right_on 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 47a774795b314e80b1177664e0cd976febaa14c1
-  data.tar.gz: cf508fd4630a43d912fd91a9d9b1efa3b7167fdf
+SHA256:
+  metadata.gz: 3ed9eb070b0aac90604d39af448f24eb80f69d1c7b43e70262ff163ebeb9b414
+  data.tar.gz: 5645724ce29fb1167685bb8413b73c487313bd4c285d16ff879043eac3b5dc4b
 SHA512:
-  metadata.gz: d43bab3c7da9f1b0828b15f1ec2e1c8101d2dfa9d39e36cc2915fbb09af250a8cd86582e940bf743ff06a4b20ccbd3347f1d7f528da5cc6b21f21a1741794478
-  data.tar.gz: abb42ecc1c3d731988a07b007a87d2bb7088550cab5627835b5426bc806e239b068b04c1bd91dc53e07562f463c671c2b78c8edf7e50d9fd825a79549d5eb419
+  metadata.gz: de53dd0a3448bc3ed57e1621b179a4333c63f976f240f88812e0639c8cd7478ca10efef8cd3df2660ece487e9409f459e14147455d86a89590028c3588c7a8d5
+  data.tar.gz: 0c8836a459c9073b6b38d01efcbc5ca6e533405dc6efde62f462eba10cf8920fe1ba20c29c3703d647a9399cbaedcc68de34f392911c983776e0b0d53676f8c6

data/.hound.yml

@@ -0,0 +1,2 @@
+ruby:
+  config_file: .rubocop.yml

data/.rubocop.yml

@@ -0,0 +1,5 @@
+Style/StringLiterals:
+  EnforcedStyle: single_quotes
+  SupportedStyles:
+    - single_quotes
+    - double_quotes

data/.travis.yml

@@ -1,11 +1,14 @@
 language: ruby
 rvm:
-  - 2.3.0
+  - 2.3
+  - 2.4
+  - 2.5
 script: "bundle exec rake spec"
 gemfile:
-  - gemfiles/rails3.gemfile
   - gemfiles/rails4.gemfile
   - gemfiles/rails5.gemfile
+# fix ruby 2.5 issue - https://github.com/travis-ci/travis-ci/issues/9333
+before_install: gem install bundler
 notifications:
   email:
     - support@travellink.com.au

data/CHANGELOG.md

@@ -5,6 +5,19 @@ This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
 
 ## Unreleased
 
+## 0.4.0
+
+### Improved
+- Improve tests for RightOn::ByGroup
+- Internal improvement of RightOn::ByGroup
+- Internal extraction of 'allowed?' feature for failure message
+- CanCanRight functionality merged into RightOn
+- Cleanup of CanCanRight/RightOn merge
+
+### Fixed
+- [TT-3352] Ensure roles currently in use cannot be deleted
+- Also dropped rails 3 support due to above
+
 ## 0.3.0
 
 ### Fixed

data/db/migration.rb

@@ -1,23 +1,23 @@
 class RightOnMigration < ActiveRecord::Migration
   def self.change
     create_table :rights do |t|
-      t.string :name, :controller, :action, :limit => 150
+      t.string :name, :controller, :action, limit: 150
       t.timestamps
     end
 
     change_table :rights do |t|
       t.index :action
       t.index :name
-      t.index [:controller, :action]
+      t.index %i[controller action]
     end
 
-    create_table :rights_roles, :id => false do |t|
-      t.integer :right_id, :role_id
+    create_table :rights_roles, id: false do |t|
+      t.integer %i[right_id role_id]
     end
 
     change_table :rights_roles do |t|
-      t.index [:right_id, :role_id]
-      t.index [:role_id, :right_id]
+      t.index %i[right_id role_id]
+      t.index %i[role_id right_id]
     end
 
     create_table :roles do |t|

data/lib/right_on.rb

@@ -4,5 +4,12 @@ module RightOn
   require 'rails'
   require 'right_on/railtie'
   require 'right_on/rights_manager'
-end
 
+  def self.rights_yaml(file_path = nil)
+    if file_path
+      @rights_yaml = file_path
+    else
+      @rights_yaml
+    end
+  end
+end

data/lib/right_on/ability.rb

@@ -0,0 +1,9 @@
+module RightOn
+  module Ability
+    include CanCan::Ability
+
+    private def add_rule_for(right)
+      add_rule(RightOn::Rule.rule_for(right))
+    end
+  end
+end

data/lib/right_on/by_group.rb

@@ -1,23 +1,24 @@
 module RightOn
   class ByGroup
+    def self.rights
+      new.by_groups
+    end
+
     def initialize
       @rights_by_name = Hash[Right.all.map{|r| [r.name, r]}]
     end
 
     def by_groups
-      rights = regular_rights_with_group
-      rights += (Right.all - rights)
-      rights.group_by(&:group)
+      yaml_rights.each_pair.with_object({}) do |(group, right_names), hash|
+        hash[group] = right_names
+          .flat_map { |right_name| right_name_to_rights(right_name) }
+      end
     end
 
     private
 
-    def regular_rights_with_group
-      RightOn::Right.yaml_rights.each_pair.flat_map do |group, right_names|
-        right_names
-          .flat_map { |right_name| right_name_to_rights(right_name) }
-          .each { |r| r.group = group }
-      end
+    def yaml_rights
+      YAML.load_file(RightOn.rights_yaml)['rights']
     end
 
     def right_name_to_rights(right_name)
@@ -41,7 +42,9 @@ module RightOn
     end
 
     def rights_by_name!(name)
-      @rights_by_name[name] or fail name.inspect
+      @rights_by_name[name] or fail RightOn::RightNotFound, name.inspect
     end
   end
+
+  RightNotFound = Class.new(RightOn::Error)
 end

data/lib/right_on/controller_additions.rb

@@ -0,0 +1,52 @@
+module RightOn
+  module ControllerAdditions
+    def self.included(base)
+      base.module_eval do
+        class_attribute :rights_from
+        class_attribute :permission_denied_layout
+      end
+    end
+
+    private
+
+    def authorize_action!
+      controller = (self.rights_from || params[:controller]).to_s
+      action = params[:action].to_s
+
+      return if can_access_controller_action?(controller, action)
+
+      fail CanCan::AccessDenied, "You are not authorized to access this page."
+    end
+
+    def can_access_controller_action?(controller, action)
+      (can?(:access, controller) && !Right.where(ccr_subject: controller + '#' + action).exists?) ||
+        can?(:access, controller + '#' + action)
+    end
+
+    def access_granted?
+      can? :access, [params[:controller], params[:action]].join('#')
+    end
+
+    def rescue_access_denied(exception)
+      @permission_denied_response = RightOn::PermissionDeniedResponse.new(params, controller_action_options)
+
+      respond_to do |format|
+        format.html do
+          render status:   :unauthorized,
+                 template: 'permission_denied',
+                 layout:   ( permission_denied_layout || false )
+        end
+
+        format.json do
+          render status: :unauthorized, json: @permission_denied_response.to_json
+        end
+      end
+    end
+
+    def controller_action_options
+      opts = params.slice(:controller, :action)
+      opts[:controller] = rights_from.to_s if rights_from
+      opts
+    end
+  end
+end

data/lib/right_on/error.rb

@@ -0,0 +1,3 @@
+module RightOn
+  class Error < StandardError; end
+end

data/lib/right_on/permission_denied_response.rb

@@ -4,7 +4,8 @@ module RightOn
 
     def initialize(params, controller_action_options)
       @params = params
-      @right_allowed = Right.all.detect{|right| right.allowed?(controller_action_options)}
+      allower = RightAllowed.new(controller_action_options[:controller], controller_action_options[:action])
+      @right_allowed = RightOn::Right.all.detect { |right| allower.allowed?(right) }
       @roles_allowed = @right_allowed.roles if @right_allowed
       @controller_name = @params[:controller] unless @right_allowed
     end

data/lib/right_on/rails.rb

@@ -1,6 +1,11 @@
 require 'right_on/role_model'
+require 'right_on/ability'
+require 'right_on/rule'
+require 'right_on/error'
 require 'right_on/right'
 require 'right_on/role'
+require 'right_on/right_allowed'
 require 'right_on/by_group'
-require 'right_on/action_controller_extensions'
+require 'cancan/exceptions'
+require 'right_on/controller_additions'
 require 'right_on/permission_denied_response'

data/lib/right_on/right.rb

@@ -10,70 +10,8 @@ module RightOn
 
     scope :ordered, -> { order :name }
 
-    after_save :clear_cache
-    after_destroy :clear_cache
-
-    attr_accessor :group
-
-    class << self
-      def rights_yaml(file_path)
-        @@rights_yaml = file_path
-      end
-
-      def by_groups
-        RightOn::ByGroup.new.by_groups
-      end
-
-      def yaml_rights
-        YAML::load_file(@@rights_yaml)['rights']
-      end
-    end
-
-    # Is this right allowed for the given context?
-    #
-    # Context params is an option hash:
-    #   :controller => controller name
-    #   :action     => action name
-    #
-    # The context tells us the state of the request being made.
-
-    def allowed?(context={})
-      return false unless controller == context[:controller]
-      if action
-        action_permitted?(context[:action])
-      else
-        # right without action works if no specific right exists
-        # e.g. can't edit if there's a edit or change right defined
-        # as you must used that specific right
-        specific_rights = Array(APPLICABLE_RIGHTS[context[:action].to_sym]) + [context[:action]]
-        specific_rights.all?{|action| Right["#{context[:controller]}##{action}"].nil?}
-      end
-    end
-
-    APPLICABLE_RIGHTS = {
-      :new     => [:change],
-      :edit    => [:change],
-      :update  => [:change],
-      :create  => [:change],
-      :destroy => [:change],
-      :index   => [:change, :view],
-      :show    => [:change, :view]
-    }
-
-    CHANGE_ACTIONS = %w(new edit update create destroy index show)
-
-    VIEW_ACTIONS = %w(index show)
-
-    def action_permitted?(context_action)
-      case action.to_sym
-      when :change
-        CHANGE_ACTIONS.include?(context_action)
-      when :view
-        VIEW_ACTIONS.include?(context_action)
-      else
-        action == context_action
-      end
-    end
+    after_save { RightOn::RightAllowed.clear_cache }
+    after_destroy { RightOn::RightAllowed.clear_cache }
 
     def sensible_name
       name.humanize.titleize.gsub(/#/, ' - ')
@@ -82,35 +20,5 @@ module RightOn
     def to_s
       name
     end
-
-    def self.cache
-      @@cache ||= Rails.cache
-    end
-
-    def self.cache=(cache)
-      @@cache = cache
-    end
-
-    def self.clear_cache
-      cache.delete('Right.all')
-    end
-
-    def clear_cache
-      self.class.clear_cache
-    end
-
-    attr_accessor :rights
-    def self.[](name)
-      @rights = cache.read('Right.all') || calculate_and_write_cache
-      @rights[name]
-    end
-
-    private
-    def self.calculate_and_write_cache
-      right_cache = Hash[Right.all.map{|r|[r.name, r.id]}]
-      cache.write('Right.all', right_cache) or raise RuntimeError, "Could not cache rights"
-      right_cache
-    end
-
   end
 end

data/lib/right_on/right_allowed.rb

@@ -0,0 +1,71 @@
+module RightOn
+  class RightAllowed
+    def initialize(controller, action)
+      @controller = controller
+      @action = action
+    end
+
+    def allowed?(right)
+      return false unless right.controller == @controller
+      if right.action
+        action_permitted?(right.action)
+      else
+        # right without action works if no specific right exists
+        # e.g. can't edit if there's a edit or change right defined
+        # as you must used that specific right
+        specific_rights = Array(APPLICABLE_RIGHTS[@action.to_sym]) + [@action]
+        specific_rights.all?{|action| self.class["#{@controller}##{action}"].nil?}
+      end
+    end
+
+    APPLICABLE_RIGHTS = {
+      :new     => [:change],
+      :edit    => [:change],
+      :update  => [:change],
+      :create  => [:change],
+      :destroy => [:change],
+      :index   => [:change, :view],
+      :show    => [:change, :view]
+    }
+
+    CHANGE_ACTIONS = %w(new edit update create destroy index show)
+
+    VIEW_ACTIONS = %w(index show)
+
+    def action_permitted?(action)
+      case action.to_sym
+      when :change
+        CHANGE_ACTIONS.include?(@action)
+      when :view
+        VIEW_ACTIONS.include?(@action)
+      else
+        action == @action
+      end
+    end
+
+    def self.cache
+      @@cache ||= Rails.cache
+    end
+
+    def self.cache=(cache)
+      @@cache = cache
+    end
+
+    def self.clear_cache
+      cache.delete('Right.all')
+    end
+
+    attr_accessor :rights
+    def self.[](name)
+      @rights = cache.read('Right.all') || calculate_and_write_cache
+      @rights[name]
+    end
+
+    private
+    def self.calculate_and_write_cache
+      right_cache = Hash[RightOn::Right.all.map{|r|[r.name, r.id]}]
+      cache.write('Right.all', right_cache) or raise RuntimeError, "Could not cache rights"
+      right_cache
+    end
+  end
+end

data/lib/right_on/role_model.rb

@@ -1,16 +1,13 @@
 module RightOn
   module RoleModel
     def self.included(base)
-      base.module_eval 'has_and_belongs_to_many :roles, :class_name => "RightOn::Role"'
-      Role.module_eval "has_and_belongs_to_many :#{base.table_name}"
-    end
-
-    def rights
-      @rights ||=
-        Right
-          .select('distinct rights.*')
-          .joins(:roles)
-          .where('rights_roles.role_id IN (?)', role_ids)
+      base.module_eval do
+        has_and_belongs_to_many :roles, class_name: 'RightOn::Role'
+        has_many :rights, through: :roles, class_name: 'RightOn::Right'
+      end
+      Role.module_eval do
+        has_and_belongs_to_many base.table_name.to_sym, dependent: :restrict
+      end
     end
 
     def has_privileges_of?(other_user)