rails-canhaz 0.4.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +13 -2
- data/lib/rails-canhaz/canhaz_permission.rb +8 -5
- data/lib/rails-canhaz/extensions_subject.rb +18 -28
- data/rails-canhaz.gemspec +2 -2
- data/test/test_canhaz.rb +16 -0
- metadata +3 -4
data/README.md
CHANGED
@@ -81,13 +81,24 @@ artice.subjects_with_permission(User, :read) # Will return all the users hat are
|
|
81
81
|
|
82
82
|
user.cannot!(:read, article)
|
83
83
|
|
84
|
+
# Version 1.0.0 introduces global permissions :
|
85
|
+
|
86
|
+
user.can?(:haz_cheezburgers) # false
|
87
|
+
|
88
|
+
user.can!(:haz_cheezburgers)
|
89
|
+
|
90
|
+
user.can?(:haz_cheezburgers) # true
|
91
|
+
|
84
92
|
```
|
85
93
|
|
86
94
|
## Changelog
|
87
|
-
|
95
|
+
* 1.0.0 (hurray !):
|
96
|
+
* Removing can and cannot deprecated functions (renamed to can! and cannot!)
|
97
|
+
* Adding global permissions for subjects
|
98
|
+
* 0.4.1 :
|
99
|
+
* Adding a rails migration generator thanks to [Awea](http://github.com/Awea)
|
88
100
|
* 0.4.0 :
|
89
101
|
* Aliasing can to can! and deprecating can
|
90
102
|
* Aliasing cannot to cannot! and deprecating cannot
|
91
|
-
|
92
103
|
* 0.3.0 :
|
93
104
|
* Removing rights from the database before destroying a subject or object model
|
@@ -7,18 +7,21 @@ class CanHazPermission < ActiveRecord::Base
|
|
7
7
|
# Gets the permission row between two objects
|
8
8
|
#
|
9
9
|
# @param subject [ActiveRecord::Base] The subject
|
10
|
-
# @param object [ActiveRecord::Base] The object
|
10
|
+
# @param object [ActiveRecord::Base, nil] The object. Can be nil if it is a global permission that does not target an object
|
11
11
|
# @param permission [String, Symbol] The permission identifier
|
12
12
|
# @return [CanHazPermission, nil] The corresponding permission if found or nil
|
13
|
-
def self.find_permission(subject, object, permission)
|
13
|
+
def self.find_permission(subject, object = nil, permission)
|
14
14
|
raise NotACanHazSubject unless subject.canhaz_subject?
|
15
|
-
raise NotACanHazObject unless object.canhaz_object?
|
15
|
+
raise NotACanHazObject unless (object.nil? || object.canhaz_object?)
|
16
|
+
|
17
|
+
object_type = object.nil? ? nil : object.class.to_s
|
18
|
+
object_id = object.nil? ? nil : object.id
|
16
19
|
|
17
20
|
results = CanHazPermission.where(
|
18
21
|
:csubject_id => subject.id,
|
19
22
|
:csubject_type => subject.class.to_s,
|
20
|
-
:cobject_id =>
|
21
|
-
:cobject_type =>
|
23
|
+
:cobject_id => object_id,
|
24
|
+
:cobject_type => object_type,
|
22
25
|
:permission_name => permission
|
23
26
|
)
|
24
27
|
results.first
|
@@ -2,26 +2,23 @@ module CanHaz
|
|
2
2
|
module ModelExtensions
|
3
3
|
module Subject
|
4
4
|
|
5
|
-
# Alias for {#can!}
|
6
|
-
#
|
7
|
-
# @deprecated Please use {#can!} instead
|
8
|
-
def can(permission, object)
|
9
|
-
warn "[DEPRECATION] can is deprecated and will be removed in a future release, please use `can!` instead"
|
10
|
-
self.can!(permission, object)
|
11
|
-
end
|
12
|
-
|
13
5
|
# Creates a permission on a given object
|
14
6
|
#
|
15
7
|
# @param permission [String, Symbol] The identifier of the permission
|
16
|
-
# @param object [ActiveRecord::Base] The model on which the permission is effective
|
8
|
+
# @param object [ActiveRecord::Base, nil] The model on which the permission is effective
|
9
|
+
# Can be nil if it is a global permission that does not target an object
|
17
10
|
# @return [Bool] True if the role was successfully created, false if it was already present
|
18
|
-
def can!(permission, object)
|
19
|
-
raise Exceptions::NotACanHazObject unless object.canhaz_object?
|
11
|
+
def can!(permission, object = nil)
|
12
|
+
raise Exceptions::NotACanHazObject unless (object.nil? || object.canhaz_object?)
|
13
|
+
|
14
|
+
object_type = object.nil? ? nil : object.class.to_s
|
15
|
+
object_id = object.nil? ? nil : object.id
|
16
|
+
|
20
17
|
CanHazPermission.new({
|
21
18
|
:csubject_id => self.id,
|
22
19
|
:csubject_type => self.class.to_s,
|
23
|
-
:cobject_type =>
|
24
|
-
:cobject_id =>
|
20
|
+
:cobject_type => object_type,
|
21
|
+
:cobject_id => object_id,
|
25
22
|
:permission_name => permission
|
26
23
|
}).save
|
27
24
|
end
|
@@ -29,27 +26,20 @@ module CanHaz
|
|
29
26
|
# Checks if the subject has a given permission on a given object
|
30
27
|
#
|
31
28
|
# @param permission [String, Symbol] The identifier of the permission
|
32
|
-
# @param object [ActiveRecord::Base] The model we are testing the permission on
|
29
|
+
# @param object [ActiveRecord::Base, nil] The model we are testing the permission on
|
30
|
+
# Can be nil if it is a global permission that does not target an object
|
33
31
|
# @return [Bool] True if the user has the given permission, false otherwise
|
34
|
-
def can?(permission, object)
|
35
|
-
raise Exceptions::NotACanHazObject unless object.canhaz_object?
|
32
|
+
def can?(permission, object = nil)
|
33
|
+
raise Exceptions::NotACanHazObject unless (object.nil? || object.canhaz_object?)
|
36
34
|
CanHazPermission.find_permission(self, object, permission) != nil
|
37
35
|
end
|
38
36
|
|
39
|
-
# Alias for {#cannot!}
|
40
|
-
#
|
41
|
-
# @deprecated Please use {#cannot!} instead
|
42
|
-
def cannot(permission, object)
|
43
|
-
warn "[DEPRECATION] cannot is deprecated and will be removed in a future release, please use `cannot!` instead"
|
44
|
-
self.cannot!(permission, object)
|
45
|
-
end
|
46
|
-
|
47
37
|
# Removes a permission on a given object
|
48
38
|
#
|
49
39
|
# @param permission [String, Symbol] The identifier of the permission
|
50
|
-
# @param object [ActiveRecord::Base] The model on which the permission is effective
|
40
|
+
# @param object [ActiveRecord::Base, nil] The model on which the permission is effective. Can be nil if it is a global permission that does not target an object
|
51
41
|
# @return [Bool] True if the role was successfully removed, false if it did not exist
|
52
|
-
def cannot!(permission, object)
|
42
|
+
def cannot!(permission, object = nil)
|
53
43
|
permission = CanHazPermission.find_permission(self, object, permission)
|
54
44
|
return false if permission.nil?
|
55
45
|
permission.destroy and return true
|
@@ -59,9 +49,9 @@ module CanHaz
|
|
59
49
|
# Acts as a proxy of !subject.can?(permission, object)
|
60
50
|
#
|
61
51
|
# @param permission [String, Symbol] The identifier of the permission
|
62
|
-
# @param object [ActiveRecord::Base] The model we are testing the permission on
|
52
|
+
# @param object [ActiveRecord::Base] The model we are testing the permission on. Can be nil if it is a global permission that does not target an object
|
63
53
|
# @return [Bool] True if the user has not the given permission, false otherwise
|
64
|
-
def cannot?(permission, object)
|
54
|
+
def cannot?(permission, object = nil)
|
65
55
|
!self.can?(permission, object)
|
66
56
|
end
|
67
57
|
|
data/rails-canhaz.gemspec
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'rails-canhaz'
|
3
|
-
s.version = '0.
|
4
|
-
s.date = '2012-05
|
3
|
+
s.version = '1.0.0'
|
4
|
+
s.date = '2012-06-05'
|
5
5
|
s.summary = "A simple gem for managing permissions between rails models"
|
6
6
|
s.description = "A simple gem for managing permissions between rails models"
|
7
7
|
s.authors = ["Adrien Siami (Intrepidd)"]
|
data/test/test_canhaz.rb
CHANGED
@@ -248,5 +248,21 @@ class CanHazTest < Test::Unit::TestCase
|
|
248
248
|
assert CanHazPermission.find_by_cobject_id(id).nil?
|
249
249
|
end
|
250
250
|
|
251
|
+
def test_global_permissions
|
252
|
+
|
253
|
+
s = SubjectModel.new
|
254
|
+
s.save
|
255
|
+
|
256
|
+
assert_equal false, s.can?(:foo)
|
257
|
+
|
258
|
+
assert_equal true, s.can!(:foo)
|
259
|
+
|
260
|
+
assert_equal true, s.can?(:foo)
|
261
|
+
|
262
|
+
s.cannot!(:foo)
|
263
|
+
|
264
|
+
assert_equal false, s.can?(:foo)
|
265
|
+
end
|
266
|
+
|
251
267
|
end
|
252
268
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails-canhaz
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-05
|
12
|
+
date: 2012-06-05 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|
@@ -74,9 +74,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
74
74
|
version: '0'
|
75
75
|
requirements: []
|
76
76
|
rubyforge_project:
|
77
|
-
rubygems_version: 1.8.
|
77
|
+
rubygems_version: 1.8.24
|
78
78
|
signing_key:
|
79
79
|
specification_version: 3
|
80
80
|
summary: A simple gem for managing permissions between rails models
|
81
81
|
test_files: []
|
82
|
-
has_rdoc:
|