papers_please 0.1.3 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/workflows/release.yml +27 -0
- data/.github/workflows/test.yml +28 -0
- data/.rubocop.yml +137 -0
- data/Gemfile +2 -0
- data/Gemfile.lock +54 -27
- data/Rakefile +2 -0
- data/bin/console +1 -0
- data/lib/papers_please/errors.rb +2 -0
- data/lib/papers_please/permission.rb +4 -1
- data/lib/papers_please/policy.rb +61 -17
- data/lib/papers_please/rails/controller_methods.rb +2 -0
- data/lib/papers_please/railtie.rb +2 -0
- data/lib/papers_please/role.rb +64 -40
- data/lib/papers_please/tasks/papers_please.rake +3 -1
- data/lib/papers_please/version.rb +3 -1
- data/lib/papers_please.rb +9 -2
- data/papers_please.gemspec +6 -2
- metadata +38 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: d8107fa501a7483009cafcfb51d09a5672fbc62b881b8752efdb65fcfa559383
|
4
|
+
data.tar.gz: 6059429b9c9b8465ca349762798b04a639d386a0a260c441706e69e36cf7d5e7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8f52cdec93ad99933c4a940d64e10c9912ec2d9f9a3f25a39fa0a3d9b56ab770957204752dc68a1aed1938dc4b9968158968ac74bf35a7ccaf64e2b8e9664d0c
|
7
|
+
data.tar.gz: 7c116ec7dbb9a4193cccfa1649163c37020ea7a13a71414f15989a8ea71589739651bd08ee55c5a9f60b5b4341bf32666fc21a806b5aee9a28622db871ade35d
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# .github/workflows/release.yml
|
2
|
+
|
3
|
+
name: Release
|
4
|
+
|
5
|
+
on:
|
6
|
+
workflow_dispatch:
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
release:
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
steps:
|
12
|
+
- uses: actions/checkout@v2
|
13
|
+
- uses: ruby/setup-ruby@v1
|
14
|
+
with:
|
15
|
+
ruby-version: 3.0.0
|
16
|
+
- run: bundle install
|
17
|
+
- name: publish gem
|
18
|
+
run: |
|
19
|
+
mkdir -p $HOME/.gem
|
20
|
+
touch $HOME/.gem/credentials
|
21
|
+
chmod 0600 $HOME/.gem/credentials
|
22
|
+
printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
23
|
+
gem build *.gemspec
|
24
|
+
gem push *.gem
|
25
|
+
env:
|
26
|
+
GEM_HOST_API_KEY: "${{secrets.RUBYGEMS_AUTH_TOKEN}}"
|
27
|
+
|
@@ -0,0 +1,28 @@
|
|
1
|
+
name: Test & Lint
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
branches: [main]
|
6
|
+
pull_request:
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
test:
|
10
|
+
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
|
13
|
+
strategy:
|
14
|
+
matrix:
|
15
|
+
ruby-version: ['3.1', '3.0', '2.7']
|
16
|
+
|
17
|
+
steps:
|
18
|
+
- uses: actions/checkout@v3
|
19
|
+
- name: Set up Ruby
|
20
|
+
uses: ruby/setup-ruby@359bebbc29cbe6c87da6bc9ea3bc930432750108
|
21
|
+
with:
|
22
|
+
ruby-version: ${{ matrix.ruby-version }}
|
23
|
+
- name: Install dependencies
|
24
|
+
run: bundle install
|
25
|
+
- name: Rubocop
|
26
|
+
run: rubocop
|
27
|
+
- name: Run tests
|
28
|
+
run: bundle exec rake
|
data/.rubocop.yml
ADDED
@@ -0,0 +1,137 @@
|
|
1
|
+
require: rubocop-rspec
|
2
|
+
|
3
|
+
AllCops:
|
4
|
+
NewCops: enable
|
5
|
+
SuggestExtensions: false
|
6
|
+
TargetRubyVersion: 3.1
|
7
|
+
Include:
|
8
|
+
- 'lib/**/*.rb'
|
9
|
+
- 'spec/**/*.rb'
|
10
|
+
- '**/Gemfile'
|
11
|
+
- '**/Rakefile'
|
12
|
+
Exclude:
|
13
|
+
- 'bin/**/*'
|
14
|
+
- 'spec/fixtures/**/*.rb'
|
15
|
+
|
16
|
+
Style/HashSyntax:
|
17
|
+
EnforcedShorthandSyntax: never
|
18
|
+
|
19
|
+
Style/Documentation:
|
20
|
+
Enabled: false
|
21
|
+
|
22
|
+
Naming/BlockForwarding:
|
23
|
+
Enabled: false
|
24
|
+
|
25
|
+
Style/RedundantSelf:
|
26
|
+
Enabled: false
|
27
|
+
|
28
|
+
Style/RedundantReturn:
|
29
|
+
Enabled: false
|
30
|
+
|
31
|
+
Style/GuardClause:
|
32
|
+
Enabled: false
|
33
|
+
|
34
|
+
Style/ClassAndModuleChildren:
|
35
|
+
Enabled: false
|
36
|
+
|
37
|
+
Layout/EmptyLinesAroundClassBody:
|
38
|
+
Enabled: false
|
39
|
+
|
40
|
+
Style/FrozenStringLiteralComment:
|
41
|
+
Enabled: false
|
42
|
+
|
43
|
+
Layout/CommentIndentation:
|
44
|
+
Enabled: false
|
45
|
+
|
46
|
+
Layout/LineLength:
|
47
|
+
Max: 120
|
48
|
+
|
49
|
+
Metrics/ClassLength:
|
50
|
+
Max: 120
|
51
|
+
|
52
|
+
Metrics/CyclomaticComplexity:
|
53
|
+
Max: 10
|
54
|
+
|
55
|
+
Metrics/MethodLength:
|
56
|
+
Max: 15
|
57
|
+
|
58
|
+
Metrics/AbcSize:
|
59
|
+
Max: 25
|
60
|
+
|
61
|
+
Metrics/ParameterLists:
|
62
|
+
Max: 8
|
63
|
+
|
64
|
+
Layout/EmptyLineBetweenDefs:
|
65
|
+
AllowAdjacentOneLineDefs: true
|
66
|
+
|
67
|
+
Naming/MethodParameterName:
|
68
|
+
AllowedNames:
|
69
|
+
- _
|
70
|
+
|
71
|
+
RSpec/ExampleLength:
|
72
|
+
Enabled: false
|
73
|
+
|
74
|
+
RSpec/MultipleExpectations:
|
75
|
+
Enabled: false
|
76
|
+
|
77
|
+
RSpec/MultipleMemoizedHelpers:
|
78
|
+
Enabled: false
|
79
|
+
|
80
|
+
RSpec/NestedGroups:
|
81
|
+
Enabled: false
|
82
|
+
|
83
|
+
RSpec/MessageSpies:
|
84
|
+
Enabled: false
|
85
|
+
|
86
|
+
RSpec/InstanceVariable:
|
87
|
+
Enabled: false
|
88
|
+
|
89
|
+
RSpec/BeforeAfterAll:
|
90
|
+
Enabled: false
|
91
|
+
|
92
|
+
RSpec/AnyInstance:
|
93
|
+
Enabled: false
|
94
|
+
|
95
|
+
RSpec/ContextWording:
|
96
|
+
Enabled: false
|
97
|
+
|
98
|
+
RSpec/FilePath:
|
99
|
+
Enabled: false
|
100
|
+
|
101
|
+
RSpec/NamedSubject:
|
102
|
+
Enabled: false
|
103
|
+
|
104
|
+
RSpec/StubbedMock:
|
105
|
+
Enabled: false
|
106
|
+
|
107
|
+
RSpec/LetSetup:
|
108
|
+
Enabled: false
|
109
|
+
|
110
|
+
RSpec/MessageChain:
|
111
|
+
Enabled: false
|
112
|
+
|
113
|
+
RSpec/RepeatedDescription:
|
114
|
+
Enabled: false
|
115
|
+
|
116
|
+
RSpec/RepeatedExample:
|
117
|
+
Enabled: false
|
118
|
+
|
119
|
+
RSpec/ScatteredSetup:
|
120
|
+
Enabled: false
|
121
|
+
|
122
|
+
RSpec/UnspecifiedException:
|
123
|
+
Enabled: false
|
124
|
+
|
125
|
+
RSpec/VerifiedDoubles:
|
126
|
+
Enabled: false
|
127
|
+
|
128
|
+
RSpec/ExpectInHook:
|
129
|
+
Enabled: false
|
130
|
+
|
131
|
+
Style/ClassVars:
|
132
|
+
Exclude:
|
133
|
+
- 'lib/slayer/service.rb'
|
134
|
+
|
135
|
+
Style/MutableConstant:
|
136
|
+
Exclude:
|
137
|
+
- 'lib/slayer/version.rb'
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,38 +1,63 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
papers_please (0.1.
|
4
|
+
papers_please (0.1.5)
|
5
5
|
terminal-table
|
6
6
|
|
7
7
|
GEM
|
8
8
|
remote: https://rubygems.org/
|
9
9
|
specs:
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
10
|
+
ast (2.4.2)
|
11
|
+
byebug (11.1.3)
|
12
|
+
diff-lcs (1.5.0)
|
13
|
+
docile (1.4.0)
|
14
|
+
json (2.6.3)
|
15
|
+
parallel (1.23.0)
|
16
|
+
parser (3.2.2.3)
|
17
|
+
ast (~> 2.4.1)
|
18
|
+
racc
|
19
|
+
racc (1.7.1)
|
20
|
+
rainbow (3.1.1)
|
21
|
+
rake (13.0.6)
|
22
|
+
regexp_parser (2.8.1)
|
23
|
+
rexml (3.2.5)
|
24
|
+
rspec (3.12.0)
|
25
|
+
rspec-core (~> 3.12.0)
|
26
|
+
rspec-expectations (~> 3.12.0)
|
27
|
+
rspec-mocks (~> 3.12.0)
|
28
|
+
rspec-core (3.12.2)
|
29
|
+
rspec-support (~> 3.12.0)
|
30
|
+
rspec-expectations (3.12.3)
|
22
31
|
diff-lcs (>= 1.2.0, < 2.0)
|
23
|
-
rspec-support (~> 3.
|
24
|
-
rspec-mocks (3.
|
32
|
+
rspec-support (~> 3.12.0)
|
33
|
+
rspec-mocks (3.12.5)
|
25
34
|
diff-lcs (>= 1.2.0, < 2.0)
|
26
|
-
rspec-support (~> 3.
|
27
|
-
rspec-support (3.
|
28
|
-
|
35
|
+
rspec-support (~> 3.12.0)
|
36
|
+
rspec-support (3.12.1)
|
37
|
+
rubocop (1.38.0)
|
38
|
+
json (~> 2.3)
|
39
|
+
parallel (~> 1.10)
|
40
|
+
parser (>= 3.1.2.1)
|
41
|
+
rainbow (>= 2.2.2, < 4.0)
|
42
|
+
regexp_parser (>= 1.8, < 3.0)
|
43
|
+
rexml (>= 3.2.5, < 4.0)
|
44
|
+
rubocop-ast (>= 1.23.0, < 2.0)
|
45
|
+
ruby-progressbar (~> 1.7)
|
46
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
47
|
+
rubocop-ast (1.29.0)
|
48
|
+
parser (>= 3.2.1.0)
|
49
|
+
rubocop-rspec (2.17.1)
|
50
|
+
rubocop (~> 1.33)
|
51
|
+
ruby-progressbar (1.13.0)
|
52
|
+
simplecov (0.22.0)
|
29
53
|
docile (~> 1.1)
|
30
|
-
|
31
|
-
|
32
|
-
simplecov-html (0.
|
33
|
-
|
34
|
-
|
35
|
-
|
54
|
+
simplecov-html (~> 0.11)
|
55
|
+
simplecov_json_formatter (~> 0.1)
|
56
|
+
simplecov-html (0.12.3)
|
57
|
+
simplecov_json_formatter (0.1.4)
|
58
|
+
terminal-table (3.0.2)
|
59
|
+
unicode-display_width (>= 1.1.1, < 3)
|
60
|
+
unicode-display_width (2.4.2)
|
36
61
|
|
37
62
|
PLATFORMS
|
38
63
|
ruby
|
@@ -41,9 +66,11 @@ DEPENDENCIES
|
|
41
66
|
bundler (~> 2.0)
|
42
67
|
byebug
|
43
68
|
papers_please!
|
44
|
-
rake (~>
|
45
|
-
rspec (~> 3.
|
69
|
+
rake (~> 13.0)
|
70
|
+
rspec (~> 3.12)
|
71
|
+
rubocop (= 1.38.0)
|
72
|
+
rubocop-rspec
|
46
73
|
simplecov
|
47
74
|
|
48
75
|
BUNDLED WITH
|
49
|
-
2.
|
76
|
+
2.3.9
|
data/Rakefile
CHANGED
data/bin/console
CHANGED
data/lib/papers_please/errors.rb
CHANGED
@@ -1,6 +1,9 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module PapersPlease
|
2
4
|
class Permission
|
3
|
-
attr_accessor :key, :subject
|
5
|
+
attr_accessor :key, :subject
|
6
|
+
attr_reader :query, :predicate, :granted_by, :granting_class
|
4
7
|
|
5
8
|
def initialize(key, subject, query: nil, predicate: nil, granted_by: nil, granting_class: nil)
|
6
9
|
self.key = key
|
data/lib/papers_please/policy.rb
CHANGED
@@ -1,7 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module PapersPlease
|
2
4
|
class Policy
|
3
5
|
attr_accessor :roles
|
4
|
-
|
6
|
+
|
7
|
+
attr_reader :fallthrough, :user
|
5
8
|
|
6
9
|
def initialize(user)
|
7
10
|
@user = user
|
@@ -11,16 +14,20 @@ module PapersPlease
|
|
11
14
|
configure
|
12
15
|
end
|
13
16
|
|
17
|
+
def allow_fallthrough
|
18
|
+
@fallthrough = true
|
19
|
+
end
|
20
|
+
|
14
21
|
def configure
|
15
22
|
raise NotImplementedError, 'The #configure method of the access policy was not implemented'
|
16
23
|
end
|
17
24
|
|
18
25
|
# Add a role to the Policy
|
19
|
-
def add_role(name, predicate = nil
|
26
|
+
def add_role(name, predicate = nil)
|
20
27
|
name = name.to_sym
|
21
28
|
raise DuplicateRole if roles.key?(name)
|
22
29
|
|
23
|
-
role = Role.new(name, predicate: predicate
|
30
|
+
role = Role.new(name, predicate: predicate)
|
24
31
|
roles[name] = role
|
25
32
|
|
26
33
|
role
|
@@ -41,22 +48,19 @@ module PapersPlease
|
|
41
48
|
|
42
49
|
# Look up a stored permission block and call with
|
43
50
|
# the current user and subject
|
44
|
-
def can?(action, subject = nil)
|
45
|
-
|
46
|
-
permission = role
|
51
|
+
def can?(action, subject = nil, roles: nil)
|
52
|
+
roles_to_check(roles: roles).each do |_, role|
|
53
|
+
permission = role&.find_permission(action, subject)
|
47
54
|
next if permission.nil?
|
48
55
|
|
49
56
|
# Proxy permission check if granted by other
|
50
|
-
if permission.granted_by_other?
|
51
|
-
# Get proxied subject
|
52
|
-
subject = subject.is_a?(Class) ? permission.granting_class : permission.granted_by.call(user, subject)
|
53
|
-
|
54
|
-
# Get proxied permission
|
55
|
-
permission = role.find_permission(action, subject)
|
56
|
-
end
|
57
|
+
subject, permission = get_proxied_permission(permission, action, subject, role) if permission.granted_by_other?
|
57
58
|
|
58
59
|
# Check permission
|
59
|
-
|
60
|
+
granted = permission_granted?(permission, action, subject)
|
61
|
+
next if granted.nil? || (granted == false && fallthrough)
|
62
|
+
|
63
|
+
return granted
|
60
64
|
end
|
61
65
|
|
62
66
|
false
|
@@ -72,12 +76,28 @@ module PapersPlease
|
|
72
76
|
subject
|
73
77
|
end
|
74
78
|
|
79
|
+
def get_applicable_roles_by_keys(keys)
|
80
|
+
applicable_roles.slice(*Array(keys))
|
81
|
+
end
|
82
|
+
|
83
|
+
def roles_that_can(action, subject)
|
84
|
+
applicable_roles.reject do |_, role|
|
85
|
+
role.find_permission(action, subject).nil?
|
86
|
+
end.keys
|
87
|
+
end
|
88
|
+
|
75
89
|
# Look up a stored scope block and call with the
|
76
90
|
# current user and class
|
77
|
-
def scope_for(action, klass)
|
78
|
-
|
91
|
+
def scope_for(action, klass, roles: nil)
|
92
|
+
roles_to_check(roles: roles).each do |_, role|
|
93
|
+
next if role.nil?
|
94
|
+
|
79
95
|
permission = role.find_permission(action, klass)
|
80
|
-
|
96
|
+
scope = permission&.fetch(user, klass, action)
|
97
|
+
|
98
|
+
next if permission.nil? || (scope.nil? && fallthrough)
|
99
|
+
|
100
|
+
return scope
|
81
101
|
end
|
82
102
|
|
83
103
|
nil
|
@@ -90,5 +110,29 @@ module PapersPlease
|
|
90
110
|
role.applies_to?(user)
|
91
111
|
end
|
92
112
|
end
|
113
|
+
|
114
|
+
private
|
115
|
+
|
116
|
+
def roles_to_check(roles: nil)
|
117
|
+
roles.nil? ? applicable_roles : get_applicable_roles_by_keys(roles)
|
118
|
+
end
|
119
|
+
|
120
|
+
def permission_granted?(permission, action, subject)
|
121
|
+
if fallthrough
|
122
|
+
permission.nil? ? false : permission.granted?(user, subject, action)
|
123
|
+
else
|
124
|
+
permission.nil? ? nil : permission.granted?(user, subject, action)
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
def get_proxied_permission(permission, action, subject, role)
|
129
|
+
# Get proxied subject
|
130
|
+
subject = subject.is_a?(Class) ? permission.granting_class : permission.granted_by.call(user, subject)
|
131
|
+
|
132
|
+
# Get proxied permission
|
133
|
+
permission = role.find_permission(action, subject)
|
134
|
+
|
135
|
+
[subject, permission]
|
136
|
+
end
|
93
137
|
end
|
94
138
|
end
|
data/lib/papers_please/role.rb
CHANGED
@@ -2,7 +2,7 @@ module PapersPlease
|
|
2
2
|
class Role
|
3
3
|
attr_reader :name, :predicate, :permissions
|
4
4
|
|
5
|
-
def initialize(name, predicate: nil
|
5
|
+
def initialize(name, predicate: nil)
|
6
6
|
@name = name
|
7
7
|
@predicate = predicate
|
8
8
|
@permissions = []
|
@@ -17,48 +17,20 @@ module PapersPlease
|
|
17
17
|
def add_permission(actions, klass, query: nil, predicate: nil, granted_by: nil)
|
18
18
|
prepare_actions(actions).each do |action|
|
19
19
|
raise DuplicatePermission if permission_exists?(action, klass)
|
20
|
-
raise InvalidGrant, 'granted_by must be an array of [Class, Proc]' if !granted_by.nil? && !valid_grant?(granted_by)
|
21
20
|
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
if granted_by
|
27
|
-
permission.granting_class = granted_by[0]
|
28
|
-
permission.granted_by = granted_by[1]
|
29
|
-
end
|
30
|
-
|
31
|
-
if has_query && has_predicate
|
32
|
-
# Both query & predicate provided
|
33
|
-
|
34
|
-
permission.query = query
|
35
|
-
permission.predicate = predicate
|
36
|
-
elsif has_query && !has_predicate
|
37
|
-
# Only query provided
|
38
|
-
permission.query = query
|
39
|
-
|
40
|
-
if action == :create && actions == :manage
|
41
|
-
# If the action is :create, expanded from :manage
|
42
|
-
# then we set the default all predicate
|
43
|
-
permission.predicate = (proc { true })
|
44
|
-
else
|
45
|
-
# Otherwise the default predicate is to check
|
46
|
-
# for inclusion in the returned relationship
|
47
|
-
permission.predicate = (proc { |user, obj|
|
48
|
-
res = query.call(user, klass, action)
|
49
|
-
res.respond_to?(:include?) && res.include?(obj)
|
50
|
-
})
|
51
|
-
end
|
52
|
-
elsif !has_query && has_predicate
|
53
|
-
# Only predicate provided
|
54
|
-
permission.predicate = predicate
|
55
|
-
else
|
56
|
-
# Neither provided
|
57
|
-
permission.query = (proc { klass.all })
|
58
|
-
permission.predicate = (proc { true })
|
21
|
+
if !granted_by.nil? && !valid_grant?(granted_by)
|
22
|
+
raise InvalidGrant,
|
23
|
+
'granted_by must be an array of [Class, Proc]'
|
59
24
|
end
|
60
25
|
|
61
|
-
permissions <<
|
26
|
+
permissions << make_permission(
|
27
|
+
action,
|
28
|
+
actions,
|
29
|
+
klass,
|
30
|
+
query: query,
|
31
|
+
predicate: predicate,
|
32
|
+
granted_by: granted_by
|
33
|
+
)
|
62
34
|
end
|
63
35
|
end
|
64
36
|
alias grant add_permission
|
@@ -90,5 +62,57 @@ module PapersPlease
|
|
90
62
|
a == :manage ? %i[create read update destroy] : [a]
|
91
63
|
end
|
92
64
|
end
|
65
|
+
|
66
|
+
# rubocop:disable Metrics/MethodLength
|
67
|
+
def make_permission(action, actions, klass, query: nil, predicate: nil, granted_by: nil)
|
68
|
+
has_query = query.is_a?(Proc)
|
69
|
+
has_predicate = predicate.is_a?(Proc)
|
70
|
+
permission = make_base_permission(action, klass, granted_by: granted_by)
|
71
|
+
|
72
|
+
if has_query && has_predicate
|
73
|
+
# Both query & predicate provided
|
74
|
+
permission.query = query
|
75
|
+
permission.predicate = predicate
|
76
|
+
elsif has_query && !has_predicate
|
77
|
+
# Only query provided
|
78
|
+
permission.query = query
|
79
|
+
permission.predicate = build_predicate_from_query(action, actions, klass, query)
|
80
|
+
elsif !has_query && has_predicate
|
81
|
+
# Only predicate provided
|
82
|
+
permission.predicate = predicate
|
83
|
+
else
|
84
|
+
# Neither provided
|
85
|
+
permission.query = (proc { klass.all })
|
86
|
+
permission.predicate = (proc { true })
|
87
|
+
end
|
88
|
+
|
89
|
+
permission
|
90
|
+
end
|
91
|
+
|
92
|
+
# rubocop:enable Metrics/MethodLength
|
93
|
+
|
94
|
+
def make_base_permission(action, klass, granted_by: nil)
|
95
|
+
permission = Permission.new(action, klass)
|
96
|
+
|
97
|
+
if granted_by
|
98
|
+
permission.granting_class = granted_by[0]
|
99
|
+
permission.granted_by = granted_by[1]
|
100
|
+
end
|
101
|
+
|
102
|
+
permission
|
103
|
+
end
|
104
|
+
|
105
|
+
def build_predicate_from_query(action, actions, klass, query)
|
106
|
+
# If the action is :create, expanded from :manage
|
107
|
+
# then we set the default all predicate
|
108
|
+
return (proc { true }) if action == :create && actions == :manage
|
109
|
+
|
110
|
+
# Otherwise the default predicate is to check
|
111
|
+
# for inclusion in the returned relationship
|
112
|
+
proc do |user, obj|
|
113
|
+
res = query.call(user, klass, action)
|
114
|
+
res.respond_to?(:include?) && res.include?(obj)
|
115
|
+
end
|
116
|
+
end
|
93
117
|
end
|
94
118
|
end
|
@@ -1,6 +1,8 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
namespace :papers_please do
|
2
4
|
desc 'Print out all defined roles and permissions in match order'
|
3
|
-
task :
|
5
|
+
task :roles, [:klass] => :environment do |_, _args|
|
4
6
|
klass = klass ? Object.const_get(klass) : AccessPolicy
|
5
7
|
|
6
8
|
puts "Generating Role/Permission Table for #{klass}...\n\n"
|
data/lib/papers_please.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'papers_please/version'
|
2
4
|
require 'papers_please/errors'
|
3
5
|
require 'papers_please/policy'
|
@@ -7,6 +9,7 @@ require 'papers_please/rails/controller_methods'
|
|
7
9
|
require 'papers_please/railtie' if defined? Rails
|
8
10
|
|
9
11
|
module PapersPlease
|
12
|
+
# rubocop:disable Metrics/PerceivedComplexity, Metrics/MethodLength
|
10
13
|
def self.permissions_table(policy_klass)
|
11
14
|
require 'terminal-table'
|
12
15
|
|
@@ -34,7 +37,7 @@ module PapersPlease
|
|
34
37
|
permission.key,
|
35
38
|
permission.query ? 'yes' : 'no',
|
36
39
|
permission.predicate ? 'yes' : 'no',
|
37
|
-
permission.granted_by_other? ? 'yes' : 'no'
|
40
|
+
permission.granted_by_other? ? 'yes' : 'no'
|
38
41
|
]
|
39
42
|
|
40
43
|
first_line_of_role = false
|
@@ -42,6 +45,10 @@ module PapersPlease
|
|
42
45
|
end
|
43
46
|
end
|
44
47
|
end
|
45
|
-
|
48
|
+
|
49
|
+
puts table.to_s
|
50
|
+
|
51
|
+
table.to_s
|
46
52
|
end
|
53
|
+
# rubocop:enable Metrics/PerceivedComplexity, Metrics/MethodLength
|
47
54
|
end
|
data/papers_please.gemspec
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
lib = File.expand_path('lib', __dir__)
|
2
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
5
|
require 'papers_please/version'
|
@@ -24,7 +26,9 @@ Gem::Specification.new do |spec|
|
|
24
26
|
|
25
27
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
26
28
|
spec.add_development_dependency 'byebug'
|
27
|
-
spec.add_development_dependency 'rake', '~>
|
28
|
-
spec.add_development_dependency 'rspec', '~> 3.
|
29
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
30
|
+
spec.add_development_dependency 'rspec', '~> 3.12'
|
31
|
+
spec.add_development_dependency 'rubocop', '= 1.38.0'
|
32
|
+
spec.add_development_dependency 'rubocop-rspec'
|
29
33
|
spec.add_development_dependency 'simplecov'
|
30
34
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: papers_please
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Apsis Labs
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-07-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: terminal-table
|
@@ -58,28 +58,56 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: '
|
61
|
+
version: '13.0'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: '
|
68
|
+
version: '13.0'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rspec
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: '3.
|
75
|
+
version: '3.12'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: '3.
|
82
|
+
version: '3.12'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rubocop
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - '='
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 1.38.0
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - '='
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 1.38.0
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rubocop-rspec
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - ">="
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
83
111
|
- !ruby/object:Gem::Dependency
|
84
112
|
name: simplecov
|
85
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -101,8 +129,11 @@ executables: []
|
|
101
129
|
extensions: []
|
102
130
|
extra_rdoc_files: []
|
103
131
|
files:
|
132
|
+
- ".github/workflows/release.yml"
|
133
|
+
- ".github/workflows/test.yml"
|
104
134
|
- ".gitignore"
|
105
135
|
- ".rspec"
|
136
|
+
- ".rubocop.yml"
|
106
137
|
- ".travis.yml"
|
107
138
|
- Gemfile
|
108
139
|
- Gemfile.lock
|
@@ -140,8 +171,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
140
171
|
- !ruby/object:Gem::Version
|
141
172
|
version: '0'
|
142
173
|
requirements: []
|
143
|
-
|
144
|
-
rubygems_version: 2.6.13
|
174
|
+
rubygems_version: 3.2.3
|
145
175
|
signing_key:
|
146
176
|
specification_version: 4
|
147
177
|
summary: A roles & permissions gem for ruby applications.
|