maybee 1.0.6 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG +11 -2
- data/README.md +15 -15
- data/lib/maybee/authorization.rb +9 -1
- data/lib/maybee/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f29e6ee079046ec284b5a4f1c92c467e6f89b950
|
|
4
|
+
data.tar.gz: 701ddaee631e28e32b6b7c640e0d4d5b35a1a1f2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: adc2dded1e8142e0fe2e0b877e1e3e00d76c2523fe50ea40b6d82dea8399bf2f1e05dec14405b2baf271f73f2b83d543e62e0d74c71349b419c72ce6278fae3c
|
|
7
|
+
data.tar.gz: 39d7f22f303ad19c9a17fc6ceee19e0f7d7a5396c1ea2b2fd8548bf1f505accd0722a69b08a226ef85b4d09567f7c0dac1ae917592b928dbad4870fbb1beb753
|
data/CHANGELOG
CHANGED
|
@@ -1,8 +1,17 @@
|
|
|
1
|
-
|
|
1
|
+
1.1.0 (16 Mar 2015)
|
|
2
|
+
|
|
3
|
+
* Allow lambda literals in conditionals
|
|
4
|
+
|
|
5
|
+
1.0.6 (16 Feb 2015)
|
|
6
|
+
|
|
7
|
+
* Support Rails 4.2
|
|
8
|
+
|
|
9
|
+
1.0.5 (05 Jun 2014)
|
|
2
10
|
|
|
3
11
|
* Support Rails 4.1
|
|
4
12
|
|
|
5
|
-
|
|
13
|
+
|
|
14
|
+
0.0.4 (09 Jul 2013)
|
|
6
15
|
|
|
7
16
|
* use ActiveSupport::Concern
|
|
8
17
|
* add allows_crud DSL method
|
data/README.md
CHANGED
|
@@ -37,7 +37,7 @@ Access rules are defined inside models using a simple DSL and may be named as yo
|
|
|
37
37
|
class Car < ActiveRecord::Base
|
|
38
38
|
acts_as_authorization_object
|
|
39
39
|
|
|
40
|
-
allows :
|
|
40
|
+
allows to: :drive
|
|
41
41
|
end
|
|
42
42
|
```
|
|
43
43
|
will have model instances respond `true` if asked
|
|
@@ -50,7 +50,7 @@ car.allow?(:drive, user)
|
|
|
50
50
|
Usually, you will want to restrict access based on some internal state of the model (the authorization object) or the user (the subject). This can be accomplished using the options `:if`, `:unless`, `:if_subject` and `:unless_subject`:
|
|
51
51
|
|
|
52
52
|
```ruby
|
|
53
|
-
allows :
|
|
53
|
+
allows to: :drive, if: :license_plate_valid?, if_subject: :has_drivers_license?
|
|
54
54
|
```
|
|
55
55
|
|
|
56
56
|
With this declaration, the car would allow any (ruby) object to drive, if the car has a valid license plate and the ruby object responds to `#has_drivers_license?` with a true value.
|
|
@@ -72,7 +72,7 @@ end
|
|
|
72
72
|
class Car < ActiveRecord::Base
|
|
73
73
|
acts_as_authorization_object
|
|
74
74
|
|
|
75
|
-
allows :drivers, :
|
|
75
|
+
allows :drivers, to: :drive, if_subject: :sober?
|
|
76
76
|
end
|
|
77
77
|
```
|
|
78
78
|
This will allow sober drivers to drive, but will reject normal users and drunk drivers.
|
|
@@ -80,14 +80,14 @@ This will allow sober drivers to drive, but will reject normal users and drunk d
|
|
|
80
80
|
If you do not care for the subject class, you may also write
|
|
81
81
|
|
|
82
82
|
```ruby
|
|
83
|
-
allows_to :drive, :
|
|
83
|
+
allows_to :drive, if: ...
|
|
84
84
|
```
|
|
85
|
-
which is the same as `allows :
|
|
85
|
+
which is the same as `allows to: ...`
|
|
86
86
|
|
|
87
87
|
Multiple access rights may be given in the same definition:
|
|
88
88
|
|
|
89
89
|
```ruby
|
|
90
|
-
allows :drivers, :
|
|
90
|
+
allows :drivers, to: [:start, :drive], if: ...
|
|
91
91
|
```
|
|
92
92
|
|
|
93
93
|
|
|
@@ -96,7 +96,7 @@ allows :drivers, :to => [:start, :drive], :if => ...
|
|
|
96
96
|
It is also possible to pass a proc to any of the conditional options:
|
|
97
97
|
|
|
98
98
|
```ruby
|
|
99
|
-
allows :drivers, :
|
|
99
|
+
allows :drivers, to: :start, if: lambda { |driver| gasoline_level > 0 }
|
|
100
100
|
```
|
|
101
101
|
|
|
102
102
|
Blocks passed to `:if` and `:unless` are evaluated inside the authorization object, while `:if_subject` and `:unless_subject` get evaluated inside the authorization subject (the user).
|
|
@@ -108,8 +108,8 @@ In most cases, you will want to restrict authorizations to authorized subjects o
|
|
|
108
108
|
|
|
109
109
|
```ruby
|
|
110
110
|
class Image
|
|
111
|
-
allows :users, :
|
|
112
|
-
allows :users, :
|
|
111
|
+
allows :users, to: :view, if: :publicly_accessible?, allow_nil: true
|
|
112
|
+
allows :users, to: :view, if_subject: lambda { |image| self.company_id == image.company_id }
|
|
113
113
|
|
|
114
114
|
def publicly_accessible?
|
|
115
115
|
# implementation, or a simple attribute
|
|
@@ -126,7 +126,7 @@ There are three special accesses which limit creation, updating and destruction
|
|
|
126
126
|
In the simplest form, the access to create, update and destroy would be granted regardless of the `authorization_subject`. This would be the default behaviour of ActiveRecord, where besides validations there is no restriction on these operations:
|
|
127
127
|
|
|
128
128
|
```ruby
|
|
129
|
-
allows_to :create, :update, :destroy, :
|
|
129
|
+
allows_to :create, :update, :destroy, allow_nil: true
|
|
130
130
|
```
|
|
131
131
|
|
|
132
132
|
Say you have models for users and roles, and you want normal users not to be able to assign roles, but only admins:
|
|
@@ -135,8 +135,8 @@ Say you have models for users and roles, and you want normal users not to be abl
|
|
|
135
135
|
class User < ActiveRecord::Base
|
|
136
136
|
acts_as_authorization_subject
|
|
137
137
|
|
|
138
|
-
has_many :user_roles, :
|
|
139
|
-
has_many :roles, :
|
|
138
|
+
has_many :user_roles, dependent: :destroy
|
|
139
|
+
has_many :roles, through: :user_roles
|
|
140
140
|
end
|
|
141
141
|
|
|
142
142
|
|
|
@@ -149,7 +149,7 @@ class UserRole < ActiveRecord::Base
|
|
|
149
149
|
|
|
150
150
|
acts_as_authorization_object
|
|
151
151
|
|
|
152
|
-
allows :users, :
|
|
152
|
+
allows :users, to: [:create, :update, :destroy], if_subject: :admin?
|
|
153
153
|
end
|
|
154
154
|
```
|
|
155
155
|
|
|
@@ -219,10 +219,10 @@ By default, access rules are inherited by subclasses of auth objects. Additional
|
|
|
219
219
|
|
|
220
220
|
```ruby
|
|
221
221
|
class Foo < ActiveRecord::Base
|
|
222
|
-
allows_to :view, :
|
|
222
|
+
allows_to :view, if: :visible?
|
|
223
223
|
end
|
|
224
224
|
|
|
225
225
|
class SubFoo < Foo
|
|
226
|
-
allows_to :view, :
|
|
226
|
+
allows_to :view, exclusive: true
|
|
227
227
|
end
|
|
228
228
|
```
|
data/lib/maybee/authorization.rb
CHANGED
|
@@ -23,7 +23,15 @@ module Maybee
|
|
|
23
23
|
else
|
|
24
24
|
receiver, argument = object, subject
|
|
25
25
|
end
|
|
26
|
-
result = cond.is_a?(Proc)
|
|
26
|
+
result = if cond.is_a?(Proc)
|
|
27
|
+
if cond.arity == 1
|
|
28
|
+
receiver.instance_exec(argument, &cond)
|
|
29
|
+
else
|
|
30
|
+
receiver.instance_exec(&cond)
|
|
31
|
+
end
|
|
32
|
+
else
|
|
33
|
+
receiver.send(cond)
|
|
34
|
+
end
|
|
27
35
|
(:if_subject == clause || :if == clause) ? result : !result
|
|
28
36
|
end
|
|
29
37
|
false
|
data/lib/maybee/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: maybee
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0
|
|
4
|
+
version: 1.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthias Grosser
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-03-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: i18n
|