restrict 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/specs.yml +34 -0
- data/.ruby-version +1 -1
- data/CHANGELOG.md +3 -0
- data/README.md +33 -1
- data/lib/restrict/gatekeeper.rb +1 -6
- data/lib/restrict/restriction.rb +19 -4
- data/lib/restrict/version.rb +1 -1
- data/restrict.gemspec +1 -1
- data/spec/lib/restrict/restriction_spec.rb +48 -0
- data/spec/spec_helper.rb +19 -0
- metadata +8 -8
- data/.travis.yml +0 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f62175faf4d52862724714686cac041256b2310829585c3aca3727b134ce0055
|
4
|
+
data.tar.gz: f2417075e72d6fb292c0c0e96070c333736d9bad1ee42ccb8c9e5843f854971e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0c8c6c12db208e9ad82f0f2e6ee92fe6cb2224a89c7dbab817caf0e07f23290c9f217c724908bf6cdd96205fdb73129f21d17ed68414736b126f630624b83ab1
|
7
|
+
data.tar.gz: c067669909c1aa082fcee9241ddf8688dc9a03464ff19d66fb0686175cd1e222604c6ba0d7971fc0e379d11a9e388fc14e1f64cd66af87aefa6ccff65e226d53
|
@@ -0,0 +1,34 @@
|
|
1
|
+
name: Specs
|
2
|
+
|
3
|
+
on:
|
4
|
+
pull_request:
|
5
|
+
branches:
|
6
|
+
- 'master'
|
7
|
+
push:
|
8
|
+
branches:
|
9
|
+
- 'master'
|
10
|
+
|
11
|
+
jobs:
|
12
|
+
build:
|
13
|
+
runs-on: ubuntu-latest
|
14
|
+
|
15
|
+
steps:
|
16
|
+
- uses: actions/checkout@v1
|
17
|
+
|
18
|
+
- name: Set up Ruby 2.7
|
19
|
+
uses: actions/setup-ruby@v1
|
20
|
+
with:
|
21
|
+
ruby-version: 2.7.x
|
22
|
+
|
23
|
+
- name: bundle
|
24
|
+
env:
|
25
|
+
RAILS_ENV: test
|
26
|
+
run: |
|
27
|
+
gem install bundler
|
28
|
+
bundle install --jobs 4 --retry 3
|
29
|
+
|
30
|
+
- name: Run Tests
|
31
|
+
env:
|
32
|
+
RAILS_ENV: test
|
33
|
+
run: |
|
34
|
+
bundle exec rspec
|
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
2.
|
1
|
+
2.7.1
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
A rails controller extension, that gives you the possibility to restrict access to your controller actions.
|
4
4
|
|
5
|
-
|
5
|
+
![Specs](https://github.com/xijo/restrict/workflows/Specs/badge.svg) [![Gem Version](https://badge.fury.io/rb/restrict.png)](http://badge.fury.io/rb/restrict) [![Code Climate](https://codeclimate.com/github/xijo/restrict.png)](https://codeclimate.com/github/xijo/restrict) [![Code Climate](https://codeclimate.com/github/xijo/restrict/coverage.png)](https://codeclimate.com/github/xijo/restrict)
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
@@ -49,6 +49,38 @@ restrict
|
|
49
49
|
|
50
50
|
This one will apply to all actions on this controller. It takes the `unless` option as well.
|
51
51
|
|
52
|
+
### Restrict with specific object
|
53
|
+
|
54
|
+
One may pass `on` to a `restrict` call in a controller.
|
55
|
+
|
56
|
+
If `on` is set, it evaluates the given method.
|
57
|
+
If it returns nil, it raises an error.
|
58
|
+
If an object is returned, it will be send while evaluating the `unless`
|
59
|
+
condition.
|
60
|
+
|
61
|
+
Example
|
62
|
+
|
63
|
+
```
|
64
|
+
class ItemController
|
65
|
+
restrict :show, unless: :manager_of?, on: :load_item
|
66
|
+
|
67
|
+
def show
|
68
|
+
end
|
69
|
+
|
70
|
+
private
|
71
|
+
|
72
|
+
def manager_of?(item)
|
73
|
+
current_user == item.manager
|
74
|
+
end
|
75
|
+
|
76
|
+
def load_item
|
77
|
+
@item = Item.find(params[:id])
|
78
|
+
end
|
79
|
+
end
|
80
|
+
```
|
81
|
+
|
82
|
+
Aliases for `on` are: `of`, `object`
|
83
|
+
|
52
84
|
### Configuration
|
53
85
|
|
54
86
|
```ruby
|
data/lib/restrict/gatekeeper.rb
CHANGED
@@ -15,12 +15,7 @@ module Restrict
|
|
15
15
|
|
16
16
|
def handle_restriction(restriction, controller)
|
17
17
|
validate_signed_in(controller)
|
18
|
-
|
19
|
-
if restriction.unless
|
20
|
-
unless controller.__send__(restriction.unless)
|
21
|
-
raise Restrict::AccessDenied, reason: restriction
|
22
|
-
end
|
23
|
-
end
|
18
|
+
restriction.validate(controller)
|
24
19
|
end
|
25
20
|
|
26
21
|
def concerning_restrictions(controller)
|
data/lib/restrict/restriction.rb
CHANGED
@@ -1,17 +1,32 @@
|
|
1
1
|
module Restrict
|
2
2
|
class Restriction
|
3
|
-
attr_accessor :actions, :unless
|
3
|
+
attr_accessor :actions, :options, :unless, :on
|
4
4
|
|
5
5
|
def initialize(*args)
|
6
|
-
options = args.extract_options!
|
7
|
-
@unless
|
8
|
-
@
|
6
|
+
@options = args.extract_options!
|
7
|
+
@unless = @options[:unless]
|
8
|
+
@on = @options[:on] || options[:of] || options[:object]
|
9
|
+
@actions = args
|
9
10
|
end
|
10
11
|
|
11
12
|
def applies_to?(action)
|
12
13
|
applies_to_action?(action) || applies_to_all_actions?
|
13
14
|
end
|
14
15
|
|
16
|
+
def validate(controller)
|
17
|
+
@unless or return
|
18
|
+
|
19
|
+
unless_args = []
|
20
|
+
if @on
|
21
|
+
object = controller.__send__(on)
|
22
|
+
unless_args << object or raise Restrict::AccessDenied, reason: 'object given was #{object.inspect}'
|
23
|
+
end
|
24
|
+
|
25
|
+
unless controller.__send__(@unless, *unless_args)
|
26
|
+
raise Restrict::AccessDenied, reason: self
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
15
30
|
private
|
16
31
|
|
17
32
|
def applies_to_all_actions?
|
data/lib/restrict/version.rb
CHANGED
data/restrict.gemspec
CHANGED
@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_dependency 'rails', '> 3.0'
|
22
22
|
|
23
|
-
spec.add_development_dependency 'bundler'
|
23
|
+
spec.add_development_dependency 'bundler'
|
24
24
|
spec.add_development_dependency 'rspec'
|
25
25
|
spec.add_development_dependency 'simplecov'
|
26
26
|
spec.add_development_dependency 'rake'
|
@@ -28,4 +28,52 @@ describe Restrict::Restriction do
|
|
28
28
|
expect(restriction).to be_applies_to(:bar)
|
29
29
|
end
|
30
30
|
end
|
31
|
+
|
32
|
+
describe '#validate' do
|
33
|
+
describe 'with :on option' do
|
34
|
+
let(:controller) { ObjectController.new }
|
35
|
+
|
36
|
+
it 'does not raise if no condition was given' do
|
37
|
+
restriction = Restrict::Restriction.new on: :managed_object
|
38
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
39
|
+
end
|
40
|
+
|
41
|
+
it 'does not raise an error if `on` and `unless` match' do
|
42
|
+
restriction = Restrict::Restriction.new on: :managed_object, unless: :manager_of?
|
43
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
44
|
+
end
|
45
|
+
|
46
|
+
it 'raises an error if `unless` does not work on `on`' do
|
47
|
+
restriction = Restrict::Restriction.new on: :rougue_object, unless: :manager_of?
|
48
|
+
expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
|
49
|
+
end
|
50
|
+
|
51
|
+
it 'raises an error if `on` is nil' do
|
52
|
+
restriction = Restrict::Restriction.new on: :nil_object, unless: :manager_of?
|
53
|
+
expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
|
54
|
+
end
|
55
|
+
|
56
|
+
it 'works with aliases' do
|
57
|
+
restriction = Restrict::Restriction.new of: :managed_object, unless: :manager_of?
|
58
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
59
|
+
|
60
|
+
restriction = Restrict::Restriction.new object: :managed_object, unless: :manager_of?
|
61
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
describe 'without :on option' do
|
66
|
+
let(:controller) { ExampleController.new }
|
67
|
+
|
68
|
+
it 'does not raise an error if `unless` works' do
|
69
|
+
restriction = Restrict::Restriction.new unless: :truthy
|
70
|
+
expect { restriction.validate(controller) }.not_to raise_error
|
71
|
+
end
|
72
|
+
|
73
|
+
it 'raises an error if `unless` does not work' do
|
74
|
+
restriction = Restrict::Restriction.new unless: :falsy
|
75
|
+
expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
31
79
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -55,3 +55,22 @@ end
|
|
55
55
|
class BottomLineController < InheritingController
|
56
56
|
include Restrict::Rails::Controller
|
57
57
|
end
|
58
|
+
|
59
|
+
class ObjectController < ExampleController
|
60
|
+
def manager_of?(obj)
|
61
|
+
obj == :managed
|
62
|
+
end
|
63
|
+
|
64
|
+
private
|
65
|
+
|
66
|
+
def managed_object
|
67
|
+
:managed
|
68
|
+
end
|
69
|
+
|
70
|
+
def rougue_object
|
71
|
+
:other
|
72
|
+
end
|
73
|
+
|
74
|
+
def nil_object
|
75
|
+
end
|
76
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: restrict
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Johannes Opper
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-05-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -28,16 +28,16 @@ dependencies:
|
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
33
|
+
version: '0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
40
|
+
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: rspec
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -101,10 +101,10 @@ executables: []
|
|
101
101
|
extensions: []
|
102
102
|
extra_rdoc_files: []
|
103
103
|
files:
|
104
|
+
- ".github/workflows/specs.yml"
|
104
105
|
- ".gitignore"
|
105
106
|
- ".rspec"
|
106
107
|
- ".ruby-version"
|
107
|
-
- ".travis.yml"
|
108
108
|
- CHANGELOG.md
|
109
109
|
- Gemfile
|
110
110
|
- LICENSE.txt
|
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: '0'
|
153
153
|
requirements: []
|
154
|
-
rubygems_version: 3.
|
154
|
+
rubygems_version: 3.1.2
|
155
155
|
signing_key:
|
156
156
|
specification_version: 4
|
157
157
|
summary: Simple access control dsl for controllers.
|