mongoid_ability 0.0.10 → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/mongoid_ability/ability.rb +18 -16
- data/lib/mongoid_ability/accessible_query_builder.rb +6 -4
- data/lib/mongoid_ability/version.rb +1 -1
- data/test/mongoid_ability/ability_role_test.rb +25 -0
- data/test/mongoid_ability/ability_test.rb +11 -16
- data/test/support/test_classes.rb +5 -5
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1541d93003dfaadfd76721962e2e8c299ac86f81
|
4
|
+
data.tar.gz: cd39407e3a4f06d0320493bfd327b7127b7e96d4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b44dd1f63f22cc8f3caac82f6da16475fb17fcaa6a84c45a5a3cc889009ed4405e98d10a0aee161a6e89f4efa8954a74dea1d6c2616a54d3114c30e8be8b5eff
|
7
|
+
data.tar.gz: ffeda7ae0ad1ffa0a0d9d682030a47b3e466967dd403f9413fe953f07fdea3f8de9c0a51593f6d9bd0ce5240103a862bf3601b8e71caa2067d2cea4cf83a993a
|
@@ -1,23 +1,23 @@
|
|
1
1
|
require 'cancancan'
|
2
|
-
|
2
|
+
|
3
3
|
module MongoidAbility
|
4
4
|
class Ability
|
5
5
|
|
6
6
|
include CanCan::Ability
|
7
|
-
|
8
|
-
attr_reader :
|
7
|
+
|
8
|
+
attr_reader :owner
|
9
9
|
|
10
10
|
# =====================================================================
|
11
11
|
|
12
|
-
def initialize
|
13
|
-
@
|
14
|
-
|
12
|
+
def initialize owner
|
13
|
+
@owner = owner
|
14
|
+
|
15
15
|
can do |action, subject_type, subject|
|
16
16
|
subject_class = subject_type.to_s.constantize
|
17
17
|
outcome = nil
|
18
18
|
|
19
19
|
subject_class.self_and_ancestors_with_default_locks.each do |cls|
|
20
|
-
outcome = combined_outcome(
|
20
|
+
outcome = combined_outcome(owner, action, cls, subject)
|
21
21
|
break unless outcome.nil?
|
22
22
|
end
|
23
23
|
|
@@ -26,21 +26,23 @@ module MongoidAbility
|
|
26
26
|
end
|
27
27
|
|
28
28
|
private # =============================================================
|
29
|
-
|
30
|
-
def combined_outcome
|
31
|
-
uo = user_outcome(
|
29
|
+
|
30
|
+
def combined_outcome owner, action, cls, subject
|
31
|
+
uo = user_outcome(owner, action, cls, subject)
|
32
32
|
return uo unless uo.nil?
|
33
33
|
|
34
|
-
|
35
|
-
|
34
|
+
if owner.respond_to?(owner.class.roles_relation_name)
|
35
|
+
ro = owner.roles_relation.collect{ |role| AbilityResolver.new(role, action, cls.to_s, subject).outcome }.compact
|
36
|
+
return ro.any?{ |i| i == true } unless ro.empty?
|
37
|
+
end
|
36
38
|
|
37
39
|
class_outcome(cls, action)
|
38
40
|
end
|
39
41
|
|
40
42
|
# ---------------------------------------------------------------------
|
41
|
-
|
42
|
-
def user_outcome
|
43
|
-
AbilityResolver.new(
|
43
|
+
|
44
|
+
def user_outcome owner, action, cls, subject
|
45
|
+
AbilityResolver.new(owner, action, cls.to_s, subject).outcome
|
44
46
|
end
|
45
47
|
|
46
48
|
def role_outcome role, action, cls, subject
|
@@ -54,4 +56,4 @@ module MongoidAbility
|
|
54
56
|
end
|
55
57
|
|
56
58
|
end
|
57
|
-
end
|
59
|
+
end
|
@@ -43,21 +43,23 @@ module MongoidAbility
|
|
43
43
|
|
44
44
|
# ---------------------------------------------------------------------
|
45
45
|
|
46
|
-
def
|
47
|
-
ability.
|
46
|
+
def owner
|
47
|
+
ability.owner
|
48
48
|
end
|
49
49
|
|
50
50
|
def roles
|
51
|
-
|
51
|
+
return unless owner.respond_to?(owner.class.roles_relation_name)
|
52
|
+
owner.roles_relation
|
52
53
|
end
|
53
54
|
|
54
55
|
# ---------------------------------------------------------------------
|
55
56
|
|
56
57
|
def user_id_locks_for_subject_type cls
|
57
|
-
|
58
|
+
owner.locks_relation.id_locks.for_action(action).for_subject_type(cls.to_s)
|
58
59
|
end
|
59
60
|
|
60
61
|
def roles_ids_locks_for_subject_type cls
|
62
|
+
return [] unless roles
|
61
63
|
roles.collect { |role| role.locks_relation.id_locks.for_action(action).for_subject_type(cls.to_s) }.flatten
|
62
64
|
end
|
63
65
|
|
@@ -0,0 +1,25 @@
|
|
1
|
+
require "test_helper"
|
2
|
+
|
3
|
+
module MongoidAbility
|
4
|
+
describe 'ability on Role' do
|
5
|
+
|
6
|
+
let(:read_lock) { TestLock.new(subject_type: TestAbilitySubject.to_s, action: :read, outcome: false) }
|
7
|
+
let(:role) { TestRole.new(test_locks: [read_lock]) }
|
8
|
+
let(:ability) { Ability.new(role) }
|
9
|
+
|
10
|
+
# ---------------------------------------------------------------------
|
11
|
+
|
12
|
+
it 'role can?' do
|
13
|
+
ability.can?(:read, TestAbilitySubject).must_equal false
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'role cannot?' do
|
17
|
+
ability.cannot?(:update, TestAbilitySubject).must_equal false
|
18
|
+
end
|
19
|
+
|
20
|
+
it 'is accessible by' do
|
21
|
+
TestAbilitySubject.accessible_by(ability, :read).must_be_kind_of Mongoid::Criteria
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
@@ -7,15 +7,13 @@ module MongoidAbility
|
|
7
7
|
let(:ability) { Ability.new(user) }
|
8
8
|
|
9
9
|
# ---------------------------------------------------------------------
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
ability.user.must_equal user
|
14
|
-
end
|
10
|
+
|
11
|
+
it 'exposes owner' do
|
12
|
+
ability.owner.must_equal user
|
15
13
|
end
|
16
14
|
|
17
15
|
# ---------------------------------------------------------------------
|
18
|
-
|
16
|
+
|
19
17
|
describe 'default locks' do
|
20
18
|
it 'propagates from superclass to all subclasses' do
|
21
19
|
ability.can?(:update, TestAbilitySubjectSuper1).must_equal true
|
@@ -35,7 +33,7 @@ module MongoidAbility
|
|
35
33
|
]) do
|
36
34
|
ability.can?(:read, TestAbilitySubject).must_equal true
|
37
35
|
end
|
38
|
-
end
|
36
|
+
end
|
39
37
|
end
|
40
38
|
|
41
39
|
describe 'when defined for some superclasses' do
|
@@ -47,12 +45,12 @@ module MongoidAbility
|
|
47
45
|
]) do
|
48
46
|
ability.can?(:read, TestAbilitySubject).must_equal true
|
49
47
|
end
|
50
|
-
end
|
48
|
+
end
|
51
49
|
end
|
52
50
|
end
|
53
51
|
|
54
52
|
# ---------------------------------------------------------------------
|
55
|
-
|
53
|
+
|
56
54
|
describe 'user locks' do
|
57
55
|
describe 'when defined for superclass' do
|
58
56
|
before do
|
@@ -67,7 +65,7 @@ module MongoidAbility
|
|
67
65
|
end
|
68
66
|
|
69
67
|
# ---------------------------------------------------------------------
|
70
|
-
|
68
|
+
|
71
69
|
describe 'role locks' do
|
72
70
|
describe 'when multiple roles' do
|
73
71
|
before do
|
@@ -104,13 +102,13 @@ module MongoidAbility
|
|
104
102
|
end
|
105
103
|
|
106
104
|
# ---------------------------------------------------------------------
|
107
|
-
|
105
|
+
|
108
106
|
describe 'combined locks' do
|
109
107
|
describe 'user and role locks' do
|
110
108
|
before do
|
111
109
|
user.tap do |u|
|
112
110
|
u.test_locks = [
|
113
|
-
TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: false)
|
111
|
+
TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: false)
|
114
112
|
]
|
115
113
|
u.roles = [
|
116
114
|
TestRole.new(test_locks: [
|
@@ -141,7 +139,7 @@ module MongoidAbility
|
|
141
139
|
end
|
142
140
|
|
143
141
|
# ---------------------------------------------------------------------
|
144
|
-
|
142
|
+
|
145
143
|
describe 'class locks' do
|
146
144
|
it 'prefers negative outcome across same class' do
|
147
145
|
TestAbilityResolverSubject.stub(:default_locks, [
|
@@ -155,6 +153,3 @@ module MongoidAbility
|
|
155
153
|
|
156
154
|
end
|
157
155
|
end
|
158
|
-
|
159
|
-
|
160
|
-
|
@@ -9,7 +9,7 @@ class TestLockSub < TestLock
|
|
9
9
|
end
|
10
10
|
|
11
11
|
# ---------------------------------------------------------------------
|
12
|
-
|
12
|
+
|
13
13
|
class TestOwnerSuper
|
14
14
|
include Mongoid::Document
|
15
15
|
include MongoidAbility::Owner
|
@@ -43,7 +43,7 @@ class SubjectSingleTest
|
|
43
43
|
end
|
44
44
|
|
45
45
|
# ---------------------------------------------------------------------
|
46
|
-
|
46
|
+
|
47
47
|
class TestAbilityResolverSubject
|
48
48
|
include Mongoid::Document
|
49
49
|
include MongoidAbility::Subject
|
@@ -66,7 +66,7 @@ class TestAbilitySubject < TestAbilitySubjectSuper1
|
|
66
66
|
end
|
67
67
|
|
68
68
|
# ---------------------------------------------------------------------
|
69
|
-
|
69
|
+
|
70
70
|
class TestRole
|
71
71
|
include Mongoid::Document
|
72
72
|
include MongoidAbility::Owner
|
@@ -75,7 +75,7 @@ class TestRole
|
|
75
75
|
|
76
76
|
embeds_many :test_locks, class_name: 'TestLock', as: :owner
|
77
77
|
has_and_belongs_to_many :users, class_name: 'TestUser'
|
78
|
-
end
|
78
|
+
end
|
79
79
|
|
80
80
|
class TestUser
|
81
81
|
include Mongoid::Document
|
@@ -83,4 +83,4 @@ class TestUser
|
|
83
83
|
|
84
84
|
embeds_many :test_locks, class_name: 'TestLock', as: :owner
|
85
85
|
has_and_belongs_to_many :roles, class_name: 'TestRole'
|
86
|
-
end
|
86
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mongoid_ability
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tomas Celizna
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-07-
|
11
|
+
date: 2015-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: cancancan
|
@@ -162,6 +162,7 @@ files:
|
|
162
162
|
- lib/mongoid_ability/version.rb
|
163
163
|
- mongoid_ability.gemspec
|
164
164
|
- test/mongoid_ability/ability_resolver_test.rb
|
165
|
+
- test/mongoid_ability/ability_role_test.rb
|
165
166
|
- test/mongoid_ability/ability_test.rb
|
166
167
|
- test/mongoid_ability/accessible_query_builder_test.rb
|
167
168
|
- test/mongoid_ability/lock_test.rb
|
@@ -196,6 +197,7 @@ summary: Custom Ability class that allows CanCanCan authorization library store
|
|
196
197
|
in MongoDB via the Mongoid gem.
|
197
198
|
test_files:
|
198
199
|
- test/mongoid_ability/ability_resolver_test.rb
|
200
|
+
- test/mongoid_ability/ability_role_test.rb
|
199
201
|
- test/mongoid_ability/ability_test.rb
|
200
202
|
- test/mongoid_ability/accessible_query_builder_test.rb
|
201
203
|
- test/mongoid_ability/lock_test.rb
|