pundit-resources 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 84095ef1d7eddc023bc1c00e4501b4068e86386e
4
- data.tar.gz: 557410b3f7c007a2905702fb2a9c4d5c15331e16
3
+ metadata.gz: 83ed65ad31c7f9d50aa2bc1fa4f7a1682f999b62
4
+ data.tar.gz: 800f0caa6caf805f4245718f6e0b1ccec494ba42
5
5
  SHA512:
6
- metadata.gz: e4ba2f3c7e00b6cc852858920804acd20ec77bdc3a23a772412ec05c2077c4d9926e64e49ad41b6f8fa4858e0c5f5465fa355fcbe4ccf8c02772783122c99083
7
- data.tar.gz: 8c37cec27ae036fb6de09bda7ed756d5e1ea27eb58cc2f67c0dd84303b463507393d6da399bd2978bd8f6f195d39b4425a1e8a454de1f54d5442310a6fdc1743
6
+ metadata.gz: 5294401c2ed0c81a816c00b878f81a74af6875348645a4810b4c4acfed810ca29d726a548e33c6e049efdc95f0a34e3717d8b3cb73aa831ccc36f86ba2e951d1
7
+ data.tar.gz: 51a8ddcf155a373252a159ef3694a982bd8fb4e47a920b212dfd1f436a8ba892f815b8e226f2f1454d8cd0a7b0748e6e8c635594c0d3bad9e521d700439e0e73
data/.gitignore CHANGED
@@ -16,3 +16,4 @@ spec/dummy/log/*.log
16
16
  spec/dummy/tmp/
17
17
  !spec/dummy/tmp/.keep
18
18
  spec/examples.txt
19
+ /gemfiles/*.gemfile.lock
data/.rspec CHANGED
@@ -1,3 +1,2 @@
1
- --format documentation
2
1
  --require spec_helper
3
2
  --color
@@ -0,0 +1,7 @@
1
+ appraise "rails-4" do
2
+ gem "rails", "~> 4.2"
3
+ end
4
+
5
+ appraise "rails-5" do
6
+ gem "rails", "~> 5.0"
7
+ end
data/Gemfile CHANGED
@@ -1,5 +1,7 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
+ gem 'appraisal'
4
+
3
5
  # Dependencies for dummy application
4
6
  gem 'sqlite3'
5
7
  gem 'jsonapi-resources', github: 'cerebris/jsonapi-resources'
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Pundit::Resources
2
2
 
3
- Pundit::Resources is a gem that makes [JSONAPI::Resources](jsonapi-resources) use [Pundit][pundit] authorization.
3
+ Pundit::Resources is a gem that makes [JSONAPI::Resources][jsonapi-resources] use [Pundit][pundit] authorization.
4
4
 
5
5
  ## Installation
6
6
 
@@ -29,6 +29,8 @@ Include `Pundit::ResourceController` in the resource controllers that should use
29
29
  You also need to define a `current_user` method on the controller.
30
30
  The result of this method will be passed as the user parameter to the Pundit policies.
31
31
 
32
+ `Pundit::ResourceController` will raise an exception if authorization is not performed on any action, so you don't have to worry about anything slipping through the cracks.
33
+
32
34
  ```ruby
33
35
  class ApplicationController < JSONAPI::ResourceController
34
36
  include Pundit::ResourceController
@@ -54,7 +56,7 @@ Instead, it checks to see if the given resource is included in the Scope for tha
54
56
 
55
57
  ## Development
56
58
 
57
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
59
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
58
60
 
59
61
  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org][rubygems].
60
62
 
data/Rakefile CHANGED
@@ -1,6 +1,11 @@
1
1
  require "bundler/gem_tasks"
2
2
  require "rspec/core/rake_task"
3
+ require "appraisal"
3
4
 
4
5
  RSpec::Core::RakeTask.new(:spec)
5
6
 
6
7
  task :default => :spec
8
+
9
+ if !ENV["APPRAISAL_INITIALIZED"] && !ENV["TRAVIS"]
10
+ task :default => :appraisal
11
+ end
data/bin/setup CHANGED
@@ -3,6 +3,6 @@ set -euo pipefail
3
3
  IFS=$'\n\t'
4
4
  set -vx
5
5
 
6
- bundle install
6
+ appraisal install
7
7
 
8
8
  # Do any other automated setup that you need to do here
@@ -0,0 +1,11 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal"
6
+ gem "sqlite3"
7
+ gem "jsonapi-resources", :github => "cerebris/jsonapi-resources"
8
+ gem "pundit"
9
+ gem "rails", "~> 4.2"
10
+
11
+ gemspec :path => "../"
@@ -0,0 +1,11 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal"
6
+ gem "sqlite3"
7
+ gem "jsonapi-resources", :github => "cerebris/jsonapi-resources"
8
+ gem "pundit"
9
+ gem "rails", "~> 5.0"
10
+
11
+ gemspec :path => "../"
@@ -14,6 +14,7 @@ module Pundit
14
14
  warn_if_show_defined
15
15
 
16
16
  context = options[:context]
17
+ context[:policy_used]&.call
17
18
  Pundit.policy_scope!(context[:current_user], _model_class)
18
19
  end
19
20
 
@@ -21,7 +22,7 @@ module Pundit
21
22
 
22
23
  def warn_if_show_defined
23
24
  policy_class = Pundit::PolicyFinder.new(_model_class.new).policy!
24
- if policy_class.method_defined?(:show?)
25
+ if policy_class.instance_methods(false).include?(:show?)
25
26
  puts "WARN: pundit-resources does not use the show? action."
26
27
  puts " #{policy_class::Scope} will be used instead."
27
28
  end
@@ -30,6 +31,11 @@ module Pundit
30
31
 
31
32
  protected
32
33
 
34
+ def can(method)
35
+ context[:policy_used]&.call
36
+ policy.public_send(method)
37
+ end
38
+
33
39
  def current_user
34
40
  context&.[](:current_user)
35
41
  end
@@ -40,29 +46,39 @@ module Pundit
40
46
 
41
47
  def authorize_create_or_update
42
48
  action = _model.new_record? ? :create : :update
43
- not_authorized!(action) unless policy.public_send(:"#{action}?")
49
+ not_authorized!(action) unless can :"#{action}?"
44
50
  end
45
51
 
46
52
  def authorize_destroy
47
- not_authorized! :destroy unless policy.destroy?
53
+ not_authorized! :destroy unless can :destroy?
48
54
  end
49
55
 
50
56
  def records_for(association_name, options={})
51
- association_reflection = _model.class.reflect_on_association(association_name)
57
+ relationships = self.class._relationships.
58
+ values.
59
+ select { |r| r.relation_name(context: @context) == association_name }.
60
+ uniq(&:class)
61
+
62
+ unless relationships.count == 1
63
+ raise "Can't infer relationship type for #{association_name}"
64
+ end
65
+
66
+ relationship = relationships.first
52
67
 
53
- if association_reflection.macro == :has_many
68
+ case relationship
69
+ when JSONAPI::Relationship::ToMany
54
70
  records = _model.public_send(association_name)
55
71
  policy_scope = Pundit.policy_scope!(
56
72
  context[:current_user],
57
- association_reflection.class_name.constantize
73
+ records
58
74
  )
59
75
  records.merge(policy_scope)
60
- elsif [:has_one, :belongs_to].include?(association_reflection.macro)
76
+ when JSONAPI::Relationship::ToOne
61
77
  record = _model.public_send(association_name)
62
78
 
63
79
  # Don't rely on policy.show? being defined since it isn't used for
64
80
  # show actions directly and should always have the same behaviour.
65
- if record && show?(Pundit.policy!(context[:current_user], record))
81
+ if record && show?(Pundit.policy!(context[:current_user], record), record.id)
66
82
  record
67
83
  else
68
84
  nil
@@ -77,8 +93,8 @@ module Pundit
77
93
  raise Pundit::NotAuthorizedError, options
78
94
  end
79
95
 
80
- def show?(policy)
81
- policy.scope.where(id: policy.record.id).exists?
96
+ def show?(policy, record_id)
97
+ policy.scope.where(id: record_id).exists?
82
98
  end
83
99
  end
84
100
  end
@@ -4,6 +4,9 @@ module Pundit
4
4
 
5
5
  included do
6
6
  include ActionController::Rescue
7
+ include AbstractController::Callbacks
8
+
9
+ after_action :enforce_policy_use
7
10
 
8
11
  JSONAPI.configure do |config|
9
12
  error = Pundit::NotAuthorizedError
@@ -17,6 +20,12 @@ module Pundit
17
20
 
18
21
  protected
19
22
 
23
+ def enforce_policy_use
24
+ return if @policy_used || response.status.in?(400...600)
25
+ raise Pundit::AuthorizationNotPerformedError,
26
+ "#{params[:controller]}##{params[:action]}"
27
+ end
28
+
20
29
  def reject_forbidden_request(error)
21
30
  type = error.record.class.name.underscore.humanize(capitalize: false)
22
31
  error = JSONAPI::Error.new(
@@ -30,10 +39,7 @@ module Pundit
30
39
  end
31
40
 
32
41
  def context
33
- { current_user: current_user }
34
- end
35
-
36
- def current_user
42
+ { current_user: current_user, policy_used: -> { @policy_used = true } }
37
43
  end
38
44
  end
39
45
  end
@@ -1,5 +1,5 @@
1
1
  module Pundit
2
2
  module Resources
3
- VERSION = "1.0.0"
3
+ VERSION = "1.0.1"
4
4
  end
5
5
  end
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
21
21
  spec.add_dependency "activesupport"
22
22
  spec.add_dependency "jsonapi-resources"
23
23
  spec.add_dependency "pundit"
24
- spec.add_dependency "rails", ">= 5.0.0.rc1", "< 5.1"
24
+ spec.add_dependency "rails", ">= 4.2.1", "< 5.1"
25
25
 
26
26
  spec.add_development_dependency "bundler", "~> 1.11"
27
27
  spec.add_development_dependency "rake", "~> 10.0"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pundit-resources
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ross Penman
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2016-05-25 00:00:00.000000000 Z
12
+ date: 2016-07-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport
@@ -59,7 +59,7 @@ dependencies:
59
59
  requirements:
60
60
  - - ">="
61
61
  - !ruby/object:Gem::Version
62
- version: 5.0.0.rc1
62
+ version: 4.2.1
63
63
  - - "<"
64
64
  - !ruby/object:Gem::Version
65
65
  version: '5.1'
@@ -69,7 +69,7 @@ dependencies:
69
69
  requirements:
70
70
  - - ">="
71
71
  - !ruby/object:Gem::Version
72
- version: 5.0.0.rc1
72
+ version: 4.2.1
73
73
  - - "<"
74
74
  - !ruby/object:Gem::Version
75
75
  version: '5.1'
@@ -132,12 +132,15 @@ files:
132
132
  - ".gitignore"
133
133
  - ".rspec"
134
134
  - ".travis.yml"
135
+ - Appraisals
135
136
  - Gemfile
136
137
  - LICENSE.txt
137
138
  - README.md
138
139
  - Rakefile
139
140
  - bin/console
140
141
  - bin/setup
142
+ - gemfiles/rails_4.gemfile
143
+ - gemfiles/rails_5.gemfile
141
144
  - lib/pundit/resource.rb
142
145
  - lib/pundit/resource_controller.rb
143
146
  - lib/pundit/resources.rb
@@ -168,3 +171,4 @@ signing_key:
168
171
  specification_version: 4
169
172
  summary: Integrate JSONAPI::Resources with Pundit
170
173
  test_files: []
174
+ has_rdoc: