rabarber 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/README.md +39 -33
- data/lib/rabarber/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: efe276f264ab3b14fb15221050a9876054fc9cda73cd62af4a68b177658af585
|
|
4
|
+
data.tar.gz: be88e7ead8056ba296ede08d74da565ebb3c2e1ea53d203d0b68b29c38cb2076
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8136281097de32e13774e3beafb60a55bdd031d6f9fec9e2d09a43e746d6a044c13b269e02b086037b8c538c0d35b514ac509ad21c5dfdcf9173013dbeb35f5a
|
|
7
|
+
data.tar.gz: 9479c30544c7ce6a56b418fc6c25fb0470dbdfd6e0a069114bc3616b7b6aaa03756881b6ef2173dd2d4f332e2a3cea0751e322764aa241a70eccd0cc7c45e675
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
Rabarber is an authorization library primarily designed for use in the web layer of your application, specifically in controllers and views.
|
|
4
4
|
|
|
5
|
-
Rabarber takes a slightly different approach compared to some popular libraries.
|
|
5
|
+
Rabarber takes a slightly different approach compared to some popular libraries. Rabarber focuses on the question: "Who can access this endpoint?". In Rabarber, authorization is expressed not as "A user with the role 'editor' can edit a post," but rather as "A user with the role 'editor' can access a post editing endpoint."
|
|
6
6
|
|
|
7
|
-
#### Example Usage:
|
|
7
|
+
#### Example of Usage:
|
|
8
8
|
|
|
9
|
-
Consider a CRM
|
|
9
|
+
Consider a CRM where users with different roles have distinct access levels. For instance, the role 'accountant' can interact with invoices and orders but cannot access marketing information, while the role 'marketer' has access to marketing-related data.
|
|
10
10
|
|
|
11
11
|
## Installation
|
|
12
12
|
|
|
@@ -16,13 +16,13 @@ Add the Rabarber gem to your Gemfile:
|
|
|
16
16
|
gem "rabarber"
|
|
17
17
|
```
|
|
18
18
|
|
|
19
|
-
Install the gem:
|
|
19
|
+
Install the gem:
|
|
20
20
|
|
|
21
21
|
```
|
|
22
22
|
bundle install
|
|
23
23
|
```
|
|
24
24
|
|
|
25
|
-
Next, generate a migration to create tables for storing roles in the database:
|
|
25
|
+
Next, generate a migration to create tables for storing roles in the database:
|
|
26
26
|
|
|
27
27
|
```
|
|
28
28
|
rails g rabarber:roles
|
|
@@ -36,7 +36,7 @@ rails db:migrate
|
|
|
36
36
|
|
|
37
37
|
## Configuration
|
|
38
38
|
|
|
39
|
-
|
|
39
|
+
Rabarber can be configured by adding the following code into an initializer:
|
|
40
40
|
|
|
41
41
|
```rb
|
|
42
42
|
Rabarber.configure do |config|
|
|
@@ -48,12 +48,12 @@ Rabarber.configure do |config|
|
|
|
48
48
|
end
|
|
49
49
|
```
|
|
50
50
|
- `current_user_method` must be a symbol representing the method that returns the currently authenticated user. The default value is `:current_user`.
|
|
51
|
-
- `must_have_roles` must be a boolean
|
|
52
|
-
- `when_unauthorized` must be a lambda where you can define your actions when access is not authorized (`controller` is
|
|
51
|
+
- `must_have_roles` must be a boolean determining whether a user with no roles can access endpoints permitted to everyone. The default value is `false` (allowing users without roles to access endpoints permitted to everyone).
|
|
52
|
+
- `when_unauthorized` must be a lambda where you can define your actions when access is not authorized (`controller` is an instance of the controller where the code is executed). By default, the user is redirected back if the request format is HTML; otherwise, a 401 Unauthorized response is sent.
|
|
53
53
|
|
|
54
54
|
## Usage
|
|
55
55
|
|
|
56
|
-
Include
|
|
56
|
+
Include `Rabarber::HasRoles` module in your model representing users in your application:
|
|
57
57
|
|
|
58
58
|
```rb
|
|
59
59
|
class User < ApplicationRecord
|
|
@@ -71,19 +71,26 @@ To assign roles to the user, use:
|
|
|
71
71
|
```rb
|
|
72
72
|
user.assign_roles(:accountant, :marketer)
|
|
73
73
|
```
|
|
74
|
-
By default,
|
|
74
|
+
By default, `#assign_roles` method will automatically create any roles that don't exist. If you want to assign only existing roles and prevent the creation of new ones, use the method with `create_new: false` argument:
|
|
75
75
|
```rb
|
|
76
76
|
user.assign_roles(:accountant, :marketer, create_new: false)
|
|
77
77
|
```
|
|
78
78
|
|
|
79
|
+
You can also explicitly create new roles simply by using:
|
|
80
|
+
|
|
81
|
+
```rb
|
|
82
|
+
Rabarber::Role.create(name: "manager")
|
|
83
|
+
```
|
|
84
|
+
The role names are unique.
|
|
85
|
+
|
|
79
86
|
#### `#revoke_roles`
|
|
80
87
|
|
|
81
|
-
To revoke roles
|
|
88
|
+
To revoke roles, use:
|
|
82
89
|
|
|
83
90
|
```rb
|
|
84
91
|
user.revoke_roles(:accountant, :marketer)
|
|
85
92
|
```
|
|
86
|
-
If any of the specified roles doesn't exist or the user doesn't have
|
|
93
|
+
If any of the specified roles doesn't exist or the user doesn't have the role you want to revoke, it will be ignored.
|
|
87
94
|
|
|
88
95
|
#### `#has_role?`
|
|
89
96
|
|
|
@@ -97,25 +104,24 @@ It returns `true` if the user has at least one role and `false` otherwise.
|
|
|
97
104
|
|
|
98
105
|
#### `#roles`
|
|
99
106
|
|
|
100
|
-
|
|
107
|
+
To view all the roles assigned to the user, use:
|
|
101
108
|
|
|
102
109
|
```rb
|
|
103
110
|
user.roles
|
|
104
111
|
```
|
|
105
|
-
|
|
106
|
-
Utilize these methods to manipulate user roles. For example, create a custom UI for managing roles or assign necessary roles during migration or runtime (e.g., when the user is created). Adapt them to fit the requirements of your app.
|
|
107
|
-
|
|
108
|
-
If you need to list all the role names, use:
|
|
112
|
+
If you need to list all the role names available in your application, use:
|
|
109
113
|
|
|
110
114
|
```rb
|
|
111
115
|
Rabarber::Role.names
|
|
112
116
|
```
|
|
113
117
|
|
|
118
|
+
Utilize these methods to manipulate user roles. For example, create a custom UI for managing roles or assign necessary roles during migration or runtime (e.g., when the user is created). Adapt them to fit the requirements of your application.
|
|
119
|
+
|
|
114
120
|
---
|
|
115
121
|
|
|
116
122
|
### Authorization Rules
|
|
117
123
|
|
|
118
|
-
Include
|
|
124
|
+
Include `Rabarber::Authorization` module into the controller that needs authorization rules to be applied (authorization rules will be applied to the controller and its children). Typically, it is `ApplicationController`, but it can be any controller.
|
|
119
125
|
|
|
120
126
|
```rb
|
|
121
127
|
class ApplicationController < ActionController::Base
|
|
@@ -123,7 +129,7 @@ class ApplicationController < ActionController::Base
|
|
|
123
129
|
...
|
|
124
130
|
end
|
|
125
131
|
```
|
|
126
|
-
This adds
|
|
132
|
+
This adds `.grant_access` method to the controller and its children. This method allows you to define the authorization rules.
|
|
127
133
|
|
|
128
134
|
The most basic usage of the method is as follows:
|
|
129
135
|
|
|
@@ -140,13 +146,13 @@ class InvoicesController < ApplicationController
|
|
|
140
146
|
end
|
|
141
147
|
end
|
|
142
148
|
```
|
|
143
|
-
This grants access to
|
|
149
|
+
This grants access to `index` action for users with `accountant` or `admin` role, and access to `delete` action for `admin` users only.
|
|
144
150
|
|
|
145
|
-
You can also define controller-wide rules (without
|
|
151
|
+
You can also define controller-wide rules (without `action` argument):
|
|
146
152
|
|
|
147
153
|
```rb
|
|
148
154
|
class Crm::BaseController < ApplicationController
|
|
149
|
-
grant_access roles: :admin, :manager
|
|
155
|
+
grant_access roles: [:admin, :manager]
|
|
150
156
|
|
|
151
157
|
grant_access action: :dashboard, roles: :marketer
|
|
152
158
|
def dashboard
|
|
@@ -154,7 +160,7 @@ class Crm::BaseController < ApplicationController
|
|
|
154
160
|
end
|
|
155
161
|
end
|
|
156
162
|
|
|
157
|
-
class InvoicesController < Crm::
|
|
163
|
+
class Crm::InvoicesController < Crm::BaseController
|
|
158
164
|
grant_access roles: :accountant
|
|
159
165
|
def index
|
|
160
166
|
...
|
|
@@ -165,9 +171,9 @@ class InvoicesController < Crm::BaseControlle
|
|
|
165
171
|
end
|
|
166
172
|
end
|
|
167
173
|
```
|
|
168
|
-
This means that `admin` and `manager` have access to all actions inside `Crm::BaseController` and its children, while
|
|
174
|
+
This means that `admin` and `manager` have access to all the actions inside `Crm::BaseController` and its children, while `accountant` role has access only to the actions in `Crm::InvoicesController` and its possible children. Users with `marketer` role can only see the dashboard in this example.
|
|
169
175
|
|
|
170
|
-
Roles
|
|
176
|
+
Roles can also be omitted:
|
|
171
177
|
|
|
172
178
|
```rb
|
|
173
179
|
class OrdersController < ApplicationController
|
|
@@ -183,9 +189,9 @@ class InvoicesController < ApplicationController
|
|
|
183
189
|
end
|
|
184
190
|
```
|
|
185
191
|
|
|
186
|
-
This allows everyone to access `OrdersController` and its children and
|
|
192
|
+
This allows everyone to access `OrdersController` and its children and `index` action in `InvoicesController`.
|
|
187
193
|
|
|
188
|
-
If you've set
|
|
194
|
+
If you've set `must_have_roles` setting to `true`, then, only the users with at least one role can have access. This setting can be useful if your requirements are such that users without roles are not allowed to see anything.
|
|
189
195
|
|
|
190
196
|
For more complex rules, Rabarber provides the following:
|
|
191
197
|
|
|
@@ -202,13 +208,13 @@ class OrdersController < ApplicationController
|
|
|
202
208
|
end
|
|
203
209
|
|
|
204
210
|
class InvoicesController < ApplicationController
|
|
205
|
-
grant_access action: :index, roles: :accountant, if: -> { current_user.
|
|
211
|
+
grant_access action: :index, roles: :accountant, if: -> { current_user.passed_probation_period? }
|
|
206
212
|
def index
|
|
207
213
|
...
|
|
208
214
|
end
|
|
209
215
|
end
|
|
210
216
|
```
|
|
211
|
-
You can pass a custom rule as
|
|
217
|
+
You can pass a custom rule as `if` argument. It can be a symbol (the method with the same name will be called) or a lambda.
|
|
212
218
|
|
|
213
219
|
Rules defined in children don't override parent rules but rather add to them:
|
|
214
220
|
```rb
|
|
@@ -217,12 +223,12 @@ class Crm::BaseController < ApplicationController
|
|
|
217
223
|
...
|
|
218
224
|
end
|
|
219
225
|
|
|
220
|
-
class InvoicesController < Crm::
|
|
226
|
+
class Crm::InvoicesController < Crm::BaseController
|
|
221
227
|
grant_access roles: :accountant
|
|
222
228
|
...
|
|
223
229
|
end
|
|
224
230
|
```
|
|
225
|
-
This means that `InvoicesController` is still accessible to `admin` but is also accessible to `accountant`.
|
|
231
|
+
This means that `Crm::InvoicesController` is still accessible to `admin` but is also accessible to `accountant`.
|
|
226
232
|
|
|
227
233
|
---
|
|
228
234
|
|
|
@@ -244,9 +250,9 @@ Rabarber also provides a couple of helpers that can be used in views: `visible_t
|
|
|
244
250
|
|
|
245
251
|
## Problems?
|
|
246
252
|
|
|
247
|
-
Encountered a bug or facing a problem?
|
|
253
|
+
Encountered a bug or facing a problem?
|
|
248
254
|
|
|
249
|
-
- **Create an Issue**: If you've identified a problem or have a feature request, please create an issue on the gem's GitHub repository. Be sure to provide detailed information about the problem, including steps to reproduce it.
|
|
255
|
+
- **Create an Issue**: If you've identified a problem or have a feature request, please create an issue on the gem's GitHub repository. Be sure to provide detailed information about the problem, including the steps to reproduce it.
|
|
250
256
|
- **Contribute a Solution**: Found a fix for the issue or want to contribute to the project? Feel free to create a pull request with your changes.
|
|
251
257
|
|
|
252
258
|
## License
|
data/lib/rabarber/version.rb
CHANGED