ruolo 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +5 -0
- data/.rspec +1 -0
- data/.rubocop.yml +6 -0
- data/.rubocop_todo.yml +53 -0
- data/.travis.yml +26 -0
- data/CHANGELOG.md +6 -0
- data/README.md +15 -3
- data/bin/console +23 -71
- data/lib/ruolo/configuration.rb +22 -1
- data/lib/ruolo/models/permission.rb +16 -0
- data/lib/ruolo/models/role.rb +16 -0
- data/lib/ruolo/models/user.rb +21 -0
- data/lib/ruolo/models.rb +14 -0
- data/lib/ruolo/sync.rb +42 -0
- data/lib/ruolo/version.rb +15 -1
- data/lib/ruolo.rb +31 -1
- data/ruolo.gemspec +10 -1
- metadata +122 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3366759c1da52afa0c58dfc5c4778868b4fba8ff7b1f3a29cbd0a7580306e3af
|
4
|
+
data.tar.gz: 8bb57e581742d56a7259880eb33998eb042a6ef5a1df4b230072c7e923dbe991
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6bc881521a3481e12b107b14e611140cf47abcb508438b296167030aad9bf411983f7ad7765ce2f58eb754a07df8e9570f6bc14baf98e95cde2e0a713d5b095c
|
7
|
+
data.tar.gz: 2aad3aed99d638fe0e46544a462342533d8e70392b552310fa7f209047905307715819f028d9a89650f949ad625e867c45e959d8b7c7c32231bc85aa25e91067
|
data/.gitignore
CHANGED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--require spec_helper
|
data/.rubocop.yml
CHANGED
data/.rubocop_todo.yml
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
# This configuration was generated by
|
2
|
+
# `rubocop --auto-gen-config`
|
3
|
+
# on 2019-09-11 16:19:35 -0400 using RuboCop version 0.74.0.
|
4
|
+
# The point is for the user to remove these configuration records
|
5
|
+
# one by one as the offenses are removed from the code base.
|
6
|
+
# Note that changes in the inspected code, or installation of new
|
7
|
+
# versions of RuboCop, may require this file to be generated again.
|
8
|
+
|
9
|
+
# Offense count: 1
|
10
|
+
Metrics/AbcSize:
|
11
|
+
Max: 22
|
12
|
+
|
13
|
+
# Offense count: 7
|
14
|
+
# Configuration parameters: CountComments, ExcludedMethods.
|
15
|
+
# ExcludedMethods: refine
|
16
|
+
Metrics/BlockLength:
|
17
|
+
Max: 87
|
18
|
+
|
19
|
+
# Offense count: 1
|
20
|
+
# Configuration parameters: CountComments, ExcludedMethods.
|
21
|
+
Metrics/MethodLength:
|
22
|
+
Max: 12
|
23
|
+
|
24
|
+
# Offense count: 6
|
25
|
+
RSpec/BeforeAfterAll:
|
26
|
+
Exclude:
|
27
|
+
- 'spec/spec_helper.rb'
|
28
|
+
- 'spec/rails_helper.rb'
|
29
|
+
- 'spec/support/**/*.rb'
|
30
|
+
- 'spec/ruolo/models/permission_spec.rb'
|
31
|
+
- 'spec/ruolo/models/role_spec.rb'
|
32
|
+
- 'spec/ruolo/models/user_spec.rb'
|
33
|
+
- 'spec/ruolo/sync_spec.rb'
|
34
|
+
- 'spec/ruolo_spec.rb'
|
35
|
+
|
36
|
+
# Offense count: 6
|
37
|
+
RSpec/RepeatedExample:
|
38
|
+
Exclude:
|
39
|
+
- 'spec/ruolo/sync_spec.rb'
|
40
|
+
|
41
|
+
# Offense count: 1
|
42
|
+
Style/Documentation:
|
43
|
+
Exclude:
|
44
|
+
- 'spec/**/*'
|
45
|
+
- 'test/**/*'
|
46
|
+
- 'bin/console'
|
47
|
+
|
48
|
+
# Offense count: 21
|
49
|
+
# Cop supports --auto-correct.
|
50
|
+
# Configuration parameters: AutoCorrect, AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
|
51
|
+
# URISchemes: http, https
|
52
|
+
Metrics/LineLength:
|
53
|
+
Max: 146
|
data/.travis.yml
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
---
|
2
|
+
sudo: false
|
3
|
+
|
4
|
+
language: ruby
|
5
|
+
rvm:
|
6
|
+
- 2.5
|
7
|
+
- 2.6
|
8
|
+
|
9
|
+
services:
|
10
|
+
- postgresql
|
11
|
+
|
12
|
+
before_script:
|
13
|
+
- psql -c 'create database ruolo;' -U postgres
|
14
|
+
|
15
|
+
before_install:
|
16
|
+
- gem update --system
|
17
|
+
- gem install bundler
|
18
|
+
- gem --version
|
19
|
+
|
20
|
+
script:
|
21
|
+
- bundle exec rubocop
|
22
|
+
- bundle exec rspec
|
23
|
+
- bundle exec yard
|
24
|
+
|
25
|
+
notifications:
|
26
|
+
email: false
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,12 @@
|
|
3
3
|
This file keeps track of changes between releases for the ruolo project
|
4
4
|
which adheres to [semantic versioning](https://semver.org).
|
5
5
|
|
6
|
+
## v0.2.0 2019-09-11
|
7
|
+
|
8
|
+
Initial cleanup of original code: add tests and documentation.
|
9
|
+
|
10
|
+
* Drop support for ruby 2.4.x.
|
11
|
+
|
6
12
|
## v0.1.0 2019-08-25
|
7
13
|
|
8
14
|
Initial release.
|
data/README.md
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
# Ruolo
|
2
2
|
|
3
|
+
[![Build Status](https://travis-ci.org/mfinelli/ruolo.svg?branch=master)](https://travis-ci.org/mfinelli/ruolo)
|
4
|
+
[![Coverage Status](https://coveralls.io/repos/github/mfinelli/ruolo/badge.svg?branch=master)](https://coveralls.io/github/mfinelli/ruolo?branch=master)
|
5
|
+
[![Inline docs](http://inch-ci.org/github/mfinelli/ruolo.svg?branch=master)](http://inch-ci.org/github/mfinelli/ruolo)
|
6
|
+
|
3
7
|
A library for generating and keeping your static role-based access-control
|
4
8
|
policies in sync with your database using the
|
5
9
|
[sequel](https://github.com/jeremyevans/sequel) gem.
|
@@ -40,7 +44,6 @@ Sequel.migration do
|
|
40
44
|
primary_key :id, type: :Bignum
|
41
45
|
|
42
46
|
column :name, String, null: false, size: 150, unique: true
|
43
|
-
column :description, String
|
44
47
|
|
45
48
|
column :created_at, DateTime, null: false
|
46
49
|
column :updated_at, DateTime, null: false
|
@@ -52,7 +55,6 @@ Sequel.migration do
|
|
52
55
|
primary_key :id, type: :Bignum
|
53
56
|
|
54
57
|
column :name, String, null: false, size: 150, unique: true
|
55
|
-
column :description, String
|
56
58
|
|
57
59
|
column :created_at, DateTime, null: false
|
58
60
|
column :updated_at, DateTime, null: false
|
@@ -95,6 +97,7 @@ end
|
|
95
97
|
module YourApp
|
96
98
|
class User < Sequel::Model
|
97
99
|
include Ruolo::Models::User
|
100
|
+
plugin :timestamps, update_on_create: true
|
98
101
|
many_to_many :roles, join_table: :users_roles, class: 'Ruolo::Models::Role'
|
99
102
|
end
|
100
103
|
end
|
@@ -131,7 +134,7 @@ Ruolo.configure do |config|
|
|
131
134
|
config.connection = DB
|
132
135
|
end
|
133
136
|
|
134
|
-
Ruolo.
|
137
|
+
Ruolo.synchronize!('./path/to/policy.yml')
|
135
138
|
```
|
136
139
|
|
137
140
|
## Gem Development
|
@@ -150,6 +153,15 @@ Then you can ensure everything was created correctly:
|
|
150
153
|
$ psql -U ruolo
|
151
154
|
```
|
152
155
|
|
156
|
+
You can use the `bin/console` command which will load in dependencies, and
|
157
|
+
migrate the database on load. It also provides the helper methods `reset_db!`
|
158
|
+
and `migrate_db!` if you want to run those operations manually after the code
|
159
|
+
has loaded.
|
160
|
+
|
161
|
+
```shell
|
162
|
+
$ bundle exec bin/console
|
163
|
+
```
|
164
|
+
|
153
165
|
## License
|
154
166
|
|
155
167
|
```
|
data/bin/console
CHANGED
@@ -1,6 +1,20 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
|
+
# Copyright 2019 Mario Finelli
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
4
18
|
require 'logger'
|
5
19
|
log = Logger.new($stdout)
|
6
20
|
|
@@ -9,85 +23,23 @@ DB = Sequel.connect('postgres://ruolo@localhost/ruolo')
|
|
9
23
|
|
10
24
|
DB.loggers << log
|
11
25
|
|
12
|
-
|
13
|
-
DB.
|
14
|
-
|
15
|
-
|
16
|
-
column :email, String, null: false, size: 190, unique: true
|
17
|
-
column :password, String, null: false, size: 60, fixed: true
|
18
|
-
|
19
|
-
column :first_name, String, null: false
|
20
|
-
column :last_name, String, null: false
|
21
|
-
|
22
|
-
column :created_at, DateTime, null: false
|
23
|
-
column :updated_at, DateTime, null: false
|
24
|
-
|
25
|
-
constraint(:valid_email, email: /@/)
|
26
|
-
end
|
27
|
-
rescue Sequel::DatabaseError
|
28
|
-
puts 'users table already exists'
|
29
|
-
end
|
30
|
-
|
31
|
-
begin
|
32
|
-
DB.create_table :roles do
|
33
|
-
primary_key :id, type: :Bignum
|
34
|
-
|
35
|
-
column :name, String, null: false, size: 150, unique: true
|
36
|
-
column :description, String
|
37
|
-
|
38
|
-
column :created_at, DateTime, null: false
|
39
|
-
column :updated_at, DateTime, null: false
|
40
|
-
|
41
|
-
constraint(:valid_name, name: /^[A-Z]([A-Z0-9]*[\-\._]?)*$/)
|
42
|
-
end
|
43
|
-
rescue Sequel::DatabaseError
|
44
|
-
puts 'roles table already exists'
|
45
|
-
end
|
46
|
-
|
47
|
-
begin
|
48
|
-
DB.create_table :permissions do
|
49
|
-
primary_key :id, type: :Bignum
|
50
|
-
|
51
|
-
column :name, String, null: false, size: 150, unique: true
|
52
|
-
column :description, String
|
53
|
-
|
54
|
-
column :created_at, DateTime, null: false
|
55
|
-
column :updated_at, DateTime, null: false
|
56
|
-
|
57
|
-
constraint(:valid_name, name: /^[A-Z]([A-Z0-9]*[\-\._]?)*$/)
|
58
|
-
end
|
59
|
-
rescue Sequel::DatabaseError
|
60
|
-
puts 'permissions table already exists'
|
26
|
+
def reset_db!
|
27
|
+
tables = DB.tables.map(&:to_s).map { |t| %("#{t}") }.join(',')
|
28
|
+
DB.run "DROP TABLE #{tables};" unless tables.empty?
|
61
29
|
end
|
62
30
|
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
on_update: :cascade, on_delete: :cascade
|
67
|
-
foreign_key :role_id, :roles, null: false, type: :Bignum,
|
68
|
-
on_update: :cascade, on_delete: :cascade
|
69
|
-
primary_key %i[user_id role_id]
|
70
|
-
index %i[role_id user_id]
|
71
|
-
end
|
72
|
-
rescue Sequel::DatabaseError
|
73
|
-
puts 'users/roles table already exists'
|
31
|
+
def migrate_db!
|
32
|
+
Sequel.extension :migration
|
33
|
+
Sequel::Migrator.run(DB, File.expand_path(File.join(File.dirname(__FILE__), '..', 'spec', 'fixtures', 'migrations')))
|
74
34
|
end
|
75
35
|
|
76
36
|
begin
|
77
|
-
|
78
|
-
foreign_key :role_id, :roles, null: false, type: :Bignum,
|
79
|
-
on_update: :cascade, on_delete: :cascade
|
80
|
-
foreign_key :permission_id, :permissions, null: false, type: :Bignum,
|
81
|
-
on_update: :cascade, on_delete: :cascade
|
82
|
-
primary_key %i[role_id permission_id]
|
83
|
-
index %i[permission_id role_id]
|
84
|
-
end
|
37
|
+
require 'ruolo'
|
85
38
|
rescue Sequel::DatabaseError
|
86
|
-
|
39
|
+
migrate_db!
|
40
|
+
retry
|
87
41
|
end
|
88
42
|
|
89
|
-
require 'ruolo'
|
90
|
-
|
91
43
|
Ruolo.configure do |config|
|
92
44
|
config.connection = DB
|
93
45
|
end
|
data/lib/ruolo/configuration.rb
CHANGED
@@ -1,9 +1,30 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
module Ruolo
|
18
|
+
# A class that defines all the configuration overrides.
|
4
19
|
class Configuration
|
5
|
-
|
20
|
+
# Sequel to connection to use.
|
21
|
+
attr_accessor :connection
|
22
|
+
# User class for association with ruolo models.
|
23
|
+
attr_accessor :user_class
|
6
24
|
|
25
|
+
# Create a new configuration object.
|
26
|
+
#
|
27
|
+
# @return [Ruolo::Configuration] the new configuration
|
7
28
|
def initialize
|
8
29
|
@connection = nil
|
9
30
|
@user_class = 'User'
|
@@ -1,9 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
require 'sequel'
|
4
18
|
|
5
19
|
module Ruolo
|
6
20
|
module Models
|
21
|
+
# Models an individual permission that can be associated to one or more
|
22
|
+
# roles.
|
7
23
|
class Permission < Sequel::Model
|
8
24
|
plugin :timestamps, update_on_create: true
|
9
25
|
many_to_many :roles, join_table: :roles_permissions
|
data/lib/ruolo/models/role.rb
CHANGED
@@ -1,11 +1,27 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
require 'sequel'
|
4
18
|
|
5
19
|
require 'ruolo/configuration'
|
6
20
|
|
7
21
|
module Ruolo
|
8
22
|
module Models
|
23
|
+
# Models an individual role that has one or more permissions and can be
|
24
|
+
# assigned to one or more users.
|
9
25
|
class Role < Sequel::Model
|
10
26
|
plugin :timestamps, update_on_create: true
|
11
27
|
many_to_many :permissions, join_table: :roles_permissions
|
data/lib/ruolo/models/user.rb
CHANGED
@@ -1,8 +1,29 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
module Ruolo
|
4
18
|
module Models
|
19
|
+
# A mixin to include in downstream user classes that adds useful helper
|
20
|
+
# methods for dealing with roles and permissions.
|
5
21
|
module User
|
22
|
+
# Given the name of a permission determin whether the user's role
|
23
|
+
# membership includes it.
|
24
|
+
#
|
25
|
+
# @param permission [String] the name of the permission
|
26
|
+
# @return [Boolean] if the user has the permission or not
|
6
27
|
def permission?(permission)
|
7
28
|
roles.map { |role| role.permissions.map(&:name) }.flatten.uniq.include?(permission)
|
8
29
|
end
|
data/lib/ruolo/models.rb
CHANGED
@@ -1,5 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
require_relative 'models/permission'
|
4
18
|
require_relative 'models/role'
|
5
19
|
require_relative 'models/user'
|
data/lib/ruolo/sync.rb
CHANGED
@@ -1,16 +1,41 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
require 'yaml'
|
4
18
|
|
5
19
|
require 'ruolo/configuration'
|
6
20
|
require 'ruolo/models'
|
7
21
|
|
8
22
|
module Ruolo
|
23
|
+
# This class manages the actual synchronization of the policy file with the
|
24
|
+
# database.
|
9
25
|
class Sync
|
26
|
+
# Create a new synchronization ojbect.
|
27
|
+
#
|
28
|
+
# @param policy_file [String] path to the yaml policy file
|
29
|
+
# @return [Ruolo::Sync] the new sync option with a parsed policy file
|
10
30
|
def initialize(policy_file)
|
11
31
|
@policy_document = YAML.safe_load(File.read(policy_file), symbolize_names: true)
|
12
32
|
end
|
13
33
|
|
34
|
+
# Bring the configured database in sync with the policy file, adding and
|
35
|
+
# removing roles, permissions, and the permissions that belong to roles
|
36
|
+
# as necessary.
|
37
|
+
#
|
38
|
+
# @return [void]
|
14
39
|
def sync!
|
15
40
|
Ruolo.configuration.connection.transaction do
|
16
41
|
permissions_diff
|
@@ -21,14 +46,24 @@ module Ruolo
|
|
21
46
|
|
22
47
|
private
|
23
48
|
|
49
|
+
# Get all of the distinct permissions defined in the policy (across all
|
50
|
+
# roles).
|
51
|
+
#
|
52
|
+
# @return [Array<String>] the list of all permissions
|
24
53
|
def permissions_from_policy
|
25
54
|
@policy_document[:roles].map { |_role, permissions| permissions }.flatten.uniq
|
26
55
|
end
|
27
56
|
|
57
|
+
# Get all of the roles defined in the policy.
|
58
|
+
#
|
59
|
+
# @return [Array<String>] the list of all roles
|
28
60
|
def roles_from_policy
|
29
61
|
@policy_document[:roles].map { |role, _permissions| role.to_s }
|
30
62
|
end
|
31
63
|
|
64
|
+
# Run the synchronization of permissions against the database.
|
65
|
+
#
|
66
|
+
# @return [void]
|
32
67
|
def permissions_diff
|
33
68
|
permissions = Ruolo::Models::Permission.all
|
34
69
|
policy = permissions_from_policy
|
@@ -43,6 +78,9 @@ module Ruolo
|
|
43
78
|
end
|
44
79
|
end
|
45
80
|
|
81
|
+
# Run the synchronization of roles against the database.
|
82
|
+
#
|
83
|
+
# @return [void]
|
46
84
|
def roles_diff
|
47
85
|
roles = Ruolo::Models::Role.all
|
48
86
|
policy = roles_from_policy
|
@@ -57,6 +95,10 @@ module Ruolo
|
|
57
95
|
end
|
58
96
|
end
|
59
97
|
|
98
|
+
# Run the synchronization of role/permission associations against the
|
99
|
+
# database.
|
100
|
+
#
|
101
|
+
# @return [void]
|
60
102
|
def roles_permissions_diff
|
61
103
|
roles = Ruolo::Models::Role.eager_graph(:permissions).all
|
62
104
|
|
data/lib/ruolo/version.rb
CHANGED
@@ -1,5 +1,19 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
module Ruolo
|
4
|
-
VERSION = '0.
|
18
|
+
VERSION = '0.2.0'
|
5
19
|
end
|
data/lib/ruolo.rb
CHANGED
@@ -1,26 +1,56 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
# Copyright 2019 Mario Finelli
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
3
17
|
require 'ruolo/configuration'
|
4
18
|
require 'ruolo/version'
|
5
19
|
|
20
|
+
# Define a policy file in yaml and ruolo will keep your roles and permissions
|
21
|
+
# in sync with your database.
|
6
22
|
module Ruolo
|
7
23
|
class << self
|
8
24
|
attr_writer :configuration
|
9
25
|
end
|
10
26
|
|
27
|
+
# Get the current configuration.
|
28
|
+
#
|
29
|
+
# @return [Ruolo::Configuration] the configuration class, configured
|
11
30
|
def self.configuration
|
12
31
|
@configuration ||= Ruolo::Configuration.new
|
13
32
|
end
|
14
33
|
|
34
|
+
# Reset the current configuration to the defaults.
|
35
|
+
#
|
36
|
+
# @return [void]
|
15
37
|
def self.reset
|
16
38
|
@configuration = Ruolo::Configuration.new
|
17
39
|
end
|
18
40
|
|
41
|
+
# Gives a block with which to configure.
|
42
|
+
#
|
43
|
+
# @yieldparam comfig [Ruolo::Configuration] configuration object
|
44
|
+
# @yieldreturn [void]
|
19
45
|
def self.configure
|
20
46
|
yield(configuration)
|
21
47
|
end
|
22
48
|
|
23
|
-
|
49
|
+
# Given a policy file synchronize the roles and permissions in the database.
|
50
|
+
#
|
51
|
+
# @param policy_file [String] path to a yaml policy file
|
52
|
+
# @return [void]
|
53
|
+
def self.synchronize!(policy_file)
|
24
54
|
Ruolo::Sync.new(policy_file).sync!
|
25
55
|
end
|
26
56
|
end
|
data/ruolo.gemspec
CHANGED
@@ -14,6 +14,7 @@ Gem::Specification.new do |spec|
|
|
14
14
|
spec.description = 'A library to keep your static role-based access control policies in sync with your database.'
|
15
15
|
spec.homepage = 'https://github.com/mfinelli/ruolo'
|
16
16
|
spec.license = 'Apache-2.0'
|
17
|
+
spec.required_ruby_version = '>= 2.5.0'
|
17
18
|
|
18
19
|
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
19
20
|
f.match(%r{^(test|spec|features)/})
|
@@ -23,8 +24,16 @@ Gem::Specification.new do |spec|
|
|
23
24
|
|
24
25
|
spec.add_dependency 'sequel', '~> 5.0'
|
25
26
|
|
26
|
-
spec.add_development_dependency 'bundler'
|
27
|
+
spec.add_development_dependency 'bundler'
|
28
|
+
spec.add_development_dependency 'coveralls'
|
29
|
+
spec.add_development_dependency 'factory_bot'
|
30
|
+
spec.add_development_dependency 'faker'
|
27
31
|
spec.add_development_dependency 'pg'
|
28
32
|
spec.add_development_dependency 'pry'
|
33
|
+
spec.add_development_dependency 'redcarpet'
|
34
|
+
spec.add_development_dependency 'rspec'
|
29
35
|
spec.add_development_dependency 'rubocop'
|
36
|
+
spec.add_development_dependency 'rubocop-rspec'
|
37
|
+
spec.add_development_dependency 'simplecov'
|
38
|
+
spec.add_development_dependency 'yard'
|
30
39
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruolo
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mario Finelli
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-09-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sequel
|
@@ -28,16 +28,58 @@ dependencies:
|
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
31
|
+
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: '
|
33
|
+
version: '0'
|
34
34
|
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
|
-
- - "
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: coveralls
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: factory_bot
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: faker
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
39
81
|
- !ruby/object:Gem::Version
|
40
|
-
version: '
|
82
|
+
version: '0'
|
41
83
|
- !ruby/object:Gem::Dependency
|
42
84
|
name: pg
|
43
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -66,6 +108,34 @@ dependencies:
|
|
66
108
|
- - ">="
|
67
109
|
- !ruby/object:Gem::Version
|
68
110
|
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: redcarpet
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rspec
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - ">="
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '0'
|
69
139
|
- !ruby/object:Gem::Dependency
|
70
140
|
name: rubocop
|
71
141
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,6 +150,48 @@ dependencies:
|
|
80
150
|
- - ">="
|
81
151
|
- !ruby/object:Gem::Version
|
82
152
|
version: '0'
|
153
|
+
- !ruby/object:Gem::Dependency
|
154
|
+
name: rubocop-rspec
|
155
|
+
requirement: !ruby/object:Gem::Requirement
|
156
|
+
requirements:
|
157
|
+
- - ">="
|
158
|
+
- !ruby/object:Gem::Version
|
159
|
+
version: '0'
|
160
|
+
type: :development
|
161
|
+
prerelease: false
|
162
|
+
version_requirements: !ruby/object:Gem::Requirement
|
163
|
+
requirements:
|
164
|
+
- - ">="
|
165
|
+
- !ruby/object:Gem::Version
|
166
|
+
version: '0'
|
167
|
+
- !ruby/object:Gem::Dependency
|
168
|
+
name: simplecov
|
169
|
+
requirement: !ruby/object:Gem::Requirement
|
170
|
+
requirements:
|
171
|
+
- - ">="
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '0'
|
174
|
+
type: :development
|
175
|
+
prerelease: false
|
176
|
+
version_requirements: !ruby/object:Gem::Requirement
|
177
|
+
requirements:
|
178
|
+
- - ">="
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '0'
|
181
|
+
- !ruby/object:Gem::Dependency
|
182
|
+
name: yard
|
183
|
+
requirement: !ruby/object:Gem::Requirement
|
184
|
+
requirements:
|
185
|
+
- - ">="
|
186
|
+
- !ruby/object:Gem::Version
|
187
|
+
version: '0'
|
188
|
+
type: :development
|
189
|
+
prerelease: false
|
190
|
+
version_requirements: !ruby/object:Gem::Requirement
|
191
|
+
requirements:
|
192
|
+
- - ">="
|
193
|
+
- !ruby/object:Gem::Version
|
194
|
+
version: '0'
|
83
195
|
description: A library to keep your static role-based access control policies in sync
|
84
196
|
with your database.
|
85
197
|
email:
|
@@ -90,7 +202,10 @@ extra_rdoc_files: []
|
|
90
202
|
files:
|
91
203
|
- ".editorconfig"
|
92
204
|
- ".gitignore"
|
205
|
+
- ".rspec"
|
93
206
|
- ".rubocop.yml"
|
207
|
+
- ".rubocop_todo.yml"
|
208
|
+
- ".travis.yml"
|
94
209
|
- CHANGELOG.md
|
95
210
|
- Gemfile
|
96
211
|
- LICENSE
|
@@ -117,7 +232,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
117
232
|
requirements:
|
118
233
|
- - ">="
|
119
234
|
- !ruby/object:Gem::Version
|
120
|
-
version:
|
235
|
+
version: 2.5.0
|
121
236
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
122
237
|
requirements:
|
123
238
|
- - ">="
|