passpartu 1.1.1 → 1.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +19 -1
- data/lib/passpartu/block_verify.rb +10 -0
- data/lib/passpartu/patcher.rb +3 -4
- data/lib/passpartu/validate_result.rb +7 -6
- data/lib/passpartu/verify.rb +5 -7
- data/lib/passpartu/version.rb +1 -1
- data/lib/passpartu.rb +2 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 396d094c919ae767cf6653747b219b0018a95c0672fd8beb9da5c1f0c64fd7c6
|
4
|
+
data.tar.gz: fdca15a751308a1c2a6bcf818f21572b7cb1a8e95a8f59c8f363d5431758375a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9e548a9a7493741c606bfdb93f6bbe90a082496e76b739645d658e91b531671170053fb1342272d76e5116093184d548aef593c11cbb1e715227427be295d637
|
7
|
+
data.tar.gz: e945766a4d0157bc22ce976a4552fd72b62c2ffc5a153c1e1c44fd9dc5996c88f729bc2eba49b6fbc90d6f6472aaf6e46fedc7c52db687aed8d2aa433bc20708
|
data/README.md
CHANGED
@@ -87,7 +87,6 @@ It's possible to use `crud` key to set values for `create`, `read`, `update`, `d
|
|
87
87
|
|
88
88
|
In case `crud: true` and `delete: false` - result `false`
|
89
89
|
|
90
|
-
|
91
90
|
### Only
|
92
91
|
|
93
92
|
It's possible to include specific roles to checks
|
@@ -160,6 +159,25 @@ Check user roles AND policy rule
|
|
160
159
|
user_agent.agent_can?(:orders, :edit, except: [:admin, :manager]) { user_agent.orders.include?(order) }
|
161
160
|
```
|
162
161
|
|
162
|
+
### 'Maybe' option
|
163
|
+
|
164
|
+
Option 'maybe' means that user can do something if the block returns true. In this case block is required
|
165
|
+
and error is raised when option is maybe and no block given.
|
166
|
+
|
167
|
+
```yml
|
168
|
+
manager:
|
169
|
+
products:
|
170
|
+
create: true
|
171
|
+
delete: false
|
172
|
+
bookings:
|
173
|
+
update: maybe
|
174
|
+
```
|
175
|
+
|
176
|
+
```ruby
|
177
|
+
manager.can?(:bookings, :update) # raises error
|
178
|
+
manager.can?(:bookings, :update) { user.bookings.include?(booking) } # returns true or false
|
179
|
+
```
|
180
|
+
|
163
181
|
### Waterfall check
|
164
182
|
|
165
183
|
Allow or restrict absolutely everything for particular role or/and particular domain.
|
@@ -2,11 +2,21 @@
|
|
2
2
|
|
3
3
|
module Passpartu
|
4
4
|
class BlockVerify < ::Passpartu::Verify
|
5
|
+
class BlockMissedError < StandardError; end
|
6
|
+
MAYBE_VALUE = 'maybe'
|
7
|
+
|
5
8
|
def call
|
6
9
|
policy_result = super
|
10
|
+
raise BlockMissedError, "Block is required for 'maybe' allowed resource" if maybe? && block.nil?
|
7
11
|
return policy_result if block.nil?
|
8
12
|
|
9
13
|
policy_result && block.call
|
10
14
|
end
|
15
|
+
|
16
|
+
private
|
17
|
+
|
18
|
+
def maybe?
|
19
|
+
result == MAYBE_VALUE
|
20
|
+
end
|
11
21
|
end
|
12
22
|
end
|
data/lib/passpartu/patcher.rb
CHANGED
@@ -15,7 +15,6 @@ module Passpartu
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def call
|
18
|
-
phash = respond_to?(:policy_hash) ? {} : Passpartu.policy
|
19
18
|
role_method = Passpartu.config.role_access_method
|
20
19
|
|
21
20
|
klass.class_eval do
|
@@ -26,12 +25,12 @@ module Passpartu
|
|
26
25
|
only: only,
|
27
26
|
except: except,
|
28
27
|
skip: skip,
|
29
|
-
policy_hash:
|
28
|
+
policy_hash: -> { respond_to?(:policy_hash) ? policy_hash : Passpartu.policy }.call,
|
30
29
|
&block
|
31
30
|
)
|
32
31
|
end
|
33
32
|
|
34
|
-
|
33
|
+
Passpartu.policy.each_key do |policy_role|
|
35
34
|
define_method("#{policy_role}_can?") do |*keys, only: nil, except: nil, skip: nil, &block|
|
36
35
|
send(role_method).to_s == policy_role &&
|
37
36
|
Passpartu::BlockVerify.call(
|
@@ -40,7 +39,7 @@ module Passpartu
|
|
40
39
|
only: only,
|
41
40
|
except: except,
|
42
41
|
skip: skip,
|
43
|
-
policy_hash:
|
42
|
+
policy_hash: -> { respond_to?(:policy_hash) ? policy_hash : Passpartu.policy }.call,
|
44
43
|
&block
|
45
44
|
)
|
46
45
|
end
|
@@ -3,6 +3,7 @@
|
|
3
3
|
module Passpartu
|
4
4
|
class ValidateResult
|
5
5
|
class PolicyMissedError < StandardError; end
|
6
|
+
class InvalidResultError < StandardError; end
|
6
7
|
|
7
8
|
attr_reader :result
|
8
9
|
|
@@ -15,20 +16,20 @@ module Passpartu
|
|
15
16
|
end
|
16
17
|
|
17
18
|
def call
|
18
|
-
raise PolicyMissedError if
|
19
|
-
return false
|
19
|
+
raise PolicyMissedError if raise_policy_missed_error?
|
20
|
+
return false if result_not_defined?
|
20
21
|
|
21
22
|
result
|
22
23
|
end
|
23
24
|
|
24
25
|
private
|
25
26
|
|
26
|
-
def
|
27
|
-
|
27
|
+
def raise_policy_missed_error?
|
28
|
+
result_not_defined? && Passpartu.config.raise_policy_missed_error
|
28
29
|
end
|
29
30
|
|
30
|
-
def
|
31
|
-
|
31
|
+
def result_not_defined?
|
32
|
+
result.nil? || result.is_a?(Hash)
|
32
33
|
end
|
33
34
|
end
|
34
35
|
end
|
data/lib/passpartu/verify.rb
CHANGED
@@ -31,12 +31,10 @@ module Passpartu
|
|
31
31
|
|
32
32
|
validate_result
|
33
33
|
rescue StandardError => e
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
raise e
|
39
|
-
end
|
34
|
+
raise e unless ['TrueClass does not have #dig method', 'FalseClass does not have #dig method'].include?(e.message)
|
35
|
+
|
36
|
+
raise WaterfallError,
|
37
|
+
"Looks like you want to use check_waterfall feature, but it's set to 'false'. Otherwise check your #{Passpartu.config.policy_file} for validness"
|
40
38
|
end
|
41
39
|
|
42
40
|
private
|
@@ -49,7 +47,7 @@ module Passpartu
|
|
49
47
|
end
|
50
48
|
|
51
49
|
def default_check
|
52
|
-
@result = policy_hash.dig(role, *keys)
|
50
|
+
@result = policy_hash.has_key?(role) ? policy_hash.dig(role, *keys) : policy_hash.dig(*keys)
|
53
51
|
end
|
54
52
|
|
55
53
|
def check_crud_if
|
data/lib/passpartu/version.rb
CHANGED
data/lib/passpartu.rb
CHANGED
@@ -83,6 +83,8 @@ module Passpartu
|
|
83
83
|
value.define_singleton_method(:dig) { |*_keys| true }
|
84
84
|
when false
|
85
85
|
value.define_singleton_method(:dig) { |*_keys| false }
|
86
|
+
when 'maybe'
|
87
|
+
value.define_singleton_method(:dig) { |*_keys| 'maybe' }
|
86
88
|
else
|
87
89
|
patch_policy_booleans_if(value)
|
88
90
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: passpartu
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- OrestF
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-10-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -145,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
145
145
|
- !ruby/object:Gem::Version
|
146
146
|
version: '0'
|
147
147
|
requirements: []
|
148
|
-
rubygems_version: 3.4.
|
148
|
+
rubygems_version: 3.4.21
|
149
149
|
signing_key:
|
150
150
|
specification_version: 4
|
151
151
|
summary: Passpartu makes policies great again
|