rails_admin_authorized_fields 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +18 -2
- data/lib/rails_admin_authorized_fields/section.rb +41 -14
- data/lib/rails_admin_authorized_fields/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 35e8abb44b50cce2e9e0ac0eb25c1f59c451dd29
|
|
4
|
+
data.tar.gz: fe374a70e10a4e72495dbfa74cb424ad05f191e6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 58bdc9b82dbb905def88ad28dd239cabf133932b95f79ee0881b91d77b5e60d6e81dd73e1b29455b3d44635b07e5ca957d9efa1de20f62cbf0dc80f6e790aec6
|
|
7
|
+
data.tar.gz: 1e89f36d6d3fd5059b739f8c12e5bbe70e771da4fe8c18666235fdbfaeaef50969cb0b0f519db82247bb3c39d1094e0ffec3ce2c68b2d69f937a2493220cc3e7
|
data/README.md
CHANGED
|
@@ -22,8 +22,8 @@ Just add ```authorized_fields``` section to your model with specified rules:
|
|
|
22
22
|
|
|
23
23
|
rails_admin do
|
|
24
24
|
authorized_fields( {
|
|
25
|
-
[ :enabled, :is_default, :text_slug ] =>
|
|
26
|
-
[ :domain ] =>
|
|
25
|
+
[ :enabled, :is_default, :text_slug ] => proc { bindings[:view]._current_user.has_role?( :admin ) },
|
|
26
|
+
[ :domain ] => proc { !bindings[:view]._current_user.has_role?( :manager ) },
|
|
27
27
|
} )
|
|
28
28
|
|
|
29
29
|
field :enabled
|
|
@@ -33,6 +33,22 @@ Just add ```authorized_fields``` section to your model with specified rules:
|
|
|
33
33
|
field :text_slug
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
You can also use ```unauthorized_fields``` section in opposite of ```authorized_fields```. All rules will be checked.
|
|
37
|
+
|
|
38
|
+
rails_admin do
|
|
39
|
+
unauthorized_fields( {
|
|
40
|
+
[ :enabled, :is_default, :text_slug ] => proc { bindings[:view]._current_user.has_role?( :manager ) },
|
|
41
|
+
} )
|
|
42
|
+
|
|
43
|
+
field :enabled
|
|
44
|
+
field :name
|
|
45
|
+
field :domain
|
|
46
|
+
field :is_default
|
|
47
|
+
field :text_slug
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
Note: all fields are ```authorized``` by default.
|
|
51
|
+
|
|
36
52
|
TODO: just a small changes needed to make ```authorized_fields``` section overridable in subsection (list, edit)
|
|
37
53
|
|
|
38
54
|
## Contributing
|
|
@@ -1,44 +1,72 @@
|
|
|
1
1
|
module RailsAdminAuthorizedFields
|
|
2
2
|
module AuthorazedFieldsSection
|
|
3
|
-
attr_accessor :authorization_rules
|
|
4
|
-
|
|
5
3
|
def initialize(parent)
|
|
6
|
-
@
|
|
4
|
+
@allow_rules, @deny_rules = {}, {}
|
|
7
5
|
|
|
8
6
|
super(parent)
|
|
9
7
|
end
|
|
10
8
|
|
|
11
9
|
def authorized_fields(rules)
|
|
12
10
|
rules.each do |fields, rule|
|
|
13
|
-
fields = [
|
|
11
|
+
fields = [fields].flatten
|
|
14
12
|
|
|
15
13
|
fields.each do |name|
|
|
16
14
|
name = name.to_sym
|
|
17
|
-
@
|
|
18
|
-
@
|
|
15
|
+
@allow_rules[name] ||= []
|
|
16
|
+
@allow_rules[name] << rule
|
|
19
17
|
end
|
|
20
18
|
end
|
|
21
19
|
end
|
|
22
20
|
|
|
23
|
-
def
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
21
|
+
def unauthorized_fields(rules)
|
|
22
|
+
rules.each do |fields, rule|
|
|
23
|
+
fields = [fields].flatten
|
|
24
|
+
|
|
25
|
+
fields.each do |name|
|
|
26
|
+
name = name.to_sym
|
|
27
|
+
@deny_rules[name] ||= []
|
|
28
|
+
@deny_rules[name] << rule
|
|
29
|
+
end
|
|
30
|
+
end
|
|
27
31
|
end
|
|
28
32
|
|
|
29
33
|
def visible_fields
|
|
30
34
|
super.select do |field|
|
|
31
35
|
authorized = true
|
|
32
36
|
|
|
33
|
-
rules = field.section.field_authorization_rules(
|
|
37
|
+
rules = field.section.field_authorization_rules(field.name)
|
|
38
|
+
|
|
39
|
+
rules[:allow].each do |rule|
|
|
40
|
+
authorized &= instance_eval(&rule)
|
|
41
|
+
end
|
|
34
42
|
|
|
35
|
-
rules.each do |rule|
|
|
36
|
-
authorized &= instance_eval(
|
|
43
|
+
rules[:deny].each do |rule|
|
|
44
|
+
authorized &= !instance_eval(&rule)
|
|
37
45
|
end
|
|
38
46
|
|
|
39
47
|
authorized
|
|
40
48
|
end
|
|
41
49
|
end
|
|
50
|
+
|
|
51
|
+
protected
|
|
52
|
+
|
|
53
|
+
def field_authorization_rules(name)
|
|
54
|
+
{
|
|
55
|
+
allow: extract_rules(name, :allow_rules),
|
|
56
|
+
deny: extract_rules(name, :deny_rules),
|
|
57
|
+
}
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
def extract_rules(name, kind, descendant = nil)
|
|
61
|
+
rules = instance_variable_get(:"@#{kind}")
|
|
62
|
+
|
|
63
|
+
return rules[name] || [] if rules.any?
|
|
64
|
+
return [] if @parent.nil?
|
|
65
|
+
return [] if self == descendant
|
|
66
|
+
|
|
67
|
+
@parent.extract_rules(name, kind, self)
|
|
68
|
+
end
|
|
69
|
+
|
|
42
70
|
end
|
|
43
71
|
end
|
|
44
72
|
|
|
@@ -52,4 +80,3 @@ module RailsAdmin
|
|
|
52
80
|
end
|
|
53
81
|
end
|
|
54
82
|
end
|
|
55
|
-
|