restrict 0.0.8 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.github/workflows/specs.yml +34 -0
- data/.ruby-version +1 -0
- data/CHANGELOG.md +12 -0
- data/README.md +42 -1
- data/lib/restrict/already_restricted_error.rb +4 -0
- data/lib/restrict/gatekeeper.rb +1 -6
- data/lib/restrict/rails/controller.rb +25 -6
- data/lib/restrict/rails/railtie.rb +3 -1
- data/lib/restrict/restriction.rb +19 -4
- data/lib/restrict/rspec/matcher.rb +9 -11
- data/lib/restrict/rspec/matcher_rspec2.rb +11 -12
- data/lib/restrict/rspec/shared_example.rb +5 -0
- data/lib/restrict/version.rb +1 -1
- data/restrict.gemspec +1 -2
- data/spec/lib/restrict/rails/controller_spec.rb +45 -1
- data/spec/lib/restrict/restriction_spec.rb +48 -0
- data/spec/lib/restrict_spec.rb +0 -2
- data/spec/spec_helper.rb +33 -4
- metadata +11 -24
- data/.travis.yml +0 -11
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: b012524d4112ddfce7cef1066511516b69019acf727b577cb271d36355edc6e5
|
|
4
|
+
data.tar.gz: 161638aee7c62d34da01168eeb8e7aec23cacef01a9e0b596209f3f4cf0ed8ac
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0130142f698da26e48c9d986782f080e4f457a5833ca83a54846d79dbb6a96a5f751e7ff96d08c0bee6cfa99325f9414ba7f74bbed951629965f89d460981cae
|
|
7
|
+
data.tar.gz: c83f370a57e3f73874000ac806e28f08e22ccfc2247c0c2954b1a329a34f902c71f5aaf60d0a98e61c66d22320ff2b649b3c295a611215f97bc33e48e7f36b7a
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
name: Specs
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
pull_request:
|
|
5
|
+
branches:
|
|
6
|
+
- 'master'
|
|
7
|
+
push:
|
|
8
|
+
branches:
|
|
9
|
+
- 'master'
|
|
10
|
+
|
|
11
|
+
jobs:
|
|
12
|
+
build:
|
|
13
|
+
runs-on: ubuntu-latest
|
|
14
|
+
|
|
15
|
+
steps:
|
|
16
|
+
- uses: actions/checkout@v1
|
|
17
|
+
|
|
18
|
+
- name: Set up Ruby 2.7
|
|
19
|
+
uses: actions/setup-ruby@v1
|
|
20
|
+
with:
|
|
21
|
+
ruby-version: 2.7.x
|
|
22
|
+
|
|
23
|
+
- name: bundle
|
|
24
|
+
env:
|
|
25
|
+
RAILS_ENV: test
|
|
26
|
+
run: |
|
|
27
|
+
gem install bundler
|
|
28
|
+
bundle install --jobs 4 --retry 3
|
|
29
|
+
|
|
30
|
+
- name: Run Tests
|
|
31
|
+
env:
|
|
32
|
+
RAILS_ENV: test
|
|
33
|
+
run: |
|
|
34
|
+
bundle exec rspec
|
data/.ruby-version
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
2.7.1
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,15 @@
|
|
|
1
|
+
[0.2.1] - 2021-04-24
|
|
2
|
+
* Fix rails autoloading issue (@jaynetics)
|
|
3
|
+
|
|
4
|
+
[0.2.0] - 2020-05-18
|
|
5
|
+
* Implement `:on` parameter for `restrict` calls
|
|
6
|
+
|
|
7
|
+
[0.1.1] - 2019-11-26
|
|
8
|
+
* Bug fix release to actually work in rails ¯\_(ツ)_/¯
|
|
9
|
+
|
|
10
|
+
[0.1.0] - 2019-11-25
|
|
11
|
+
* Support controller inheritance
|
|
12
|
+
|
|
1
13
|
[0.0.7] - 2014-08-25
|
|
2
14
|
* Breaking change part 2: restrict without action names will now implicitly restrict all actions
|
|
3
15
|
* :all_actions modifier is gone
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
A rails controller extension, that gives you the possibility to restrict access to your controller actions.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
 [](http://badge.fury.io/rb/restrict) [](https://codeclimate.com/github/xijo/restrict) [](https://codeclimate.com/github/xijo/restrict)
|
|
6
6
|
|
|
7
7
|
## Installation
|
|
8
8
|
|
|
@@ -49,6 +49,38 @@ restrict
|
|
|
49
49
|
|
|
50
50
|
This one will apply to all actions on this controller. It takes the `unless` option as well.
|
|
51
51
|
|
|
52
|
+
### Restrict with specific object
|
|
53
|
+
|
|
54
|
+
One may pass `on` to a `restrict` call in a controller.
|
|
55
|
+
|
|
56
|
+
If `on` is set, it evaluates the given method.
|
|
57
|
+
If it returns nil, it raises an error.
|
|
58
|
+
If an object is returned, it will be send while evaluating the `unless`
|
|
59
|
+
condition.
|
|
60
|
+
|
|
61
|
+
Example
|
|
62
|
+
|
|
63
|
+
```
|
|
64
|
+
class ItemController
|
|
65
|
+
restrict :show, unless: :manager_of?, on: :load_item
|
|
66
|
+
|
|
67
|
+
def show
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
private
|
|
71
|
+
|
|
72
|
+
def manager_of?(item)
|
|
73
|
+
current_user == item.manager
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def load_item
|
|
77
|
+
@item = Item.find(params[:id])
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
Aliases for `on` are: `of`, `object`
|
|
83
|
+
|
|
52
84
|
### Configuration
|
|
53
85
|
|
|
54
86
|
```ruby
|
|
@@ -58,6 +90,15 @@ Restrict.config.authentication_validation_method = :admin_session_exists?
|
|
|
58
90
|
|
|
59
91
|
You may set the method that is used to figure out whether a user is signed in or not to whatever you like, however it's default is `:user_signed_in?` which is the most common (devise) method in use.
|
|
60
92
|
|
|
93
|
+
### Inheritance
|
|
94
|
+
|
|
95
|
+
A controller will respect all restrictions that are applied to its ancestors.
|
|
96
|
+
|
|
97
|
+
You may implement a set of rules in a `BaseController` and refine them in subclasses later on.
|
|
98
|
+
|
|
99
|
+
Please note: it is not possible yet to revert previously added restrictions, that means
|
|
100
|
+
if a restriction on `show` is added in a class and another one in the subclass **BOTH** apply.
|
|
101
|
+
|
|
61
102
|
## Contributing
|
|
62
103
|
|
|
63
104
|
You know how this works and bonus points for feature branches!
|
data/lib/restrict/gatekeeper.rb
CHANGED
|
@@ -15,12 +15,7 @@ module Restrict
|
|
|
15
15
|
|
|
16
16
|
def handle_restriction(restriction, controller)
|
|
17
17
|
validate_signed_in(controller)
|
|
18
|
-
|
|
19
|
-
if restriction.unless
|
|
20
|
-
unless controller.__send__(restriction.unless)
|
|
21
|
-
raise Restrict::AccessDenied, reason: restriction
|
|
22
|
-
end
|
|
23
|
-
end
|
|
18
|
+
restriction.validate(controller)
|
|
24
19
|
end
|
|
25
20
|
|
|
26
21
|
def concerning_restrictions(controller)
|
|
@@ -3,29 +3,48 @@ module Restrict
|
|
|
3
3
|
module Controller
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
6
|
+
def inherited(subclass)
|
|
7
|
+
subclass.extend Restrict::Rails::Controller
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def restrictions
|
|
11
|
+
inherited_restrictions + self.class.__send__(:restrict_restrictions)
|
|
8
12
|
end
|
|
9
13
|
|
|
10
14
|
module ClassMethods
|
|
11
15
|
def restrict(*args)
|
|
12
16
|
install_gatekeeper
|
|
13
|
-
|
|
14
|
-
|
|
17
|
+
restrict_restrictions << Restrict::Restriction.new(*args)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
# Access the class instance variable. Do not mistake this method with
|
|
21
|
+
# the instance method `#restrictions` which is actually used to determine
|
|
22
|
+
# access and that respects inherited restrictions.
|
|
23
|
+
# Hence the `__` name.
|
|
24
|
+
private def restrict_restrictions
|
|
25
|
+
@restrictions ||= []
|
|
15
26
|
end
|
|
16
27
|
|
|
17
28
|
# This could happen in included block as well, but often you need
|
|
18
29
|
# other before filters to happen before you actually check the
|
|
19
30
|
# restrictions, so lets set it where it is used in the code as well.
|
|
20
31
|
def install_gatekeeper
|
|
21
|
-
return if @
|
|
32
|
+
return if @restrict_gatekeeper_installed
|
|
22
33
|
before_action :invoke_gatekeeper
|
|
23
|
-
@
|
|
34
|
+
@restrict_gatekeeper_installed = true
|
|
24
35
|
end
|
|
25
36
|
end
|
|
26
37
|
|
|
27
38
|
private
|
|
28
39
|
|
|
40
|
+
def inherited_restrictions
|
|
41
|
+
self.class.ancestors.map do |ancestor|
|
|
42
|
+
if ancestor.instance_variable_get(:@restrict_gatekeeper_installed)
|
|
43
|
+
ancestor.__send__(:restrict_restrictions)
|
|
44
|
+
end
|
|
45
|
+
end.compact.flatten
|
|
46
|
+
end
|
|
47
|
+
|
|
29
48
|
def invoke_gatekeeper
|
|
30
49
|
Restrict::Gatekeeper.new.eye(self)
|
|
31
50
|
end
|
|
@@ -2,7 +2,9 @@ module Restrict
|
|
|
2
2
|
module Rails
|
|
3
3
|
class Railtie < ::Rails::Railtie
|
|
4
4
|
initializer 'restrict.add_controller_extension' do
|
|
5
|
-
|
|
5
|
+
ActiveSupport.on_load(:action_controller_base) do
|
|
6
|
+
ActionController::Base.include Restrict::Rails::Controller
|
|
7
|
+
end
|
|
6
8
|
end
|
|
7
9
|
end
|
|
8
10
|
end
|
data/lib/restrict/restriction.rb
CHANGED
|
@@ -1,17 +1,32 @@
|
|
|
1
1
|
module Restrict
|
|
2
2
|
class Restriction
|
|
3
|
-
attr_accessor :actions, :unless
|
|
3
|
+
attr_accessor :actions, :options, :unless, :on
|
|
4
4
|
|
|
5
5
|
def initialize(*args)
|
|
6
|
-
options = args.extract_options!
|
|
7
|
-
@unless
|
|
8
|
-
@
|
|
6
|
+
@options = args.extract_options!
|
|
7
|
+
@unless = @options[:unless]
|
|
8
|
+
@on = @options[:on] || options[:of] || options[:object]
|
|
9
|
+
@actions = args
|
|
9
10
|
end
|
|
10
11
|
|
|
11
12
|
def applies_to?(action)
|
|
12
13
|
applies_to_action?(action) || applies_to_all_actions?
|
|
13
14
|
end
|
|
14
15
|
|
|
16
|
+
def validate(controller)
|
|
17
|
+
@unless or return
|
|
18
|
+
|
|
19
|
+
unless_args = []
|
|
20
|
+
if @on
|
|
21
|
+
object = controller.__send__(on)
|
|
22
|
+
unless_args << object or raise Restrict::AccessDenied, reason: 'object given was #{object.inspect}'
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
unless controller.__send__(@unless, *unless_args)
|
|
26
|
+
raise Restrict::AccessDenied, reason: self
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
15
30
|
private
|
|
16
31
|
|
|
17
32
|
def applies_to_all_actions?
|
|
@@ -4,24 +4,23 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
|
|
|
4
4
|
@given_controller = given_controller
|
|
5
5
|
|
|
6
6
|
@restriction = given_controller.restrictions.find do |restriction|
|
|
7
|
-
restriction.applies_to?(given_action_name)
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
if @restriction
|
|
11
|
-
if @given_unless
|
|
12
|
-
@restriction.unless == @given_unless
|
|
13
|
-
else
|
|
14
|
-
true
|
|
7
|
+
if restriction.applies_to?(given_action_name) && matching_unless(restriction, @given_unless)
|
|
8
|
+
restriction
|
|
15
9
|
end
|
|
16
|
-
else
|
|
17
|
-
false
|
|
18
10
|
end
|
|
11
|
+
|
|
12
|
+
!!@restriction
|
|
19
13
|
end
|
|
20
14
|
|
|
21
15
|
chain :unless do |given_unless|
|
|
22
16
|
@given_unless = given_unless
|
|
23
17
|
end
|
|
24
18
|
|
|
19
|
+
def matching_unless(restriction, given_unless)
|
|
20
|
+
given_unless or return true
|
|
21
|
+
restriction.unless == given_unless
|
|
22
|
+
end
|
|
23
|
+
|
|
25
24
|
failure_message do |actual|
|
|
26
25
|
if @restriction && @given_unless
|
|
27
26
|
"Expected restriction to call #{@given_unless.inspect}, but calls #{@restriction.unless.inspect}"
|
|
@@ -38,7 +37,6 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
|
|
|
38
37
|
end
|
|
39
38
|
end
|
|
40
39
|
|
|
41
|
-
# :nocov:
|
|
42
40
|
def description
|
|
43
41
|
"Checks if a restriction for a given action is defined on the controller"
|
|
44
42
|
end
|
|
@@ -4,25 +4,24 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
|
|
|
4
4
|
@given_controller = given_controller
|
|
5
5
|
|
|
6
6
|
@restriction = given_controller.restrictions.find do |restriction|
|
|
7
|
-
restriction.applies_to?(given_action_name)
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
if @restriction
|
|
11
|
-
if @given_unless
|
|
12
|
-
@restriction.unless == @given_unless
|
|
13
|
-
else
|
|
14
|
-
true
|
|
7
|
+
if restriction.applies_to?(given_action_name) && matching_unless(restriction, @given_unless)
|
|
8
|
+
restriction
|
|
15
9
|
end
|
|
16
|
-
else
|
|
17
|
-
false
|
|
18
10
|
end
|
|
11
|
+
|
|
12
|
+
!!@restriction
|
|
19
13
|
end
|
|
20
14
|
|
|
21
15
|
chain :unless do |given_unless|
|
|
22
16
|
@given_unless = given_unless
|
|
23
17
|
end
|
|
24
18
|
|
|
25
|
-
|
|
19
|
+
def matching_unless(restriction, given_unless)
|
|
20
|
+
given_unless or return true
|
|
21
|
+
restriction.unless == given_unless
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
failure_message do |actual|
|
|
26
25
|
if @restriction && @given_unless
|
|
27
26
|
"Expected restriction to call #{@given_unless.inspect}, but calls #{@restriction.unless.inspect}"
|
|
28
27
|
else
|
|
@@ -30,7 +29,7 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
|
|
|
30
29
|
end
|
|
31
30
|
end
|
|
32
31
|
|
|
33
|
-
|
|
32
|
+
failure_message_when_negated do |actual|
|
|
34
33
|
if @given_unless
|
|
35
34
|
"Expected restriction not to call #{@given_unless.inspect}, but calls #{@restriction.unless.inspect}"
|
|
36
35
|
else
|
data/lib/restrict/version.rb
CHANGED
data/restrict.gemspec
CHANGED
|
@@ -20,10 +20,9 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
|
|
21
21
|
spec.add_dependency 'rails', '> 3.0'
|
|
22
22
|
|
|
23
|
-
spec.add_development_dependency 'bundler'
|
|
23
|
+
spec.add_development_dependency 'bundler'
|
|
24
24
|
spec.add_development_dependency 'rspec'
|
|
25
25
|
spec.add_development_dependency 'simplecov'
|
|
26
26
|
spec.add_development_dependency 'rake'
|
|
27
27
|
spec.add_development_dependency 'byebug'
|
|
28
|
-
spec.add_development_dependency 'codeclimate-test-reporter'
|
|
29
28
|
end
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe Restrict::Rails::Controller do
|
|
4
|
-
|
|
5
4
|
let(:controller) { ExampleController.new }
|
|
6
5
|
|
|
7
6
|
before do
|
|
@@ -17,6 +16,8 @@ describe Restrict::Rails::Controller do
|
|
|
17
16
|
it 'builds and adds a conditional restriction' do
|
|
18
17
|
expect(controller).to have_restriction_on(:show).unless(:access_allowed?)
|
|
19
18
|
end
|
|
19
|
+
|
|
20
|
+
include_examples 'restricts access to', :show, :access_allowed?
|
|
20
21
|
end
|
|
21
22
|
|
|
22
23
|
describe '#included' do
|
|
@@ -32,4 +33,47 @@ describe Restrict::Rails::Controller do
|
|
|
32
33
|
end
|
|
33
34
|
end
|
|
34
35
|
|
|
36
|
+
describe 'in inherited mode' do
|
|
37
|
+
let(:base) { ExampleController.new }
|
|
38
|
+
let(:controller) { InheritingController.new }
|
|
39
|
+
let(:child) { BottomLineController.new }
|
|
40
|
+
|
|
41
|
+
before do
|
|
42
|
+
base.class.restrict :show, unless: :level1?
|
|
43
|
+
controller.class.restrict :show, unless: :level2?
|
|
44
|
+
child.class.restrict :show, unless: :level3?
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
it 'does not leak restrictions into superclass' do
|
|
48
|
+
expect(base).to have_restriction_on(:show).unless(:level1?)
|
|
49
|
+
expect(base).not_to have_restriction_on(:show).unless(:level2?)
|
|
50
|
+
expect(base).not_to have_restriction_on(:show).unless(:level3?)
|
|
51
|
+
|
|
52
|
+
expect(controller).to have_restriction_on(:show).unless(:level1?)
|
|
53
|
+
expect(controller).to have_restriction_on(:show).unless(:level2?)
|
|
54
|
+
expect(controller).not_to have_restriction_on(:show).unless(:level3?)
|
|
55
|
+
|
|
56
|
+
expect(child).to have_restriction_on(:show).unless(:level1?)
|
|
57
|
+
expect(child).to have_restriction_on(:show).unless(:level2?)
|
|
58
|
+
expect(child).to have_restriction_on(:show).unless(:level3?)
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
describe 'applies inherited general restrictions additionally to explizit restrictions' do
|
|
63
|
+
let(:base) { ExampleController.new }
|
|
64
|
+
let(:controller) { InheritingController.new }
|
|
65
|
+
|
|
66
|
+
before do
|
|
67
|
+
base.class.restrict unless: :level1?
|
|
68
|
+
controller.class.restrict :show, unless: :level2?
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
it 'does not leak restrictions into superclass' do
|
|
72
|
+
expect(base).to have_restriction_on(:show).unless(:level1?)
|
|
73
|
+
expect(base).not_to have_restriction_on(:show).unless(:level2?)
|
|
74
|
+
|
|
75
|
+
expect(controller).to have_restriction_on(:show).unless(:level1?)
|
|
76
|
+
expect(controller).to have_restriction_on(:show).unless(:level2?)
|
|
77
|
+
end
|
|
78
|
+
end
|
|
35
79
|
end
|
|
@@ -28,4 +28,52 @@ describe Restrict::Restriction do
|
|
|
28
28
|
expect(restriction).to be_applies_to(:bar)
|
|
29
29
|
end
|
|
30
30
|
end
|
|
31
|
+
|
|
32
|
+
describe '#validate' do
|
|
33
|
+
describe 'with :on option' do
|
|
34
|
+
let(:controller) { ObjectController.new }
|
|
35
|
+
|
|
36
|
+
it 'does not raise if no condition was given' do
|
|
37
|
+
restriction = Restrict::Restriction.new on: :managed_object
|
|
38
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
it 'does not raise an error if `on` and `unless` match' do
|
|
42
|
+
restriction = Restrict::Restriction.new on: :managed_object, unless: :manager_of?
|
|
43
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
it 'raises an error if `unless` does not work on `on`' do
|
|
47
|
+
restriction = Restrict::Restriction.new on: :rougue_object, unless: :manager_of?
|
|
48
|
+
expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
it 'raises an error if `on` is nil' do
|
|
52
|
+
restriction = Restrict::Restriction.new on: :nil_object, unless: :manager_of?
|
|
53
|
+
expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
it 'works with aliases' do
|
|
57
|
+
restriction = Restrict::Restriction.new of: :managed_object, unless: :manager_of?
|
|
58
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
|
59
|
+
|
|
60
|
+
restriction = Restrict::Restriction.new object: :managed_object, unless: :manager_of?
|
|
61
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
describe 'without :on option' do
|
|
66
|
+
let(:controller) { ExampleController.new }
|
|
67
|
+
|
|
68
|
+
it 'does not raise an error if `unless` works' do
|
|
69
|
+
restriction = Restrict::Restriction.new unless: :truthy
|
|
70
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
it 'raises an error if `unless` does not work' do
|
|
74
|
+
restriction = Restrict::Restriction.new unless: :falsy
|
|
75
|
+
expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
end
|
|
31
79
|
end
|
data/spec/lib/restrict_spec.rb
CHANGED
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
require 'spec_helper'
|
|
2
2
|
|
|
3
3
|
describe Restrict do
|
|
4
|
-
|
|
5
4
|
describe '#config' do
|
|
6
5
|
it 'returns a configuration' do
|
|
7
6
|
expect(Restrict.config).to be_a Restrict::Configuration
|
|
@@ -17,5 +16,4 @@ describe Restrict do
|
|
|
17
16
|
expect(Restrict.config).to eq Restrict.config
|
|
18
17
|
end
|
|
19
18
|
end
|
|
20
|
-
|
|
21
19
|
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -1,8 +1,7 @@
|
|
|
1
|
-
require 'codeclimate-test-reporter'
|
|
2
|
-
CodeClimate::TestReporter.start
|
|
3
|
-
|
|
4
1
|
require 'simplecov'
|
|
5
2
|
require 'byebug'
|
|
3
|
+
require 'active_support'
|
|
4
|
+
require 'active_support/core_ext'
|
|
6
5
|
|
|
7
6
|
SimpleCov.profiles.define 'gem' do
|
|
8
7
|
add_filter '/spec/'
|
|
@@ -13,10 +12,13 @@ SimpleCov.start 'gem'
|
|
|
13
12
|
|
|
14
13
|
require 'restrict'
|
|
15
14
|
require 'restrict/rspec/matcher'
|
|
15
|
+
require 'restrict/rspec/shared_example'
|
|
16
16
|
|
|
17
17
|
RSpec.configure do |config|
|
|
18
18
|
config.after do
|
|
19
|
-
ExampleController.
|
|
19
|
+
ExampleController.__send__(:restrict_restrictions).clear
|
|
20
|
+
InheritingController.__send__(:restrict_restrictions).clear
|
|
21
|
+
BottomLineController.__send__(:restrict_restrictions).clear
|
|
20
22
|
end
|
|
21
23
|
end
|
|
22
24
|
|
|
@@ -47,3 +49,30 @@ class ExampleController < FakeController
|
|
|
47
49
|
true
|
|
48
50
|
end
|
|
49
51
|
end
|
|
52
|
+
|
|
53
|
+
class InheritingController < ExampleController
|
|
54
|
+
include Restrict::Rails::Controller
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
class BottomLineController < InheritingController
|
|
58
|
+
include Restrict::Rails::Controller
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
class ObjectController < ExampleController
|
|
62
|
+
def manager_of?(obj)
|
|
63
|
+
obj == :managed
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
private
|
|
67
|
+
|
|
68
|
+
def managed_object
|
|
69
|
+
:managed
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
def rougue_object
|
|
73
|
+
:other
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def nil_object
|
|
77
|
+
end
|
|
78
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: restrict
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Johannes Opper
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-04-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -26,20 +26,6 @@ dependencies:
|
|
|
26
26
|
version: '3.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: bundler
|
|
29
|
-
requirement: !ruby/object:Gem::Requirement
|
|
30
|
-
requirements:
|
|
31
|
-
- - "~>"
|
|
32
|
-
- !ruby/object:Gem::Version
|
|
33
|
-
version: '1.5'
|
|
34
|
-
type: :development
|
|
35
|
-
prerelease: false
|
|
36
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
-
requirements:
|
|
38
|
-
- - "~>"
|
|
39
|
-
- !ruby/object:Gem::Version
|
|
40
|
-
version: '1.5'
|
|
41
|
-
- !ruby/object:Gem::Dependency
|
|
42
|
-
name: rspec
|
|
43
29
|
requirement: !ruby/object:Gem::Requirement
|
|
44
30
|
requirements:
|
|
45
31
|
- - ">="
|
|
@@ -53,7 +39,7 @@ dependencies:
|
|
|
53
39
|
- !ruby/object:Gem::Version
|
|
54
40
|
version: '0'
|
|
55
41
|
- !ruby/object:Gem::Dependency
|
|
56
|
-
name:
|
|
42
|
+
name: rspec
|
|
57
43
|
requirement: !ruby/object:Gem::Requirement
|
|
58
44
|
requirements:
|
|
59
45
|
- - ">="
|
|
@@ -67,7 +53,7 @@ dependencies:
|
|
|
67
53
|
- !ruby/object:Gem::Version
|
|
68
54
|
version: '0'
|
|
69
55
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
56
|
+
name: simplecov
|
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
|
72
58
|
requirements:
|
|
73
59
|
- - ">="
|
|
@@ -81,7 +67,7 @@ dependencies:
|
|
|
81
67
|
- !ruby/object:Gem::Version
|
|
82
68
|
version: '0'
|
|
83
69
|
- !ruby/object:Gem::Dependency
|
|
84
|
-
name:
|
|
70
|
+
name: rake
|
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
|
86
72
|
requirements:
|
|
87
73
|
- - ">="
|
|
@@ -95,7 +81,7 @@ dependencies:
|
|
|
95
81
|
- !ruby/object:Gem::Version
|
|
96
82
|
version: '0'
|
|
97
83
|
- !ruby/object:Gem::Dependency
|
|
98
|
-
name:
|
|
84
|
+
name: byebug
|
|
99
85
|
requirement: !ruby/object:Gem::Requirement
|
|
100
86
|
requirements:
|
|
101
87
|
- - ">="
|
|
@@ -115,9 +101,10 @@ executables: []
|
|
|
115
101
|
extensions: []
|
|
116
102
|
extra_rdoc_files: []
|
|
117
103
|
files:
|
|
104
|
+
- ".github/workflows/specs.yml"
|
|
118
105
|
- ".gitignore"
|
|
119
106
|
- ".rspec"
|
|
120
|
-
- ".
|
|
107
|
+
- ".ruby-version"
|
|
121
108
|
- CHANGELOG.md
|
|
122
109
|
- Gemfile
|
|
123
110
|
- LICENSE.txt
|
|
@@ -125,6 +112,7 @@ files:
|
|
|
125
112
|
- Rakefile
|
|
126
113
|
- lib/restrict.rb
|
|
127
114
|
- lib/restrict/access_denied.rb
|
|
115
|
+
- lib/restrict/already_restricted_error.rb
|
|
128
116
|
- lib/restrict/configuration.rb
|
|
129
117
|
- lib/restrict/error.rb
|
|
130
118
|
- lib/restrict/gatekeeper.rb
|
|
@@ -134,6 +122,7 @@ files:
|
|
|
134
122
|
- lib/restrict/restriction.rb
|
|
135
123
|
- lib/restrict/rspec/matcher.rb
|
|
136
124
|
- lib/restrict/rspec/matcher_rspec2.rb
|
|
125
|
+
- lib/restrict/rspec/shared_example.rb
|
|
137
126
|
- lib/restrict/version.rb
|
|
138
127
|
- restrict.gemspec
|
|
139
128
|
- spec/lib/restrict/configuration_spec.rb
|
|
@@ -162,8 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
162
151
|
- !ruby/object:Gem::Version
|
|
163
152
|
version: '0'
|
|
164
153
|
requirements: []
|
|
165
|
-
|
|
166
|
-
rubygems_version: 2.6.4
|
|
154
|
+
rubygems_version: 3.1.4
|
|
167
155
|
signing_key:
|
|
168
156
|
specification_version: 4
|
|
169
157
|
summary: Simple access control dsl for controllers.
|
|
@@ -175,4 +163,3 @@ test_files:
|
|
|
175
163
|
- spec/lib/restrict/rspec/matcher_spec.rb
|
|
176
164
|
- spec/lib/restrict_spec.rb
|
|
177
165
|
- spec/spec_helper.rb
|
|
178
|
-
has_rdoc:
|