RubyGems - rails_authorize - Versions diffs - 1.2.0 → 1.3.0 - Mend

rails_authorize 1.2.0 → 1.3.0

Files changed (7) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/Gemfile.lock +1 -1
data/README.md +32 -0
data/lib/rails_authorize.rb +52 -0
data/lib/rails_authorize/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1bc7528dc0f49e6b7c2c98175fd00c9cd45f8d0cb69b17b9f223e560284415ec
-  data.tar.gz: 6454b3b867b16b01e46695399d82ecf9792419d98f8d9897aa486046972a724a
+  metadata.gz: 2cb3884b42e51fd374efd4ec6ab32722c9768b21c8fa231ab596cc13ce4f1c3f
+  data.tar.gz: 8f09efa6582611bc97096f239c577a0fcc9aedd89c7743569e5ac4d63ffc5270
 SHA512:
-  metadata.gz: 0b7dec8d13ea8a5cdbd07752d10c16a64e89d3292bd030fc67da557de10a937aca5e84c7d80d2f10209033c48630cdd43b542d22cc613b0dbac820dedbe56e8e
-  data.tar.gz: e3fc2ff683d0d0f9164e1cc19f24178be850286062270924bbc30b716c7c1c56ff7abbce7a8ac3ceaa696db98e473664c08ed72a4ea8915f33d9ea12d81149c3
+  metadata.gz: 5986cf3067bf081ae0568a047f1f42ce92a001dff3f1697517b71bd8321ec34f318774b1db53def84825aaa60c6228cd227ec17799ba76ec22f16ce891b13569
+  data.tar.gz: efb24985a05d4e0cb98f7864d7c0d24c17b0befdcf9ffe71368891e77500fffc6874ff4bf7a7fe412de03ba40b9cd131102f13b5f7a333c9adfee6df20148cc1

data/.gitignore CHANGED

@@ -6,6 +6,7 @@
 /pkg/
 /spec/reports/
 /tmp/
+*.gem
 # rspec failure tracking
 .rspec_status

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    rails_authorize (1.2.0)
+    rails_authorize (1.3.0)
 GEM
   remote: https://rubygems.org/

data/README.md CHANGED

@@ -1,4 +1,5 @@
 # RailsAuthorize
+[![Gem Version](https://badge.fury.io/rb/rails_authorize.svg)](https://badge.fury.io/rb/rails_authorize)
 ![Build Status](https://travis-ci.org/rjurado01/rails_authorize.svg?branch=master)
 Simple and flexible authorization Rails system inspired by Pundit.
@@ -230,6 +231,37 @@ class PostPolicy < ApplicationPolicy
   end
 end
 ```
+## Ensuring authorization and scoping are performed
+In certain kind of applications where almost all or even the whole application is private, in each of the actions you have to make sure that authorization is performed. To make sure that developers perform authorization, RailsAuthorize provides two methods. `verify_authorized` makes sure that authorization is performed, and likewise `verify_policy_scoped` checks that scoping is performed
+Both methods are mainly aimed to be called on `after_action`.
+```ruby
+class ApplicationController < ActionController::Base
+  include RailsAuthorize
+  after_action :verify_authorized, except: :index
+  after_action :verify_policy_scoped, only: :index
+end
+```
+### Skipping verification
+If you're using `verify_authorized` in your controllers but need to conditionally bypass verification, you can use `skip_authorization`. For bypassing `verify_policy_scoped`, use `skip_policy_scope`.
+```ruby
+def create
+  record = Record.new(attributes)
+  if record.valid?
+    authorize record
+  else
+    skip_authorization
+  end
+end
+```
+## Rspec
+For writing expressive tests for your policies in RSpec you can use this gem: [rails_authorize_matchers](https://github.com/pacop/rails_authorize_matchers)
 ## Development

data/lib/rails_authorize.rb CHANGED

@@ -3,6 +3,8 @@ require 'rails_authorize/version'
 module RailsAuthorize
   # Error that will be raised when authorization has failed
   class NotAuthorizedError < StandardError; end
+  class AuthorizationNotPerformedError < StandardError; end
+  class ScopingNotPerformedError < StandardError; end
   ##
   # Finds policy class for given target and returns new instance
@@ -38,6 +40,8 @@ module RailsAuthorize
     raise(NotAuthorizedError) unless policy.public_send(action)
+    @_policy_authorized = true
     target
   end
@@ -50,6 +54,8 @@ module RailsAuthorize
   # @return [Scope] policy scope
   #
   def policy_scope(target, options={})
+    @_policy_scoped = true
     policy(target, options).scope
   end
@@ -69,6 +75,8 @@ module RailsAuthorize
     raise(NotAuthorizedError) unless policy.public_send(action)
+    @_policy_scoped = @_policy_authorized = true
     policy.scope
   end
@@ -100,4 +108,48 @@ module RailsAuthorize
     params.require(param_key).permit(*policy.public_send(method_name))
   end
+  # Raises an error if authorization has not been performed
+  #
+  # @raise [AuthorizationNotPerformedError] if authorization has not been performed
+  # @return [void]
+  def verify_authorized
+    raise AuthorizationNotPerformedError, self.class unless policy_authorized?
+  end
+  # Allow this action not to perform authorization.
+  #
+  # @return [void]
+  def skip_authorization
+    @_policy_authorized = true
+  end
+  # Raises an error if policy scoping has not been performed
+  #
+  # @raise [AuthorizationNotPerformedError] if policy scoping has not been performed
+  # @return [void]
+  def verify_policy_scoped
+    raise ScopingNotPerformedError, self.class unless policy_scoped?
+  end
+  # Allow this action not to perform policy scoping.
+  #
+  # @return [void]
+  def skip_policy_scope
+    @_policy_scoped = true
+  end
+  protected
+  # @return [Boolean] whether authorization has been performed, i.e. whether
+  #                   one {#authorize} or {#skip_authorization} has been called
+  def policy_authorized?
+    @_policy_authorized == true
+  end
+  # @return [Boolean] whether policy scoping has been performed, i.e. whether
+  #                   one {#policy_scope} or {#skip_policy_scope} has been called
+  def policy_scoped?
+    @_policy_scoped == true
+  end
 end

data/lib/rails_authorize/version.rb CHANGED

@@ -1,3 +1,3 @@
 module RailsAuthorize
-  VERSION = "1.2.0"
+  VERSION = "1.3.0"
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rails_authorize
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - rjurado01
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-07-12 00:00:00.000000000 Z
+date: 2018-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler