read_only_filter 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +88 -0
- data/lib/read_only_filter.rb +100 -0
- data/lib/read_only_filter/version.rb +5 -0
- metadata +47 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 7af0ff983d8e3ddb75eb157e1f385e58fc212b8b
|
4
|
+
data.tar.gz: cc921c61272abb4a06d6ba90c9a59d520b6dca91
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 43394c6948a88c20bf556452d08c0c40f28c52faab160fa4ecebef4f27680af57948fe6cf53e91adfbe4fcbd5f93f18833b4347bea388c8779d9d1427ec0046c
|
7
|
+
data.tar.gz: 8a5eb8c0da8af2f356faadc48657569fcdab937f8f5396caa97ef3a095143982dd8157a2957ff8fab47911639d1e0ab567b9bed1f0d54deee2f4bacfb3069054
|
data/README.md
ADDED
@@ -0,0 +1,88 @@
|
|
1
|
+
# ReadOnlyFilter::Rails
|
2
|
+
|
3
|
+
Read only support for Rails ActiveController, allows for protection of controller actions from write by preventing access to the `:create :update :destroy` actions.
|
4
|
+
|
5
|
+
By default read only filter redirects back with a flash error message. However redirects to 403, 404 or 500 status code error pages are available through custom options.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'read_only_filter', '~> 1.0.0'
|
13
|
+
```
|
14
|
+
|
15
|
+
|
16
|
+
And then execute:
|
17
|
+
|
18
|
+
$ bundle install
|
19
|
+
|
20
|
+
Or install it yourself as:
|
21
|
+
|
22
|
+
$ gem install read_only_filter
|
23
|
+
|
24
|
+
|
25
|
+
## Using read only filter
|
26
|
+
|
27
|
+
Just follow these simple steps to enable read only protection of your `:create :update :destroy` actions in all controllers in your rails project.
|
28
|
+
|
29
|
+
1. ####Add support for read only filter to your project:
|
30
|
+
|
31
|
+
In order to add support for read only protected controllers to your project you will
|
32
|
+
need to create an initializer file in your projects config initializers directory.
|
33
|
+
|
34
|
+
```ruby
|
35
|
+
# config/initializers/read_only_filter.rb
|
36
|
+
require 'read_only_filter'
|
37
|
+
```
|
38
|
+
|
39
|
+
one liner:
|
40
|
+
|
41
|
+
```
|
42
|
+
$ echo "require 'read_only_filter'" > config/initializers/read_only_filter.rb
|
43
|
+
```
|
44
|
+
|
45
|
+
2. ####Enable read only filter in your project:
|
46
|
+
|
47
|
+
Enable should be triggered early in your controllers before_filters, such as
|
48
|
+
your `:signed_in_user` or other authentication filter.
|
49
|
+
|
50
|
+
```ruby
|
51
|
+
@read_only_enabled = true
|
52
|
+
```
|
53
|
+
|
54
|
+
It can also be enabled from a user flag to mark specific users as read_only.
|
55
|
+
|
56
|
+
```ruby
|
57
|
+
@read_only_enabled = current_user.read_only
|
58
|
+
```
|
59
|
+
|
60
|
+
|
61
|
+
3. ####Customize the way read only filter works:
|
62
|
+
|
63
|
+
Add additional methods to protect besides the defaults. Optionally exclude a default `:update` action. The following examples can be added to the top of any rails controller.
|
64
|
+
|
65
|
+
```ruby
|
66
|
+
read_only only: [:index, :show], except: [:update]
|
67
|
+
```
|
68
|
+
Use custom status codes and redirect messages.
|
69
|
+
|
70
|
+
```ruby
|
71
|
+
read_only render_error: [:create,:udpate], status_code: 404
|
72
|
+
```
|
73
|
+
|
74
|
+
|
75
|
+
|
76
|
+
## Contributing
|
77
|
+
|
78
|
+
1. Fork it
|
79
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
80
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
81
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
82
|
+
5. Create new Pull Request
|
83
|
+
|
84
|
+
|
85
|
+
## Copyright
|
86
|
+
|
87
|
+
Copyright (c) 2013 @geothird. See LICENSE.txt for
|
88
|
+
further details.
|
@@ -0,0 +1,100 @@
|
|
1
|
+
module ReadOnlyFilter
|
2
|
+
# By Default read only protects create/update/destroy actions
|
3
|
+
DEF_METHODS = { create: true, update: true, destroy: true }
|
4
|
+
|
5
|
+
# Default RoutingError
|
6
|
+
DEF_CODE = 404
|
7
|
+
|
8
|
+
# Default flash error message
|
9
|
+
DEF_MSG = 'Access Denied.'
|
10
|
+
|
11
|
+
# Override base module to include attributes and process_action
|
12
|
+
# methods to allow for adding a before filter after class
|
13
|
+
# specific before_filters
|
14
|
+
ActionController::Base.module_eval do
|
15
|
+
# Turn read only on or off true/false
|
16
|
+
attr_accessor :read_only_enabled
|
17
|
+
|
18
|
+
class << self
|
19
|
+
# attr for storing methods marked read only
|
20
|
+
attr_accessor :read_only_methods, :status_code_methods,
|
21
|
+
:status_code, :redirect_msg
|
22
|
+
|
23
|
+
# initialize
|
24
|
+
def __init_params
|
25
|
+
@status_code_methods ||= {}
|
26
|
+
@read_only_methods ||= ReadOnlyFilter::DEF_METHODS.dup
|
27
|
+
@status_code ||= ReadOnlyFilter::DEF_CODE
|
28
|
+
@redirect_msg ||= ReadOnlyFilter::DEF_MSG
|
29
|
+
end
|
30
|
+
# Read only sets up additional methods to be filtered
|
31
|
+
# see read_only_method
|
32
|
+
#
|
33
|
+
# Usage: read_only only: [:index, :show], except: [:update]
|
34
|
+
# Usage: read_only render_error: [:create,:udpate], status_code: 404
|
35
|
+
#
|
36
|
+
def read_only(args)
|
37
|
+
__init_params
|
38
|
+
if args
|
39
|
+
# include methods
|
40
|
+
if args[:only]
|
41
|
+
args[:only].each do |one|
|
42
|
+
@read_only_methods[one] = true
|
43
|
+
end
|
44
|
+
end
|
45
|
+
# except methods
|
46
|
+
if args[:except]
|
47
|
+
args[:except].each do |ext|
|
48
|
+
@read_only_methods.delete(ext)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
# raise methods
|
52
|
+
if args[:render_error]
|
53
|
+
args[:render_error].each do |red|
|
54
|
+
@status_code_methods[red] = true
|
55
|
+
end
|
56
|
+
end
|
57
|
+
# status code
|
58
|
+
if args[:status_code]
|
59
|
+
@status_code = args[:status_code]
|
60
|
+
end
|
61
|
+
# redirect message
|
62
|
+
if args[:redirect_msg]
|
63
|
+
@redirect_msg = args[:redirect_msg]
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
# Override process_action to add before_filter after others
|
69
|
+
def process_action(method_name, *args)
|
70
|
+
ActionController::Base.before_filter :read_only_method
|
71
|
+
super
|
72
|
+
end
|
73
|
+
# Read only method is a before filter that prevents access
|
74
|
+
# to controllers based on if the controller is setup
|
75
|
+
# to be read only `read_only_enabled` and if the method
|
76
|
+
# is marked as read only through the read_only_methods attribute.
|
77
|
+
#
|
78
|
+
# By default read only redirects back with an error message
|
79
|
+
# To include instead render status code error template see usage.
|
80
|
+
#
|
81
|
+
def read_only_method
|
82
|
+
if @read_only_enabled
|
83
|
+
# Setup defaults if not already initialized
|
84
|
+
self.class.__init_params
|
85
|
+
|
86
|
+
# Redirect to :back or render status_code page
|
87
|
+
if self.class.read_only_methods[params[:action].to_sym]
|
88
|
+
if self.class.status_code_methods[params[:action].to_sym]
|
89
|
+
render(file: File.join(Rails.root, "public/#{self.class.status_code}.html"),
|
90
|
+
status: self.class.status_code, layout: false) and return
|
91
|
+
else
|
92
|
+
redirect_to :back, flash: { error: self.class.redirect_msg} and return
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
# Extend action controller base with ReadOnlyFilter module
|
100
|
+
ActionController::Base.send(:extend, ReadOnlyFilter)
|
metadata
ADDED
@@ -0,0 +1,47 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: read_only_filter
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Geo
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2013-03-08 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description: Read only filter for Rails ActiveController, allows for protection of
|
14
|
+
controller actions from create/update/destroy.
|
15
|
+
email:
|
16
|
+
- geo.marshall@gmail.com
|
17
|
+
executables: []
|
18
|
+
extensions: []
|
19
|
+
extra_rdoc_files: []
|
20
|
+
files:
|
21
|
+
- lib/read_only_filter/version.rb
|
22
|
+
- lib/read_only_filter.rb
|
23
|
+
- README.md
|
24
|
+
homepage: ''
|
25
|
+
licenses: []
|
26
|
+
metadata: {}
|
27
|
+
post_install_message:
|
28
|
+
rdoc_options: []
|
29
|
+
require_paths:
|
30
|
+
- lib
|
31
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - '>='
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '0'
|
36
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - '>='
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
requirements: []
|
42
|
+
rubyforge_project:
|
43
|
+
rubygems_version: 2.0.0
|
44
|
+
signing_key:
|
45
|
+
specification_version: 4
|
46
|
+
summary: Enable read only protection for rails controller actions.
|
47
|
+
test_files: []
|