proxes 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.codeclimate.yml +24 -0
- data/.gitignore +13 -0
- data/.rspec +2 -0
- data/.rubocop.yml +12 -0
- data/.ruby-version +1 -0
- data/.travis.yml +18 -0
- data/Gemfile +4 -0
- data/Gemfile.ci +15 -0
- data/Gemfile.dev +10 -0
- data/Gemfile.dev.lock +155 -0
- data/LICENSE.txt +8 -0
- data/README.md +83 -0
- data/Rakefile +9 -0
- data/Vagrantfile +46 -0
- data/bin/console +15 -0
- data/bin/setup +8 -0
- data/config.ru +64 -0
- data/config/logger.yml +3 -0
- data/gulpfile.js +80 -0
- data/lib/proxes.rb +3 -0
- data/lib/proxes/app.rb +48 -0
- data/lib/proxes/controllers/application.rb +53 -0
- data/lib/proxes/controllers/audit_logs.rb +34 -0
- data/lib/proxes/controllers/auth_identity.rb +21 -0
- data/lib/proxes/controllers/component.rb +108 -0
- data/lib/proxes/controllers/permissions.rb +10 -0
- data/lib/proxes/controllers/roles.rb +10 -0
- data/lib/proxes/controllers/users.rb +119 -0
- data/lib/proxes/db.rb +17 -0
- data/lib/proxes/helpers/authentication.rb +45 -0
- data/lib/proxes/helpers/component.rb +40 -0
- data/lib/proxes/helpers/indices.rb +16 -0
- data/lib/proxes/helpers/pundit.rb +39 -0
- data/lib/proxes/helpers/views.rb +41 -0
- data/lib/proxes/loggers/elasticsearch.rb +9 -0
- data/lib/proxes/models/audit_log.rb +12 -0
- data/lib/proxes/models/identity.rb +67 -0
- data/lib/proxes/models/permission.rb +17 -0
- data/lib/proxes/models/role.rb +14 -0
- data/lib/proxes/models/user.rb +57 -0
- data/lib/proxes/policies/application_policy.rb +20 -0
- data/lib/proxes/policies/audit_log_policy.rb +40 -0
- data/lib/proxes/policies/identity_policy.rb +24 -0
- data/lib/proxes/policies/permission_policy.rb +40 -0
- data/lib/proxes/policies/request/root_policy.rb +12 -0
- data/lib/proxes/policies/request/search_policy.rb +15 -0
- data/lib/proxes/policies/request/snapshot_policy.rb +12 -0
- data/lib/proxes/policies/request/stats_policy.rb +15 -0
- data/lib/proxes/policies/request_policy.rb +69 -0
- data/lib/proxes/policies/role_policy.rb +40 -0
- data/lib/proxes/policies/token_policy.rb +46 -0
- data/lib/proxes/policies/user_policy.rb +46 -0
- data/lib/proxes/rake_tasks.rb +59 -0
- data/lib/proxes/request.rb +51 -0
- data/lib/proxes/request/root.rb +10 -0
- data/lib/proxes/request/search.rb +37 -0
- data/lib/proxes/request/snapshot.rb +16 -0
- data/lib/proxes/request/stats.rb +30 -0
- data/lib/proxes/security.rb +59 -0
- data/lib/proxes/seed.rb +10 -0
- data/lib/proxes/services/logger.rb +50 -0
- data/lib/proxes/version.rb +4 -0
- data/migrate/001_tables.rb +47 -0
- data/migrate/002_audit_log.rb +11 -0
- data/package.json +34 -0
- data/proxes.gemspec +44 -0
- data/public/js/bundle.js +28988 -0
- data/src/scripts/app.js +10 -0
- data/views/404.haml +1 -0
- data/views/audit_logs/index.haml +18 -0
- data/views/error.haml +4 -0
- data/views/getting_started.haml +16 -0
- data/views/identity/login.haml +19 -0
- data/views/identity/register.haml +17 -0
- data/views/index.haml +3 -0
- data/views/layout.haml +48 -0
- data/views/partials/delete_form.haml +4 -0
- data/views/partials/form_control.haml +21 -0
- data/views/partials/navbar.haml +25 -0
- data/views/partials/notifications.haml +24 -0
- data/views/partials/pager.haml +19 -0
- data/views/partials/sidebar.haml +32 -0
- data/views/permissions/display.haml +24 -0
- data/views/permissions/edit.haml +11 -0
- data/views/permissions/form.haml +3 -0
- data/views/permissions/index.haml +14 -0
- data/views/permissions/new.haml +10 -0
- data/views/roles/display.haml +33 -0
- data/views/roles/edit.haml +11 -0
- data/views/roles/form.haml +1 -0
- data/views/roles/index.haml +17 -0
- data/views/roles/new.haml +10 -0
- data/views/users/display.haml +32 -0
- data/views/users/edit.haml +11 -0
- data/views/users/identity.haml +3 -0
- data/views/users/index.haml +20 -0
- data/views/users/new.haml +11 -0
- data/views/users/profile.haml +37 -0
- data/views/users/user.haml +3 -0
- metadata +424 -0
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'sequel'
|
|
3
|
+
require 'bcrypt'
|
|
4
|
+
require 'digest/md5'
|
|
5
|
+
require 'active_support'
|
|
6
|
+
require 'active_support/core_ext/object/blank'
|
|
7
|
+
|
|
8
|
+
# Why not store this in Elasticsearch?
|
|
9
|
+
module ProxES
|
|
10
|
+
class User < Sequel::Model
|
|
11
|
+
one_to_many :identity
|
|
12
|
+
many_to_many :roles
|
|
13
|
+
one_to_many :audit_logs
|
|
14
|
+
|
|
15
|
+
def role?(check)
|
|
16
|
+
!roles_dataset.first(name: check).nil?
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def method_missing(method_sym, *arguments, &block)
|
|
20
|
+
if method_sym.to_s[-1] == '?'
|
|
21
|
+
role?(method_sym[0..-2])
|
|
22
|
+
else
|
|
23
|
+
super
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def respond_to_missing?(name, _include_private = false)
|
|
28
|
+
name[-1] == '?'
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def gravatar
|
|
32
|
+
hash = Digest::MD5.hexdigest(email.downcase)
|
|
33
|
+
"https://www.gravatar.com/avatar/#{hash}"
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def validate
|
|
37
|
+
validates_presence :email
|
|
38
|
+
return if email.blank?
|
|
39
|
+
validates_unique :email
|
|
40
|
+
validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :email)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Add the basic roles and identity
|
|
44
|
+
def after_create
|
|
45
|
+
check_roles
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def check_roles
|
|
49
|
+
add_role Role.find_or_create(name: 'user') unless role?('user')
|
|
50
|
+
add_role Role.find_or_create(name: 'super_admin') if id == 1 && ENV['RACK_ENV'] != 'test' && !role?('super_admin')
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def index_prefix
|
|
54
|
+
email
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module ProxES
|
|
3
|
+
class ApplicationPolicy
|
|
4
|
+
attr_reader :user, :record
|
|
5
|
+
|
|
6
|
+
def initialize(user, record)
|
|
7
|
+
@user = user
|
|
8
|
+
@record = record
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
class Scope
|
|
12
|
+
attr_reader :user, :scope
|
|
13
|
+
|
|
14
|
+
def initialize(user, scope)
|
|
15
|
+
@user = user
|
|
16
|
+
@scope = scope
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class AuditLogPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
create?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def permitted_attributes
|
|
27
|
+
[:action]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
class Scope < ApplicationPolicy::Scope
|
|
31
|
+
def resolve
|
|
32
|
+
if user && user.super_admin?
|
|
33
|
+
scope
|
|
34
|
+
else
|
|
35
|
+
scope.where(id: -1)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require_relative 'application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class IdentityPolicy < ApplicationPolicy
|
|
6
|
+
def register?
|
|
7
|
+
true
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def permitted_attributes
|
|
11
|
+
[:username, :password, :password_confirmation]
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
class Scope < ApplicationPolicy::Scope
|
|
15
|
+
def resolve
|
|
16
|
+
if user.super_admin?
|
|
17
|
+
scope.all
|
|
18
|
+
else
|
|
19
|
+
[]
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class PermissionPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
create?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def permitted_attributes
|
|
27
|
+
[:verb, :pattern, :role_id]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
class Scope < ApplicationPolicy::Scope
|
|
31
|
+
def resolve
|
|
32
|
+
if user && user.super_admin?
|
|
33
|
+
scope
|
|
34
|
+
else
|
|
35
|
+
scope.where(id: -1)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module ProxES
|
|
3
|
+
class Request
|
|
4
|
+
class SearchPolicy < ProxES::RequestPolicy
|
|
5
|
+
class Scope < ProxES::RequestPolicy::Scope
|
|
6
|
+
def resolve
|
|
7
|
+
patterns = ProxES::Permission.where(verb: 'INDEX', role: user.roles).map do |permission|
|
|
8
|
+
permission.pattern.gsub(/\{user.(.*)\}/) { |match| user.send(Regexp.last_match[1].to_sym) }
|
|
9
|
+
end
|
|
10
|
+
filter scope.index, patterns
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
module ProxES
|
|
3
|
+
class Request
|
|
4
|
+
class StatsPolicy < ProxES::RequestPolicy
|
|
5
|
+
class Scope < ProxES::RequestPolicy::Scope
|
|
6
|
+
def resolve
|
|
7
|
+
patterns = ProxES::Permission.where(verb: 'INDEX', role: user.roles).map do |permission|
|
|
8
|
+
permission.pattern.gsub(/\{user.(.*)\}/) { |match| user.send(Regexp.last_match[1].to_sym) }
|
|
9
|
+
end
|
|
10
|
+
filter scope.index, patterns
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/db'
|
|
3
|
+
require 'proxes/models/permission'
|
|
4
|
+
require 'proxes/services/logger'
|
|
5
|
+
require 'proxes/helpers/indices'
|
|
6
|
+
|
|
7
|
+
module ProxES
|
|
8
|
+
class RequestPolicy
|
|
9
|
+
include Helpers::Indices
|
|
10
|
+
|
|
11
|
+
attr_reader :user, :record
|
|
12
|
+
|
|
13
|
+
def initialize(user, record)
|
|
14
|
+
@user = user
|
|
15
|
+
@record = record
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def method_missing(method_sym, *arguments, &block)
|
|
19
|
+
if method_sym.to_s[-1] == '?'
|
|
20
|
+
return false if user.nil?
|
|
21
|
+
require 'pry'
|
|
22
|
+
# binding.pry
|
|
23
|
+
|
|
24
|
+
if record.indices?
|
|
25
|
+
patterns = ProxES::Permission.where(verb: 'INDEX', role: user.roles).map do |permission|
|
|
26
|
+
permission.pattern.gsub(/\{user.(.*)\}/) { |match| user.send(Regexp.last_match[1].to_sym) }
|
|
27
|
+
end
|
|
28
|
+
return filter(record.index, patterns).count.positive?
|
|
29
|
+
else
|
|
30
|
+
# Give me all the user's permissions that match the verb
|
|
31
|
+
ProxES::Permission.where(verb: method_sym[0..-2].upcase, role: user.roles).each do |permission|
|
|
32
|
+
return true if record.path =~ %r{#{permission.pattern}}
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
false
|
|
36
|
+
else
|
|
37
|
+
super
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
def respond_to_missing?(name, _include_private = false)
|
|
42
|
+
name[-1] == '?'
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
def logger
|
|
46
|
+
@logger ||= ProxES::Services::Logger.instance
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
class Scope
|
|
50
|
+
include Helpers::Indices
|
|
51
|
+
|
|
52
|
+
attr_reader :user, :scope
|
|
53
|
+
|
|
54
|
+
def initialize(user, scope)
|
|
55
|
+
@user = user
|
|
56
|
+
@scope = scope
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def logger
|
|
60
|
+
@logger ||= ProxES::Services::Logger.instance
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
require 'proxes/policies/request/root_policy'
|
|
67
|
+
require 'proxes/policies/request/stats_policy'
|
|
68
|
+
require 'proxes/policies/request/search_policy'
|
|
69
|
+
require 'proxes/policies/request/snapshot_policy'
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class RolePolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
create?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def permitted_attributes
|
|
27
|
+
[:name]
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
class Scope < ApplicationPolicy::Scope
|
|
31
|
+
def resolve
|
|
32
|
+
if user && user.super_admin?
|
|
33
|
+
scope
|
|
34
|
+
else
|
|
35
|
+
scope.where(id: -1)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require_relative 'application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class TokenPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
record.id == user.id || user.super_admin?
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def register?
|
|
27
|
+
true
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def permitted_attributes
|
|
31
|
+
attribs = [:email, :name, :surname]
|
|
32
|
+
attribs << :role if user.super_admin?
|
|
33
|
+
attribs
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
class Scope < ApplicationPolicy::Scope
|
|
37
|
+
def resolve
|
|
38
|
+
if user.super_admin?
|
|
39
|
+
scope.all
|
|
40
|
+
else
|
|
41
|
+
[]
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
require 'proxes/policies/application_policy'
|
|
3
|
+
|
|
4
|
+
module ProxES
|
|
5
|
+
class UserPolicy < ApplicationPolicy
|
|
6
|
+
def create?
|
|
7
|
+
user && user.super_admin?
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def list?
|
|
11
|
+
create?
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def read?
|
|
15
|
+
user && (record.id == user.id || user.super_admin?)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def update?
|
|
19
|
+
read?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def delete?
|
|
23
|
+
create?
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def register?
|
|
27
|
+
true
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def permitted_attributes
|
|
31
|
+
attribs = [:email, :name, :surname]
|
|
32
|
+
attribs << :role_id if user.super_admin?
|
|
33
|
+
attribs
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
class Scope < ApplicationPolicy::Scope
|
|
37
|
+
def resolve
|
|
38
|
+
if user && user.super_admin?
|
|
39
|
+
scope
|
|
40
|
+
else
|
|
41
|
+
scope.where(id: -1)
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|