rabarber 4.1.4 → 5.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +43 -3
- data/README.md +200 -385
- data/lib/rabarber/configuration.rb +14 -11
- data/lib/rabarber/controllers/concerns/authorization.rb +11 -11
- data/lib/rabarber/core/integrity_checker.rb +44 -0
- data/lib/rabarber/core/permissions.rb +5 -0
- data/lib/rabarber/core/roleable.rb +10 -3
- data/lib/rabarber/core/rule.rb +6 -4
- data/lib/rabarber/helpers/helpers.rb +4 -4
- data/lib/rabarber/helpers/migration_helpers.rb +29 -0
- data/lib/rabarber/input/ar_model.rb +23 -0
- data/lib/rabarber/models/concerns/has_roles.rb +11 -24
- data/lib/rabarber/models/role.rb +20 -33
- data/lib/rabarber/railtie.rb +26 -1
- data/lib/rabarber/version.rb +1 -1
- data/lib/rabarber.rb +4 -6
- data/rabarber.gemspec +3 -4
- metadata +13 -23
- data/lib/rabarber/audit/events/base.rb +0 -49
- data/lib/rabarber/audit/events/roles_assigned.rb +0 -31
- data/lib/rabarber/audit/events/roles_revoked.rb +0 -31
- data/lib/rabarber/audit/events/unauthorized_attempt.rb +0 -27
- data/lib/rabarber/audit/logger.rb +0 -23
- data/lib/rabarber/core/null_roleable.rb +0 -23
- data/lib/rabarber/core/permissions_integrity_checker.rb +0 -36
|
@@ -6,27 +6,30 @@ module Rabarber
|
|
|
6
6
|
class Configuration
|
|
7
7
|
include Singleton
|
|
8
8
|
|
|
9
|
-
attr_reader :
|
|
9
|
+
attr_reader :cache_enabled, :current_user_method
|
|
10
|
+
attr_accessor :user_model_name
|
|
10
11
|
|
|
11
12
|
def initialize
|
|
12
|
-
@audit_trail_enabled = true
|
|
13
13
|
@cache_enabled = true
|
|
14
14
|
@current_user_method = :current_user
|
|
15
|
-
@
|
|
15
|
+
@user_model_name = "User"
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
).process)
|
|
23
|
-
ActiveSupport::Deprecation.new("5.0.0", "rabarber").warn("Rabarber’s ‘must_have_roles’ configuration option is deprecated and will be removed in the next major version!") if method_name == :must_have_roles
|
|
24
|
-
end
|
|
18
|
+
def cache_enabled=(value)
|
|
19
|
+
@cache_enabled = Rabarber::Input::Types::Boolean.new(
|
|
20
|
+
value, Rabarber::ConfigurationError, "Configuration `cache_enabled` must be a Boolean"
|
|
21
|
+
).process
|
|
25
22
|
end
|
|
26
23
|
|
|
27
24
|
def current_user_method=(method_name)
|
|
28
25
|
@current_user_method = Rabarber::Input::Types::Symbol.new(
|
|
29
|
-
method_name, Rabarber::ConfigurationError, "Configuration
|
|
26
|
+
method_name, Rabarber::ConfigurationError, "Configuration `current_user_method` must be a Symbol or a String"
|
|
27
|
+
).process
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def user_model
|
|
31
|
+
Rabarber::Input::ArModel.new(
|
|
32
|
+
@user_model_name, Rabarber::ConfigurationError, "Configuration `user_model_name` must be an ActiveRecord model name"
|
|
30
33
|
).process
|
|
31
34
|
end
|
|
32
35
|
end
|
|
@@ -5,11 +5,17 @@ module Rabarber
|
|
|
5
5
|
extend ActiveSupport::Concern
|
|
6
6
|
include Rabarber::Core::Roleable
|
|
7
7
|
|
|
8
|
-
included { before_action :verify_access }
|
|
9
|
-
|
|
10
8
|
class_methods do
|
|
9
|
+
def with_authorization(options = {})
|
|
10
|
+
before_action :with_authorization, **options
|
|
11
|
+
rescue ArgumentError => e
|
|
12
|
+
raise Rabarber::InvalidArgumentError, e.message
|
|
13
|
+
end
|
|
14
|
+
|
|
11
15
|
def skip_authorization(options = {})
|
|
12
|
-
skip_before_action :
|
|
16
|
+
skip_before_action :with_authorization, **options
|
|
17
|
+
rescue ArgumentError => e
|
|
18
|
+
raise Rabarber::InvalidArgumentError, e.message
|
|
13
19
|
end
|
|
14
20
|
|
|
15
21
|
def grant_access(action: nil, roles: nil, context: nil, if: nil, unless: nil)
|
|
@@ -26,20 +32,14 @@ module Rabarber
|
|
|
26
32
|
|
|
27
33
|
private
|
|
28
34
|
|
|
29
|
-
def
|
|
30
|
-
Rabarber::Core::PermissionsIntegrityChecker.new(self.class).run! unless Rails.configuration.eager_load
|
|
31
|
-
|
|
35
|
+
def with_authorization
|
|
32
36
|
return if Rabarber::Core::Permissions.access_granted?(roleable, action_name.to_sym, self)
|
|
33
37
|
|
|
34
|
-
Rabarber::Audit::Events::UnauthorizedAttempt.trigger(
|
|
35
|
-
roleable, path: request.path, request_method: request.request_method
|
|
36
|
-
)
|
|
37
|
-
|
|
38
38
|
when_unauthorized
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
def when_unauthorized
|
|
42
|
-
request.format.html? ? redirect_back(fallback_location: root_path) : head(:
|
|
42
|
+
request.format.html? ? redirect_back(fallback_location: root_path) : head(:forbidden)
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
end
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Rabarber
|
|
4
|
+
module Core
|
|
5
|
+
module IntegrityChecker
|
|
6
|
+
extend self
|
|
7
|
+
|
|
8
|
+
def run!
|
|
9
|
+
check_for_missing_class_context
|
|
10
|
+
prune_missing_instance_context
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
private
|
|
14
|
+
|
|
15
|
+
def check_for_missing_class_context
|
|
16
|
+
Rabarber::Role.where.not(context_type: nil).distinct.pluck(:context_type).each do |context_class|
|
|
17
|
+
context_class.constantize
|
|
18
|
+
rescue NameError => e
|
|
19
|
+
raise Rabarber::Error, "Context not found: class #{e.name} may have been renamed or deleted"
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def prune_missing_instance_context
|
|
24
|
+
ids = Rabarber::Role.where.not(context_id: nil).includes(:context).filter_map do |role|
|
|
25
|
+
role.context
|
|
26
|
+
nil
|
|
27
|
+
rescue ActiveRecord::RecordNotFound
|
|
28
|
+
role.id
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
return if ids.empty?
|
|
32
|
+
|
|
33
|
+
ActiveRecord::Base.transaction do
|
|
34
|
+
ActiveRecord::Base.connection.execute(
|
|
35
|
+
ActiveRecord::Base.sanitize_sql(
|
|
36
|
+
["DELETE FROM rabarber_roles_roleables WHERE role_id IN (?)", ids]
|
|
37
|
+
)
|
|
38
|
+
)
|
|
39
|
+
Rabarber::Role.where(id: ids).delete_all
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
@@ -1,12 +1,19 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require_relative "null_roleable"
|
|
4
|
-
|
|
5
3
|
module Rabarber
|
|
6
4
|
module Core
|
|
7
5
|
module Roleable
|
|
8
6
|
def roleable
|
|
9
|
-
send(Rabarber::Configuration.instance.current_user_method)
|
|
7
|
+
current_roleable = send(Rabarber::Configuration.instance.current_user_method)
|
|
8
|
+
|
|
9
|
+
unless current_roleable.is_a?(Rabarber::Configuration.instance.user_model)
|
|
10
|
+
raise(
|
|
11
|
+
Rabarber::Error,
|
|
12
|
+
"Expected `#{Rabarber::Configuration.instance.current_user_method}` to return an instance of #{Rabarber::Configuration.instance.user_model_name}, but got #{current_roleable.inspect}"
|
|
13
|
+
)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
current_roleable
|
|
10
17
|
end
|
|
11
18
|
|
|
12
19
|
def roleable_roles(context: nil)
|
data/lib/rabarber/core/rule.rb
CHANGED
|
@@ -5,11 +5,15 @@ module Rabarber
|
|
|
5
5
|
class Rule
|
|
6
6
|
attr_reader :roles, :context, :dynamic_rule, :negated_dynamic_rule
|
|
7
7
|
|
|
8
|
+
DEFAULT_DYNAMIC_RULE = -> { true }.freeze
|
|
9
|
+
DEFAULT_NEGATED_DYNAMIC_RULE = -> { false }.freeze
|
|
10
|
+
private_constant :DEFAULT_DYNAMIC_RULE, :DEFAULT_NEGATED_DYNAMIC_RULE
|
|
11
|
+
|
|
8
12
|
def initialize(roles, context, dynamic_rule, negated_dynamic_rule)
|
|
9
13
|
@roles = Array(roles)
|
|
10
14
|
@context = context
|
|
11
|
-
@dynamic_rule = dynamic_rule ||
|
|
12
|
-
@negated_dynamic_rule = negated_dynamic_rule ||
|
|
15
|
+
@dynamic_rule = dynamic_rule || DEFAULT_DYNAMIC_RULE
|
|
16
|
+
@negated_dynamic_rule = negated_dynamic_rule || DEFAULT_NEGATED_DYNAMIC_RULE
|
|
13
17
|
end
|
|
14
18
|
|
|
15
19
|
def verify_access(roleable, controller_instance)
|
|
@@ -17,8 +21,6 @@ module Rabarber
|
|
|
17
21
|
end
|
|
18
22
|
|
|
19
23
|
def roles_permitted?(roleable, controller_instance)
|
|
20
|
-
return false if Rabarber::Configuration.instance.must_have_roles && roleable.all_roles.empty?
|
|
21
|
-
|
|
22
24
|
roles.empty? || roleable.has_role?(*roles, context: resolve_context(controller_instance))
|
|
23
25
|
end
|
|
24
26
|
|
|
@@ -4,12 +4,12 @@ module Rabarber
|
|
|
4
4
|
module Helpers
|
|
5
5
|
include Rabarber::Core::Roleable
|
|
6
6
|
|
|
7
|
-
def visible_to(*roles, context: nil, &
|
|
8
|
-
capture(&
|
|
7
|
+
def visible_to(*roles, context: nil, &)
|
|
8
|
+
capture(&) if roleable.has_role?(*roles, context:)
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
-
def hidden_from(*roles, context: nil, &
|
|
12
|
-
capture(&
|
|
11
|
+
def hidden_from(*roles, context: nil, &)
|
|
12
|
+
capture(&) unless roleable.has_role?(*roles, context:)
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
15
|
end
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Rabarber
|
|
4
|
+
module MigrationHelpers
|
|
5
|
+
def migrate_authorization_context!(old_context, new_context)
|
|
6
|
+
roles = Rabarber::Role.where(context_type: old_context.to_s)
|
|
7
|
+
|
|
8
|
+
raise Rabarber::InvalidArgumentError, "No roles exist in context #{old_context.inspect}" unless roles.exists?
|
|
9
|
+
raise Rabarber::InvalidArgumentError, "Cannot migrate context to #{new_context.inspect}: class does not exist" unless new_context.to_s.safe_constantize
|
|
10
|
+
|
|
11
|
+
roles.update_all(context_type: new_context.to_s)
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def delete_authorization_context!(context)
|
|
15
|
+
roles = Rabarber::Role.where(context_type: context.to_s)
|
|
16
|
+
|
|
17
|
+
raise Rabarber::InvalidArgumentError, "No roles exist in context #{context.inspect}" unless roles.exists?
|
|
18
|
+
|
|
19
|
+
ActiveRecord::Base.transaction do
|
|
20
|
+
ActiveRecord::Base.connection.execute(
|
|
21
|
+
ActiveRecord::Base.sanitize_sql(
|
|
22
|
+
["DELETE FROM rabarber_roles_roleables WHERE role_id IN (?)", roles.pluck(:id)]
|
|
23
|
+
)
|
|
24
|
+
)
|
|
25
|
+
roles.delete_all
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Rabarber
|
|
4
|
+
module Input
|
|
5
|
+
class ArModel < Rabarber::Input::Base
|
|
6
|
+
def valid?
|
|
7
|
+
processed_value < ActiveRecord::Base
|
|
8
|
+
rescue NameError
|
|
9
|
+
false
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
private
|
|
13
|
+
|
|
14
|
+
def processed_value
|
|
15
|
+
value.constantize
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def default_error_message
|
|
19
|
+
"Value must be an ActiveRecord model"
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
@@ -40,15 +40,8 @@ module Rabarber
|
|
|
40
40
|
)
|
|
41
41
|
|
|
42
42
|
if roles_to_assign.any?
|
|
43
|
-
delete_roleable_cache(
|
|
43
|
+
delete_roleable_cache(contexts: [processed_context])
|
|
44
44
|
rabarber_roles << roles_to_assign
|
|
45
|
-
|
|
46
|
-
Rabarber::Audit::Events::RolesAssigned.trigger(
|
|
47
|
-
self,
|
|
48
|
-
roles_to_assign: roles_to_assign.names(context: processed_context),
|
|
49
|
-
current_roles: roles(context: processed_context),
|
|
50
|
-
context: processed_context
|
|
51
|
-
)
|
|
52
45
|
end
|
|
53
46
|
|
|
54
47
|
roles(context: processed_context)
|
|
@@ -63,28 +56,22 @@ module Rabarber
|
|
|
63
56
|
)
|
|
64
57
|
|
|
65
58
|
if roles_to_revoke.any?
|
|
66
|
-
delete_roleable_cache(
|
|
59
|
+
delete_roleable_cache(contexts: [processed_context])
|
|
67
60
|
self.rabarber_roles -= roles_to_revoke
|
|
68
|
-
|
|
69
|
-
Rabarber::Audit::Events::RolesRevoked.trigger(
|
|
70
|
-
self,
|
|
71
|
-
roles_to_revoke: roles_to_revoke.names(context: processed_context),
|
|
72
|
-
current_roles: roles(context: processed_context),
|
|
73
|
-
context: processed_context
|
|
74
|
-
)
|
|
75
61
|
end
|
|
76
62
|
|
|
77
63
|
roles(context: processed_context)
|
|
78
64
|
end
|
|
79
65
|
|
|
80
|
-
def
|
|
81
|
-
|
|
82
|
-
|
|
66
|
+
def revoke_all_roles
|
|
67
|
+
return if rabarber_roles.none?
|
|
68
|
+
|
|
69
|
+
contexts = all_roles.keys.map { process_context(_1) }
|
|
70
|
+
|
|
71
|
+
rabarber_roles.clear
|
|
83
72
|
|
|
84
|
-
|
|
85
|
-
@@included.constantize
|
|
73
|
+
delete_roleable_cache(contexts:)
|
|
86
74
|
end
|
|
87
|
-
module_function :roleable_class
|
|
88
75
|
|
|
89
76
|
private
|
|
90
77
|
|
|
@@ -101,8 +88,8 @@ module Rabarber
|
|
|
101
88
|
Rabarber::Input::Context.new(context).process
|
|
102
89
|
end
|
|
103
90
|
|
|
104
|
-
def delete_roleable_cache(
|
|
105
|
-
Rabarber::Core::Cache.delete([roleable_id,
|
|
91
|
+
def delete_roleable_cache(contexts:)
|
|
92
|
+
Rabarber::Core::Cache.delete(*contexts.map { [roleable_id, _1] }, [roleable_id, :all])
|
|
106
93
|
end
|
|
107
94
|
|
|
108
95
|
def roleable_id
|
data/lib/rabarber/models/role.rb
CHANGED
|
@@ -4,14 +4,11 @@ module Rabarber
|
|
|
4
4
|
class Role < ActiveRecord::Base
|
|
5
5
|
self.table_name = "rabarber_roles"
|
|
6
6
|
|
|
7
|
-
validates :name, presence: true,
|
|
8
|
-
uniqueness: { scope: [:context_type, :context_id] },
|
|
9
|
-
format: { with: Rabarber::Input::Role::REGEX },
|
|
10
|
-
strict: true
|
|
11
|
-
|
|
12
7
|
belongs_to :context, polymorphic: true, optional: true
|
|
13
8
|
|
|
14
|
-
|
|
9
|
+
has_and_belongs_to_many :roleables, class_name: Rabarber::Configuration.instance.user_model_name,
|
|
10
|
+
association_foreign_key: "roleable_id",
|
|
11
|
+
join_table: "rabarber_roles_roleables"
|
|
15
12
|
|
|
16
13
|
class << self
|
|
17
14
|
def names(context: nil)
|
|
@@ -19,11 +16,13 @@ module Rabarber
|
|
|
19
16
|
end
|
|
20
17
|
|
|
21
18
|
def all_names
|
|
22
|
-
includes(:context).
|
|
23
|
-
|
|
24
|
-
|
|
19
|
+
includes(:context).each_with_object({}) do |role, hash|
|
|
20
|
+
(hash[role.context] ||= []) << role.name.to_sym
|
|
21
|
+
rescue ActiveRecord::RecordNotFound
|
|
22
|
+
next
|
|
23
|
+
end
|
|
25
24
|
rescue NameError => e
|
|
26
|
-
raise Rabarber::
|
|
25
|
+
raise Rabarber::NotFoundError, "Context not found: class #{e.name} may have been renamed or deleted"
|
|
27
26
|
end
|
|
28
27
|
|
|
29
28
|
def add(name, context: nil)
|
|
@@ -38,9 +37,12 @@ module Rabarber
|
|
|
38
37
|
def rename(old_name, new_name, context: nil, force: false)
|
|
39
38
|
processed_context = process_context(context)
|
|
40
39
|
role = find_by(name: process_role_name(old_name), **processed_context)
|
|
40
|
+
|
|
41
|
+
raise Rabarber::NotFoundError, "Role not found" unless role
|
|
42
|
+
|
|
41
43
|
name = process_role_name(new_name)
|
|
42
44
|
|
|
43
|
-
return false if
|
|
45
|
+
return false if exists?(name:, **processed_context) || role.roleables.exists? && !force
|
|
44
46
|
|
|
45
47
|
delete_roleables_cache(role, context: processed_context)
|
|
46
48
|
|
|
@@ -51,7 +53,9 @@ module Rabarber
|
|
|
51
53
|
processed_context = process_context(context)
|
|
52
54
|
role = find_by(name: process_role_name(name), **processed_context)
|
|
53
55
|
|
|
54
|
-
|
|
56
|
+
raise Rabarber::NotFoundError, "Role not found" unless role
|
|
57
|
+
|
|
58
|
+
return false if role.roleables.exists? && !force
|
|
55
59
|
|
|
56
60
|
delete_roleables_cache(role, context: processed_context)
|
|
57
61
|
|
|
@@ -59,27 +63,18 @@ module Rabarber
|
|
|
59
63
|
end
|
|
60
64
|
|
|
61
65
|
def assignees(name, context: nil)
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
)
|
|
66
|
+
find_by(name: process_role_name(name), **process_context(context))&.roleables ||
|
|
67
|
+
Rabarber::Configuration.instance.user_model.none
|
|
65
68
|
end
|
|
66
69
|
|
|
67
70
|
private
|
|
68
71
|
|
|
69
72
|
def delete_roleables_cache(role, context:)
|
|
70
|
-
|
|
71
|
-
Rabarber::Core::Cache.delete(*
|
|
73
|
+
role.roleables.in_batches(of: 1000) do |batch|
|
|
74
|
+
Rabarber::Core::Cache.delete(*batch.pluck(:id).flat_map { [[_1, context], [_1, :all]] })
|
|
72
75
|
end
|
|
73
76
|
end
|
|
74
77
|
|
|
75
|
-
def assigned_to_roleables(role)
|
|
76
|
-
ActiveRecord::Base.connection.select_values(
|
|
77
|
-
ActiveRecord::Base.sanitize_sql(
|
|
78
|
-
["SELECT roleable_id FROM rabarber_roles_roleables WHERE role_id = ?", role.id]
|
|
79
|
-
)
|
|
80
|
-
)
|
|
81
|
-
end
|
|
82
|
-
|
|
83
78
|
def process_role_name(name)
|
|
84
79
|
Rabarber::Input::Role.new(name).process
|
|
85
80
|
end
|
|
@@ -98,13 +93,5 @@ module Rabarber
|
|
|
98
93
|
|
|
99
94
|
record
|
|
100
95
|
end
|
|
101
|
-
|
|
102
|
-
def delete_assignments
|
|
103
|
-
ActiveRecord::Base.connection.execute(
|
|
104
|
-
ActiveRecord::Base.sanitize_sql(
|
|
105
|
-
["DELETE FROM rabarber_roles_roleables WHERE role_id = ?", id]
|
|
106
|
-
)
|
|
107
|
-
)
|
|
108
|
-
end
|
|
109
96
|
end
|
|
110
97
|
end
|
data/lib/rabarber/railtie.rb
CHANGED
|
@@ -4,9 +4,34 @@ require "rails/railtie"
|
|
|
4
4
|
|
|
5
5
|
module Rabarber
|
|
6
6
|
class Railtie < Rails::Railtie
|
|
7
|
+
initializer "rabarber.to_prepare" do |app|
|
|
8
|
+
app.config.to_prepare do
|
|
9
|
+
unless app.config.eager_load
|
|
10
|
+
Rabarber::Core::Permissions.reset!
|
|
11
|
+
ApplicationController.class_eval do
|
|
12
|
+
before_action :check_integrity
|
|
13
|
+
|
|
14
|
+
private
|
|
15
|
+
|
|
16
|
+
def check_integrity
|
|
17
|
+
Rabarber::Core::IntegrityChecker.run!
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
user_model = Rabarber::Configuration.instance.user_model
|
|
22
|
+
user_model.include Rabarber::HasRoles unless user_model < Rabarber::HasRoles
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
7
26
|
initializer "rabarber.after_initialize" do |app|
|
|
8
27
|
app.config.after_initialize do
|
|
9
|
-
Rabarber::Core::
|
|
28
|
+
Rabarber::Core::IntegrityChecker.run! if app.config.eager_load
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
initializer "rabarber.extend_migration_helpers" do
|
|
33
|
+
ActiveSupport.on_load :active_record do
|
|
34
|
+
ActiveRecord::Migration.include Rabarber::MigrationHelpers
|
|
10
35
|
end
|
|
11
36
|
end
|
|
12
37
|
end
|
data/lib/rabarber/version.rb
CHANGED
data/lib/rabarber.rb
CHANGED
|
@@ -8,6 +8,7 @@ require "active_support"
|
|
|
8
8
|
|
|
9
9
|
require_relative "rabarber/input/base"
|
|
10
10
|
require_relative "rabarber/input/action"
|
|
11
|
+
require_relative "rabarber/input/ar_model"
|
|
11
12
|
require_relative "rabarber/input/authorization_context"
|
|
12
13
|
require_relative "rabarber/input/context"
|
|
13
14
|
require_relative "rabarber/input/dynamic_rule"
|
|
@@ -19,20 +20,16 @@ require_relative "rabarber/input/types/symbol"
|
|
|
19
20
|
|
|
20
21
|
require_relative "rabarber/core/cache"
|
|
21
22
|
|
|
22
|
-
require_relative "rabarber/audit/events/base"
|
|
23
|
-
require_relative "rabarber/audit/events/roles_assigned"
|
|
24
|
-
require_relative "rabarber/audit/events/roles_revoked"
|
|
25
|
-
require_relative "rabarber/audit/events/unauthorized_attempt"
|
|
26
|
-
|
|
27
23
|
require_relative "rabarber/core/roleable"
|
|
28
24
|
|
|
29
25
|
require_relative "rabarber/controllers/concerns/authorization"
|
|
30
26
|
require_relative "rabarber/helpers/helpers"
|
|
27
|
+
require_relative "rabarber/helpers/migration_helpers"
|
|
31
28
|
require_relative "rabarber/models/concerns/has_roles"
|
|
32
29
|
require_relative "rabarber/models/role"
|
|
33
30
|
|
|
34
31
|
require_relative "rabarber/core/permissions"
|
|
35
|
-
require_relative "rabarber/core/
|
|
32
|
+
require_relative "rabarber/core/integrity_checker"
|
|
36
33
|
|
|
37
34
|
require_relative "rabarber/railtie"
|
|
38
35
|
|
|
@@ -40,6 +37,7 @@ module Rabarber
|
|
|
40
37
|
class Error < StandardError; end
|
|
41
38
|
class ConfigurationError < Rabarber::Error; end
|
|
42
39
|
class InvalidArgumentError < Rabarber::Error; end
|
|
40
|
+
class NotFoundError < Rabarber::Error; end
|
|
43
41
|
|
|
44
42
|
def configure
|
|
45
43
|
yield(Rabarber::Configuration.instance)
|
data/rabarber.gemspec
CHANGED
|
@@ -6,15 +6,14 @@ Gem::Specification.new do |spec|
|
|
|
6
6
|
spec.name = "rabarber"
|
|
7
7
|
spec.version = Rabarber::VERSION
|
|
8
8
|
spec.authors = ["enjaku4", "trafium"]
|
|
9
|
-
spec.
|
|
10
|
-
spec.homepage = "https://github.com/enjaku4/rabarber"
|
|
9
|
+
spec.homepage = "https://github.com/brownboxdev/rabarber"
|
|
11
10
|
spec.metadata["homepage_uri"] = spec.homepage
|
|
12
11
|
spec.metadata["source_code_uri"] = spec.homepage
|
|
13
12
|
spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/main/CHANGELOG.md"
|
|
14
13
|
spec.metadata["rubygems_mfa_required"] = "true"
|
|
15
14
|
spec.summary = "Simple role-based authorization library for Ruby on Rails"
|
|
16
15
|
spec.license = "MIT"
|
|
17
|
-
spec.required_ruby_version = ">= 3.
|
|
16
|
+
spec.required_ruby_version = ">= 3.2", "< 3.5"
|
|
18
17
|
|
|
19
18
|
spec.files = [
|
|
20
19
|
"rabarber.gemspec", "README.md", "CHANGELOG.md", "LICENSE.txt"
|
|
@@ -22,5 +21,5 @@ Gem::Specification.new do |spec|
|
|
|
22
21
|
|
|
23
22
|
spec.require_paths = ["lib"]
|
|
24
23
|
|
|
25
|
-
spec.add_dependency "rails", ">= 7.
|
|
24
|
+
spec.add_dependency "rails", ">= 7.1", "< 8.1"
|
|
26
25
|
end
|
metadata
CHANGED
|
@@ -1,15 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rabarber
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 5.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- enjaku4
|
|
8
8
|
- trafium
|
|
9
|
-
autorequire:
|
|
10
9
|
bindir: bin
|
|
11
10
|
cert_chain: []
|
|
12
|
-
date:
|
|
11
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
13
12
|
dependencies:
|
|
14
13
|
- !ruby/object:Gem::Dependency
|
|
15
14
|
name: rails
|
|
@@ -17,7 +16,7 @@ dependencies:
|
|
|
17
16
|
requirements:
|
|
18
17
|
- - ">="
|
|
19
18
|
- !ruby/object:Gem::Version
|
|
20
|
-
version: '7.
|
|
19
|
+
version: '7.1'
|
|
21
20
|
- - "<"
|
|
22
21
|
- !ruby/object:Gem::Version
|
|
23
22
|
version: '8.1'
|
|
@@ -27,13 +26,10 @@ dependencies:
|
|
|
27
26
|
requirements:
|
|
28
27
|
- - ">="
|
|
29
28
|
- !ruby/object:Gem::Version
|
|
30
|
-
version: '7.
|
|
29
|
+
version: '7.1'
|
|
31
30
|
- - "<"
|
|
32
31
|
- !ruby/object:Gem::Version
|
|
33
32
|
version: '8.1'
|
|
34
|
-
description:
|
|
35
|
-
email:
|
|
36
|
-
- rabarber_gem@icloud.com
|
|
37
33
|
executables: []
|
|
38
34
|
extensions: []
|
|
39
35
|
extra_rdoc_files: []
|
|
@@ -44,22 +40,18 @@ files:
|
|
|
44
40
|
- lib/generators/rabarber/roles_generator.rb
|
|
45
41
|
- lib/generators/rabarber/templates/create_rabarber_roles.rb.erb
|
|
46
42
|
- lib/rabarber.rb
|
|
47
|
-
- lib/rabarber/audit/events/base.rb
|
|
48
|
-
- lib/rabarber/audit/events/roles_assigned.rb
|
|
49
|
-
- lib/rabarber/audit/events/roles_revoked.rb
|
|
50
|
-
- lib/rabarber/audit/events/unauthorized_attempt.rb
|
|
51
|
-
- lib/rabarber/audit/logger.rb
|
|
52
43
|
- lib/rabarber/configuration.rb
|
|
53
44
|
- lib/rabarber/controllers/concerns/authorization.rb
|
|
54
45
|
- lib/rabarber/core/access.rb
|
|
55
46
|
- lib/rabarber/core/cache.rb
|
|
56
|
-
- lib/rabarber/core/
|
|
47
|
+
- lib/rabarber/core/integrity_checker.rb
|
|
57
48
|
- lib/rabarber/core/permissions.rb
|
|
58
|
-
- lib/rabarber/core/permissions_integrity_checker.rb
|
|
59
49
|
- lib/rabarber/core/roleable.rb
|
|
60
50
|
- lib/rabarber/core/rule.rb
|
|
61
51
|
- lib/rabarber/helpers/helpers.rb
|
|
52
|
+
- lib/rabarber/helpers/migration_helpers.rb
|
|
62
53
|
- lib/rabarber/input/action.rb
|
|
54
|
+
- lib/rabarber/input/ar_model.rb
|
|
63
55
|
- lib/rabarber/input/authorization_context.rb
|
|
64
56
|
- lib/rabarber/input/base.rb
|
|
65
57
|
- lib/rabarber/input/context.rb
|
|
@@ -74,15 +66,14 @@ files:
|
|
|
74
66
|
- lib/rabarber/railtie.rb
|
|
75
67
|
- lib/rabarber/version.rb
|
|
76
68
|
- rabarber.gemspec
|
|
77
|
-
homepage: https://github.com/
|
|
69
|
+
homepage: https://github.com/brownboxdev/rabarber
|
|
78
70
|
licenses:
|
|
79
71
|
- MIT
|
|
80
72
|
metadata:
|
|
81
|
-
homepage_uri: https://github.com/
|
|
82
|
-
source_code_uri: https://github.com/
|
|
83
|
-
changelog_uri: https://github.com/
|
|
73
|
+
homepage_uri: https://github.com/brownboxdev/rabarber
|
|
74
|
+
source_code_uri: https://github.com/brownboxdev/rabarber
|
|
75
|
+
changelog_uri: https://github.com/brownboxdev/rabarber/blob/main/CHANGELOG.md
|
|
84
76
|
rubygems_mfa_required: 'true'
|
|
85
|
-
post_install_message:
|
|
86
77
|
rdoc_options: []
|
|
87
78
|
require_paths:
|
|
88
79
|
- lib
|
|
@@ -90,7 +81,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
90
81
|
requirements:
|
|
91
82
|
- - ">="
|
|
92
83
|
- !ruby/object:Gem::Version
|
|
93
|
-
version: '3.
|
|
84
|
+
version: '3.2'
|
|
94
85
|
- - "<"
|
|
95
86
|
- !ruby/object:Gem::Version
|
|
96
87
|
version: '3.5'
|
|
@@ -100,8 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
100
91
|
- !ruby/object:Gem::Version
|
|
101
92
|
version: '0'
|
|
102
93
|
requirements: []
|
|
103
|
-
rubygems_version: 3.
|
|
104
|
-
signing_key:
|
|
94
|
+
rubygems_version: 3.6.7
|
|
105
95
|
specification_version: 4
|
|
106
96
|
summary: Simple role-based authorization library for Ruby on Rails
|
|
107
97
|
test_files: []
|