isomorfeus-policy 2.5.4 → 22.9.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +7 -15
- data/lib/isomorfeus/policy/version.rb +1 -1
- data/lib/isomorfeus-policy.rb +3 -9
- data/lib/lucid_policy.rb +211 -0
- metadata +13 -45
- data/lib/isomorfeus_policy/lucid_policy/base.rb +0 -10
- data/lib/isomorfeus_policy/lucid_policy/exception.rb +0 -4
- data/lib/isomorfeus_policy/lucid_policy/helper.rb +0 -22
- data/lib/isomorfeus_policy/lucid_policy/mixin.rb +0 -191
- data/lib/lucid_props.rb +0 -90
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9e0fb64bf98a281fecdc83a713a266fd1ec5f57071f886212afe6602217e40b6
|
4
|
+
data.tar.gz: 7e768fcfc03fe6f3a60f0d51b71e4291b2359dad18ddf584a40f73845e5d12bc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 80feefd0c628ebbc0ec908b0086b393f41d36f79005452db01155c0edb1adda5066b89d0e07468ba981858cf4c30efcb92428db6bb0d7ba0590c4b12dc72481a
|
7
|
+
data.tar.gz: ec9cab7fba10b3e42bee29685975f20d3fc0f1e505eb8eb84e6be50eeb3c1ff9f59b89767d02a404c3b5234ba4db2fd50acbe39ab8fef5f6fd32b1a4ef44e904
|
data/README.md
CHANGED
@@ -13,15 +13,7 @@ Everything that is not explicitly allowed somewhere is denied.
|
|
13
13
|
|
14
14
|
Place the policy files in your projects `app/policies` directory.
|
15
15
|
|
16
|
-
Any
|
17
|
-
or inherit from `LucidAuthorization::Base`. Example:
|
18
|
-
|
19
|
-
```ruby
|
20
|
-
class MyUser
|
21
|
-
include LucdiAuthorization::Mixin
|
22
|
-
end
|
23
|
-
```
|
24
|
-
Any instance of that class then has the following methods available:
|
16
|
+
Any instance of a LucidUser class has the following methods available:
|
25
17
|
- `authorized?(target_class, method_name, props)` - returning true or false
|
26
18
|
- `authorized!(target_class, method_name, props)` - raising a exception if access is denied, otherwise returning true
|
27
19
|
|
@@ -33,7 +25,7 @@ For a class `MyUser` the policy class must be `MyUserPolicy`.
|
|
33
25
|
### Simple Rules
|
34
26
|
Example Policy:
|
35
27
|
```ruby
|
36
|
-
class MyUserPolicy < LucidPolicy
|
28
|
+
class MyUserPolicy < LucidPolicy
|
37
29
|
# allow access to all methods of a class
|
38
30
|
allow BlaBlaGraph
|
39
31
|
# class names can be given as strings which benefits autoload performance as the class can be loaded later on
|
@@ -100,8 +92,8 @@ which will raise a LucidPolicy::Exception unless authorized
|
|
100
92
|
### Custom Rules
|
101
93
|
Besides calling methods or executing blocks from allow or deny, custom rules can be defined. Example:
|
102
94
|
```ruby
|
103
|
-
class MyUserPolicy < LucidPolicy
|
104
|
-
rule BlaGraph, :load, :count do |user,
|
95
|
+
class MyUserPolicy < LucidPolicy
|
96
|
+
rule BlaGraph, :load, :count do |user, props|
|
105
97
|
allow if user.verified?
|
106
98
|
allow if user.admin?
|
107
99
|
deny
|
@@ -120,8 +112,8 @@ The recommended default rule for combined policies is `deny others`.
|
|
120
112
|
|
121
113
|
Given a:
|
122
114
|
```ruby
|
123
|
-
class AdminRolePolicy < LucidPolicy
|
124
|
-
rule BlaGraph, :load, :count do |user,
|
115
|
+
class AdminRolePolicy < LucidPolicy
|
116
|
+
rule BlaGraph, :load, :count do |user, props|
|
125
117
|
allow if user.verified?
|
126
118
|
deny
|
127
119
|
end
|
@@ -129,7 +121,7 @@ Given a:
|
|
129
121
|
```
|
130
122
|
another policy can include the rules. Example:
|
131
123
|
```ruby
|
132
|
-
class MyUserPolicy < LucidPolicy
|
124
|
+
class MyUserPolicy < LucidPolicy
|
133
125
|
combine_with AdminRolePolicy
|
134
126
|
|
135
127
|
# conditions as for allow and deny can be used too
|
data/lib/isomorfeus-policy.rb
CHANGED
@@ -1,19 +1,13 @@
|
|
1
|
-
require 'isomorfeus-
|
1
|
+
require 'isomorfeus-transport'
|
2
2
|
require 'isomorfeus/policy/config'
|
3
|
-
require '
|
3
|
+
require 'lucid_policy'
|
4
4
|
|
5
5
|
if RUBY_ENGINE == 'opal'
|
6
|
-
Isomorfeus.zeitwerk.push_dir('isomorfeus_policy')
|
7
|
-
require_tree 'isomorfeus_policy', autoload: true
|
8
6
|
Isomorfeus.zeitwerk.push_dir('policies')
|
9
7
|
else
|
10
|
-
require 'isomorfeus_policy/lucid_policy/exception'
|
11
|
-
require 'isomorfeus_policy/lucid_policy/helper'
|
12
|
-
require 'isomorfeus_policy/lucid_policy/mixin'
|
13
|
-
require 'isomorfeus_policy/lucid_policy/base'
|
14
8
|
require 'iso_opal'
|
15
|
-
|
16
9
|
Opal.append_path(__dir__.untaint) unless IsoOpal.paths_include?(__dir__.untaint)
|
10
|
+
|
17
11
|
path = File.expand_path(File.join('app', 'policies'))
|
18
12
|
Isomorfeus.zeitwerk.push_dir(path) if Dir.exist?(path)
|
19
13
|
end
|
data/lib/lucid_policy.rb
ADDED
@@ -0,0 +1,211 @@
|
|
1
|
+
class LucidPolicy
|
2
|
+
class Exception < ::Exception
|
3
|
+
end
|
4
|
+
|
5
|
+
class Helper < BasicObject
|
6
|
+
attr_reader :result
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
@result = :deny
|
10
|
+
end
|
11
|
+
|
12
|
+
def allow
|
13
|
+
@result = :allow
|
14
|
+
nil
|
15
|
+
end
|
16
|
+
|
17
|
+
def deny
|
18
|
+
nil
|
19
|
+
end
|
20
|
+
|
21
|
+
def current_user
|
22
|
+
Isomorfeus.current_user
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
class << self
|
27
|
+
def inherited(base)
|
28
|
+
if RUBY_ENGINE != 'opal'
|
29
|
+
Isomorfeus.add_valid_policy_class(base)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def authorization_rules
|
34
|
+
@authorization_rules ||= { rules: {}.dup, policies: {}.dup, others: :deny }.dup
|
35
|
+
end
|
36
|
+
|
37
|
+
def all
|
38
|
+
:all
|
39
|
+
end
|
40
|
+
|
41
|
+
def allow(*classes_and_methods_and_options)
|
42
|
+
_allow_or_deny(:allow, *classes_and_methods_and_options)
|
43
|
+
end
|
44
|
+
|
45
|
+
def deny(*classes_and_methods_and_options)
|
46
|
+
_allow_or_deny(:deny, *classes_and_methods_and_options)
|
47
|
+
end
|
48
|
+
|
49
|
+
def others
|
50
|
+
:others
|
51
|
+
end
|
52
|
+
|
53
|
+
def rule(*classes_and_methods, &block)
|
54
|
+
_allow_or_deny(:rule, *classes_and_methods, &block)
|
55
|
+
end
|
56
|
+
|
57
|
+
def combine_with(policy_class, **options)
|
58
|
+
authorization_rules[:policies] = { policy_class => options }
|
59
|
+
end
|
60
|
+
|
61
|
+
def _allow_or_deny(thing, *classes_methods_options, &block)
|
62
|
+
rules = authorization_rules
|
63
|
+
|
64
|
+
if %i[allow deny].include?(thing) && %i[others all].include?(classes_methods_options.first)
|
65
|
+
rules[:others] = thing
|
66
|
+
return
|
67
|
+
end
|
68
|
+
|
69
|
+
target_classes = []
|
70
|
+
target_methods = []
|
71
|
+
target_options = {}
|
72
|
+
|
73
|
+
classes_methods_options.each do |class_method_option|
|
74
|
+
if class_method_option.class == Hash
|
75
|
+
target_options = class_method_option
|
76
|
+
else
|
77
|
+
class_or_method_s = class_method_option.to_s
|
78
|
+
if class_method_option.class == Symbol && class_or_method_s[0].downcase == class_or_method_s[0]
|
79
|
+
target_methods << class_method_option
|
80
|
+
else
|
81
|
+
class_method_option = class_or_method_s unless class_method_option.class == String
|
82
|
+
target_classes << class_method_option
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
thing_or_block = block_given? ? block : thing
|
88
|
+
|
89
|
+
target_classes.each do |target_class|
|
90
|
+
target_class = target_class.split('>::').last if target_class.start_with?('#<')
|
91
|
+
rules[:rules][target_class] = {} unless rules[:rules].key?(target_class)
|
92
|
+
|
93
|
+
if target_methods.empty?
|
94
|
+
rules[:rules][target_class][:rule] = thing_or_block
|
95
|
+
rules[:rules][target_class][:options] = target_options unless target_options.empty?
|
96
|
+
else
|
97
|
+
rules[:rules][target_class][:rule] = :deny unless rules[:rules][target_class].key?(:rule)
|
98
|
+
rules[:rules][target_class][:methods] = {} unless rules[:rules][target_class].key?(:methods)
|
99
|
+
target_methods.each do |target_method|
|
100
|
+
rules[:rules][target_class][:methods][target_method] = { rule: thing_or_block }
|
101
|
+
rules[:rules][target_class][:methods][target_method][:options] = target_options unless target_options.empty?
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
attr_reader :reason
|
109
|
+
|
110
|
+
def initialize(object, record_reason = nil)
|
111
|
+
@object = object
|
112
|
+
@reason = nil
|
113
|
+
@record_reason = record_reason
|
114
|
+
if @record_reason
|
115
|
+
@class_name = self.class.name
|
116
|
+
@class_name = @class_name.split('>::').last if @class_name.start_with?('#<')
|
117
|
+
end
|
118
|
+
end
|
119
|
+
|
120
|
+
def authorized?(target_class, target_method = nil, props = nil)
|
121
|
+
Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: At least the class or class name must be given!") unless target_class
|
122
|
+
|
123
|
+
target_class = target_class.to_s unless target_class.class == String
|
124
|
+
target_class = target_class.split('>::').last if target_class.start_with?('#<')
|
125
|
+
|
126
|
+
rules = self.class.authorization_rules
|
127
|
+
|
128
|
+
result = if rules[:rules].key?(target_class)
|
129
|
+
if target_method && rules[:rules][target_class].key?(:methods) && rules[:rules][target_class][:methods].key?(target_method)
|
130
|
+
options = rules[:rules][target_class][:methods][target_method][:options]
|
131
|
+
rule = rules[:rules][target_class][:methods][target_method][:rule]
|
132
|
+
@reason = { policy_class: @class_name, class_name: target_class, method: target_method, rule: rule } if @record_reason
|
133
|
+
else
|
134
|
+
options = rules[:rules][target_class][:options]
|
135
|
+
rule = rules[:rules][target_class][:rule]
|
136
|
+
@reason = { policy_class: @class_name, class_name: target_class, rule: rule } if @record_reason
|
137
|
+
end
|
138
|
+
|
139
|
+
if rule.class == Symbol || rule.class == String
|
140
|
+
if options
|
141
|
+
condition, method_result = _get_condition_and_result(options, props)
|
142
|
+
if @record_reason
|
143
|
+
@reason[:condition] = condition
|
144
|
+
@reason[:condition_result] = method_result
|
145
|
+
end
|
146
|
+
rule if (condition == :if && method_result == true) || (condition == :if_not && method_result == false)
|
147
|
+
else
|
148
|
+
rule
|
149
|
+
end
|
150
|
+
else
|
151
|
+
policy_helper = LucidPolicy::Helper.new
|
152
|
+
policy_helper.instance_exec(@object, props, &rule)
|
153
|
+
r = policy_helper.result
|
154
|
+
@reason[:rule_result] = r if @record_reason
|
155
|
+
r
|
156
|
+
end
|
157
|
+
else
|
158
|
+
r = rules[:others]
|
159
|
+
@reason = { policy_class: @class_name, class_name: target_class, others: r } if @record_reason
|
160
|
+
r
|
161
|
+
end
|
162
|
+
|
163
|
+
return true if result == :allow
|
164
|
+
|
165
|
+
rules[:policies].each do |policy_class, options|
|
166
|
+
combined_policy_result = nil
|
167
|
+
if options.empty?
|
168
|
+
policy_instance = policy_class.new(@object, @record_reason)
|
169
|
+
combined_policy_result = policy_instance.authorized?(target_class, target_method, props)
|
170
|
+
@reason = @reason = { policy_class: @class_name, combined: policy_instance.reason } if @record_reason
|
171
|
+
else
|
172
|
+
condition, method_result = _get_condition_and_result(options, props)
|
173
|
+
if (condition == :if && method_result == true) || (condition == :if_not && method_result == false)
|
174
|
+
policy_instance = policy_class.new(@object, @record_reason)
|
175
|
+
combined_policy_result = policy_instance.authorized?(target_class, target_method, props)
|
176
|
+
@reason = { policy_class: @class_name, combined: policy_instance.reason, condition: condition, condition_result: method_result } if @record_reason
|
177
|
+
end
|
178
|
+
end
|
179
|
+
return true if combined_policy_result == true
|
180
|
+
end
|
181
|
+
|
182
|
+
result == :allow ? true : false
|
183
|
+
end
|
184
|
+
|
185
|
+
def authorized!(target_class, target_method = nil, props = nil)
|
186
|
+
result = authorized?(target_class, target_method, props)
|
187
|
+
reason_message = reason ? ", reason: #{reason}" : ''
|
188
|
+
return true if result
|
189
|
+
Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{@object}: not authorized to call #{target_class}#{}#{target_method} #{props} #{reason_message}!")
|
190
|
+
end
|
191
|
+
|
192
|
+
def _get_condition_and_result(options, props)
|
193
|
+
condition = nil
|
194
|
+
method_name_or_block = if options.key?(:if)
|
195
|
+
condition = :if
|
196
|
+
options[:if]
|
197
|
+
elsif options.key?(:if_not)
|
198
|
+
condition = :if_not
|
199
|
+
options[:if_not]
|
200
|
+
elsif options.key?(:unless)
|
201
|
+
condition = :if_not
|
202
|
+
options[:unless]
|
203
|
+
end
|
204
|
+
method_result = if method_name_or_block && method_name_or_block.class == Symbol
|
205
|
+
@object.__send__(method_name_or_block)
|
206
|
+
else
|
207
|
+
method_name_or_block.call(@object, props)
|
208
|
+
end
|
209
|
+
[condition, method_result]
|
210
|
+
end
|
211
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: isomorfeus-policy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 22.9.0.rc1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jan Biedermann
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-09-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: opal
|
@@ -16,70 +16,42 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 1.5.
|
19
|
+
version: 1.5.1
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 1.5.
|
27
|
-
- !ruby/object:Gem::Dependency
|
28
|
-
name: isomorfeus-asset-manager
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
30
|
-
requirements:
|
31
|
-
- - "~>"
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 0.14.24
|
34
|
-
type: :runtime
|
35
|
-
prerelease: false
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
37
|
-
requirements:
|
38
|
-
- - "~>"
|
39
|
-
- !ruby/object:Gem::Version
|
40
|
-
version: 0.14.24
|
41
|
-
- !ruby/object:Gem::Dependency
|
42
|
-
name: isomorfeus-preact
|
43
|
-
requirement: !ruby/object:Gem::Requirement
|
44
|
-
requirements:
|
45
|
-
- - "~>"
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: 10.7.2
|
48
|
-
type: :runtime
|
49
|
-
prerelease: false
|
50
|
-
version_requirements: !ruby/object:Gem::Requirement
|
51
|
-
requirements:
|
52
|
-
- - "~>"
|
53
|
-
- !ruby/object:Gem::Version
|
54
|
-
version: 10.7.2
|
26
|
+
version: 1.5.1
|
55
27
|
- !ruby/object:Gem::Dependency
|
56
28
|
name: isomorfeus-redux
|
57
29
|
requirement: !ruby/object:Gem::Requirement
|
58
30
|
requirements:
|
59
|
-
- -
|
31
|
+
- - '='
|
60
32
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
33
|
+
version: 22.9.0.rc1
|
62
34
|
type: :runtime
|
63
35
|
prerelease: false
|
64
36
|
version_requirements: !ruby/object:Gem::Requirement
|
65
37
|
requirements:
|
66
|
-
- -
|
38
|
+
- - '='
|
67
39
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
40
|
+
version: 22.9.0.rc1
|
69
41
|
- !ruby/object:Gem::Dependency
|
70
42
|
name: isomorfeus
|
71
43
|
requirement: !ruby/object:Gem::Requirement
|
72
44
|
requirements:
|
73
45
|
- - '='
|
74
46
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
47
|
+
version: 22.9.0.rc1
|
76
48
|
type: :development
|
77
49
|
prerelease: false
|
78
50
|
version_requirements: !ruby/object:Gem::Requirement
|
79
51
|
requirements:
|
80
52
|
- - '='
|
81
53
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
54
|
+
version: 22.9.0.rc1
|
83
55
|
- !ruby/object:Gem::Dependency
|
84
56
|
name: rake
|
85
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -119,11 +91,7 @@ files:
|
|
119
91
|
- lib/isomorfeus-policy.rb
|
120
92
|
- lib/isomorfeus/policy/config.rb
|
121
93
|
- lib/isomorfeus/policy/version.rb
|
122
|
-
- lib/
|
123
|
-
- lib/isomorfeus_policy/lucid_policy/exception.rb
|
124
|
-
- lib/isomorfeus_policy/lucid_policy/helper.rb
|
125
|
-
- lib/isomorfeus_policy/lucid_policy/mixin.rb
|
126
|
-
- lib/lucid_props.rb
|
94
|
+
- lib/lucid_policy.rb
|
127
95
|
homepage: https://isomorfeus.com
|
128
96
|
licenses:
|
129
97
|
- MIT
|
@@ -141,9 +109,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
141
109
|
version: '0'
|
142
110
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
143
111
|
requirements:
|
144
|
-
- - "
|
112
|
+
- - ">"
|
145
113
|
- !ruby/object:Gem::Version
|
146
|
-
version:
|
114
|
+
version: 1.3.1
|
147
115
|
requirements: []
|
148
116
|
rubygems_version: 3.3.7
|
149
117
|
signing_key:
|
@@ -1,22 +0,0 @@
|
|
1
|
-
module LucidPolicy
|
2
|
-
class Helper < BasicObject
|
3
|
-
attr_reader :result
|
4
|
-
|
5
|
-
def initialize
|
6
|
-
@result = :deny
|
7
|
-
end
|
8
|
-
|
9
|
-
def allow
|
10
|
-
@result = :allow
|
11
|
-
nil
|
12
|
-
end
|
13
|
-
|
14
|
-
def deny
|
15
|
-
nil
|
16
|
-
end
|
17
|
-
|
18
|
-
def current_user
|
19
|
-
Isomorfeus.current_user
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
@@ -1,191 +0,0 @@
|
|
1
|
-
module LucidPolicy
|
2
|
-
module Mixin
|
3
|
-
def self.included(base)
|
4
|
-
base.instance_exec do
|
5
|
-
if RUBY_ENGINE != 'opal'
|
6
|
-
Isomorfeus.add_valid_policy_class(base) unless base == LucidPolicy::Base
|
7
|
-
end
|
8
|
-
|
9
|
-
def authorization_rules
|
10
|
-
@authorization_rules ||= { rules: {}.dup, policies: {}.dup, others: :deny }.dup
|
11
|
-
end
|
12
|
-
|
13
|
-
def all
|
14
|
-
:all
|
15
|
-
end
|
16
|
-
|
17
|
-
def allow(*classes_and_methods_and_options)
|
18
|
-
_allow_or_deny(:allow, *classes_and_methods_and_options)
|
19
|
-
end
|
20
|
-
|
21
|
-
def deny(*classes_and_methods_and_options)
|
22
|
-
_allow_or_deny(:deny, *classes_and_methods_and_options)
|
23
|
-
end
|
24
|
-
|
25
|
-
def others
|
26
|
-
:others
|
27
|
-
end
|
28
|
-
|
29
|
-
def rule(*classes_and_methods, &block)
|
30
|
-
_allow_or_deny(:rule, *classes_and_methods, &block)
|
31
|
-
end
|
32
|
-
|
33
|
-
def combine_with(policy_class, **options)
|
34
|
-
authorization_rules[:policies] = { policy_class => options }
|
35
|
-
end
|
36
|
-
|
37
|
-
def _allow_or_deny(thing, *classes_methods_options, &block)
|
38
|
-
rules = authorization_rules
|
39
|
-
|
40
|
-
if %i[allow deny].include?(thing) && %i[others all].include?(classes_methods_options.first)
|
41
|
-
rules[:others] = thing
|
42
|
-
return
|
43
|
-
end
|
44
|
-
|
45
|
-
target_classes = []
|
46
|
-
target_methods = []
|
47
|
-
target_options = {}
|
48
|
-
|
49
|
-
classes_methods_options.each do |class_method_option|
|
50
|
-
if class_method_option.class == Hash
|
51
|
-
target_options = class_method_option
|
52
|
-
else
|
53
|
-
class_or_method_s = class_method_option.to_s
|
54
|
-
if class_method_option.class == Symbol && class_or_method_s[0].downcase == class_or_method_s[0]
|
55
|
-
target_methods << class_method_option
|
56
|
-
else
|
57
|
-
class_method_option = class_or_method_s unless class_method_option.class == String
|
58
|
-
target_classes << class_method_option
|
59
|
-
end
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
thing_or_block = block_given? ? block : thing
|
64
|
-
|
65
|
-
target_classes.each do |target_class|
|
66
|
-
target_class = target_class.split('>::').last if target_class.start_with?('#<')
|
67
|
-
rules[:rules][target_class] = {} unless rules[:rules].key?(target_class)
|
68
|
-
|
69
|
-
if target_methods.empty?
|
70
|
-
rules[:rules][target_class][:rule] = thing_or_block
|
71
|
-
rules[:rules][target_class][:options] = target_options unless target_options.empty?
|
72
|
-
else
|
73
|
-
rules[:rules][target_class][:rule] = :deny unless rules[:rules][target_class].key?(:rule)
|
74
|
-
rules[:rules][target_class][:methods] = {} unless rules[:rules][target_class].key?(:methods)
|
75
|
-
target_methods.each do |target_method|
|
76
|
-
rules[:rules][target_class][:methods][target_method] = { rule: thing_or_block }
|
77
|
-
rules[:rules][target_class][:methods][target_method][:options] = target_options unless target_options.empty?
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
attr_reader :reason
|
85
|
-
|
86
|
-
def initialize(object, record_reason = nil)
|
87
|
-
@object = object
|
88
|
-
@reason = nil
|
89
|
-
@record_reason = record_reason
|
90
|
-
if @record_reason
|
91
|
-
@class_name = self.class.name
|
92
|
-
@class_name = @class_name.split('>::').last if @class_name.start_with?('#<')
|
93
|
-
end
|
94
|
-
end
|
95
|
-
|
96
|
-
def authorized?(target_class, target_method = nil, props = nil)
|
97
|
-
Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{self}: At least the class or class name must be given!") unless target_class
|
98
|
-
|
99
|
-
target_class = target_class.to_s unless target_class.class == String
|
100
|
-
target_class = target_class.split('>::').last if target_class.start_with?('#<')
|
101
|
-
|
102
|
-
rules = self.class.authorization_rules
|
103
|
-
|
104
|
-
result = if rules[:rules].key?(target_class)
|
105
|
-
if target_method && rules[:rules][target_class].key?(:methods) && rules[:rules][target_class][:methods].key?(target_method)
|
106
|
-
options = rules[:rules][target_class][:methods][target_method][:options]
|
107
|
-
rule = rules[:rules][target_class][:methods][target_method][:rule]
|
108
|
-
@reason = { policy_class: @class_name, class_name: target_class, method: target_method, rule: rule } if @record_reason
|
109
|
-
else
|
110
|
-
options = rules[:rules][target_class][:options]
|
111
|
-
rule = rules[:rules][target_class][:rule]
|
112
|
-
@reason = { policy_class: @class_name, class_name: target_class, rule: rule } if @record_reason
|
113
|
-
end
|
114
|
-
|
115
|
-
if rule.class == Symbol || rule.class == String
|
116
|
-
if options
|
117
|
-
condition, method_result = _get_condition_and_result(options)
|
118
|
-
if @record_reason
|
119
|
-
@reason[:condition] = condition
|
120
|
-
@reason[:condition_result] = method_result
|
121
|
-
end
|
122
|
-
rule if (condition == :if && method_result == true) || (condition == :if_not && method_result == false)
|
123
|
-
else
|
124
|
-
rule
|
125
|
-
end
|
126
|
-
else
|
127
|
-
props = LucidProps.new(props) unless props.class == LucidProps
|
128
|
-
policy_helper = LucidPolicy::Helper.new
|
129
|
-
policy_helper.instance_exec(@object, target_class, target_method, props, &rule)
|
130
|
-
r = policy_helper.result
|
131
|
-
@reason[:rule_result] = r if @record_reason
|
132
|
-
r
|
133
|
-
end
|
134
|
-
else
|
135
|
-
r = rules[:others]
|
136
|
-
@reason = { policy_class: @class_name, class_name: target_class, others: r } if @record_reason
|
137
|
-
r
|
138
|
-
end
|
139
|
-
|
140
|
-
return true if result == :allow
|
141
|
-
|
142
|
-
rules[:policies].each do |policy_class, options|
|
143
|
-
combined_policy_result = nil
|
144
|
-
if options.empty?
|
145
|
-
policy_instance = policy_class.new(@object, @record_reason)
|
146
|
-
combined_policy_result = policy_instance.authorized?(target_class, target_method, props)
|
147
|
-
@reason = @reason = { policy_class: @class_name, combined: policy_instance.reason } if @record_reason
|
148
|
-
else
|
149
|
-
condition, method_result = _get_condition_and_result(options)
|
150
|
-
if (condition == :if && method_result == true) || (condition == :if_not && method_result == false)
|
151
|
-
policy_instance = policy_class.new(@object, @record_reason)
|
152
|
-
combined_policy_result = policy_instance.authorized?(target_class, target_method, props)
|
153
|
-
@reason = { policy_class: @class_name, combined: policy_instance.reason, condition: condition, condition_result: method_result } if @record_reason
|
154
|
-
end
|
155
|
-
end
|
156
|
-
return true if combined_policy_result == true
|
157
|
-
end
|
158
|
-
|
159
|
-
result == :allow ? true : false
|
160
|
-
end
|
161
|
-
|
162
|
-
def authorized!(target_class, target_method = nil, props = nil)
|
163
|
-
result = authorized?(target_class, target_method, props)
|
164
|
-
reason_message = reason ? ", reason: #{reason}" : ''
|
165
|
-
return true if result
|
166
|
-
Isomorfeus.raise_error(error_class: LucidPolicy::Exception, message: "#{@object}: not authorized to call #{target_class}#{}#{target_method} #{props} #{reason_message}!")
|
167
|
-
end
|
168
|
-
|
169
|
-
def _get_condition_and_result(options)
|
170
|
-
condition = nil
|
171
|
-
method_name_or_block = if options.key?(:if)
|
172
|
-
condition = :if
|
173
|
-
options[:if]
|
174
|
-
elsif options.key?(:if_not)
|
175
|
-
condition = :if_not
|
176
|
-
options[:if_not]
|
177
|
-
elsif options.key?(:unless)
|
178
|
-
condition = :if_not
|
179
|
-
options[:unless]
|
180
|
-
end
|
181
|
-
method_result = if method_name_or_block && method_name_or_block.class == Symbol
|
182
|
-
@object.__send__(method_name_or_block)
|
183
|
-
else
|
184
|
-
props = LucidProps.new(props) unless props.class == LucidProps
|
185
|
-
method_name_or_block.call(@object, props)
|
186
|
-
end
|
187
|
-
[condition, method_result]
|
188
|
-
end
|
189
|
-
end
|
190
|
-
end
|
191
|
-
end
|
data/lib/lucid_props.rb
DELETED
@@ -1,90 +0,0 @@
|
|
1
|
-
class LucidProps
|
2
|
-
def initialize(props_hash)
|
3
|
-
props_hash = {} unless props_hash
|
4
|
-
@props_hash = props_hash
|
5
|
-
if RUBY_ENGINE != 'opal'
|
6
|
-
@props_hash.freeze
|
7
|
-
end
|
8
|
-
end
|
9
|
-
|
10
|
-
def any?
|
11
|
-
@props_hash.keys.size > 0
|
12
|
-
end
|
13
|
-
|
14
|
-
def to_h
|
15
|
-
@props_hash
|
16
|
-
end
|
17
|
-
|
18
|
-
def to_transport
|
19
|
-
{}.merge(@props_hash)
|
20
|
-
end
|
21
|
-
|
22
|
-
if RUBY_ENGINE == 'opal'
|
23
|
-
def [](prop_name)
|
24
|
-
@props_hash[prop_name]
|
25
|
-
end
|
26
|
-
|
27
|
-
def key?(prop_name)
|
28
|
-
@props_hash.key?(prop_name)
|
29
|
-
end
|
30
|
-
|
31
|
-
def keys
|
32
|
-
@props_hash.keys
|
33
|
-
end
|
34
|
-
|
35
|
-
def method_missing(prop_name, *args, &block)
|
36
|
-
return @props_hash[prop_name] if @props_hash.key?(prop_name)
|
37
|
-
super(prop_name, *args, &block)
|
38
|
-
end
|
39
|
-
|
40
|
-
def set(prop_name, value)
|
41
|
-
@props_hash[prop_name] = value
|
42
|
-
end
|
43
|
-
|
44
|
-
def to_json
|
45
|
-
JSON.dump(to_transport)
|
46
|
-
end
|
47
|
-
|
48
|
-
def to_n
|
49
|
-
@props_hash.to_n
|
50
|
-
end
|
51
|
-
else # RUBY_ENGINE
|
52
|
-
def [](prop_name)
|
53
|
-
name = prop_name.to_sym
|
54
|
-
return @props_hash[name] if @props_hash.key?(name)
|
55
|
-
name = prop_name.to_s
|
56
|
-
return @props_hash[name] if @props_hash.key?(name)
|
57
|
-
nil
|
58
|
-
end
|
59
|
-
|
60
|
-
def key?(prop_name)
|
61
|
-
@props_hash.key?(prop_name.to_sym) || @props_hash.key?(prop_name.to_s)
|
62
|
-
end
|
63
|
-
|
64
|
-
def keys
|
65
|
-
@props_hash.keys.map(&:to_sym)
|
66
|
-
end
|
67
|
-
|
68
|
-
def method_missing(prop_name, *args, &block)
|
69
|
-
name = prop_name.to_sym
|
70
|
-
return @props_hash[name] if @props_hash.key?(name)
|
71
|
-
name = prop_name.to_s
|
72
|
-
return @props_hash[name] if @props_hash.key?(name)
|
73
|
-
super(prop_name, *args, &block)
|
74
|
-
end
|
75
|
-
|
76
|
-
def set(prop_name, value)
|
77
|
-
@props_hash[prop_name.to_sym] = value
|
78
|
-
end
|
79
|
-
|
80
|
-
def to_json
|
81
|
-
Oj.dump(to_transport, mode: :strict)
|
82
|
-
end
|
83
|
-
|
84
|
-
def to_n
|
85
|
-
@props_hash
|
86
|
-
end
|
87
|
-
end # RUBY_ENGINE
|
88
|
-
|
89
|
-
alias_method :has_key?, :key?
|
90
|
-
end
|