right_on 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 440d9cc6f2bd3abd809e3a57bb7c62e6086ba1c9
-  data.tar.gz: ca7322b951d1f21f126c055f4ca9c69540c0075f
+  metadata.gz: 47a774795b314e80b1177664e0cd976febaa14c1
+  data.tar.gz: cf508fd4630a43d912fd91a9d9b1efa3b7167fdf
 SHA512:
-  metadata.gz: 40ac1d0adebc602bb7b7d051a6b679d0f3a28e7edf79a6b873fc9a3bb25c100b3604f83818aa67991b9dde0ac67e0744964080fc4e4fe0b581e6c8ab1644347e
-  data.tar.gz: 7c8b1ffba321fc5098f516a76105c7e6454aef06fcf0af0e9bb741b3ec92138ae82ab98af0c19ba45ca5f8cb2cee6956abdeab2c69967ca28ab5adc2881e65a7
+  metadata.gz: d43bab3c7da9f1b0828b15f1ec2e1c8101d2dfa9d39e36cc2915fbb09af250a8cd86582e940bf743ff06a4b20ccbd3347f1d7f528da5cc6b21f21a1741794478
+  data.tar.gz: abb42ecc1c3d731988a07b007a87d2bb7088550cab5627835b5426bc806e239b068b04c1bd91dc53e07562f463c671c2b78c8edf7e50d9fd825a79549d5eb419

data/CHANGELOG.md

@@ -3,6 +3,16 @@ All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).  
 This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).  
 
+## Unreleased
+
+## 0.3.0
+
+### Fixed
+- Caching of rights in memory (causing tenant issues)
+
+### Removed
+- restricted_by_right no longer supported
+
 ## 0.2.0
 
 ### Added

data/lib/right_on.rb

@@ -1,10 +1,6 @@
 module RightOn
   require 'active_record'
 
-  require 'dependent_restrict'
-  require 'right_on/restricted_by_right'
-  ActiveRecord::Base.send(:include, RestrictedByRight)
-
   require 'rails'
   require 'right_on/railtie'
   require 'right_on/rights_manager'

data/lib/right_on/by_group.rb

@@ -0,0 +1,47 @@
+module RightOn
+  class ByGroup
+    def initialize
+      @rights_by_name = Hash[Right.all.map{|r| [r.name, r]}]
+    end
+
+    def by_groups
+      rights = regular_rights_with_group
+      rights += (Right.all - rights)
+      rights.group_by(&:group)
+    end
+
+    private
+
+    def regular_rights_with_group
+      RightOn::Right.yaml_rights.each_pair.flat_map do |group, right_names|
+        right_names
+          .flat_map { |right_name| right_name_to_rights(right_name) }
+          .each { |r| r.group = group }
+      end
+    end
+
+    def right_name_to_rights(right_name)
+      case right_name
+      when String # controller
+        [rights_by_name!(right_name)]
+      when Hash # controller + actions
+        controller, actions = right_name.first
+        controller_rights(controller) + action_rights(controller, actions)
+      end
+    end
+
+    def controller_rights(controller)
+      r = @rights_by_name[controller]
+      return [] unless r
+      [r]
+    end
+
+    def action_rights(controller, actions)
+      actions.map { |action| rights_by_name!("#{controller}##{action}") }
+    end
+
+    def rights_by_name!(name)
+      @rights_by_name[name] or fail name.inspect
+    end
+  end
+end

data/lib/right_on/rails.rb

@@ -1,5 +1,6 @@
 require 'right_on/role_model'
 require 'right_on/right'
 require 'right_on/role'
+require 'right_on/by_group'
 require 'right_on/action_controller_extensions'
 require 'right_on/permission_denied_response'

data/lib/right_on/right.rb

@@ -16,78 +16,17 @@ module RightOn
     attr_accessor :group
 
     class << self
-      @@restricted_by_right_classes = []
-
-      def associate_group(klass, group)
-        # Prevent issues when reloading class using restricted_by_right
-        unless @@restricted_by_right_classes.include?(klass)
-          @@restricted_by_right_classes << klass
-        end
-        has_one klass.table_name.singularize.to_sym, dependent: :restrict_with_exception
-      end
-
       def rights_yaml(file_path)
         @@rights_yaml = file_path
       end
 
       def by_groups
-        rights = regular_rights_with_group + restricted_rights_with_group
-        rights += (Right.all - rights)
-        rights.group_by(&:group)
-      end
-
-      def regular_rights_with_group
-        yaml_rights.each_pair.flat_map do |group, right_names|
-          right_names
-            .flat_map { |right_name| right_name_to_rights(right_name) }
-            .each { |r| r.group = group }
-        end
+        RightOn::ByGroup.new.by_groups
       end
 
       def yaml_rights
         YAML::load_file(@@rights_yaml)['rights']
       end
-
-      def right_name_to_rights(right_name)
-        case right_name
-        when String # controller
-          [rights_by_name!(right_name)]
-        when Hash # controller + actions
-          controller, actions = right_name.first
-          controller_rights(controller) + action_rights(controller, actions)
-        end
-      end
-
-      def controller_rights(controller)
-        r = rights_by_name[controller]
-        return [] unless r
-        [r]
-      end
-
-      def action_rights(controller, actions)
-        actions.map { |action| rights_by_name!("#{controller}##{action}") }
-      end
-
-      def rights_by_name
-        @rights_by_name ||= Hash[Right.all.map{|r| [r.name, r]}]
-      end
-
-      def rights_by_name!(name)
-        rights_by_name[name] or fail name.inspect
-      end
-
-      def restricted_rights_with_group
-        @@restricted_by_right_classes.flat_map do |klass|
-          group = klass.restricted_by_right_group
-          all_rights(klass).map(&:right).sort_by(&:name).each do |right|
-            right.group = group
-          end
-        end
-      end
-
-      def all_rights(klass)
-        klass.includes(:right).all
-      end
     end
 
     # Is this right allowed for the given context?

data/lib/right_on/role_model.rb

@@ -5,10 +5,6 @@ module RightOn
       Role.module_eval "has_and_belongs_to_many :#{base.table_name}"
     end
 
-    def roles_allowed_to_assign
-      Role.accessible_to(self)
-    end
-
     def rights
       @rights ||=
         Right
@@ -17,15 +13,6 @@ module RightOn
           .where('rights_roles.role_id IN (?)', role_ids)
     end
 
-    def has_access_to?(client_type)
-      has_right?(client_type.right)
-    end
-
-    def has_right?(right_or_string)
-      right = right_or_string.is_a?(Right) ? right_or_string : Right.find_by_name(right_or_string)
-      rights.include?(right)
-    end
-
     def has_privileges_of?(other_user)
       (other_user.rights - rights).empty?
     end

data/lib/right_on/version.rb

@@ -1,3 +1,3 @@
 module RightOn
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

data/right_on.gemspec

@@ -20,7 +20,6 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'activerecord', '>= 3.2.0'
   spec.add_dependency 'activesupport', '>= 3.2.0'
-  spec.add_dependency 'dependent_restrict', '>= 0.2.3'
   spec.add_dependency 'input_reader', '~> 0.0'
   spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'rake'

data/spec/permission_defnied_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+describe RightOn::PermissionDeniedResponse do
+  let(:controller_action_options) { { controller: 'users', action: 'destroy' } }
+  let(:params) { { controller: 'users' } }
+  subject { RightOn::PermissionDeniedResponse.new(params, controller_action_options) }
+
+  let(:allowed) {
+    double(name: 'create_user', allowed?: true, roles: [double(title: 'Users')])
+  }
+  let(:denied) { double(allowed?: false) }
+
+  let(:no_right_for_page) {
+    'No right is defined for this page: users. '\
+    'Contact your system manager to notify this problem.'
+  }
+  let(:no_roles_for_page) { 'N/A (as no right is assigned for this action)' }
+
+  before do
+    stub_const 'RightOn::Right', double(all: [right])
+  end
+
+  context '#text_message' do
+    context 'when right exists' do
+      let(:right) { allowed }
+
+      specify {
+        expect(subject.text_message).to eq(
+          "You are not authorised to perform the requested operation.\n"\
+          "Right required: #[Double (anonymous)]\n"\
+          "This right is given to the following roles: Users.\n"\
+          "Contact your system manager to be given this right.\n"
+        )
+      }
+    end
+
+    context 'when right not allowed' do
+      let(:right) { denied }
+      specify { expect(subject.text_message).to eq no_right_for_page }
+    end
+  end
+
+  context '#to_json' do
+    context 'when right exists' do
+      let(:right) { allowed }
+      specify {
+        expect(subject.to_json).to eq(
+          error: 'Permission Denied',
+          right_allowed: 'create_user',
+          roles_for_right: ['Users']
+        )
+      }
+    end
+
+    context 'when right allowed' do
+      let(:right) { denied }
+      specify {
+        expect(subject.to_json).to eq(
+          error: 'Permission Denied',
+          right_allowed: no_right_for_page,
+          roles_for_right: no_roles_for_page
+        )
+      }
+    end
+  end
+end

data/spec/right_on_spec.rb

@@ -29,31 +29,17 @@ describe RightOn::Right do
   end
 
   it 'should display nicely with sensible_name and to_s' do
-    expect(@model.right.to_s).to eq 'Model: Test'
     expect(@other.to_s).to eq 'models'
     expect(@index.to_s).to eq 'models#index'
 
-    expect(@model.right.sensible_name).to eq 'Model: Test'
     expect(@other.sensible_name).to eq 'Models'
     expect(@index.sensible_name).to eq 'Models - Index'
   end
 
-  it 'should create right for restricted right' do
-    right = @model.right
-    expect(right).to_not be_nil
-    expect(right.name).to eq 'Model: Test'
-    expect{right.destroy}.to raise_error(ActiveRecord::DetailedDeleteRestrictionError)
-  end
-
   it 'should identify correct groups' do
-    rights = RightOn::Right.regular_rights_with_group.sort_by{|r| r.name} # Sort for ruby 1.9 compatibility
-    expect(rights.map(&:name)).to eq %w(models models#change models#index models#view users)
-    expect(rights.map(&:group)).to eq %w(general general general general admin)
-
     expect(RightOn::Right.by_groups).to eq(
       'general' => [@other, @index, @view, @change],
-      'admin' => [@users],
-      'other' => [@model.right]
+      'admin' => [@users]
     )
   end
 
@@ -62,8 +48,6 @@ describe RightOn::Right do
     edit_action  = {:controller => 'models', :action => 'edit'}
     hello_action = {:controller => 'models', :action => 'hello'}
 
-    expect(@model.right.allowed?(index_action)).to eq false
-
     expect(@users.allowed?(:controller => 'users', :action => 'index')).to eq true
     expect(@users.allowed?(:controller => 'users', :action => 'edit' )).to eq true
     expect(@users.allowed?(:controller => 'users', :action => 'hello')).to eq true

data/spec/role_model_spec.rb

@@ -15,31 +15,14 @@ describe RightOn::RoleModel do
 
   it 'basic user should have no access' do
     expect(basic_user.rights).to be_empty
-    expect(basic_user.has_right?('Products')).to be false
-    expect(basic_user.has_right?(product_right)).to be false
   end
 
   it 'admin user should have full access' do
     expect(admin.rights.size).to eq 1
-    expect(admin.has_right?('Products')).to be true
-    expect(admin.has_right?(product_right)).to be true
   end
 
   it '#has_privileges_of?' do
     expect(admin.has_privileges_of?(basic_user)).to be true
     expect(basic_user.has_privileges_of?(admin)).to be false
   end
-
-  context 'when associating rights of other objects' do
-    let(:model1) { Model.create! }
-
-    before do
-      admin_role.rights << model1.right
-    end
-
-    it '#has_access_to?' do
-      expect(admin.has_access_to?(model1)).to be true
-      expect(basic_user.has_access_to?(model1)).to be false
-    end
-  end
 end

data/spec/spec_helper.rb

@@ -34,7 +34,6 @@ load('spec/schema.rb')
 RightOn::Right.rights_yaml 'db/rights_roles.yml'
 
 class Model < ActiveRecord::Base
-  restricted_by_right
 end
 
 class User < ActiveRecord::Base

data/spec/support/coverage_loader.rb

@@ -1,4 +1,4 @@
 require 'simplecov-rcov'
 require 'coveralls'
 require 'coverage/kit'
-Coverage::Kit.setup(minimum_coverage: 84.7)
+Coverage::Kit.setup(minimum_coverage: 91.7)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: right_on
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Michael Noack
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-02 00:00:00.000000000 Z
+date: 2017-08-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -39,20 +39,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 3.2.0
-- !ruby/object:Gem::Dependency
-  name: dependent_restrict
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.3
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.2.3
 - !ruby/object:Gem::Dependency
   name: input_reader
   requirement: !ruby/object:Gem::Requirement
@@ -200,13 +186,13 @@ files:
 - gemfiles/rails5.gemfile
 - lib/right_on.rb
 - lib/right_on/action_controller_extensions.rb
+- lib/right_on/by_group.rb
 - lib/right_on/generators/USAGE
 - lib/right_on/generators/right_migration_generator.rb
 - lib/right_on/generators/templates/right_migration.rb
 - lib/right_on/permission_denied_response.rb
 - lib/right_on/rails.rb
 - lib/right_on/railtie.rb
-- lib/right_on/restricted_by_right.rb
 - lib/right_on/right.rb
 - lib/right_on/rights_manager.rb
 - lib/right_on/role.rb
@@ -216,6 +202,7 @@ files:
 - lib/right_on/version.rb
 - right_on.gemspec
 - spec/action_controller_extensions_spec.rb
+- spec/permission_defnied_spec.rb
 - spec/right_on_spec.rb
 - spec/role_model_spec.rb
 - spec/schema.rb
@@ -250,6 +237,7 @@ specification_version: 4
 summary: Set of extensions to core rails to give rights and roles.
 test_files:
 - spec/action_controller_extensions_spec.rb
+- spec/permission_defnied_spec.rb
 - spec/right_on_spec.rb
 - spec/role_model_spec.rb
 - spec/schema.rb

data/lib/right_on/restricted_by_right.rb

@@ -1,56 +0,0 @@
-module RightOn
-  module RestrictedByRight
-
-    def self.included(base)
-      base.extend(ClassMethods)
-    end
-
-    module ClassMethods
-      def restricted_by_right(options = {})
-        options ||= {}
-        group = options.fetch(:group, 'other')
-
-        @right_on_config ||= {}
-        @right_on_config[:restricted_by_right_group] = group
-
-        Right.associate_group(self, group)
-
-        class << self
-          def accessible_to(user)
-            all.select{|o| user.rights.include?(o.right)}
-          end
-        end
-
-        include InstanceMethods
-
-        belongs_to :right, :class_name => 'RightOn::Right'
-        before_create :create_access_right!
-        after_destroy :destroy_access_right!
-      end
-
-      def restricted_by_right_group
-        (@right_on_config || {})[:restricted_by_right_group]
-      end
-    end
-
-    module InstanceMethods
-
-      private
-
-        def create_access_right!
-          right_name = "#{self.class.name.titleize}: #{name}"
-          self.right = find_right(right_name) || Right.create!(:name => right_name)
-        end
-
-        def find_right(name)
-          Right.find_by(:name => name)
-        end
-
-        def destroy_access_right!
-          self.right.try(:destroy)
-        end
-
-    end
-
-  end
-end