pundit-resources 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +1 -0
- data/.rspec +0 -1
- data/Appraisals +7 -0
- data/Gemfile +2 -0
- data/README.md +4 -2
- data/Rakefile +5 -0
- data/bin/setup +1 -1
- data/gemfiles/rails_4.gemfile +11 -0
- data/gemfiles/rails_5.gemfile +11 -0
- data/lib/pundit/resource.rb +26 -10
- data/lib/pundit/resource_controller.rb +10 -4
- data/lib/pundit/resources/version.rb +1 -1
- data/pundit-resources.gemspec +1 -1
- metadata +8 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 83ed65ad31c7f9d50aa2bc1fa4f7a1682f999b62
|
4
|
+
data.tar.gz: 800f0caa6caf805f4245718f6e0b1ccec494ba42
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5294401c2ed0c81a816c00b878f81a74af6875348645a4810b4c4acfed810ca29d726a548e33c6e049efdc95f0a34e3717d8b3cb73aa831ccc36f86ba2e951d1
|
7
|
+
data.tar.gz: 51a8ddcf155a373252a159ef3694a982bd8fb4e47a920b212dfd1f436a8ba892f815b8e226f2f1454d8cd0a7b0748e6e8c635594c0d3bad9e521d700439e0e73
|
data/.gitignore
CHANGED
data/.rspec
CHANGED
data/Appraisals
ADDED
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Pundit::Resources
|
2
2
|
|
3
|
-
Pundit::Resources is a gem that makes [JSONAPI::Resources]
|
3
|
+
Pundit::Resources is a gem that makes [JSONAPI::Resources][jsonapi-resources] use [Pundit][pundit] authorization.
|
4
4
|
|
5
5
|
## Installation
|
6
6
|
|
@@ -29,6 +29,8 @@ Include `Pundit::ResourceController` in the resource controllers that should use
|
|
29
29
|
You also need to define a `current_user` method on the controller.
|
30
30
|
The result of this method will be passed as the user parameter to the Pundit policies.
|
31
31
|
|
32
|
+
`Pundit::ResourceController` will raise an exception if authorization is not performed on any action, so you don't have to worry about anything slipping through the cracks.
|
33
|
+
|
32
34
|
```ruby
|
33
35
|
class ApplicationController < JSONAPI::ResourceController
|
34
36
|
include Pundit::ResourceController
|
@@ -54,7 +56,7 @@ Instead, it checks to see if the given resource is included in the Scope for tha
|
|
54
56
|
|
55
57
|
## Development
|
56
58
|
|
57
|
-
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake
|
59
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
58
60
|
|
59
61
|
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org][rubygems].
|
60
62
|
|
data/Rakefile
CHANGED
data/bin/setup
CHANGED
data/lib/pundit/resource.rb
CHANGED
@@ -14,6 +14,7 @@ module Pundit
|
|
14
14
|
warn_if_show_defined
|
15
15
|
|
16
16
|
context = options[:context]
|
17
|
+
context[:policy_used]&.call
|
17
18
|
Pundit.policy_scope!(context[:current_user], _model_class)
|
18
19
|
end
|
19
20
|
|
@@ -21,7 +22,7 @@ module Pundit
|
|
21
22
|
|
22
23
|
def warn_if_show_defined
|
23
24
|
policy_class = Pundit::PolicyFinder.new(_model_class.new).policy!
|
24
|
-
if policy_class.
|
25
|
+
if policy_class.instance_methods(false).include?(:show?)
|
25
26
|
puts "WARN: pundit-resources does not use the show? action."
|
26
27
|
puts " #{policy_class::Scope} will be used instead."
|
27
28
|
end
|
@@ -30,6 +31,11 @@ module Pundit
|
|
30
31
|
|
31
32
|
protected
|
32
33
|
|
34
|
+
def can(method)
|
35
|
+
context[:policy_used]&.call
|
36
|
+
policy.public_send(method)
|
37
|
+
end
|
38
|
+
|
33
39
|
def current_user
|
34
40
|
context&.[](:current_user)
|
35
41
|
end
|
@@ -40,29 +46,39 @@ module Pundit
|
|
40
46
|
|
41
47
|
def authorize_create_or_update
|
42
48
|
action = _model.new_record? ? :create : :update
|
43
|
-
not_authorized!(action) unless
|
49
|
+
not_authorized!(action) unless can :"#{action}?"
|
44
50
|
end
|
45
51
|
|
46
52
|
def authorize_destroy
|
47
|
-
not_authorized! :destroy unless
|
53
|
+
not_authorized! :destroy unless can :destroy?
|
48
54
|
end
|
49
55
|
|
50
56
|
def records_for(association_name, options={})
|
51
|
-
|
57
|
+
relationships = self.class._relationships.
|
58
|
+
values.
|
59
|
+
select { |r| r.relation_name(context: @context) == association_name }.
|
60
|
+
uniq(&:class)
|
61
|
+
|
62
|
+
unless relationships.count == 1
|
63
|
+
raise "Can't infer relationship type for #{association_name}"
|
64
|
+
end
|
65
|
+
|
66
|
+
relationship = relationships.first
|
52
67
|
|
53
|
-
|
68
|
+
case relationship
|
69
|
+
when JSONAPI::Relationship::ToMany
|
54
70
|
records = _model.public_send(association_name)
|
55
71
|
policy_scope = Pundit.policy_scope!(
|
56
72
|
context[:current_user],
|
57
|
-
|
73
|
+
records
|
58
74
|
)
|
59
75
|
records.merge(policy_scope)
|
60
|
-
|
76
|
+
when JSONAPI::Relationship::ToOne
|
61
77
|
record = _model.public_send(association_name)
|
62
78
|
|
63
79
|
# Don't rely on policy.show? being defined since it isn't used for
|
64
80
|
# show actions directly and should always have the same behaviour.
|
65
|
-
if record && show?(Pundit.policy!(context[:current_user], record))
|
81
|
+
if record && show?(Pundit.policy!(context[:current_user], record), record.id)
|
66
82
|
record
|
67
83
|
else
|
68
84
|
nil
|
@@ -77,8 +93,8 @@ module Pundit
|
|
77
93
|
raise Pundit::NotAuthorizedError, options
|
78
94
|
end
|
79
95
|
|
80
|
-
def show?(policy)
|
81
|
-
policy.scope.where(id:
|
96
|
+
def show?(policy, record_id)
|
97
|
+
policy.scope.where(id: record_id).exists?
|
82
98
|
end
|
83
99
|
end
|
84
100
|
end
|
@@ -4,6 +4,9 @@ module Pundit
|
|
4
4
|
|
5
5
|
included do
|
6
6
|
include ActionController::Rescue
|
7
|
+
include AbstractController::Callbacks
|
8
|
+
|
9
|
+
after_action :enforce_policy_use
|
7
10
|
|
8
11
|
JSONAPI.configure do |config|
|
9
12
|
error = Pundit::NotAuthorizedError
|
@@ -17,6 +20,12 @@ module Pundit
|
|
17
20
|
|
18
21
|
protected
|
19
22
|
|
23
|
+
def enforce_policy_use
|
24
|
+
return if @policy_used || response.status.in?(400...600)
|
25
|
+
raise Pundit::AuthorizationNotPerformedError,
|
26
|
+
"#{params[:controller]}##{params[:action]}"
|
27
|
+
end
|
28
|
+
|
20
29
|
def reject_forbidden_request(error)
|
21
30
|
type = error.record.class.name.underscore.humanize(capitalize: false)
|
22
31
|
error = JSONAPI::Error.new(
|
@@ -30,10 +39,7 @@ module Pundit
|
|
30
39
|
end
|
31
40
|
|
32
41
|
def context
|
33
|
-
{ current_user: current_user }
|
34
|
-
end
|
35
|
-
|
36
|
-
def current_user
|
42
|
+
{ current_user: current_user, policy_used: -> { @policy_used = true } }
|
37
43
|
end
|
38
44
|
end
|
39
45
|
end
|
data/pundit-resources.gemspec
CHANGED
@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
|
|
21
21
|
spec.add_dependency "activesupport"
|
22
22
|
spec.add_dependency "jsonapi-resources"
|
23
23
|
spec.add_dependency "pundit"
|
24
|
-
spec.add_dependency "rails", ">=
|
24
|
+
spec.add_dependency "rails", ">= 4.2.1", "< 5.1"
|
25
25
|
|
26
26
|
spec.add_development_dependency "bundler", "~> 1.11"
|
27
27
|
spec.add_development_dependency "rake", "~> 10.0"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pundit-resources
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ross Penman
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: exe
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-
|
12
|
+
date: 2016-07-22 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -59,7 +59,7 @@ dependencies:
|
|
59
59
|
requirements:
|
60
60
|
- - ">="
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version:
|
62
|
+
version: 4.2.1
|
63
63
|
- - "<"
|
64
64
|
- !ruby/object:Gem::Version
|
65
65
|
version: '5.1'
|
@@ -69,7 +69,7 @@ dependencies:
|
|
69
69
|
requirements:
|
70
70
|
- - ">="
|
71
71
|
- !ruby/object:Gem::Version
|
72
|
-
version:
|
72
|
+
version: 4.2.1
|
73
73
|
- - "<"
|
74
74
|
- !ruby/object:Gem::Version
|
75
75
|
version: '5.1'
|
@@ -132,12 +132,15 @@ files:
|
|
132
132
|
- ".gitignore"
|
133
133
|
- ".rspec"
|
134
134
|
- ".travis.yml"
|
135
|
+
- Appraisals
|
135
136
|
- Gemfile
|
136
137
|
- LICENSE.txt
|
137
138
|
- README.md
|
138
139
|
- Rakefile
|
139
140
|
- bin/console
|
140
141
|
- bin/setup
|
142
|
+
- gemfiles/rails_4.gemfile
|
143
|
+
- gemfiles/rails_5.gemfile
|
141
144
|
- lib/pundit/resource.rb
|
142
145
|
- lib/pundit/resource_controller.rb
|
143
146
|
- lib/pundit/resources.rb
|
@@ -168,3 +171,4 @@ signing_key:
|
|
168
171
|
specification_version: 4
|
169
172
|
summary: Integrate JSONAPI::Resources with Pundit
|
170
173
|
test_files: []
|
174
|
+
has_rdoc:
|