para-acl 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +14 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE.txt +22 -0
  5. data/README.md +81 -0
  6. data/Rakefile +2 -0
  7. data/app/components/acl_roles_component.rb +11 -0
  8. data/app/controllers/admin/acl/acl_roles_component_controller.rb +29 -0
  9. data/app/controllers/admin/acl/crud_resources_controller.rb +6 -0
  10. data/app/decorators/acl_roles_component_decorator.rb +11 -0
  11. data/app/models/para/acl/role.rb +23 -0
  12. data/app/models/para/acl/role_component.rb +17 -0
  13. data/app/models/para/acl/user_role.rb +10 -0
  14. data/app/views/admin/acl/acl_roles_component/show.html.haml +35 -0
  15. data/app/views/admin/para/acl/roles/_form.html.haml +15 -0
  16. data/bin/rails +12 -0
  17. data/config/locales/fr.yml +39 -0
  18. data/db/migrate/20151215160816_create_para_acl_roles.rb +14 -0
  19. data/db/migrate/20151215160817_create_para_acl_user_roles.rb +12 -0
  20. data/db/migrate/20151215160835_create_para_acl_role_components.rb +21 -0
  21. data/lib/generators/para/acl/install/install_generator.rb +26 -0
  22. data/lib/para/acl/ability.rb +45 -0
  23. data/lib/para/acl/component_roles_collection.rb +73 -0
  24. data/lib/para/acl/engine.rb +19 -0
  25. data/lib/para/acl/rails/active_record_extension.rb +17 -0
  26. data/lib/para/acl/routes.rb +17 -0
  27. data/lib/para/acl/version.rb +5 -0
  28. data/lib/para/acl.rb +25 -0
  29. data/lib/para-acl.rb +1 -0
  30. data/lib/tasks/authorize_admins.rake +38 -0
  31. data/para-acl.gemspec +36 -0
  32. data/test/fixtures/para/acl/role_components.yml +9 -0
  33. data/test/fixtures/para/acl/roles.yml +9 -0
  34. data/test/fixtures/para/acl/user_roles.yml +9 -0
  35. data/test/models/para/acl/role_component_test.rb +7 -0
  36. data/test/models/para/acl/role_test.rb +7 -0
  37. data/test/models/para/acl/user_role_test.rb +7 -0
  38. metadata +155 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 0a6f8ccbd2b45f78fc1fb17f84464e56af2ef5fe
4
+ data.tar.gz: 4dc1ee03783d2b2ae5aa6baf81950e50a2fee90e
5
+ SHA512:
6
+ metadata.gz: f17e1cd3fad5343e919a9a1f0ad31f579cb32b77248c682af8125879a68cc2d0ea5f122bf21378ad64d50d4c545221bafae4d132f0a143976b807e31a2caac21
7
+ data.tar.gz: 970284fadfc0c818410b7605c1191361d8ce77d5d9523996e09355f6cecd70deeb524086d60952db374a78df4fb5a7d3e46ba70e1551e7d937eea91c3bd75f49
data/.gitignore ADDED
@@ -0,0 +1,14 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ *.bundle
11
+ *.so
12
+ *.o
13
+ *.a
14
+ mkmf.log
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in para-acl.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2015 vala
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,81 @@
1
+ # Para::Acl
2
+
3
+ This [Para](https://github.com/para-cms/para/) plugin adds a simple admin roles
4
+ management system which allows you to change which kind of admins have access
5
+ to which components.
6
+
7
+ ## Installation
8
+
9
+ Add this line to your application's Gemfile:
10
+
11
+ ```ruby
12
+ gem 'para-acl', github: 'para-cms/para-acl'
13
+ ```
14
+
15
+ And then execute:
16
+
17
+ $ bundle
18
+
19
+ Or install it yourself as:
20
+
21
+ $ gem install para-acl
22
+
23
+ ## Usage
24
+
25
+ Use the install generator to copy the migrations, create the super admin role.
26
+
27
+ _Note : the generator needs to update the database schema and insert data in
28
+ your database to make all existing admins have the defaul Super Admin role.
29
+ So migrations will be copied and automatically run._
30
+
31
+ $ rails g para:acl:install
32
+
33
+ Add the plugin to your `config/initializers/para.rb` file :
34
+
35
+ ```ruby
36
+ config.plugins += [:acl]
37
+ ```
38
+
39
+ Add a `:acl_roles` component in your `config/components.rb` :
40
+
41
+ ```ruby
42
+ component :acl, :acl_roles
43
+ ```
44
+
45
+ Restart your server and access your new "Acl" component to manage roles and
46
+ authorizations.
47
+
48
+ ### Deployment
49
+
50
+ When you deploy your app, you may need to reset admins privileges and reassign
51
+ roles on your deployment environment.
52
+
53
+ All you need is to run the `para:acl:authorize_admins` rake task, that'll
54
+ create the "Super Admin" role if it doesn't exist and assign that role to
55
+ all existing admin users.
56
+
57
+ For a production deployment, you'll run the following on your server :
58
+
59
+ ```bash
60
+ rake RAILS_ENV=production para:acl:authorize_admins
61
+ ```
62
+
63
+ Alternatively, you can manually create that role and assign the desired
64
+ admin users to it from a remote rails console.
65
+
66
+ ### Disable authorization to debug or fix an error
67
+
68
+ You can disable the whole authorization system and allow for anybody to
69
+ access any component by configuring the following setting in your `config/initializers/para.rb` :
70
+
71
+ ```ruby
72
+ config.acl.bypass_admin_authorization = true
73
+ ```
74
+
75
+ ## Contributing
76
+
77
+ 1. Fork it ( https://github.com/para-cms/para-acl/fork )
78
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
79
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
80
+ 4. Push to the branch (`git push origin my-new-feature`)
81
+ 5. Create a new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ require "bundler/gem_tasks"
2
+
@@ -0,0 +1,11 @@
1
+ class AclRolesComponent < Para::Component::Crud
2
+ register :acl_roles, self
3
+
4
+ def resources
5
+ @resources ||= Para::Acl::Role.all
6
+ end
7
+
8
+ def model_type
9
+ '::Para::Acl::Role'
10
+ end
11
+ end
@@ -0,0 +1,29 @@
1
+ module Admin
2
+ module Acl
3
+ class AclRolesComponentController < Para::Admin::ComponentController
4
+ def show
5
+ @components_roles = Para::Acl::ComponentRolesCollection.new
6
+ end
7
+
8
+ def update
9
+ @components_roles = Para::Acl::ComponentRolesCollection.new
10
+
11
+ if @components_roles.update(component_roles_params)
12
+ flash_message(:success, @components_roles)
13
+ redirect_to @component.path
14
+ else
15
+ flash_message(:error, @components_roles)
16
+ render 'show'
17
+ end
18
+ end
19
+
20
+ private
21
+
22
+ def component_roles_params
23
+ params.require(:components_roles).permit(
24
+ resources_attributes: [:id, :allow]
25
+ )
26
+ end
27
+ end
28
+ end
29
+ end
@@ -0,0 +1,6 @@
1
+ module Admin
2
+ module Acl
3
+ class CrudResourcesController < Para::Admin::CrudResourcesController
4
+ end
5
+ end
6
+ end
@@ -0,0 +1,11 @@
1
+ module AclRolesComponentDecorator
2
+ include Para::Component::CrudDecorator
3
+
4
+ def name
5
+ I18n.t('admin.acl_roles.name')
6
+ end
7
+
8
+ def description
9
+ I18n.t('admin.acl_roles.description')
10
+ end
11
+ end
@@ -0,0 +1,23 @@
1
+ module Para
2
+ module Acl
3
+ class Role < ActiveRecord::Base
4
+ has_many :user_roles, dependent: :destroy
5
+ has_many :users, through: :user_roles, source_type: Para.config.acl.admin_user_class
6
+
7
+ has_many :role_components, dependent: :destroy
8
+ has_many :components, through: :role_components
9
+
10
+ def role_component_for(component)
11
+ role_components_by_component[component.id] ||= role_components.build(
12
+ component_id: component.id
13
+ )
14
+ end
15
+
16
+ def role_components_by_component
17
+ @role_components_by_component ||= role_components.each_with_object({}) do |role_component, hash|
18
+ hash[role_component.component_id] = role_component
19
+ end
20
+ end
21
+ end
22
+ end
23
+ end
@@ -0,0 +1,17 @@
1
+ module Para
2
+ module Acl
3
+ class RoleComponent < ActiveRecord::Base
4
+ belongs_to :role
5
+ belongs_to :component, class_name: 'Para::Component::Base'
6
+
7
+ validates :role, :component, presence: true
8
+
9
+ # If the allow field is not filled this means that we should fallback
10
+ # on the parent role's #authorize_new_components field
11
+ #
12
+ def allow?
13
+ allow == nil ? role.authorize_new_components : allow
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,10 @@
1
+ module Para
2
+ module Acl
3
+ class UserRole < ActiveRecord::Base
4
+ belongs_to :role, class_name: 'Para::Acl::Role'
5
+ belongs_to :user, polymorphic: true
6
+
7
+ validates :role, :user, presence: true
8
+ end
9
+ end
10
+ end
@@ -0,0 +1,35 @@
1
+ .page-title
2
+ %h1= @component.name
3
+
4
+ .page-content-wrap
5
+ .well
6
+ = fa_icon 'info-circle'
7
+ = @component.description
8
+
9
+ = para_form_for @components_roles, url: @component.path, as: :components_roles do |form|
10
+ = panel do |panel|
11
+ = panel.header do
12
+ = add_button_for(@component, :resources, @component.model)
13
+
14
+ = resources_table(component: @component, model: @component.model, actions: false) do |table|
15
+ = table.header do
16
+ = table.header_for('')
17
+
18
+ - @components_roles.roles.each do |role|
19
+ = table.header_for do
20
+ = link_to @component.relation_path(role, action: :edit) do
21
+ = role.name
22
+ = fa_icon 'pencil'
23
+
24
+ = table.rows(@components_roles.resources) do |component, component_roles|
25
+ = table.data_for(component.name)
26
+
27
+ - component_roles.each do |role, component_role|
28
+ = table.data_for do
29
+ = form.fields_for :resources, [component_role] do |component_role_fields|
30
+ - disabled = current_admin.respond_to?(:role) && current_admin.role == role && AclRolesComponent === component_role.component
31
+ .checkbox{ class: ('disabled' if disabled) }
32
+ = component_role_fields.input_field :allow, disabled: disabled
33
+
34
+
35
+ = form.actions(only: [:submit, :cancel])
@@ -0,0 +1,15 @@
1
+ = para_form_for(resource) do |form|
2
+ = form.tabs do |tabs|
3
+ = tabs.tab :role do
4
+ = form.input :name
5
+ = form.input :authorize_new_components, hint: t('simple_form.hints.para/acl/role.authorize_new_components')
6
+ = form.input :users, as: :selectize
7
+
8
+ - if resource.persisted?
9
+ = tabs.tab :destroy_role do
10
+ = form.input :id, label: t('para.shared.destroy') do
11
+ = link_to @component.relation_path(resource), method: :delete, confirm: t('para.confirmation.shared.destroy'), class: 'btn btn-danger' do
12
+ = fa_icon 'times'
13
+ = t('para.shared.destroy')
14
+
15
+ = form.actions
data/bin/rails ADDED
@@ -0,0 +1,12 @@
1
+ #!/usr/bin/env ruby
2
+ # This command will automatically be run when you run "rails" with Rails 4 gems installed from the root of your application.
3
+
4
+ ENGINE_ROOT = File.expand_path('../..', __FILE__)
5
+ ENGINE_PATH = File.expand_path('../../lib/para/acl/engine', __FILE__)
6
+
7
+ # Set up gems listed in the Gemfile.
8
+ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
9
+ require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
10
+
11
+ require 'rails/all'
12
+ require 'rails/engine/commands'
@@ -0,0 +1,39 @@
1
+ fr:
2
+ admin:
3
+ acl_roles:
4
+ name: "Gestion des droits d'accès"
5
+ description: |
6
+ Le tableau ci-dessous vous permet de gérer les droits d'accès des
7
+ groupes d'administrateurs aux différentes sections de le console
8
+ d'administration.
9
+ Cochez les cases nécessaires puis cliquez sur "Enregistrer"
10
+
11
+ forms:
12
+ tabs:
13
+ para/acl/role:
14
+ role: "Modification"
15
+ destroy_role: "Suppression"
16
+
17
+ activemodel:
18
+ models:
19
+ para/acl/component_roles_collection:
20
+ one: "Droits d'accès"
21
+ other: "Droits d'accès"
22
+
23
+ activerecord:
24
+ attributes:
25
+ para/acl/role:
26
+ name: "Nom"
27
+ authorize_new_components: "Donner automatiquement accès au nouveaux composant de l'administration"
28
+ users: "Administrateurs concernés"
29
+
30
+ simple_form:
31
+ hints:
32
+ para/acl/role:
33
+ authorize_new_components: |
34
+ Lorsqu'une nouvelle section est ajoutée à la console d'administration
35
+ par l'équipe de développement, cette option permet que ce type
36
+ d'utilisateur y ait automatiquement accès.
37
+ Si cette case est décochée, lors de l'ajout d'un nouveau composant
38
+ dans la console d'administration, il vous faudra manuellement en
39
+ autoriser l'accès à ce type d'utilisateur.
@@ -0,0 +1,14 @@
1
+ class CreateParaAclRoles < ActiveRecord::Migration
2
+ def up
3
+ create_table :para_acl_roles do |t|
4
+ t.string :name
5
+ t.boolean :authorize_new_components
6
+
7
+ t.timestamps null: false
8
+ end
9
+ end
10
+
11
+ def down
12
+ drop_table :para_acl_roles
13
+ end
14
+ end
@@ -0,0 +1,12 @@
1
+ class CreateParaAclUserRoles < ActiveRecord::Migration
2
+ def change
3
+ create_table :para_acl_user_roles do |t|
4
+ t.references :role, index: true
5
+ t.references :user, index: true, polymorphic: true
6
+
7
+ t.timestamps null: false
8
+ end
9
+
10
+ add_foreign_key :para_acl_user_roles, :para_acl_roles, column: :role_id
11
+ end
12
+ end
@@ -0,0 +1,21 @@
1
+ class CreateParaAclRoleComponents < ActiveRecord::Migration
2
+ def up
3
+ create_table :para_acl_role_components do |t|
4
+ t.references :role, index: true
5
+ t.references :component, index: true
6
+ t.boolean :allow
7
+
8
+ t.timestamps null: false
9
+ end
10
+
11
+ add_foreign_key :para_acl_role_components, :para_acl_roles, column: :role_id
12
+ add_foreign_key :para_acl_role_components, :para_components, column: :component_id
13
+ end
14
+
15
+ def down
16
+ remove_foreign_key :para_acl_role_components, :component
17
+ remove_foreign_key :para_acl_role_components, :role
18
+
19
+ drop_table :para_acl_role_components
20
+ end
21
+ end
@@ -0,0 +1,26 @@
1
+ module Para
2
+ module Acl
3
+ class InstallGenerator < Rails::Generators::Base
4
+ source_root File.expand_path('../templates', __FILE__)
5
+
6
+ def install_migrations
7
+ rake 'para_acl_engine:install:migrations'
8
+ rake 'db:migrate'
9
+ end
10
+
11
+ def add_role_mixin_to_admin
12
+ admin_user_class_file_path = File.join(
13
+ 'app', 'models', "#{ admin_user_class_name.underscore }.rb"
14
+ )
15
+
16
+ inject_into_file admin_user_class_file_path, after: "< ActiveRecord::Base" do
17
+ "\n has_admin_role"
18
+ end
19
+ end
20
+
21
+ def add_role_to_super_admins
22
+ rake 'para:acl:authorize_admins'
23
+ end
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,45 @@
1
+ module Para
2
+ module Acl
3
+ class Ability
4
+ include CanCan::Ability
5
+
6
+ attr_reader :user
7
+
8
+ def initialize(user)
9
+ @user = user
10
+
11
+ can :access, :admin
12
+
13
+ # Bypass all authorizations if disabled from configuration
14
+ if Para::Acl.bypass_admin_authorization
15
+ return can :manage, :all
16
+ end
17
+
18
+ process_authorizations
19
+ end
20
+
21
+ private
22
+
23
+ def process_authorizations
24
+ return unless role
25
+
26
+ can :manage, :all
27
+
28
+ role.role_components.each do |role_component|
29
+ unless role_component.allow?
30
+ cannot :manage, Para::Component::Base, id: role_component.component_id
31
+ end
32
+ end
33
+ end
34
+
35
+ def role
36
+ @role ||= Para::Acl::Role.joins(:user_roles).where(
37
+ para_acl_user_roles: {
38
+ user_id: user.id,
39
+ user_type: user.class.name
40
+ }
41
+ ).includes(:role_components).first
42
+ end
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,73 @@
1
+ module Para
2
+ module Acl
3
+ class ComponentRolesCollection
4
+ include ActiveModel::Model
5
+ include ActiveRecord::AttributeAssignment
6
+
7
+ def update(attributes)
8
+ assign_attributes(attributes)
9
+ save
10
+ end
11
+
12
+ def persisted?
13
+ true
14
+ end
15
+
16
+ def save
17
+ ActiveRecord::Base.transaction do
18
+ role_components.values.each(&:save!)
19
+ end if valid?
20
+ end
21
+
22
+ def valid?
23
+ role_components.values.all?(&:valid?)
24
+ end
25
+
26
+ def roles
27
+ @roles ||= Para::Acl::Role.includes(
28
+ role_components: :component
29
+ ).order('para_acl_roles.name ASC')
30
+ end
31
+
32
+ def resources_attributes=(ary)
33
+ ary.each do |_, attributes|
34
+ role_component = role_component_for(attributes.delete(:id))
35
+ role_component.assign_attributes(attributes)
36
+ end
37
+ end
38
+
39
+ def resources
40
+ @resources ||= Para::Component::Base.order('para_components.name ASC').each_with_object({}) do |component, hash|
41
+ hash[component] = {}
42
+
43
+ roles.each do |role|
44
+ hash[component][role] = role_component_or_create_for(role, component)
45
+ end
46
+ end
47
+ end
48
+
49
+ private
50
+
51
+ def role_component_for(id)
52
+ role_components[id.to_i]
53
+ end
54
+
55
+ def role_component_or_create_for(role, component)
56
+ role.role_component_for(component).tap do |role_component|
57
+ if role_component.new_record?
58
+ role_component.allow = role.authorize_new_components
59
+ role_component.save!
60
+ end
61
+ end
62
+ end
63
+
64
+ def role_components
65
+ @role_components ||= roles.each_with_object({}) do |role, hash|
66
+ role.role_components.each do |role_component|
67
+ hash[role_component.id] = role_component
68
+ end
69
+ end
70
+ end
71
+ end
72
+ end
73
+ end
@@ -0,0 +1,19 @@
1
+ require 'para/acl/rails/active_record_extension'
2
+
3
+ module Para
4
+ module Acl
5
+ class Engine < ::Rails::Engine
6
+ initializer 'Set para ability class' do
7
+ config.to_prepare do
8
+ Para.config.ability_class_name = 'Para::Acl::Ability'
9
+ end
10
+ end
11
+
12
+ initializer 'Add extension to ActiveRecord' do
13
+ ActiveSupport.on_load(:active_record) do
14
+ include Para::Acl::ActiveRecordExtension
15
+ end
16
+ end
17
+ end
18
+ end
19
+ end
@@ -0,0 +1,17 @@
1
+ module Para
2
+ module Acl
3
+ module ActiveRecordExtension
4
+ extend ActiveSupport::Concern
5
+
6
+ module ClassMethods
7
+ def has_admin_role
8
+ has_one :user_role, as: :user,
9
+ class_name: 'Para::Acl::UserRole',
10
+ dependent: :destroy
11
+
12
+ has_one :role, through: :user_role
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,17 @@
1
+ module Para
2
+ module Acl
3
+ class Routes < Para::Plugins::Routes
4
+ def draw
5
+ plugin :acl do
6
+ component :acl_roles do
7
+ scope ':model' do
8
+ resources :crud_resources, path: '/'
9
+ end
10
+ end
11
+
12
+ patch "acl_roles/:component_id" => "acl_roles_component#update"
13
+ end
14
+ end
15
+ end
16
+ end
17
+ end
@@ -0,0 +1,5 @@
1
+ module Para
2
+ module Acl
3
+ VERSION = "0.1.0"
4
+ end
5
+ end
data/lib/para/acl.rb ADDED
@@ -0,0 +1,25 @@
1
+ require 'para/acl/engine' if defined?(Rails)
2
+
3
+ module Para
4
+ module Acl
5
+ extend ActiveSupport::Autoload
6
+
7
+ autoload :Ability
8
+ autoload :Routes
9
+ autoload :ComponentRolesCollection
10
+ autoload :Version
11
+
12
+ mattr_accessor :admin_user_class
13
+ @@admin_user_class = 'AdminUser'
14
+
15
+ mattr_accessor :super_admin_default_role_name
16
+ @@super_admin_default_role_name = "Super Admin"
17
+
18
+ mattr_accessor :bypass_admin_authorization
19
+ @@bypass_admin_authorization = false
20
+
21
+ def self.table_name_prefix
22
+ 'para_acl_'
23
+ end
24
+ end
25
+ end
data/lib/para-acl.rb ADDED
@@ -0,0 +1 @@
1
+ require 'para/acl'
@@ -0,0 +1,38 @@
1
+ module Para
2
+ module Acl
3
+ class AuthorizeAdmins
4
+ def run
5
+ admin_user_class.find_each do |admin_user|
6
+ admin_user.role = super_admin_role
7
+ admin_user.save!
8
+ end
9
+ end
10
+
11
+ private
12
+
13
+ def admin_user_class
14
+ @admin_user_class ||= admin_user_class_name.constantize
15
+ end
16
+
17
+ def admin_user_class_name
18
+ @admin_user_class_name ||= Para.config.acl.admin_user_class
19
+ end
20
+
21
+ def super_admin_role
22
+ @super_admin_role ||= Para::Acl::Role.where(
23
+ name: Para::Acl.super_admin_default_role_name,
24
+ authorize_new_components: true
25
+ ).first_or_create!
26
+ end
27
+ end
28
+ end
29
+ end
30
+
31
+ namespace :para do
32
+ namespace :acl do
33
+ desc 'Make all existing admins be super users'
34
+ task authorize_admins: :environment do
35
+ Para::Acl::AuthorizeAdmins.new.run
36
+ end
37
+ end
38
+ end
data/para-acl.gemspec ADDED
@@ -0,0 +1,36 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+
5
+ # Add components folder to load path, allowing para to eager load it
6
+ # on startup and recognize it in development mode
7
+ #
8
+ # This can be made standard in some way in para when we'll implement some
9
+ # kind of plugin system
10
+ #
11
+ components = File.expand_path('../app/components', __FILE__)
12
+ $LOAD_PATH.unshift(components) unless $LOAD_PATH.include?(components)
13
+
14
+ require 'para/acl/version'
15
+
16
+ Gem::Specification.new do |spec|
17
+ spec.name = "para-acl"
18
+ spec.version = Para::Acl::VERSION
19
+ spec.authors = ["Valentin Ballestrino"]
20
+ spec.email = ["vala@glyph.fr"]
21
+ spec.summary = %q{Para plugin to allow admins access management}
22
+ spec.description = %q{Para plugin to allow admins access management}
23
+ spec.homepage = "https://github.com/para-cms/para-acl"
24
+ spec.license = "MIT"
25
+
26
+ spec.files = `git ls-files -z`.split("\x0")
27
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
28
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
29
+ spec.require_paths = ["lib"]
30
+
31
+ spec.add_dependency "para", ">= 0.4", "<= 1.0"
32
+ spec.add_dependency "rails", ">= 4.0", "<= 5.0"
33
+
34
+ spec.add_development_dependency "bundler", "~> 1.7"
35
+ spec.add_development_dependency "rake", "~> 10.0"
36
+ end
@@ -0,0 +1,9 @@
1
+ # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
2
+
3
+ one:
4
+ role_id:
5
+ component_id:
6
+
7
+ two:
8
+ role_id:
9
+ component_id:
@@ -0,0 +1,9 @@
1
+ # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
2
+
3
+ one:
4
+ name: MyString
5
+ authorize_new_components: false
6
+
7
+ two:
8
+ name: MyString
9
+ authorize_new_components: false
@@ -0,0 +1,9 @@
1
+ # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
2
+
3
+ one:
4
+ role_id:
5
+ user_id:
6
+
7
+ two:
8
+ role_id:
9
+ user_id:
@@ -0,0 +1,7 @@
1
+ require 'test_helper'
2
+
3
+ class Para::Acl::RoleComponentTest < ActiveSupport::TestCase
4
+ # test "the truth" do
5
+ # assert true
6
+ # end
7
+ end
@@ -0,0 +1,7 @@
1
+ require 'test_helper'
2
+
3
+ class Para::Acl::RoleTest < ActiveSupport::TestCase
4
+ # test "the truth" do
5
+ # assert true
6
+ # end
7
+ end
@@ -0,0 +1,7 @@
1
+ require 'test_helper'
2
+
3
+ class Para::Acl::UserRoleTest < ActiveSupport::TestCase
4
+ # test "the truth" do
5
+ # assert true
6
+ # end
7
+ end
metadata ADDED
@@ -0,0 +1,155 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: para-acl
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Valentin Ballestrino
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-01-08 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: para
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '0.4'
20
+ - - "<="
21
+ - !ruby/object:Gem::Version
22
+ version: '1.0'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: '0.4'
30
+ - - "<="
31
+ - !ruby/object:Gem::Version
32
+ version: '1.0'
33
+ - !ruby/object:Gem::Dependency
34
+ name: rails
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - ">="
38
+ - !ruby/object:Gem::Version
39
+ version: '4.0'
40
+ - - "<="
41
+ - !ruby/object:Gem::Version
42
+ version: '5.0'
43
+ type: :runtime
44
+ prerelease: false
45
+ version_requirements: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ">="
48
+ - !ruby/object:Gem::Version
49
+ version: '4.0'
50
+ - - "<="
51
+ - !ruby/object:Gem::Version
52
+ version: '5.0'
53
+ - !ruby/object:Gem::Dependency
54
+ name: bundler
55
+ requirement: !ruby/object:Gem::Requirement
56
+ requirements:
57
+ - - "~>"
58
+ - !ruby/object:Gem::Version
59
+ version: '1.7'
60
+ type: :development
61
+ prerelease: false
62
+ version_requirements: !ruby/object:Gem::Requirement
63
+ requirements:
64
+ - - "~>"
65
+ - !ruby/object:Gem::Version
66
+ version: '1.7'
67
+ - !ruby/object:Gem::Dependency
68
+ name: rake
69
+ requirement: !ruby/object:Gem::Requirement
70
+ requirements:
71
+ - - "~>"
72
+ - !ruby/object:Gem::Version
73
+ version: '10.0'
74
+ type: :development
75
+ prerelease: false
76
+ version_requirements: !ruby/object:Gem::Requirement
77
+ requirements:
78
+ - - "~>"
79
+ - !ruby/object:Gem::Version
80
+ version: '10.0'
81
+ description: Para plugin to allow admins access management
82
+ email:
83
+ - vala@glyph.fr
84
+ executables:
85
+ - rails
86
+ extensions: []
87
+ extra_rdoc_files: []
88
+ files:
89
+ - ".gitignore"
90
+ - Gemfile
91
+ - LICENSE.txt
92
+ - README.md
93
+ - Rakefile
94
+ - app/components/acl_roles_component.rb
95
+ - app/controllers/admin/acl/acl_roles_component_controller.rb
96
+ - app/controllers/admin/acl/crud_resources_controller.rb
97
+ - app/decorators/acl_roles_component_decorator.rb
98
+ - app/models/para/acl/role.rb
99
+ - app/models/para/acl/role_component.rb
100
+ - app/models/para/acl/user_role.rb
101
+ - app/views/admin/acl/acl_roles_component/show.html.haml
102
+ - app/views/admin/para/acl/roles/_form.html.haml
103
+ - bin/rails
104
+ - config/locales/fr.yml
105
+ - db/migrate/20151215160816_create_para_acl_roles.rb
106
+ - db/migrate/20151215160817_create_para_acl_user_roles.rb
107
+ - db/migrate/20151215160835_create_para_acl_role_components.rb
108
+ - lib/generators/para/acl/install/install_generator.rb
109
+ - lib/para-acl.rb
110
+ - lib/para/acl.rb
111
+ - lib/para/acl/ability.rb
112
+ - lib/para/acl/component_roles_collection.rb
113
+ - lib/para/acl/engine.rb
114
+ - lib/para/acl/rails/active_record_extension.rb
115
+ - lib/para/acl/routes.rb
116
+ - lib/para/acl/version.rb
117
+ - lib/tasks/authorize_admins.rake
118
+ - para-acl.gemspec
119
+ - test/fixtures/para/acl/role_components.yml
120
+ - test/fixtures/para/acl/roles.yml
121
+ - test/fixtures/para/acl/user_roles.yml
122
+ - test/models/para/acl/role_component_test.rb
123
+ - test/models/para/acl/role_test.rb
124
+ - test/models/para/acl/user_role_test.rb
125
+ homepage: https://github.com/para-cms/para-acl
126
+ licenses:
127
+ - MIT
128
+ metadata: {}
129
+ post_install_message:
130
+ rdoc_options: []
131
+ require_paths:
132
+ - lib
133
+ required_ruby_version: !ruby/object:Gem::Requirement
134
+ requirements:
135
+ - - ">="
136
+ - !ruby/object:Gem::Version
137
+ version: '0'
138
+ required_rubygems_version: !ruby/object:Gem::Requirement
139
+ requirements:
140
+ - - ">="
141
+ - !ruby/object:Gem::Version
142
+ version: '0'
143
+ requirements: []
144
+ rubyforge_project:
145
+ rubygems_version: 2.4.3
146
+ signing_key:
147
+ specification_version: 4
148
+ summary: Para plugin to allow admins access management
149
+ test_files:
150
+ - test/fixtures/para/acl/role_components.yml
151
+ - test/fixtures/para/acl/roles.yml
152
+ - test/fixtures/para/acl/user_roles.yml
153
+ - test/models/para/acl/role_component_test.rb
154
+ - test/models/para/acl/role_test.rb
155
+ - test/models/para/acl/user_role_test.rb