know_it_all 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +30 -5
- data/lib/know_it_all/base.rb +6 -3
- data/lib/know_it_all/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c46f9fbd69adcd8eadf7d3d031481dd83de48472
|
|
4
|
+
data.tar.gz: af4a0c6556ce92b9df6280f20c1a4714d7781f14
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f6945101bdd7bafbf8238bca9fabe2127dd3aabc05c04a6a2d36027df6a5336ee93a03a8db3f37f9531b01a1c2eb269e3297ab01f9b1131cc9c169e8c2820e22
|
|
7
|
+
data.tar.gz: a22ded0ff92288e55146880f9470271f8a0c319b1465778befded1fd95e4a2af97c525d516812deea444b92e770499483dc0a75a2b7026500ba30ebaa4696113
|
data/README.md
CHANGED
|
@@ -8,6 +8,27 @@ More of an architectural pattern for API-focused authorization than properly a d
|
|
|
8
8
|
|
|
9
9
|
If your application needs to validate pre-requisites before performing certain actions, at the same time providing helpful error messages for the API's clients, all that while using regular magic-less Ruby and object oriented design patterns, KnowItAll is your friend.
|
|
10
10
|
|
|
11
|
+
Table of Contents
|
|
12
|
+
=================
|
|
13
|
+
|
|
14
|
+
* [KnowItAll](#knowitall)
|
|
15
|
+
* [Why?](#why)
|
|
16
|
+
* [Why not just Pundit?](#why-not-just-pundit)
|
|
17
|
+
* [Installation](#installation)
|
|
18
|
+
* [Usage](#usage)
|
|
19
|
+
* [Creating policies](#creating-policies)
|
|
20
|
+
* [Naming convention](#naming-convention)
|
|
21
|
+
* [Helper class](#helper-class)
|
|
22
|
+
* [Using policies](#using-policies)
|
|
23
|
+
* [What happens when not authorized](#what-happens-when-not-authorized)
|
|
24
|
+
* [Querying authorizations in the view](#querying-authorizations-in-the-view)
|
|
25
|
+
* [Avoiding conflicts in the controller](#avoiding-conflicts-in-the-controller)
|
|
26
|
+
* [Overrides](#overrides)
|
|
27
|
+
* [Enforcing authorization checks](#enforcing-authorization-checks)
|
|
28
|
+
* [Development](#development)
|
|
29
|
+
* [Contributing](#contributing)
|
|
30
|
+
* [License](#license)
|
|
31
|
+
|
|
11
32
|
## Why?
|
|
12
33
|
|
|
13
34
|
The assumption made is that each action has its own requirements based on the current context. Some may be related to the current user's permissions in the system, others with the parameters sent, and others yet may even have nothing to do with any input received. Let's say you're building the API for a food delivery app. To be able to checkout, you need to validate the following requirements:
|
|
@@ -68,6 +89,10 @@ end
|
|
|
68
89
|
|
|
69
90
|
That's exactly the architectural pattern encouraged by this gem. By including a small set of helpers, it makes it extremely simple to perform complex validations and provide helpful feedback through the API.
|
|
70
91
|
|
|
92
|
+
## Why not just Pundit?
|
|
93
|
+
|
|
94
|
+
Pundit is great! I've been using it for years and I love it, but its model-focused permissions and structural pattern makes it difficult and awkward to perform validations on scenarios that need multiple arguments and show appropriate error messages for the API's clients. Based on modifications I've made when using Pundit in some projects, I created this gem.
|
|
95
|
+
|
|
71
96
|
## Installation
|
|
72
97
|
|
|
73
98
|
Add this line to your application's Gemfile:
|
|
@@ -125,7 +150,7 @@ Using `ActiveModel::Validations`:
|
|
|
125
150
|
```ruby
|
|
126
151
|
module OrdersPolicies
|
|
127
152
|
class Create
|
|
128
|
-
|
|
153
|
+
include ActiveModel::Validations
|
|
129
154
|
|
|
130
155
|
validates_presence_of :current_user, :address
|
|
131
156
|
validate :address_in_range
|
|
@@ -208,7 +233,7 @@ end
|
|
|
208
233
|
|
|
209
234
|
#### What happens when not authorized
|
|
210
235
|
|
|
211
|
-
The `authorize
|
|
236
|
+
The `authorize!` method raises a `KnowItAll::NotAuthorized` exception in case the authorization has failed, and contains the instance of the policy used to perform the validation:
|
|
212
237
|
|
|
213
238
|
```ruby
|
|
214
239
|
class ApplicationController < ActionController::Base
|
|
@@ -228,7 +253,7 @@ class ApplicationController < ActionController::Base
|
|
|
228
253
|
end
|
|
229
254
|
```
|
|
230
255
|
|
|
231
|
-
Alternatively, you can use the bangless form of the authorization method (`authorize`), which doesn't raise an exception and
|
|
256
|
+
Alternatively, you can use the bangless form of the authorization method (`authorize`), which doesn't raise an exception and returns the errors in the policy:
|
|
232
257
|
|
|
233
258
|
```ruby
|
|
234
259
|
class OrdersController < ApplicationController
|
|
@@ -277,7 +302,7 @@ Then use it in your views, passing the appropriate overrides (more about that he
|
|
|
277
302
|
|
|
278
303
|
#### Avoiding conflicts in the controller
|
|
279
304
|
|
|
280
|
-
It's possible that you're already using methods with the same names as the ones in the `KnowItAll` module: `authorize`, `
|
|
305
|
+
It's possible that you're already using methods with the same names as the ones in the `KnowItAll` module: `authorize`, `authorize?`, `authorize!`, `policy`, `policy_class`, `policy_name`, `render_not_authorized` or `verify_authorized`. In that case, the solution is to include the module in another class, and use it as a collaborator. The only methods `KnowItAll` needs to find the correct policies are `controller_path` and `action_name`:
|
|
281
306
|
|
|
282
307
|
```ruby
|
|
283
308
|
class Authorizer
|
|
@@ -370,7 +395,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
|
370
395
|
|
|
371
396
|
## Contributing
|
|
372
397
|
|
|
373
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
|
398
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/mrodrigues/know_it_all. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
|
|
374
399
|
|
|
375
400
|
|
|
376
401
|
## License
|
data/lib/know_it_all/base.rb
CHANGED
|
@@ -1,12 +1,15 @@
|
|
|
1
1
|
module KnowItAll
|
|
2
2
|
class Base
|
|
3
|
+
def self.validations
|
|
4
|
+
@validations ||= {}
|
|
5
|
+
end
|
|
6
|
+
|
|
3
7
|
def self.assert(method_name, message)
|
|
4
|
-
|
|
5
|
-
@@validations[method_name] = message
|
|
8
|
+
validations[method_name] = message
|
|
6
9
|
end
|
|
7
10
|
|
|
8
11
|
def errors
|
|
9
|
-
|
|
12
|
+
self.class.validations.each
|
|
10
13
|
.select { |method_name, _| !self.send(method_name) }
|
|
11
14
|
.map { |_, message| message }
|
|
12
15
|
end
|
data/lib/know_it_all/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: know_it_all
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- mrodrigues
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-06-
|
|
11
|
+
date: 2016-06-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -140,3 +140,4 @@ signing_key:
|
|
|
140
140
|
specification_version: 4
|
|
141
141
|
summary: OO authorization for APIs
|
|
142
142
|
test_files: []
|
|
143
|
+
has_rdoc:
|