non_grata 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/Rakefile +26 -0
- data/lib/generators/non_grata/install/install_generator.rb +24 -0
- data/lib/generators/non_grata/install/templates/non_grata_migration.rb +23 -0
- data/lib/generators/non_grata/roles/roles_generator.rb +24 -0
- data/lib/generators/non_grata/roles/templates/non_grata_create_roles_migration.rb +17 -0
- data/lib/generators/non_grata/user/templates/non_grata_user_migration.rb +11 -0
- data/lib/generators/non_grata/user/user_generator.rb +24 -0
- data/lib/non_grata.rb +11 -0
- data/lib/non_grata/authorization.rb +52 -0
- data/lib/non_grata/authorization_privilege.rb +7 -0
- data/lib/non_grata/authorization_role.rb +39 -0
- data/lib/non_grata/controller.rb +9 -0
- data/lib/non_grata/persona.rb +43 -0
- data/lib/non_grata/privilege.rb +62 -0
- data/lib/non_grata/role.rb +32 -0
- data/lib/non_grata/scheme.rb +85 -0
- data/lib/non_grata/tenant.rb +32 -0
- data/lib/non_grata/version.rb +3 -0
- data/lib/tasks/non_grata_tasks.rake +4 -0
- metadata +141 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 96f4abaeeaf2b4b03922aa83795854d111e1c8bb
|
4
|
+
data.tar.gz: 7f411cbd69c7be20bf02abc06c6aef8df227af03
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 7c18e5c609c28a9d805cf38ebbaf2859c3822cf6d37e043a83cee9c13c1e933f2da21d769ade7e783874b14f8a917929ab975d6f8fc2fe4420000b7ad89f51a1
|
7
|
+
data.tar.gz: abe959735ff5d66fab77385a0f2ec483905a4144f75e0c5a14dc72b4dabb005f52cb9269c80a004aeed4ec5f1bd1e6b30d865f336f9b42336c8a4bf0c67d5540
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2014 YOURNAME
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
begin
|
2
|
+
require 'bundler/setup'
|
3
|
+
rescue LoadError
|
4
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
5
|
+
end
|
6
|
+
|
7
|
+
require 'rdoc/task'
|
8
|
+
|
9
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
10
|
+
rdoc.rdoc_dir = 'rdoc'
|
11
|
+
rdoc.title = 'NonGrata'
|
12
|
+
rdoc.options << '--line-numbers'
|
13
|
+
rdoc.rdoc_files.include('README.rdoc')
|
14
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
15
|
+
end
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
|
20
|
+
Bundler::GemHelper.install_tasks
|
21
|
+
require 'rake'
|
22
|
+
require 'rspec/core/rake_task'
|
23
|
+
|
24
|
+
RSpec::Core::RakeTask.new(:spec)
|
25
|
+
|
26
|
+
task :default => :spec
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails/generators/migration'
|
2
|
+
|
3
|
+
module NonGrata
|
4
|
+
module Generators
|
5
|
+
class InstallGenerator < ::Rails::Generators::Base
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
desc "add the migrations"
|
9
|
+
|
10
|
+
def self.next_migration_number(path)
|
11
|
+
unless @prev_migration_nr
|
12
|
+
@prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
|
13
|
+
else
|
14
|
+
@prev_migration_nr += 1
|
15
|
+
end
|
16
|
+
@prev_migration_nr.to_s
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_migrations
|
20
|
+
migration_template "non_grata_migration.rb", "db/migrate/create_non_grata_tables.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
class CreateAbilities < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
|
4
|
+
create_table :role do |t|
|
5
|
+
t.string :name
|
6
|
+
t.integer :tenent_type
|
7
|
+
t.integer :tenent_id
|
8
|
+
t.string :scheme
|
9
|
+
end
|
10
|
+
|
11
|
+
create_table :role_privileges do |t|
|
12
|
+
t.belongs_to :role
|
13
|
+
t.string :resource
|
14
|
+
t.string :action
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
|
19
|
+
def self.down
|
20
|
+
drop_table :role
|
21
|
+
drop_table :role_privileges
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails/generators/migration'
|
2
|
+
|
3
|
+
module NonGrata
|
4
|
+
module Generators
|
5
|
+
class RolesGenerator < ::Rails::Generators::Base
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
desc "Generates roles and roles_privileges tables that are used for databased backed authorization."
|
9
|
+
|
10
|
+
def self.next_migration_number(path)
|
11
|
+
unless @prev_migration_nr
|
12
|
+
@prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
|
13
|
+
else
|
14
|
+
@prev_migration_nr += 1
|
15
|
+
end
|
16
|
+
@prev_migration_nr.to_s
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_migrations
|
20
|
+
migration_template "non_grata_create_roles_migration.rb", "db/migrate/create_non_grata_authorization_roles_table.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class CreateNonGrataAuthorizationRolesTable < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :non_grata_authorization_roles do |t|
|
4
|
+
t.string :name
|
5
|
+
t.string :scheme_name
|
6
|
+
t.integer :tenant_id
|
7
|
+
t.string :tenant_type
|
8
|
+
|
9
|
+
end
|
10
|
+
create_table :non_grata_authorization_role_privileges do |t|
|
11
|
+
t.belongs_to :non_grata_authorization_roles
|
12
|
+
t.string :privilege_name
|
13
|
+
t.string :resource_name
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class AddRolesTo<%= class_name.pluralize %> < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
add_column :<%= plural_table_name %>, :authorization_role, :string
|
4
|
+
add_column :<%= plural_table_name %>, :authorization_scheme, :string
|
5
|
+
end
|
6
|
+
def self.down
|
7
|
+
remove_column :<%= plural_table_name %>, :authorization_role
|
8
|
+
remove_column :<%= plural_table_name %>, :authorization_scheme
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'rails/generators/migration'
|
2
|
+
|
3
|
+
module NonGrata
|
4
|
+
module Generators
|
5
|
+
class UserGenerator < ::Rails::Generators::NamedBase
|
6
|
+
include Rails::Generators::Migration
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
desc "generate migration for roles to user record"
|
9
|
+
|
10
|
+
def self.next_migration_number(path)
|
11
|
+
unless @prev_migration_nr
|
12
|
+
@prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
|
13
|
+
else
|
14
|
+
@prev_migration_nr += 1
|
15
|
+
end
|
16
|
+
@prev_migration_nr.to_s
|
17
|
+
end
|
18
|
+
|
19
|
+
def copy_migrations
|
20
|
+
migration_template "non_grata_user_migration.rb", "db/migrate/add_roles_to_#{name.pluralize}.rb"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
data/lib/non_grata.rb
ADDED
@@ -0,0 +1,11 @@
|
|
1
|
+
require 'non_grata/privilege'
|
2
|
+
require 'non_grata/scheme'
|
3
|
+
require 'non_grata/authorization'
|
4
|
+
require 'non_grata/role'
|
5
|
+
require 'non_grata/persona'
|
6
|
+
require 'non_grata/controller'
|
7
|
+
require 'non_grata/authorization_role'
|
8
|
+
require 'non_grata/authorization_privilege'
|
9
|
+
require 'non_grata/tenant'
|
10
|
+
module NonGrata
|
11
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Authorization
|
3
|
+
def self.create(&block)
|
4
|
+
@schemes = [Scheme.new(:main)]
|
5
|
+
instance_eval(&block)
|
6
|
+
end
|
7
|
+
|
8
|
+
def self.privilege(resource, action)
|
9
|
+
schemes.first.privileges << Privilege.new(resource, action)
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.role(name,&block)
|
13
|
+
main_scheme.role(name, &block)
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.privileges
|
17
|
+
main_scheme.privileges
|
18
|
+
end
|
19
|
+
|
20
|
+
###
|
21
|
+
# returns either an array of all schemes or returns
|
22
|
+
# a specific scheme by name
|
23
|
+
# Ex:
|
24
|
+
# Authorization.schemes <- returns array of all schemes
|
25
|
+
# Authorization.schemes(:main) <- returns the scheme named 'main'
|
26
|
+
def self.schemes(name = nil)
|
27
|
+
name = name if name.is_a? Symbol
|
28
|
+
name = name.to_sym if name.is_a? String
|
29
|
+
|
30
|
+
@schemes ||= [Scheme.new(:main, options)]
|
31
|
+
return @schemes if name.nil?
|
32
|
+
return schemes.find{|i| i.name == name}
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.roles(role_name=nil)
|
36
|
+
main_scheme.roles(role_name)
|
37
|
+
end
|
38
|
+
|
39
|
+
def self.scheme(name, options=nil, &block)
|
40
|
+
scheme = Scheme.new(name, options)
|
41
|
+
if block_given?
|
42
|
+
scheme.config(&block)
|
43
|
+
end
|
44
|
+
schemes << scheme
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.method_missing(sym, *args, &block)
|
48
|
+
return schemes.find{|i| i.name = sym.to_s.sub('_scheme','')} if sym.to_s =~ /[a-z]+_scheme/
|
49
|
+
# raise Error "#{sym} #{args.inspect}"
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class AuthorizationRole < ActiveRecord::Base
|
3
|
+
|
4
|
+
self.table_name = 'non_grata_authorization_roles'
|
5
|
+
|
6
|
+
scope :for_tenant, ->(tenant){ where(tenant_id: tenant.id).where(tenant_type: tenant.class.name.underscore) }
|
7
|
+
|
8
|
+
validates :name, presence: true
|
9
|
+
|
10
|
+
has_many :privileges,
|
11
|
+
class_name: 'AuthorizationPrivilege',
|
12
|
+
foreign_key: 'non_grata_authorization_roles_id',
|
13
|
+
:dependent => :destroy
|
14
|
+
|
15
|
+
def can?(privilege, resource)
|
16
|
+
privileges.exists?(privilege_name: privilege)
|
17
|
+
end
|
18
|
+
|
19
|
+
def grant(privilege_name, resource_name)
|
20
|
+
privilege = privileges.find_by(privilege_name: privilege_name, resource_name: resource_name)
|
21
|
+
return privilege if privilege
|
22
|
+
privileges.create(privilege_name: privilege_name, resource_name: resource_name)
|
23
|
+
end
|
24
|
+
|
25
|
+
def forbid(privilege_name, resource_name)
|
26
|
+
privilege = privileges.find_by(privilege_name: privilege_name, resource_name: resource_name)
|
27
|
+
privilege.destroy if privilege
|
28
|
+
end
|
29
|
+
|
30
|
+
def forbid_all
|
31
|
+
privileges.each(&:destroy)
|
32
|
+
end
|
33
|
+
def scheme
|
34
|
+
NonGrata::Authorization.schemes(self.scheme_name)
|
35
|
+
end
|
36
|
+
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
@@ -0,0 +1,43 @@
|
|
1
|
+
module NonGrata
|
2
|
+
module Persona
|
3
|
+
|
4
|
+
def can?(privilege, resource)
|
5
|
+
user_role = get_role
|
6
|
+
return false unless user_role
|
7
|
+
user_role.can?(privilege, resource)
|
8
|
+
end
|
9
|
+
|
10
|
+
def get_role
|
11
|
+
if get_scheme.is_declaritive?
|
12
|
+
user_role = authorization_role
|
13
|
+
return user_role if user_role.is_a? Role
|
14
|
+
return get_scheme.roles(user_role) if user_role.is_a? Symbol
|
15
|
+
return get_scheme.roles(user_role.to_sym) if user_role.is_a? String
|
16
|
+
end
|
17
|
+
if get_scheme.is_dynamic?
|
18
|
+
NonGrata::AuthorizationRole.find_by(name: authorization_role.to_s, scheme_name: authorization_scheme.to_s)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def get_scheme
|
23
|
+
user_scheme = authorization_scheme
|
24
|
+
return user_scheme if user_scheme.is_a? NonGrata::Scheme
|
25
|
+
return NonGrata::Authorization.schemes(user_scheme) if user_scheme.is_a? Symbol
|
26
|
+
return NonGrata::Authorization.schemes(user_scheme.to_sym) if user_scheme.is_a? String
|
27
|
+
end
|
28
|
+
|
29
|
+
def authorization_scheme
|
30
|
+
:main
|
31
|
+
end
|
32
|
+
|
33
|
+
def grant_role(role_p)
|
34
|
+
role = role_p if role_p.is_a? NonGrata::AuthorizationRole
|
35
|
+
|
36
|
+
if role.scheme.is_declaritive?
|
37
|
+
raise "Can not grant a role from a declaritive scheme."
|
38
|
+
end
|
39
|
+
self.authorization_role = role.name
|
40
|
+
self.authorization_scheme = role.scheme
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,62 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Privilege
|
3
|
+
|
4
|
+
attr_reader :resource
|
5
|
+
attr_reader :action
|
6
|
+
|
7
|
+
def initialize(action, resource)
|
8
|
+
self.resource = resource
|
9
|
+
self.action = action
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
###
|
14
|
+
# OBJECT SETTER
|
15
|
+
# accepts various types of values and retains them in string form
|
16
|
+
# this value can be set as a class type, a class instance, a symbol
|
17
|
+
# or a string. The value is internally stored as a string so if
|
18
|
+
# a class is passed the name of the class is stored.
|
19
|
+
# this allows privileges to be set on a class itself and checked
|
20
|
+
# using an instance of that class.
|
21
|
+
#
|
22
|
+
# for example
|
23
|
+
# privlege.resource = User
|
24
|
+
# privilege.applies_to?(@user)
|
25
|
+
#
|
26
|
+
def resource=(value)
|
27
|
+
return @resource = value.name.underscore.to_sym if value.is_a? Class
|
28
|
+
return @resource = value if value.is_a? Symbol
|
29
|
+
return @resource = value.underscore.to_sym if value.is_a? String
|
30
|
+
return @resource = value.class.name.underscore.to_sym if value.is_a? Object
|
31
|
+
end
|
32
|
+
|
33
|
+
def action=(value)
|
34
|
+
@action = value.to_sym
|
35
|
+
end
|
36
|
+
###
|
37
|
+
# APPLIES_TO?
|
38
|
+
# @params:
|
39
|
+
# resource - an resource to test if the privilege applies to
|
40
|
+
# Will determen if the privilege applies to the given passed
|
41
|
+
# resource. This resourceect can be a class type, class instance, or
|
42
|
+
# a string.
|
43
|
+
#
|
44
|
+
def applies_to?(resource_obj)
|
45
|
+
resource_sym = nil
|
46
|
+
case resource_obj
|
47
|
+
when String
|
48
|
+
resource_sym = resource_obj.underscore.to_sym
|
49
|
+
when Symbol
|
50
|
+
resource_sym = resource_obj
|
51
|
+
when Class
|
52
|
+
resource_sym = resource_obj.name.underscore.to_sym
|
53
|
+
else
|
54
|
+
resource_sym = resource_obj.class.name.underscore.to_sym
|
55
|
+
end
|
56
|
+
|
57
|
+
return (resource_sym == @resource)
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Role
|
3
|
+
attr_accessor :name
|
4
|
+
# initialize
|
5
|
+
# params:
|
6
|
+
# - name: role name
|
7
|
+
def initialize(name)
|
8
|
+
@name = name end
|
9
|
+
|
10
|
+
def privileges
|
11
|
+
@privileges ||= []
|
12
|
+
end
|
13
|
+
|
14
|
+
def privilege(action, resource)
|
15
|
+
privileges << Privilege.new(action, resource)
|
16
|
+
end
|
17
|
+
|
18
|
+
def config(&block)
|
19
|
+
instance_eval(&block) if block_given?
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.privilege(action, resource)
|
23
|
+
privileges << Privilege.new(action, resource)
|
24
|
+
end
|
25
|
+
|
26
|
+
def can?(action, resource)
|
27
|
+
priv = privileges.find{|i| i.applies_to?(resource) && i.action == action}
|
28
|
+
return priv.nil? ? false : true
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,85 @@
|
|
1
|
+
module NonGrata
|
2
|
+
class Scheme
|
3
|
+
attr_accessor :style, :tenantable
|
4
|
+
def initialize(scheme_name='main', options={})
|
5
|
+
@name = scheme_name
|
6
|
+
self.style = :declaritive
|
7
|
+
|
8
|
+
options.each do |k,v|
|
9
|
+
send("#{k.to_s}=",v) if self.respond_to?("#{k}=")
|
10
|
+
end
|
11
|
+
end
|
12
|
+
def is_declaritive?
|
13
|
+
self.style == :declaritive
|
14
|
+
end
|
15
|
+
def is_dynamic?
|
16
|
+
self.style == :db
|
17
|
+
end
|
18
|
+
###
|
19
|
+
# returns a list of privileges for this scheme
|
20
|
+
#
|
21
|
+
def privileges
|
22
|
+
@privileges ||= []
|
23
|
+
end
|
24
|
+
|
25
|
+
def name
|
26
|
+
@name
|
27
|
+
end
|
28
|
+
|
29
|
+
def name=(value)
|
30
|
+
@name = value.to_sym
|
31
|
+
end
|
32
|
+
|
33
|
+
###
|
34
|
+
# returns a list of roles for this scheme or returns a
|
35
|
+
# specific role by name
|
36
|
+
# Ex:
|
37
|
+
# scheme.roles <- returns an array of all roles
|
38
|
+
# scheme.roles(:user) <- returns the user role
|
39
|
+
#
|
40
|
+
def roles(role_name = nil)
|
41
|
+
@roles ||= []
|
42
|
+
return @roles if role_name.nil?
|
43
|
+
return @roles.find{|i| i.name == role_name}
|
44
|
+
end
|
45
|
+
|
46
|
+
###
|
47
|
+
# this function is used by the configuration DSL
|
48
|
+
# and should not be called directly.
|
49
|
+
# adds a new privilege to the scheme
|
50
|
+
#
|
51
|
+
def privilege(resource, name)
|
52
|
+
if self.style == :declaritive
|
53
|
+
raise "Can not set privileges on a declaritive scheme. Privileges must be inside a role."
|
54
|
+
end
|
55
|
+
privileges << Privilege.new(resource, name)
|
56
|
+
end
|
57
|
+
|
58
|
+
###
|
59
|
+
# this function is used by the configuration DSL
|
60
|
+
# and should not be called directly. It is used
|
61
|
+
# to add a new role to the scheme
|
62
|
+
#
|
63
|
+
def role(name, &block)
|
64
|
+
r = Role.new(name)
|
65
|
+
r.config(&block)
|
66
|
+
roles << r
|
67
|
+
end
|
68
|
+
|
69
|
+
###
|
70
|
+
# called by the configuration DSL in order to parse
|
71
|
+
# a scheme block.
|
72
|
+
#
|
73
|
+
# example:
|
74
|
+
# scheme.config do
|
75
|
+
# role :user do
|
76
|
+
# privilege :site, :login
|
77
|
+
# end
|
78
|
+
# end
|
79
|
+
def config(&block)
|
80
|
+
instance_eval(&block)
|
81
|
+
end
|
82
|
+
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
@@ -0,0 +1,32 @@
|
|
1
|
+
module NonGrata
|
2
|
+
module Tenant
|
3
|
+
|
4
|
+
def create_role(attributes)
|
5
|
+
attributes[:tenant_id] ||= self.id
|
6
|
+
attributes[:tenant_type] ||= self.class.name
|
7
|
+
attributes[:scheme_name] ||= self.authorization_scheme
|
8
|
+
role = NonGrata::AuthorizationRole.create(attributes)
|
9
|
+
end
|
10
|
+
|
11
|
+
def roles
|
12
|
+
NonGrata::AuthorizationRole.where(tenant_id: self.id, tenant_type: self.class.name)
|
13
|
+
end
|
14
|
+
|
15
|
+
def destroy_role(name)
|
16
|
+
role = NonGrata::AuthorizationRole.find_by(
|
17
|
+
name: name,
|
18
|
+
scheme_name: authorization_scheme.to_s,
|
19
|
+
tenant_id: self.id, tenant_type: self.class.name)
|
20
|
+
role.destroy if role
|
21
|
+
end
|
22
|
+
|
23
|
+
def authorization_roles
|
24
|
+
NonGrata:AuthorizationRole.where(tenant_id: self.id, tenant_type: self.class.name)
|
25
|
+
end
|
26
|
+
|
27
|
+
def authorization_scheme
|
28
|
+
:main
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
end
|
metadata
ADDED
@@ -0,0 +1,141 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: non_grata
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Joe Bellus
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2014-06-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: rails
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '4.1'
|
20
|
+
- - '>='
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 4.1.1
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '4.1'
|
30
|
+
- - '>='
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 4.1.1
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: sqlite3
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ~>
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
type: :development
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - ~>
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '0'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rspec-rails
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - ~>
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - ~>
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: guard
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ~>
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ~>
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
75
|
+
- !ruby/object:Gem::Dependency
|
76
|
+
name: guard-rspec
|
77
|
+
requirement: !ruby/object:Gem::Requirement
|
78
|
+
requirements:
|
79
|
+
- - ~>
|
80
|
+
- !ruby/object:Gem::Version
|
81
|
+
version: '0'
|
82
|
+
type: :development
|
83
|
+
prerelease: false
|
84
|
+
version_requirements: !ruby/object:Gem::Requirement
|
85
|
+
requirements:
|
86
|
+
- - ~>
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
description: NonGrata is a highly configurable authorization system for rails applications.
|
90
|
+
Supporting simple declarite authorziation and multitenant configurable roles.
|
91
|
+
email:
|
92
|
+
- joe@confluentlight.com
|
93
|
+
executables: []
|
94
|
+
extensions: []
|
95
|
+
extra_rdoc_files: []
|
96
|
+
files:
|
97
|
+
- MIT-LICENSE
|
98
|
+
- Rakefile
|
99
|
+
- lib/generators/non_grata/install/install_generator.rb
|
100
|
+
- lib/generators/non_grata/install/templates/non_grata_migration.rb
|
101
|
+
- lib/generators/non_grata/roles/roles_generator.rb
|
102
|
+
- lib/generators/non_grata/roles/templates/non_grata_create_roles_migration.rb
|
103
|
+
- lib/generators/non_grata/user/templates/non_grata_user_migration.rb
|
104
|
+
- lib/generators/non_grata/user/user_generator.rb
|
105
|
+
- lib/non_grata.rb
|
106
|
+
- lib/non_grata/authorization.rb
|
107
|
+
- lib/non_grata/authorization_privilege.rb
|
108
|
+
- lib/non_grata/authorization_role.rb
|
109
|
+
- lib/non_grata/controller.rb
|
110
|
+
- lib/non_grata/persona.rb
|
111
|
+
- lib/non_grata/privilege.rb
|
112
|
+
- lib/non_grata/role.rb
|
113
|
+
- lib/non_grata/scheme.rb
|
114
|
+
- lib/non_grata/tenant.rb
|
115
|
+
- lib/non_grata/version.rb
|
116
|
+
- lib/tasks/non_grata_tasks.rake
|
117
|
+
homepage: https://github.com/viaov/non_grata
|
118
|
+
licenses:
|
119
|
+
- MIT
|
120
|
+
metadata: {}
|
121
|
+
post_install_message:
|
122
|
+
rdoc_options: []
|
123
|
+
require_paths:
|
124
|
+
- lib
|
125
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
126
|
+
requirements:
|
127
|
+
- - '>='
|
128
|
+
- !ruby/object:Gem::Version
|
129
|
+
version: '0'
|
130
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
131
|
+
requirements:
|
132
|
+
- - '>='
|
133
|
+
- !ruby/object:Gem::Version
|
134
|
+
version: '0'
|
135
|
+
requirements: []
|
136
|
+
rubyforge_project:
|
137
|
+
rubygems_version: 2.2.2
|
138
|
+
signing_key:
|
139
|
+
specification_version: 4
|
140
|
+
summary: Highly configurable authorization system for rails applications.
|
141
|
+
test_files: []
|