non_grata 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/Rakefile +26 -0
- data/lib/generators/non_grata/install/install_generator.rb +24 -0
- data/lib/generators/non_grata/install/templates/non_grata_migration.rb +23 -0
- data/lib/generators/non_grata/roles/roles_generator.rb +24 -0
- data/lib/generators/non_grata/roles/templates/non_grata_create_roles_migration.rb +17 -0
- data/lib/generators/non_grata/user/templates/non_grata_user_migration.rb +11 -0
- data/lib/generators/non_grata/user/user_generator.rb +24 -0
- data/lib/non_grata.rb +11 -0
- data/lib/non_grata/authorization.rb +52 -0
- data/lib/non_grata/authorization_privilege.rb +7 -0
- data/lib/non_grata/authorization_role.rb +39 -0
- data/lib/non_grata/controller.rb +9 -0
- data/lib/non_grata/persona.rb +43 -0
- data/lib/non_grata/privilege.rb +62 -0
- data/lib/non_grata/role.rb +32 -0
- data/lib/non_grata/scheme.rb +85 -0
- data/lib/non_grata/tenant.rb +32 -0
- data/lib/non_grata/version.rb +3 -0
- data/lib/tasks/non_grata_tasks.rake +4 -0
- metadata +141 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 96f4abaeeaf2b4b03922aa83795854d111e1c8bb
|
4
|
+
data.tar.gz: 7f411cbd69c7be20bf02abc06c6aef8df227af03
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 7c18e5c609c28a9d805cf38ebbaf2859c3822cf6d37e043a83cee9c13c1e933f2da21d769ade7e783874b14f8a917929ab975d6f8fc2fe4420000b7ad89f51a1
|
7
|
+
data.tar.gz: abe959735ff5d66fab77385a0f2ec483905a4144f75e0c5a14dc72b4dabb005f52cb9269c80a004aeed4ec5f1bd1e6b30d865f336f9b42336c8a4bf0c67d5540
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2014 YOURNAME
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'NonGrata'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.rdoc')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
|
20
|
+
Bundler::GemHelper.install_tasks
|
21
|
+
require 'rake'
|
22
|
+
require 'rspec/core/rake_task'
|
23
|
+
|
24
|
+
RSpec::Core::RakeTask.new(:spec)
|
25
|
+
|
26
|
+
task :default => :spec
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails/generators/migration'
|
2
|
+
|
3
|
+
module NonGrata
|
4
|
+
module Generators
|
5
|
+
class InstallGenerator < ::Rails::Generators::Base
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
desc "add the migrations"
|
9
|
+
|
10
|
+
def self.next_migration_number(path)
|
11
|
+
unless @prev_migration_nr
|
12
|
+
@prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
|
13
|
+
else
|
14
|
+
@prev_migration_nr += 1
|
15
|
+
end
|
16
|
+
@prev_migration_nr.to_s
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_migrations
|
20
|
+
migration_template "non_grata_migration.rb", "db/migrate/create_non_grata_tables.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
class CreateAbilities < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
|
4
|
+
create_table :role do |t|
|
5
|
+
t.string :name
|
6
|
+
t.integer :tenent_type
|
7
|
+
t.integer :tenent_id
|
8
|
+
t.string :scheme
|
9
|
+
end
|
10
|
+
|
11
|
+
create_table :role_privileges do |t|
|
12
|
+
t.belongs_to :role
|
13
|
+
t.string :resource
|
14
|
+
t.string :action
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
def self.down
|
20
|
+
drop_table :role
|
21
|
+
drop_table :role_privileges
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails/generators/migration'
|
2
|
+
|
3
|
+
module NonGrata
|
4
|
+
module Generators
|
5
|
+
class RolesGenerator < ::Rails::Generators::Base
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
desc "Generates roles and roles_privileges tables that are used for databased backed authorization."
|
9
|
+
|
10
|
+
def self.next_migration_number(path)
|
11
|
+
unless @prev_migration_nr
|
12
|
+
@prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
|
13
|
+
else
|
14
|
+
@prev_migration_nr += 1
|
15
|
+
end
|
16
|
+
@prev_migration_nr.to_s
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_migrations
|
20
|
+
migration_template "non_grata_create_roles_migration.rb", "db/migrate/create_non_grata_authorization_roles_table.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class CreateNonGrataAuthorizationRolesTable < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :non_grata_authorization_roles do |t|
|
4
|
+
t.string :name
|
5
|
+
t.string :scheme_name
|
6
|
+
t.integer :tenant_id
|
7
|
+
t.string :tenant_type
|
8
|
+
|
9
|
+
end
|
10
|
+
create_table :non_grata_authorization_role_privileges do |t|
|
11
|
+
t.belongs_to :non_grata_authorization_roles
|
12
|
+
t.string :privilege_name
|
13
|
+
t.string :resource_name
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class AddRolesTo<%= class_name.pluralize %> < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
add_column :<%= plural_table_name %>, :authorization_role, :string
|
4
|
+
add_column :<%= plural_table_name %>, :authorization_scheme, :string
|
5
|
+
end
|
6
|
+
def self.down
|
7
|
+
remove_column :<%= plural_table_name %>, :authorization_role
|
8
|
+
remove_column :<%= plural_table_name %>, :authorization_scheme
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails/generators/migration'
|
2
|
+
|
3
|
+
module NonGrata
|
4
|
+
module Generators
|
5
|
+
class UserGenerator < ::Rails::Generators::NamedBase
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
desc "generate migration for roles to user record"
|
9
|
+
|
10
|
+
def self.next_migration_number(path)
|
11
|
+
unless @prev_migration_nr
|
12
|
+
@prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
|
13
|
+
else
|
14
|
+
@prev_migration_nr += 1
|
15
|
+
end
|
16
|
+
@prev_migration_nr.to_s
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_migrations
|
20
|
+
migration_template "non_grata_user_migration.rb", "db/migrate/add_roles_to_#{name.pluralize}.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/lib/non_grata.rb
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
require 'non_grata/privilege'
|
2
|
+
require 'non_grata/scheme'
|
3
|
+
require 'non_grata/authorization'
|
4
|
+
require 'non_grata/role'
|
5
|
+
require 'non_grata/persona'
|
6
|
+
require 'non_grata/controller'
|
7
|
+
require 'non_grata/authorization_role'
|
8
|
+
require 'non_grata/authorization_privilege'
|
9
|
+
require 'non_grata/tenant'
|
10
|
+
module NonGrata
|
11
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Authorization
|
3
|
+
def self.create(&block)
|
4
|
+
@schemes = [Scheme.new(:main)]
|
5
|
+
instance_eval(&block)
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.privilege(resource, action)
|
9
|
+
schemes.first.privileges << Privilege.new(resource, action)
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.role(name,&block)
|
13
|
+
main_scheme.role(name, &block)
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.privileges
|
17
|
+
main_scheme.privileges
|
18
|
+
end
|
19
|
+
|
20
|
+
###
|
21
|
+
# returns either an array of all schemes or returns
|
22
|
+
# a specific scheme by name
|
23
|
+
# Ex:
|
24
|
+
# Authorization.schemes <- returns array of all schemes
|
25
|
+
# Authorization.schemes(:main) <- returns the scheme named 'main'
|
26
|
+
def self.schemes(name = nil)
|
27
|
+
name = name if name.is_a? Symbol
|
28
|
+
name = name.to_sym if name.is_a? String
|
29
|
+
|
30
|
+
@schemes ||= [Scheme.new(:main, options)]
|
31
|
+
return @schemes if name.nil?
|
32
|
+
return schemes.find{|i| i.name == name}
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.roles(role_name=nil)
|
36
|
+
main_scheme.roles(role_name)
|
37
|
+
end
|
38
|
+
|
39
|
+
def self.scheme(name, options=nil, &block)
|
40
|
+
scheme = Scheme.new(name, options)
|
41
|
+
if block_given?
|
42
|
+
scheme.config(&block)
|
43
|
+
end
|
44
|
+
schemes << scheme
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.method_missing(sym, *args, &block)
|
48
|
+
return schemes.find{|i| i.name = sym.to_s.sub('_scheme','')} if sym.to_s =~ /[a-z]+_scheme/
|
49
|
+
# raise Error "#{sym} #{args.inspect}"
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class AuthorizationRole < ActiveRecord::Base
|
3
|
+
|
4
|
+
self.table_name = 'non_grata_authorization_roles'
|
5
|
+
|
6
|
+
scope :for_tenant, ->(tenant){ where(tenant_id: tenant.id).where(tenant_type: tenant.class.name.underscore) }
|
7
|
+
|
8
|
+
validates :name, presence: true
|
9
|
+
|
10
|
+
has_many :privileges,
|
11
|
+
class_name: 'AuthorizationPrivilege',
|
12
|
+
foreign_key: 'non_grata_authorization_roles_id',
|
13
|
+
:dependent => :destroy
|
14
|
+
|
15
|
+
def can?(privilege, resource)
|
16
|
+
privileges.exists?(privilege_name: privilege)
|
17
|
+
end
|
18
|
+
|
19
|
+
def grant(privilege_name, resource_name)
|
20
|
+
privilege = privileges.find_by(privilege_name: privilege_name, resource_name: resource_name)
|
21
|
+
return privilege if privilege
|
22
|
+
privileges.create(privilege_name: privilege_name, resource_name: resource_name)
|
23
|
+
end
|
24
|
+
|
25
|
+
def forbid(privilege_name, resource_name)
|
26
|
+
privilege = privileges.find_by(privilege_name: privilege_name, resource_name: resource_name)
|
27
|
+
privilege.destroy if privilege
|
28
|
+
end
|
29
|
+
|
30
|
+
def forbid_all
|
31
|
+
privileges.each(&:destroy)
|
32
|
+
end
|
33
|
+
def scheme
|
34
|
+
NonGrata::Authorization.schemes(self.scheme_name)
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
@@ -0,0 +1,43 @@
|
|
1
|
+
module NonGrata
|
2
|
+
module Persona
|
3
|
+
|
4
|
+
def can?(privilege, resource)
|
5
|
+
user_role = get_role
|
6
|
+
return false unless user_role
|
7
|
+
user_role.can?(privilege, resource)
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_role
|
11
|
+
if get_scheme.is_declaritive?
|
12
|
+
user_role = authorization_role
|
13
|
+
return user_role if user_role.is_a? Role
|
14
|
+
return get_scheme.roles(user_role) if user_role.is_a? Symbol
|
15
|
+
return get_scheme.roles(user_role.to_sym) if user_role.is_a? String
|
16
|
+
end
|
17
|
+
if get_scheme.is_dynamic?
|
18
|
+
NonGrata::AuthorizationRole.find_by(name: authorization_role.to_s, scheme_name: authorization_scheme.to_s)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def get_scheme
|
23
|
+
user_scheme = authorization_scheme
|
24
|
+
return user_scheme if user_scheme.is_a? NonGrata::Scheme
|
25
|
+
return NonGrata::Authorization.schemes(user_scheme) if user_scheme.is_a? Symbol
|
26
|
+
return NonGrata::Authorization.schemes(user_scheme.to_sym) if user_scheme.is_a? String
|
27
|
+
end
|
28
|
+
|
29
|
+
def authorization_scheme
|
30
|
+
:main
|
31
|
+
end
|
32
|
+
|
33
|
+
def grant_role(role_p)
|
34
|
+
role = role_p if role_p.is_a? NonGrata::AuthorizationRole
|
35
|
+
|
36
|
+
if role.scheme.is_declaritive?
|
37
|
+
raise "Can not grant a role from a declaritive scheme."
|
38
|
+
end
|
39
|
+
self.authorization_role = role.name
|
40
|
+
self.authorization_scheme = role.scheme
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Privilege
|
3
|
+
|
4
|
+
attr_reader :resource
|
5
|
+
attr_reader :action
|
6
|
+
|
7
|
+
def initialize(action, resource)
|
8
|
+
self.resource = resource
|
9
|
+
self.action = action
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
###
|
14
|
+
# OBJECT SETTER
|
15
|
+
# accepts various types of values and retains them in string form
|
16
|
+
# this value can be set as a class type, a class instance, a symbol
|
17
|
+
# or a string. The value is internally stored as a string so if
|
18
|
+
# a class is passed the name of the class is stored.
|
19
|
+
# this allows privileges to be set on a class itself and checked
|
20
|
+
# using an instance of that class.
|
21
|
+
#
|
22
|
+
# for example
|
23
|
+
# privlege.resource = User
|
24
|
+
# privilege.applies_to?(@user)
|
25
|
+
#
|
26
|
+
def resource=(value)
|
27
|
+
return @resource = value.name.underscore.to_sym if value.is_a? Class
|
28
|
+
return @resource = value if value.is_a? Symbol
|
29
|
+
return @resource = value.underscore.to_sym if value.is_a? String
|
30
|
+
return @resource = value.class.name.underscore.to_sym if value.is_a? Object
|
31
|
+
end
|
32
|
+
|
33
|
+
def action=(value)
|
34
|
+
@action = value.to_sym
|
35
|
+
end
|
36
|
+
###
|
37
|
+
# APPLIES_TO?
|
38
|
+
# @params:
|
39
|
+
# resource - an resource to test if the privilege applies to
|
40
|
+
# Will determen if the privilege applies to the given passed
|
41
|
+
# resource. This resourceect can be a class type, class instance, or
|
42
|
+
# a string.
|
43
|
+
#
|
44
|
+
def applies_to?(resource_obj)
|
45
|
+
resource_sym = nil
|
46
|
+
case resource_obj
|
47
|
+
when String
|
48
|
+
resource_sym = resource_obj.underscore.to_sym
|
49
|
+
when Symbol
|
50
|
+
resource_sym = resource_obj
|
51
|
+
when Class
|
52
|
+
resource_sym = resource_obj.name.underscore.to_sym
|
53
|
+
else
|
54
|
+
resource_sym = resource_obj.class.name.underscore.to_sym
|
55
|
+
end
|
56
|
+
|
57
|
+
return (resource_sym == @resource)
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Role
|
3
|
+
attr_accessor :name
|
4
|
+
# initialize
|
5
|
+
# params:
|
6
|
+
# - name: role name
|
7
|
+
def initialize(name)
|
8
|
+
@name = name end
|
9
|
+
|
10
|
+
def privileges
|
11
|
+
@privileges ||= []
|
12
|
+
end
|
13
|
+
|
14
|
+
def privilege(action, resource)
|
15
|
+
privileges << Privilege.new(action, resource)
|
16
|
+
end
|
17
|
+
|
18
|
+
def config(&block)
|
19
|
+
instance_eval(&block) if block_given?
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.privilege(action, resource)
|
23
|
+
privileges << Privilege.new(action, resource)
|
24
|
+
end
|
25
|
+
|
26
|
+
def can?(action, resource)
|
27
|
+
priv = privileges.find{|i| i.applies_to?(resource) && i.action == action}
|
28
|
+
return priv.nil? ? false : true
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,85 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Scheme
|
3
|
+
attr_accessor :style, :tenantable
|
4
|
+
def initialize(scheme_name='main', options={})
|
5
|
+
@name = scheme_name
|
6
|
+
self.style = :declaritive
|
7
|
+
|
8
|
+
options.each do |k,v|
|
9
|
+
send("#{k.to_s}=",v) if self.respond_to?("#{k}=")
|
10
|
+
end
|
11
|
+
end
|
12
|
+
def is_declaritive?
|
13
|
+
self.style == :declaritive
|
14
|
+
end
|
15
|
+
def is_dynamic?
|
16
|
+
self.style == :db
|
17
|
+
end
|
18
|
+
###
|
19
|
+
# returns a list of privileges for this scheme
|
20
|
+
#
|
21
|
+
def privileges
|
22
|
+
@privileges ||= []
|
23
|
+
end
|
24
|
+
|
25
|
+
def name
|
26
|
+
@name
|
27
|
+
end
|
28
|
+
|
29
|
+
def name=(value)
|
30
|
+
@name = value.to_sym
|
31
|
+
end
|
32
|
+
|
33
|
+
###
|
34
|
+
# returns a list of roles for this scheme or returns a
|
35
|
+
# specific role by name
|
36
|
+
# Ex:
|
37
|
+
# scheme.roles <- returns an array of all roles
|
38
|
+
# scheme.roles(:user) <- returns the user role
|
39
|
+
#
|
40
|
+
def roles(role_name = nil)
|
41
|
+
@roles ||= []
|
42
|
+
return @roles if role_name.nil?
|
43
|
+
return @roles.find{|i| i.name == role_name}
|
44
|
+
end
|
45
|
+
|
46
|
+
###
|
47
|
+
# this function is used by the configuration DSL
|
48
|
+
# and should not be called directly.
|
49
|
+
# adds a new privilege to the scheme
|
50
|
+
#
|
51
|
+
def privilege(resource, name)
|
52
|
+
if self.style == :declaritive
|
53
|
+
raise "Can not set privileges on a declaritive scheme. Privileges must be inside a role."
|
54
|
+
end
|
55
|
+
privileges << Privilege.new(resource, name)
|
56
|
+
end
|
57
|
+
|
58
|
+
###
|
59
|
+
# this function is used by the configuration DSL
|
60
|
+
# and should not be called directly. It is used
|
61
|
+
# to add a new role to the scheme
|
62
|
+
#
|
63
|
+
def role(name, &block)
|
64
|
+
r = Role.new(name)
|
65
|
+
r.config(&block)
|
66
|
+
roles << r
|
67
|
+
end
|
68
|
+
|
69
|
+
###
|
70
|
+
# called by the configuration DSL in order to parse
|
71
|
+
# a scheme block.
|
72
|
+
#
|
73
|
+
# example:
|
74
|
+
# scheme.config do
|
75
|
+
# role :user do
|
76
|
+
# privilege :site, :login
|
77
|
+
# end
|
78
|
+
# end
|
79
|
+
def config(&block)
|
80
|
+
instance_eval(&block)
|
81
|
+
end
|
82
|
+
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module NonGrata
|
2
|
+
module Tenant
|
3
|
+
|
4
|
+
def create_role(attributes)
|
5
|
+
attributes[:tenant_id] ||= self.id
|
6
|
+
attributes[:tenant_type] ||= self.class.name
|
7
|
+
attributes[:scheme_name] ||= self.authorization_scheme
|
8
|
+
role = NonGrata::AuthorizationRole.create(attributes)
|
9
|
+
end
|
10
|
+
|
11
|
+
def roles
|
12
|
+
NonGrata::AuthorizationRole.where(tenant_id: self.id, tenant_type: self.class.name)
|
13
|
+
end
|
14
|
+
|
15
|
+
def destroy_role(name)
|
16
|
+
role = NonGrata::AuthorizationRole.find_by(
|
17
|
+
name: name,
|
18
|
+
scheme_name: authorization_scheme.to_s,
|
19
|
+
tenant_id: self.id, tenant_type: self.class.name)
|
20
|
+
role.destroy if role
|
21
|
+
end
|
22
|
+
|
23
|
+
def authorization_roles
|
24
|
+
NonGrata:AuthorizationRole.where(tenant_id: self.id, tenant_type: self.class.name)
|
25
|
+
end
|
26
|
+
|
27
|
+
def authorization_scheme
|
28
|
+
:main
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
end
|
metadata
ADDED
@@ -0,0 +1,141 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: non_grata
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Joe Bellus
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-06-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '4.1'
|
20
|
+
- - '>='
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 4.1.1
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '4.1'
|
30
|
+
- - '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 4.1.1
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: sqlite3
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ~>
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
type: :development
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - ~>
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '0'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rspec-rails
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - ~>
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - ~>
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: guard
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ~>
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ~>
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: guard-rspec
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - ~>
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
type: :development
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ~>
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
description: NonGrata is a highly configurable authorization system for rails applications.
|
90
|
+
Supporting simple declarite authorziation and multitenant configurable roles.
|
91
|
+
email:
|
92
|
+
- joe@confluentlight.com
|
93
|
+
executables: []
|
94
|
+
extensions: []
|
95
|
+
extra_rdoc_files: []
|
96
|
+
files:
|
97
|
+
- MIT-LICENSE
|
98
|
+
- Rakefile
|
99
|
+
- lib/generators/non_grata/install/install_generator.rb
|
100
|
+
- lib/generators/non_grata/install/templates/non_grata_migration.rb
|
101
|
+
- lib/generators/non_grata/roles/roles_generator.rb
|
102
|
+
- lib/generators/non_grata/roles/templates/non_grata_create_roles_migration.rb
|
103
|
+
- lib/generators/non_grata/user/templates/non_grata_user_migration.rb
|
104
|
+
- lib/generators/non_grata/user/user_generator.rb
|
105
|
+
- lib/non_grata.rb
|
106
|
+
- lib/non_grata/authorization.rb
|
107
|
+
- lib/non_grata/authorization_privilege.rb
|
108
|
+
- lib/non_grata/authorization_role.rb
|
109
|
+
- lib/non_grata/controller.rb
|
110
|
+
- lib/non_grata/persona.rb
|
111
|
+
- lib/non_grata/privilege.rb
|
112
|
+
- lib/non_grata/role.rb
|
113
|
+
- lib/non_grata/scheme.rb
|
114
|
+
- lib/non_grata/tenant.rb
|
115
|
+
- lib/non_grata/version.rb
|
116
|
+
- lib/tasks/non_grata_tasks.rake
|
117
|
+
homepage: https://github.com/viaov/non_grata
|
118
|
+
licenses:
|
119
|
+
- MIT
|
120
|
+
metadata: {}
|
121
|
+
post_install_message:
|
122
|
+
rdoc_options: []
|
123
|
+
require_paths:
|
124
|
+
- lib
|
125
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
126
|
+
requirements:
|
127
|
+
- - '>='
|
128
|
+
- !ruby/object:Gem::Version
|
129
|
+
version: '0'
|
130
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
131
|
+
requirements:
|
132
|
+
- - '>='
|
133
|
+
- !ruby/object:Gem::Version
|
134
|
+
version: '0'
|
135
|
+
requirements: []
|
136
|
+
rubyforge_project:
|
137
|
+
rubygems_version: 2.2.2
|
138
|
+
signing_key:
|
139
|
+
specification_version: 4
|
140
|
+
summary: Highly configurable authorization system for rails applications.
|
141
|
+
test_files: []
|