moat 0.3 → 0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +14 -0
- data/README.md +10 -6
- data/lib/moat.rb +5 -1
- data/lib/moat/version.rb +1 -1
- data/spec/moat_spec.rb +39 -0
- metadata +3 -3
- data/Gemfile.lock +0 -50
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8650ce60afaf8d84d2f26e215e9d9a7ff5bc393a
|
|
4
|
+
data.tar.gz: 14c91842fc823ce114c0eb19daac0070e5dae1b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b31364a24bc83743555b7fb89f69591cf88ea2c544dad9e01a7e8e0cb02424b47a231da46dc2ba246fad0df987464f7cf472ced12fad0a6242ba3f1bd5098bdf
|
|
7
|
+
data.tar.gz: 5ce3ba9dfb382042104995713ecc6a528aaf1282189ff35931d0de9d4700bb23fca1b7d03b4c407f5bf27c0e0999666316a94091d7a0f2cdf4121248b0b957dc
|
data/.gitignore
ADDED
data/README.md
CHANGED
|
@@ -174,11 +174,15 @@ end
|
|
|
174
174
|
- `policy_filter(scope, action = action_name, user: moat_user, policy: <optional>)`
|
|
175
175
|
- Called from controller actions or `before_action`s
|
|
176
176
|
- Returns a `scope` with limitations according to `policy`
|
|
177
|
-
- Automagically
|
|
177
|
+
- Automagically tries to determine `policy` and `action` if not given
|
|
178
178
|
- `authorize(resource, action = action_name, user: moat_user, policy: <optional>)`
|
|
179
|
-
- Called
|
|
180
|
-
- Raises `Moat::NotAuthorizedError` if `user` is not permitted to take `action` according to `policy`
|
|
181
|
-
- Automagically
|
|
179
|
+
- Called in controller methods
|
|
180
|
+
- Raises `Moat::NotAuthorizedError` if `user` is not permitted to take `action` on the resource according to `policy`
|
|
181
|
+
- Automagically tries to determine `policy` and `action` if not given
|
|
182
|
+
- `authorized?(resource, action = action_name, user: moat_user, policy: <optional>)`
|
|
183
|
+
- Called in controller methods
|
|
184
|
+
- Returns `true` if `user` is permitted to take `action` on the resource according to `policy`, otherwise it returns `false`
|
|
185
|
+
- Automagically tries to determine `policy` and `action` if not given
|
|
182
186
|
- `moat_user`
|
|
183
187
|
- Returns `current_user` unless overridden
|
|
184
188
|
- `verify_policy_applied`
|
|
@@ -188,8 +192,8 @@ end
|
|
|
188
192
|
- `skip_verify_policy_applied`
|
|
189
193
|
- Called from controller actions
|
|
190
194
|
- Prevents `verify_policy_applied` from raising
|
|
191
|
-
- This removes an important fail-safe
|
|
192
|
-
- Never use this without making it super clear to future developers why it is safe to call this method
|
|
195
|
+
- This removes an important fail-safe
|
|
196
|
+
- Never use this without making it super clear to future developers why it is safe to call this method
|
|
193
197
|
|
|
194
198
|
## Conventions
|
|
195
199
|
- A Moat `policy` is a PORO that is initialized with a user and a scope
|
data/lib/moat.rb
CHANGED
|
@@ -39,8 +39,12 @@ module Moat
|
|
|
39
39
|
apply_policy(scope, action, user: user, policy: policy::Filter)
|
|
40
40
|
end
|
|
41
41
|
|
|
42
|
+
def authorized?(resource, action = "#{action_name}?", user: moat_user, policy: find_policy(resource))
|
|
43
|
+
!!apply_policy(resource, action, user: user, policy: policy::Authorization)
|
|
44
|
+
end
|
|
45
|
+
|
|
42
46
|
def authorize(resource, action = "#{action_name}?", user: moat_user, policy: find_policy(resource))
|
|
43
|
-
if
|
|
47
|
+
if authorized?(resource, action, user: user, policy: policy)
|
|
44
48
|
resource
|
|
45
49
|
else
|
|
46
50
|
fail NotAuthorizedError, action: action, resource: resource, policy: policy, user: user
|
data/lib/moat/version.rb
CHANGED
data/spec/moat_spec.rb
CHANGED
|
@@ -135,6 +135,45 @@ describe Moat do
|
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
+
describe "#authorized?" do
|
|
139
|
+
it "fails if resource is nil" do
|
|
140
|
+
expect { moat_consumer.authorized?(nil) }.
|
|
141
|
+
to raise_error(Moat::PolicyNotFoundError)
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
it "fails if a corresponding policy can't be found" do
|
|
145
|
+
expect { moat_consumer.authorized?(Hash) }.
|
|
146
|
+
to raise_error(Moat::PolicyNotFoundError, "Hash")
|
|
147
|
+
expect { moat_consumer.authorized?({}) }.
|
|
148
|
+
to raise_error(Moat::PolicyNotFoundError, "Hash")
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
it "fails if a corresponding action can't be found" do
|
|
152
|
+
expect { moat_consumer.authorized?([1, 2, 3], :invalid_action?, policy: IntegerPolicy) }.
|
|
153
|
+
to raise_error(Moat::ActionNotFoundError, "IntegerPolicy::Authorization#invalid_action?")
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
it "returns false when the value of calling the policy method is falsey" do
|
|
157
|
+
expect(moat_consumer.authorized?(3)). to be false
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
it "returns true when the value of calling the policy method is truthy" do
|
|
161
|
+
expect(moat_consumer.authorized?(4)).to be true
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
it "uses specified action" do
|
|
165
|
+
expect(moat_consumer.authorized?(3, :show?)).to be true
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
it "uses specified policy" do
|
|
169
|
+
expect(moat_consumer.authorized?(3, policy: OtherIntegerPolicy)).to be true
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
it "uses specified user" do
|
|
173
|
+
expect(moat_consumer.authorized?(3, user: "specified user")).to be true
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
|
|
138
177
|
describe "#authorize" do
|
|
139
178
|
it "fails if resource is nil" do
|
|
140
179
|
expect { moat_consumer.authorize(nil) }.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: moat
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.4'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Poll Everywhere
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-10-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -47,10 +47,10 @@ extensions: []
|
|
|
47
47
|
extra_rdoc_files:
|
|
48
48
|
- README.md
|
|
49
49
|
files:
|
|
50
|
+
- ".gitignore"
|
|
50
51
|
- ".rubocop.yml"
|
|
51
52
|
- CONTRIBUTING.md
|
|
52
53
|
- Gemfile
|
|
53
|
-
- Gemfile.lock
|
|
54
54
|
- LICENSE
|
|
55
55
|
- README.md
|
|
56
56
|
- Rakefile
|
data/Gemfile.lock
DELETED
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
PATH
|
|
2
|
-
remote: .
|
|
3
|
-
specs:
|
|
4
|
-
moat (0.3)
|
|
5
|
-
|
|
6
|
-
GEM
|
|
7
|
-
remote: https://rubygems.org/
|
|
8
|
-
specs:
|
|
9
|
-
ast (2.4.0)
|
|
10
|
-
diff-lcs (1.3)
|
|
11
|
-
jaro_winkler (1.5.1)
|
|
12
|
-
parallel (1.12.1)
|
|
13
|
-
parser (2.5.1.0)
|
|
14
|
-
ast (~> 2.4.0)
|
|
15
|
-
powerpack (0.1.2)
|
|
16
|
-
rainbow (3.0.0)
|
|
17
|
-
rspec (3.7.0)
|
|
18
|
-
rspec-core (~> 3.7.0)
|
|
19
|
-
rspec-expectations (~> 3.7.0)
|
|
20
|
-
rspec-mocks (~> 3.7.0)
|
|
21
|
-
rspec-core (3.7.1)
|
|
22
|
-
rspec-support (~> 3.7.0)
|
|
23
|
-
rspec-expectations (3.7.0)
|
|
24
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
|
25
|
-
rspec-support (~> 3.7.0)
|
|
26
|
-
rspec-mocks (3.7.0)
|
|
27
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
|
28
|
-
rspec-support (~> 3.7.0)
|
|
29
|
-
rspec-support (3.7.1)
|
|
30
|
-
rubocop (0.57.2)
|
|
31
|
-
jaro_winkler (~> 1.5.1)
|
|
32
|
-
parallel (~> 1.10)
|
|
33
|
-
parser (>= 2.5)
|
|
34
|
-
powerpack (~> 0.1)
|
|
35
|
-
rainbow (>= 2.2.2, < 4.0)
|
|
36
|
-
ruby-progressbar (~> 1.7)
|
|
37
|
-
unicode-display_width (~> 1.0, >= 1.0.1)
|
|
38
|
-
ruby-progressbar (1.9.0)
|
|
39
|
-
unicode-display_width (1.4.0)
|
|
40
|
-
|
|
41
|
-
PLATFORMS
|
|
42
|
-
ruby
|
|
43
|
-
|
|
44
|
-
DEPENDENCIES
|
|
45
|
-
moat!
|
|
46
|
-
rspec (~> 3.5)
|
|
47
|
-
rubocop (~> 0.57.2)
|
|
48
|
-
|
|
49
|
-
BUNDLED WITH
|
|
50
|
-
1.16.1
|