rails_authorize 1.3.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -1
- data/Gemfile +2 -2
- data/Gemfile.lock +35 -33
- data/README.md +29 -0
- data/lib/rails_authorize.rb +3 -1
- data/lib/rails_authorize/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 69d1d987cbe8d85ecfc3e0a733f4cae85116735f4c7774d1cbef729a74f9ae56
|
4
|
+
data.tar.gz: 98706c573a2f51f84ee0f149be59f0c3d0cbe20cd3600e715ae3b0bfe978d68b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6f9d4fe71ac3e9cec3ad8f7f4cd43294777c42f93fea3591c8d457b8bf1f5961c2e421a2a54b3e83627960ee9e08945ca877cdad9b66e18b0c39edad36229b8b
|
7
|
+
data.tar.gz: '080621676991d0e6930f44a9e6405e722917d9969132a82c3c5d78327a997c22bec3487095e56729c433d2af4e324cf983cffc40d70cdba40b96b86dea636016'
|
data/.travis.yml
CHANGED
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,75 +1,77 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
rails_authorize (1.
|
4
|
+
rails_authorize (1.4.0)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
8
8
|
specs:
|
9
|
-
actionpack (
|
10
|
-
actionview (=
|
11
|
-
activesupport (=
|
9
|
+
actionpack (6.0.0)
|
10
|
+
actionview (= 6.0.0)
|
11
|
+
activesupport (= 6.0.0)
|
12
12
|
rack (~> 2.0)
|
13
13
|
rack-test (>= 0.6.3)
|
14
14
|
rails-dom-testing (~> 2.0)
|
15
|
-
rails-html-sanitizer (~> 1.0, >= 1.0
|
16
|
-
actionview (
|
17
|
-
activesupport (=
|
15
|
+
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
16
|
+
actionview (6.0.0)
|
17
|
+
activesupport (= 6.0.0)
|
18
18
|
builder (~> 3.1)
|
19
19
|
erubi (~> 1.4)
|
20
20
|
rails-dom-testing (~> 2.0)
|
21
|
-
rails-html-sanitizer (~> 1.
|
22
|
-
activesupport (
|
21
|
+
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
22
|
+
activesupport (6.0.0)
|
23
23
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
24
24
|
i18n (>= 0.7, < 2)
|
25
25
|
minitest (~> 5.1)
|
26
26
|
tzinfo (~> 1.1)
|
27
|
+
zeitwerk (~> 2.1, >= 2.1.8)
|
27
28
|
builder (3.2.3)
|
28
|
-
concurrent-ruby (1.
|
29
|
-
crass (1.0.
|
29
|
+
concurrent-ruby (1.1.5)
|
30
|
+
crass (1.0.5)
|
30
31
|
diff-lcs (1.3)
|
31
|
-
erubi (1.
|
32
|
-
i18n (1.
|
32
|
+
erubi (1.8.0)
|
33
|
+
i18n (1.6.0)
|
33
34
|
concurrent-ruby (~> 1.0)
|
34
|
-
loofah (2.
|
35
|
+
loofah (2.3.1)
|
35
36
|
crass (~> 1.0.2)
|
36
37
|
nokogiri (>= 1.5.9)
|
37
|
-
mini_portile2 (2.
|
38
|
+
mini_portile2 (2.4.0)
|
38
39
|
minitest (5.11.3)
|
39
|
-
nokogiri (1.
|
40
|
-
mini_portile2 (~> 2.
|
41
|
-
rack (2.0.
|
42
|
-
rack-test (1.
|
40
|
+
nokogiri (1.10.5)
|
41
|
+
mini_portile2 (~> 2.4.0)
|
42
|
+
rack (2.0.7)
|
43
|
+
rack-test (1.1.0)
|
43
44
|
rack (>= 1.0, < 3)
|
44
45
|
rails-dom-testing (2.0.3)
|
45
46
|
activesupport (>= 4.2.0)
|
46
47
|
nokogiri (>= 1.6)
|
47
|
-
rails-html-sanitizer (1.0
|
48
|
+
rails-html-sanitizer (1.2.0)
|
48
49
|
loofah (~> 2.2, >= 2.2.2)
|
49
50
|
rake (10.5.0)
|
50
|
-
rspec (3.
|
51
|
-
rspec-core (~> 3.
|
52
|
-
rspec-expectations (~> 3.
|
53
|
-
rspec-mocks (~> 3.
|
54
|
-
rspec-core (3.
|
55
|
-
rspec-support (~> 3.
|
56
|
-
rspec-expectations (3.
|
51
|
+
rspec (3.8.0)
|
52
|
+
rspec-core (~> 3.8.0)
|
53
|
+
rspec-expectations (~> 3.8.0)
|
54
|
+
rspec-mocks (~> 3.8.0)
|
55
|
+
rspec-core (3.8.2)
|
56
|
+
rspec-support (~> 3.8.0)
|
57
|
+
rspec-expectations (3.8.4)
|
57
58
|
diff-lcs (>= 1.2.0, < 2.0)
|
58
|
-
rspec-support (~> 3.
|
59
|
-
rspec-mocks (3.
|
59
|
+
rspec-support (~> 3.8.0)
|
60
|
+
rspec-mocks (3.8.1)
|
60
61
|
diff-lcs (>= 1.2.0, < 2.0)
|
61
|
-
rspec-support (~> 3.
|
62
|
-
rspec-support (3.
|
62
|
+
rspec-support (~> 3.8.0)
|
63
|
+
rspec-support (3.8.2)
|
63
64
|
thread_safe (0.3.6)
|
64
65
|
tzinfo (1.2.5)
|
65
66
|
thread_safe (~> 0.1)
|
67
|
+
zeitwerk (2.1.9)
|
66
68
|
|
67
69
|
PLATFORMS
|
68
70
|
ruby
|
69
71
|
|
70
72
|
DEPENDENCIES
|
71
|
-
actionpack (>=
|
72
|
-
activesupport (>=
|
73
|
+
actionpack (>= 5.0.0)
|
74
|
+
activesupport (>= 5.0.0)
|
73
75
|
bundler (~> 1.15)
|
74
76
|
rails_authorize!
|
75
77
|
rake (~> 10)
|
data/README.md
CHANGED
@@ -166,6 +166,35 @@ class PostPolicy < ApplicationPolicy
|
|
166
166
|
end
|
167
167
|
```
|
168
168
|
|
169
|
+
## Use without target
|
170
|
+
|
171
|
+
Sometimes you need to authorize a controller action that it doesn't use a model to authorize.
|
172
|
+
|
173
|
+
For this situations you can omit `target` and pass only options with `policy` to `authorize`:
|
174
|
+
|
175
|
+
```ruby
|
176
|
+
# app/controllers/custom_controller.rb
|
177
|
+
|
178
|
+
class CustomController
|
179
|
+
def show
|
180
|
+
authorize policy: CustomPolicy
|
181
|
+
...
|
182
|
+
end
|
183
|
+
end
|
184
|
+
```
|
185
|
+
|
186
|
+
```ruby
|
187
|
+
# app/policies/custom_policy.rb
|
188
|
+
|
189
|
+
class CustomPolicy < ApplicationPolicy
|
190
|
+
def show?
|
191
|
+
# target is nil
|
192
|
+
...
|
193
|
+
end
|
194
|
+
end
|
195
|
+
```
|
196
|
+
|
197
|
+
|
169
198
|
## Strong parameters
|
170
199
|
|
171
200
|
Rails uses [strong_parameters](http://edgeguides.rubyonrails.org/action_controller_overview.html#strong-parameters) to handle mass-assignment protection in the controller. With this gem you can control which attributes a user has access via your policies.
|
data/lib/rails_authorize.rb
CHANGED
@@ -35,6 +35,8 @@ module RailsAuthorize
|
|
35
35
|
# @return [Object] the passed target
|
36
36
|
#
|
37
37
|
def authorize(target, options={})
|
38
|
+
return authorize(nil, target) if target.is_a?(Hash)
|
39
|
+
|
38
40
|
action = options.delete(:action) || "#{action_name}?"
|
39
41
|
policy = policy(target, options)
|
40
42
|
|
@@ -42,7 +44,7 @@ module RailsAuthorize
|
|
42
44
|
|
43
45
|
@_policy_authorized = true
|
44
46
|
|
45
|
-
target
|
47
|
+
target || true
|
46
48
|
end
|
47
49
|
|
48
50
|
##
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rails_authorize
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- rjurado01
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2019-11-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|