing
|
|
72
95
|
|
|
73
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
|
96
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/dikond/grabli.
|
data/lib/grabli.rb
CHANGED
|
@@ -2,14 +2,28 @@ require "grabli/version"
|
|
|
2
2
|
require "pundit"
|
|
3
3
|
|
|
4
4
|
class Grabli
|
|
5
|
+
PolicyNotFound = Class.new(StandardError)
|
|
6
|
+
|
|
7
|
+
#
|
|
8
|
+
# You can configure grabli by passing options to initializer
|
|
9
|
+
# @param namespace: nil [module] set the namespace for your policies
|
|
10
|
+
#
|
|
11
|
+
# @example
|
|
12
|
+
# # will search policies under specified namespace, e.g. User::SomePolicy
|
|
13
|
+
# Grabli.new(namespace: User)
|
|
14
|
+
#
|
|
15
|
+
def initialize(namespace: nil)
|
|
16
|
+
@namespace = namespace
|
|
17
|
+
end
|
|
18
|
+
|
|
5
19
|
#
|
|
6
20
|
# Collect allowed policy permissions for the given user.
|
|
7
21
|
#
|
|
8
22
|
# @param user [Object] user object your policy work with
|
|
9
23
|
# @param subject [Symbol, Object] subject object your policy work with
|
|
10
24
|
# @return [Array<Symbol>] array of allowed policy permission
|
|
11
|
-
# @example
|
|
12
25
|
#
|
|
26
|
+
# @example
|
|
13
27
|
# Grabli.new.collect(@user, @company)
|
|
14
28
|
# #=> [:create?, :update?, :manage_occupied?]
|
|
15
29
|
#
|
|
@@ -18,16 +32,16 @@ class Grabli
|
|
|
18
32
|
#
|
|
19
33
|
def collect(user, subject)
|
|
20
34
|
policy_class(subject)
|
|
35
|
+
.tap { |policy| raise PolicyNotFound if policy.nil? }
|
|
21
36
|
.public_instance_methods(false)
|
|
22
|
-
.reject
|
|
37
|
+
.reject { |n| n =~ /permitted_attributes/ }
|
|
23
38
|
.each_with_object([]) do |permission, collection|
|
|
24
|
-
# allows to collect permissions without subject, for more
|
|
39
|
+
# allows to collect permissions without subject, for more see Intruder
|
|
25
40
|
isubject = subject.is_a?(Symbol) ? Intruder.new(false) : subject
|
|
26
41
|
policy = policy_class(subject).new(user, isubject)
|
|
27
42
|
|
|
28
43
|
collection << permission if allowed? policy, permission
|
|
29
44
|
end
|
|
30
|
-
.sort
|
|
31
45
|
end
|
|
32
46
|
|
|
33
47
|
# Check whether certain permission is allowed.
|
|
@@ -36,8 +50,8 @@ class Grabli
|
|
|
36
50
|
# @param permission [Symbol] permission name
|
|
37
51
|
# @return [Boolen, Object] true or false in case subject intruded
|
|
38
52
|
# or whatever you policy permission returns
|
|
39
|
-
# @example
|
|
40
53
|
#
|
|
54
|
+
# @example
|
|
41
55
|
# policy = Pundit.policy(@user, @company)
|
|
42
56
|
# Grabli.new.allowed?(policy, :create?)
|
|
43
57
|
# #=> true
|
|
@@ -49,7 +63,11 @@ class Grabli
|
|
|
49
63
|
end
|
|
50
64
|
|
|
51
65
|
private def policy_class(record)
|
|
52
|
-
|
|
66
|
+
if @namespace.nil?
|
|
67
|
+
Pundit::PolicyFinder.new(record).policy
|
|
68
|
+
else
|
|
69
|
+
Pundit::PolicyFinder.new([@namespace, record]).policy
|
|
70
|
+
end
|
|
53
71
|
end
|
|
54
72
|
|
|
55
73
|
#
|
|
@@ -59,9 +77,6 @@ class Grabli
|
|
|
59
77
|
# If the subject isn't used it means we can add this permission as allowed.
|
|
60
78
|
# If it's used, CURRENTLY, we assume that the given permission isn't allowed.
|
|
61
79
|
#
|
|
62
|
-
# TODO: delegate to the original subject if it was given
|
|
63
|
-
# and intercept NoMethodError
|
|
64
|
-
#
|
|
65
80
|
Intruder = Struct.new(:intruded) do
|
|
66
81
|
def method_missing(*)
|
|
67
82
|
self[:intruded] = true
|
data/lib/grabli/version.rb
CHANGED
data/yarn-error.log
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
Arguments:
|
|
2
|
+
/Users/danny/.nvm/versions/node/v8.10.0/bin/node /usr/local/Cellar/yarn/1.5.1_1/libexec/bin/yarn.js server --reload
|
|
3
|
+
|
|
4
|
+
PATH:
|
|
5
|
+
/Users/danny/.rbenv/shims:/Users/danny/.nvm/versions/node/v8.10.0/bin:/Users/danny/.yarn/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
|
|
6
|
+
|
|
7
|
+
Yarn version:
|
|
8
|
+
1.5.1
|
|
9
|
+
|
|
10
|
+
Node version:
|
|
11
|
+
8.10.0
|
|
12
|
+
|
|
13
|
+
Platform:
|
|
14
|
+
darwin x64
|
|
15
|
+
|
|
16
|
+
npm manifest:
|
|
17
|
+
No manifest
|
|
18
|
+
|
|
19
|
+
yarn manifest:
|
|
20
|
+
No manifest
|
|
21
|
+
|
|
22
|
+
Lockfile:
|
|
23
|
+
No lockfile
|
|
24
|
+
|
|
25
|
+
Trace:
|
|
26
|
+
Error: Couldn't find a package.json file in "/Users/danny/dev/gems/grabli"
|
|
27
|
+
at new MessageError (/usr/local/Cellar/yarn/1.5.1_1/libexec/lib/cli.js:186:110)
|
|
28
|
+
at /usr/local/Cellar/yarn/1.5.1_1/libexec/lib/cli.js:40048:15
|
|
29
|
+
at Generator.next (<anonymous>)
|
|
30
|
+
at step (/usr/local/Cellar/yarn/1.5.1_1/libexec/lib/cli.js:98:30)
|
|
31
|
+
at /usr/local/Cellar/yarn/1.5.1_1/libexec/lib/cli.js:109:13
|
|
32
|
+
at <anonymous>
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: grabli
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- dikond
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-07-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: pundit
|
|
@@ -85,6 +85,7 @@ files:
|
|
|
85
85
|
- grabli.gemspec
|
|
86
86
|
- lib/grabli.rb
|
|
87
87
|
- lib/grabli/version.rb
|
|
88
|
+
- yarn-error.log
|
|
88
89
|
homepage: https://github.com/dikond/grabli
|
|
89
90
|
licenses:
|
|
90
91
|
- wtfpl
|