releaf-permissions 0.2.1 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +19 -21
- data/app/assets/stylesheets/{releaf/controllers → controllers}/releaf/permissions/sessions.scss +0 -0
- data/app/builders/releaf/permissions/page/header_builder.rb +35 -0
- data/app/builders/releaf/permissions/page/layout_builder.rb +17 -0
- data/app/builders/releaf/permissions/page/menu_builder.rb +18 -0
- data/app/builders/releaf/permissions/roles/form_builder.rb +10 -6
- data/app/builders/releaf/permissions/roles/table_builder.rb +2 -6
- data/app/controllers/releaf/permissions/profile_controller.rb +25 -46
- data/app/controllers/releaf/permissions/roles_controller.rb +3 -5
- data/app/controllers/releaf/permissions/sessions_controller.rb +17 -27
- data/app/controllers/releaf/permissions/users_controller.rb +11 -14
- data/app/models/releaf/permissions/role.rb +0 -25
- data/app/models/releaf/permissions/user.rb +3 -9
- data/lib/releaf-permissions.rb +23 -27
- data/lib/releaf/permissions/access_control.rb +37 -0
- data/lib/releaf/permissions/configuration.rb +26 -0
- data/lib/releaf/permissions/controller_support.rb +33 -0
- data/lib/releaf/permissions/default_controller_resolver.rb +22 -0
- data/lib/releaf/permissions/engine.rb +1 -18
- data/lib/releaf/permissions/layout.rb +5 -0
- data/lib/releaf/permissions/{profile_component.rb → profile.rb} +6 -2
- data/lib/releaf/permissions/{roles_component.rb → roles.rb} +2 -2
- data/lib/releaf/permissions/settings_manager.rb +22 -0
- data/lib/releaf/permissions/users.rb +11 -0
- data/spec/builders/releaf/permissions/page/header_builder_spec.rb +87 -0
- data/spec/builders/releaf/permissions/page/layout_builder_spec.rb +64 -0
- data/spec/builders/releaf/permissions/page/menu_builder_spec.rb +100 -0
- data/spec/builders/{profile → releaf/permissions/profile}/form_builder_spec.rb +0 -0
- data/spec/builders/releaf/permissions/roles/form_builder_spec.rb +56 -0
- data/spec/builders/releaf/permissions/roles/table_builder_spec.rb +41 -0
- data/spec/builders/{users → releaf/permissions/users}/form_builder_spec.rb +0 -0
- data/spec/builders/{users → releaf/permissions/users}/table_builder_spec.rb +0 -0
- data/spec/controllers/permissions/profile_controller_spec.rb +0 -27
- data/spec/controllers/permissions/users_controller_spec.rb +1 -1
- data/spec/features/roles_spec.rb +3 -3
- data/spec/features/users_spec.rb +2 -2
- data/spec/lib/access_control_spec.rb +35 -50
- data/spec/lib/releaf/permissions/configuration_spec.rb +38 -0
- data/spec/lib/releaf/permissions/controller_support_spec.rb +76 -0
- data/spec/lib/releaf/permissions/default_controller_resolver_spec.rb +49 -0
- data/spec/lib/releaf/permissions/layout_spec.rb +10 -0
- data/spec/lib/releaf/permissions/profile_spec.rb +11 -0
- data/spec/lib/releaf/permissions/roles_spec.rb +10 -0
- data/spec/lib/releaf/permissions/settings_manager_spec.rb +38 -0
- data/spec/lib/releaf/permissions/users_spec.rb +17 -0
- data/spec/models/permissions/role_spec.rb +0 -28
- data/spec/models/permissions/user_spec.rb +33 -3
- metadata +56 -32
- data/app/controllers/releaf/permissions/home_controller.rb +0 -32
- data/app/lib/releaf/permissions/access_control.rb +0 -36
- data/lib/releaf/permissions/builders_autoload.rb +0 -11
- data/lib/releaf/permissions/devise_component.rb +0 -8
- data/lib/releaf/permissions/users_component.rb +0 -7
- data/releaf-permissions.gemspec +0 -19
- data/spec/builders/roles/form_builder_spec.rb +0 -38
- data/spec/builders/roles/table_builder_spec.rb +0 -29
- data/spec/controllers/permissions/home_controller_spec.rb +0 -52
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 59d05d5ed96c693754a1d9dd5e14c7056b6eb514
|
4
|
+
data.tar.gz: 2d8df98553d48e63cd4d4d78c8d8d5d8c7c97a00
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fde202e4369a2ab61a7548bf4c65a858cbdf7e8203cd0819c246c6ce3db344d15a41902e33c67ecfd59c3a044bb9cfd6a6b8269ae394b1996b7dc3c041e072f1
|
7
|
+
data.tar.gz: 5f84fde108fd09066cebd95fcc1280452c8f8e900f9f99a20d2f29b655a2dcf1b28c035d77aed36706fd5efaa583ed0d3170f1d01234980710efea97e087e675
|
data/LICENSE
CHANGED
@@ -1,24 +1,22 @@
|
|
1
1
|
Copyright (c) 2012, CubeSystems <info@cubesystems.lv>
|
2
|
-
All rights reserved.
|
3
2
|
|
4
|
-
|
5
|
-
modification, are permitted provided that the following conditions are met:
|
6
|
-
* Redistributions of source code must retain the above copyright
|
7
|
-
notice, this list of conditions and the following disclaimer.
|
8
|
-
* Redistributions in binary form must reproduce the above copyright
|
9
|
-
notice, this list of conditions and the following disclaimer in the
|
10
|
-
documentation and/or other materials provided with the distribution.
|
11
|
-
* Neither the name of the CubeSystems nor the names of its contributors may
|
12
|
-
be used to endorse or promote products derived from this software without
|
13
|
-
specific prior written permission.
|
3
|
+
MIT License
|
14
4
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/app/assets/stylesheets/{releaf/controllers → controllers}/releaf/permissions/sessions.scss
RENAMED
File without changes
|
@@ -0,0 +1,35 @@
|
|
1
|
+
class Releaf::Permissions::Page::HeaderBuilder < Releaf::Builders::Page::HeaderBuilder
|
2
|
+
def items
|
3
|
+
super + [profile_block, sign_out_form]
|
4
|
+
end
|
5
|
+
|
6
|
+
def profile_path
|
7
|
+
url_for(action: 'edit', controller: "releaf/permissions/profile", only_path: true)
|
8
|
+
end
|
9
|
+
|
10
|
+
def profile_block
|
11
|
+
tag(:a, class: "button profile", href: profile_path) do
|
12
|
+
[tag(:span, profile_user_name, class: "name")]
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
def user
|
17
|
+
controller.user
|
18
|
+
end
|
19
|
+
|
20
|
+
def profile_user_name
|
21
|
+
resource_title(user)
|
22
|
+
end
|
23
|
+
|
24
|
+
def sign_out_path
|
25
|
+
url_for(action: 'destroy', controller: "/releaf/permissions/sessions", only_path: true)
|
26
|
+
end
|
27
|
+
|
28
|
+
def sign_out_form
|
29
|
+
form_tag(sign_out_path, method: :delete, class: "sign-out") do
|
30
|
+
tag(:button, class: "button only-icon", type: "submit", title: t('Sign out', scope: "admin.sessions")) do
|
31
|
+
icon("power-off icon-header")
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
class Releaf::Permissions::Page::LayoutBuilder < Releaf::Builders::Page::LayoutBuilder
|
2
|
+
def header_builder
|
3
|
+
Releaf::Permissions::Page::HeaderBuilder
|
4
|
+
end
|
5
|
+
|
6
|
+
def menu_builder
|
7
|
+
Releaf::Permissions::Page::MenuBuilder
|
8
|
+
end
|
9
|
+
|
10
|
+
def body_content(&block)
|
11
|
+
if controller.respond_to?(:authorized?) && controller.authorized?
|
12
|
+
super
|
13
|
+
else
|
14
|
+
yield
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
class Releaf::Permissions::Page::MenuBuilder < Releaf::Builders::Page::MenuBuilder
|
2
|
+
|
3
|
+
def menu_item(item)
|
4
|
+
super if menu_item_permitted?(item)
|
5
|
+
end
|
6
|
+
|
7
|
+
def menu_item_permitted?(item)
|
8
|
+
if controller_group?(item)
|
9
|
+
item.controllers.find{|subitem| controller_permitted?(subitem.controller_name) }.present?
|
10
|
+
else
|
11
|
+
controller_permitted?(item.controller_name)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def controller_permitted?(controller_name)
|
16
|
+
Releaf.application.config.permissions.access_control.new(user: controller.user).controller_permitted?(controller_name)
|
17
|
+
end
|
18
|
+
end
|
@@ -2,13 +2,18 @@ module Releaf::Permissions::Roles
|
|
2
2
|
class FormBuilder < Releaf::Builders::FormBuilder
|
3
3
|
def render_default_controller
|
4
4
|
controllers = {}
|
5
|
-
Releaf.application.config.available_controllers.each do |
|
6
|
-
|
5
|
+
Releaf.application.config.available_controllers.each do |controller_name|
|
6
|
+
definition = controller_definition(controller_name)
|
7
|
+
controllers[definition.localized_name] = definition.controller_name
|
7
8
|
end
|
8
9
|
|
9
10
|
releaf_item_field(:default_controller, options: {select_options: controllers})
|
10
11
|
end
|
11
12
|
|
13
|
+
def controller_definition(controller_name)
|
14
|
+
Releaf::ControllerDefinition.for(controller_name)
|
15
|
+
end
|
16
|
+
|
12
17
|
def render_permissions
|
13
18
|
options = {
|
14
19
|
items: permission_items,
|
@@ -18,11 +23,10 @@ module Releaf::Permissions::Roles
|
|
18
23
|
end
|
19
24
|
|
20
25
|
def permission_items
|
21
|
-
|
22
|
-
|
23
|
-
|
26
|
+
Releaf.application.config.available_controllers.inject({}) do |h, controller_name|
|
27
|
+
definition = controller_definition(controller_name)
|
28
|
+
h.update("controller.#{definition.controller_name}" => definition.localized_name)
|
24
29
|
end
|
25
|
-
list
|
26
30
|
end
|
27
31
|
end
|
28
32
|
end
|
@@ -5,12 +5,8 @@ module Releaf::Permissions::Roles
|
|
5
5
|
end
|
6
6
|
|
7
7
|
def default_controller_content(resource)
|
8
|
-
|
9
|
-
|
10
|
-
'-'
|
11
|
-
else
|
12
|
-
I18n.t(value.sub('_', '/'), scope: 'admin.controllers')
|
13
|
-
end
|
8
|
+
definition = resource.default_controller ? Releaf::ControllerDefinition.for(resource.default_controller) : nil
|
9
|
+
definition ? definition.localized_name : "-"
|
14
10
|
end
|
15
11
|
end
|
16
12
|
end
|
@@ -1,56 +1,35 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
#
|
4
|
-
|
5
|
-
|
6
|
-
params[:settings].each_pair do|key, value|
|
7
|
-
value = false if value == "false"
|
8
|
-
value = true if value == "true"
|
9
|
-
# Sometimes concurrency happens, so lets try until
|
10
|
-
# record get updated
|
11
|
-
begin
|
12
|
-
@resource.settings[key] = value
|
13
|
-
rescue ActiveRecord::RecordNotUnique
|
14
|
-
retry
|
15
|
-
end
|
16
|
-
end
|
17
|
-
render nothing: true, status: 200
|
18
|
-
else
|
19
|
-
render nothing: true, status: 422
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
def success_url
|
24
|
-
url_for(action: :edit)
|
25
|
-
end
|
1
|
+
class Releaf::Permissions::ProfileController < Releaf::ActionController
|
2
|
+
def load_resource
|
3
|
+
# assign current user
|
4
|
+
@resource = user.becomes(resource_class)
|
5
|
+
end
|
26
6
|
|
27
|
-
|
28
|
-
|
29
|
-
|
7
|
+
def success_path
|
8
|
+
url_for(action: :edit)
|
9
|
+
end
|
30
10
|
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
end
|
11
|
+
def update
|
12
|
+
load_resource
|
13
|
+
old_password = @resource.password
|
14
|
+
super
|
36
15
|
|
37
|
-
|
38
|
-
|
16
|
+
# reload resource as password has been changed
|
17
|
+
if @resource.password != old_password
|
18
|
+
bypass_sign_in(user)
|
39
19
|
end
|
20
|
+
end
|
40
21
|
|
41
|
-
|
22
|
+
def self.resource_class
|
23
|
+
Releaf.application.config.permissions.devise_model_class
|
24
|
+
end
|
42
25
|
|
43
|
-
|
44
|
-
@features = {
|
45
|
-
edit: true,
|
46
|
-
}
|
26
|
+
def controller_breadcrumb; end
|
47
27
|
|
48
|
-
|
49
|
-
|
50
|
-
|
28
|
+
def features
|
29
|
+
[:edit]
|
30
|
+
end
|
51
31
|
|
52
|
-
|
53
|
-
|
54
|
-
end
|
32
|
+
def permitted_params
|
33
|
+
%w[name surname email password password_confirmation locale]
|
55
34
|
end
|
56
35
|
end
|
@@ -1,7 +1,5 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
Releaf::Permissions::Role
|
5
|
-
end
|
1
|
+
class Releaf::Permissions::RolesController < Releaf::ActionController
|
2
|
+
def self.resource_class
|
3
|
+
Releaf::Permissions::Role
|
6
4
|
end
|
7
5
|
end
|
@@ -1,34 +1,24 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
helper_method :page_title
|
1
|
+
class Releaf::Permissions::SessionsController < Devise::SessionsController
|
2
|
+
layout "releaf/admin"
|
3
|
+
helper_method :page_title
|
5
4
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
def access_control
|
11
|
-
@access_control ||= Releaf::Permissions::AccessControl.new(controller: self)
|
12
|
-
end
|
13
|
-
|
14
|
-
def layout_settings(key)
|
15
|
-
access_control.user.try(:settings).try(:[], 'releaf.side.compact')
|
16
|
-
end
|
5
|
+
def page_title
|
6
|
+
Rails.application.class.parent_name
|
7
|
+
end
|
17
8
|
|
18
|
-
|
9
|
+
protected
|
19
10
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
end
|
11
|
+
def after_sign_in_path_for(resource)
|
12
|
+
if custom_redirect_path
|
13
|
+
custom_redirect_path
|
14
|
+
else
|
15
|
+
stored_location_for(resource) || releaf_root_path
|
26
16
|
end
|
17
|
+
end
|
27
18
|
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
end
|
19
|
+
def custom_redirect_path
|
20
|
+
return nil if params[:redirect_to].blank?
|
21
|
+
return nil if params[:redirect_to][0] != '/'
|
22
|
+
return params[:redirect_to]
|
33
23
|
end
|
34
24
|
end
|
@@ -1,19 +1,16 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
Releaf::Permissions::User
|
6
|
-
end
|
1
|
+
class Releaf::Permissions::UsersController < Releaf::ActionController
|
2
|
+
def self.resource_class
|
3
|
+
Releaf::Permissions::User
|
4
|
+
end
|
7
5
|
|
8
|
-
|
6
|
+
protected
|
9
7
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
8
|
+
def prepare_new
|
9
|
+
super
|
10
|
+
@resource.role = Releaf::Permissions::Role.first
|
11
|
+
end
|
14
12
|
|
15
|
-
|
16
|
-
|
17
|
-
end
|
13
|
+
def permitted_params
|
14
|
+
%w[name surname role_id email password password_confirmation locale]
|
18
15
|
end
|
19
16
|
end
|
@@ -9,30 +9,5 @@ module Releaf::Permissions
|
|
9
9
|
has_many :users, dependent: :restrict_with_exception
|
10
10
|
has_many :permissions, as: :owner, class_name: "Releaf::Permissions::Permission", dependent: :destroy
|
11
11
|
accepts_nested_attributes_for :permissions, allow_destroy: true
|
12
|
-
|
13
|
-
alias_attribute :to_text, :name
|
14
|
-
|
15
|
-
# Check whether given controller name is within roles allowed controller list
|
16
|
-
#
|
17
|
-
# @param controller_name [String] controller name to check permissions against (ex. products)
|
18
|
-
# @return [true, false] whether controller is permitted for role
|
19
|
-
def controller_permitted?(controller_name)
|
20
|
-
allowed_controllers.include?(controller_name)
|
21
|
-
end
|
22
|
-
|
23
|
-
# Load all permissions and build list with allowed controler.
|
24
|
-
# In this way permissions are cached resulting only single db hit per multiple permissions checks.
|
25
|
-
#
|
26
|
-
# @return [Array] array of allowed controller names
|
27
|
-
def allowed_controllers
|
28
|
-
permissions.map{|permission| self.class.controller_name_from_permission(permission) }.compact
|
29
|
-
end
|
30
|
-
|
31
|
-
private
|
32
|
-
|
33
|
-
def self.controller_name_from_permission(permission)
|
34
|
-
match = permission.permission.match(/^controller\.(.+)/)
|
35
|
-
match[1] if match
|
36
|
-
end
|
37
12
|
end
|
38
13
|
end
|
@@ -11,21 +11,15 @@ module Releaf::Permissions
|
|
11
11
|
# :registerable
|
12
12
|
devise :database_authenticatable, :rememberable, :trackable, :validatable
|
13
13
|
validates_presence_of :name, :surname, :role, :locale
|
14
|
-
|
15
14
|
belongs_to :role
|
16
15
|
|
17
|
-
|
18
|
-
|
19
|
-
[self.name, self.surname].join(' ')
|
16
|
+
def releaf_title
|
17
|
+
[name, surname].join(' ')
|
20
18
|
end
|
21
|
-
alias :to_text :display_name
|
22
|
-
|
23
|
-
protected
|
24
19
|
|
25
20
|
# Require password if we have new record or instance have empty password
|
26
21
|
def password_required?
|
27
|
-
|
22
|
+
new_record? || encrypted_password.blank?
|
28
23
|
end
|
29
|
-
|
30
24
|
end
|
31
25
|
end
|
data/lib/releaf-permissions.rb
CHANGED
@@ -1,32 +1,28 @@
|
|
1
|
-
require '
|
1
|
+
require 'devise'
|
2
2
|
|
3
3
|
module Releaf::Permissions
|
4
|
-
|
4
|
+
require 'releaf/permissions/engine'
|
5
|
+
require 'releaf/permissions/default_controller_resolver'
|
6
|
+
require 'releaf/permissions/settings_manager'
|
7
|
+
require 'releaf/permissions/configuration'
|
8
|
+
require 'releaf/permissions/layout'
|
9
|
+
require 'releaf/permissions/access_control'
|
10
|
+
require 'releaf/permissions/controller_support'
|
11
|
+
require 'releaf/permissions/profile'
|
12
|
+
require 'releaf/permissions/roles'
|
13
|
+
require 'releaf/permissions/users'
|
5
14
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
end
|
18
|
-
|
19
|
-
def authenticate!
|
20
|
-
access_control.authenticate!
|
21
|
-
end
|
22
|
-
|
23
|
-
def verify_controller_access!
|
24
|
-
unless access_control.controller_permitted?(access_control.current_controller_name)
|
25
|
-
raise Releaf::Core::AccessDenied.new(access_control.current_controller_name)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
def access_control
|
30
|
-
@access_control ||= Releaf::Permissions::AccessControl.new(controller: self)
|
15
|
+
def self.components
|
16
|
+
[
|
17
|
+
Releaf::Permissions::DefaultControllerResolver,
|
18
|
+
Releaf::Permissions::SettingsManager,
|
19
|
+
Releaf::Permissions::Configuration,
|
20
|
+
Releaf::Permissions::Layout,
|
21
|
+
Releaf::Permissions::AccessControl,
|
22
|
+
Releaf::Permissions::Roles,
|
23
|
+
Releaf::Permissions::Users,
|
24
|
+
Releaf::Permissions::Profile
|
25
|
+
]
|
31
26
|
end
|
32
27
|
end
|
28
|
+
|