maybee 1.0.6 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG +11 -2
- data/README.md +15 -15
- data/lib/maybee/authorization.rb +9 -1
- data/lib/maybee/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f29e6ee079046ec284b5a4f1c92c467e6f89b950
|
|
4
|
+
data.tar.gz: 701ddaee631e28e32b6b7c640e0d4d5b35a1a1f2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: adc2dded1e8142e0fe2e0b877e1e3e00d76c2523fe50ea40b6d82dea8399bf2f1e05dec14405b2baf271f73f2b83d543e62e0d74c71349b419c72ce6278fae3c
|
|
7
|
+
data.tar.gz: 39d7f22f303ad19c9a17fc6ceee19e0f7d7a5396c1ea2b2fd8548bf1f505accd0722a69b08a226ef85b4d09567f7c0dac1ae917592b928dbad4870fbb1beb753
|
data/CHANGELOG
CHANGED
|
@@ -1,8 +1,17 @@
|
|
|
1
|
-
|
|
1
|
+
1.1.0 (16 Mar 2015)
|
|
2
|
+
|
|
3
|
+
* Allow lambda literals in conditionals
|
|
4
|
+
|
|
5
|
+
1.0.6 (16 Feb 2015)
|
|
6
|
+
|
|
7
|
+
* Support Rails 4.2
|
|
8
|
+
|
|
9
|
+
1.0.5 (05 Jun 2014)
|
|
2
10
|
|
|
3
11
|
* Support Rails 4.1
|
|
4
12
|
|
|
5
|
-
|
|
13
|
+
|
|
14
|
+
0.0.4 (09 Jul 2013)
|
|
6
15
|
|
|
7
16
|
* use ActiveSupport::Concern
|
|
8
17
|
* add allows_crud DSL method
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ Access rules are defined inside models using a simple DSL and may be named as yo
|
|
|
37
37
|
class Car < ActiveRecord::Base
|
|
38
38
|
acts_as_authorization_object
|
|
39
39
|
|
|
40
|
-
allows :
|
|
40
|
+
allows to: :drive
|
|
41
41
|
end
|
|
42
42
|
```
|
|
43
43
|
will have model instances respond `true` if asked
|
|
@@ -50,7 +50,7 @@ car.allow?(:drive, user)
|
|
|
50
50
|
Usually, you will want to restrict access based on some internal state of the model (the authorization object) or the user (the subject). This can be accomplished using the options `:if`, `:unless`, `:if_subject` and `:unless_subject`:
|
|
51
51
|
|
|
52
52
|
```ruby
|
|
53
|
-
allows :
|
|
53
|
+
allows to: :drive, if: :license_plate_valid?, if_subject: :has_drivers_license?
|
|
54
54
|
```
|
|
55
55
|
|
|
56
56
|
With this declaration, the car would allow any (ruby) object to drive, if the car has a valid license plate and the ruby object responds to `#has_drivers_license?` with a true value.
|
|
@@ -72,7 +72,7 @@ end
|
|
|
72
72
|
class Car < ActiveRecord::Base
|
|
73
73
|
acts_as_authorization_object
|
|
74
74
|
|
|
75
|
-
allows :drivers, :
|
|
75
|
+
allows :drivers, to: :drive, if_subject: :sober?
|
|
76
76
|
end
|
|
77
77
|
```
|
|
78
78
|
This will allow sober drivers to drive, but will reject normal users and drunk drivers.
|
|
@@ -80,14 +80,14 @@ This will allow sober drivers to drive, but will reject normal users and drunk d
|
|
|
80
80
|
If you do not care for the subject class, you may also write
|
|
81
81
|
|
|
82
82
|
```ruby
|
|
83
|
-
allows_to :drive, :
|
|
83
|
+
allows_to :drive, if: ...
|
|
84
84
|
```
|
|
85
|
-
which is the same as `allows :
|
|
85
|
+
which is the same as `allows to: ...`
|
|
86
86
|
|
|
87
87
|
Multiple access rights may be given in the same definition:
|
|
88
88
|
|
|
89
89
|
```ruby
|
|
90
|
-
allows :drivers, :
|
|
90
|
+
allows :drivers, to: [:start, :drive], if: ...
|
|
91
91
|
```
|
|
92
92
|
|
|
93
93
|
|
|
@@ -96,7 +96,7 @@ allows :drivers, :to => [:start, :drive], :if => ...
|
|
|
96
96
|
It is also possible to pass a proc to any of the conditional options:
|
|
97
97
|
|
|
98
98
|
```ruby
|
|
99
|
-
allows :drivers, :
|
|
99
|
+
allows :drivers, to: :start, if: lambda { |driver| gasoline_level > 0 }
|
|
100
100
|
```
|
|
101
101
|
|
|
102
102
|
Blocks passed to `:if` and `:unless` are evaluated inside the authorization object, while `:if_subject` and `:unless_subject` get evaluated inside the authorization subject (the user).
|
|
@@ -108,8 +108,8 @@ In most cases, you will want to restrict authorizations to authorized subjects o
|
|
|
108
108
|
|
|
109
109
|
```ruby
|
|
110
110
|
class Image
|
|
111
|
-
allows :users, :
|
|
112
|
-
allows :users, :
|
|
111
|
+
allows :users, to: :view, if: :publicly_accessible?, allow_nil: true
|
|
112
|
+
allows :users, to: :view, if_subject: lambda { |image| self.company_id == image.company_id }
|
|
113
113
|
|
|
114
114
|
def publicly_accessible?
|
|
115
115
|
# implementation, or a simple attribute
|
|
@@ -126,7 +126,7 @@ There are three special accesses which limit creation, updating and destruction
|
|
|
126
126
|
In the simplest form, the access to create, update and destroy would be granted regardless of the `authorization_subject`. This would be the default behaviour of ActiveRecord, where besides validations there is no restriction on these operations:
|
|
127
127
|
|
|
128
128
|
```ruby
|
|
129
|
-
allows_to :create, :update, :destroy, :
|
|
129
|
+
allows_to :create, :update, :destroy, allow_nil: true
|
|
130
130
|
```
|
|
131
131
|
|
|
132
132
|
Say you have models for users and roles, and you want normal users not to be able to assign roles, but only admins:
|
|
@@ -135,8 +135,8 @@ Say you have models for users and roles, and you want normal users not to be abl
|
|
|
135
135
|
class User < ActiveRecord::Base
|
|
136
136
|
acts_as_authorization_subject
|
|
137
137
|
|
|
138
|
-
has_many :user_roles, :
|
|
139
|
-
has_many :roles, :
|
|
138
|
+
has_many :user_roles, dependent: :destroy
|
|
139
|
+
has_many :roles, through: :user_roles
|
|
140
140
|
end
|
|
141
141
|
|
|
142
142
|
|
|
@@ -149,7 +149,7 @@ class UserRole < ActiveRecord::Base
|
|
|
149
149
|
|
|
150
150
|
acts_as_authorization_object
|
|
151
151
|
|
|
152
|
-
allows :users, :
|
|
152
|
+
allows :users, to: [:create, :update, :destroy], if_subject: :admin?
|
|
153
153
|
end
|
|
154
154
|
```
|
|
155
155
|
|
|
@@ -219,10 +219,10 @@ By default, access rules are inherited by subclasses of auth objects. Additional
|
|
|
219
219
|
|
|
220
220
|
```ruby
|
|
221
221
|
class Foo < ActiveRecord::Base
|
|
222
|
-
allows_to :view, :
|
|
222
|
+
allows_to :view, if: :visible?
|
|
223
223
|
end
|
|
224
224
|
|
|
225
225
|
class SubFoo < Foo
|
|
226
|
-
allows_to :view, :
|
|
226
|
+
allows_to :view, exclusive: true
|
|
227
227
|
end
|
|
228
228
|
```
|
data/lib/maybee/authorization.rb
CHANGED
|
@@ -23,7 +23,15 @@ module Maybee
|
|
|
23
23
|
else
|
|
24
24
|
receiver, argument = object, subject
|
|
25
25
|
end
|
|
26
|
-
result = cond.is_a?(Proc)
|
|
26
|
+
result = if cond.is_a?(Proc)
|
|
27
|
+
if cond.arity == 1
|
|
28
|
+
receiver.instance_exec(argument, &cond)
|
|
29
|
+
else
|
|
30
|
+
receiver.instance_exec(&cond)
|
|
31
|
+
end
|
|
32
|
+
else
|
|
33
|
+
receiver.send(cond)
|
|
34
|
+
end
|
|
27
35
|
(:if_subject == clause || :if == clause) ? result : !result
|
|
28
36
|
end
|
|
29
37
|
false
|
data/lib/maybee/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: maybee
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthias Grosser
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-03-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: i18n
|