rabarber 1.4.1 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/README.md +122 -66
- data/lib/generators/rabarber/roles_generator.rb +2 -0
- data/lib/generators/rabarber/templates/create_rabarber_roles.rb.erb +3 -3
- data/lib/rabarber/audit/events/base.rb +64 -0
- data/lib/rabarber/audit/events/roles_assigned.rb +35 -0
- data/lib/rabarber/audit/events/roles_revoked.rb +35 -0
- data/lib/rabarber/audit/events/unauthorized_attempt.rb +31 -0
- data/lib/rabarber/audit/logger.rb +23 -0
- data/lib/rabarber/configuration.rb +3 -47
- data/lib/rabarber/controllers/concerns/authorization.rb +9 -11
- data/lib/rabarber/core/access.rb +3 -1
- data/lib/rabarber/core/cache.rb +42 -0
- data/lib/rabarber/core/permissions.rb +2 -0
- data/lib/rabarber/core/permissions_integrity_checker.rb +39 -0
- data/lib/rabarber/core/roleable.rb +15 -0
- data/lib/rabarber/core/rule.rb +5 -9
- data/lib/rabarber/helpers/helpers.rb +4 -2
- data/lib/rabarber/models/concerns/has_roles.rb +6 -14
- data/lib/rabarber/models/role.rb +5 -12
- data/lib/rabarber/railtie.rb +1 -7
- data/lib/rabarber/version.rb +1 -1
- data/lib/rabarber.rb +9 -9
- data/rabarber.gemspec +2 -2
- metadata +19 -7
- data/lib/rabarber/cache.rb +0 -29
- data/lib/rabarber/logger.rb +0 -40
- data/lib/rabarber/missing/actions.rb +0 -24
- data/lib/rabarber/missing/base.rb +0 -61
- data/lib/rabarber/missing/roles.rb +0 -35
@@ -1,61 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Missing
|
5
|
-
class Base
|
6
|
-
attr_reader :controller
|
7
|
-
|
8
|
-
def initialize(controller = nil)
|
9
|
-
@controller = controller
|
10
|
-
end
|
11
|
-
|
12
|
-
def handle
|
13
|
-
check_controller_rules
|
14
|
-
check_action_rules
|
15
|
-
|
16
|
-
return if missing_list.empty?
|
17
|
-
|
18
|
-
missing_list.each do |item|
|
19
|
-
context = item.action ? { controller: item.controller, action: item.action } : { controller: item.controller }
|
20
|
-
Rabarber::Configuration.instance.public_send(configuration_name).call(item.missing, context)
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
private
|
25
|
-
|
26
|
-
def check_controller_rules
|
27
|
-
raise NotImplementedError
|
28
|
-
end
|
29
|
-
|
30
|
-
def check_action_rules
|
31
|
-
raise NotImplementedError
|
32
|
-
end
|
33
|
-
|
34
|
-
def configuration_name
|
35
|
-
raise NotImplementedError
|
36
|
-
end
|
37
|
-
|
38
|
-
def missing_list
|
39
|
-
@missing_list ||= []
|
40
|
-
end
|
41
|
-
|
42
|
-
def controller_rules
|
43
|
-
if controller
|
44
|
-
Rabarber::Core::Permissions.controller_rules.slice(controller)
|
45
|
-
else
|
46
|
-
Rabarber::Core::Permissions.controller_rules
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def action_rules
|
51
|
-
if controller
|
52
|
-
Rabarber::Core::Permissions.action_rules.slice(controller)
|
53
|
-
else
|
54
|
-
Rabarber::Core::Permissions.action_rules
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
Item = Struct.new(:missing, :controller, :action)
|
60
|
-
end
|
61
|
-
end
|
@@ -1,35 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Rabarber
|
4
|
-
module Missing
|
5
|
-
class Roles < Rabarber::Missing::Base
|
6
|
-
private
|
7
|
-
|
8
|
-
def check_controller_rules
|
9
|
-
controller_rules.each do |controller, controller_rule|
|
10
|
-
missing_roles = controller_rule.roles - all_roles
|
11
|
-
missing_list << Rabarber::Missing::Item.new(missing_roles, controller, nil) unless missing_roles.empty?
|
12
|
-
end
|
13
|
-
end
|
14
|
-
|
15
|
-
def check_action_rules
|
16
|
-
action_rules.each do |controller, controller_action_rules|
|
17
|
-
controller_action_rules.each do |action_rule|
|
18
|
-
missing_roles = action_rule.roles - all_roles
|
19
|
-
missing_list << Rabarber::Missing::Item.new(missing_roles, controller, action_rule.action) if missing_roles.any?
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
def configuration_name
|
25
|
-
:when_roles_missing
|
26
|
-
end
|
27
|
-
|
28
|
-
def all_roles
|
29
|
-
@all_roles ||= Rabarber::Cache.fetch(
|
30
|
-
Rabarber::Cache::ALL_ROLES_KEY, expires_in: 1.day, race_condition_ttl: 10.seconds
|
31
|
-
) { Rabarber::Role.names }
|
32
|
-
end
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|