para-acl 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +14 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +81 -0
- data/Rakefile +2 -0
- data/app/components/acl_roles_component.rb +11 -0
- data/app/controllers/admin/acl/acl_roles_component_controller.rb +29 -0
- data/app/controllers/admin/acl/crud_resources_controller.rb +6 -0
- data/app/decorators/acl_roles_component_decorator.rb +11 -0
- data/app/models/para/acl/role.rb +23 -0
- data/app/models/para/acl/role_component.rb +17 -0
- data/app/models/para/acl/user_role.rb +10 -0
- data/app/views/admin/acl/acl_roles_component/show.html.haml +35 -0
- data/app/views/admin/para/acl/roles/_form.html.haml +15 -0
- data/bin/rails +12 -0
- data/config/locales/fr.yml +39 -0
- data/db/migrate/20151215160816_create_para_acl_roles.rb +14 -0
- data/db/migrate/20151215160817_create_para_acl_user_roles.rb +12 -0
- data/db/migrate/20151215160835_create_para_acl_role_components.rb +21 -0
- data/lib/generators/para/acl/install/install_generator.rb +26 -0
- data/lib/para/acl/ability.rb +45 -0
- data/lib/para/acl/component_roles_collection.rb +73 -0
- data/lib/para/acl/engine.rb +19 -0
- data/lib/para/acl/rails/active_record_extension.rb +17 -0
- data/lib/para/acl/routes.rb +17 -0
- data/lib/para/acl/version.rb +5 -0
- data/lib/para/acl.rb +25 -0
- data/lib/para-acl.rb +1 -0
- data/lib/tasks/authorize_admins.rake +38 -0
- data/para-acl.gemspec +36 -0
- data/test/fixtures/para/acl/role_components.yml +9 -0
- data/test/fixtures/para/acl/roles.yml +9 -0
- data/test/fixtures/para/acl/user_roles.yml +9 -0
- data/test/models/para/acl/role_component_test.rb +7 -0
- data/test/models/para/acl/role_test.rb +7 -0
- data/test/models/para/acl/user_role_test.rb +7 -0
- metadata +155 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 0a6f8ccbd2b45f78fc1fb17f84464e56af2ef5fe
|
4
|
+
data.tar.gz: 4dc1ee03783d2b2ae5aa6baf81950e50a2fee90e
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: f17e1cd3fad5343e919a9a1f0ad31f579cb32b77248c682af8125879a68cc2d0ea5f122bf21378ad64d50d4c545221bafae4d132f0a143976b807e31a2caac21
|
7
|
+
data.tar.gz: 970284fadfc0c818410b7605c1191361d8ce77d5d9523996e09355f6cecd70deeb524086d60952db374a78df4fb5a7d3e46ba70e1551e7d937eea91c3bd75f49
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2015 vala
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,81 @@
|
|
1
|
+
# Para::Acl
|
2
|
+
|
3
|
+
This [Para](https://github.com/para-cms/para/) plugin adds a simple admin roles
|
4
|
+
management system which allows you to change which kind of admins have access
|
5
|
+
to which components.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'para-acl', github: 'para-cms/para-acl'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install para-acl
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
Use the install generator to copy the migrations, create the super admin role.
|
26
|
+
|
27
|
+
_Note : the generator needs to update the database schema and insert data in
|
28
|
+
your database to make all existing admins have the defaul Super Admin role.
|
29
|
+
So migrations will be copied and automatically run._
|
30
|
+
|
31
|
+
$ rails g para:acl:install
|
32
|
+
|
33
|
+
Add the plugin to your `config/initializers/para.rb` file :
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
config.plugins += [:acl]
|
37
|
+
```
|
38
|
+
|
39
|
+
Add a `:acl_roles` component in your `config/components.rb` :
|
40
|
+
|
41
|
+
```ruby
|
42
|
+
component :acl, :acl_roles
|
43
|
+
```
|
44
|
+
|
45
|
+
Restart your server and access your new "Acl" component to manage roles and
|
46
|
+
authorizations.
|
47
|
+
|
48
|
+
### Deployment
|
49
|
+
|
50
|
+
When you deploy your app, you may need to reset admins privileges and reassign
|
51
|
+
roles on your deployment environment.
|
52
|
+
|
53
|
+
All you need is to run the `para:acl:authorize_admins` rake task, that'll
|
54
|
+
create the "Super Admin" role if it doesn't exist and assign that role to
|
55
|
+
all existing admin users.
|
56
|
+
|
57
|
+
For a production deployment, you'll run the following on your server :
|
58
|
+
|
59
|
+
```bash
|
60
|
+
rake RAILS_ENV=production para:acl:authorize_admins
|
61
|
+
```
|
62
|
+
|
63
|
+
Alternatively, you can manually create that role and assign the desired
|
64
|
+
admin users to it from a remote rails console.
|
65
|
+
|
66
|
+
### Disable authorization to debug or fix an error
|
67
|
+
|
68
|
+
You can disable the whole authorization system and allow for anybody to
|
69
|
+
access any component by configuring the following setting in your `config/initializers/para.rb` :
|
70
|
+
|
71
|
+
```ruby
|
72
|
+
config.acl.bypass_admin_authorization = true
|
73
|
+
```
|
74
|
+
|
75
|
+
## Contributing
|
76
|
+
|
77
|
+
1. Fork it ( https://github.com/para-cms/para-acl/fork )
|
78
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
79
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
80
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
81
|
+
5. Create a new Pull Request
|
data/Rakefile
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
module Admin
|
2
|
+
module Acl
|
3
|
+
class AclRolesComponentController < Para::Admin::ComponentController
|
4
|
+
def show
|
5
|
+
@components_roles = Para::Acl::ComponentRolesCollection.new
|
6
|
+
end
|
7
|
+
|
8
|
+
def update
|
9
|
+
@components_roles = Para::Acl::ComponentRolesCollection.new
|
10
|
+
|
11
|
+
if @components_roles.update(component_roles_params)
|
12
|
+
flash_message(:success, @components_roles)
|
13
|
+
redirect_to @component.path
|
14
|
+
else
|
15
|
+
flash_message(:error, @components_roles)
|
16
|
+
render 'show'
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
private
|
21
|
+
|
22
|
+
def component_roles_params
|
23
|
+
params.require(:components_roles).permit(
|
24
|
+
resources_attributes: [:id, :allow]
|
25
|
+
)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
class Role < ActiveRecord::Base
|
4
|
+
has_many :user_roles, dependent: :destroy
|
5
|
+
has_many :users, through: :user_roles, source_type: Para.config.acl.admin_user_class
|
6
|
+
|
7
|
+
has_many :role_components, dependent: :destroy
|
8
|
+
has_many :components, through: :role_components
|
9
|
+
|
10
|
+
def role_component_for(component)
|
11
|
+
role_components_by_component[component.id] ||= role_components.build(
|
12
|
+
component_id: component.id
|
13
|
+
)
|
14
|
+
end
|
15
|
+
|
16
|
+
def role_components_by_component
|
17
|
+
@role_components_by_component ||= role_components.each_with_object({}) do |role_component, hash|
|
18
|
+
hash[role_component.component_id] = role_component
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
class RoleComponent < ActiveRecord::Base
|
4
|
+
belongs_to :role
|
5
|
+
belongs_to :component, class_name: 'Para::Component::Base'
|
6
|
+
|
7
|
+
validates :role, :component, presence: true
|
8
|
+
|
9
|
+
# If the allow field is not filled this means that we should fallback
|
10
|
+
# on the parent role's #authorize_new_components field
|
11
|
+
#
|
12
|
+
def allow?
|
13
|
+
allow == nil ? role.authorize_new_components : allow
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
.page-title
|
2
|
+
%h1= @component.name
|
3
|
+
|
4
|
+
.page-content-wrap
|
5
|
+
.well
|
6
|
+
= fa_icon 'info-circle'
|
7
|
+
= @component.description
|
8
|
+
|
9
|
+
= para_form_for @components_roles, url: @component.path, as: :components_roles do |form|
|
10
|
+
= panel do |panel|
|
11
|
+
= panel.header do
|
12
|
+
= add_button_for(@component, :resources, @component.model)
|
13
|
+
|
14
|
+
= resources_table(component: @component, model: @component.model, actions: false) do |table|
|
15
|
+
= table.header do
|
16
|
+
= table.header_for('')
|
17
|
+
|
18
|
+
- @components_roles.roles.each do |role|
|
19
|
+
= table.header_for do
|
20
|
+
= link_to @component.relation_path(role, action: :edit) do
|
21
|
+
= role.name
|
22
|
+
= fa_icon 'pencil'
|
23
|
+
|
24
|
+
= table.rows(@components_roles.resources) do |component, component_roles|
|
25
|
+
= table.data_for(component.name)
|
26
|
+
|
27
|
+
- component_roles.each do |role, component_role|
|
28
|
+
= table.data_for do
|
29
|
+
= form.fields_for :resources, [component_role] do |component_role_fields|
|
30
|
+
- disabled = current_admin.respond_to?(:role) && current_admin.role == role && AclRolesComponent === component_role.component
|
31
|
+
.checkbox{ class: ('disabled' if disabled) }
|
32
|
+
= component_role_fields.input_field :allow, disabled: disabled
|
33
|
+
|
34
|
+
|
35
|
+
= form.actions(only: [:submit, :cancel])
|
@@ -0,0 +1,15 @@
|
|
1
|
+
= para_form_for(resource) do |form|
|
2
|
+
= form.tabs do |tabs|
|
3
|
+
= tabs.tab :role do
|
4
|
+
= form.input :name
|
5
|
+
= form.input :authorize_new_components, hint: t('simple_form.hints.para/acl/role.authorize_new_components')
|
6
|
+
= form.input :users, as: :selectize
|
7
|
+
|
8
|
+
- if resource.persisted?
|
9
|
+
= tabs.tab :destroy_role do
|
10
|
+
= form.input :id, label: t('para.shared.destroy') do
|
11
|
+
= link_to @component.relation_path(resource), method: :delete, confirm: t('para.confirmation.shared.destroy'), class: 'btn btn-danger' do
|
12
|
+
= fa_icon 'times'
|
13
|
+
= t('para.shared.destroy')
|
14
|
+
|
15
|
+
= form.actions
|
data/bin/rails
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 4 gems installed from the root of your application.
|
3
|
+
|
4
|
+
ENGINE_ROOT = File.expand_path('../..', __FILE__)
|
5
|
+
ENGINE_PATH = File.expand_path('../../lib/para/acl/engine', __FILE__)
|
6
|
+
|
7
|
+
# Set up gems listed in the Gemfile.
|
8
|
+
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
|
9
|
+
require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
|
10
|
+
|
11
|
+
require 'rails/all'
|
12
|
+
require 'rails/engine/commands'
|
@@ -0,0 +1,39 @@
|
|
1
|
+
fr:
|
2
|
+
admin:
|
3
|
+
acl_roles:
|
4
|
+
name: "Gestion des droits d'accès"
|
5
|
+
description: |
|
6
|
+
Le tableau ci-dessous vous permet de gérer les droits d'accès des
|
7
|
+
groupes d'administrateurs aux différentes sections de le console
|
8
|
+
d'administration.
|
9
|
+
Cochez les cases nécessaires puis cliquez sur "Enregistrer"
|
10
|
+
|
11
|
+
forms:
|
12
|
+
tabs:
|
13
|
+
para/acl/role:
|
14
|
+
role: "Modification"
|
15
|
+
destroy_role: "Suppression"
|
16
|
+
|
17
|
+
activemodel:
|
18
|
+
models:
|
19
|
+
para/acl/component_roles_collection:
|
20
|
+
one: "Droits d'accès"
|
21
|
+
other: "Droits d'accès"
|
22
|
+
|
23
|
+
activerecord:
|
24
|
+
attributes:
|
25
|
+
para/acl/role:
|
26
|
+
name: "Nom"
|
27
|
+
authorize_new_components: "Donner automatiquement accès au nouveaux composant de l'administration"
|
28
|
+
users: "Administrateurs concernés"
|
29
|
+
|
30
|
+
simple_form:
|
31
|
+
hints:
|
32
|
+
para/acl/role:
|
33
|
+
authorize_new_components: |
|
34
|
+
Lorsqu'une nouvelle section est ajoutée à la console d'administration
|
35
|
+
par l'équipe de développement, cette option permet que ce type
|
36
|
+
d'utilisateur y ait automatiquement accès.
|
37
|
+
Si cette case est décochée, lors de l'ajout d'un nouveau composant
|
38
|
+
dans la console d'administration, il vous faudra manuellement en
|
39
|
+
autoriser l'accès à ce type d'utilisateur.
|
@@ -0,0 +1,12 @@
|
|
1
|
+
class CreateParaAclUserRoles < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :para_acl_user_roles do |t|
|
4
|
+
t.references :role, index: true
|
5
|
+
t.references :user, index: true, polymorphic: true
|
6
|
+
|
7
|
+
t.timestamps null: false
|
8
|
+
end
|
9
|
+
|
10
|
+
add_foreign_key :para_acl_user_roles, :para_acl_roles, column: :role_id
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
class CreateParaAclRoleComponents < ActiveRecord::Migration
|
2
|
+
def up
|
3
|
+
create_table :para_acl_role_components do |t|
|
4
|
+
t.references :role, index: true
|
5
|
+
t.references :component, index: true
|
6
|
+
t.boolean :allow
|
7
|
+
|
8
|
+
t.timestamps null: false
|
9
|
+
end
|
10
|
+
|
11
|
+
add_foreign_key :para_acl_role_components, :para_acl_roles, column: :role_id
|
12
|
+
add_foreign_key :para_acl_role_components, :para_components, column: :component_id
|
13
|
+
end
|
14
|
+
|
15
|
+
def down
|
16
|
+
remove_foreign_key :para_acl_role_components, :component
|
17
|
+
remove_foreign_key :para_acl_role_components, :role
|
18
|
+
|
19
|
+
drop_table :para_acl_role_components
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
class InstallGenerator < Rails::Generators::Base
|
4
|
+
source_root File.expand_path('../templates', __FILE__)
|
5
|
+
|
6
|
+
def install_migrations
|
7
|
+
rake 'para_acl_engine:install:migrations'
|
8
|
+
rake 'db:migrate'
|
9
|
+
end
|
10
|
+
|
11
|
+
def add_role_mixin_to_admin
|
12
|
+
admin_user_class_file_path = File.join(
|
13
|
+
'app', 'models', "#{ admin_user_class_name.underscore }.rb"
|
14
|
+
)
|
15
|
+
|
16
|
+
inject_into_file admin_user_class_file_path, after: "< ActiveRecord::Base" do
|
17
|
+
"\n has_admin_role"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def add_role_to_super_admins
|
22
|
+
rake 'para:acl:authorize_admins'
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
class Ability
|
4
|
+
include CanCan::Ability
|
5
|
+
|
6
|
+
attr_reader :user
|
7
|
+
|
8
|
+
def initialize(user)
|
9
|
+
@user = user
|
10
|
+
|
11
|
+
can :access, :admin
|
12
|
+
|
13
|
+
# Bypass all authorizations if disabled from configuration
|
14
|
+
if Para::Acl.bypass_admin_authorization
|
15
|
+
return can :manage, :all
|
16
|
+
end
|
17
|
+
|
18
|
+
process_authorizations
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def process_authorizations
|
24
|
+
return unless role
|
25
|
+
|
26
|
+
can :manage, :all
|
27
|
+
|
28
|
+
role.role_components.each do |role_component|
|
29
|
+
unless role_component.allow?
|
30
|
+
cannot :manage, Para::Component::Base, id: role_component.component_id
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
def role
|
36
|
+
@role ||= Para::Acl::Role.joins(:user_roles).where(
|
37
|
+
para_acl_user_roles: {
|
38
|
+
user_id: user.id,
|
39
|
+
user_type: user.class.name
|
40
|
+
}
|
41
|
+
).includes(:role_components).first
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,73 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
class ComponentRolesCollection
|
4
|
+
include ActiveModel::Model
|
5
|
+
include ActiveRecord::AttributeAssignment
|
6
|
+
|
7
|
+
def update(attributes)
|
8
|
+
assign_attributes(attributes)
|
9
|
+
save
|
10
|
+
end
|
11
|
+
|
12
|
+
def persisted?
|
13
|
+
true
|
14
|
+
end
|
15
|
+
|
16
|
+
def save
|
17
|
+
ActiveRecord::Base.transaction do
|
18
|
+
role_components.values.each(&:save!)
|
19
|
+
end if valid?
|
20
|
+
end
|
21
|
+
|
22
|
+
def valid?
|
23
|
+
role_components.values.all?(&:valid?)
|
24
|
+
end
|
25
|
+
|
26
|
+
def roles
|
27
|
+
@roles ||= Para::Acl::Role.includes(
|
28
|
+
role_components: :component
|
29
|
+
).order('para_acl_roles.name ASC')
|
30
|
+
end
|
31
|
+
|
32
|
+
def resources_attributes=(ary)
|
33
|
+
ary.each do |_, attributes|
|
34
|
+
role_component = role_component_for(attributes.delete(:id))
|
35
|
+
role_component.assign_attributes(attributes)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
def resources
|
40
|
+
@resources ||= Para::Component::Base.order('para_components.name ASC').each_with_object({}) do |component, hash|
|
41
|
+
hash[component] = {}
|
42
|
+
|
43
|
+
roles.each do |role|
|
44
|
+
hash[component][role] = role_component_or_create_for(role, component)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
private
|
50
|
+
|
51
|
+
def role_component_for(id)
|
52
|
+
role_components[id.to_i]
|
53
|
+
end
|
54
|
+
|
55
|
+
def role_component_or_create_for(role, component)
|
56
|
+
role.role_component_for(component).tap do |role_component|
|
57
|
+
if role_component.new_record?
|
58
|
+
role_component.allow = role.authorize_new_components
|
59
|
+
role_component.save!
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
def role_components
|
65
|
+
@role_components ||= roles.each_with_object({}) do |role, hash|
|
66
|
+
role.role_components.each do |role_component|
|
67
|
+
hash[role_component.id] = role_component
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'para/acl/rails/active_record_extension'
|
2
|
+
|
3
|
+
module Para
|
4
|
+
module Acl
|
5
|
+
class Engine < ::Rails::Engine
|
6
|
+
initializer 'Set para ability class' do
|
7
|
+
config.to_prepare do
|
8
|
+
Para.config.ability_class_name = 'Para::Acl::Ability'
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
initializer 'Add extension to ActiveRecord' do
|
13
|
+
ActiveSupport.on_load(:active_record) do
|
14
|
+
include Para::Acl::ActiveRecordExtension
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
module ActiveRecordExtension
|
4
|
+
extend ActiveSupport::Concern
|
5
|
+
|
6
|
+
module ClassMethods
|
7
|
+
def has_admin_role
|
8
|
+
has_one :user_role, as: :user,
|
9
|
+
class_name: 'Para::Acl::UserRole',
|
10
|
+
dependent: :destroy
|
11
|
+
|
12
|
+
has_one :role, through: :user_role
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
class Routes < Para::Plugins::Routes
|
4
|
+
def draw
|
5
|
+
plugin :acl do
|
6
|
+
component :acl_roles do
|
7
|
+
scope ':model' do
|
8
|
+
resources :crud_resources, path: '/'
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
patch "acl_roles/:component_id" => "acl_roles_component#update"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
data/lib/para/acl.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'para/acl/engine' if defined?(Rails)
|
2
|
+
|
3
|
+
module Para
|
4
|
+
module Acl
|
5
|
+
extend ActiveSupport::Autoload
|
6
|
+
|
7
|
+
autoload :Ability
|
8
|
+
autoload :Routes
|
9
|
+
autoload :ComponentRolesCollection
|
10
|
+
autoload :Version
|
11
|
+
|
12
|
+
mattr_accessor :admin_user_class
|
13
|
+
@@admin_user_class = 'AdminUser'
|
14
|
+
|
15
|
+
mattr_accessor :super_admin_default_role_name
|
16
|
+
@@super_admin_default_role_name = "Super Admin"
|
17
|
+
|
18
|
+
mattr_accessor :bypass_admin_authorization
|
19
|
+
@@bypass_admin_authorization = false
|
20
|
+
|
21
|
+
def self.table_name_prefix
|
22
|
+
'para_acl_'
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
data/lib/para-acl.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'para/acl'
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module Para
|
2
|
+
module Acl
|
3
|
+
class AuthorizeAdmins
|
4
|
+
def run
|
5
|
+
admin_user_class.find_each do |admin_user|
|
6
|
+
admin_user.role = super_admin_role
|
7
|
+
admin_user.save!
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def admin_user_class
|
14
|
+
@admin_user_class ||= admin_user_class_name.constantize
|
15
|
+
end
|
16
|
+
|
17
|
+
def admin_user_class_name
|
18
|
+
@admin_user_class_name ||= Para.config.acl.admin_user_class
|
19
|
+
end
|
20
|
+
|
21
|
+
def super_admin_role
|
22
|
+
@super_admin_role ||= Para::Acl::Role.where(
|
23
|
+
name: Para::Acl.super_admin_default_role_name,
|
24
|
+
authorize_new_components: true
|
25
|
+
).first_or_create!
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
namespace :para do
|
32
|
+
namespace :acl do
|
33
|
+
desc 'Make all existing admins be super users'
|
34
|
+
task authorize_admins: :environment do
|
35
|
+
Para::Acl::AuthorizeAdmins.new.run
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
data/para-acl.gemspec
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
|
5
|
+
# Add components folder to load path, allowing para to eager load it
|
6
|
+
# on startup and recognize it in development mode
|
7
|
+
#
|
8
|
+
# This can be made standard in some way in para when we'll implement some
|
9
|
+
# kind of plugin system
|
10
|
+
#
|
11
|
+
components = File.expand_path('../app/components', __FILE__)
|
12
|
+
$LOAD_PATH.unshift(components) unless $LOAD_PATH.include?(components)
|
13
|
+
|
14
|
+
require 'para/acl/version'
|
15
|
+
|
16
|
+
Gem::Specification.new do |spec|
|
17
|
+
spec.name = "para-acl"
|
18
|
+
spec.version = Para::Acl::VERSION
|
19
|
+
spec.authors = ["Valentin Ballestrino"]
|
20
|
+
spec.email = ["vala@glyph.fr"]
|
21
|
+
spec.summary = %q{Para plugin to allow admins access management}
|
22
|
+
spec.description = %q{Para plugin to allow admins access management}
|
23
|
+
spec.homepage = "https://github.com/para-cms/para-acl"
|
24
|
+
spec.license = "MIT"
|
25
|
+
|
26
|
+
spec.files = `git ls-files -z`.split("\x0")
|
27
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
28
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
29
|
+
spec.require_paths = ["lib"]
|
30
|
+
|
31
|
+
spec.add_dependency "para", ">= 0.4", "<= 1.0"
|
32
|
+
spec.add_dependency "rails", ">= 4.0", "<= 5.0"
|
33
|
+
|
34
|
+
spec.add_development_dependency "bundler", "~> 1.7"
|
35
|
+
spec.add_development_dependency "rake", "~> 10.0"
|
36
|
+
end
|
metadata
ADDED
@@ -0,0 +1,155 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: para-acl
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Valentin Ballestrino
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-01-08 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: para
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0.4'
|
20
|
+
- - "<="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '1.0'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '0.4'
|
30
|
+
- - "<="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '1.0'
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: rails
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ">="
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '4.0'
|
40
|
+
- - "<="
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '5.0'
|
43
|
+
type: :runtime
|
44
|
+
prerelease: false
|
45
|
+
version_requirements: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - ">="
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '4.0'
|
50
|
+
- - "<="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: '5.0'
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
name: bundler
|
55
|
+
requirement: !ruby/object:Gem::Requirement
|
56
|
+
requirements:
|
57
|
+
- - "~>"
|
58
|
+
- !ruby/object:Gem::Version
|
59
|
+
version: '1.7'
|
60
|
+
type: :development
|
61
|
+
prerelease: false
|
62
|
+
version_requirements: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - "~>"
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: '1.7'
|
67
|
+
- !ruby/object:Gem::Dependency
|
68
|
+
name: rake
|
69
|
+
requirement: !ruby/object:Gem::Requirement
|
70
|
+
requirements:
|
71
|
+
- - "~>"
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
version: '10.0'
|
74
|
+
type: :development
|
75
|
+
prerelease: false
|
76
|
+
version_requirements: !ruby/object:Gem::Requirement
|
77
|
+
requirements:
|
78
|
+
- - "~>"
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: '10.0'
|
81
|
+
description: Para plugin to allow admins access management
|
82
|
+
email:
|
83
|
+
- vala@glyph.fr
|
84
|
+
executables:
|
85
|
+
- rails
|
86
|
+
extensions: []
|
87
|
+
extra_rdoc_files: []
|
88
|
+
files:
|
89
|
+
- ".gitignore"
|
90
|
+
- Gemfile
|
91
|
+
- LICENSE.txt
|
92
|
+
- README.md
|
93
|
+
- Rakefile
|
94
|
+
- app/components/acl_roles_component.rb
|
95
|
+
- app/controllers/admin/acl/acl_roles_component_controller.rb
|
96
|
+
- app/controllers/admin/acl/crud_resources_controller.rb
|
97
|
+
- app/decorators/acl_roles_component_decorator.rb
|
98
|
+
- app/models/para/acl/role.rb
|
99
|
+
- app/models/para/acl/role_component.rb
|
100
|
+
- app/models/para/acl/user_role.rb
|
101
|
+
- app/views/admin/acl/acl_roles_component/show.html.haml
|
102
|
+
- app/views/admin/para/acl/roles/_form.html.haml
|
103
|
+
- bin/rails
|
104
|
+
- config/locales/fr.yml
|
105
|
+
- db/migrate/20151215160816_create_para_acl_roles.rb
|
106
|
+
- db/migrate/20151215160817_create_para_acl_user_roles.rb
|
107
|
+
- db/migrate/20151215160835_create_para_acl_role_components.rb
|
108
|
+
- lib/generators/para/acl/install/install_generator.rb
|
109
|
+
- lib/para-acl.rb
|
110
|
+
- lib/para/acl.rb
|
111
|
+
- lib/para/acl/ability.rb
|
112
|
+
- lib/para/acl/component_roles_collection.rb
|
113
|
+
- lib/para/acl/engine.rb
|
114
|
+
- lib/para/acl/rails/active_record_extension.rb
|
115
|
+
- lib/para/acl/routes.rb
|
116
|
+
- lib/para/acl/version.rb
|
117
|
+
- lib/tasks/authorize_admins.rake
|
118
|
+
- para-acl.gemspec
|
119
|
+
- test/fixtures/para/acl/role_components.yml
|
120
|
+
- test/fixtures/para/acl/roles.yml
|
121
|
+
- test/fixtures/para/acl/user_roles.yml
|
122
|
+
- test/models/para/acl/role_component_test.rb
|
123
|
+
- test/models/para/acl/role_test.rb
|
124
|
+
- test/models/para/acl/user_role_test.rb
|
125
|
+
homepage: https://github.com/para-cms/para-acl
|
126
|
+
licenses:
|
127
|
+
- MIT
|
128
|
+
metadata: {}
|
129
|
+
post_install_message:
|
130
|
+
rdoc_options: []
|
131
|
+
require_paths:
|
132
|
+
- lib
|
133
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
134
|
+
requirements:
|
135
|
+
- - ">="
|
136
|
+
- !ruby/object:Gem::Version
|
137
|
+
version: '0'
|
138
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
139
|
+
requirements:
|
140
|
+
- - ">="
|
141
|
+
- !ruby/object:Gem::Version
|
142
|
+
version: '0'
|
143
|
+
requirements: []
|
144
|
+
rubyforge_project:
|
145
|
+
rubygems_version: 2.4.3
|
146
|
+
signing_key:
|
147
|
+
specification_version: 4
|
148
|
+
summary: Para plugin to allow admins access management
|
149
|
+
test_files:
|
150
|
+
- test/fixtures/para/acl/role_components.yml
|
151
|
+
- test/fixtures/para/acl/roles.yml
|
152
|
+
- test/fixtures/para/acl/user_roles.yml
|
153
|
+
- test/models/para/acl/role_component_test.rb
|
154
|
+
- test/models/para/acl/role_test.rb
|
155
|
+
- test/models/para/acl/user_role_test.rb
|