rokku 0.5.0 → 0.7.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +35 -8
- data/bin/rokku +4 -0
- data/lib/rokku/commands/commands.rb +98 -32
- data/lib/rokku/version.rb +1 -1
- data/lib/rokku.rb +10 -3
- data/rokku.gemspec +2 -2
- metadata +8 -5
- data/lib/rokku/policy_generator/policy_generator.rb +0 -62
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de9fd9e92bfea55153e2a5cc08a19f6c9f1e6a6e8955ff5f6949cbe3bf689bb2
|
4
|
+
data.tar.gz: be746224f675cdbe8bbc2058ab7d1fcf1c18c9d04a9a5ef2557060ed3fdfcad5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f1f9f9c33fa1b2c888380a4034eaa3473d25d7b30cbc55c9bbd627bcbcedbdb8af5d7ae63e6fa4e4429f6854cd22315eedff9dce7ff7b5f5caee910c5846ae8f
|
7
|
+
data.tar.gz: 0ad532c9440192d8a6a804a6a9d367674a85770cb286a3d343f09fa84f84747396a95c1f92d5cb9a663db3c8d1187cd15b1100ffb85a150340f93ee588a63de3
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
# Rokku
|
2
2
|
|
3
|
-
[![Join the chat at https://gitter.im/sebastjan-hribar/rokku](https://badges.gitter.im/sebastjan-hribar/rokku.svg)](https://gitter.im/sebastjan-hribar/rokku?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Gem Version](https://badge.fury.io/rb/rokku.svg)](https://badge.fury.io/rb/rokku)
|
3
|
+
[![Join the chat at https://gitter.im/sebastjan-hribar/rokku](https://badges.gitter.im/sebastjan-hribar/rokku.svg)](https://gitter.im/sebastjan-hribar/rokku?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Gem Version](https://badge.fury.io/rb/rokku.svg)](https://badge.fury.io/rb/rokku)
|
4
4
|
|
5
5
|
Rokku (ロック - lock) offers authorization for [Hanami web applications](http://hanamirb.org/).
|
6
6
|
|
@@ -36,6 +36,12 @@ end
|
|
36
36
|
|
37
37
|
## Usage
|
38
38
|
|
39
|
+
### Role based authorization
|
40
|
+
|
41
|
+
#### Prerequisites
|
42
|
+
The current user must be stored in the `@user` variable and must have the attribute of `roles`. Rokku supports `roles` both as a type of `Array` and `String`.
|
43
|
+
For example, the `@user.roles` could either be a simple string like 'admin' or an array of roles like `['level_1', 'level_2', 'level_3']`.
|
44
|
+
|
39
45
|
```ruby
|
40
46
|
rokku -n mightyPoster -p post
|
41
47
|
```
|
@@ -46,25 +52,46 @@ Each application will have its own `app/policies` folders.
|
|
46
52
|
**The command must be run in the project root folder.**
|
47
53
|
|
48
54
|
Once the file is generated, the authorized roles variables in the initialize block for required actions need to be uncommented and supplied with specific roles.
|
49
|
-
|
50
|
-
Then we can check if a user is authorized:
|
55
|
+
For example:
|
51
56
|
|
52
57
|
```ruby
|
53
|
-
|
58
|
+
# @authorized_roles_for_show = []
|
59
|
+
# @authorized_roles_for_index = []
|
60
|
+
# @authorized_roles_for_edit = []
|
61
|
+
@authorized_roles_for_update = ['admin']
|
54
62
|
```
|
55
63
|
|
64
|
+
Then we can check if a user is authorized for the `mightyPoster` application, `Post` controller and `Update`action.
|
56
65
|
|
57
|
-
|
66
|
+
```ruby
|
67
|
+
authorized?("mightyposter", "post", "update")
|
68
|
+
```
|
58
69
|
|
59
|
-
|
60
|
-
- Add generators for adding authorization rules to existing policies.
|
70
|
+
A complete example of using Rokku in a Hanami 1.3 applications is available [here](https://sebastjan-hribar.github.io/programming/2022/01/08/rokku-with-hanami.html).
|
61
71
|
|
62
72
|
|
63
73
|
### Changelog
|
64
74
|
|
75
|
+
#### 0.7.0
|
76
|
+
|
77
|
+
* Policies are now scoped under application module so it is possible to have two `Dashboard` policies for two different applications.
|
78
|
+
* Readme update.
|
79
|
+
|
80
|
+
#### 0.6.0
|
81
|
+
|
82
|
+
* Change to accept a string or an array as roles.
|
83
|
+
* Refactored tests.
|
84
|
+
* Added `commands.rb`to `bin/rokku`.
|
85
|
+
* Small style changes.
|
86
|
+
|
87
|
+
#### 0.5.1
|
88
|
+
|
89
|
+
* Readme update
|
90
|
+
* Refactored tests
|
91
|
+
|
65
92
|
#### 0.5.0
|
66
93
|
|
67
|
-
Move from Tachiban
|
94
|
+
* Move from Tachiban
|
68
95
|
|
69
96
|
|
70
97
|
## Development
|
data/bin/rokku
ADDED
@@ -1,41 +1,107 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
1
|
require 'optparse'
|
3
|
-
|
2
|
+
require 'fileutils'
|
4
3
|
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
4
|
+
module Commands
|
5
|
+
def self.run
|
6
|
+
options = {}
|
7
|
+
optparse = OptionParser.new do |opts|
|
8
|
+
opts.banner = "\nHanami authorization policy generator
|
9
|
+
Usage: rokku -n myapp -p user
|
10
|
+
Flags:
|
11
|
+
\n"
|
11
12
|
|
12
|
-
|
13
|
-
|
14
|
-
|
13
|
+
opts.on("-n", "--app_name APP", "Specify the application name for the policy") do |app_name|
|
14
|
+
options[:app_name] = app_name
|
15
|
+
end
|
15
16
|
|
16
|
-
|
17
|
-
|
18
|
-
|
17
|
+
opts.on("-p", "--policy POLICY", "Specify the policy name") do |policy|
|
18
|
+
options[:policy] = policy
|
19
|
+
end
|
20
|
+
|
21
|
+
opts.on("-h", "--help", "Displays help") do
|
22
|
+
puts opts
|
23
|
+
exit
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
begin
|
28
|
+
optparse.parse!
|
29
|
+
puts "Add flag -h or --help to see usage instructions." if options.empty?
|
30
|
+
mandatory = [:app_name, :policy]
|
31
|
+
missing = mandatory.select{ |arg| options[arg].nil? }
|
32
|
+
unless missing.empty?
|
33
|
+
raise OptionParser::MissingArgument.new(missing.join(', '))
|
34
|
+
end
|
35
|
+
rescue OptionParser::InvalidOption, OptionParser::MissingArgument
|
36
|
+
puts $!.to_s
|
37
|
+
puts optparse
|
38
|
+
exit
|
39
|
+
end
|
19
40
|
|
20
|
-
|
21
|
-
|
22
|
-
exit
|
41
|
+
puts "Performing task with options: #{options.inspect}"
|
42
|
+
generate_policy("#{options[:app_name]}", "#{options[:policy]}") if options[:policy]
|
23
43
|
end
|
24
|
-
end
|
25
44
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
45
|
+
private
|
46
|
+
# The generate_policy method creates the policy file for specified
|
47
|
+
# application and controller. By default all actions to check against
|
48
|
+
# are commented out.
|
49
|
+
# Uncomment the needed actions and define appropriate user roles.
|
50
|
+
|
51
|
+
def self.generate_policy(app_name, controller_name)
|
52
|
+
app_name = app_name.downcase.capitalize
|
53
|
+
controller = controller_name.downcase.capitalize
|
54
|
+
policy_txt = <<-TXT
|
55
|
+
module #{app_name}
|
56
|
+
class #{controller}Policy
|
57
|
+
def initialize(roles)
|
58
|
+
@user_roles = roles
|
59
|
+
# Uncomment the required roles and add the
|
60
|
+
# appropriate user role to the @authorized_roles* array.
|
61
|
+
# @authorized_roles_for_new = []
|
62
|
+
# @authorized_roles_for_create = []
|
63
|
+
# @authorized_roles_for_show = []
|
64
|
+
# @authorized_roles_for_index = []
|
65
|
+
# @authorized_roles_for_edit = []
|
66
|
+
# @authorized_roles_for_update = []
|
67
|
+
# @authorized_roles_for_destroy = []
|
68
|
+
end
|
69
|
+
|
70
|
+
def new?
|
71
|
+
(@authorized_roles_for_new & @user_roles).any?
|
72
|
+
end
|
73
|
+
|
74
|
+
def create?
|
75
|
+
(@authorized_roles_for_create & @user_roles).any?
|
76
|
+
end
|
77
|
+
|
78
|
+
def show?
|
79
|
+
(@authorized_roles_for_show & @user_roles).any?
|
80
|
+
end
|
81
|
+
|
82
|
+
def index?
|
83
|
+
(@authorized_roles_for_index & @user_roles).any?
|
84
|
+
end
|
85
|
+
|
86
|
+
def edit?
|
87
|
+
(@authorized_roles_for_edit & @user_roles).any?
|
88
|
+
end
|
89
|
+
|
90
|
+
def update?
|
91
|
+
(@authorized_roles_for_update & @user_roles).any?
|
92
|
+
end
|
93
|
+
|
94
|
+
def destroy?
|
95
|
+
(@authorized_roles_for_destroy & @user_roles).any?
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
99
|
+
TXT
|
100
|
+
|
101
|
+
FileUtils.mkdir_p "lib/#{app_name.downcase}/policies" unless File.directory?("lib/#{app_name.downcase}/policies")
|
102
|
+
unless File.file?("lib/#{app_name.downcase}/policies/#{controller}Policy.rb")
|
103
|
+
File.open("lib/#{app_name.downcase}/policies/#{controller}Policy.rb", 'w') { |file| file.write(policy_txt) }
|
104
|
+
end
|
105
|
+
puts("Generated policy: lib/#{app_name.downcase}/policies/#{controller}Policy.rb") if File.file?("lib/#{app_name.downcase}/policies/#{controller}Policy.rb")
|
33
106
|
end
|
34
|
-
rescue OptionParser::InvalidOption, OptionParser::MissingArgument
|
35
|
-
puts $!.to_s
|
36
|
-
puts optparse
|
37
|
-
exit
|
38
107
|
end
|
39
|
-
|
40
|
-
puts "Performing task with options: #{options.inspect}"
|
41
|
-
generate_policy("#{options[:app_name]}", "#{options[:policy]}") if options[:policy]
|
data/lib/rokku/version.rb
CHANGED
data/lib/rokku.rb
CHANGED
@@ -10,10 +10,17 @@ module Hanami
|
|
10
10
|
# and permission to access the action. It returns true or false and
|
11
11
|
# provides the basis for further actions in either case.
|
12
12
|
#
|
13
|
-
# Example: redirect_to "/" unless authorized?("
|
13
|
+
# Example: redirect_to "/" unless authorized?("post", create")
|
14
14
|
|
15
|
-
def authorized?(
|
16
|
-
|
15
|
+
def authorized?(application, controller, action)
|
16
|
+
input_roles = @user.roles
|
17
|
+
roles = []
|
18
|
+
if input_roles.class == String
|
19
|
+
roles << input_roles
|
20
|
+
else
|
21
|
+
roles = input_roles
|
22
|
+
end
|
23
|
+
Object.const_get("#{application}::#{controller.downcase.capitalize}Policy").new(roles).send("#{action.downcase}?")
|
17
24
|
end
|
18
25
|
end
|
19
26
|
end
|
data/rokku.gemspec
CHANGED
@@ -20,8 +20,8 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
|
21
21
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
22
22
|
end
|
23
|
-
spec.bindir = "
|
24
|
-
spec.executables = spec.files.grep(%r{^
|
23
|
+
spec.bindir = "bin"
|
24
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
25
25
|
spec.require_paths = ["lib"]
|
26
26
|
|
27
27
|
spec.add_development_dependency "bundler", "~> 2.0"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rokku
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sebastjan Hribar
|
8
8
|
autorequire:
|
9
|
-
bindir:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-01-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -125,7 +125,10 @@ dependencies:
|
|
125
125
|
description:
|
126
126
|
email:
|
127
127
|
- sebastjan.hribar@gmail.com
|
128
|
-
executables:
|
128
|
+
executables:
|
129
|
+
- console
|
130
|
+
- rokku
|
131
|
+
- setup
|
129
132
|
extensions: []
|
130
133
|
extra_rdoc_files: []
|
131
134
|
files:
|
@@ -138,10 +141,10 @@ files:
|
|
138
141
|
- README.md
|
139
142
|
- Rakefile
|
140
143
|
- bin/console
|
144
|
+
- bin/rokku
|
141
145
|
- bin/setup
|
142
146
|
- lib/rokku.rb
|
143
147
|
- lib/rokku/commands/commands.rb
|
144
|
-
- lib/rokku/policy_generator/policy_generator.rb
|
145
148
|
- lib/rokku/version.rb
|
146
149
|
- rokku.gemspec
|
147
150
|
homepage: https://github.com/sebastjan-hribar/rokku
|
@@ -1,62 +0,0 @@
|
|
1
|
-
require 'fileutils'
|
2
|
-
|
3
|
-
require 'hanami/controller'
|
4
|
-
require 'hanami/action/session'
|
5
|
-
|
6
|
-
module Hanami
|
7
|
-
module Rokku
|
8
|
-
private
|
9
|
-
# The generate_policy method creates the policy file for specified
|
10
|
-
# application and controller. By default all actions to check against
|
11
|
-
# are commented out.
|
12
|
-
# Uncomment the needed actions and define appropriate user role.
|
13
|
-
|
14
|
-
def generate_policy(app_name, controller_name)
|
15
|
-
app_name = app_name
|
16
|
-
controller = controller_name.downcase.capitalize
|
17
|
-
policy_txt = <<-TXT
|
18
|
-
class #{controller}Policy
|
19
|
-
def initialize(role)
|
20
|
-
@user_role = role
|
21
|
-
# Uncomment the required roles and add the
|
22
|
-
# appropriate user role to the @authorized_roles* array.
|
23
|
-
# @authorized_roles_for_new = []
|
24
|
-
# @authorized_roles_for_create = []
|
25
|
-
# @authorized_roles_for_show = []
|
26
|
-
# @authorized_roles_for_index = []
|
27
|
-
# @authorized_roles_for_edit = []
|
28
|
-
# @authorized_roles_for_update = []
|
29
|
-
# @authorized_roles_for_destroy = []
|
30
|
-
end
|
31
|
-
def new?
|
32
|
-
@authorized_roles_for_new.include? @user_role
|
33
|
-
end
|
34
|
-
def create?
|
35
|
-
@authorized_roles_for_create.include? @user_role
|
36
|
-
end
|
37
|
-
def show?
|
38
|
-
@authorized_roles_for_show.include? @user_role
|
39
|
-
end
|
40
|
-
def index?
|
41
|
-
@authorized_roles_for_index.include? @user_role
|
42
|
-
end
|
43
|
-
def edit?
|
44
|
-
@authorized_roles_for_edit.include? @user_role
|
45
|
-
end
|
46
|
-
def update?
|
47
|
-
@authorized_roles_for_update.include? @user_role
|
48
|
-
end
|
49
|
-
def destroy?
|
50
|
-
@authorized_roles_for_destroy.include? @user_role
|
51
|
-
end
|
52
|
-
end
|
53
|
-
TXT
|
54
|
-
|
55
|
-
FileUtils.mkdir_p "lib/#{app_name}/policies" unless File.directory?("lib/#{app_name}/policies")
|
56
|
-
unless File.file?("lib/#{app_name}/policies/#{controller}Policy.rb")
|
57
|
-
File.open("lib/#{app_name}/policies/#{controller}Policy.rb", 'w') { |file| file.write(policy_txt) }
|
58
|
-
end
|
59
|
-
puts("Generated policy: lib/#{app_name}/policies/#{controller}Policy.rb") if File.file?("lib/#{app_name}/policies/#{controller}Policy.rb")
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|