passpartu 1.0.3 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +11 -10
- data/lib/passpartu/patcher.rb +23 -7
- data/lib/passpartu/{user.rb → test_user.rb} +10 -2
- data/lib/passpartu/verify.rb +13 -8
- data/lib/passpartu/version.rb +1 -1
- data/lib/passpartu.rb +3 -2
- data/passpartu.gemspec +1 -0
- metadata +18 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f9a34533883b1c070612ecd73c34299a9c05f899e31256b8f51f0b9edf50c6e4
|
4
|
+
data.tar.gz: 625c359af9f1d4560f28d63fe47b426351f1cf7f5e0f68da3e7aaafb2bfec08f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bb08f025f855506ea084cf9010dddb38d6f9f499d12e837fb015bf061163b48b86312da2e20e3a223559ebf1800b1fd332adfecb7769e52e6fcd3cbbd503f717
|
7
|
+
data.tar.gz: b10e9806c7eb0dee1e0332b5f651a4ab82da93a52cf1c955681f3d3c5be9cb32fd4346dd18da26f5d7af78c0a6876b289ce075a01a1ba2049a5becd0f5d25afe
|
data/README.md
CHANGED
@@ -1,11 +1,11 @@
|
|
1
|
-
# Passpartu v1.0
|
1
|
+
# Passpartu v1.1.0 - [changelog](https://github.com/coaxsoft/passpartu/blob/master/CHANGELOG.md)
|
2
2
|
|
3
3
|
Passpartu makes policies great again (works awesome with [Pundit](https://rubygems.org/gems/pundit)).
|
4
4
|
|
5
5
|
### Tested with ruby:
|
6
|
-
- 2.7.3
|
7
|
-
- 3.0.0
|
8
6
|
- 3.1.1
|
7
|
+
- 3.0.0
|
8
|
+
- 2.7.3
|
9
9
|
|
10
10
|
Instead of this:
|
11
11
|
|
@@ -78,7 +78,7 @@ admin:
|
|
78
78
|
|
79
79
|
## Features
|
80
80
|
|
81
|
-
|
81
|
+
### CRUD
|
82
82
|
|
83
83
|
It's possible to use `crud` key to set values for `create`, `read`, `update`, `delete` at once.
|
84
84
|
`create`, `read`, `update`, `delete` has higher priority than `crud`
|
@@ -86,7 +86,7 @@ It's possible to use `crud` key to set values for `create`, `read`, `update`, `d
|
|
86
86
|
In case `crud: true` and `delete: false` - result `false`
|
87
87
|
|
88
88
|
|
89
|
-
|
89
|
+
### Only
|
90
90
|
|
91
91
|
It's possible to include specific roles to checks
|
92
92
|
|
@@ -109,7 +109,7 @@ Note: `only` has higher priority than `except/skip`. Do not use both.
|
|
109
109
|
user_admin.can?(:orders, :edit, only: :admin, except: :admin) # returns true
|
110
110
|
```
|
111
111
|
|
112
|
-
|
112
|
+
### Skip (except)
|
113
113
|
|
114
114
|
It's possible to exclude roles from checks
|
115
115
|
|
@@ -136,7 +136,7 @@ Note: `expect` has higher priority than `skip`. Do not use both.
|
|
136
136
|
user_agent.can?(:orders, :edit, skip: [:admin, :manager]) { user_agent.orders.include?(order) }
|
137
137
|
```
|
138
138
|
|
139
|
-
|
139
|
+
### Per role methods
|
140
140
|
|
141
141
|
Check user roles AND policy rule
|
142
142
|
|
@@ -148,7 +148,7 @@ Check user roles AND policy rule
|
|
148
148
|
user_admin.manager_can?(:orders, :edit) # false
|
149
149
|
```
|
150
150
|
|
151
|
-
|
151
|
+
### Code blocks
|
152
152
|
|
153
153
|
```ruby
|
154
154
|
# check rules as usual AND code in the block
|
@@ -158,7 +158,7 @@ Check user roles AND policy rule
|
|
158
158
|
user_agent.agent_can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
|
159
159
|
```
|
160
160
|
|
161
|
-
|
161
|
+
### Waterfall check
|
162
162
|
|
163
163
|
Allow or restrict absolutely everything for particular role or/and particular domain.
|
164
164
|
|
@@ -190,7 +190,7 @@ user_medium_loser.can?(:orders, :delete) # false
|
|
190
190
|
user_medium_loser.can?(:products, :create) # true
|
191
191
|
user_medium_loser.can?(:products, :create, :and_delete) # true
|
192
192
|
```
|
193
|
-
|
193
|
+
#### Real life example
|
194
194
|
|
195
195
|
You need to check custom rule for agent
|
196
196
|
|
@@ -232,6 +232,7 @@ Passpartu.configure do |config|
|
|
232
232
|
config.policy_file = './config/passpartu.yml'
|
233
233
|
config.raise_policy_missed_error = true
|
234
234
|
config.check_waterfall = false
|
235
|
+
config.role_access_method = :role
|
235
236
|
end
|
236
237
|
|
237
238
|
```
|
data/lib/passpartu/patcher.rb
CHANGED
@@ -15,18 +15,34 @@ module Passpartu
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def call
|
18
|
+
phash = respond_to?(:policy_hash) ? {} : Passpartu.policy
|
19
|
+
role_method = Passpartu.config.role_access_method
|
20
|
+
|
18
21
|
klass.class_eval do
|
19
22
|
define_method(:can?) do |*keys, only: nil, except: nil, skip: nil, &block|
|
20
|
-
Passpartu::BlockVerify.call(
|
23
|
+
Passpartu::BlockVerify.call(
|
24
|
+
send(role_method),
|
25
|
+
keys,
|
26
|
+
only: only,
|
27
|
+
except: except,
|
28
|
+
skip: skip,
|
29
|
+
policy_hash: phash,
|
30
|
+
&block
|
31
|
+
)
|
21
32
|
end
|
22
33
|
|
23
|
-
|
34
|
+
phash.each_key do |policy_role|
|
24
35
|
define_method("#{policy_role}_can?") do |*keys, only: nil, except: nil, skip: nil, &block|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
36
|
+
send(role_method).to_s == policy_role &&
|
37
|
+
Passpartu::BlockVerify.call(
|
38
|
+
send(role_method),
|
39
|
+
keys,
|
40
|
+
only: only,
|
41
|
+
except: except,
|
42
|
+
skip: skip,
|
43
|
+
policy_hash: phash,
|
44
|
+
&block
|
45
|
+
)
|
30
46
|
end
|
31
47
|
end
|
32
48
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# for testing only
|
4
4
|
|
5
5
|
module Passpartu
|
6
|
-
class
|
6
|
+
class TestUser
|
7
7
|
attr_reader :role
|
8
8
|
|
9
9
|
def initialize(role)
|
@@ -11,11 +11,19 @@ module Passpartu
|
|
11
11
|
end
|
12
12
|
end
|
13
13
|
|
14
|
-
class
|
14
|
+
class TestPerson
|
15
15
|
attr_reader :role
|
16
16
|
|
17
17
|
def initialize(role)
|
18
18
|
@role = role
|
19
19
|
end
|
20
20
|
end
|
21
|
+
|
22
|
+
class TestUserWithOtherRoleMethod
|
23
|
+
attr_reader :other_role_method
|
24
|
+
|
25
|
+
def initialize(role)
|
26
|
+
@other_role_method = role
|
27
|
+
end
|
28
|
+
end
|
21
29
|
end
|
data/lib/passpartu/verify.rb
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
|
2
|
+
require 'byebug'
|
3
3
|
module Passpartu
|
4
4
|
class Verify
|
5
5
|
CRUD_KEY = 'crud'
|
6
6
|
|
7
|
-
attr_reader :role, :keys, :result, :only, :except, :block
|
7
|
+
attr_reader :role, :keys, :result, :only, :except, :block, :policy_hash
|
8
8
|
|
9
|
-
def initialize(role, keys, only, except, skip, block)
|
9
|
+
def initialize(role, keys, only, except, skip, policy_hash, &block)
|
10
10
|
exclusion = except || skip # alias
|
11
11
|
|
12
12
|
@role = role.to_s
|
@@ -14,12 +14,13 @@ module Passpartu
|
|
14
14
|
@only = Array(only).map(&:to_s) if present?(only)
|
15
15
|
@except = Array(exclusion).map(&:to_s) if present?(exclusion) && !@only
|
16
16
|
@block = block
|
17
|
+
@policy_hash = deep_stringify_keys(policy_hash)
|
17
18
|
|
18
19
|
raise PolicyYmlNotFoundError if Passpartu.policy.nil?
|
19
20
|
end
|
20
21
|
|
21
|
-
def self.call(role, keys, only: nil, except: nil, skip: nil, &block)
|
22
|
-
new(role, keys, only, except, skip, block).call
|
22
|
+
def self.call(role, keys, only: nil, except: nil, skip: nil, policy_hash: Passpartu.policy, &block)
|
23
|
+
new(role, keys, only, except, skip, policy_hash, &block).call
|
23
24
|
end
|
24
25
|
|
25
26
|
def call
|
@@ -48,9 +49,7 @@ module Passpartu
|
|
48
49
|
end
|
49
50
|
|
50
51
|
def default_check
|
51
|
-
|
52
|
-
|
53
|
-
@result = Passpartu.policy.dig(role, *keys)
|
52
|
+
@result = policy_hash.dig(role, *keys)
|
54
53
|
end
|
55
54
|
|
56
55
|
def check_crud_if
|
@@ -79,5 +78,11 @@ module Passpartu
|
|
79
78
|
def present?(item)
|
80
79
|
!blank?(item)
|
81
80
|
end
|
81
|
+
|
82
|
+
def deep_stringify_keys(hash)
|
83
|
+
return hash.deep_stringify_keys if hash.respond_to?(:deep_stringify_keys)
|
84
|
+
|
85
|
+
JSON.parse(JSON.dump(hash))
|
86
|
+
end
|
82
87
|
end
|
83
88
|
end
|
data/lib/passpartu/version.rb
CHANGED
data/lib/passpartu.rb
CHANGED
@@ -6,7 +6,7 @@ require_relative 'passpartu/patcher'
|
|
6
6
|
require_relative 'passpartu/verify'
|
7
7
|
require_relative 'passpartu/block_verify'
|
8
8
|
require_relative 'passpartu/validate_result'
|
9
|
-
require_relative 'passpartu/
|
9
|
+
require_relative 'passpartu/test_user' # for testing only
|
10
10
|
|
11
11
|
module Passpartu
|
12
12
|
class Error < StandardError; end
|
@@ -31,7 +31,7 @@ module Passpartu
|
|
31
31
|
end
|
32
32
|
|
33
33
|
class Config
|
34
|
-
attr_accessor :raise_policy_missed_error
|
34
|
+
attr_accessor :raise_policy_missed_error, :role_access_method
|
35
35
|
attr_reader :policy_file, :check_waterfall, :policy
|
36
36
|
|
37
37
|
DEFAULT_POLICY_FILE = './config/passpartu.yml'
|
@@ -41,6 +41,7 @@ module Passpartu
|
|
41
41
|
self.policy = load_policy_file(policy_file) if File.exist?(policy_file)
|
42
42
|
@raise_policy_missed_error = true
|
43
43
|
@check_waterfall = false
|
44
|
+
@role_access_method = :role
|
44
45
|
end
|
45
46
|
|
46
47
|
def policy_file=(file = nil)
|
data/passpartu.gemspec
CHANGED
@@ -39,6 +39,7 @@ Gem::Specification.new do |spec|
|
|
39
39
|
spec.files = Dir['README.md', 'lib/**/*', 'lib/*', 'passpartu.gemspec']
|
40
40
|
|
41
41
|
spec.add_development_dependency 'bundler', '~> 2.3'
|
42
|
+
spec.add_development_dependency 'byebug'
|
42
43
|
spec.add_development_dependency 'rake', '~> 13.0'
|
43
44
|
spec.add_development_dependency 'rspec', '~> 3.11'
|
44
45
|
spec.add_development_dependency 'codecov', '~> 0.6'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: passpartu
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OrestF
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -24,6 +24,20 @@ dependencies:
|
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
26
|
version: '2.3'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: byebug
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
27
41
|
- !ruby/object:Gem::Dependency
|
28
42
|
name: rake
|
29
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -107,7 +121,7 @@ files:
|
|
107
121
|
- lib/passpartu.rb
|
108
122
|
- lib/passpartu/block_verify.rb
|
109
123
|
- lib/passpartu/patcher.rb
|
110
|
-
- lib/passpartu/
|
124
|
+
- lib/passpartu/test_user.rb
|
111
125
|
- lib/passpartu/validate_result.rb
|
112
126
|
- lib/passpartu/verify.rb
|
113
127
|
- lib/passpartu/version.rb
|
@@ -131,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
145
|
- !ruby/object:Gem::Version
|
132
146
|
version: '0'
|
133
147
|
requirements: []
|
134
|
-
rubygems_version: 3.
|
148
|
+
rubygems_version: 3.3.7
|
135
149
|
signing_key:
|
136
150
|
specification_version: 4
|
137
151
|
summary: Passpartu makes policies great again
|