perm 0.0.5 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/lib/perm.rb +1 -5
- data/lib/perm/authorized.rb +26 -0
- data/lib/perm/version.rb +1 -1
- data/test/authorized_test.rb +98 -0
- data/test/models/authorized_user.rb +21 -0
- data/test/models/post.rb +10 -0
- data/test/models/user.rb +8 -0
- data/test/test_helper.rb +3 -1
- metadata +12 -24
- data/lib/perm/authorizer.rb +0 -27
- data/lib/perm/has_authorizer.rb +0 -22
- data/test/authorizer_test.rb +0 -125
- data/test/has_authorizer_test.rb +0 -38
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 88464cb2a42334cfe41eaefff549a5540dd614c50c4abf56f0848499df000be3
|
|
4
|
+
data.tar.gz: a1521032d32ce3d7235cd2f3bbf5d773e055f36ad38fbe3407705164eeefbcff
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6dfe71caf7635f9bc942bd0fae56cec5fa96d06a59f8997cf98d34d23e720d27bd0ebd23788feb90e5dd48fce920c321645ffc178579e8936014e5485fc1e4e7
|
|
7
|
+
data.tar.gz: 3d4797fcb07927bf38a6ac2a65620e05f4fc586b9e5be163ac10bf81193bee67ae57048a7498674dc16260605e7ff7584ba346fe08d8c1178733ebeece6350dc
|
data/lib/perm.rb
CHANGED
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
require "delegate"
|
|
2
|
+
|
|
3
|
+
class Perm::Authorized < SimpleDelegator
|
|
4
|
+
attr_reader :user
|
|
5
|
+
|
|
6
|
+
def initialize(user)
|
|
7
|
+
raise ArgumentError.new("user cannot be nil") if user.nil?
|
|
8
|
+
super @user = user
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def method_missing(name, *args)
|
|
12
|
+
return false if can_method?(name)
|
|
13
|
+
super
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def respond_to?(name)
|
|
17
|
+
return true if can_method?(name)
|
|
18
|
+
super
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
protected
|
|
22
|
+
|
|
23
|
+
def can_method?(name)
|
|
24
|
+
!!(name.to_s =~ /\Acan_.+\?\z/)
|
|
25
|
+
end
|
|
26
|
+
end
|
data/lib/perm/version.rb
CHANGED
|
@@ -0,0 +1,98 @@
|
|
|
1
|
+
require_relative "test_helper"
|
|
2
|
+
|
|
3
|
+
module Perm
|
|
4
|
+
class AuthorizedTest < PryTest::Test
|
|
5
|
+
|
|
6
|
+
before do
|
|
7
|
+
@mary = User.new(roles: [:admin])
|
|
8
|
+
@authorized_mary = AuthorizedUser.new(@mary)
|
|
9
|
+
|
|
10
|
+
john = User.new(roles: [:editor, :writer])
|
|
11
|
+
@authorized_john = AuthorizedUser.new(john)
|
|
12
|
+
|
|
13
|
+
beth = User.new(roles: [:writer])
|
|
14
|
+
@post = Post.new(user: beth, title: "Authorization made easy")
|
|
15
|
+
@authorized_beth = AuthorizedUser.new(beth)
|
|
16
|
+
|
|
17
|
+
drew = User.new(roles: [])
|
|
18
|
+
@authorized_drew = AuthorizedUser.new(drew)
|
|
19
|
+
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
test "cannot wrap nil" do
|
|
23
|
+
begin
|
|
24
|
+
AuthorizedUser.new nil
|
|
25
|
+
rescue ArgumentError => error
|
|
26
|
+
end
|
|
27
|
+
assert error
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
test "authorizers respond to all can_*? methods" do
|
|
31
|
+
assert @authorized_mary.respond_to?(:can_perform_magic?)
|
|
32
|
+
assert !@authorized_mary.can_perform_magic?
|
|
33
|
+
assert !@authorized_mary.respond_to?(:can_do_anything)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
test "authorizers expose the wrapped user" do
|
|
37
|
+
assert @authorized_mary.user == @mary
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
test "authorizers forward non-can_*? messages to wrapped object" do
|
|
41
|
+
assert @authorized_mary.posts.is_a?(Array)
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
test "mary can read" do
|
|
45
|
+
assert @authorized_mary.can_read?(@post)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
test "mary can update" do
|
|
49
|
+
assert @authorized_mary.can_update?(@post)
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
test "mary can delete" do
|
|
53
|
+
assert @authorized_mary.can_delete?(@post)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
test "john can read" do
|
|
57
|
+
assert @authorized_john.can_read?(@post)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
test "john can update" do
|
|
61
|
+
assert @authorized_john.can_update?(@post)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
test "john cannot delete" do
|
|
65
|
+
assert !@authorized_john.can_delete?(@post)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
test "beth can read" do
|
|
69
|
+
assert @authorized_beth.can_read?(@post)
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
test "beth can update" do
|
|
73
|
+
assert @authorized_beth.can_update?(@post)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
test "beth can delete" do
|
|
77
|
+
assert @authorized_beth.can_delete?(@post)
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
test "drew cannot read" do
|
|
81
|
+
assert !@authorized_drew.can_read?(@post)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
test "drew cannot update" do
|
|
85
|
+
assert !@authorized_drew.can_update?(@post)
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
test "drew cannot delete" do
|
|
89
|
+
assert !@authorized_drew.can_delete?(@post)
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
test "drew can read after published" do
|
|
93
|
+
@post.published = true
|
|
94
|
+
assert @authorized_drew.can_read?(@post)
|
|
95
|
+
end
|
|
96
|
+
|
|
97
|
+
end
|
|
98
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
require_relative "../../lib/perm"
|
|
2
|
+
|
|
3
|
+
class AuthorizedUser < Perm::Authorized
|
|
4
|
+
def can_read?(post)
|
|
5
|
+
return true if user.roles.include?(:admin)
|
|
6
|
+
return true if user.roles.include?(:editor)
|
|
7
|
+
return true if user == post.user
|
|
8
|
+
post.published
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def can_update?(post)
|
|
12
|
+
return true if user.roles.include?(:admin)
|
|
13
|
+
return true if user.roles.include?(:editor)
|
|
14
|
+
user == post.user
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def can_delete?(post)
|
|
18
|
+
return true if user.roles.include?(:admin)
|
|
19
|
+
user == post.user
|
|
20
|
+
end
|
|
21
|
+
end
|
data/test/models/post.rb
ADDED
data/test/models/user.rb
ADDED
data/test/test_helper.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: perm
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Hopkins
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|
|
@@ -24,20 +24,6 @@ dependencies:
|
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '0'
|
|
27
|
-
- !ruby/object:Gem::Dependency
|
|
28
|
-
name: roleup
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - ">="
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '0'
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - ">="
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '0'
|
|
41
27
|
- !ruby/object:Gem::Dependency
|
|
42
28
|
name: pry-test
|
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -74,11 +60,12 @@ extensions: []
|
|
|
74
60
|
extra_rdoc_files: []
|
|
75
61
|
files:
|
|
76
62
|
- lib/perm.rb
|
|
77
|
-
- lib/perm/
|
|
78
|
-
- lib/perm/has_authorizer.rb
|
|
63
|
+
- lib/perm/authorized.rb
|
|
79
64
|
- lib/perm/version.rb
|
|
80
|
-
- test/
|
|
81
|
-
- test/
|
|
65
|
+
- test/authorized_test.rb
|
|
66
|
+
- test/models/authorized_user.rb
|
|
67
|
+
- test/models/post.rb
|
|
68
|
+
- test/models/user.rb
|
|
82
69
|
- test/test_helper.rb
|
|
83
70
|
homepage: https://github.com/hopsoft/perm
|
|
84
71
|
licenses:
|
|
@@ -100,12 +87,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
100
87
|
version: '0'
|
|
101
88
|
requirements: []
|
|
102
89
|
rubyforge_project:
|
|
103
|
-
rubygems_version: 2.
|
|
90
|
+
rubygems_version: 2.7.3
|
|
104
91
|
signing_key:
|
|
105
92
|
specification_version: 4
|
|
106
93
|
summary: Simple permission management
|
|
107
94
|
test_files:
|
|
108
|
-
- test/
|
|
109
|
-
- test/
|
|
95
|
+
- test/authorized_test.rb
|
|
96
|
+
- test/models/authorized_user.rb
|
|
97
|
+
- test/models/post.rb
|
|
98
|
+
- test/models/user.rb
|
|
110
99
|
- test/test_helper.rb
|
|
111
|
-
has_rdoc:
|
data/lib/perm/authorizer.rb
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
require "delegate"
|
|
2
|
-
|
|
3
|
-
module Perm
|
|
4
|
-
class Authorizer < SimpleDelegator
|
|
5
|
-
attr_reader :user
|
|
6
|
-
|
|
7
|
-
def initialize(user)
|
|
8
|
-
super @user = user
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def method_missing(name, *args)
|
|
12
|
-
return false if can_method?(name)
|
|
13
|
-
super
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def respond_to?(name)
|
|
17
|
-
return true if can_method?(name)
|
|
18
|
-
super
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
protected
|
|
22
|
-
|
|
23
|
-
def can_method?(name)
|
|
24
|
-
!!(name.to_s =~ /\Acan_.+\?\z/)
|
|
25
|
-
end
|
|
26
|
-
end
|
|
27
|
-
end
|
data/lib/perm/has_authorizer.rb
DELETED
|
@@ -1,22 +0,0 @@
|
|
|
1
|
-
require "forwardable"
|
|
2
|
-
|
|
3
|
-
module Perm
|
|
4
|
-
module HasAuthorizer
|
|
5
|
-
extend Forwardable
|
|
6
|
-
def_delegators :"self.class", :authorizer_class, :user_method
|
|
7
|
-
|
|
8
|
-
def self.included(mod)
|
|
9
|
-
class << mod
|
|
10
|
-
attr_reader :authorizer_class, :user_method
|
|
11
|
-
def authorizes_with(klass, user_method)
|
|
12
|
-
@authorizer_class = klass
|
|
13
|
-
@user_method = user_method
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
def authorized_user
|
|
19
|
-
@authorized_user ||= authorizer_class.new(send(user_method))
|
|
20
|
-
end
|
|
21
|
-
end
|
|
22
|
-
end
|
data/test/authorizer_test.rb
DELETED
|
@@ -1,125 +0,0 @@
|
|
|
1
|
-
require_relative "test_helper"
|
|
2
|
-
|
|
3
|
-
module Perm
|
|
4
|
-
class AuthorizerTest < PryTest::Test
|
|
5
|
-
class User
|
|
6
|
-
include Roleup::HasRoles
|
|
7
|
-
attr_reader :posts
|
|
8
|
-
|
|
9
|
-
def initialize
|
|
10
|
-
@posts = []
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
class Post
|
|
15
|
-
attr_accessor :user, :title, :published
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
class PostAuthorizer < Perm::Authorizer
|
|
19
|
-
def can_read?(post)
|
|
20
|
-
return true if user.has_one_role?(:admin, :editor)
|
|
21
|
-
return true if user == post.user
|
|
22
|
-
post.published
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def can_update?(post)
|
|
26
|
-
return true if user.has_one_role?(:admin, :editor)
|
|
27
|
-
user == post.user
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
def can_delete?(post)
|
|
31
|
-
return true if user.has_role?(:admin)
|
|
32
|
-
user == post.user
|
|
33
|
-
end
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
before do
|
|
37
|
-
@umary = User.new
|
|
38
|
-
@umary.roles = [:admin]
|
|
39
|
-
@mary = PostAuthorizer.new(@umary)
|
|
40
|
-
|
|
41
|
-
john = User.new
|
|
42
|
-
john.roles = [:editor, :writer]
|
|
43
|
-
@john = PostAuthorizer.new(john)
|
|
44
|
-
|
|
45
|
-
beth = User.new
|
|
46
|
-
beth.roles = [:writer]
|
|
47
|
-
@beth = PostAuthorizer.new(beth)
|
|
48
|
-
|
|
49
|
-
@drew = PostAuthorizer.new(User.new)
|
|
50
|
-
|
|
51
|
-
@post = Post.new
|
|
52
|
-
@post.title = "Authorization made easy"
|
|
53
|
-
@post.user = beth
|
|
54
|
-
beth.posts << @post
|
|
55
|
-
end
|
|
56
|
-
|
|
57
|
-
test "authorizers respond to all can_*? methods" do
|
|
58
|
-
assert @mary.respond_to?(:can_perform_magic?)
|
|
59
|
-
assert !@mary.can_perform_magic?
|
|
60
|
-
assert !@mary.respond_to?(:can_do_anything)
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
test "authorizers expose the wrapped user" do
|
|
64
|
-
assert @mary.user == @umary
|
|
65
|
-
end
|
|
66
|
-
|
|
67
|
-
test "authorizers forward non-can_*? messages to wrapped object" do
|
|
68
|
-
assert @mary.posts.is_a?(Array)
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
test "mary can read" do
|
|
72
|
-
assert @mary.can_read?(@post)
|
|
73
|
-
end
|
|
74
|
-
|
|
75
|
-
test "mary can update" do
|
|
76
|
-
assert @mary.can_update?(@post)
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
test "mary can delete" do
|
|
80
|
-
assert @mary.can_delete?(@post)
|
|
81
|
-
end
|
|
82
|
-
|
|
83
|
-
test "john can read" do
|
|
84
|
-
assert @john.can_read?(@post)
|
|
85
|
-
end
|
|
86
|
-
|
|
87
|
-
test "john can update" do
|
|
88
|
-
assert @john.can_update?(@post)
|
|
89
|
-
end
|
|
90
|
-
|
|
91
|
-
test "john cannot delete" do
|
|
92
|
-
assert !@john.can_delete?(@post)
|
|
93
|
-
end
|
|
94
|
-
|
|
95
|
-
test "beth can read" do
|
|
96
|
-
assert @beth.can_read?(@post)
|
|
97
|
-
end
|
|
98
|
-
|
|
99
|
-
test "beth can update" do
|
|
100
|
-
assert @beth.can_update?(@post)
|
|
101
|
-
end
|
|
102
|
-
|
|
103
|
-
test "beth can delete" do
|
|
104
|
-
assert @beth.can_delete?(@post)
|
|
105
|
-
end
|
|
106
|
-
|
|
107
|
-
test "drew cannot read" do
|
|
108
|
-
assert !@drew.can_read?(@post)
|
|
109
|
-
end
|
|
110
|
-
|
|
111
|
-
test "drew cannot update" do
|
|
112
|
-
assert !@drew.can_update?(@post)
|
|
113
|
-
end
|
|
114
|
-
|
|
115
|
-
test "drew cannot delete" do
|
|
116
|
-
assert !@drew.can_delete?(@post)
|
|
117
|
-
end
|
|
118
|
-
|
|
119
|
-
test "drew can read after published" do
|
|
120
|
-
@post.published = true
|
|
121
|
-
assert @drew.can_read?(@post)
|
|
122
|
-
end
|
|
123
|
-
|
|
124
|
-
end
|
|
125
|
-
end
|
data/test/has_authorizer_test.rb
DELETED
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
require_relative "test_helper"
|
|
2
|
-
|
|
3
|
-
module Perm
|
|
4
|
-
class HasAuthorizerTest < PryTest::Test
|
|
5
|
-
|
|
6
|
-
class ExampleAuthorizer < Authorizer
|
|
7
|
-
def can_view?(object)
|
|
8
|
-
user[:roles].include? :viewer
|
|
9
|
-
end
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
class Example
|
|
13
|
-
include HasAuthorizer
|
|
14
|
-
authorizes_with ExampleAuthorizer, :current_user
|
|
15
|
-
|
|
16
|
-
attr_writer :current_user
|
|
17
|
-
def current_user
|
|
18
|
-
@current_user ||= { roles: [:viewer] }
|
|
19
|
-
end
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
before do
|
|
23
|
-
@example = Example.new
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
test "viewer can view" do
|
|
27
|
-
assert @example.authorized_user.can_view?({})
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
test "non-viewer cannot view" do
|
|
31
|
-
example = Example.new
|
|
32
|
-
example.current_user = { roles: [:other] }
|
|
33
|
-
assert !example.authorized_user.can_view?({})
|
|
34
|
-
end
|
|
35
|
-
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
|