permission_policy 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +5 -16
- data/lib/permission_policy/errors/reader_error.rb +13 -0
- data/lib/permission_policy/permission_reader.rb +46 -0
- data/lib/permission_policy/version.rb +1 -1
- data/lib/permission_policy.rb +2 -0
- data/spec/permission_policy/fixtures/permissions.yml +27 -0
- data/spec/permission_policy/permission_integration_spec.rb +52 -0
- data/spec/permission_policy/permission_reader_spec.rb +27 -0
- metadata +10 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6d2d704aebcb898411f640cda58737c5388bfb22
|
|
4
|
+
data.tar.gz: 26e0e5ac6d4651a91cf53e24595e60d2aa6c5bed
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 826d4dabf7338132e1c8ffbdeebe22ec5c44538664f851e8f78278d726fae1efb2dffcbc618d176aacf4e7b79d9aba98c751d87a8b2d40c5e823dccdfb6948e1
|
|
7
|
+
data.tar.gz: a88607bf6a5ca746102a6d892d329d83b2ceb25081ce106721aa5a5719e8b7434d5fdfeaf0e177aaad029b6de2a614c3c21e29742415353aae6cc7cfeb430cad
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -35,25 +35,13 @@ Or install it yourself as:
|
|
|
35
35
|
|
|
36
36
|
$ gem install permission_policy
|
|
37
37
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
You might want to configure which objects are needed for your permission handling.
|
|
38
|
+
# API
|
|
41
39
|
|
|
42
|
-
|
|
40
|
+
todo: describe each public method
|
|
43
41
|
|
|
44
|
-
|
|
45
|
-
PermissionPolicy.configure do |c|
|
|
46
|
-
# c.precondition_attributes = [:current_user] # => default
|
|
47
|
-
c.strategy_order = [
|
|
48
|
-
:SuperAdminStrategy,
|
|
49
|
-
:FeatureStrategy,
|
|
50
|
-
:RuleStrategy,
|
|
51
|
-
:UnknownStrategy
|
|
52
|
-
]
|
|
53
|
-
end
|
|
54
|
-
```
|
|
42
|
+
## Usage
|
|
55
43
|
|
|
56
|
-
You
|
|
44
|
+
You might want to configure which objects are needed for your permission handling.
|
|
57
45
|
|
|
58
46
|
```
|
|
59
47
|
|
|
@@ -61,6 +49,7 @@ You can also configure this inside your Application Controller
|
|
|
61
49
|
# ...
|
|
62
50
|
authorize_with :current_user
|
|
63
51
|
verify_authorization! => which will raise an NotVerified Exception if authorized! wasn't called
|
|
52
|
+
authorization_strategies :SuperAdminStrategy, :FeatureStrategy, :UnknownStrategy
|
|
64
53
|
# ...
|
|
65
54
|
end
|
|
66
55
|
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
require 'yaml'
|
|
2
|
+
require 'active_support/core_ext/hash'
|
|
3
|
+
|
|
4
|
+
module PermissionPolicy
|
|
5
|
+
class PermissionReader
|
|
6
|
+
attr_reader :file_path
|
|
7
|
+
|
|
8
|
+
def initialize(file_path)
|
|
9
|
+
@file_path = file_path
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def permissions
|
|
13
|
+
@permissions = to_hash[:permissions]
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def roles
|
|
17
|
+
@roles = to_hash[:roles]
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def to_hash
|
|
21
|
+
@raw ||= read_file.with_indifferent_access
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def features
|
|
25
|
+
permissions.keys
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def permitted?(feature, action, role)
|
|
29
|
+
ensure_definition!(feature, action, role)
|
|
30
|
+
|
|
31
|
+
permissions[feature][action].include? role
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
private
|
|
35
|
+
|
|
36
|
+
def ensure_definition!(feature, action, role)
|
|
37
|
+
raise PermissionPolicy::ReaderError, feature unless features.include? feature
|
|
38
|
+
raise PermissionPolicy::ReaderError, action unless permissions[feature].keys.include? action
|
|
39
|
+
raise PermissionPolicy::ReaderError, role unless roles.include? role
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
def read_file
|
|
43
|
+
YAML.load_file(file_path)
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
data/lib/permission_policy.rb
CHANGED
|
@@ -9,6 +9,8 @@ module PermissionPolicy
|
|
|
9
9
|
autoload :MissingPrecondition, 'permission_policy/errors/missing_precondition'
|
|
10
10
|
autoload :NotAllowed, 'permission_policy/errors/not_allowed'
|
|
11
11
|
autoload :NotVerified, 'permission_policy/errors/not_verified'
|
|
12
|
+
autoload :ReaderError, 'permission_policy/errors/reader_error'
|
|
13
|
+
autoload :PermissionReader, 'permission_policy/permission_reader'
|
|
12
14
|
|
|
13
15
|
module Strategies
|
|
14
16
|
autoload :BaseStrategy, 'permission_policy/strategies/base_strategy'
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
---
|
|
2
|
+
roles: &roles
|
|
3
|
+
- super_admin
|
|
4
|
+
- foo
|
|
5
|
+
- bar
|
|
6
|
+
- baz
|
|
7
|
+
|
|
8
|
+
permissions:
|
|
9
|
+
fancy_feature:
|
|
10
|
+
index:
|
|
11
|
+
- super_admin
|
|
12
|
+
- foo
|
|
13
|
+
show: *roles
|
|
14
|
+
create: *roles
|
|
15
|
+
update: *roles
|
|
16
|
+
delete:
|
|
17
|
+
- super_admin
|
|
18
|
+
user_management:
|
|
19
|
+
index:
|
|
20
|
+
- super_admin
|
|
21
|
+
show:
|
|
22
|
+
- baz
|
|
23
|
+
create:
|
|
24
|
+
update: *roles
|
|
25
|
+
delete:
|
|
26
|
+
- super_admin
|
|
27
|
+
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
require 'action_controller'
|
|
2
|
+
|
|
3
|
+
User = Struct.new(:role)
|
|
4
|
+
|
|
5
|
+
class PermissionTestController < ActionController::Metal
|
|
6
|
+
include AbstractController::Helpers
|
|
7
|
+
include AbstractController::Callbacks
|
|
8
|
+
include PermissionPolicy::ControllerAdditions::InstanceMethods
|
|
9
|
+
extend PermissionPolicy::ControllerAdditions::ClassMethods
|
|
10
|
+
|
|
11
|
+
authorize_with :user
|
|
12
|
+
verify_authorization!
|
|
13
|
+
authorization_strategies :FeatureStrategy, :UnknownStrategy
|
|
14
|
+
|
|
15
|
+
def user
|
|
16
|
+
User.new('foo')
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def index
|
|
20
|
+
authorize! :index, feature: :fancy_feature
|
|
21
|
+
'see me because allowed'
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def delete
|
|
25
|
+
authorize! :delete, feature: :fancy_feature
|
|
26
|
+
'you wont see me'
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
|
|
31
|
+
class FeatureStrategy < PermissionPolicy::Strategies::BaseStrategy
|
|
32
|
+
def match?
|
|
33
|
+
options[:feature]
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def allowed?
|
|
37
|
+
permissions.permitted? options[:feature].to_s, action.to_s, user.role
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def permissions
|
|
41
|
+
PermissionPolicy::PermissionReader.new(File.expand_path('../fixtures/permissions.yml', __FILE__))
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
module PermissionPolicy
|
|
46
|
+
RSpec.describe 'Integration' do
|
|
47
|
+
subject { PermissionTestController.new }
|
|
48
|
+
|
|
49
|
+
it { expect(subject.process_action :index).to eq("see me because allowed") }
|
|
50
|
+
it { expect { subject.process_action :delete }.to raise_error PermissionPolicy::NotAllowed }
|
|
51
|
+
end
|
|
52
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module PermissionPolicy
|
|
2
|
+
RSpec.describe PermissionReader do
|
|
3
|
+
let(:test_file) { File.expand_path('../fixtures/permissions.yml', __FILE__) }
|
|
4
|
+
subject { described_class.new(test_file) }
|
|
5
|
+
|
|
6
|
+
it { expect(subject.features).to eq(['fancy_feature', 'user_management']) }
|
|
7
|
+
it { expect(subject.roles).to eq(['super_admin', 'foo', 'bar', 'baz']) }
|
|
8
|
+
it { expect(subject.permitted?('fancy_feature', 'create', 'foo')).to eq(true)}
|
|
9
|
+
it { expect(subject.permitted?('fancy_feature', 'index', 'bar')).to eq(false)}
|
|
10
|
+
it { expect(subject.permitted?('fancy_feature', 'delete', 'foo')).to eq(false)}
|
|
11
|
+
|
|
12
|
+
it 'no such Feature' do
|
|
13
|
+
expect { subject.permitted?(:yay, 'nay', 'hey') }
|
|
14
|
+
.to raise_error(PermissionPolicy::ReaderError, 'yay not defined')
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it 'no such Action' do
|
|
18
|
+
expect { subject.permitted?('fancy_feature', :nay, 'hey') }
|
|
19
|
+
.to raise_error(PermissionPolicy::ReaderError, 'nay not defined')
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
it 'no such Role' do
|
|
23
|
+
expect { subject.permitted?('fancy_feature', 'index', 'hey')
|
|
24
|
+
}.to raise_error(PermissionPolicy::ReaderError, 'hey not defined')
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: permission_policy
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marco Schaden
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-02-
|
|
12
|
+
date: 2015-02-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
@@ -147,6 +147,8 @@ files:
|
|
|
147
147
|
- lib/permission_policy/errors/missing_precondition.rb
|
|
148
148
|
- lib/permission_policy/errors/not_allowed.rb
|
|
149
149
|
- lib/permission_policy/errors/not_verified.rb
|
|
150
|
+
- lib/permission_policy/errors/reader_error.rb
|
|
151
|
+
- lib/permission_policy/permission_reader.rb
|
|
150
152
|
- lib/permission_policy/railtie.rb
|
|
151
153
|
- lib/permission_policy/strategies/base_strategy.rb
|
|
152
154
|
- lib/permission_policy/strategies/unknown_strategy.rb
|
|
@@ -155,6 +157,9 @@ files:
|
|
|
155
157
|
- spec/permission_policy/authorization_spec.rb
|
|
156
158
|
- spec/permission_policy/configuration_spec.rb
|
|
157
159
|
- spec/permission_policy/controller_additions_spec.rb
|
|
160
|
+
- spec/permission_policy/fixtures/permissions.yml
|
|
161
|
+
- spec/permission_policy/permission_integration_spec.rb
|
|
162
|
+
- spec/permission_policy/permission_reader_spec.rb
|
|
158
163
|
- spec/permission_policy/strategies/base_strategy_spec.rb
|
|
159
164
|
- spec/spec_helper.rb
|
|
160
165
|
homepage: ''
|
|
@@ -185,5 +190,8 @@ test_files:
|
|
|
185
190
|
- spec/permission_policy/authorization_spec.rb
|
|
186
191
|
- spec/permission_policy/configuration_spec.rb
|
|
187
192
|
- spec/permission_policy/controller_additions_spec.rb
|
|
193
|
+
- spec/permission_policy/fixtures/permissions.yml
|
|
194
|
+
- spec/permission_policy/permission_integration_spec.rb
|
|
195
|
+
- spec/permission_policy/permission_reader_spec.rb
|
|
188
196
|
- spec/permission_policy/strategies/base_strategy_spec.rb
|
|
189
197
|
- spec/spec_helper.rb
|