RubyGems - rbac_rls - Versions diffs - 0.1.0 → 0.1.2 - Mend

rbac_rls 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

checksums.yaml +4 -4
data/README.md +13 -0
data/app/controllers/concerns/helper_methods_permission.rb +26 -0
data/app/models/concerns/manage_rls_migration_concern.rb +33 -0
data/app/models/rbac_rls/group_permission.rb +28 -8
data/app/models/rbac_rls/permission.rb +9 -13
data/app/models/rbac_rls/settings.rb +3 -0
data/app/views/rbac_rls/home/index.html.erb +1 -1
data/db/migrate/20220411133054_create_rbac_rls_permissions.rb +1 -0
data/db/migrate/20220912104929_create_rbac_rls_group_permissions.rb +1 -0
data/db/migrate/20220914004803_create_basic_permissions_for_application_acess.rb +2 -2
data/lib/generators/rbac_rls/templates/group_permission_migration.rb +10 -4
data/lib/generators/rbac_rls/templates/rls_migration.rb +9 -3
data/lib/generators/rbac_rls/templates/rls_migration.rb.erb +11 -4
data/lib/generators/rbac_rls/templates/rls_migration2.rb.erb +2 -1
data/lib/rbac_rls/engine.rb +1 -0
data/lib/rbac_rls/version.rb +1 -1
data/lib/rbac_rls.rb +13 -1
data/lib/tasks/rbac_rls_tasks.rake +55 -4
metadata +7 -19
data/config/setup.rb +0 -0

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3bc52fa4bdbbc44cf0d4b6ede8d4d142458a169baed9767a30c1f6549a827520
-  data.tar.gz: d289b6293db261f8643b702a70c0f8d9affd094385a898e299f1e7b7d6966c25
+  metadata.gz: 7ec44866c989046890add9f57eafc781f16a3774e54858a5f4996498fa2e96cb
+  data.tar.gz: 1f349e1e5e4011768758345c95349984b0910d33f1652245225217fd7133a83f
 SHA512:
-  metadata.gz: 6a7d8a952d7bbb5af6eedee3338ffd0ff76e71384eb82a2c7e0010f58855519cccb653e6b28e5ec29358b0c4a5f700d9663dfe0a372097d1fb2040ea60a5ff9c
-  data.tar.gz: ae99e701a1bce22e40993385b0f0644a6c49f2aa8e496cf7ed57cd4808133eb8d3ffeb15f70768389728321ddcd741184716a992f35e45dd0cad3aad9fa8528f
+  metadata.gz: 86ab0f00de6b4291edbdc4bfb3a8b18a9430af2bd9b3043de979731c9209314be6ba05ac5f8d58f10242957c67947203addc5c8c96d428c9960618af105e8043
+  data.tar.gz: 43438f64d3cc5ba86face84828579bc9556e5e81cf0731f0c2aba6edc04abf0cb7f877340934c1e4c86cf5c50055a184e1c6e2b4736801ec1148df60f7b2d1f6

data/README.md CHANGED Viewed

@@ -30,6 +30,19 @@ And then add in your application_record.rb and application_controller.rb:
  include ConnectionRls
  include ConnectionRlsUser
 ```
+```bash
+ crie um novo everioniment para rodar as migrations
+ por exemplo: duplique um arquivo de  app/config/environments  configure o deu database.yml com o env
+ exemplo:
+     -----------
+     migrations:
+      <<: *default
+      database: main_app_development
+      username: username
+      password: password
+     -----------
+```
 And then run this command:
 ```bash

data/app/controllers/concerns/helper_methods_permission.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module HelperMethodsPermission
+  extend ActiveSupport::Concern
+  included do
+    def has_permission?(type = nil)
+      if type == :read
+        # and type == :owner_read and type == :owner_change and type == :owner_remove
+      end
+      if type == :write
+      end
+      if type == :change
+      end
+      if type == :remove
+      end
+    end
+  end
+  class_methods do
+  end
+end

data/app/models/concerns/manage_rls_migration_concern.rb ADDED Viewed

@@ -0,0 +1,33 @@
+module ManageRlsMigrationConcern
+  extend ActiveSupport::Concern
+  class_methods {}
+  included { after_destroy :delete_nested_policy }
+  def delete_nested_policy
+    down_migrate()
+    delete_file(get_migration_file_path)
+  end
+  def down_migrate(file_version = migration_version)
+    return true if system(Settings.down_migrate_command(file_version))
+    false
+  end
+  def get_migration_file_path(file_name = migration_version)
+    path = Rails.root.join('db', 'migrate', "#{file_name}*").to_s
+    file_path = Dir[path]&.first
+    file_path.to_s
+  end
+  def delete_file(path)
+    deleted = false
+    if File.exist?(path)
+      File.delete(path)
+      deleted = !File.exist?(path)
+    end
+    deleted
+  end
+end

data/app/models/rbac_rls/group_permission.rb CHANGED Viewed

@@ -1,20 +1,40 @@
 module RbacRls
   class GroupPermission < ApplicationRecord
+    include ManageRlsMigrationConcern
     self.table_name = :group_permissions
     belongs_to :permission
     belongs_to :group
-    after_save :create_group_rls_policy
+    after_validation :create_group_rls_policy
     #rails generate rbac_rls:group_permission table_name description:table_key 'produto':table_value
     def create_group_rls_policy
-      cmd = ""
-      if self.permission.table_name.present? and self.table_key.present? and self.table_value.present?
-        cmd = "rails generate rbac_rls:group_permission #{self.permission.table_name} '#{self.table_key}':table_key '#{self.table_value}':table_value"
+      if permission.table_name.present? and table_key.present? and table_value.present?
+        cmd = -> { "rails generate rbac_rls:group_permission #{permission.table_name} '#{table_key}':table_key '#{table_value}':table_value" }
+        migraion_generated = false
+        migraion_generated = system(cmd.===) if new_record?
+        migraion_generated = system(cmd.===) if persisted? and database_changed? and drop_policy()
+        if migraion_generated
+          system(Settings.run_migrate_command)
+          self.migration_version = ActiveRecord::Migrator.current_version
+        end
       end
-      if cmd.present?
-        system(cmd)
-        system('rake db:migrate RAILS_ENV=migrations')
+    end
+    def drop_policy()
+      r_value = false
+      r_value = true if migration_version.nil?
+      if persisted? && delete_nested_policy()
+        self.migration_version = nil
+        r_value = true
       end
+      r_value
     end
+    def database_changed?
+      attrs_in_database = self.class.find(id).attributes
+      attributes != attrs_in_database
+    end
   end
-end
+end

data/app/models/rbac_rls/permission.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 class RbacRls::Permission < ApplicationRecord
+  include ManageRlsMigrationConcern
   self.table_name = :permissions
   belongs_to :permission, :class_name => 'RbacRls::Permission', optional: true
   has_many :role_permissions, :class_name => 'RbacRls::RolePermission'
@@ -10,10 +10,10 @@ class RbacRls::Permission < ApplicationRecord
   validates_uniqueness_of :name, message: "This permission already exists"
   validates_presence_of :table_name
   before_validation :set_permission_name
-  after_commit :create_rls_policy
+  after_validation :create_rls_policy
-  def self.all_tables(schema = :public)
+  def self.all_tables(schema = :public)
     sql = "SELECT table_name FROM information_schema.tables #{where_schema(schema)} "
     result = ActiveRecord::Base.connection.select_all(sql)
     tables = result.map { |k| k['table_name'] }
@@ -40,18 +40,13 @@ class RbacRls::Permission < ApplicationRecord
       cmd += " delete:role " if remove.present?
       cmd
     end
-    type_options = -> () do
-      cmd = ""
-      cmd += " --permission_identifier #{self.id} " if self.id.present?
-      cmd
-    end
-    if (type_policies.===).present? and (type_options.===).present? &&
-      RbacRls::Permission.all.map(&:table_name).exclude?(table_name)
+    type_options = -> () { " --permission_identifier #{self.id} " if self.id.present? }
+    if RbacRls::Permission.all.map(&:table_name).exclude?(table_name) && migration_version.nil?
       cmd = "rails generate rbac_rls:custom_migration  #{table_name}  #{type_policies.===} #{type_options.===}"
-      system(cmd)
-      system('rake db:migrate RAILS_ENV=migrations')
+      if system(cmd) && system(Settings.run_migrate_command)
+        self.migration_version = ActiveRecord::Migrator.current_version
+      end
     end
   end
@@ -65,4 +60,5 @@ class RbacRls::Permission < ApplicationRecord
   def has_role_permission?() end
 end

data/app/models/rbac_rls/settings.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module Settings
+end

data/app/views/rbac_rls/home/index.html.erb CHANGED Viewed

@@ -1,7 +1,7 @@
 <div role="main">
   <div class="jumbotron">
     <div class="container">
-      <h1 class="display-3">RBAC RLS GEM <i class="fas fa-gem"></i></h1>
+      <h1 class="display-3">GRANAR <i class="fas fa-gem"></i></h1>
       <p>This is a GEM based on RBAC and RLS, to control users' access to information</p>
     </div>
     <hr>

data/db/migrate/20220411133054_create_rbac_rls_permissions.rb CHANGED Viewed

@@ -10,6 +10,7 @@ class CreateRbacRlsPermissions < ActiveRecord::Migration[7.0]
       t.boolean :owner_read, default: false
       t.boolean :owner_change, default: false
       t.boolean :owner_remove, default: false
+      t.string :migration_version, default: nil
       t.references :permission, null: true, index: true
       t.timestamps

data/db/migrate/20220912104929_create_rbac_rls_group_permissions.rb CHANGED Viewed

@@ -5,6 +5,7 @@ class CreateRbacRlsGroupPermissions < ActiveRecord::Migration[7.0]
       t.references :group, null: false, foreign_key: true
       t.string :table_key, null: false, limit: 60
       t.string :table_value, null: false, limit: 60
+      t.string :migration_version, default: nil
       t.timestamps
     end

data/db/migrate/20220914004803_create_basic_permissions_for_application_acess.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 class CreateBasicPermissionsForApplicationAcess < ActiveRecord::Migration[7.0]
   def change
     schema = 'public'
-    user = 'app_user'
+    user = RbacRls::Settings.application_db_user
     where_schema = ->(schema_name = nil) do
       schema_name.present? ? "WHERE table_schema  = '#{schema_name}'" : ''
     end
@@ -13,6 +13,6 @@ class CreateBasicPermissionsForApplicationAcess < ActiveRecord::Migration[7.0]
       execute "GRANT ALL PRIVILEGES on #{schema}.#{table}  TO #{user}"
     end
-    execute 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO app_user'
+    execute "GRANT USAGE ON ALL SEQUENCES IN SCHEMA public TO  #{RbacRls::Settings.application_db_user}"
   end
 end

data/lib/generators/rbac_rls/templates/group_permission_migration.rb CHANGED Viewed

@@ -21,7 +21,7 @@ class Create<%= "#{"#{name}#{options[:identifier]}".camelize}" %>Gpolicy < Activ
 def change
   <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-  db_role = "app_user"
+  db_role = "#{RbacRls::Settings.application_db_user}"
   permission_id =  options[:permission_identifier]
   owner_rls_policy = ->(type){
     if type.to_sym != :insert
@@ -53,17 +53,18 @@ def change
       WHERE (p.\"#{type_polices[type.to_sym]}\")
       AND p.table_name = '#{gen_table_name}'
     )
-) #{owner_rls_policy[type]}  ) and  #{table_key.to_s} LIKE '%#{table_value}%'
+) #{owner_rls_policy[type]}  ) and CAST( #{table_key.to_s} AS TEXT) LIKE '%#{table_value}%'
   "
   }
   %>
     <% %i(insert select update delete).each  do |attr| %>
-  execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
-  execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
   reversible do |dir|
     dir.up do
+      execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
+      execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
       <%if  attr.to_sym  ==:insert  %>
         execute <<-SQL
           <%= "CREATE POLICY #{policy_name.(name, attr.to_sym)} ON #{name} for  #{attr.to_s} TO #{db_role} with check  (#{constraint_for_rls[attr.to_s]})" %>
@@ -74,6 +75,11 @@ def change
       SQL
       <%end%>
     end
+    dir.down do
+      execute <<-SQL
+          <%= "DROP POLICY #{policy_name.(name, attr.to_sym)} ON #{name}" %>
+      SQL
+    end
   end
   <% end %>

data/lib/generators/rbac_rls/templates/rls_migration.rb CHANGED Viewed

@@ -18,7 +18,7 @@ class Create<%= "#{name.underscore.camelize}#{options[:permission_identifier]}"
 def change
   <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-  db_role = "app_user"
+  db_role =  RbacRls::Settings.application_db_user
   permission_id =  options[:permission_identifier]
   owner_rls_policy = ->(type){
     if type.to_sym != :insert
@@ -58,10 +58,11 @@ def change
     <% %i(insert select update delete).each  do |attr| %>
-  execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
-  execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
   reversible do |dir|
     dir.up do
+      execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
+      execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
       <%if  attr.to_sym  ==:insert  %>
         execute <<-SQL
           <%= "CREATE POLICY #{policy_name.(name, attr.to_sym)} ON #{name} for  #{attr.to_s} TO #{db_role} with check  (#{constraint_for_rls[attr.to_s]})" %>
@@ -72,6 +73,11 @@ def change
       SQL
       <%end%>
     end
+    dir.down do
+      execute <<-SQL
+          <%= "DROP POLICY #{policy_name.(name, attr.to_sym)} ON #{name}" %>
+      SQL
+    end
   end
   <% end %>

data/lib/generators/rbac_rls/templates/rls_migration.rb.erb CHANGED Viewed

@@ -8,12 +8,14 @@ type_polices_owner = {insert: :owner_write,select: :owner_read,update: :owner_ch
 %>
-class Create<%= "#{name.underscore.camelize}" %>Policy<%="#{}" %> < ActiveRecord::Migration[7.0]
+class Create <%= "#{name.underscore.camelize}" %>
+  Policy <%="#{}" %> < ActiveRecord::Migration[7.0]
   def change
     <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-    db_role = "app_user"
+    db_role =  RbacRls::Settings.application_db_user
     permission_id =  options[:permission_identifier]
     constraint_for_rls = ->(type) {"
@@ -44,8 +46,8 @@ class Create<%= "#{name.underscore.camelize}" %>Policy<%="#{}" %> < ActiveRecord
     }
     %>
     <% %i(insert select update delete).each  do |attr| %>
-    execute '<%="GRANT  #{attr} ON #{name} TO #{db_role}"%>'
-    execute '<%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %>'
+    execute ' <%="GRANT  #{attr} ON #{name} TO #{db_role}"%> '
+    execute ' <%= "ALTER TABLE #{name} ENABLE ROW LEVEL SECURITY" %> '
     reversible do |dir|
       dir.up do
         <%if  attr.to_sym  ==:insert  %>
@@ -58,6 +60,11 @@ class Create<%= "#{name.underscore.camelize}" %>Policy<%="#{}" %> < ActiveRecord
         SQL
         <%end%>
       end
+      dir.down do
+        execute <<-SQL
+          <%= "DROP POLICY #{policy_name.(name, attr.to_sym)} ON #{name}" %>
+        SQL
+      end
     end
     <% end %>
   end

data/lib/generators/rbac_rls/templates/rls_migration2.rb.erb CHANGED Viewed

@@ -17,7 +17,8 @@ class Create<%= "#{name.underscore.camelize}#{options[:permission_identifier]}"
   def change
     <%
             policy_name = ->(table_name,method) {  "p#{time_now}#{table_name}#{method}"[0,limit_policy_name] }
-    db_role = "app_user"
+    db_role =  RbacRls::Settings.application_db_user
     permission_id =  options[:permission_identifier]
     owner_rls_policy = ->(type){
       if type.to_sym != :insert

data/lib/rbac_rls/engine.rb CHANGED Viewed

@@ -10,6 +10,7 @@ require 'vanilla_nested/view_helpers'
 module RbacRls
   class Engine < ::Rails::Engine
     isolate_namespace RbacRls
     # initializer "rbac_rls.precompile" do |app|

data/lib/rbac_rls/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RbacRls
-  VERSION = "0.1.0"
+  VERSION = "0.1.2"
 end

data/lib/rbac_rls.rb CHANGED Viewed

@@ -2,5 +2,17 @@ require "rbac_rls/version"
 require "rbac_rls/engine"
 module RbacRls
-  # Your code goes here...
+  module Settings
+    def self.run_migrate_command
+      "rake db:migrate RAILS_ENV=migrations"
+    end
+    def self.down_migrate_command(version = nil)
+      "rake db:migrate:down VERSION=#{version} RAILS_ENV=migrations"
+    end
+    def self.application_db_user
+      "app_user"
+    end
+  end
 end

data/lib/tasks/rbac_rls_tasks.rake CHANGED Viewed

@@ -1,4 +1,55 @@
-# desc "Explaining what the task does"
-# task :rbac_rls do
-#   # Task goes here
-# end
+desc "Explaining what the task does"
+task :rbac_rls do
+  #frozen_string_literal: true
+  desc 'Uninstall gem'
+  task :uninstall_gem => :environment do
+    cmds = ['ALTER TABLE products DISABLE ROW LEVEL SECURITY']
+    permissions = RbacRls::Permission.all.map(&:migration_version)
+    basic_permissions = ["20220411125339",
+                         "20220912104712",
+                         "20220411125613",
+                         "20220912104929",
+                         "20220411133054",
+                         "20220914004802",
+                         "20220425212731",
+                         "20220914004803",]
+    create_rbac_rls_roles.rbac_rls.rb from rbac_rls
+    create_rbac_rls_user_roles.rbac_rls.rb from rbac_rls
+    create_rbac_rls_permissions.rbac_rls.rb from rbac_rls
+    create_role_permissions.rbac_rls.rb from rbac_rls
+    create_rbac_rls_groups.rbac_rls.rb from rbac_rls
+    create_rbac_rls_group_permissions.rbac_rls.rb from rbac_rls
+    create_rbac_rls_group_users.rbac_rls.rb from rbac_rls
+    create_basic_permissions_for_application_acess.rbac_rls.rb
+    versions = permissions + basic_permissions
+    for migration in versions
+      system(RbacRls::Settings.down_migrate_command(migration))
+      delete_file(get_migration_file_path(migration))
+    end
+    for cmd in cmds
+      ActiveRecord::Base.connection.execute(cmd)
+    end
+  end
+  def get_migration_file_path(file_name = migration_version)
+    path = Rails.root.join('db', 'migrate', "#{file_name}*").to_s
+    file_path = Dir[path]&.first
+    file_path.to_s
+  end
+  def delete_file(path)
+    deleted = false
+    if File.exist?(path)
+      File.delete(path)
+      deleted = !File.exist?(path)
+    end
+    deleted
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbac_rls
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.2
 platform: ruby
 authors:
 - FilipeBeserraMaia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-09-29 00:00:00.000000000 Z
+date: 2022-10-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -66,20 +66,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: Description of RbacRls.
 email:
 - filipeifgcc@gmail.com
@@ -94,6 +80,7 @@ files:
 - app/assets/javascripts/rbac_rls/application.js
 - app/assets/stylesheets/rbac_rls/application.css.scss
 - app/controllers/concerns/connection_rls_user_concern.rb
+- app/controllers/concerns/helper_methods_permission.rb
 - app/controllers/rbac_rls/application_controller.rb
 - app/controllers/rbac_rls/groups_controller.rb
 - app/controllers/rbac_rls/home_controller.rb
@@ -106,6 +93,7 @@ files:
 - app/jobs/rbac_rls/application_job.rb
 - app/mailers/rbac_rls/application_mailer.rb
 - app/models/concerns/connection_rls_concern.rb
+- app/models/concerns/manage_rls_migration_concern.rb
 - app/models/rbac_rls/application_record.rb
 - app/models/rbac_rls/group.rb
 - app/models/rbac_rls/group_permission.rb
@@ -113,6 +101,7 @@ files:
 - app/models/rbac_rls/permission.rb
 - app/models/rbac_rls/role.rb
 - app/models/rbac_rls/role_permission.rb
+- app/models/rbac_rls/settings.rb
 - app/models/rbac_rls/user_role.rb
 - app/views/layouts/rbac_rls/application.html.erb
 - app/views/rbac_rls/groups/_form.html.erb
@@ -142,7 +131,6 @@ files:
 - config/assets.rb
 - config/importmap.rb
 - config/routes.rb
-- config/setup.rb
 - db/migrate/20220411125339_create_rbac_rls_roles.rb
 - db/migrate/20220411125613_create_rbac_rls_user_roles.rb
 - db/migrate/20220411133054_create_rbac_rls_permissions.rb
@@ -162,12 +150,12 @@ files:
 - lib/rbac_rls/engine.rb
 - lib/rbac_rls/version.rb
 - lib/tasks/rbac_rls_tasks.rake
-homepage: https://rubygems.org/rbac_rls
+homepage: https://rubygems.org/granar
 licenses:
 - MIT
 metadata:
   allowed_push_host: https://rubygems.org/
-  homepage_uri: https://rubygems.org/rbac_rls
+  homepage_uri: https://rubygems.org/granar
   source_code_uri: https://gitlab.com/FilipeBeserraMaia/rbac_rls
   changelog_uri: https://gitlab.com/FilipeBeserraMaia/rbac_rls
 post_install_message:

data/config/setup.rb DELETED Viewed

File without changes