picky_guard 0.1.3 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/Gemfile.lock +1 -1
- data/README.md +10 -0
- data/lib/generators/picky_guard/templates/ability.rb +1 -0
- data/lib/picky_guard/loader.rb +22 -7
- data/lib/picky_guard/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 05770d49279b304879e3c1b03fa2fee62dd6dcb4
|
|
4
|
+
data.tar.gz: c42d2fa5d6c4f032107b78bdfa606373daf46881
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 445dde3b61dfa42968a1a0a1b18a9e67acbe0bb306dd2e7c36b19a75f1ac6190ed175e9d08c9e535a24487a35b2fb666fd438bb4d6596b0e5775cde2ad0966d4
|
|
7
|
+
data.tar.gz: 50b0aac7c2b3e5a3d4a159dd220ced3742175c49fb1486125af83c4b68956a938bb48cfe33f50b2c90e8e75646abec2ed50d3e4b1d7f9a062dc9ce6bafd862cc
|
data/CHANGELOG.md
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -282,6 +282,16 @@ Ability.new(user, Campaign).can? :read, Campaign.first
|
|
|
282
282
|
|
|
283
283
|
This will load only relevant policies.
|
|
284
284
|
|
|
285
|
+
## Troubleshooting
|
|
286
|
+
|
|
287
|
+
### If your application has problems with loading classes,
|
|
288
|
+
|
|
289
|
+
put the following code into your `application.rb`:
|
|
290
|
+
```
|
|
291
|
+
config.autoload_paths += %W[#{config.root}/app/picky_guard]
|
|
292
|
+
config.autoload_paths += %W[#{config.root}/app/picky_guard/policies]
|
|
293
|
+
```
|
|
294
|
+
|
|
285
295
|
## Development
|
|
286
296
|
|
|
287
297
|
After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
data/lib/picky_guard/loader.rb
CHANGED
|
@@ -8,6 +8,7 @@ module PickyGuard
|
|
|
8
8
|
|
|
9
9
|
def initialize(_user, *resources_whitelist)
|
|
10
10
|
@resources_whitelist = resources_whitelist
|
|
11
|
+
@statement_policy_map = {}
|
|
11
12
|
end
|
|
12
13
|
|
|
13
14
|
def adjust(user, user_role_checker_class, resource_actions_class, role_policies_class)
|
|
@@ -53,12 +54,18 @@ module PickyGuard
|
|
|
53
54
|
|
|
54
55
|
def eval_conditions_if_needed(statement)
|
|
55
56
|
if statement.conditions.is_a? Proc
|
|
56
|
-
statement
|
|
57
|
+
eval_statement_conditions(statement)
|
|
57
58
|
else
|
|
58
59
|
statement.conditions
|
|
59
60
|
end
|
|
60
61
|
end
|
|
61
62
|
|
|
63
|
+
def eval_statement_conditions(statement)
|
|
64
|
+
policy = @statement_policy_map[statement]
|
|
65
|
+
proc = statement.conditions
|
|
66
|
+
policy.instance_eval(&proc)
|
|
67
|
+
end
|
|
68
|
+
|
|
62
69
|
def positive?(effect)
|
|
63
70
|
effect == Statement::EFFECT_ALLOW
|
|
64
71
|
end
|
|
@@ -71,18 +78,26 @@ module PickyGuard
|
|
|
71
78
|
end
|
|
72
79
|
|
|
73
80
|
def gather_statements(user, policies, resource_actions)
|
|
74
|
-
policies.map
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
81
|
+
actual_policy_instances(policies, user).map do |policy|
|
|
82
|
+
statements = policy.statements(@resources_whitelist)
|
|
83
|
+
validate_statements!(resource_actions, statements)
|
|
84
|
+
map_policy_statements(policy, statements)
|
|
85
|
+
end.flatten
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def actual_policy_instances(policy_classes, user)
|
|
89
|
+
policy_classes.map { |policy_class| policy_class.new(user) }
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
def map_policy_statements(policy, statements)
|
|
93
|
+
statements.each { |statement| @statement_policy_map[statement] = policy }
|
|
94
|
+
statements
|
|
79
95
|
end
|
|
80
96
|
|
|
81
97
|
def validate_statements!(resource_actions, statements)
|
|
82
98
|
statements.each do |statement|
|
|
83
99
|
validate_statement!(resource_actions, statement)
|
|
84
100
|
end
|
|
85
|
-
statements
|
|
86
101
|
end
|
|
87
102
|
|
|
88
103
|
def validate_statement!(resource_actions, statement)
|
data/lib/picky_guard/version.rb
CHANGED