moat 0.3 → 0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +14 -0
- data/README.md +10 -6
- data/lib/moat.rb +5 -1
- data/lib/moat/version.rb +1 -1
- data/spec/moat_spec.rb +39 -0
- metadata +3 -3
- data/Gemfile.lock +0 -50
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8650ce60afaf8d84d2f26e215e9d9a7ff5bc393a
|
|
4
|
+
data.tar.gz: 14c91842fc823ce114c0eb19daac0070e5dae1b8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b31364a24bc83743555b7fb89f69591cf88ea2c544dad9e01a7e8e0cb02424b47a231da46dc2ba246fad0df987464f7cf472ced12fad0a6242ba3f1bd5098bdf
|
|
7
|
+
data.tar.gz: 5ce3ba9dfb382042104995713ecc6a528aaf1282189ff35931d0de9d4700bb23fca1b7d03b4c407f5bf27c0e0999666316a94091d7a0f2cdf4121248b0b957dc
|
data/.gitignore
ADDED
data/README.md
CHANGED
|
@@ -174,11 +174,15 @@ end
|
|
|
174
174
|
- `policy_filter(scope, action = action_name, user: moat_user, policy: <optional>)`
|
|
175
175
|
- Called from controller actions or `before_action`s
|
|
176
176
|
- Returns a `scope` with limitations according to `policy`
|
|
177
|
-
- Automagically
|
|
177
|
+
- Automagically tries to determine `policy` and `action` if not given
|
|
178
178
|
- `authorize(resource, action = action_name, user: moat_user, policy: <optional>)`
|
|
179
|
-
- Called
|
|
180
|
-
- Raises `Moat::NotAuthorizedError` if `user` is not permitted to take `action` according to `policy`
|
|
181
|
-
- Automagically
|
|
179
|
+
- Called in controller methods
|
|
180
|
+
- Raises `Moat::NotAuthorizedError` if `user` is not permitted to take `action` on the resource according to `policy`
|
|
181
|
+
- Automagically tries to determine `policy` and `action` if not given
|
|
182
|
+
- `authorized?(resource, action = action_name, user: moat_user, policy: <optional>)`
|
|
183
|
+
- Called in controller methods
|
|
184
|
+
- Returns `true` if `user` is permitted to take `action` on the resource according to `policy`, otherwise it returns `false`
|
|
185
|
+
- Automagically tries to determine `policy` and `action` if not given
|
|
182
186
|
- `moat_user`
|
|
183
187
|
- Returns `current_user` unless overridden
|
|
184
188
|
- `verify_policy_applied`
|
|
@@ -188,8 +192,8 @@ end
|
|
|
188
192
|
- `skip_verify_policy_applied`
|
|
189
193
|
- Called from controller actions
|
|
190
194
|
- Prevents `verify_policy_applied` from raising
|
|
191
|
-
- This removes an important fail-safe
|
|
192
|
-
- Never use this without making it super clear to future developers why it is safe to call this method
|
|
195
|
+
- This removes an important fail-safe
|
|
196
|
+
- Never use this without making it super clear to future developers why it is safe to call this method
|
|
193
197
|
|
|
194
198
|
## Conventions
|
|
195
199
|
- A Moat `policy` is a PORO that is initialized with a user and a scope
|
data/lib/moat.rb
CHANGED
|
@@ -39,8 +39,12 @@ module Moat
|
|
|
39
39
|
apply_policy(scope, action, user: user, policy: policy::Filter)
|
|
40
40
|
end
|
|
41
41
|
|
|
42
|
+
def authorized?(resource, action = "#{action_name}?", user: moat_user, policy: find_policy(resource))
|
|
43
|
+
!!apply_policy(resource, action, user: user, policy: policy::Authorization)
|
|
44
|
+
end
|
|
45
|
+
|
|
42
46
|
def authorize(resource, action = "#{action_name}?", user: moat_user, policy: find_policy(resource))
|
|
43
|
-
if
|
|
47
|
+
if authorized?(resource, action, user: user, policy: policy)
|
|
44
48
|
resource
|
|
45
49
|
else
|
|
46
50
|
fail NotAuthorizedError, action: action, resource: resource, policy: policy, user: user
|
data/lib/moat/version.rb
CHANGED
data/spec/moat_spec.rb
CHANGED
|
@@ -135,6 +135,45 @@ describe Moat do
|
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
138
|
+
describe "#authorized?" do
|
|
139
|
+
it "fails if resource is nil" do
|
|
140
|
+
expect { moat_consumer.authorized?(nil) }.
|
|
141
|
+
to raise_error(Moat::PolicyNotFoundError)
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
it "fails if a corresponding policy can't be found" do
|
|
145
|
+
expect { moat_consumer.authorized?(Hash) }.
|
|
146
|
+
to raise_error(Moat::PolicyNotFoundError, "Hash")
|
|
147
|
+
expect { moat_consumer.authorized?({}) }.
|
|
148
|
+
to raise_error(Moat::PolicyNotFoundError, "Hash")
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
it "fails if a corresponding action can't be found" do
|
|
152
|
+
expect { moat_consumer.authorized?([1, 2, 3], :invalid_action?, policy: IntegerPolicy) }.
|
|
153
|
+
to raise_error(Moat::ActionNotFoundError, "IntegerPolicy::Authorization#invalid_action?")
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
it "returns false when the value of calling the policy method is falsey" do
|
|
157
|
+
expect(moat_consumer.authorized?(3)). to be false
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
it "returns true when the value of calling the policy method is truthy" do
|
|
161
|
+
expect(moat_consumer.authorized?(4)).to be true
|
|
162
|
+
end
|
|
163
|
+
|
|
164
|
+
it "uses specified action" do
|
|
165
|
+
expect(moat_consumer.authorized?(3, :show?)).to be true
|
|
166
|
+
end
|
|
167
|
+
|
|
168
|
+
it "uses specified policy" do
|
|
169
|
+
expect(moat_consumer.authorized?(3, policy: OtherIntegerPolicy)).to be true
|
|
170
|
+
end
|
|
171
|
+
|
|
172
|
+
it "uses specified user" do
|
|
173
|
+
expect(moat_consumer.authorized?(3, user: "specified user")).to be true
|
|
174
|
+
end
|
|
175
|
+
end
|
|
176
|
+
|
|
138
177
|
describe "#authorize" do
|
|
139
178
|
it "fails if resource is nil" do
|
|
140
179
|
expect { moat_consumer.authorize(nil) }.
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: moat
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.4'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Poll Everywhere
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-10-18 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rspec
|
|
@@ -47,10 +47,10 @@ extensions: []
|
|
|
47
47
|
extra_rdoc_files:
|
|
48
48
|
- README.md
|
|
49
49
|
files:
|
|
50
|
+
- ".gitignore"
|
|
50
51
|
- ".rubocop.yml"
|
|
51
52
|
- CONTRIBUTING.md
|
|
52
53
|
- Gemfile
|
|
53
|
-
- Gemfile.lock
|
|
54
54
|
- LICENSE
|
|
55
55
|
- README.md
|
|
56
56
|
- Rakefile
|
data/Gemfile.lock
DELETED
|
@@ -1,50 +0,0 @@
|
|
|
1
|
-
PATH
|
|
2
|
-
remote: .
|
|
3
|
-
specs:
|
|
4
|
-
moat (0.3)
|
|
5
|
-
|
|
6
|
-
GEM
|
|
7
|
-
remote: https://rubygems.org/
|
|
8
|
-
specs:
|
|
9
|
-
ast (2.4.0)
|
|
10
|
-
diff-lcs (1.3)
|
|
11
|
-
jaro_winkler (1.5.1)
|
|
12
|
-
parallel (1.12.1)
|
|
13
|
-
parser (2.5.1.0)
|
|
14
|
-
ast (~> 2.4.0)
|
|
15
|
-
powerpack (0.1.2)
|
|
16
|
-
rainbow (3.0.0)
|
|
17
|
-
rspec (3.7.0)
|
|
18
|
-
rspec-core (~> 3.7.0)
|
|
19
|
-
rspec-expectations (~> 3.7.0)
|
|
20
|
-
rspec-mocks (~> 3.7.0)
|
|
21
|
-
rspec-core (3.7.1)
|
|
22
|
-
rspec-support (~> 3.7.0)
|
|
23
|
-
rspec-expectations (3.7.0)
|
|
24
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
|
25
|
-
rspec-support (~> 3.7.0)
|
|
26
|
-
rspec-mocks (3.7.0)
|
|
27
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
|
28
|
-
rspec-support (~> 3.7.0)
|
|
29
|
-
rspec-support (3.7.1)
|
|
30
|
-
rubocop (0.57.2)
|
|
31
|
-
jaro_winkler (~> 1.5.1)
|
|
32
|
-
parallel (~> 1.10)
|
|
33
|
-
parser (>= 2.5)
|
|
34
|
-
powerpack (~> 0.1)
|
|
35
|
-
rainbow (>= 2.2.2, < 4.0)
|
|
36
|
-
ruby-progressbar (~> 1.7)
|
|
37
|
-
unicode-display_width (~> 1.0, >= 1.0.1)
|
|
38
|
-
ruby-progressbar (1.9.0)
|
|
39
|
-
unicode-display_width (1.4.0)
|
|
40
|
-
|
|
41
|
-
PLATFORMS
|
|
42
|
-
ruby
|
|
43
|
-
|
|
44
|
-
DEPENDENCIES
|
|
45
|
-
moat!
|
|
46
|
-
rspec (~> 3.5)
|
|
47
|
-
rubocop (~> 0.57.2)
|
|
48
|
-
|
|
49
|
-
BUNDLED WITH
|
|
50
|
-
1.16.1
|