rabarber 1.4.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/README.md +122 -66
- data/lib/generators/rabarber/roles_generator.rb +2 -0
- data/lib/generators/rabarber/templates/create_rabarber_roles.rb.erb +3 -3
- data/lib/rabarber/audit/events/base.rb +64 -0
- data/lib/rabarber/audit/events/roles_assigned.rb +35 -0
- data/lib/rabarber/audit/events/roles_revoked.rb +35 -0
- data/lib/rabarber/audit/events/unauthorized_attempt.rb +31 -0
- data/lib/rabarber/audit/logger.rb +23 -0
- data/lib/rabarber/configuration.rb +3 -47
- data/lib/rabarber/controllers/concerns/authorization.rb +9 -11
- data/lib/rabarber/core/access.rb +3 -1
- data/lib/rabarber/core/cache.rb +42 -0
- data/lib/rabarber/core/permissions.rb +2 -0
- data/lib/rabarber/core/permissions_integrity_checker.rb +39 -0
- data/lib/rabarber/core/roleable.rb +15 -0
- data/lib/rabarber/core/rule.rb +5 -9
- data/lib/rabarber/helpers/helpers.rb +4 -2
- data/lib/rabarber/models/concerns/has_roles.rb +6 -14
- data/lib/rabarber/models/role.rb +5 -12
- data/lib/rabarber/railtie.rb +1 -7
- data/lib/rabarber/version.rb +1 -1
- data/lib/rabarber.rb +9 -9
- data/rabarber.gemspec +2 -2
- metadata +19 -7
- data/lib/rabarber/cache.rb +0 -29
- data/lib/rabarber/logger.rb +0 -40
- data/lib/rabarber/missing/actions.rb +0 -24
- data/lib/rabarber/missing/base.rb +0 -61
- data/lib/rabarber/missing/roles.rb +0 -35
|
@@ -1,20 +1,18 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
+
require "singleton"
|
|
4
|
+
|
|
3
5
|
module Rabarber
|
|
4
6
|
class Configuration
|
|
5
7
|
include Singleton
|
|
6
8
|
|
|
7
|
-
attr_reader :audit_trail_enabled, :cache_enabled, :current_user_method, :must_have_roles
|
|
8
|
-
:when_actions_missing, :when_roles_missing, :when_unauthorized
|
|
9
|
+
attr_reader :audit_trail_enabled, :cache_enabled, :current_user_method, :must_have_roles
|
|
9
10
|
|
|
10
11
|
def initialize
|
|
11
12
|
@audit_trail_enabled = default_audit_trail_enabled
|
|
12
13
|
@cache_enabled = default_cache_enabled
|
|
13
14
|
@current_user_method = default_current_user_method
|
|
14
15
|
@must_have_roles = default_must_have_roles
|
|
15
|
-
@when_actions_missing = default_when_actions_missing
|
|
16
|
-
@when_roles_missing = default_when_roles_missing
|
|
17
|
-
@when_unauthorized = default_when_unauthorized
|
|
18
16
|
end
|
|
19
17
|
|
|
20
18
|
def audit_trail_enabled=(value)
|
|
@@ -41,24 +39,6 @@ module Rabarber
|
|
|
41
39
|
).process
|
|
42
40
|
end
|
|
43
41
|
|
|
44
|
-
def when_actions_missing=(callable)
|
|
45
|
-
@when_actions_missing = Rabarber::Input::Types::Proc.new(
|
|
46
|
-
callable, Rabarber::ConfigurationError, "Configuration 'when_actions_missing' must be a Proc"
|
|
47
|
-
).process
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def when_roles_missing=(callable)
|
|
51
|
-
@when_roles_missing = Rabarber::Input::Types::Proc.new(
|
|
52
|
-
callable, Rabarber::ConfigurationError, "Configuration 'when_roles_missing' must be a Proc"
|
|
53
|
-
).process
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
def when_unauthorized=(callable)
|
|
57
|
-
@when_unauthorized = Rabarber::Input::Types::Proc.new(
|
|
58
|
-
callable, Rabarber::ConfigurationError, "Configuration 'when_unauthorized' must be a Proc"
|
|
59
|
-
).process
|
|
60
|
-
end
|
|
61
|
-
|
|
62
42
|
private
|
|
63
43
|
|
|
64
44
|
def default_audit_trail_enabled
|
|
@@ -76,29 +56,5 @@ module Rabarber
|
|
|
76
56
|
def default_must_have_roles
|
|
77
57
|
false
|
|
78
58
|
end
|
|
79
|
-
|
|
80
|
-
def default_when_actions_missing
|
|
81
|
-
-> (missing_actions, context) {
|
|
82
|
-
raise(Rabarber::Error, "'grant_access' method called with non-existent actions: #{missing_actions}, context: '#{context[:controller]}'")
|
|
83
|
-
}
|
|
84
|
-
end
|
|
85
|
-
|
|
86
|
-
def default_when_roles_missing
|
|
87
|
-
-> (missing_roles, context) {
|
|
88
|
-
delimiter = context[:action] ? "#" : ""
|
|
89
|
-
message = "'grant_access' method called with non-existent roles: #{missing_roles}, context: '#{context[:controller]}#{delimiter}#{context[:action]}'"
|
|
90
|
-
Rabarber::Logger.log(:warn, message)
|
|
91
|
-
}
|
|
92
|
-
end
|
|
93
|
-
|
|
94
|
-
def default_when_unauthorized
|
|
95
|
-
-> (controller) do
|
|
96
|
-
if controller.request.format.html?
|
|
97
|
-
controller.redirect_back fallback_location: controller.main_app.root_path
|
|
98
|
-
else
|
|
99
|
-
controller.head(:unauthorized)
|
|
100
|
-
end
|
|
101
|
-
end
|
|
102
|
-
end
|
|
103
59
|
end
|
|
104
60
|
end
|
|
@@ -4,6 +4,8 @@ module Rabarber
|
|
|
4
4
|
module Authorization
|
|
5
5
|
extend ActiveSupport::Concern
|
|
6
6
|
|
|
7
|
+
include Rabarber::Core::Roleable
|
|
8
|
+
|
|
7
9
|
included do
|
|
8
10
|
before_action :verify_access
|
|
9
11
|
end
|
|
@@ -25,21 +27,17 @@ module Rabarber
|
|
|
25
27
|
private
|
|
26
28
|
|
|
27
29
|
def verify_access
|
|
28
|
-
Rabarber::
|
|
29
|
-
Rabarber::Missing::Roles.new(self.class).handle
|
|
30
|
+
Rabarber::Core::PermissionsIntegrityChecker.new(self.class).run! unless Rails.configuration.eager_load
|
|
30
31
|
|
|
31
|
-
|
|
32
|
+
return if Rabarber::Core::Permissions.access_granted?(roleable_roles, self.class, action_name.to_sym, self)
|
|
32
33
|
|
|
33
|
-
|
|
34
|
-
roleable ? roleable.roles : [], self.class, action_name.to_sym, self
|
|
35
|
-
)
|
|
34
|
+
Rabarber::Audit::Events::UnauthorizedAttempt.trigger(roleable, path: request.path)
|
|
36
35
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
"[Unauthorized Attempt] #{Rabarber::Logger.roleable_identity(roleable, with_roles: true)} attempted to access '#{request.path}'"
|
|
40
|
-
)
|
|
36
|
+
when_unauthorized
|
|
37
|
+
end
|
|
41
38
|
|
|
42
|
-
|
|
39
|
+
def when_unauthorized
|
|
40
|
+
request.format.html? ? redirect_back(fallback_location: root_path) : head(:unauthorized)
|
|
43
41
|
end
|
|
44
42
|
end
|
|
45
43
|
end
|
data/lib/rabarber/core/access.rb
CHANGED
|
@@ -15,7 +15,9 @@ module Rabarber
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def action_accessible?(roles, controller, action, dynamic_rule_receiver)
|
|
18
|
-
action_rules[controller].any?
|
|
18
|
+
action_rules[controller].any? do |rule|
|
|
19
|
+
rule.action == action && rule.verify_access(roles, dynamic_rule_receiver)
|
|
20
|
+
end
|
|
19
21
|
end
|
|
20
22
|
end
|
|
21
23
|
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Rabarber
|
|
4
|
+
module Core
|
|
5
|
+
module Cache
|
|
6
|
+
extend self
|
|
7
|
+
|
|
8
|
+
CACHE_PREFIX = "rabarber"
|
|
9
|
+
private_constant :CACHE_PREFIX
|
|
10
|
+
|
|
11
|
+
def fetch(roleable_id, options = { expires_in: 1.hour, race_condition_ttl: 5.seconds }, &block)
|
|
12
|
+
enabled? ? Rails.cache.fetch(key_for(roleable_id), **options, &block) : yield
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def delete(*roleable_ids)
|
|
16
|
+
keys = roleable_ids.map { |roleable_id| key_for(roleable_id) }
|
|
17
|
+
Rails.cache.delete_multi(keys) if enabled? && keys.any?
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def enabled?
|
|
21
|
+
Rabarber::Configuration.instance.cache_enabled
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def clear
|
|
25
|
+
Rails.cache.delete_matched(/^#{CACHE_PREFIX}/o)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
private
|
|
29
|
+
|
|
30
|
+
def key_for(id)
|
|
31
|
+
"#{CACHE_PREFIX}:roles_#{id}"
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
module Cache
|
|
37
|
+
def clear
|
|
38
|
+
Rabarber::Core::Cache.clear
|
|
39
|
+
end
|
|
40
|
+
module_function :clear
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Rabarber
|
|
4
|
+
module Core
|
|
5
|
+
class PermissionsIntegrityChecker
|
|
6
|
+
attr_reader :controller
|
|
7
|
+
|
|
8
|
+
def initialize(controller = nil)
|
|
9
|
+
@controller = controller
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def run!
|
|
13
|
+
return if missing_list.empty?
|
|
14
|
+
|
|
15
|
+
raise(
|
|
16
|
+
Rabarber::Error,
|
|
17
|
+
"Following actions were passed to 'grant_access' method but are not defined in the controller: #{missing_list}"
|
|
18
|
+
)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
private
|
|
22
|
+
|
|
23
|
+
def missing_list
|
|
24
|
+
@missing_list ||= action_rules.each_with_object([]) do |(controller, rules), arr|
|
|
25
|
+
missing_actions = rules.map(&:action) - controller.action_methods.map(&:to_sym)
|
|
26
|
+
arr << { controller => missing_actions } if missing_actions.any?
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def action_rules
|
|
31
|
+
if controller
|
|
32
|
+
Rabarber::Core::Permissions.action_rules.slice(controller)
|
|
33
|
+
else
|
|
34
|
+
Rabarber::Core::Permissions.action_rules
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
data/lib/rabarber/core/rule.rb
CHANGED
|
@@ -12,18 +12,14 @@ module Rabarber
|
|
|
12
12
|
@negated_dynamic_rule = negated_dynamic_rule
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
-
def verify_access(
|
|
16
|
-
|
|
15
|
+
def verify_access(roleable_roles, dynamic_rule_receiver)
|
|
16
|
+
roles_permitted?(roleable_roles) && dynamic_rule_followed?(dynamic_rule_receiver)
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
-
def
|
|
20
|
-
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
def roles_permitted?(user_roles)
|
|
24
|
-
return false if Rabarber::Configuration.instance.must_have_roles && user_roles.empty?
|
|
19
|
+
def roles_permitted?(roleable_roles)
|
|
20
|
+
return false if Rabarber::Configuration.instance.must_have_roles && roleable_roles.empty?
|
|
25
21
|
|
|
26
|
-
roles.empty? || (
|
|
22
|
+
roles.empty? || roles.intersection(roleable_roles).any?
|
|
27
23
|
end
|
|
28
24
|
|
|
29
25
|
def dynamic_rule_followed?(dynamic_rule_receiver)
|
|
@@ -2,14 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
module Rabarber
|
|
4
4
|
module Helpers
|
|
5
|
+
include Rabarber::Core::Roleable
|
|
6
|
+
|
|
5
7
|
def visible_to(*roles, &block)
|
|
6
|
-
return unless
|
|
8
|
+
return unless roleable_roles.intersection(Rabarber::Input::Roles.new(roles).process).any?
|
|
7
9
|
|
|
8
10
|
capture(&block)
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def hidden_from(*roles, &block)
|
|
12
|
-
return if
|
|
14
|
+
return if roleable_roles.intersection(Rabarber::Input::Roles.new(roles).process).any?
|
|
13
15
|
|
|
14
16
|
capture(&block)
|
|
15
17
|
end
|
|
@@ -15,13 +15,11 @@ module Rabarber
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def roles
|
|
18
|
-
Rabarber::Cache.fetch(
|
|
19
|
-
rabarber_roles.names
|
|
20
|
-
end
|
|
18
|
+
Rabarber::Core::Cache.fetch(roleable_id) { rabarber_roles.names }
|
|
21
19
|
end
|
|
22
20
|
|
|
23
21
|
def has_role?(*role_names)
|
|
24
|
-
(
|
|
22
|
+
roles.intersection(process_role_names(role_names)).any?
|
|
25
23
|
end
|
|
26
24
|
|
|
27
25
|
def assign_roles(*role_names, create_new: true)
|
|
@@ -29,16 +27,13 @@ module Rabarber
|
|
|
29
27
|
|
|
30
28
|
create_new_roles(processed_role_names) if create_new
|
|
31
29
|
|
|
32
|
-
roles_to_assign = Rabarber::Role.where(name: processed_role_names
|
|
30
|
+
roles_to_assign = Rabarber::Role.where(name: processed_role_names - rabarber_roles.names)
|
|
33
31
|
|
|
34
32
|
if roles_to_assign.any?
|
|
35
33
|
delete_roleable_cache
|
|
36
34
|
rabarber_roles << roles_to_assign
|
|
37
35
|
|
|
38
|
-
Rabarber::
|
|
39
|
-
:info,
|
|
40
|
-
"[Role Assignment] #{Rabarber::Logger.roleable_identity(self, with_roles: false)} has been assigned the following roles: #{roles_to_assign.pluck(:name).map(&:to_sym)}, current roles: #{roles}"
|
|
41
|
-
)
|
|
36
|
+
Rabarber::Audit::Events::RolesAssigned.trigger(self, roles_to_assign: roles_to_assign.names, current_roles: roles)
|
|
42
37
|
end
|
|
43
38
|
|
|
44
39
|
roles
|
|
@@ -52,10 +47,7 @@ module Rabarber
|
|
|
52
47
|
delete_roleable_cache
|
|
53
48
|
self.rabarber_roles -= roles_to_revoke
|
|
54
49
|
|
|
55
|
-
Rabarber::
|
|
56
|
-
:info,
|
|
57
|
-
"[Role Revocation] #{Rabarber::Logger.roleable_identity(self, with_roles: false)} has been revoked from the following roles: #{roles_to_revoke.pluck(:name).map(&:to_sym)}, current roles: #{roles}"
|
|
58
|
-
)
|
|
50
|
+
Rabarber::Audit::Events::RolesRevoked.trigger(self, roles_to_revoke: roles_to_revoke.names, current_roles: roles)
|
|
59
51
|
end
|
|
60
52
|
|
|
61
53
|
roles
|
|
@@ -78,7 +70,7 @@ module Rabarber
|
|
|
78
70
|
end
|
|
79
71
|
|
|
80
72
|
def delete_roleable_cache
|
|
81
|
-
Rabarber::Cache.delete(
|
|
73
|
+
Rabarber::Core::Cache.delete(roleable_id)
|
|
82
74
|
end
|
|
83
75
|
|
|
84
76
|
def roleable_id
|
data/lib/rabarber/models/role.rb
CHANGED
|
@@ -18,8 +18,6 @@ module Rabarber
|
|
|
18
18
|
|
|
19
19
|
return false if exists?(name: name)
|
|
20
20
|
|
|
21
|
-
delete_roles_cache
|
|
22
|
-
|
|
23
21
|
!!create!(name: name)
|
|
24
22
|
end
|
|
25
23
|
|
|
@@ -29,7 +27,6 @@ module Rabarber
|
|
|
29
27
|
|
|
30
28
|
return false if !role || exists?(name: name) || assigned_to_roleables(role).any? && !force
|
|
31
29
|
|
|
32
|
-
delete_roles_cache
|
|
33
30
|
delete_roleables_cache(role)
|
|
34
31
|
|
|
35
32
|
role.update!(name: name)
|
|
@@ -40,13 +37,12 @@ module Rabarber
|
|
|
40
37
|
|
|
41
38
|
return false if !role || assigned_to_roleables(role).any? && !force
|
|
42
39
|
|
|
43
|
-
delete_roles_cache
|
|
44
40
|
delete_roleables_cache(role)
|
|
45
41
|
|
|
46
42
|
!!role.destroy!
|
|
47
43
|
end
|
|
48
44
|
|
|
49
|
-
def
|
|
45
|
+
def assignees(name)
|
|
50
46
|
Rabarber::HasRoles.roleable_class.joins(:rabarber_roles).where(
|
|
51
47
|
rabarber_roles: { name: Rabarber::Input::Role.new(name).process }
|
|
52
48
|
)
|
|
@@ -54,18 +50,15 @@ module Rabarber
|
|
|
54
50
|
|
|
55
51
|
private
|
|
56
52
|
|
|
57
|
-
def delete_roles_cache
|
|
58
|
-
Rabarber::Cache.delete(Rabarber::Cache::ALL_ROLES_KEY)
|
|
59
|
-
end
|
|
60
|
-
|
|
61
53
|
def delete_roleables_cache(role)
|
|
62
|
-
|
|
63
|
-
Rabarber::Cache.delete(*keys) if keys.any?
|
|
54
|
+
Rabarber::Core::Cache.delete(*assigned_to_roleables(role))
|
|
64
55
|
end
|
|
65
56
|
|
|
66
57
|
def assigned_to_roleables(role)
|
|
67
58
|
ActiveRecord::Base.connection.select_values(
|
|
68
|
-
|
|
59
|
+
ActiveRecord::Base.sanitize_sql(
|
|
60
|
+
["SELECT roleable_id FROM rabarber_roles_roleables WHERE role_id = ?", role.id]
|
|
61
|
+
)
|
|
69
62
|
)
|
|
70
63
|
end
|
|
71
64
|
|
data/lib/rabarber/railtie.rb
CHANGED
|
@@ -6,13 +6,7 @@ module Rabarber
|
|
|
6
6
|
class Railtie < Rails::Railtie
|
|
7
7
|
initializer "rabarber.after_initialize" do |app|
|
|
8
8
|
app.config.after_initialize do
|
|
9
|
-
Rabarber::
|
|
10
|
-
Rabarber::Missing::Roles.new.handle if Rabarber::Role.table_exists?
|
|
11
|
-
|
|
12
|
-
Rabarber::Logger.log(
|
|
13
|
-
:warn,
|
|
14
|
-
"DEPRECATION WARNING: Configurations 'when_actions_missing' and 'when_roles_missing' are deprecated and will be removed in v2.0.0"
|
|
15
|
-
)
|
|
9
|
+
Rabarber::Core::PermissionsIntegrityChecker.new.run! if Rails.configuration.eager_load
|
|
16
10
|
end
|
|
17
11
|
end
|
|
18
12
|
end
|
data/lib/rabarber/version.rb
CHANGED
data/lib/rabarber.rb
CHANGED
|
@@ -1,9 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "singleton"
|
|
4
|
-
|
|
5
3
|
require_relative "rabarber/version"
|
|
6
|
-
require_relative "rabarber/logger"
|
|
7
4
|
require_relative "rabarber/configuration"
|
|
8
5
|
|
|
9
6
|
require "active_record"
|
|
@@ -18,11 +15,14 @@ require_relative "rabarber/input/types/boolean"
|
|
|
18
15
|
require_relative "rabarber/input/types/proc"
|
|
19
16
|
require_relative "rabarber/input/types/symbol"
|
|
20
17
|
|
|
21
|
-
require_relative "rabarber/
|
|
22
|
-
|
|
23
|
-
require_relative "rabarber/
|
|
18
|
+
require_relative "rabarber/core/cache"
|
|
19
|
+
|
|
20
|
+
require_relative "rabarber/audit/events/base"
|
|
21
|
+
require_relative "rabarber/audit/events/roles_assigned"
|
|
22
|
+
require_relative "rabarber/audit/events/roles_revoked"
|
|
23
|
+
require_relative "rabarber/audit/events/unauthorized_attempt"
|
|
24
24
|
|
|
25
|
-
require_relative "rabarber/
|
|
25
|
+
require_relative "rabarber/core/roleable"
|
|
26
26
|
|
|
27
27
|
require_relative "rabarber/controllers/concerns/authorization"
|
|
28
28
|
require_relative "rabarber/helpers/helpers"
|
|
@@ -30,12 +30,11 @@ require_relative "rabarber/models/concerns/has_roles"
|
|
|
30
30
|
require_relative "rabarber/models/role"
|
|
31
31
|
|
|
32
32
|
require_relative "rabarber/core/permissions"
|
|
33
|
+
require_relative "rabarber/core/permissions_integrity_checker"
|
|
33
34
|
|
|
34
35
|
require_relative "rabarber/railtie"
|
|
35
36
|
|
|
36
37
|
module Rabarber
|
|
37
|
-
module_function
|
|
38
|
-
|
|
39
38
|
class Error < StandardError; end
|
|
40
39
|
class ConfigurationError < Rabarber::Error; end
|
|
41
40
|
class InvalidArgumentError < Rabarber::Error; end
|
|
@@ -43,4 +42,5 @@ module Rabarber
|
|
|
43
42
|
def configure
|
|
44
43
|
yield(Rabarber::Configuration.instance)
|
|
45
44
|
end
|
|
45
|
+
module_function :configure
|
|
46
46
|
end
|
data/rabarber.gemspec
CHANGED
|
@@ -11,7 +11,7 @@ Gem::Specification.new do |spec|
|
|
|
11
11
|
spec.summary = "Simple role-based authorization library for Ruby on Rails."
|
|
12
12
|
spec.homepage = "https://github.com/enjaku4/rabarber"
|
|
13
13
|
spec.license = "MIT"
|
|
14
|
-
spec.required_ruby_version = ">= 3.0"
|
|
14
|
+
spec.required_ruby_version = ">= 3.0", "< 3.4"
|
|
15
15
|
|
|
16
16
|
spec.files = [
|
|
17
17
|
"rabarber.gemspec", "README.md", "CHANGELOG.md", "LICENSE.txt"
|
|
@@ -19,5 +19,5 @@ Gem::Specification.new do |spec|
|
|
|
19
19
|
|
|
20
20
|
spec.require_paths = ["lib"]
|
|
21
21
|
|
|
22
|
-
spec.add_runtime_dependency "rails", ">= 6.1"
|
|
22
|
+
spec.add_runtime_dependency "rails", ">= 6.1", "< 7.2"
|
|
23
23
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rabarber
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- enjaku4
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2024-04-
|
|
12
|
+
date: 2024-04-25 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rails
|
|
@@ -18,6 +18,9 @@ dependencies:
|
|
|
18
18
|
- - ">="
|
|
19
19
|
- !ruby/object:Gem::Version
|
|
20
20
|
version: '6.1'
|
|
21
|
+
- - "<"
|
|
22
|
+
- !ruby/object:Gem::Version
|
|
23
|
+
version: '7.2'
|
|
21
24
|
type: :runtime
|
|
22
25
|
prerelease: false
|
|
23
26
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -25,6 +28,9 @@ dependencies:
|
|
|
25
28
|
- - ">="
|
|
26
29
|
- !ruby/object:Gem::Version
|
|
27
30
|
version: '6.1'
|
|
31
|
+
- - "<"
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '7.2'
|
|
28
34
|
description:
|
|
29
35
|
email:
|
|
30
36
|
- rabarber_gem@icloud.com
|
|
@@ -38,11 +44,18 @@ files:
|
|
|
38
44
|
- lib/generators/rabarber/roles_generator.rb
|
|
39
45
|
- lib/generators/rabarber/templates/create_rabarber_roles.rb.erb
|
|
40
46
|
- lib/rabarber.rb
|
|
41
|
-
- lib/rabarber/
|
|
47
|
+
- lib/rabarber/audit/events/base.rb
|
|
48
|
+
- lib/rabarber/audit/events/roles_assigned.rb
|
|
49
|
+
- lib/rabarber/audit/events/roles_revoked.rb
|
|
50
|
+
- lib/rabarber/audit/events/unauthorized_attempt.rb
|
|
51
|
+
- lib/rabarber/audit/logger.rb
|
|
42
52
|
- lib/rabarber/configuration.rb
|
|
43
53
|
- lib/rabarber/controllers/concerns/authorization.rb
|
|
44
54
|
- lib/rabarber/core/access.rb
|
|
55
|
+
- lib/rabarber/core/cache.rb
|
|
45
56
|
- lib/rabarber/core/permissions.rb
|
|
57
|
+
- lib/rabarber/core/permissions_integrity_checker.rb
|
|
58
|
+
- lib/rabarber/core/roleable.rb
|
|
46
59
|
- lib/rabarber/core/rule.rb
|
|
47
60
|
- lib/rabarber/helpers/helpers.rb
|
|
48
61
|
- lib/rabarber/input/action.rb
|
|
@@ -53,10 +66,6 @@ files:
|
|
|
53
66
|
- lib/rabarber/input/types/boolean.rb
|
|
54
67
|
- lib/rabarber/input/types/proc.rb
|
|
55
68
|
- lib/rabarber/input/types/symbol.rb
|
|
56
|
-
- lib/rabarber/logger.rb
|
|
57
|
-
- lib/rabarber/missing/actions.rb
|
|
58
|
-
- lib/rabarber/missing/base.rb
|
|
59
|
-
- lib/rabarber/missing/roles.rb
|
|
60
69
|
- lib/rabarber/models/concerns/has_roles.rb
|
|
61
70
|
- lib/rabarber/models/role.rb
|
|
62
71
|
- lib/rabarber/railtie.rb
|
|
@@ -76,6 +85,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
76
85
|
- - ">="
|
|
77
86
|
- !ruby/object:Gem::Version
|
|
78
87
|
version: '3.0'
|
|
88
|
+
- - "<"
|
|
89
|
+
- !ruby/object:Gem::Version
|
|
90
|
+
version: '3.4'
|
|
79
91
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
80
92
|
requirements:
|
|
81
93
|
- - ">="
|
data/lib/rabarber/cache.rb
DELETED
|
@@ -1,29 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Rabarber
|
|
4
|
-
module Cache
|
|
5
|
-
module_function
|
|
6
|
-
|
|
7
|
-
ALL_ROLES_KEY = "rabarber:roles"
|
|
8
|
-
|
|
9
|
-
def fetch(key, options, &block)
|
|
10
|
-
enabled? ? Rails.cache.fetch(key, options, &block) : yield
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def delete(*keys)
|
|
14
|
-
Rails.cache.delete_multi(keys) if enabled?
|
|
15
|
-
end
|
|
16
|
-
|
|
17
|
-
def enabled?
|
|
18
|
-
Rabarber::Configuration.instance.cache_enabled
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def key_for(id)
|
|
22
|
-
"rabarber:roles_#{id}"
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def clear
|
|
26
|
-
Rails.cache.delete_matched(/^rabarber/)
|
|
27
|
-
end
|
|
28
|
-
end
|
|
29
|
-
end
|
data/lib/rabarber/logger.rb
DELETED
|
@@ -1,40 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Rabarber
|
|
4
|
-
class Logger
|
|
5
|
-
include Singleton
|
|
6
|
-
|
|
7
|
-
attr_reader :rails_logger, :audit_logger
|
|
8
|
-
|
|
9
|
-
def initialize
|
|
10
|
-
@rails_logger = Rails.logger
|
|
11
|
-
@audit_logger = ::Logger.new(Rails.root.join("log/rabarber_audit.log"))
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
class << self
|
|
15
|
-
def log(log_level, message)
|
|
16
|
-
instance.rails_logger.tagged("Rabarber") { instance.rails_logger.public_send(log_level, message) }
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def audit(log_level, message)
|
|
20
|
-
return unless Rabarber::Configuration.instance.audit_trail_enabled
|
|
21
|
-
|
|
22
|
-
instance.audit_logger.public_send(log_level, message)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def roleable_identity(roleable, with_roles:)
|
|
26
|
-
if roleable
|
|
27
|
-
model_name = roleable.model_name.human
|
|
28
|
-
primary_key = roleable.class.primary_key
|
|
29
|
-
roleable_id = roleable.public_send(primary_key)
|
|
30
|
-
|
|
31
|
-
roles = with_roles ? ", roles: #{roleable.roles}" : ""
|
|
32
|
-
|
|
33
|
-
"#{model_name} with #{primary_key}: '#{roleable_id}'#{roles}"
|
|
34
|
-
else
|
|
35
|
-
"Unauthenticated user"
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
end
|
|
39
|
-
end
|
|
40
|
-
end
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Rabarber
|
|
4
|
-
module Missing
|
|
5
|
-
class Actions < Rabarber::Missing::Base
|
|
6
|
-
private
|
|
7
|
-
|
|
8
|
-
def check_controller_rules
|
|
9
|
-
nil
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
def check_action_rules
|
|
13
|
-
action_rules.each do |controller, controller_action_rules|
|
|
14
|
-
missing_actions = controller_action_rules.map(&:action) - controller.action_methods.map(&:to_sym)
|
|
15
|
-
missing_list << Rabarber::Missing::Item.new(missing_actions, controller, nil) if missing_actions.present?
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def configuration_name
|
|
20
|
-
:when_actions_missing
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
end
|
|
24
|
-
end
|