pastore 0.0.4 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.vscode/launch.json +22 -0
- data/CHANGELOG.md +19 -2
- data/Gemfile +8 -5
- data/Gemfile.lock +10 -4
- data/README.md +20 -205
- data/docs/Guards.md +203 -0
- data/docs/Params.md +122 -0
- data/lib/pastore/params/action_param.rb +158 -0
- data/lib/pastore/params/settings.rb +117 -0
- data/lib/pastore/params/validation.rb +118 -0
- data/lib/pastore/params/validations/boolean_validation.rb +48 -0
- data/lib/pastore/params/validations/date_validation.rb +74 -0
- data/lib/pastore/params/validations/number_validation.rb +66 -0
- data/lib/pastore/params/validations/object_validation.rb +49 -0
- data/lib/pastore/params/validations/string_validation.rb +50 -0
- data/lib/pastore/params.rb +66 -0
- data/lib/pastore/version.rb +1 -1
- data/lib/pastore.rb +1 -1
- metadata +14 -3
- data/lib/pastore/params_validators.rb +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 995ad5e50f20279c2e14208bef2a61ead6e26a2e10a0f92c84eec77c24ae5a4d
|
4
|
+
data.tar.gz: 7f34397427f2ab4ef31945dd3b8556750f84aeb080451403cbd91dfe9d467829
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8b79de1d7e1bcefeec13a267a618d6fcdea85fbc291fde42226880f7e74d7f643e416a77dc920ae6625a5b79bf8975891a483baca6fd372a52ca3a0e9693fd93
|
7
|
+
data.tar.gz: 70c787f21ba2dc72871120b33ae433288c1de6e971ac95d37c05f52884055fbcf37669177326893379a869b7ecfac9d695fe0aa04a3d364ea6e5af025112ecf0
|
data/.vscode/launch.json
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
{
|
2
|
+
// Use IntelliSense to learn about possible attributes.
|
3
|
+
// Hover to view descriptions of existing attributes.
|
4
|
+
// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
|
5
|
+
"version": "0.2.0",
|
6
|
+
"configurations": [
|
7
|
+
{
|
8
|
+
"type": "rdbg",
|
9
|
+
"name": "RSpec",
|
10
|
+
"request": "launch",
|
11
|
+
"command": "bundle exec rspec",
|
12
|
+
"script": "${file}:${lineNumber}",
|
13
|
+
"args": [],
|
14
|
+
"askParameters": false
|
15
|
+
},
|
16
|
+
{
|
17
|
+
"type": "rdbg",
|
18
|
+
"name": "Attach with rdbg",
|
19
|
+
"request": "attach"
|
20
|
+
}
|
21
|
+
]
|
22
|
+
}
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,22 @@
|
|
1
1
|
## [Unreleased]
|
2
2
|
|
3
|
-
## [0.1.0] - 2023-
|
3
|
+
## [0.1.0] - 2023-02-13
|
4
4
|
|
5
|
-
-
|
5
|
+
- [NEW] Implemented `Pastore::Params` feature for params validation.
|
6
|
+
|
7
|
+
## [0.0.4] - 2023-02-02
|
8
|
+
|
9
|
+
- [FIX] Correctly inherit default guards strategy from parent class.
|
10
|
+
|
11
|
+
## [0.0.3] - 2023-02-02
|
12
|
+
|
13
|
+
- [FIX] Correctly handle guards callback inheritance.
|
14
|
+
|
15
|
+
## [0.0.2] - 2023-02-01
|
16
|
+
|
17
|
+
- [NEW] Added some RSpec tests.
|
18
|
+
- [NEW] Setup automated tests.
|
19
|
+
|
20
|
+
## [0.0.1] - 2023-01-31
|
21
|
+
|
22
|
+
- [NEW] First implementation of `Pastore::Guards` feature.
|
data/Gemfile
CHANGED
@@ -5,8 +5,11 @@ source 'https://rubygems.org'
|
|
5
5
|
# Specify your gem's dependencies in pastore.gemspec
|
6
6
|
gemspec
|
7
7
|
|
8
|
-
|
9
|
-
gem '
|
10
|
-
gem '
|
11
|
-
gem '
|
12
|
-
gem '
|
8
|
+
group :test do
|
9
|
+
gem 'faker'
|
10
|
+
gem 'pry'
|
11
|
+
gem 'rake'
|
12
|
+
gem 'rspec-rails'
|
13
|
+
gem 'shoulda-matchers'
|
14
|
+
gem 'simplecov'
|
15
|
+
end
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
pastore (0.0
|
4
|
+
pastore (0.1.0)
|
5
5
|
rails (>= 4.0)
|
6
6
|
|
7
7
|
GEM
|
@@ -78,6 +78,7 @@ GEM
|
|
78
78
|
crass (1.0.6)
|
79
79
|
date (3.3.2)
|
80
80
|
diff-lcs (1.5.0)
|
81
|
+
docile (1.4.0)
|
81
82
|
erubi (1.11.0)
|
82
83
|
faker (3.1.0)
|
83
84
|
i18n (>= 1.8.11, < 2)
|
@@ -96,7 +97,6 @@ GEM
|
|
96
97
|
marcel (1.0.2)
|
97
98
|
method_source (1.0.0)
|
98
99
|
mini_mime (1.1.2)
|
99
|
-
mini_portile2 (2.8.0)
|
100
100
|
minitest (5.17.0)
|
101
101
|
net-imap (0.3.2)
|
102
102
|
date
|
@@ -108,8 +108,7 @@ GEM
|
|
108
108
|
net-smtp (0.3.3)
|
109
109
|
net-protocol
|
110
110
|
nio4r (2.5.8)
|
111
|
-
nokogiri (1.13.10)
|
112
|
-
mini_portile2 (~> 2.8.0)
|
111
|
+
nokogiri (1.13.10-x86_64-linux)
|
113
112
|
racc (~> 1.4)
|
114
113
|
pry (0.14.2)
|
115
114
|
coderay (~> 1.1)
|
@@ -164,6 +163,12 @@ GEM
|
|
164
163
|
rspec-support (3.12.0)
|
165
164
|
shoulda-matchers (5.3.0)
|
166
165
|
activesupport (>= 5.2.0)
|
166
|
+
simplecov (0.22.0)
|
167
|
+
docile (~> 1.1)
|
168
|
+
simplecov-html (~> 0.11)
|
169
|
+
simplecov_json_formatter (~> 0.1)
|
170
|
+
simplecov-html (0.12.3)
|
171
|
+
simplecov_json_formatter (0.1.4)
|
167
172
|
thor (1.2.1)
|
168
173
|
timeout (0.3.1)
|
169
174
|
tzinfo (2.0.5)
|
@@ -183,6 +188,7 @@ DEPENDENCIES
|
|
183
188
|
rake
|
184
189
|
rspec-rails
|
185
190
|
shoulda-matchers
|
191
|
+
simplecov
|
186
192
|
|
187
193
|
BUNDLED WITH
|
188
194
|
2.3.24
|
data/README.md
CHANGED
@@ -1,229 +1,44 @@
|
|
1
1
|
# Pastore
|
2
2
|
|
3
|
+
[![Maintainability](https://api.codeclimate.com/v1/badges/8f203ba7696c063e9cd2/maintainability)](https://codeclimate.com/github/demetra-it/pastore/maintainability)
|
4
|
+
[![Test Coverage](https://api.codeclimate.com/v1/badges/8f203ba7696c063e9cd2/test_coverage)](https://codeclimate.com/github/demetra-it/pastore/test_coverage)
|
5
|
+
|
3
6
|
Pastore is a powerful gem for Rails that simplifies the process of validating parameters and controlling access to actions in your controllers.
|
4
7
|
With Pastore, you can easily define validations for your parameters, ensuring that they meet specific requirements before being passed to your controller actions.
|
5
8
|
Additionally, Pastore allows you to easily control access to your actions, ensuring that only authorized users can access sensitive information.
|
6
9
|
With its intuitive interface and robust features, Pastore is a must-have tool for any Rails developer looking to improve the security and reliability of their application.
|
7
10
|
|
8
|
-
##
|
9
|
-
|
10
|
-
Install the gem and add to the application's Gemfile by executing:
|
11
|
-
|
12
|
-
bundle add pastore
|
13
|
-
|
14
|
-
If bundler is not being used to manage dependencies, install the gem by executing:
|
15
|
-
|
16
|
-
gem install pastore
|
17
|
-
|
18
|
-
## Usage
|
19
|
-
|
20
|
-
Pastore gem implements 2 main features: `Guards` and `Validators`. Guards are intended to be used for action access control, while Validators are intended to be used for actions params validation.
|
21
|
-
|
22
|
-
### Guards usage
|
23
|
-
|
24
|
-
`Guards` feature allows you to define access control logic for actions in Rails controllers. To use the `Guards` you have to include `Pastore::Guards` into your Rails controller.
|
25
|
-
|
26
|
-
##### Setup
|
27
|
-
|
28
|
-
The best way to start using the `Guards` feature is to add the following code to your `ApplicationController`:
|
29
|
-
|
30
|
-
```ruby
|
31
|
-
# app/controllers/application_controller.rb
|
32
|
-
|
33
|
-
class ApplicationController < ActionController::API
|
34
|
-
include Pastore::Guards
|
35
|
-
|
36
|
-
# Specify the logic for current user's role detection, which will be used to check
|
37
|
-
# if current user is authorized to access a specific action.
|
38
|
-
detect_role do
|
39
|
-
current_user&.role
|
40
|
-
end
|
41
|
-
end
|
42
|
-
```
|
43
|
-
|
44
|
-
In this way all your controllers will inherit the authorization settings from `ApplicationController`. Then in your controller you can do something like this:
|
45
|
-
|
46
|
-
```ruby
|
47
|
-
class MyController < ApplicationController
|
48
|
-
# By default a :deny strategy is used, so with #permit_role we're going
|
49
|
-
# to specify which roles are allowed to access this action.
|
50
|
-
permit_role :admin, :user, :pm
|
51
|
-
def index
|
52
|
-
# ... action code ...
|
53
|
-
end
|
54
|
-
|
55
|
-
# Without a `permit_role` definition the access to this action will be denied to everyone.
|
56
|
-
def not_allowed_action
|
57
|
-
# ... action code ...
|
58
|
-
end
|
59
|
-
end
|
60
|
-
```
|
61
|
-
|
62
|
-
If you want to use `Guards` only in specific controllers, just include `Pastore::Guards` and define `detect_role` in your controller:
|
11
|
+
## Requirements
|
63
12
|
|
64
|
-
|
65
|
-
|
66
|
-
include Pastore::Guards
|
13
|
+
- Ruby >= 2.6
|
14
|
+
- Rails >= 5.x
|
67
15
|
|
68
|
-
|
69
|
-
current_user&.role
|
70
|
-
end
|
16
|
+
## Installation
|
71
17
|
|
72
|
-
|
73
|
-
def index
|
74
|
-
# ... action code ...
|
75
|
-
end
|
76
|
-
end
|
77
|
-
```
|
18
|
+
Install the gem and add to the application's Gemfile by executing:
|
78
19
|
|
79
|
-
|
80
|
-
|
81
|
-
If checking user's role is not enough, you can use the `authorize_with` helper, which will allow you to specify a custom access logic by providing a method name (where custom logic is defined) or a block to use for access verification. As a result your block or method should return `true` if access is granted, or `false` otherwise.
|
82
|
-
|
83
|
-
```ruby
|
84
|
-
class MyController < ApplicationController
|
85
|
-
# You can override the role detection logic inside a controller if it's necessary by
|
86
|
-
# using the `detect_role` helper.
|
87
|
-
detect_role do
|
88
|
-
current_user&.selected_role
|
89
|
-
end
|
90
|
-
|
91
|
-
# If you want to use a custom/dynamic authorization logic, you can
|
92
|
-
# specify your own implementation in a method.
|
93
|
-
authorize_with :custom_authorization
|
94
|
-
def index
|
95
|
-
# ... action code ...
|
96
|
-
end
|
97
|
-
|
98
|
-
# You can also specify the authorization logic in a block.
|
99
|
-
authorize_with { custom_authorized? }
|
100
|
-
def show
|
101
|
-
# ... action code ...
|
102
|
-
end
|
103
|
-
|
104
|
-
# Allow only users with `admin` role to access this action.
|
105
|
-
permit_role :admin
|
106
|
-
def update
|
107
|
-
end
|
108
|
-
|
109
|
-
private
|
110
|
-
|
111
|
-
# Specify a custom authorization logic (return `true` if successful and `false` when forbidden).
|
112
|
-
def custom_authorization
|
113
|
-
# ... your custom authorization logic here ...
|
114
|
-
end
|
115
|
-
end
|
20
|
+
```bash
|
21
|
+
bundle add pastore
|
116
22
|
```
|
117
23
|
|
118
|
-
|
119
|
-
|
120
|
-
**!!! WARNING !!!** Be careful when using `allow` strategy, because when enabled it grants access to every action in the controller, which could potentially lead to security issues.
|
121
|
-
|
122
|
-
By default `Pastore::Guards` will use `deny` strategy, which means that the access is denied by default, and the only way to access it is through explicit authorization.
|
123
|
-
|
124
|
-
Sometimes you might prefer a `allow` strategy instead, in order to allow access to any action within the controller, and manually restrict access to specified actions and roles.
|
125
|
-
|
126
|
-
For doing so you can use `use_allow_strategy!`, which changes the default strategy. In this case you should use `deny_role` to disable the access for a specific role or overwrite authorization strategy for specific actions with `authorize_with` helper.
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
```ruby
|
131
|
-
class MyController < ApplicationController
|
132
|
-
# By default allow access to any action within the controller by any role.
|
133
|
-
use_allow_strategy!
|
134
|
-
|
135
|
-
# In this case we're using the :allow strategy, so if we want to exclude a specific role
|
136
|
-
# we can do it by using #deny_role method.
|
137
|
-
deny_role :user
|
138
|
-
def index
|
139
|
-
# ... action code ...
|
140
|
-
end
|
141
|
-
|
142
|
-
# Check access by using a custom method
|
143
|
-
authorize_with :custom_autorization
|
144
|
-
def restricted_access_action
|
145
|
-
# ... action code ...
|
146
|
-
end
|
147
|
-
|
148
|
-
# Check access by using a block
|
149
|
-
authorize_with { current_user&.role == 'admin' }
|
150
|
-
def restricted_access_action2
|
151
|
-
# ... action code ...
|
152
|
-
end
|
153
|
-
|
154
|
-
private
|
24
|
+
If bundler is not being used to manage dependencies, install the gem by executing:
|
155
25
|
|
156
|
-
|
157
|
-
|
158
|
-
# ... custom authorization logic ...
|
159
|
-
end
|
160
|
-
end
|
26
|
+
```bash
|
27
|
+
gem install pastore
|
161
28
|
```
|
162
29
|
|
163
|
-
|
164
|
-
|
165
|
-
Sometime you may want to disable the `Guards` feature for specific actions. For doing so you can use the `skip_guards` helper, which allows you to specify the list of actions for which guards check have to be disabled. In the example below the access to `index` and `show` actions is granted by `skip_guards` which bypasses the guards check. `skip_guards` have priority over `permit_role`, `deny_role` and `authorize_with`, so using those helpers on actions with disabled guards will have no effect and the access will be granted anyway.
|
166
|
-
|
167
|
-
```ruby
|
168
|
-
class CustomController < ApplicationController
|
169
|
-
use_deny_strategy!
|
170
|
-
skip_guards :index, :show
|
30
|
+
## Usage
|
171
31
|
|
172
|
-
|
173
|
-
# ... action code ...
|
174
|
-
end
|
32
|
+
Pastore gem implements 2 main features: `Guards` and `Params`. Guards are intended to be used for action access control, while `Params` are intended to be used for actions params validation.
|
175
33
|
|
176
|
-
|
177
|
-
def show
|
178
|
-
# ... action code ...
|
179
|
-
end
|
180
|
-
end
|
181
|
-
```
|
182
|
-
|
183
|
-
You can also use `skip_guards` helper with `:except` key, which is useful when you need to disable
|
184
|
-
guards for all the actions except a few:
|
185
|
-
|
186
|
-
```ruby
|
187
|
-
class CustomController < ApplicationController
|
188
|
-
# disable guards for :action_one and :action_two
|
189
|
-
skip_guards except: %i[action_one action_two]
|
190
|
-
|
191
|
-
# Guards DISABLED
|
192
|
-
def index
|
193
|
-
# ... action code ...
|
194
|
-
end
|
195
|
-
|
196
|
-
# Guards ENABLED
|
197
|
-
def action_one
|
198
|
-
# ... action code ...
|
199
|
-
end
|
200
|
-
|
201
|
-
# Guards ENABLED
|
202
|
-
def action_two
|
203
|
-
# ... action code ...
|
204
|
-
end
|
205
|
-
|
206
|
-
# Guards DISABLED
|
207
|
-
def action_three
|
208
|
-
# ... action code ...
|
209
|
-
end
|
210
|
-
end
|
211
|
-
```
|
34
|
+
You can find more about `Params` and `Guards` by following the links below:
|
212
35
|
|
213
|
-
|
36
|
+
* **[Guards docs](./docs/Guards.md)**
|
37
|
+
* **[Params docs](./docs/Params.md)**
|
214
38
|
|
215
|
-
|
216
|
-
your Rails Controller.
|
39
|
+
## `Pastore::Params` usage
|
217
40
|
|
218
|
-
|
219
|
-
|--------|-------------|
|
220
|
-
| `use_deny_strategy!` | Set to `deny` the default authorization strategy, which meands that by default the access to the actions will be denied |
|
221
|
-
| `use_allow_strategy!` | Set to `allow` the default authorization strategy, which automatically authorizes the access to all the actions. **!!! WARNING !!!** Be careful when using `allow` strategy, because that way any user can access any action of your controller, including guest users if not filtered before. |
|
222
|
-
| `detect_role(&block)` | Allows to specify the logic for user role detection. This block will be automatically called to get current user's role information. |
|
223
|
-
| `permit_role(*roles)` | Specifies the roles that are allowed to access the action that follows. |
|
224
|
-
| `deny_role(*roles)` | Specifies the roles that are not allowed to access the action that follows. |
|
225
|
-
| <code>authorize_with(Symbol\|&block)</code> | Allows to specify a custom authorization logic to use for action access check. Accepts a method name or a block. |
|
226
|
-
| <code>skip_guards(*Symbol\|*String, except: *Symbol\|*String)</code> | Allows to disable guards for specific actions. Accepts a list of actions for which to disable guards (e.g. `skip_guards :index, 'show'`), but can be also used to disable guards for all the actions except specified (e.g. `skip_guards except: :index`). |
|
41
|
+
`Pastore::Params` is the module that provides the features for params validation in Rails controllers. It allows you to define the params with their data type (`string`, `number`, `boolean`, `date` and `object`), specify which params are mandatory and cannot be blank.
|
227
42
|
|
228
43
|
## Contributing
|
229
44
|
|
data/docs/Guards.md
ADDED
@@ -0,0 +1,203 @@
|
|
1
|
+
# `Pastore::Guards`
|
2
|
+
|
3
|
+
`Guards` feature allows you to define access control logic for actions in Rails controllers. To use the `Guards` you have to include `Pastore::Guards` into your Rails controller.
|
4
|
+
|
5
|
+
## Setup
|
6
|
+
|
7
|
+
The best way to start using the `Guards` feature is to add the following code to your `ApplicationController`:
|
8
|
+
|
9
|
+
```ruby
|
10
|
+
# app/controllers/application_controller.rb
|
11
|
+
|
12
|
+
class ApplicationController < ActionController::API
|
13
|
+
include Pastore::Guards
|
14
|
+
|
15
|
+
# Specify the logic for current user's role detection, which will be used to check
|
16
|
+
# if current user is authorized to access a specific action.
|
17
|
+
detect_role do
|
18
|
+
current_user&.role
|
19
|
+
end
|
20
|
+
end
|
21
|
+
```
|
22
|
+
|
23
|
+
In this way all your controllers will inherit the authorization settings from `ApplicationController`. Then in your controller you can do something like this:
|
24
|
+
|
25
|
+
```ruby
|
26
|
+
class MyController < ApplicationController
|
27
|
+
# By default a :deny strategy is used, so with #permit_role we're going
|
28
|
+
# to specify which roles are allowed to access this action.
|
29
|
+
permit_role :admin, :user, :pm
|
30
|
+
def index
|
31
|
+
# ... action code ...
|
32
|
+
end
|
33
|
+
|
34
|
+
# Without a `permit_role` definition the access to this action will be denied to everyone.
|
35
|
+
def not_allowed_action
|
36
|
+
# ... action code ...
|
37
|
+
end
|
38
|
+
end
|
39
|
+
```
|
40
|
+
|
41
|
+
If you want to use `Guards` only in specific controllers, just include `Pastore::Guards` and define `detect_role` in your controller:
|
42
|
+
|
43
|
+
```ruby
|
44
|
+
class CustomController < ApplicationController
|
45
|
+
include Pastore::Guards
|
46
|
+
|
47
|
+
detect_role do
|
48
|
+
current_user&.role
|
49
|
+
end
|
50
|
+
|
51
|
+
permit_role :admin, :supervisor
|
52
|
+
def index
|
53
|
+
# ... action code ...
|
54
|
+
end
|
55
|
+
end
|
56
|
+
```
|
57
|
+
|
58
|
+
## Custom authorization logic
|
59
|
+
|
60
|
+
If checking user's role is not enough, you can use the `authorize_with` helper, which will allow you to specify a custom access logic by providing a method name (where custom logic is defined) or a block to use for access verification. As a result your block or method should return `true` if access is granted, or `false` otherwise.
|
61
|
+
|
62
|
+
```ruby
|
63
|
+
class MyController < ApplicationController
|
64
|
+
# You can override the role detection logic inside a controller if it's necessary by
|
65
|
+
# using the `detect_role` helper.
|
66
|
+
detect_role do
|
67
|
+
current_user&.selected_role
|
68
|
+
end
|
69
|
+
|
70
|
+
# If you want to use a custom/dynamic authorization logic, you can
|
71
|
+
# specify your own implementation in a method.
|
72
|
+
authorize_with :custom_authorization
|
73
|
+
def index
|
74
|
+
# ... action code ...
|
75
|
+
end
|
76
|
+
|
77
|
+
# You can also specify the authorization logic in a block.
|
78
|
+
authorize_with { custom_authorized? }
|
79
|
+
def show
|
80
|
+
# ... action code ...
|
81
|
+
end
|
82
|
+
|
83
|
+
# Allow only users with `admin` role to access this action.
|
84
|
+
permit_role :admin
|
85
|
+
def update
|
86
|
+
end
|
87
|
+
|
88
|
+
private
|
89
|
+
|
90
|
+
# Specify a custom authorization logic (return `true` if successful and `false` when forbidden).
|
91
|
+
def custom_authorization
|
92
|
+
# ... your custom authorization logic here ...
|
93
|
+
end
|
94
|
+
end
|
95
|
+
```
|
96
|
+
|
97
|
+
## Using `allow` strategy
|
98
|
+
|
99
|
+
**!!! WARNING !!!** Be careful when using `allow` strategy, because when enabled it grants access to every action in the controller, which could potentially lead to security issues.
|
100
|
+
|
101
|
+
By default `Pastore::Guards` will use `deny` strategy, which means that the access is denied by default, and the only way to access it is through explicit authorization.
|
102
|
+
|
103
|
+
Sometimes you might prefer a `allow` strategy instead, in order to allow access to any action within the controller, and manually restrict access to specified actions and roles.
|
104
|
+
|
105
|
+
For doing so you can use `use_allow_strategy!`, which changes the default strategy. In this case you should use `deny_role` to disable the access for a specific role or overwrite authorization strategy for specific actions with `authorize_with` helper.
|
106
|
+
|
107
|
+
```ruby
|
108
|
+
class MyController < ApplicationController
|
109
|
+
# By default allow access to any action within the controller by any role.
|
110
|
+
use_allow_strategy!
|
111
|
+
|
112
|
+
# In this case we're using the :allow strategy, so if we want to exclude a specific role
|
113
|
+
# we can do it by using #deny_role method.
|
114
|
+
deny_role :user
|
115
|
+
def index
|
116
|
+
# ... action code ...
|
117
|
+
end
|
118
|
+
|
119
|
+
# Check access by using a custom method
|
120
|
+
authorize_with :custom_autorization
|
121
|
+
def restricted_access_action
|
122
|
+
# ... action code ...
|
123
|
+
end
|
124
|
+
|
125
|
+
# Check access by using a block
|
126
|
+
authorize_with { current_user&.role == 'admin' }
|
127
|
+
def restricted_access_action2
|
128
|
+
# ... action code ...
|
129
|
+
end
|
130
|
+
|
131
|
+
private
|
132
|
+
|
133
|
+
# Specify a custom authorization logic (return `true` if successful and `false` when forbidden).
|
134
|
+
def custom_autorization
|
135
|
+
# ... custom authorization logic ...
|
136
|
+
end
|
137
|
+
end
|
138
|
+
```
|
139
|
+
|
140
|
+
## Using `skip_guards`
|
141
|
+
|
142
|
+
Sometime you may want to disable the `Guards` feature for specific actions. For doing so you can use the `skip_guards` helper, which allows you to specify the list of actions for which guards check have to be disabled. In the example below the access to `index` and `show` actions is granted by `skip_guards` which bypasses the guards check. `skip_guards` have priority over `permit_role`, `deny_role` and `authorize_with`, so using those helpers on actions with disabled guards will have no effect and the access will be granted anyway.
|
143
|
+
|
144
|
+
```ruby
|
145
|
+
class CustomController < ApplicationController
|
146
|
+
use_deny_strategy!
|
147
|
+
skip_guards :index, :show
|
148
|
+
|
149
|
+
def index
|
150
|
+
# ... action code ...
|
151
|
+
end
|
152
|
+
|
153
|
+
authorize_with { false } # this will be ignored because of `skip_guards`
|
154
|
+
def show
|
155
|
+
# ... action code ...
|
156
|
+
end
|
157
|
+
end
|
158
|
+
```
|
159
|
+
|
160
|
+
You can also use `skip_guards` helper with `:except` key, which is useful when you need to disable
|
161
|
+
guards for all the actions except a few:
|
162
|
+
|
163
|
+
```ruby
|
164
|
+
class CustomController < ApplicationController
|
165
|
+
# disable guards for :action_one and :action_two
|
166
|
+
skip_guards except: %i[action_one action_two]
|
167
|
+
|
168
|
+
# Guards DISABLED
|
169
|
+
def index
|
170
|
+
# ... action code ...
|
171
|
+
end
|
172
|
+
|
173
|
+
# Guards ENABLED
|
174
|
+
def action_one
|
175
|
+
# ... action code ...
|
176
|
+
end
|
177
|
+
|
178
|
+
# Guards ENABLED
|
179
|
+
def action_two
|
180
|
+
# ... action code ...
|
181
|
+
end
|
182
|
+
|
183
|
+
# Guards DISABLED
|
184
|
+
def action_three
|
185
|
+
# ... action code ...
|
186
|
+
end
|
187
|
+
end
|
188
|
+
```
|
189
|
+
|
190
|
+
## `Pastore::Guards` features
|
191
|
+
|
192
|
+
Below you can find the list of methods implemented by `Pastore::Guards`, that can be used inside
|
193
|
+
your Rails Controller.
|
194
|
+
|
195
|
+
| Method | Description |
|
196
|
+
|--------|-------------|
|
197
|
+
| `use_deny_strategy!` | Set to `deny` the default authorization strategy, which meands that by default the access to the actions will be denied |
|
198
|
+
| `use_allow_strategy!` | Set to `allow` the default authorization strategy, which automatically authorizes the access to all the actions. **!!! WARNING !!!** Be careful when using `allow` strategy, because that way any user can access any action of your controller, including guest users if not filtered before. |
|
199
|
+
| `detect_role(&block)` | Allows to specify the logic for user role detection. This block will be automatically called to get current user's role information. |
|
200
|
+
| `permit_role(*roles)` | Specifies the roles that are allowed to access the action that follows. |
|
201
|
+
| `deny_role(*roles)` | Specifies the roles that are not allowed to access the action that follows. |
|
202
|
+
| <code>authorize_with(Symbol\|&block)</code> | Allows to specify a custom authorization logic to use for action access check. Accepts a method name or a block. |
|
203
|
+
| <code>skip_guards(*Symbol\|*String, except: *Symbol\|*String)</code> | Allows to disable guards for specific actions. Accepts a list of actions for which to disable guards (e.g. `skip_guards :index, 'show'`), but can be also used to disable guards for all the actions except specified (e.g. `skip_guards except: :index`). |
|