rabarber 1.4.0 → 1.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -18
- data/README.md +19 -11
- data/lib/rabarber/core/access.rb +2 -8
- data/lib/rabarber/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 23a3e2a6c83a827ad3cd468761de12d2124cdd2f1b022e18661fdf97f21302e7
|
|
4
|
+
data.tar.gz: 1b56b41289ce816796856832f07e76453ecfa0c290f1cd8f37f4a83690227abc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ac4af855dc20a41b78633fa4c4e946d1c54fad1df93e5f8505954bc4ff2cd43307fc94789718e1f9a563b44a57d3266660b84057f9de1d61afdab1111eb5b506
|
|
7
|
+
data.tar.gz: 17408ae706718e23ac594cd7c3144413c78aa69ce1ae0d0a230e5f62400917e1d5a82a22bd727df19391c7cbf235510cbaea8bbf6edc7aba47b8bcab06e6de81
|
data/CHANGELOG.md
CHANGED
|
@@ -1,27 +1,31 @@
|
|
|
1
|
-
##
|
|
1
|
+
## v1.4.1
|
|
2
|
+
|
|
3
|
+
- Fix an issue where an error could be raised when using controller-wide dynamic rules
|
|
4
|
+
|
|
5
|
+
## v1.4.0
|
|
2
6
|
|
|
3
7
|
- Add 'Audit trail' feature: Logging of role assignments, revocations, and unauthorized access attempts
|
|
4
8
|
- Add `audit_trail_enabled` configuration option, allowing to enable or disable the audit trail
|
|
5
9
|
- Deprecate `when_actions_missing` and `when_roles_missing` configuration options (see [the discussion](https://github.com/enjaku4/rabarber/discussions/48))
|
|
6
10
|
|
|
7
|
-
##
|
|
11
|
+
## v1.3.1
|
|
8
12
|
|
|
9
13
|
- Add `Rabarber::Role.assignees_for` method
|
|
10
14
|
- Fix inconsistent behavior where passing `nil` as a role name to role management methods would raise an `ActiveRecord` error instead of `Rabarber` error
|
|
11
15
|
- Various minor code improvements
|
|
12
16
|
|
|
13
|
-
##
|
|
17
|
+
## v1.3.0
|
|
14
18
|
|
|
15
19
|
- Add methods to directly add, rename, and remove roles
|
|
16
20
|
- Modify `Rabarber::HasRoles#assign_roles` and `Rabarber::HasRoles#revoke_roles` methods to return the list of roles assigned to the user
|
|
17
21
|
- Minor performance improvements
|
|
18
22
|
|
|
19
|
-
##
|
|
23
|
+
## v1.2.2
|
|
20
24
|
|
|
21
25
|
- Refactor to improve readability and maintainability
|
|
22
26
|
- Fix minor code errors
|
|
23
27
|
|
|
24
|
-
##
|
|
28
|
+
## v1.2.1
|
|
25
29
|
|
|
26
30
|
- Cache roles to avoid unnecessary database queries
|
|
27
31
|
- Introduce `cache_enabled` configuration option allowing to enable or disable role caching
|
|
@@ -29,61 +33,61 @@
|
|
|
29
33
|
- Fix an issue where an error would be raised if the user is not authenticated
|
|
30
34
|
- Various minor improvements
|
|
31
35
|
|
|
32
|
-
##
|
|
36
|
+
## v1.2.0
|
|
33
37
|
|
|
34
38
|
- Enhance handling of missing actions and roles specified in `grant_access` method by raising an error for missing actions and logging a warning for missing roles
|
|
35
39
|
- Introduce `when_actions_missing` and `when_roles_missing` configuration options, allowing to customize the behavior when actions or roles are not found
|
|
36
40
|
|
|
37
|
-
##
|
|
41
|
+
## v1.1.0
|
|
38
42
|
|
|
39
43
|
- Add support for `unless` argument in `grant_access` method, allowing to define negated dynamic rules
|
|
40
44
|
- Fix a bug where specifying a dynamic rule as a symbol without specifying an action would result in an error
|
|
41
45
|
|
|
42
|
-
##
|
|
46
|
+
## v1.0.5
|
|
43
47
|
|
|
44
48
|
- Add co-author: [trafium](https://github.com/trafium)
|
|
45
49
|
|
|
46
|
-
##
|
|
50
|
+
## v1.0.4
|
|
47
51
|
|
|
48
52
|
- Allow to use strings as role names
|
|
49
53
|
|
|
50
|
-
##
|
|
54
|
+
## v1.0.3
|
|
51
55
|
|
|
52
56
|
- Enhance clarity by improving error types and messages
|
|
53
57
|
- Resolve inconsistency in types of role names
|
|
54
58
|
|
|
55
|
-
##
|
|
59
|
+
## v1.0.2
|
|
56
60
|
|
|
57
61
|
- Various enhancements for gem development and release
|
|
58
62
|
- Modify `Rabarber::HasRoles#roles` method to return an array of role names instead of `Rabarber::Role` objects
|
|
59
63
|
|
|
60
|
-
##
|
|
64
|
+
## v1.0.1
|
|
61
65
|
|
|
62
66
|
- Various enhancements for gem development
|
|
63
67
|
|
|
64
|
-
##
|
|
68
|
+
## v1.0.0
|
|
65
69
|
|
|
66
70
|
- Drop support for Ruby 2.7
|
|
67
71
|
- Add support for Ruby 3.3
|
|
68
72
|
- Various minor improvements
|
|
69
73
|
|
|
70
|
-
##
|
|
74
|
+
## v0.1.5
|
|
71
75
|
|
|
72
76
|
- Add missing `foreign_key` option to `CreateRabarberRoles` migration
|
|
73
77
|
- Allow only lowercase alphanumeric characters and underscores in role names
|
|
74
78
|
|
|
75
|
-
##
|
|
79
|
+
## v0.1.4
|
|
76
80
|
|
|
77
81
|
- Remove `Rabarber::HasRoles#role?` method as unnecessary
|
|
78
82
|
|
|
79
|
-
##
|
|
83
|
+
## v0.1.3
|
|
80
84
|
|
|
81
85
|
- Fully revise and update README for clarity
|
|
82
86
|
|
|
83
|
-
##
|
|
87
|
+
## v0.1.2
|
|
84
88
|
|
|
85
89
|
- Fix check that `Rabarber::HasRoles` can only be included once
|
|
86
90
|
|
|
87
|
-
##
|
|
91
|
+
## v0.1.1
|
|
88
92
|
|
|
89
93
|
- Initial release
|
data/README.md
CHANGED
|
@@ -88,7 +88,6 @@ end
|
|
|
88
88
|
The following configuration options are deprecated and will be removed in the next major version (see [the discussion](https://github.com/enjaku4/rabarber/discussions/48)):
|
|
89
89
|
|
|
90
90
|
- `when_actions_missing` must be a proc where you can define the behaviour when the action specified in `grant_access` method cannot be found in the controller. Lambda argument `missing_actions` is an array of symbols, e.g., `[:index]`, while `context` argument is a hash that looks like this: `{ controller: "InvoicesController" }`. This check is performed when the application is initialized if `eager_load` configuration is enabled in Rails and also on every request. _By default, an error is raised when action is missing._
|
|
91
|
-
|
|
92
91
|
- `when_roles_missing` must be a proc where you can define the behaviour when the roles specified in `grant_access` method cannot be found in the database. Lambda argument `missing_roles` is an array of symbols, e.g., `[:admin]`, while `context` argument is a hash that looks like this: `{ controller: "InvoicesController", action: "index" }`. This check is performed when the application is initialized if `eager_load` configuration is enabled in Rails and also on every request. _By default, a warning is logged when roles are missing._
|
|
93
92
|
|
|
94
93
|
## Roles
|
|
@@ -223,16 +222,18 @@ The most basic usage of the method is as follows:
|
|
|
223
222
|
class InvoicesController < ApplicationController
|
|
224
223
|
grant_access action: :index, roles: [:accountant, :admin]
|
|
225
224
|
def index
|
|
225
|
+
@invoices = Invoice.all
|
|
226
|
+
@invoices = @invoices.paid if current_user.has_role?(:accountant)
|
|
226
227
|
...
|
|
227
228
|
end
|
|
228
229
|
|
|
229
|
-
grant_access action: :
|
|
230
|
-
def
|
|
230
|
+
grant_access action: :destroy, roles: :admin
|
|
231
|
+
def destroy
|
|
231
232
|
...
|
|
232
233
|
end
|
|
233
234
|
end
|
|
234
235
|
```
|
|
235
|
-
This grants access to `index` action for users with `accountant` or `admin` role, and access to `
|
|
236
|
+
This grants access to `index` action for users with `accountant` or `admin` role, and access to `destroy` action for `admin` users only.
|
|
236
237
|
|
|
237
238
|
You can also define controller-wide rules (without `action` argument):
|
|
238
239
|
|
|
@@ -285,14 +286,16 @@ For more complex cases, Rabarber provides dynamic rules:
|
|
|
285
286
|
|
|
286
287
|
```rb
|
|
287
288
|
class OrdersController < ApplicationController
|
|
288
|
-
grant_access if: :
|
|
289
|
-
|
|
290
|
-
|
|
289
|
+
grant_access roles: :manager, if: :company_manager?, unless: :fired?
|
|
290
|
+
|
|
291
|
+
def index
|
|
292
|
+
...
|
|
293
|
+
end
|
|
291
294
|
|
|
292
295
|
private
|
|
293
296
|
|
|
294
|
-
def
|
|
295
|
-
|
|
297
|
+
def company_manager?
|
|
298
|
+
Company.find(params[:company_id]).manager == current_user
|
|
296
299
|
end
|
|
297
300
|
|
|
298
301
|
def fired?
|
|
@@ -301,12 +304,17 @@ class OrdersController < ApplicationController
|
|
|
301
304
|
end
|
|
302
305
|
|
|
303
306
|
class InvoicesController < ApplicationController
|
|
304
|
-
grant_access
|
|
307
|
+
grant_access roles: :senior_accountant
|
|
308
|
+
|
|
309
|
+
grant_access action: :index, roles: [:secretary, :accountant], if: -> { InvoicesPolicy.new(current_user).can_access?(:index) }
|
|
305
310
|
def index
|
|
311
|
+
@invoices = Invoice.all
|
|
312
|
+
@invoices = @invoices.where("total < 10000") if current_user.has_role?(:accountant)
|
|
313
|
+
@invoices = @invoices.unpaid if current_user.has_role?(:secretary)
|
|
306
314
|
...
|
|
307
315
|
end
|
|
308
316
|
|
|
309
|
-
grant_access action: :show, roles: :
|
|
317
|
+
grant_access action: :show, roles: :accountant, unless: -> { Invoice.find(params[:id]).total > 10_000 }
|
|
310
318
|
def show
|
|
311
319
|
...
|
|
312
320
|
end
|
data/lib/rabarber/core/access.rb
CHANGED
|
@@ -9,20 +9,14 @@ module Rabarber
|
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def controller_accessible?(roles, controller, dynamic_rule_receiver)
|
|
12
|
-
|
|
13
|
-
controller <=
|
|
12
|
+
controller_rules.any? do |rule_controller, rule|
|
|
13
|
+
controller <= rule_controller && rule.verify_access(roles, dynamic_rule_receiver)
|
|
14
14
|
end
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def action_accessible?(roles, controller, action, dynamic_rule_receiver)
|
|
18
18
|
action_rules[controller].any? { |rule| rule.verify_access(roles, dynamic_rule_receiver, action) }
|
|
19
19
|
end
|
|
20
|
-
|
|
21
|
-
private
|
|
22
|
-
|
|
23
|
-
def accessible_controllers(roles, dynamic_rule_receiver)
|
|
24
|
-
controller_rules.select { |_, rule| rule.verify_access(roles, dynamic_rule_receiver) }.keys
|
|
25
|
-
end
|
|
26
20
|
end
|
|
27
21
|
end
|
|
28
22
|
end
|
data/lib/rabarber/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rabarber
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.4.
|
|
4
|
+
version: 1.4.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- enjaku4
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2024-
|
|
12
|
+
date: 2024-04-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|