rails-acu 3.0.3 → 3.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 123859955ecca0946fcf6fa035b496cfa33288b2
-  data.tar.gz: f40b6bffd605127cdc3670385c22e160f0282f3d
+  metadata.gz: 4f50692b816fca643b3e84d4d1df13fe2ffabb6d
+  data.tar.gz: 0b84f06cdfc0d7f9afc943b518fa497252ebfba0
 SHA512:
-  metadata.gz: 4ff706de1febaa671c88d7d71c757645f5ef1dd12891b994117ccd1da1a077f1a1098009dc7a3708f2159ddc30b5fa90c29b481f62fb85e233868da2775ad65d
-  data.tar.gz: a68cec0ae7ffcebe783c5102064141f52dce64cb3d29fcc450fc324da1f2b2595815d6582ad9aa4190f8180cb121c388c61ce92a2d039ce953236bfa798e812d
+  metadata.gz: b2a8d834f7029c6b280d84286212d8b8fc03602fd6d22e1d493b89106828f4c836d85b59325700bb84eebbf49c4a7d4808379561d699531b39ddc9e5a93deac5
+  data.tar.gz: 15e6e64d16586ee43948289b9e697ed487d27e0f5816ccaeb74f6c27a6a131e3c846caef39bf06b45e7bdf495c7eb7e51a54930e78129a89718200fe284ee70b

data/.travis.yml

@@ -1,7 +1,7 @@
 language: ruby
 
 rvm:
-  - 2.4.0
+  - 2.4.1
 
 cache: bundler
 
@@ -27,4 +27,4 @@ script:
 notifications:
   email:
     recipients:
-      - b.g.dariush@gmail.com
+      - b.g.dariush@gmail.com

data/Gemfile

@@ -17,6 +17,9 @@ gemspec
 # Git. Remember to move these dependencies to your gemspec before releasing
 # your gem to rubygems.org.
 
+# to fix security bug CVE-2018-3760
+gem 'sprockets', '~> 3.7.2'
+
 # To use a debugger
 # gem 'byebug', group: [:development, :test]
 

data/Gemfile.lock

@@ -7,8 +7,8 @@ GIT
 PATH
   remote: .
   specs:
-    rails-acu (3.0.2)
-      rails (~> 5.2.0)
+    rails-acu (3.0.4)
+      rails (>= 5.0.0)
 
 GEM
   remote: https://rubygems.org/
@@ -85,7 +85,7 @@ GEM
       mimemagic (~> 0.3.2)
     method_source (0.9.0)
     mimemagic (0.3.2)
-    mini_mime (1.0.0)
+    mini_mime (1.0.1)
     mini_portile2 (2.3.0)
     minitest (5.11.3)
     nio4r (2.3.1)
@@ -144,7 +144,7 @@ GEM
       rspec-mocks (~> 3.7.0)
       rspec-support (~> 3.7.0)
     rspec-support (3.7.1)
-    sprockets (3.7.1)
+    sprockets (3.7.2)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.2.1)
@@ -173,10 +173,11 @@ DEPENDENCIES
   rails-acu!
   rails-controller-testing
   rspec-rails (~> 3.5)
+  sprockets (~> 3.7.2)
   sqlite3
 
 RUBY VERSION
    ruby 2.4.1p111
 
 BUNDLED WITH
-   1.16.1
+   1.16.2

data/README.md

@@ -94,6 +94,14 @@ Acu::Rules.define do
       allow :client
     end
   end
+
+  # negated entities (since v3.0.4)
+  namespace do
+    controller :profile do
+      # only owners can edit the profile page
+      deny :not_owner, on: [:edit]
+    end
+  end
 end
 ```
 

data/lib/acu/helpers/helpers.rb

@@ -1,6 +1,12 @@
 def acu_is? symbol
   flag = false
-  [symbol].flatten.each { |s| flag |= Acu::Monitor.valid_for? s }
+  [symbol].flatten.each do |s| 
+  	if s.to_s =~ /\Anot_/
+			flag |= not(Acu::Monitor.valid_for?(s.to_s.gsub(/\Anot_/, "").to_sym))
+		else
+			flag |= Acu::Monitor.valid_for? s 
+		end
+  end
   flag
 end
 

data/lib/acu/rules.rb

@@ -111,6 +111,7 @@ module Acu
 
       def op *symbol, opr, on
         symbol = symbol.flatten
+        process_symbol *symbol
         raise Errors::InvalidData.new("invalid argument") if not symbol or symbol.to_s.blank? or opr.to_s.blank?
         raise Errors::AmbiguousRule.new("cannot have `on` argument inside the action `#{@_params[:action][:name]}`") if not on.empty? and (@_params[:action] and not @_params[:action].empty?)
         raise Errors::InvalidData.new("the symbol `#{symbol}` is not defined by `whois`") if not symbol.all? { |s| @entities.include? s }
@@ -123,9 +124,23 @@ module Acu
         end
       end
 
-      def build_rule rule
+      def process_symbol *symbols
+      	symbols.each do |symbol|
+      		# check if negated symbol used?
+      		if symbol.to_s.downcase =~ /\Anot_/ and not @entities.include?(symbol)
+      			# remove the not symbol
+      			not_symbol = (symbol.to_s.gsub /\Anot_/, "").to_sym
+    				# add the negated symbol
+      			whois(symbol, args: @entities[not_symbol][:args]) { |*args| not @entities[not_symbol][:callback].call(*args) }
+      		end
+      	end
+      end
+
+      def build_rule *_rules
         @rules[@_params.deep_dup] ||= {}
-        @rules[@_params.deep_dup] = rules[@_params.clone].merge(rule);
+        _rules.each do |rule|
+        	@rules[@_params.deep_dup] = @rules[@_params.clone].merge(rule);
+        end
       end
 
       def build_rule_entry

data/lib/acu/version.rb

@@ -1,3 +1,3 @@
 module Acu
-  VERSION = '3.0.3'
+  VERSION = '3.0.6'
 end

data/spec/dummy/spec/controllers/home_controller_spec.rb

@@ -428,6 +428,32 @@ RSpec.describe HomeController, type: :controller do
         expect {get :contact}.to raise_error(Acu::Errors::AccessDenied)
         expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:everyone`/
       end
+      it "[negated entities]" do
+        Acu::Rules.define do
+          whois :everyone { true }
+          whois :client { false }
+          namespace do
+            controller :home do
+              deny :not_client, on: [:index, :contact]
+            end
+          end
+        end
+        expect {get :index}.to raise_error(Acu::Errors::AccessDenied)
+        expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:not_client`/
+        expect {get :contact}.to raise_error(Acu::Errors::AccessDenied)
+        expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:not_client`/
+        Acu::Rules.define do
+          namespace do
+            controller :home do
+              allow :not_client, on: [:index, :contact]
+            end
+          end
+        end
+        get :index
+        expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:not_client`/
+        get :contact
+        expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:not_client`/
+      end
     end
     context "[bulk settings]" do
       it "[allow/deny]" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails-acu
 version: !ruby/object:Gem::Version
-  version: 3.0.3
+  version: 3.0.6
 platform: ruby
 authors:
 - Dariush Hasanpour
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-11 00:00:00.000000000 Z
+date: 2018-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails