restricted_access 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +9 -0
- data/Rakefile +1 -1
- data/lib/restricted_access/controller.rb +20 -15
- data/lib/restricted_access/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 12693ef49b674bf4de045b247dd2369e5e70e03d
|
4
|
+
data.tar.gz: 73646b84274e0d922f882d242fc283a1d2ef750e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7e18c6628e4c6fff27133c04a7a466049749a4234b306af238f04966fa26cdc36c009657c4b8dab1b480ed8f451fcf539f460be701cc8b7e3a26c5f336c36bb4
|
7
|
+
data.tar.gz: 63f9052458cf37e4ff339ffa78da3dcd719abb0f90732a06b0354d17a337e1419306b8375f2b64378c8020515cc074a98c975560eca98b0d5a0b3d21bb1a31fd
|
data/README.md
CHANGED
@@ -28,6 +28,15 @@ Generate the config file with the generator, pass the resources as an argument.
|
|
28
28
|
rails g restricted_access:install -r user admin
|
29
29
|
```
|
30
30
|
|
31
|
+
```ruby
|
32
|
+
# config/initializers/restricted_access.rb
|
33
|
+
RestrictedAccess.configure do |conf|
|
34
|
+
require 'restricted_access/orm/mongoid'
|
35
|
+
# require 'restricted_access/orm/active_record'
|
36
|
+
conf.resources = [:user, :admin]
|
37
|
+
end
|
38
|
+
```
|
39
|
+
|
31
40
|
## Active Record
|
32
41
|
|
33
42
|
You have to run a migration to add the `:level` field to your model.
|
data/Rakefile
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require "bundler/gem_tasks"
|
1
|
+
require "bundler/gem_tasks"
|
@@ -2,28 +2,33 @@ module RestrictedAccess
|
|
2
2
|
module Controller
|
3
3
|
|
4
4
|
RestrictedAccess.resources.each do |resource_name|
|
5
|
-
klass = resource_name.to_s.classify.constantize
|
6
|
-
if klass
|
7
|
-
klass.accesses.
|
5
|
+
klass = resource_name.to_s.classify.constantize rescue nil
|
6
|
+
if klass
|
7
|
+
if klass.accesses.present?
|
8
|
+
klass.accesses.each do |access|
|
8
9
|
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
10
|
+
define_method "prevent_#{access.level}_#{resource_name}_access" do
|
11
|
+
current_resource = send("current_#{resource_name}")
|
12
|
+
if current_resource && current_resource.access <= klass.send(:access, access.level)
|
13
|
+
if respond_to?("restrict_#{resource_name}_access", true)
|
14
|
+
send("restrict_#{resource_name}_access")
|
15
|
+
else
|
16
|
+
send("restrict_#{current_resource.level}_#{resource_name}_access"
|
17
|
+
)
|
18
|
+
end
|
17
19
|
end
|
18
20
|
end
|
19
|
-
end
|
20
21
|
|
21
|
-
|
22
|
-
|
22
|
+
define_method "restrict_#{access.level}_#{resource_name}_access" do
|
23
|
+
redirect_to root_path, notice: 'You do not have access to this page' and return
|
24
|
+
end
|
23
25
|
end
|
26
|
+
else
|
27
|
+
puts("You defined a resource #{resource_name} in the RestrictedAccess initializer but you didn't define any access in the class #{klass}.")
|
24
28
|
end
|
29
|
+
else
|
30
|
+
puts("You defined a resource #{resource_name} in the RestrictedAccess initializer but no matching class can be found.")
|
25
31
|
end
|
26
|
-
|
27
32
|
end
|
28
33
|
|
29
34
|
end
|