right_on 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/lib/right_on.rb +0 -4
- data/lib/right_on/by_group.rb +47 -0
- data/lib/right_on/rails.rb +1 -0
- data/lib/right_on/right.rb +1 -62
- data/lib/right_on/role_model.rb +0 -13
- data/lib/right_on/version.rb +1 -1
- data/right_on.gemspec +0 -1
- data/spec/permission_defnied_spec.rb +66 -0
- data/spec/right_on_spec.rb +1 -17
- data/spec/role_model_spec.rb +0 -17
- data/spec/spec_helper.rb +0 -1
- data/spec/support/coverage_loader.rb +1 -1
- metadata +5 -17
- data/lib/right_on/restricted_by_right.rb +0 -56
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 47a774795b314e80b1177664e0cd976febaa14c1
|
4
|
+
data.tar.gz: cf508fd4630a43d912fd91a9d9b1efa3b7167fdf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d43bab3c7da9f1b0828b15f1ec2e1c8101d2dfa9d39e36cc2915fbb09af250a8cd86582e940bf743ff06a4b20ccbd3347f1d7f528da5cc6b21f21a1741794478
|
7
|
+
data.tar.gz: abb42ecc1c3d731988a07b007a87d2bb7088550cab5627835b5426bc806e239b068b04c1bd91dc53e07562f463c671c2b78c8edf7e50d9fd825a79549d5eb419
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,16 @@ All notable changes to this project will be documented in this file.
|
|
3
3
|
This project adheres to [Semantic Versioning](http://semver.org/).
|
4
4
|
This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
|
5
5
|
|
6
|
+
## Unreleased
|
7
|
+
|
8
|
+
## 0.3.0
|
9
|
+
|
10
|
+
### Fixed
|
11
|
+
- Caching of rights in memory (causing tenant issues)
|
12
|
+
|
13
|
+
### Removed
|
14
|
+
- restricted_by_right no longer supported
|
15
|
+
|
6
16
|
## 0.2.0
|
7
17
|
|
8
18
|
### Added
|
data/lib/right_on.rb
CHANGED
@@ -0,0 +1,47 @@
|
|
1
|
+
module RightOn
|
2
|
+
class ByGroup
|
3
|
+
def initialize
|
4
|
+
@rights_by_name = Hash[Right.all.map{|r| [r.name, r]}]
|
5
|
+
end
|
6
|
+
|
7
|
+
def by_groups
|
8
|
+
rights = regular_rights_with_group
|
9
|
+
rights += (Right.all - rights)
|
10
|
+
rights.group_by(&:group)
|
11
|
+
end
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
def regular_rights_with_group
|
16
|
+
RightOn::Right.yaml_rights.each_pair.flat_map do |group, right_names|
|
17
|
+
right_names
|
18
|
+
.flat_map { |right_name| right_name_to_rights(right_name) }
|
19
|
+
.each { |r| r.group = group }
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
def right_name_to_rights(right_name)
|
24
|
+
case right_name
|
25
|
+
when String # controller
|
26
|
+
[rights_by_name!(right_name)]
|
27
|
+
when Hash # controller + actions
|
28
|
+
controller, actions = right_name.first
|
29
|
+
controller_rights(controller) + action_rights(controller, actions)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
def controller_rights(controller)
|
34
|
+
r = @rights_by_name[controller]
|
35
|
+
return [] unless r
|
36
|
+
[r]
|
37
|
+
end
|
38
|
+
|
39
|
+
def action_rights(controller, actions)
|
40
|
+
actions.map { |action| rights_by_name!("#{controller}##{action}") }
|
41
|
+
end
|
42
|
+
|
43
|
+
def rights_by_name!(name)
|
44
|
+
@rights_by_name[name] or fail name.inspect
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
data/lib/right_on/rails.rb
CHANGED
data/lib/right_on/right.rb
CHANGED
@@ -16,78 +16,17 @@ module RightOn
|
|
16
16
|
attr_accessor :group
|
17
17
|
|
18
18
|
class << self
|
19
|
-
@@restricted_by_right_classes = []
|
20
|
-
|
21
|
-
def associate_group(klass, group)
|
22
|
-
# Prevent issues when reloading class using restricted_by_right
|
23
|
-
unless @@restricted_by_right_classes.include?(klass)
|
24
|
-
@@restricted_by_right_classes << klass
|
25
|
-
end
|
26
|
-
has_one klass.table_name.singularize.to_sym, dependent: :restrict_with_exception
|
27
|
-
end
|
28
|
-
|
29
19
|
def rights_yaml(file_path)
|
30
20
|
@@rights_yaml = file_path
|
31
21
|
end
|
32
22
|
|
33
23
|
def by_groups
|
34
|
-
|
35
|
-
rights += (Right.all - rights)
|
36
|
-
rights.group_by(&:group)
|
37
|
-
end
|
38
|
-
|
39
|
-
def regular_rights_with_group
|
40
|
-
yaml_rights.each_pair.flat_map do |group, right_names|
|
41
|
-
right_names
|
42
|
-
.flat_map { |right_name| right_name_to_rights(right_name) }
|
43
|
-
.each { |r| r.group = group }
|
44
|
-
end
|
24
|
+
RightOn::ByGroup.new.by_groups
|
45
25
|
end
|
46
26
|
|
47
27
|
def yaml_rights
|
48
28
|
YAML::load_file(@@rights_yaml)['rights']
|
49
29
|
end
|
50
|
-
|
51
|
-
def right_name_to_rights(right_name)
|
52
|
-
case right_name
|
53
|
-
when String # controller
|
54
|
-
[rights_by_name!(right_name)]
|
55
|
-
when Hash # controller + actions
|
56
|
-
controller, actions = right_name.first
|
57
|
-
controller_rights(controller) + action_rights(controller, actions)
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
def controller_rights(controller)
|
62
|
-
r = rights_by_name[controller]
|
63
|
-
return [] unless r
|
64
|
-
[r]
|
65
|
-
end
|
66
|
-
|
67
|
-
def action_rights(controller, actions)
|
68
|
-
actions.map { |action| rights_by_name!("#{controller}##{action}") }
|
69
|
-
end
|
70
|
-
|
71
|
-
def rights_by_name
|
72
|
-
@rights_by_name ||= Hash[Right.all.map{|r| [r.name, r]}]
|
73
|
-
end
|
74
|
-
|
75
|
-
def rights_by_name!(name)
|
76
|
-
rights_by_name[name] or fail name.inspect
|
77
|
-
end
|
78
|
-
|
79
|
-
def restricted_rights_with_group
|
80
|
-
@@restricted_by_right_classes.flat_map do |klass|
|
81
|
-
group = klass.restricted_by_right_group
|
82
|
-
all_rights(klass).map(&:right).sort_by(&:name).each do |right|
|
83
|
-
right.group = group
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
def all_rights(klass)
|
89
|
-
klass.includes(:right).all
|
90
|
-
end
|
91
30
|
end
|
92
31
|
|
93
32
|
# Is this right allowed for the given context?
|
data/lib/right_on/role_model.rb
CHANGED
@@ -5,10 +5,6 @@ module RightOn
|
|
5
5
|
Role.module_eval "has_and_belongs_to_many :#{base.table_name}"
|
6
6
|
end
|
7
7
|
|
8
|
-
def roles_allowed_to_assign
|
9
|
-
Role.accessible_to(self)
|
10
|
-
end
|
11
|
-
|
12
8
|
def rights
|
13
9
|
@rights ||=
|
14
10
|
Right
|
@@ -17,15 +13,6 @@ module RightOn
|
|
17
13
|
.where('rights_roles.role_id IN (?)', role_ids)
|
18
14
|
end
|
19
15
|
|
20
|
-
def has_access_to?(client_type)
|
21
|
-
has_right?(client_type.right)
|
22
|
-
end
|
23
|
-
|
24
|
-
def has_right?(right_or_string)
|
25
|
-
right = right_or_string.is_a?(Right) ? right_or_string : Right.find_by_name(right_or_string)
|
26
|
-
rights.include?(right)
|
27
|
-
end
|
28
|
-
|
29
16
|
def has_privileges_of?(other_user)
|
30
17
|
(other_user.rights - rights).empty?
|
31
18
|
end
|
data/lib/right_on/version.rb
CHANGED
data/right_on.gemspec
CHANGED
@@ -20,7 +20,6 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_dependency 'activerecord', '>= 3.2.0'
|
22
22
|
spec.add_dependency 'activesupport', '>= 3.2.0'
|
23
|
-
spec.add_dependency 'dependent_restrict', '>= 0.2.3'
|
24
23
|
spec.add_dependency 'input_reader', '~> 0.0'
|
25
24
|
spec.add_development_dependency 'bundler', '~> 1.3'
|
26
25
|
spec.add_development_dependency 'rake'
|
@@ -0,0 +1,66 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe RightOn::PermissionDeniedResponse do
|
4
|
+
let(:controller_action_options) { { controller: 'users', action: 'destroy' } }
|
5
|
+
let(:params) { { controller: 'users' } }
|
6
|
+
subject { RightOn::PermissionDeniedResponse.new(params, controller_action_options) }
|
7
|
+
|
8
|
+
let(:allowed) {
|
9
|
+
double(name: 'create_user', allowed?: true, roles: [double(title: 'Users')])
|
10
|
+
}
|
11
|
+
let(:denied) { double(allowed?: false) }
|
12
|
+
|
13
|
+
let(:no_right_for_page) {
|
14
|
+
'No right is defined for this page: users. '\
|
15
|
+
'Contact your system manager to notify this problem.'
|
16
|
+
}
|
17
|
+
let(:no_roles_for_page) { 'N/A (as no right is assigned for this action)' }
|
18
|
+
|
19
|
+
before do
|
20
|
+
stub_const 'RightOn::Right', double(all: [right])
|
21
|
+
end
|
22
|
+
|
23
|
+
context '#text_message' do
|
24
|
+
context 'when right exists' do
|
25
|
+
let(:right) { allowed }
|
26
|
+
|
27
|
+
specify {
|
28
|
+
expect(subject.text_message).to eq(
|
29
|
+
"You are not authorised to perform the requested operation.\n"\
|
30
|
+
"Right required: #[Double (anonymous)]\n"\
|
31
|
+
"This right is given to the following roles: Users.\n"\
|
32
|
+
"Contact your system manager to be given this right.\n"
|
33
|
+
)
|
34
|
+
}
|
35
|
+
end
|
36
|
+
|
37
|
+
context 'when right not allowed' do
|
38
|
+
let(:right) { denied }
|
39
|
+
specify { expect(subject.text_message).to eq no_right_for_page }
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
context '#to_json' do
|
44
|
+
context 'when right exists' do
|
45
|
+
let(:right) { allowed }
|
46
|
+
specify {
|
47
|
+
expect(subject.to_json).to eq(
|
48
|
+
error: 'Permission Denied',
|
49
|
+
right_allowed: 'create_user',
|
50
|
+
roles_for_right: ['Users']
|
51
|
+
)
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
context 'when right allowed' do
|
56
|
+
let(:right) { denied }
|
57
|
+
specify {
|
58
|
+
expect(subject.to_json).to eq(
|
59
|
+
error: 'Permission Denied',
|
60
|
+
right_allowed: no_right_for_page,
|
61
|
+
roles_for_right: no_roles_for_page
|
62
|
+
)
|
63
|
+
}
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
data/spec/right_on_spec.rb
CHANGED
@@ -29,31 +29,17 @@ describe RightOn::Right do
|
|
29
29
|
end
|
30
30
|
|
31
31
|
it 'should display nicely with sensible_name and to_s' do
|
32
|
-
expect(@model.right.to_s).to eq 'Model: Test'
|
33
32
|
expect(@other.to_s).to eq 'models'
|
34
33
|
expect(@index.to_s).to eq 'models#index'
|
35
34
|
|
36
|
-
expect(@model.right.sensible_name).to eq 'Model: Test'
|
37
35
|
expect(@other.sensible_name).to eq 'Models'
|
38
36
|
expect(@index.sensible_name).to eq 'Models - Index'
|
39
37
|
end
|
40
38
|
|
41
|
-
it 'should create right for restricted right' do
|
42
|
-
right = @model.right
|
43
|
-
expect(right).to_not be_nil
|
44
|
-
expect(right.name).to eq 'Model: Test'
|
45
|
-
expect{right.destroy}.to raise_error(ActiveRecord::DetailedDeleteRestrictionError)
|
46
|
-
end
|
47
|
-
|
48
39
|
it 'should identify correct groups' do
|
49
|
-
rights = RightOn::Right.regular_rights_with_group.sort_by{|r| r.name} # Sort for ruby 1.9 compatibility
|
50
|
-
expect(rights.map(&:name)).to eq %w(models models#change models#index models#view users)
|
51
|
-
expect(rights.map(&:group)).to eq %w(general general general general admin)
|
52
|
-
|
53
40
|
expect(RightOn::Right.by_groups).to eq(
|
54
41
|
'general' => [@other, @index, @view, @change],
|
55
|
-
'admin' => [@users]
|
56
|
-
'other' => [@model.right]
|
42
|
+
'admin' => [@users]
|
57
43
|
)
|
58
44
|
end
|
59
45
|
|
@@ -62,8 +48,6 @@ describe RightOn::Right do
|
|
62
48
|
edit_action = {:controller => 'models', :action => 'edit'}
|
63
49
|
hello_action = {:controller => 'models', :action => 'hello'}
|
64
50
|
|
65
|
-
expect(@model.right.allowed?(index_action)).to eq false
|
66
|
-
|
67
51
|
expect(@users.allowed?(:controller => 'users', :action => 'index')).to eq true
|
68
52
|
expect(@users.allowed?(:controller => 'users', :action => 'edit' )).to eq true
|
69
53
|
expect(@users.allowed?(:controller => 'users', :action => 'hello')).to eq true
|
data/spec/role_model_spec.rb
CHANGED
@@ -15,31 +15,14 @@ describe RightOn::RoleModel do
|
|
15
15
|
|
16
16
|
it 'basic user should have no access' do
|
17
17
|
expect(basic_user.rights).to be_empty
|
18
|
-
expect(basic_user.has_right?('Products')).to be false
|
19
|
-
expect(basic_user.has_right?(product_right)).to be false
|
20
18
|
end
|
21
19
|
|
22
20
|
it 'admin user should have full access' do
|
23
21
|
expect(admin.rights.size).to eq 1
|
24
|
-
expect(admin.has_right?('Products')).to be true
|
25
|
-
expect(admin.has_right?(product_right)).to be true
|
26
22
|
end
|
27
23
|
|
28
24
|
it '#has_privileges_of?' do
|
29
25
|
expect(admin.has_privileges_of?(basic_user)).to be true
|
30
26
|
expect(basic_user.has_privileges_of?(admin)).to be false
|
31
27
|
end
|
32
|
-
|
33
|
-
context 'when associating rights of other objects' do
|
34
|
-
let(:model1) { Model.create! }
|
35
|
-
|
36
|
-
before do
|
37
|
-
admin_role.rights << model1.right
|
38
|
-
end
|
39
|
-
|
40
|
-
it '#has_access_to?' do
|
41
|
-
expect(admin.has_access_to?(model1)).to be true
|
42
|
-
expect(basic_user.has_access_to?(model1)).to be false
|
43
|
-
end
|
44
|
-
end
|
45
28
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: right_on
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Noack
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2017-
|
12
|
+
date: 2017-08-03 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|
@@ -39,20 +39,6 @@ dependencies:
|
|
39
39
|
- - ">="
|
40
40
|
- !ruby/object:Gem::Version
|
41
41
|
version: 3.2.0
|
42
|
-
- !ruby/object:Gem::Dependency
|
43
|
-
name: dependent_restrict
|
44
|
-
requirement: !ruby/object:Gem::Requirement
|
45
|
-
requirements:
|
46
|
-
- - ">="
|
47
|
-
- !ruby/object:Gem::Version
|
48
|
-
version: 0.2.3
|
49
|
-
type: :runtime
|
50
|
-
prerelease: false
|
51
|
-
version_requirements: !ruby/object:Gem::Requirement
|
52
|
-
requirements:
|
53
|
-
- - ">="
|
54
|
-
- !ruby/object:Gem::Version
|
55
|
-
version: 0.2.3
|
56
42
|
- !ruby/object:Gem::Dependency
|
57
43
|
name: input_reader
|
58
44
|
requirement: !ruby/object:Gem::Requirement
|
@@ -200,13 +186,13 @@ files:
|
|
200
186
|
- gemfiles/rails5.gemfile
|
201
187
|
- lib/right_on.rb
|
202
188
|
- lib/right_on/action_controller_extensions.rb
|
189
|
+
- lib/right_on/by_group.rb
|
203
190
|
- lib/right_on/generators/USAGE
|
204
191
|
- lib/right_on/generators/right_migration_generator.rb
|
205
192
|
- lib/right_on/generators/templates/right_migration.rb
|
206
193
|
- lib/right_on/permission_denied_response.rb
|
207
194
|
- lib/right_on/rails.rb
|
208
195
|
- lib/right_on/railtie.rb
|
209
|
-
- lib/right_on/restricted_by_right.rb
|
210
196
|
- lib/right_on/right.rb
|
211
197
|
- lib/right_on/rights_manager.rb
|
212
198
|
- lib/right_on/role.rb
|
@@ -216,6 +202,7 @@ files:
|
|
216
202
|
- lib/right_on/version.rb
|
217
203
|
- right_on.gemspec
|
218
204
|
- spec/action_controller_extensions_spec.rb
|
205
|
+
- spec/permission_defnied_spec.rb
|
219
206
|
- spec/right_on_spec.rb
|
220
207
|
- spec/role_model_spec.rb
|
221
208
|
- spec/schema.rb
|
@@ -250,6 +237,7 @@ specification_version: 4
|
|
250
237
|
summary: Set of extensions to core rails to give rights and roles.
|
251
238
|
test_files:
|
252
239
|
- spec/action_controller_extensions_spec.rb
|
240
|
+
- spec/permission_defnied_spec.rb
|
253
241
|
- spec/right_on_spec.rb
|
254
242
|
- spec/role_model_spec.rb
|
255
243
|
- spec/schema.rb
|
@@ -1,56 +0,0 @@
|
|
1
|
-
module RightOn
|
2
|
-
module RestrictedByRight
|
3
|
-
|
4
|
-
def self.included(base)
|
5
|
-
base.extend(ClassMethods)
|
6
|
-
end
|
7
|
-
|
8
|
-
module ClassMethods
|
9
|
-
def restricted_by_right(options = {})
|
10
|
-
options ||= {}
|
11
|
-
group = options.fetch(:group, 'other')
|
12
|
-
|
13
|
-
@right_on_config ||= {}
|
14
|
-
@right_on_config[:restricted_by_right_group] = group
|
15
|
-
|
16
|
-
Right.associate_group(self, group)
|
17
|
-
|
18
|
-
class << self
|
19
|
-
def accessible_to(user)
|
20
|
-
all.select{|o| user.rights.include?(o.right)}
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
include InstanceMethods
|
25
|
-
|
26
|
-
belongs_to :right, :class_name => 'RightOn::Right'
|
27
|
-
before_create :create_access_right!
|
28
|
-
after_destroy :destroy_access_right!
|
29
|
-
end
|
30
|
-
|
31
|
-
def restricted_by_right_group
|
32
|
-
(@right_on_config || {})[:restricted_by_right_group]
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
module InstanceMethods
|
37
|
-
|
38
|
-
private
|
39
|
-
|
40
|
-
def create_access_right!
|
41
|
-
right_name = "#{self.class.name.titleize}: #{name}"
|
42
|
-
self.right = find_right(right_name) || Right.create!(:name => right_name)
|
43
|
-
end
|
44
|
-
|
45
|
-
def find_right(name)
|
46
|
-
Right.find_by(:name => name)
|
47
|
-
end
|
48
|
-
|
49
|
-
def destroy_access_right!
|
50
|
-
self.right.try(:destroy)
|
51
|
-
end
|
52
|
-
|
53
|
-
end
|
54
|
-
|
55
|
-
end
|
56
|
-
end
|