picky_guard 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +5 -0
- data/Gemfile.lock +18 -2
- data/LICENSE.txt +21 -0
- data/README.md +14 -6
- data/lib/generators/picky_guard/install_generator.rb +1 -3
- data/lib/generators/picky_guard/policy_generator.rb +2 -2
- data/lib/picky_guard/loader.rb +9 -1
- data/lib/picky_guard/policy.rb +5 -10
- data/lib/picky_guard/resource_actions.rb +1 -1
- data/lib/picky_guard/role_policies.rb +1 -1
- data/lib/picky_guard/statement_proxy.rb +2 -0
- data/lib/picky_guard/user_role_checker.rb +1 -1
- data/lib/picky_guard/version.rb +1 -1
- data/picky_guard.gemspec +2 -1
- metadata +18 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 85e21fc9a0ae52614b7d70dbebb39ab9019f3f11
|
4
|
+
data.tar.gz: 3e38e07bda2744f1e375211f58f116e1aa90260f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6aae898c5bc7ad35b4df8f927015c0501ca7ad7944d137564f41dc357473fe555496f14b604fc8316522ff271bb65eb51773306e58be62997052b72bb87eb79c
|
7
|
+
data.tar.gz: 99a83a8bab4bb4f568011a70a406564441c3b3338b74640e4142826f51a0de08b619da4b46da7e5ee47c5a3de3845234db9242fdb42ff40b6507428de781ec4d
|
data/.travis.yml
ADDED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
picky_guard (0.1.
|
4
|
+
picky_guard (0.1.3)
|
5
5
|
activerecord (>= 4.2)
|
6
6
|
cancancan (>= 2.0)
|
7
7
|
|
@@ -20,12 +20,18 @@ GEM
|
|
20
20
|
minitest (~> 5.1)
|
21
21
|
tzinfo (~> 1.1)
|
22
22
|
arel (9.0.0)
|
23
|
+
ast (2.4.0)
|
23
24
|
cancancan (2.2.0)
|
24
25
|
concurrent-ruby (1.0.5)
|
25
26
|
diff-lcs (1.3)
|
26
|
-
i18n (1.0.
|
27
|
+
i18n (1.0.1)
|
27
28
|
concurrent-ruby (~> 1.0)
|
28
29
|
minitest (5.11.3)
|
30
|
+
parallel (1.12.1)
|
31
|
+
parser (2.5.1.0)
|
32
|
+
ast (~> 2.4.0)
|
33
|
+
powerpack (0.1.1)
|
34
|
+
rainbow (3.0.0)
|
29
35
|
rake (10.5.0)
|
30
36
|
rspec (3.7.0)
|
31
37
|
rspec-core (~> 3.7.0)
|
@@ -40,10 +46,19 @@ GEM
|
|
40
46
|
diff-lcs (>= 1.2.0, < 2.0)
|
41
47
|
rspec-support (~> 3.7.0)
|
42
48
|
rspec-support (3.7.1)
|
49
|
+
rubocop (0.55.0)
|
50
|
+
parallel (~> 1.10)
|
51
|
+
parser (>= 2.5)
|
52
|
+
powerpack (~> 0.1)
|
53
|
+
rainbow (>= 2.2.2, < 4.0)
|
54
|
+
ruby-progressbar (~> 1.7)
|
55
|
+
unicode-display_width (~> 1.0, >= 1.0.1)
|
56
|
+
ruby-progressbar (1.9.0)
|
43
57
|
sqlite3 (1.3.13)
|
44
58
|
thread_safe (0.3.6)
|
45
59
|
tzinfo (1.2.5)
|
46
60
|
thread_safe (~> 0.1)
|
61
|
+
unicode-display_width (1.3.2)
|
47
62
|
|
48
63
|
PLATFORMS
|
49
64
|
ruby
|
@@ -53,6 +68,7 @@ DEPENDENCIES
|
|
53
68
|
picky_guard!
|
54
69
|
rake (~> 10.0)
|
55
70
|
rspec (~> 3.2)
|
71
|
+
rubocop (~> 0.55.0)
|
56
72
|
sqlite3 (~> 1.3.13)
|
57
73
|
|
58
74
|
BUNDLED WITH
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2018 Paul Lee
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
[![Gem Version](https://badge.fury.io/rb/picky_guard.svg)](https://badge.fury.io/rb/picky_guard)
|
2
|
+
[![Build Status](https://travis-ci.org/eunjae-lee/picky_guard.svg?branch=master)](https://travis-ci.org/eunjae-lee/picky_guard)
|
3
|
+
|
1
4
|
# PickyGuard
|
2
5
|
|
3
6
|
PickyGuard is an opinionated authorization library which wraps [CanCanCan](https://github.com/CanCanCommunity/cancancan).
|
@@ -100,7 +103,7 @@ The generated file is like this:
|
|
100
103
|
```ruby
|
101
104
|
class ResourceActions < PickyGuard::ResourceActions
|
102
105
|
def initialize
|
103
|
-
map
|
106
|
+
map Report, [:create, :read, :update, :delete]
|
104
107
|
end
|
105
108
|
end
|
106
109
|
```
|
@@ -116,13 +119,18 @@ The generated file is like this:
|
|
116
119
|
```ruby
|
117
120
|
class RolePolicies < PickyGuard::RolePolicies
|
118
121
|
def initialize
|
119
|
-
map
|
120
|
-
# map
|
122
|
+
map :report_manager, [ManageAllReports]
|
123
|
+
# map :report_reader, [AnotherPolicy]
|
121
124
|
end
|
122
125
|
end
|
123
126
|
```
|
124
127
|
|
125
|
-
This class defines which role has which policies.
|
128
|
+
This class defines which role has which policies. The method `map` takes two parameters.
|
129
|
+
|
130
|
+
1. `role` : It can be a string or a symbol
|
131
|
+
2. `policies` : An array of policies
|
132
|
+
|
133
|
+
From the example code above, we could assume there is a role named `:report_manager` and it has one policy named `ManageAllReports`.
|
126
134
|
|
127
135
|
Then how do we define policy?
|
128
136
|
|
@@ -146,14 +154,14 @@ $ rails generate picky_guard:policy reports/manage_all_reports
|
|
146
154
|
|
147
155
|
Then it will generate `app/picky_guard/policies/reports/manage_all_reports.rb`.
|
148
156
|
|
149
|
-
|
157
|
+
Here is a sample of policy.
|
150
158
|
|
151
159
|
```ruby
|
152
160
|
class ManageAllReports < PickyGuard::Policy
|
153
161
|
def initialize(current_user)
|
154
162
|
statement_for Campaign do
|
155
163
|
allow
|
156
|
-
actions [:
|
164
|
+
actions [:read]
|
157
165
|
conditions({})
|
158
166
|
end
|
159
167
|
|
@@ -3,16 +3,14 @@
|
|
3
3
|
module PickyGuard
|
4
4
|
module Generators
|
5
5
|
class InstallGenerator < Rails::Generators::Base
|
6
|
-
source_root File.expand_path('
|
6
|
+
source_root File.expand_path('templates', __dir__)
|
7
7
|
|
8
|
-
# rubocop:disable Metrics/LineLength
|
9
8
|
def generate_install
|
10
9
|
copy_file 'ability.rb', 'app/models/ability.rb'
|
11
10
|
copy_file 'role_policies.rb', 'app/picky_guard/role_policies.rb'
|
12
11
|
copy_file 'resource_actions.rb', 'app/picky_guard/resource_actions.rb'
|
13
12
|
copy_file 'user_role_checker.rb', 'app/picky_guard/user_role_checker.rb'
|
14
13
|
end
|
15
|
-
# rubocop:enable Metrics/LineLength
|
16
14
|
end
|
17
15
|
end
|
18
16
|
end
|
@@ -3,7 +3,7 @@
|
|
3
3
|
module PickyGuard
|
4
4
|
module Generators
|
5
5
|
class PolicyGenerator < Rails::Generators::NamedBase
|
6
|
-
source_root File.expand_path('
|
6
|
+
source_root File.expand_path('templates', __dir__)
|
7
7
|
|
8
8
|
desc 'Generates a policy with the given NAME'
|
9
9
|
|
@@ -21,7 +21,7 @@ module PickyGuard
|
|
21
21
|
def content(name)
|
22
22
|
class_name = class_name(name)
|
23
23
|
puts "class_name : #{class_name}"
|
24
|
-
path = File.join(File.expand_path('
|
24
|
+
path = File.join(File.expand_path('templates', __dir__), 'policy.rb.erb')
|
25
25
|
ERB.new(File.read(path)).result binding
|
26
26
|
end
|
27
27
|
|
data/lib/picky_guard/loader.rb
CHANGED
@@ -6,7 +6,7 @@ module PickyGuard
|
|
6
6
|
class Loader
|
7
7
|
include CanCan::Ability
|
8
8
|
|
9
|
-
def initialize(
|
9
|
+
def initialize(_user, *resources_whitelist)
|
10
10
|
@resources_whitelist = resources_whitelist
|
11
11
|
end
|
12
12
|
|
@@ -17,6 +17,14 @@ module PickyGuard
|
|
17
17
|
adjust_statements(statements)
|
18
18
|
end
|
19
19
|
|
20
|
+
def can(_action = nil, _subject = nil, _conditions = nil, &_block)
|
21
|
+
raise 'You cannot use `can` method directly with PickyGuard.'
|
22
|
+
end
|
23
|
+
|
24
|
+
def cannot(_action = nil, _subject = nil, _conditions = nil, &_block)
|
25
|
+
raise 'You cannot use `cannot` method directly with PickyGuard.'
|
26
|
+
end
|
27
|
+
|
20
28
|
private
|
21
29
|
|
22
30
|
def validate_parameters(user_role_checker_class, resource_actions_class, role_policies_class)
|
data/lib/picky_guard/policy.rb
CHANGED
@@ -10,7 +10,9 @@ module PickyGuard
|
|
10
10
|
end
|
11
11
|
|
12
12
|
def statements(resource_whitelist)
|
13
|
-
|
13
|
+
filtered_array(resource_whitelist).map do |_resource, statement|
|
14
|
+
Validator.validate_statement!(statement)
|
15
|
+
end
|
14
16
|
end
|
15
17
|
|
16
18
|
def statement_for(resource, &statement_definition)
|
@@ -23,23 +25,16 @@ module PickyGuard
|
|
23
25
|
|
24
26
|
def register(resource, statement)
|
25
27
|
safe_array << [resource, statement]
|
26
|
-
@cached_statements = nil
|
27
|
-
end
|
28
|
-
|
29
|
-
def gather_statements(resource_whitelist)
|
30
|
-
filtered_array(resource_whitelist).map do |_resource, statement|
|
31
|
-
Validator.validate_statement!(statement)
|
32
|
-
end
|
33
28
|
end
|
34
29
|
|
35
30
|
def filtered_array(resource_whitelist)
|
36
|
-
return safe_array if resource_whitelist.empty?
|
31
|
+
return safe_array if resource_whitelist.nil? || resource_whitelist.empty?
|
37
32
|
|
38
33
|
safe_array.select { |item| resource_whitelist.include? item[0] }
|
39
34
|
end
|
40
35
|
|
41
36
|
def safe_array
|
42
|
-
(@
|
37
|
+
(@safe_array ||= [])
|
43
38
|
end
|
44
39
|
end
|
45
40
|
end
|
@@ -18,6 +18,7 @@ module PickyGuard
|
|
18
18
|
@effect = PickyGuard::Statement::EFFECT_DENY
|
19
19
|
end
|
20
20
|
|
21
|
+
# rubocop:disable Style/TrivialAccessors
|
21
22
|
def actions(actions)
|
22
23
|
@actions = actions
|
23
24
|
end
|
@@ -25,6 +26,7 @@ module PickyGuard
|
|
25
26
|
def conditions(conditions)
|
26
27
|
@conditions = conditions
|
27
28
|
end
|
29
|
+
# rubocop:enable Style/TrivialAccessors
|
28
30
|
|
29
31
|
def instance_resource
|
30
32
|
@resource_type = PickyGuard::Statement::RESOURCE_TYPE_INSTANCE
|
data/lib/picky_guard/version.rb
CHANGED
data/picky_guard.gemspec
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
lib = File.expand_path('
|
3
|
+
lib = File.expand_path('lib', __dir__)
|
4
4
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
5
|
require 'picky_guard/version'
|
6
6
|
|
@@ -27,5 +27,6 @@ Gem::Specification.new do |spec|
|
|
27
27
|
spec.add_development_dependency 'bundler', '~> 1.16'
|
28
28
|
spec.add_development_dependency 'rake', '~> 10.0'
|
29
29
|
spec.add_development_dependency 'rspec', '~> 3.2'
|
30
|
+
spec.add_development_dependency 'rubocop', '~> 0.55.0'
|
30
31
|
spec.add_development_dependency 'sqlite3', '~> 1.3.13'
|
31
32
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: picky_guard
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Eunjae Lee
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-06-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activerecord
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '3.2'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rubocop
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 0.55.0
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 0.55.0
|
83
97
|
- !ruby/object:Gem::Dependency
|
84
98
|
name: sqlite3
|
85
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -105,9 +119,11 @@ files:
|
|
105
119
|
- ".rspec"
|
106
120
|
- ".rubocop.yml"
|
107
121
|
- ".ruby-version"
|
122
|
+
- ".travis.yml"
|
108
123
|
- CHANGELOG.md
|
109
124
|
- Gemfile
|
110
125
|
- Gemfile.lock
|
126
|
+
- LICENSE.txt
|
111
127
|
- README.md
|
112
128
|
- Rakefile
|
113
129
|
- bin/console
|