rabarber 1.4.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +44 -18
- data/README.md +140 -76
- data/lib/generators/rabarber/roles_generator.rb +2 -0
- data/lib/generators/rabarber/templates/create_rabarber_roles.rb.erb +3 -3
- data/lib/rabarber/audit/events/base.rb +64 -0
- data/lib/rabarber/audit/events/roles_assigned.rb +35 -0
- data/lib/rabarber/audit/events/roles_revoked.rb +35 -0
- data/lib/rabarber/audit/events/unauthorized_attempt.rb +31 -0
- data/lib/rabarber/audit/logger.rb +23 -0
- data/lib/rabarber/configuration.rb +3 -47
- data/lib/rabarber/controllers/concerns/authorization.rb +9 -11
- data/lib/rabarber/core/access.rb +5 -9
- data/lib/rabarber/core/cache.rb +42 -0
- data/lib/rabarber/core/permissions.rb +2 -0
- data/lib/rabarber/core/permissions_integrity_checker.rb +39 -0
- data/lib/rabarber/core/roleable.rb +15 -0
- data/lib/rabarber/core/rule.rb +5 -9
- data/lib/rabarber/helpers/helpers.rb +4 -2
- data/lib/rabarber/models/concerns/has_roles.rb +6 -14
- data/lib/rabarber/models/role.rb +5 -12
- data/lib/rabarber/railtie.rb +1 -7
- data/lib/rabarber/version.rb +1 -1
- data/lib/rabarber.rb +9 -9
- data/rabarber.gemspec +2 -2
- metadata +19 -7
- data/lib/rabarber/cache.rb +0 -29
- data/lib/rabarber/logger.rb +0 -40
- data/lib/rabarber/missing/actions.rb +0 -24
- data/lib/rabarber/missing/base.rb +0 -61
- data/lib/rabarber/missing/roles.rb +0 -35
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rabarber
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- enjaku4
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2024-
|
12
|
+
date: 2024-04-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -18,6 +18,9 @@ dependencies:
|
|
18
18
|
- - ">="
|
19
19
|
- !ruby/object:Gem::Version
|
20
20
|
version: '6.1'
|
21
|
+
- - "<"
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: '7.2'
|
21
24
|
type: :runtime
|
22
25
|
prerelease: false
|
23
26
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -25,6 +28,9 @@ dependencies:
|
|
25
28
|
- - ">="
|
26
29
|
- !ruby/object:Gem::Version
|
27
30
|
version: '6.1'
|
31
|
+
- - "<"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '7.2'
|
28
34
|
description:
|
29
35
|
email:
|
30
36
|
- rabarber_gem@icloud.com
|
@@ -38,11 +44,18 @@ files:
|
|
38
44
|
- lib/generators/rabarber/roles_generator.rb
|
39
45
|
- lib/generators/rabarber/templates/create_rabarber_roles.rb.erb
|
40
46
|
- lib/rabarber.rb
|
41
|
-
- lib/rabarber/
|
47
|
+
- lib/rabarber/audit/events/base.rb
|
48
|
+
- lib/rabarber/audit/events/roles_assigned.rb
|
49
|
+
- lib/rabarber/audit/events/roles_revoked.rb
|
50
|
+
- lib/rabarber/audit/events/unauthorized_attempt.rb
|
51
|
+
- lib/rabarber/audit/logger.rb
|
42
52
|
- lib/rabarber/configuration.rb
|
43
53
|
- lib/rabarber/controllers/concerns/authorization.rb
|
44
54
|
- lib/rabarber/core/access.rb
|
55
|
+
- lib/rabarber/core/cache.rb
|
45
56
|
- lib/rabarber/core/permissions.rb
|
57
|
+
- lib/rabarber/core/permissions_integrity_checker.rb
|
58
|
+
- lib/rabarber/core/roleable.rb
|
46
59
|
- lib/rabarber/core/rule.rb
|
47
60
|
- lib/rabarber/helpers/helpers.rb
|
48
61
|
- lib/rabarber/input/action.rb
|
@@ -53,10 +66,6 @@ files:
|
|
53
66
|
- lib/rabarber/input/types/boolean.rb
|
54
67
|
- lib/rabarber/input/types/proc.rb
|
55
68
|
- lib/rabarber/input/types/symbol.rb
|
56
|
-
- lib/rabarber/logger.rb
|
57
|
-
- lib/rabarber/missing/actions.rb
|
58
|
-
- lib/rabarber/missing/base.rb
|
59
|
-
- lib/rabarber/missing/roles.rb
|
60
69
|
- lib/rabarber/models/concerns/has_roles.rb
|
61
70
|
- lib/rabarber/models/role.rb
|
62
71
|
- lib/rabarber/railtie.rb
|
@@ -76,6 +85,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
76
85
|
- - ">="
|
77
86
|
- !ruby/object:Gem::Version
|
78
87
|
version: '3.0'
|
88
|
+
- - "<"
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '3.4'
|
79
91
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
80
92
|
requirements:
|
81
93
|
- - ">="
|
data/lib/rabarber/cache.rb
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Cache
|
5
|
-
module_function
|
6
|
-
|
7
|
-
ALL_ROLES_KEY = "rabarber:roles"
|
8
|
-
|
9
|
-
def fetch(key, options, &block)
|
10
|
-
enabled? ? Rails.cache.fetch(key, options, &block) : yield
|
11
|
-
end
|
12
|
-
|
13
|
-
def delete(*keys)
|
14
|
-
Rails.cache.delete_multi(keys) if enabled?
|
15
|
-
end
|
16
|
-
|
17
|
-
def enabled?
|
18
|
-
Rabarber::Configuration.instance.cache_enabled
|
19
|
-
end
|
20
|
-
|
21
|
-
def key_for(id)
|
22
|
-
"rabarber:roles_#{id}"
|
23
|
-
end
|
24
|
-
|
25
|
-
def clear
|
26
|
-
Rails.cache.delete_matched(/^rabarber/)
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
data/lib/rabarber/logger.rb
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
class Logger
|
5
|
-
include Singleton
|
6
|
-
|
7
|
-
attr_reader :rails_logger, :audit_logger
|
8
|
-
|
9
|
-
def initialize
|
10
|
-
@rails_logger = Rails.logger
|
11
|
-
@audit_logger = ::Logger.new(Rails.root.join("log/rabarber_audit.log"))
|
12
|
-
end
|
13
|
-
|
14
|
-
class << self
|
15
|
-
def log(log_level, message)
|
16
|
-
instance.rails_logger.tagged("Rabarber") { instance.rails_logger.public_send(log_level, message) }
|
17
|
-
end
|
18
|
-
|
19
|
-
def audit(log_level, message)
|
20
|
-
return unless Rabarber::Configuration.instance.audit_trail_enabled
|
21
|
-
|
22
|
-
instance.audit_logger.public_send(log_level, message)
|
23
|
-
end
|
24
|
-
|
25
|
-
def roleable_identity(roleable, with_roles:)
|
26
|
-
if roleable
|
27
|
-
model_name = roleable.model_name.human
|
28
|
-
primary_key = roleable.class.primary_key
|
29
|
-
roleable_id = roleable.public_send(primary_key)
|
30
|
-
|
31
|
-
roles = with_roles ? ", roles: #{roleable.roles}" : ""
|
32
|
-
|
33
|
-
"#{model_name} with #{primary_key}: '#{roleable_id}'#{roles}"
|
34
|
-
else
|
35
|
-
"Unauthenticated user"
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Missing
|
5
|
-
class Actions < Rabarber::Missing::Base
|
6
|
-
private
|
7
|
-
|
8
|
-
def check_controller_rules
|
9
|
-
nil
|
10
|
-
end
|
11
|
-
|
12
|
-
def check_action_rules
|
13
|
-
action_rules.each do |controller, controller_action_rules|
|
14
|
-
missing_actions = controller_action_rules.map(&:action) - controller.action_methods.map(&:to_sym)
|
15
|
-
missing_list << Rabarber::Missing::Item.new(missing_actions, controller, nil) if missing_actions.present?
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
def configuration_name
|
20
|
-
:when_actions_missing
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|
@@ -1,61 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Missing
|
5
|
-
class Base
|
6
|
-
attr_reader :controller
|
7
|
-
|
8
|
-
def initialize(controller = nil)
|
9
|
-
@controller = controller
|
10
|
-
end
|
11
|
-
|
12
|
-
def handle
|
13
|
-
check_controller_rules
|
14
|
-
check_action_rules
|
15
|
-
|
16
|
-
return if missing_list.empty?
|
17
|
-
|
18
|
-
missing_list.each do |item|
|
19
|
-
context = item.action ? { controller: item.controller, action: item.action } : { controller: item.controller }
|
20
|
-
Rabarber::Configuration.instance.public_send(configuration_name).call(item.missing, context)
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
private
|
25
|
-
|
26
|
-
def check_controller_rules
|
27
|
-
raise NotImplementedError
|
28
|
-
end
|
29
|
-
|
30
|
-
def check_action_rules
|
31
|
-
raise NotImplementedError
|
32
|
-
end
|
33
|
-
|
34
|
-
def configuration_name
|
35
|
-
raise NotImplementedError
|
36
|
-
end
|
37
|
-
|
38
|
-
def missing_list
|
39
|
-
@missing_list ||= []
|
40
|
-
end
|
41
|
-
|
42
|
-
def controller_rules
|
43
|
-
if controller
|
44
|
-
Rabarber::Core::Permissions.controller_rules.slice(controller)
|
45
|
-
else
|
46
|
-
Rabarber::Core::Permissions.controller_rules
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def action_rules
|
51
|
-
if controller
|
52
|
-
Rabarber::Core::Permissions.action_rules.slice(controller)
|
53
|
-
else
|
54
|
-
Rabarber::Core::Permissions.action_rules
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
Item = Struct.new(:missing, :controller, :action)
|
60
|
-
end
|
61
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Missing
|
5
|
-
class Roles < Rabarber::Missing::Base
|
6
|
-
private
|
7
|
-
|
8
|
-
def check_controller_rules
|
9
|
-
controller_rules.each do |controller, controller_rule|
|
10
|
-
missing_roles = controller_rule.roles - all_roles
|
11
|
-
missing_list << Rabarber::Missing::Item.new(missing_roles, controller, nil) unless missing_roles.empty?
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
def check_action_rules
|
16
|
-
action_rules.each do |controller, controller_action_rules|
|
17
|
-
controller_action_rules.each do |action_rule|
|
18
|
-
missing_roles = action_rule.roles - all_roles
|
19
|
-
missing_list << Rabarber::Missing::Item.new(missing_roles, controller, action_rule.action) if missing_roles.any?
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
def configuration_name
|
25
|
-
:when_roles_missing
|
26
|
-
end
|
27
|
-
|
28
|
-
def all_roles
|
29
|
-
@all_roles ||= Rabarber::Cache.fetch(
|
30
|
-
Rabarber::Cache::ALL_ROLES_KEY, expires_in: 1.day, race_condition_ttl: 10.seconds
|
31
|
-
) { Rabarber::Role.names }
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|