rabarber 4.1.0 → 4.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/README.md +15 -0
- data/lib/rabarber/core/access.rb +3 -5
- data/lib/rabarber/core/permissions.rb +6 -3
- data/lib/rabarber/core/permissions_integrity_checker.rb +2 -2
- data/lib/rabarber/core/rule.rb +2 -3
- data/lib/rabarber/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: feb905214f327d8aef99517ba1364252b6722430fe6ab1b4839055e1ae5b18fc
|
|
4
|
+
data.tar.gz: ed0cacc2d6ad0ec5fd436ba24e96c3c26489264c3f00c73822b24f4593b2fa01
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6f88384ea24337c233f9183fde8bda61ba2939c3947b9eff07c2b5a47ff44372ba0287258565c3a5e085c4dc80b5026206d7b126e23c58b541b6490778946123
|
|
7
|
+
data.tar.gz: 9d7d4243f90fdc36cf8c27c391154449b38407a42995791240b72571e2dff14fa3836e62ce43ca92d5d0c65a5835a1e14119a077eda59ebedbe4c6b2a5aa8bac
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,13 @@
|
|
|
1
|
+
## v4.1.1
|
|
2
|
+
|
|
3
|
+
### Bugs:
|
|
4
|
+
|
|
5
|
+
- Fixed an issue where controller-wide `grant_access` calls would overwrite each other instead of being additive, causing inconsistent access control based on statement order
|
|
6
|
+
|
|
7
|
+
### Misc:
|
|
8
|
+
|
|
9
|
+
- Minor performance improvement for authorization checks
|
|
10
|
+
|
|
1
11
|
## v4.1.0
|
|
2
12
|
|
|
3
13
|
### Features:
|
data/README.md
CHANGED
|
@@ -323,6 +323,21 @@ end
|
|
|
323
323
|
```
|
|
324
324
|
This means that `Crm::InvoicesController` is still accessible to `admin` but is also accessible to `accountant`.
|
|
325
325
|
|
|
326
|
+
This applies as well to multiple rules defined for the same controller or action:
|
|
327
|
+
```rb
|
|
328
|
+
class Crm::OrdersController < ApplicationController
|
|
329
|
+
grant_access roles: :manager, context: Order
|
|
330
|
+
grant_access roles: :admin
|
|
331
|
+
|
|
332
|
+
grant_access action: :show, roles: :client, context: -> { Order.find(params[:id]) }
|
|
333
|
+
grant_access action: :show, roles: :accountant
|
|
334
|
+
def show
|
|
335
|
+
# ...
|
|
336
|
+
end
|
|
337
|
+
end
|
|
338
|
+
```
|
|
339
|
+
This will add rules for `manager` and `admin` roles for all actions in `Crm::OrdersController`, and for `client` and `accountant` roles for the `show` action.
|
|
340
|
+
|
|
326
341
|
## Dynamic Authorization Rules
|
|
327
342
|
|
|
328
343
|
For more complex cases, Rabarber provides dynamic rules:
|
data/lib/rabarber/core/access.rb
CHANGED
|
@@ -8,15 +8,13 @@ module Rabarber
|
|
|
8
8
|
end
|
|
9
9
|
|
|
10
10
|
def controller_accessible?(roleable, controller_instance)
|
|
11
|
-
controller_rules.any? do |
|
|
12
|
-
controller_instance.is_a?(
|
|
11
|
+
controller_rules.any? do |controller, rules|
|
|
12
|
+
controller_instance.is_a?(controller) && rules.any? { _1.verify_access(roleable, controller_instance) }
|
|
13
13
|
end
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def action_accessible?(roleable, action, controller_instance)
|
|
17
|
-
action_rules[controller_instance.class].any?
|
|
18
|
-
rule.action == action && rule.verify_access(roleable, controller_instance)
|
|
19
|
-
end
|
|
17
|
+
action_rules[controller_instance.class][action].any? { _1.verify_access(roleable, controller_instance) }
|
|
20
18
|
end
|
|
21
19
|
end
|
|
22
20
|
end
|
|
@@ -13,13 +13,16 @@ module Rabarber
|
|
|
13
13
|
attr_reader :storage
|
|
14
14
|
|
|
15
15
|
def initialize
|
|
16
|
-
@storage = {
|
|
16
|
+
@storage = {
|
|
17
|
+
controller_rules: Hash.new { |h, k| h[k] = [] },
|
|
18
|
+
action_rules: Hash.new { |h1, k1| h1[k1] = Hash.new { |h2, k2| h2[k2] = [] } }
|
|
19
|
+
}
|
|
17
20
|
end
|
|
18
21
|
|
|
19
22
|
class << self
|
|
20
23
|
def add(controller, action, roles, context, dynamic_rule, negated_dynamic_rule)
|
|
21
|
-
rule = Rabarber::Core::Rule.new(
|
|
22
|
-
action ? action_rules[controller] += [rule] : controller_rules[controller]
|
|
24
|
+
rule = Rabarber::Core::Rule.new(roles, context, dynamic_rule, negated_dynamic_rule)
|
|
25
|
+
action ? action_rules[controller][action] += [rule] : controller_rules[controller] += [rule]
|
|
23
26
|
end
|
|
24
27
|
|
|
25
28
|
def controller_rules
|
|
@@ -21,8 +21,8 @@ module Rabarber
|
|
|
21
21
|
private
|
|
22
22
|
|
|
23
23
|
def missing_list
|
|
24
|
-
@missing_list ||= action_rules.each_with_object([]) do |(controller,
|
|
25
|
-
missing_actions =
|
|
24
|
+
@missing_list ||= action_rules.each_with_object([]) do |(controller, hash), arr|
|
|
25
|
+
missing_actions = hash.keys - controller.action_methods.map(&:to_sym)
|
|
26
26
|
arr << { controller => missing_actions } if missing_actions.any?
|
|
27
27
|
end
|
|
28
28
|
end
|
data/lib/rabarber/core/rule.rb
CHANGED
|
@@ -3,10 +3,9 @@
|
|
|
3
3
|
module Rabarber
|
|
4
4
|
module Core
|
|
5
5
|
class Rule
|
|
6
|
-
attr_reader :
|
|
6
|
+
attr_reader :roles, :context, :dynamic_rule, :negated_dynamic_rule
|
|
7
7
|
|
|
8
|
-
def initialize(
|
|
9
|
-
@action = action
|
|
8
|
+
def initialize(roles, context, dynamic_rule, negated_dynamic_rule)
|
|
10
9
|
@roles = Array(roles)
|
|
11
10
|
@context = context
|
|
12
11
|
@dynamic_rule = dynamic_rule || -> { true }
|
data/lib/rabarber/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rabarber
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.1.
|
|
4
|
+
version: 4.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- enjaku4
|
|
8
8
|
- trafium
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|