rails-action-authorization 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a8d8a18e02c7cba715ff6d0369b2bc1463545d45062e58408ec8384d1dcbd316
4
- data.tar.gz: 04ecdf2bae106d9cee8d4601f8693a7634a311a5cd12b905631954ed7e4d2be4
3
+ metadata.gz: 338c7a7bb0cbcb557f5797bc1c7c277d23f920495fd7045ce89b2c05b7c19667
4
+ data.tar.gz: 4a34a09a6089495f5987f6ac3e57937fdc5b03281345c8145ae64ec39e331df2
5
5
  SHA512:
6
- metadata.gz: 81053e97cbf237ac0cf489a370d2f3c13b057838c99fecbed411e814e7d884d2f18faf73a8cd2705e2e39fa1d5bcb8555f7626dbabe5933b3fc0a8e878912709
7
- data.tar.gz: 6d02f17442c5276e29de19ce8d6ba4599841847ee52b39660cdadafdbc96400801878daa4b02ca842021d3c6c6be8e0fc6cd9d351d5025b3fd5f27653e8ba41a
6
+ metadata.gz: e5609c9f4957b9e1371993b28293c534ebd78f45efe1076e131b8a8eebf6095af501a417ebe794b73786f2c539c4a1eb06590c435a99cf75fc01326f3bf4141c
7
+ data.tar.gz: 8eb2ac294e8cf13b17f5706153a7c1c09ffc180fa4b93c85a01d994fbee0b1e2a01cd51cf39f095d9ad0ba03a12a1291800275a7dca5ce936b0b18f0c580ce52
@@ -1,5 +1,7 @@
1
1
  require "authorizer/railtie"
2
2
 
3
+ ##
4
+ # The main module which contains all the code of +rails-action-authorization+.
3
5
  module ActionAuthorization
4
6
  # Your code goes here...
5
7
  end
@@ -3,7 +3,31 @@ module ActionAuthorization
3
3
 
4
4
  POSSIBILITIES = [:allow_all, :deny_all, :filter]
5
5
 
6
+ ##
7
+ # This class adds instance methods to base controller to increase the ease
8
+ # with which authorization may be checked from controllers.
6
9
  class ActionController::Metal
10
+
11
+ ##
12
+ # This method checks the authorization of a given actor (authorizee) to
13
+ # complete the controller action for the specified resource.
14
+ #
15
+ # The resource can be a single model or a List of models. In the case of
16
+ # a list of models, there are several options for dealing with list members
17
+ # that fail authorization checks. The default option is +behavior: :filter+ which
18
+ # will authorize the list but will hide all members of the list which fail
19
+ # the authorization check. Other options are +:allow_all+ and +:deny_all+.
20
+ # +:allow_all+ will permit the entire list and include even list members which
21
+ # fail the authorization test. +:deny_all+, on the other, authorizes the list only
22
+ # if all of its members pass the authorization check. Therefore, if any list member fails
23
+ # the authorization check, the actor is forbidden from completing the action on the entire
24
+ # list.
25
+ #
26
+ # @param resource either a model or a list of models for which the actor (authorizee) is
27
+ # attempting to complete the controller action.
28
+ # @param authorizee [Model] The actor (usually a +User+ model) attempting authorization.
29
+ # @param **options An unspecified number of options. Currently the only supported key is
30
+ # +:behavior+ and the only supported actions are +:filter+, +:allow_all+, and +:deny_all+.
7
31
  def check_authorization(resource, authorizee, **options)
8
32
  action = "#{params[:controller]}##{action_name}"
9
33
 
@@ -1,5 +1,15 @@
1
1
  module ActionAuthorization
2
+ ##
3
+ # This class contains all the patches to +ActiveRecord::Base+ that
4
+ # make this library function on the model side. You should only
5
+ # have to interact with these methods on concrete models and not by
6
+ # interacting with +ActiveRecord::Base+ directly.
2
7
  class ActiveRecord::Base
8
+
9
+ ##
10
+ # returns the hash mapping permission rules to executable actions.
11
+ # This is used internally and should not need to be called directly
12
+ # by the user.
3
13
  def self.get_perms
4
14
  unless (self.class_variables.include?(:'@@perms'))
5
15
  @@perms = {}
@@ -8,25 +18,59 @@ module ActionAuthorization
8
18
  return @@perms
9
19
  end
10
20
 
21
+ ##
22
+ # Ensures that the +fallback_rule+ class variable is defined.
23
+ # Used internally. There should be no need for users to call this method directly.
11
24
  def self.init_fallback_rule
12
25
  @@fallback_rule = nil unless (self.class_variable_defined?(:@@fallback_rule))
13
26
  end
14
-
27
+
28
+ ##
29
+ # Defines an authorization rule for the specified
30
+ # action names. If multiple names are passed, then the same rule
31
+ # will be used for all of them.
32
+ #
33
+ # Action names should take the following format "controller_name#action_name".
34
+ # E.G. To specify a rule for the update action on the posts controller, you would write
35
+ # 'posts#update'.
36
+ #
37
+ # names can also be symbols.
38
+ #
39
+ # @param *names [String, Symbol] The names of the actions which will use
40
+ # the given block for authorization.
41
+ # @param &block [Proc] The code to run on an authorization check.
15
42
  def self.define_rule(*names, &block)
16
43
  perms = self.get_perms
17
44
  names.each {|name| perms[name.to_sym] = block}
18
45
  end
19
-
46
+
47
+ ##
48
+ # Defines a fallback rule. The fallback rule defined by this
49
+ # class method will be used in every case where a permission rule is not
50
+ # specified. This is intended to be used in situations where
51
+ # users wish to define some generic authorization check that will be run for
52
+ # every action that doesn't have its own rule specified.
53
+ #
54
+ # @param &rule [Proc] The code to run when a rule is not defined for any action.
20
55
  def self.set_fallback_rule(&rule)
21
56
  @@fallback_rule = rule
22
57
  end
23
58
 
59
+ ##
60
+ # Checks whether the given actor (authorizee) is permitted to perform the given
61
+ # action on this instance of a model. Generally, this method is called by
62
+ # other parts of +rails-action-authorization+ and need not be invoked
63
+ # directly. It can be invoked directly if users need more precise control
64
+ # over a permission than is available using the default authorization flow.
65
+ #
66
+ # Returns the model instance it is invoked on unless the actor (authorizee) is
67
+ # forbidden from performing the action, in which case it will raise a +ForbiddenError+.
24
68
  def is_authorized(action, authorizee)
25
69
  symbol = action.to_sym
26
70
  perms = self.class.get_perms
27
71
 
28
72
  authorized = false
29
- authorized = perms[symbol].(self, authorizee) if perms[symbol]
73
+ authorized = perms[symbol].(self, authorizee, symbol) if perms[symbol]
30
74
  authorized = @@fallback_rule.(self, authorizee) if @@fallback_rule && !perms[symbol]
31
75
 
32
76
  raise ForbiddenError.new(
@@ -1,7 +1,32 @@
1
1
  module ActionAuthorization
2
+
3
+ ##
4
+ # This class represents a generic list of models that are about to
5
+ # authorized.
6
+ #
7
+ # It is instantiated automatically by +ActionController::Metal#check_authorization+ and there
8
+ # should be little need to instantiate it directly.
2
9
  class Resource
3
- attr_reader :action, :actor, :resources, :options
4
-
10
+ ##
11
+ # @return [String, Symbol] The action which +:actor+ is attempting to complete.
12
+ attr_reader :action
13
+
14
+ # @return [Model] The model attempting authorization (usually a +User+).
15
+ attr_reader :actor
16
+
17
+ # @return The list of models being authorized.
18
+ attr_reader :resources
19
+
20
+ # @return The options which are being used for authorization.
21
+ attr_reader :options
22
+
23
+ ##
24
+ # Creates a new instance of +Resource+.
25
+ #
26
+ # @param action [String, Symbol] The name of the action being performed.
27
+ # @param actor [Model] The model attempting authorization.
28
+ # @param *resources [Model] The list of models being authorized.
29
+ # @param **options Any additional options regarding the authorization options.
5
30
  def initialize(action, actor, *resources, **options)
6
31
  @action = action
7
32
  @actor = actor
@@ -9,6 +34,11 @@ module ActionAuthorization
9
34
  @options = options
10
35
  end
11
36
 
37
+ ##
38
+ # Returns the list of models passed into the constructor
39
+ # if the list passes authorization, otherwise raises
40
+ # +ForbiddenError+.
41
+ # @returns The list of models being authorized.
12
42
  def get
13
43
  return @resources if @resources.nil?
14
44
  return @resources if @resources.length == 0
@@ -25,6 +55,8 @@ module ActionAuthorization
25
55
  collect_permitted {|results| results.length == @resources.length}
26
56
  when :filter
27
57
  collect_permitted {|results| results.length > 0}
58
+ else
59
+ collect_permitted {|results| results.length > 0}
28
60
  end
29
61
  end
30
62
 
@@ -1,3 +1,3 @@
1
1
  module ActionAuthorization
2
- VERSION = '1.0.0'
2
+ VERSION = '1.1.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails-action-authorization
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Luchuk
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-04-01 00:00:00.000000000 Z
11
+ date: 2020-04-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -84,7 +84,8 @@ files:
84
84
  homepage: https://github.com/speratus/rails-action-authorization
85
85
  licenses:
86
86
  - MIT
87
- metadata: {}
87
+ metadata:
88
+ allowed_push_host: http://rubygems.org
88
89
  post_install_message:
89
90
  rdoc_options: []
90
91
  require_paths:
@@ -100,7 +101,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
100
101
  - !ruby/object:Gem::Version
101
102
  version: '0'
102
103
  requirements: []
103
- rubygems_version: 3.0.6
104
+ rubyforge_project:
105
+ rubygems_version: 2.7.7
104
106
  signing_key:
105
107
  specification_version: 4
106
108
  summary: Rails Action Authorization adds an authorization framework for controller