pundit-resources 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 84095ef1d7eddc023bc1c00e4501b4068e86386e
4
- data.tar.gz: 557410b3f7c007a2905702fb2a9c4d5c15331e16
3
+ metadata.gz: 83ed65ad31c7f9d50aa2bc1fa4f7a1682f999b62
4
+ data.tar.gz: 800f0caa6caf805f4245718f6e0b1ccec494ba42
5
5
  SHA512:
6
- metadata.gz: e4ba2f3c7e00b6cc852858920804acd20ec77bdc3a23a772412ec05c2077c4d9926e64e49ad41b6f8fa4858e0c5f5465fa355fcbe4ccf8c02772783122c99083
7
- data.tar.gz: 8c37cec27ae036fb6de09bda7ed756d5e1ea27eb58cc2f67c0dd84303b463507393d6da399bd2978bd8f6f195d39b4425a1e8a454de1f54d5442310a6fdc1743
6
+ metadata.gz: 5294401c2ed0c81a816c00b878f81a74af6875348645a4810b4c4acfed810ca29d726a548e33c6e049efdc95f0a34e3717d8b3cb73aa831ccc36f86ba2e951d1
7
+ data.tar.gz: 51a8ddcf155a373252a159ef3694a982bd8fb4e47a920b212dfd1f436a8ba892f815b8e226f2f1454d8cd0a7b0748e6e8c635594c0d3bad9e521d700439e0e73
data/.gitignore CHANGED
@@ -16,3 +16,4 @@ spec/dummy/log/*.log
16
16
  spec/dummy/tmp/
17
17
  !spec/dummy/tmp/.keep
18
18
  spec/examples.txt
19
+ /gemfiles/*.gemfile.lock
data/.rspec CHANGED
@@ -1,3 +1,2 @@
1
- --format documentation
2
1
  --require spec_helper
3
2
  --color
@@ -0,0 +1,7 @@
1
+ appraise "rails-4" do
2
+ gem "rails", "~> 4.2"
3
+ end
4
+
5
+ appraise "rails-5" do
6
+ gem "rails", "~> 5.0"
7
+ end
data/Gemfile CHANGED
@@ -1,5 +1,7 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
+ gem 'appraisal'
4
+
3
5
  # Dependencies for dummy application
4
6
  gem 'sqlite3'
5
7
  gem 'jsonapi-resources', github: 'cerebris/jsonapi-resources'
data/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Pundit::Resources
2
2
 
3
- Pundit::Resources is a gem that makes [JSONAPI::Resources](jsonapi-resources) use [Pundit][pundit] authorization.
3
+ Pundit::Resources is a gem that makes [JSONAPI::Resources][jsonapi-resources] use [Pundit][pundit] authorization.
4
4
 
5
5
  ## Installation
6
6
 
@@ -29,6 +29,8 @@ Include `Pundit::ResourceController` in the resource controllers that should use
29
29
  You also need to define a `current_user` method on the controller.
30
30
  The result of this method will be passed as the user parameter to the Pundit policies.
31
31
 
32
+ `Pundit::ResourceController` will raise an exception if authorization is not performed on any action, so you don't have to worry about anything slipping through the cracks.
33
+
32
34
  ```ruby
33
35
  class ApplicationController < JSONAPI::ResourceController
34
36
  include Pundit::ResourceController
@@ -54,7 +56,7 @@ Instead, it checks to see if the given resource is included in the Scope for tha
54
56
 
55
57
  ## Development
56
58
 
57
- After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
59
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
58
60
 
59
61
  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org][rubygems].
60
62
 
data/Rakefile CHANGED
@@ -1,6 +1,11 @@
1
1
  require "bundler/gem_tasks"
2
2
  require "rspec/core/rake_task"
3
+ require "appraisal"
3
4
 
4
5
  RSpec::Core::RakeTask.new(:spec)
5
6
 
6
7
  task :default => :spec
8
+
9
+ if !ENV["APPRAISAL_INITIALIZED"] && !ENV["TRAVIS"]
10
+ task :default => :appraisal
11
+ end
data/bin/setup CHANGED
@@ -3,6 +3,6 @@ set -euo pipefail
3
3
  IFS=$'\n\t'
4
4
  set -vx
5
5
 
6
- bundle install
6
+ appraisal install
7
7
 
8
8
  # Do any other automated setup that you need to do here
@@ -0,0 +1,11 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal"
6
+ gem "sqlite3"
7
+ gem "jsonapi-resources", :github => "cerebris/jsonapi-resources"
8
+ gem "pundit"
9
+ gem "rails", "~> 4.2"
10
+
11
+ gemspec :path => "../"
@@ -0,0 +1,11 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "https://rubygems.org"
4
+
5
+ gem "appraisal"
6
+ gem "sqlite3"
7
+ gem "jsonapi-resources", :github => "cerebris/jsonapi-resources"
8
+ gem "pundit"
9
+ gem "rails", "~> 5.0"
10
+
11
+ gemspec :path => "../"
@@ -14,6 +14,7 @@ module Pundit
14
14
  warn_if_show_defined
15
15
 
16
16
  context = options[:context]
17
+ context[:policy_used]&.call
17
18
  Pundit.policy_scope!(context[:current_user], _model_class)
18
19
  end
19
20
 
@@ -21,7 +22,7 @@ module Pundit
21
22
 
22
23
  def warn_if_show_defined
23
24
  policy_class = Pundit::PolicyFinder.new(_model_class.new).policy!
24
- if policy_class.method_defined?(:show?)
25
+ if policy_class.instance_methods(false).include?(:show?)
25
26
  puts "WARN: pundit-resources does not use the show? action."
26
27
  puts " #{policy_class::Scope} will be used instead."
27
28
  end
@@ -30,6 +31,11 @@ module Pundit
30
31
 
31
32
  protected
32
33
 
34
+ def can(method)
35
+ context[:policy_used]&.call
36
+ policy.public_send(method)
37
+ end
38
+
33
39
  def current_user
34
40
  context&.[](:current_user)
35
41
  end
@@ -40,29 +46,39 @@ module Pundit
40
46
 
41
47
  def authorize_create_or_update
42
48
  action = _model.new_record? ? :create : :update
43
- not_authorized!(action) unless policy.public_send(:"#{action}?")
49
+ not_authorized!(action) unless can :"#{action}?"
44
50
  end
45
51
 
46
52
  def authorize_destroy
47
- not_authorized! :destroy unless policy.destroy?
53
+ not_authorized! :destroy unless can :destroy?
48
54
  end
49
55
 
50
56
  def records_for(association_name, options={})
51
- association_reflection = _model.class.reflect_on_association(association_name)
57
+ relationships = self.class._relationships.
58
+ values.
59
+ select { |r| r.relation_name(context: @context) == association_name }.
60
+ uniq(&:class)
61
+
62
+ unless relationships.count == 1
63
+ raise "Can't infer relationship type for #{association_name}"
64
+ end
65
+
66
+ relationship = relationships.first
52
67
 
53
- if association_reflection.macro == :has_many
68
+ case relationship
69
+ when JSONAPI::Relationship::ToMany
54
70
  records = _model.public_send(association_name)
55
71
  policy_scope = Pundit.policy_scope!(
56
72
  context[:current_user],
57
- association_reflection.class_name.constantize
73
+ records
58
74
  )
59
75
  records.merge(policy_scope)
60
- elsif [:has_one, :belongs_to].include?(association_reflection.macro)
76
+ when JSONAPI::Relationship::ToOne
61
77
  record = _model.public_send(association_name)
62
78
 
63
79
  # Don't rely on policy.show? being defined since it isn't used for
64
80
  # show actions directly and should always have the same behaviour.
65
- if record && show?(Pundit.policy!(context[:current_user], record))
81
+ if record && show?(Pundit.policy!(context[:current_user], record), record.id)
66
82
  record
67
83
  else
68
84
  nil
@@ -77,8 +93,8 @@ module Pundit
77
93
  raise Pundit::NotAuthorizedError, options
78
94
  end
79
95
 
80
- def show?(policy)
81
- policy.scope.where(id: policy.record.id).exists?
96
+ def show?(policy, record_id)
97
+ policy.scope.where(id: record_id).exists?
82
98
  end
83
99
  end
84
100
  end
@@ -4,6 +4,9 @@ module Pundit
4
4
 
5
5
  included do
6
6
  include ActionController::Rescue
7
+ include AbstractController::Callbacks
8
+
9
+ after_action :enforce_policy_use
7
10
 
8
11
  JSONAPI.configure do |config|
9
12
  error = Pundit::NotAuthorizedError
@@ -17,6 +20,12 @@ module Pundit
17
20
 
18
21
  protected
19
22
 
23
+ def enforce_policy_use
24
+ return if @policy_used || response.status.in?(400...600)
25
+ raise Pundit::AuthorizationNotPerformedError,
26
+ "#{params[:controller]}##{params[:action]}"
27
+ end
28
+
20
29
  def reject_forbidden_request(error)
21
30
  type = error.record.class.name.underscore.humanize(capitalize: false)
22
31
  error = JSONAPI::Error.new(
@@ -30,10 +39,7 @@ module Pundit
30
39
  end
31
40
 
32
41
  def context
33
- { current_user: current_user }
34
- end
35
-
36
- def current_user
42
+ { current_user: current_user, policy_used: -> { @policy_used = true } }
37
43
  end
38
44
  end
39
45
  end
@@ -1,5 +1,5 @@
1
1
  module Pundit
2
2
  module Resources
3
- VERSION = "1.0.0"
3
+ VERSION = "1.0.1"
4
4
  end
5
5
  end
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
21
21
  spec.add_dependency "activesupport"
22
22
  spec.add_dependency "jsonapi-resources"
23
23
  spec.add_dependency "pundit"
24
- spec.add_dependency "rails", ">= 5.0.0.rc1", "< 5.1"
24
+ spec.add_dependency "rails", ">= 4.2.1", "< 5.1"
25
25
 
26
26
  spec.add_development_dependency "bundler", "~> 1.11"
27
27
  spec.add_development_dependency "rake", "~> 10.0"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pundit-resources
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ross Penman
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2016-05-25 00:00:00.000000000 Z
12
+ date: 2016-07-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activesupport
@@ -59,7 +59,7 @@ dependencies:
59
59
  requirements:
60
60
  - - ">="
61
61
  - !ruby/object:Gem::Version
62
- version: 5.0.0.rc1
62
+ version: 4.2.1
63
63
  - - "<"
64
64
  - !ruby/object:Gem::Version
65
65
  version: '5.1'
@@ -69,7 +69,7 @@ dependencies:
69
69
  requirements:
70
70
  - - ">="
71
71
  - !ruby/object:Gem::Version
72
- version: 5.0.0.rc1
72
+ version: 4.2.1
73
73
  - - "<"
74
74
  - !ruby/object:Gem::Version
75
75
  version: '5.1'
@@ -132,12 +132,15 @@ files:
132
132
  - ".gitignore"
133
133
  - ".rspec"
134
134
  - ".travis.yml"
135
+ - Appraisals
135
136
  - Gemfile
136
137
  - LICENSE.txt
137
138
  - README.md
138
139
  - Rakefile
139
140
  - bin/console
140
141
  - bin/setup
142
+ - gemfiles/rails_4.gemfile
143
+ - gemfiles/rails_5.gemfile
141
144
  - lib/pundit/resource.rb
142
145
  - lib/pundit/resource_controller.rb
143
146
  - lib/pundit/resources.rb
@@ -168,3 +171,4 @@ signing_key:
168
171
  specification_version: 4
169
172
  summary: Integrate JSONAPI::Resources with Pundit
170
173
  test_files: []
174
+ has_rdoc: