rabarber 1.4.1 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/README.md +122 -66
- data/lib/generators/rabarber/roles_generator.rb +2 -0
- data/lib/generators/rabarber/templates/create_rabarber_roles.rb.erb +3 -3
- data/lib/rabarber/audit/events/base.rb +64 -0
- data/lib/rabarber/audit/events/roles_assigned.rb +35 -0
- data/lib/rabarber/audit/events/roles_revoked.rb +35 -0
- data/lib/rabarber/audit/events/unauthorized_attempt.rb +31 -0
- data/lib/rabarber/audit/logger.rb +23 -0
- data/lib/rabarber/configuration.rb +3 -47
- data/lib/rabarber/controllers/concerns/authorization.rb +9 -11
- data/lib/rabarber/core/access.rb +3 -1
- data/lib/rabarber/core/cache.rb +42 -0
- data/lib/rabarber/core/permissions.rb +2 -0
- data/lib/rabarber/core/permissions_integrity_checker.rb +39 -0
- data/lib/rabarber/core/roleable.rb +15 -0
- data/lib/rabarber/core/rule.rb +5 -9
- data/lib/rabarber/helpers/helpers.rb +4 -2
- data/lib/rabarber/models/concerns/has_roles.rb +6 -14
- data/lib/rabarber/models/role.rb +5 -12
- data/lib/rabarber/railtie.rb +1 -7
- data/lib/rabarber/version.rb +1 -1
- data/lib/rabarber.rb +9 -9
- data/rabarber.gemspec +2 -2
- metadata +19 -7
- data/lib/rabarber/cache.rb +0 -29
- data/lib/rabarber/logger.rb +0 -40
- data/lib/rabarber/missing/actions.rb +0 -24
- data/lib/rabarber/missing/base.rb +0 -61
- data/lib/rabarber/missing/roles.rb +0 -35
@@ -1,20 +1,18 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require "singleton"
|
4
|
+
|
3
5
|
module Rabarber
|
4
6
|
class Configuration
|
5
7
|
include Singleton
|
6
8
|
|
7
|
-
attr_reader :audit_trail_enabled, :cache_enabled, :current_user_method, :must_have_roles
|
8
|
-
:when_actions_missing, :when_roles_missing, :when_unauthorized
|
9
|
+
attr_reader :audit_trail_enabled, :cache_enabled, :current_user_method, :must_have_roles
|
9
10
|
|
10
11
|
def initialize
|
11
12
|
@audit_trail_enabled = default_audit_trail_enabled
|
12
13
|
@cache_enabled = default_cache_enabled
|
13
14
|
@current_user_method = default_current_user_method
|
14
15
|
@must_have_roles = default_must_have_roles
|
15
|
-
@when_actions_missing = default_when_actions_missing
|
16
|
-
@when_roles_missing = default_when_roles_missing
|
17
|
-
@when_unauthorized = default_when_unauthorized
|
18
16
|
end
|
19
17
|
|
20
18
|
def audit_trail_enabled=(value)
|
@@ -41,24 +39,6 @@ module Rabarber
|
|
41
39
|
).process
|
42
40
|
end
|
43
41
|
|
44
|
-
def when_actions_missing=(callable)
|
45
|
-
@when_actions_missing = Rabarber::Input::Types::Proc.new(
|
46
|
-
callable, Rabarber::ConfigurationError, "Configuration 'when_actions_missing' must be a Proc"
|
47
|
-
).process
|
48
|
-
end
|
49
|
-
|
50
|
-
def when_roles_missing=(callable)
|
51
|
-
@when_roles_missing = Rabarber::Input::Types::Proc.new(
|
52
|
-
callable, Rabarber::ConfigurationError, "Configuration 'when_roles_missing' must be a Proc"
|
53
|
-
).process
|
54
|
-
end
|
55
|
-
|
56
|
-
def when_unauthorized=(callable)
|
57
|
-
@when_unauthorized = Rabarber::Input::Types::Proc.new(
|
58
|
-
callable, Rabarber::ConfigurationError, "Configuration 'when_unauthorized' must be a Proc"
|
59
|
-
).process
|
60
|
-
end
|
61
|
-
|
62
42
|
private
|
63
43
|
|
64
44
|
def default_audit_trail_enabled
|
@@ -76,29 +56,5 @@ module Rabarber
|
|
76
56
|
def default_must_have_roles
|
77
57
|
false
|
78
58
|
end
|
79
|
-
|
80
|
-
def default_when_actions_missing
|
81
|
-
-> (missing_actions, context) {
|
82
|
-
raise(Rabarber::Error, "'grant_access' method called with non-existent actions: #{missing_actions}, context: '#{context[:controller]}'")
|
83
|
-
}
|
84
|
-
end
|
85
|
-
|
86
|
-
def default_when_roles_missing
|
87
|
-
-> (missing_roles, context) {
|
88
|
-
delimiter = context[:action] ? "#" : ""
|
89
|
-
message = "'grant_access' method called with non-existent roles: #{missing_roles}, context: '#{context[:controller]}#{delimiter}#{context[:action]}'"
|
90
|
-
Rabarber::Logger.log(:warn, message)
|
91
|
-
}
|
92
|
-
end
|
93
|
-
|
94
|
-
def default_when_unauthorized
|
95
|
-
-> (controller) do
|
96
|
-
if controller.request.format.html?
|
97
|
-
controller.redirect_back fallback_location: controller.main_app.root_path
|
98
|
-
else
|
99
|
-
controller.head(:unauthorized)
|
100
|
-
end
|
101
|
-
end
|
102
|
-
end
|
103
59
|
end
|
104
60
|
end
|
@@ -4,6 +4,8 @@ module Rabarber
|
|
4
4
|
module Authorization
|
5
5
|
extend ActiveSupport::Concern
|
6
6
|
|
7
|
+
include Rabarber::Core::Roleable
|
8
|
+
|
7
9
|
included do
|
8
10
|
before_action :verify_access
|
9
11
|
end
|
@@ -25,21 +27,17 @@ module Rabarber
|
|
25
27
|
private
|
26
28
|
|
27
29
|
def verify_access
|
28
|
-
Rabarber::
|
29
|
-
Rabarber::Missing::Roles.new(self.class).handle
|
30
|
+
Rabarber::Core::PermissionsIntegrityChecker.new(self.class).run! unless Rails.configuration.eager_load
|
30
31
|
|
31
|
-
|
32
|
+
return if Rabarber::Core::Permissions.access_granted?(roleable_roles, self.class, action_name.to_sym, self)
|
32
33
|
|
33
|
-
|
34
|
-
roleable ? roleable.roles : [], self.class, action_name.to_sym, self
|
35
|
-
)
|
34
|
+
Rabarber::Audit::Events::UnauthorizedAttempt.trigger(roleable, path: request.path)
|
36
35
|
|
37
|
-
|
38
|
-
|
39
|
-
"[Unauthorized Attempt] #{Rabarber::Logger.roleable_identity(roleable, with_roles: true)} attempted to access '#{request.path}'"
|
40
|
-
)
|
36
|
+
when_unauthorized
|
37
|
+
end
|
41
38
|
|
42
|
-
|
39
|
+
def when_unauthorized
|
40
|
+
request.format.html? ? redirect_back(fallback_location: root_path) : head(:unauthorized)
|
43
41
|
end
|
44
42
|
end
|
45
43
|
end
|
data/lib/rabarber/core/access.rb
CHANGED
@@ -15,7 +15,9 @@ module Rabarber
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def action_accessible?(roles, controller, action, dynamic_rule_receiver)
|
18
|
-
action_rules[controller].any?
|
18
|
+
action_rules[controller].any? do |rule|
|
19
|
+
rule.action == action && rule.verify_access(roles, dynamic_rule_receiver)
|
20
|
+
end
|
19
21
|
end
|
20
22
|
end
|
21
23
|
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Rabarber
|
4
|
+
module Core
|
5
|
+
module Cache
|
6
|
+
extend self
|
7
|
+
|
8
|
+
CACHE_PREFIX = "rabarber"
|
9
|
+
private_constant :CACHE_PREFIX
|
10
|
+
|
11
|
+
def fetch(roleable_id, options = { expires_in: 1.hour, race_condition_ttl: 5.seconds }, &block)
|
12
|
+
enabled? ? Rails.cache.fetch(key_for(roleable_id), **options, &block) : yield
|
13
|
+
end
|
14
|
+
|
15
|
+
def delete(*roleable_ids)
|
16
|
+
keys = roleable_ids.map { |roleable_id| key_for(roleable_id) }
|
17
|
+
Rails.cache.delete_multi(keys) if enabled? && keys.any?
|
18
|
+
end
|
19
|
+
|
20
|
+
def enabled?
|
21
|
+
Rabarber::Configuration.instance.cache_enabled
|
22
|
+
end
|
23
|
+
|
24
|
+
def clear
|
25
|
+
Rails.cache.delete_matched(/^#{CACHE_PREFIX}/o)
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def key_for(id)
|
31
|
+
"#{CACHE_PREFIX}:roles_#{id}"
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
module Cache
|
37
|
+
def clear
|
38
|
+
Rabarber::Core::Cache.clear
|
39
|
+
end
|
40
|
+
module_function :clear
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Rabarber
|
4
|
+
module Core
|
5
|
+
class PermissionsIntegrityChecker
|
6
|
+
attr_reader :controller
|
7
|
+
|
8
|
+
def initialize(controller = nil)
|
9
|
+
@controller = controller
|
10
|
+
end
|
11
|
+
|
12
|
+
def run!
|
13
|
+
return if missing_list.empty?
|
14
|
+
|
15
|
+
raise(
|
16
|
+
Rabarber::Error,
|
17
|
+
"Following actions were passed to 'grant_access' method but are not defined in the controller: #{missing_list}"
|
18
|
+
)
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def missing_list
|
24
|
+
@missing_list ||= action_rules.each_with_object([]) do |(controller, rules), arr|
|
25
|
+
missing_actions = rules.map(&:action) - controller.action_methods.map(&:to_sym)
|
26
|
+
arr << { controller => missing_actions } if missing_actions.any?
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def action_rules
|
31
|
+
if controller
|
32
|
+
Rabarber::Core::Permissions.action_rules.slice(controller)
|
33
|
+
else
|
34
|
+
Rabarber::Core::Permissions.action_rules
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
data/lib/rabarber/core/rule.rb
CHANGED
@@ -12,18 +12,14 @@ module Rabarber
|
|
12
12
|
@negated_dynamic_rule = negated_dynamic_rule
|
13
13
|
end
|
14
14
|
|
15
|
-
def verify_access(
|
16
|
-
|
15
|
+
def verify_access(roleable_roles, dynamic_rule_receiver)
|
16
|
+
roles_permitted?(roleable_roles) && dynamic_rule_followed?(dynamic_rule_receiver)
|
17
17
|
end
|
18
18
|
|
19
|
-
def
|
20
|
-
|
21
|
-
end
|
22
|
-
|
23
|
-
def roles_permitted?(user_roles)
|
24
|
-
return false if Rabarber::Configuration.instance.must_have_roles && user_roles.empty?
|
19
|
+
def roles_permitted?(roleable_roles)
|
20
|
+
return false if Rabarber::Configuration.instance.must_have_roles && roleable_roles.empty?
|
25
21
|
|
26
|
-
roles.empty? || (
|
22
|
+
roles.empty? || roles.intersection(roleable_roles).any?
|
27
23
|
end
|
28
24
|
|
29
25
|
def dynamic_rule_followed?(dynamic_rule_receiver)
|
@@ -2,14 +2,16 @@
|
|
2
2
|
|
3
3
|
module Rabarber
|
4
4
|
module Helpers
|
5
|
+
include Rabarber::Core::Roleable
|
6
|
+
|
5
7
|
def visible_to(*roles, &block)
|
6
|
-
return unless
|
8
|
+
return unless roleable_roles.intersection(Rabarber::Input::Roles.new(roles).process).any?
|
7
9
|
|
8
10
|
capture(&block)
|
9
11
|
end
|
10
12
|
|
11
13
|
def hidden_from(*roles, &block)
|
12
|
-
return if
|
14
|
+
return if roleable_roles.intersection(Rabarber::Input::Roles.new(roles).process).any?
|
13
15
|
|
14
16
|
capture(&block)
|
15
17
|
end
|
@@ -15,13 +15,11 @@ module Rabarber
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def roles
|
18
|
-
Rabarber::Cache.fetch(
|
19
|
-
rabarber_roles.names
|
20
|
-
end
|
18
|
+
Rabarber::Core::Cache.fetch(roleable_id) { rabarber_roles.names }
|
21
19
|
end
|
22
20
|
|
23
21
|
def has_role?(*role_names)
|
24
|
-
(
|
22
|
+
roles.intersection(process_role_names(role_names)).any?
|
25
23
|
end
|
26
24
|
|
27
25
|
def assign_roles(*role_names, create_new: true)
|
@@ -29,16 +27,13 @@ module Rabarber
|
|
29
27
|
|
30
28
|
create_new_roles(processed_role_names) if create_new
|
31
29
|
|
32
|
-
roles_to_assign = Rabarber::Role.where(name: processed_role_names
|
30
|
+
roles_to_assign = Rabarber::Role.where(name: processed_role_names - rabarber_roles.names)
|
33
31
|
|
34
32
|
if roles_to_assign.any?
|
35
33
|
delete_roleable_cache
|
36
34
|
rabarber_roles << roles_to_assign
|
37
35
|
|
38
|
-
Rabarber::
|
39
|
-
:info,
|
40
|
-
"[Role Assignment] #{Rabarber::Logger.roleable_identity(self, with_roles: false)} has been assigned the following roles: #{roles_to_assign.pluck(:name).map(&:to_sym)}, current roles: #{roles}"
|
41
|
-
)
|
36
|
+
Rabarber::Audit::Events::RolesAssigned.trigger(self, roles_to_assign: roles_to_assign.names, current_roles: roles)
|
42
37
|
end
|
43
38
|
|
44
39
|
roles
|
@@ -52,10 +47,7 @@ module Rabarber
|
|
52
47
|
delete_roleable_cache
|
53
48
|
self.rabarber_roles -= roles_to_revoke
|
54
49
|
|
55
|
-
Rabarber::
|
56
|
-
:info,
|
57
|
-
"[Role Revocation] #{Rabarber::Logger.roleable_identity(self, with_roles: false)} has been revoked from the following roles: #{roles_to_revoke.pluck(:name).map(&:to_sym)}, current roles: #{roles}"
|
58
|
-
)
|
50
|
+
Rabarber::Audit::Events::RolesRevoked.trigger(self, roles_to_revoke: roles_to_revoke.names, current_roles: roles)
|
59
51
|
end
|
60
52
|
|
61
53
|
roles
|
@@ -78,7 +70,7 @@ module Rabarber
|
|
78
70
|
end
|
79
71
|
|
80
72
|
def delete_roleable_cache
|
81
|
-
Rabarber::Cache.delete(
|
73
|
+
Rabarber::Core::Cache.delete(roleable_id)
|
82
74
|
end
|
83
75
|
|
84
76
|
def roleable_id
|
data/lib/rabarber/models/role.rb
CHANGED
@@ -18,8 +18,6 @@ module Rabarber
|
|
18
18
|
|
19
19
|
return false if exists?(name: name)
|
20
20
|
|
21
|
-
delete_roles_cache
|
22
|
-
|
23
21
|
!!create!(name: name)
|
24
22
|
end
|
25
23
|
|
@@ -29,7 +27,6 @@ module Rabarber
|
|
29
27
|
|
30
28
|
return false if !role || exists?(name: name) || assigned_to_roleables(role).any? && !force
|
31
29
|
|
32
|
-
delete_roles_cache
|
33
30
|
delete_roleables_cache(role)
|
34
31
|
|
35
32
|
role.update!(name: name)
|
@@ -40,13 +37,12 @@ module Rabarber
|
|
40
37
|
|
41
38
|
return false if !role || assigned_to_roleables(role).any? && !force
|
42
39
|
|
43
|
-
delete_roles_cache
|
44
40
|
delete_roleables_cache(role)
|
45
41
|
|
46
42
|
!!role.destroy!
|
47
43
|
end
|
48
44
|
|
49
|
-
def
|
45
|
+
def assignees(name)
|
50
46
|
Rabarber::HasRoles.roleable_class.joins(:rabarber_roles).where(
|
51
47
|
rabarber_roles: { name: Rabarber::Input::Role.new(name).process }
|
52
48
|
)
|
@@ -54,18 +50,15 @@ module Rabarber
|
|
54
50
|
|
55
51
|
private
|
56
52
|
|
57
|
-
def delete_roles_cache
|
58
|
-
Rabarber::Cache.delete(Rabarber::Cache::ALL_ROLES_KEY)
|
59
|
-
end
|
60
|
-
|
61
53
|
def delete_roleables_cache(role)
|
62
|
-
|
63
|
-
Rabarber::Cache.delete(*keys) if keys.any?
|
54
|
+
Rabarber::Core::Cache.delete(*assigned_to_roleables(role))
|
64
55
|
end
|
65
56
|
|
66
57
|
def assigned_to_roleables(role)
|
67
58
|
ActiveRecord::Base.connection.select_values(
|
68
|
-
|
59
|
+
ActiveRecord::Base.sanitize_sql(
|
60
|
+
["SELECT roleable_id FROM rabarber_roles_roleables WHERE role_id = ?", role.id]
|
61
|
+
)
|
69
62
|
)
|
70
63
|
end
|
71
64
|
|
data/lib/rabarber/railtie.rb
CHANGED
@@ -6,13 +6,7 @@ module Rabarber
|
|
6
6
|
class Railtie < Rails::Railtie
|
7
7
|
initializer "rabarber.after_initialize" do |app|
|
8
8
|
app.config.after_initialize do
|
9
|
-
Rabarber::
|
10
|
-
Rabarber::Missing::Roles.new.handle if Rabarber::Role.table_exists?
|
11
|
-
|
12
|
-
Rabarber::Logger.log(
|
13
|
-
:warn,
|
14
|
-
"DEPRECATION WARNING: Configurations 'when_actions_missing' and 'when_roles_missing' are deprecated and will be removed in v2.0.0"
|
15
|
-
)
|
9
|
+
Rabarber::Core::PermissionsIntegrityChecker.new.run! if Rails.configuration.eager_load
|
16
10
|
end
|
17
11
|
end
|
18
12
|
end
|
data/lib/rabarber/version.rb
CHANGED
data/lib/rabarber.rb
CHANGED
@@ -1,9 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require "singleton"
|
4
|
-
|
5
3
|
require_relative "rabarber/version"
|
6
|
-
require_relative "rabarber/logger"
|
7
4
|
require_relative "rabarber/configuration"
|
8
5
|
|
9
6
|
require "active_record"
|
@@ -18,11 +15,14 @@ require_relative "rabarber/input/types/boolean"
|
|
18
15
|
require_relative "rabarber/input/types/proc"
|
19
16
|
require_relative "rabarber/input/types/symbol"
|
20
17
|
|
21
|
-
require_relative "rabarber/
|
22
|
-
|
23
|
-
require_relative "rabarber/
|
18
|
+
require_relative "rabarber/core/cache"
|
19
|
+
|
20
|
+
require_relative "rabarber/audit/events/base"
|
21
|
+
require_relative "rabarber/audit/events/roles_assigned"
|
22
|
+
require_relative "rabarber/audit/events/roles_revoked"
|
23
|
+
require_relative "rabarber/audit/events/unauthorized_attempt"
|
24
24
|
|
25
|
-
require_relative "rabarber/
|
25
|
+
require_relative "rabarber/core/roleable"
|
26
26
|
|
27
27
|
require_relative "rabarber/controllers/concerns/authorization"
|
28
28
|
require_relative "rabarber/helpers/helpers"
|
@@ -30,12 +30,11 @@ require_relative "rabarber/models/concerns/has_roles"
|
|
30
30
|
require_relative "rabarber/models/role"
|
31
31
|
|
32
32
|
require_relative "rabarber/core/permissions"
|
33
|
+
require_relative "rabarber/core/permissions_integrity_checker"
|
33
34
|
|
34
35
|
require_relative "rabarber/railtie"
|
35
36
|
|
36
37
|
module Rabarber
|
37
|
-
module_function
|
38
|
-
|
39
38
|
class Error < StandardError; end
|
40
39
|
class ConfigurationError < Rabarber::Error; end
|
41
40
|
class InvalidArgumentError < Rabarber::Error; end
|
@@ -43,4 +42,5 @@ module Rabarber
|
|
43
42
|
def configure
|
44
43
|
yield(Rabarber::Configuration.instance)
|
45
44
|
end
|
45
|
+
module_function :configure
|
46
46
|
end
|
data/rabarber.gemspec
CHANGED
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
11
11
|
spec.summary = "Simple role-based authorization library for Ruby on Rails."
|
12
12
|
spec.homepage = "https://github.com/enjaku4/rabarber"
|
13
13
|
spec.license = "MIT"
|
14
|
-
spec.required_ruby_version = ">= 3.0"
|
14
|
+
spec.required_ruby_version = ">= 3.0", "< 3.4"
|
15
15
|
|
16
16
|
spec.files = [
|
17
17
|
"rabarber.gemspec", "README.md", "CHANGELOG.md", "LICENSE.txt"
|
@@ -19,5 +19,5 @@ Gem::Specification.new do |spec|
|
|
19
19
|
|
20
20
|
spec.require_paths = ["lib"]
|
21
21
|
|
22
|
-
spec.add_runtime_dependency "rails", ">= 6.1"
|
22
|
+
spec.add_runtime_dependency "rails", ">= 6.1", "< 7.2"
|
23
23
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rabarber
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- enjaku4
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2024-04-
|
12
|
+
date: 2024-04-25 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -18,6 +18,9 @@ dependencies:
|
|
18
18
|
- - ">="
|
19
19
|
- !ruby/object:Gem::Version
|
20
20
|
version: '6.1'
|
21
|
+
- - "<"
|
22
|
+
- !ruby/object:Gem::Version
|
23
|
+
version: '7.2'
|
21
24
|
type: :runtime
|
22
25
|
prerelease: false
|
23
26
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -25,6 +28,9 @@ dependencies:
|
|
25
28
|
- - ">="
|
26
29
|
- !ruby/object:Gem::Version
|
27
30
|
version: '6.1'
|
31
|
+
- - "<"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '7.2'
|
28
34
|
description:
|
29
35
|
email:
|
30
36
|
- rabarber_gem@icloud.com
|
@@ -38,11 +44,18 @@ files:
|
|
38
44
|
- lib/generators/rabarber/roles_generator.rb
|
39
45
|
- lib/generators/rabarber/templates/create_rabarber_roles.rb.erb
|
40
46
|
- lib/rabarber.rb
|
41
|
-
- lib/rabarber/
|
47
|
+
- lib/rabarber/audit/events/base.rb
|
48
|
+
- lib/rabarber/audit/events/roles_assigned.rb
|
49
|
+
- lib/rabarber/audit/events/roles_revoked.rb
|
50
|
+
- lib/rabarber/audit/events/unauthorized_attempt.rb
|
51
|
+
- lib/rabarber/audit/logger.rb
|
42
52
|
- lib/rabarber/configuration.rb
|
43
53
|
- lib/rabarber/controllers/concerns/authorization.rb
|
44
54
|
- lib/rabarber/core/access.rb
|
55
|
+
- lib/rabarber/core/cache.rb
|
45
56
|
- lib/rabarber/core/permissions.rb
|
57
|
+
- lib/rabarber/core/permissions_integrity_checker.rb
|
58
|
+
- lib/rabarber/core/roleable.rb
|
46
59
|
- lib/rabarber/core/rule.rb
|
47
60
|
- lib/rabarber/helpers/helpers.rb
|
48
61
|
- lib/rabarber/input/action.rb
|
@@ -53,10 +66,6 @@ files:
|
|
53
66
|
- lib/rabarber/input/types/boolean.rb
|
54
67
|
- lib/rabarber/input/types/proc.rb
|
55
68
|
- lib/rabarber/input/types/symbol.rb
|
56
|
-
- lib/rabarber/logger.rb
|
57
|
-
- lib/rabarber/missing/actions.rb
|
58
|
-
- lib/rabarber/missing/base.rb
|
59
|
-
- lib/rabarber/missing/roles.rb
|
60
69
|
- lib/rabarber/models/concerns/has_roles.rb
|
61
70
|
- lib/rabarber/models/role.rb
|
62
71
|
- lib/rabarber/railtie.rb
|
@@ -76,6 +85,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
76
85
|
- - ">="
|
77
86
|
- !ruby/object:Gem::Version
|
78
87
|
version: '3.0'
|
88
|
+
- - "<"
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '3.4'
|
79
91
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
80
92
|
requirements:
|
81
93
|
- - ">="
|
data/lib/rabarber/cache.rb
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Cache
|
5
|
-
module_function
|
6
|
-
|
7
|
-
ALL_ROLES_KEY = "rabarber:roles"
|
8
|
-
|
9
|
-
def fetch(key, options, &block)
|
10
|
-
enabled? ? Rails.cache.fetch(key, options, &block) : yield
|
11
|
-
end
|
12
|
-
|
13
|
-
def delete(*keys)
|
14
|
-
Rails.cache.delete_multi(keys) if enabled?
|
15
|
-
end
|
16
|
-
|
17
|
-
def enabled?
|
18
|
-
Rabarber::Configuration.instance.cache_enabled
|
19
|
-
end
|
20
|
-
|
21
|
-
def key_for(id)
|
22
|
-
"rabarber:roles_#{id}"
|
23
|
-
end
|
24
|
-
|
25
|
-
def clear
|
26
|
-
Rails.cache.delete_matched(/^rabarber/)
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
data/lib/rabarber/logger.rb
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
class Logger
|
5
|
-
include Singleton
|
6
|
-
|
7
|
-
attr_reader :rails_logger, :audit_logger
|
8
|
-
|
9
|
-
def initialize
|
10
|
-
@rails_logger = Rails.logger
|
11
|
-
@audit_logger = ::Logger.new(Rails.root.join("log/rabarber_audit.log"))
|
12
|
-
end
|
13
|
-
|
14
|
-
class << self
|
15
|
-
def log(log_level, message)
|
16
|
-
instance.rails_logger.tagged("Rabarber") { instance.rails_logger.public_send(log_level, message) }
|
17
|
-
end
|
18
|
-
|
19
|
-
def audit(log_level, message)
|
20
|
-
return unless Rabarber::Configuration.instance.audit_trail_enabled
|
21
|
-
|
22
|
-
instance.audit_logger.public_send(log_level, message)
|
23
|
-
end
|
24
|
-
|
25
|
-
def roleable_identity(roleable, with_roles:)
|
26
|
-
if roleable
|
27
|
-
model_name = roleable.model_name.human
|
28
|
-
primary_key = roleable.class.primary_key
|
29
|
-
roleable_id = roleable.public_send(primary_key)
|
30
|
-
|
31
|
-
roles = with_roles ? ", roles: #{roleable.roles}" : ""
|
32
|
-
|
33
|
-
"#{model_name} with #{primary_key}: '#{roleable_id}'#{roles}"
|
34
|
-
else
|
35
|
-
"Unauthenticated user"
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
@@ -1,24 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Missing
|
5
|
-
class Actions < Rabarber::Missing::Base
|
6
|
-
private
|
7
|
-
|
8
|
-
def check_controller_rules
|
9
|
-
nil
|
10
|
-
end
|
11
|
-
|
12
|
-
def check_action_rules
|
13
|
-
action_rules.each do |controller, controller_action_rules|
|
14
|
-
missing_actions = controller_action_rules.map(&:action) - controller.action_methods.map(&:to_sym)
|
15
|
-
missing_list << Rabarber::Missing::Item.new(missing_actions, controller, nil) if missing_actions.present?
|
16
|
-
end
|
17
|
-
end
|
18
|
-
|
19
|
-
def configuration_name
|
20
|
-
:when_actions_missing
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
end
|