permisi 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/Gemfile +0 -1
- data/Gemfile.lock +2 -2
- data/README.md +19 -19
- data/lib/permisi/backend/active_record/actor.rb +1 -1
- data/lib/permisi/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '082297c3c88cb77bf0fe05e8c855d27d8bd5293c7db4d55cc3f0a6e0b982ac84'
|
4
|
+
data.tar.gz: caa2bef94cfaba331a10e5f27ee45c0d8256690139f3de39447d1d515ad3daa0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: c06509c2a113376920a1f41f6382f2542642c5ca83a1f37b330b28474f426566a3a526942417345a6ba7c4860dc87cd4744c669f2535f15f25f216cec61cf5b6
|
7
|
+
data.tar.gz: 2f497885ec26787708b26900576d95c5ee2ff127b1d48f14560ddd5826edfcc0c01bbd6018a06bc05212e8ab73495cdbe1d1979902acefcfa88c34d9e819ddbe
|
data/CHANGELOG.md
CHANGED
@@ -1,12 +1,23 @@
|
|
1
1
|
# Changelog
|
2
2
|
|
3
|
+
# 0.1.3
|
4
|
+
|
5
|
+
[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.3/README.md)
|
6
|
+
|
7
|
+
- Correct grammars and examples in the docs
|
8
|
+
- Change actor permissions cache key
|
9
|
+
|
3
10
|
# 0.1.2
|
4
11
|
|
12
|
+
[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.2/README.md)
|
13
|
+
|
5
14
|
- Fix namespaces/actions should no longer contain periods
|
6
15
|
- Implement cache config for faster access to actor permissions
|
7
16
|
|
8
17
|
# 0.1.1
|
9
18
|
|
19
|
+
[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.1/README.md)
|
20
|
+
|
10
21
|
- General code refactoring
|
11
22
|
- Improvements on ActiveRecord backend:
|
12
23
|
- Code refactoring
|
@@ -14,6 +25,8 @@
|
|
14
25
|
|
15
26
|
# 0.1.0
|
16
27
|
|
28
|
+
[_View the docs._](https://github.com/ukazap/permisi/blob/v0.1.0/README.md)
|
29
|
+
|
17
30
|
Finished extraction work from my past projects.
|
18
31
|
|
19
32
|
- Implement ActiveRecord backend
|
@@ -22,4 +35,6 @@ Finished extraction work from my past projects.
|
|
22
35
|
|
23
36
|
# 0.0.1
|
24
37
|
|
38
|
+
[_View the docs._](https://github.com/ukazap/permisi/blob/v0.0.1/README.md)
|
39
|
+
|
25
40
|
Reserved the gem name: https://en.wiktionary.org/wiki/permisi
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
permisi (0.1.
|
4
|
+
permisi (0.1.3)
|
5
5
|
activemodel (>= 3.2.0)
|
6
6
|
activerecord (>= 3.2.0)
|
7
7
|
activesupport (>= 3.2.0)
|
@@ -51,7 +51,7 @@ GEM
|
|
51
51
|
diff-lcs (>= 1.2.0, < 2.0)
|
52
52
|
rspec-support (~> 3.10.0)
|
53
53
|
rspec-support (3.10.2)
|
54
|
-
rubocop (1.
|
54
|
+
rubocop (1.10.0)
|
55
55
|
parallel (~> 1.10)
|
56
56
|
parser (>= 3.0.0.0)
|
57
57
|
rainbow (>= 2.2.2, < 4.0)
|
data/README.md
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
If you're viewing this at https://github.com/ukazap/permisi, you're reading the documentation for the main branch. [Go to specific version.](https://github.com/ukazap/permisi/
|
1
|
+
If you're viewing this at https://github.com/ukazap/permisi, you're reading the documentation for the main branch. [Go to specific version.](https://github.com/ukazap/permisi/blob/main/CHANGELOG.md)
|
2
2
|
|
3
3
|
<table>
|
4
4
|
<tr>
|
@@ -142,12 +142,12 @@ admin_role = Permisi.roles.create(slug: :admin, name: "Administrator", permissio
|
|
142
142
|
})
|
143
143
|
|
144
144
|
# Ask specific role permission
|
145
|
-
admin_role.allows?
|
145
|
+
admin_role.allows?("books.delete") # == false
|
146
146
|
|
147
147
|
# Update existing role
|
148
|
-
|
149
|
-
|
150
|
-
admin_role.allows?
|
148
|
+
admin_role.permissions[:books].merge!({ delete: true })
|
149
|
+
admin_role.save
|
150
|
+
admin_role.allows?("books.delete") # == true
|
151
151
|
```
|
152
152
|
|
153
153
|
## Configuring actors
|
@@ -173,20 +173,20 @@ user = User.find_by_email "esther@example.com"
|
|
173
173
|
user.permisi # => instance of Actor
|
174
174
|
|
175
175
|
admin_role = Permisi.roles.find_by_slug(:admin)
|
176
|
-
admin_role.allows?
|
176
|
+
admin_role.allows?("books.delete") # == true
|
177
177
|
|
178
178
|
user.permisi.roles << admin_role
|
179
179
|
|
180
|
-
user.permisi.role?
|
181
|
-
user.permisi.has_role?
|
180
|
+
user.permisi.role?(:admin) # == true
|
181
|
+
user.permisi.has_role?(:admin) # == user.permisi.role? :admin
|
182
182
|
|
183
|
-
user.permisi.may_i?
|
184
|
-
user.permisi.may?
|
183
|
+
user.permisi.may_i?("books.delete") # == true
|
184
|
+
user.permisi.may?("books.delete") # == user.permisi.may_i? "books.delete"
|
185
185
|
|
186
186
|
user.permisi.roles.destroy(admin_role)
|
187
187
|
|
188
|
-
user.permisi.role?
|
189
|
-
user.permisi.may_i?
|
188
|
+
user.permisi.role?(:admin) # == false
|
189
|
+
user.permisi.may_i?("books.delete") # == false
|
190
190
|
```
|
191
191
|
|
192
192
|
## Caching
|
@@ -199,24 +199,24 @@ Although checking whether an actor has a role goes against a good RBAC practice,
|
|
199
199
|
|
200
200
|
```ruby
|
201
201
|
user = User.find_by_email "esther@example.com"
|
202
|
-
user.role?
|
203
|
-
user.role?
|
204
|
-
user.has_role?
|
202
|
+
user.permisi.role?(:admin) # eager loads roles
|
203
|
+
user.permisi.role?(:admin) # uses the eager-loaded roles
|
204
|
+
user.permisi.has_role?(:admin) # uses the eager-loaded roles
|
205
205
|
```
|
206
206
|
|
207
207
|
### Actor permissions memoization
|
208
208
|
|
209
209
|
To check whether or not an actor is allowed to perform a specific action (`#may_i?`), Permisi will check on the actor's permissions which is constructed in the following steps:
|
210
210
|
|
211
|
-
-
|
211
|
+
- load all the roles an actor have from the database
|
212
212
|
- initialize an empty aggregate hash
|
213
|
-
- for each
|
213
|
+
- for each role, merge its permissions hash to the aggregate hash
|
214
214
|
|
215
215
|
Deserializing the hashes from the database and deeply-merging them into an aggregate hash can be expensive, so it will only happen to an instance of actor only once through memoization.
|
216
216
|
|
217
217
|
### Actor permissions caching
|
218
218
|
|
219
|
-
Although memoization helps, the permission hash construction will still occur
|
219
|
+
Although memoization helps, the permission hash construction will still occur every time an actor is initialized. To alleviate this, we can introduce a caching layer so that we can skip the hash construction for fresh actors. You must configure a cache store to use caching:
|
220
220
|
|
221
221
|
```ruby
|
222
222
|
# config/initializers/permisi.rb
|
@@ -239,7 +239,7 @@ The following will trigger actor's permissions cache/memo invalidation:
|
|
239
239
|
|
240
240
|
- adding roles to the actor
|
241
241
|
- removing roles from the actor
|
242
|
-
- editing roles that belongs to
|
242
|
+
- editing roles that belongs to the actor
|
243
243
|
|
244
244
|
## Contributing
|
245
245
|
|
@@ -20,7 +20,7 @@ module Permisi
|
|
20
20
|
|
21
21
|
# Memoized and cached actor permissions
|
22
22
|
def permissions
|
23
|
-
@permissions ||= Permisi.config.cache_store.fetch(cache_key) { aggregate_permissions }
|
23
|
+
@permissions ||= Permisi.config.cache_store.fetch("#{cache_key}-p") { aggregate_permissions }
|
24
24
|
end
|
25
25
|
|
26
26
|
# Aggregate permissions from all roles an actor plays
|
data/lib/permisi/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: permisi
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ukaza Perdana
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-02-
|
11
|
+
date: 2021-02-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activemodel
|