shopapp 0.0.11 → 0.0.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/concerns/shoplift_client.rb +18 -1
  3. data/app/views/shopapp/403.html.haml +61 -0
  4. data/shopapp.gemspec +2 -2
  5. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d61621c7a43b70d2557b5a2836407e45bf6f47e1
4
- data.tar.gz: 01cdbf466631099586cc65673bcf16a783ca1a04
3
+ metadata.gz: b0d34cb99d182cb95c2d79b65964c69e0aed0983
4
+ data.tar.gz: edda06c79c885845a41ba02b04eed2f3cc55d7e3
5
5
  SHA512:
6
- metadata.gz: 7f7560cf9ed4c21abda70292f4153da1f09e3a4fabee0e06d2bae45df9951550a63cf110b6f664fa1b65ac34d429bf86934db31f0ef47614a385ea18421d76ae
7
- data.tar.gz: a867ac8d9866ff2c604e0b58dd69a2632496debfc69a73adec88625707a6f27d711da04195b792b5ad56f826c3757c2140936961052cdc57cf0ef76b56205c4d
6
+ metadata.gz: 421f92e6ce6160b873cace9270eb8e17e4150d5bcdd67fca7f88cdf15116e682c8db9e1c258cb30e951163a8318d81582e5acc77f70994d215546214cdc440a9
7
+ data.tar.gz: d064101bc0678fc81c5e110ba77c0078d6fb57bd3f6cea0c12856db1a2a598725655cb2285e7f2249a75078b048bea1add82d9ab89911db045a8ccef0c7a93ec
data/app/controllers/concerns/shoplift_client.rb CHANGED
@@ -13,9 +13,9 @@ module ShopliftClient
13
13
 
14
14
  class_methods do
15
15
  attr_reader :search_path
16
+ attr_reader :required_scopes
16
17
  attr_reader :do_hide_search_for_this_controller
17
18
 
18
-
19
19
  def set_search_path(value)
20
20
  @search_path = value
21
21
  @search_path = "/#{@search_path}" unless @search_path[0] == '/'
@@ -25,6 +25,13 @@ module ShopliftClient
25
25
  def hide_search_for_this_controller
26
26
  @do_hide_search_for_this_controller = true
27
27
  end
28
+
29
+ def require_scopes(scopes)
30
+ @required_scopes ||= []
31
+ scopes = [scopes] unless scopes.is_a? Array
32
+ @required_scopes.concat scopes.map(&:to_s)
33
+ @required_scopes.uniq!
34
+ end
28
35
  end
29
36
 
30
37
  def session_cookie
@@ -36,6 +43,7 @@ module ShopliftClient
36
43
  end
37
44
 
38
45
  def redirect_unauthorized
46
+ return if performed?
39
47
  session.clear
40
48
  session[:previous_url] = request.fullpath
41
49
  redirect_to client.auth_code.authorize_url(
@@ -69,6 +77,15 @@ module ShopliftClient
69
77
  begin
70
78
  x = srv.get '/api/users/profile'
71
79
  @current_user = JSON.parse x.response.body
80
+ user_scopes = JSON.parse @current_user['scopes']
81
+ unless user_scopes.include? 'admin'
82
+ (self.class.required_scopes || []).each do |required_scope|
83
+ unless user_scopes.include? required_scope
84
+ render(file: 'shopapp/403.html', status: 403, layout: false, locals: { missing_scope: required_scope })
85
+ return false
86
+ end
87
+ end
88
+ end
72
89
  find_company_by_code current_user['company']['code']
73
90
  rescue OAuth2::Error
74
91
  return false
data/app/views/shopapp/403.html.haml ADDED
@@ -0,0 +1,61 @@
1
+ !!!
2
+ %html
3
+ %head
4
+ %meta{:content => "text/html; charset=UTF-8", "http-equiv" => "Content-Type"}/
5
+ %title You are not allowed to view this page.
6
+ %meta{:content => "width=device-width,initial-scale=1", :name => "viewport"}/
7
+ :css
8
+ .rails-default-error-page {
9
+ background-color: #EFEFEF;
10
+ color: #2E2F30;
11
+ text-align: center;
12
+ font-family: arial, sans-serif;
13
+ margin: 0;
14
+ }
15
+
16
+ .rails-default-error-page div.dialog {
17
+ width: 95%;
18
+ max-width: 33em;
19
+ margin: 4em auto 0;
20
+ }
21
+
22
+ .rails-default-error-page div.dialog > div {
23
+ border: 1px solid #CCC;
24
+ border-right-color: #999;
25
+ border-left-color: #999;
26
+ border-bottom-color: #BBB;
27
+ border-top: #B00100 solid 4px;
28
+ border-top-left-radius: 9px;
29
+ border-top-right-radius: 9px;
30
+ background-color: white;
31
+ padding: 7px 12% 0;
32
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
33
+ }
34
+
35
+ .rails-default-error-page h1 {
36
+ font-size: 100%;
37
+ color: #730E15;
38
+ line-height: 1.5em;
39
+ }
40
+
41
+ .rails-default-error-page div.dialog > p {
42
+ margin: 0 0 1em;
43
+ padding: 1em;
44
+ background-color: #F7F7F7;
45
+ border: 1px solid #CCC;
46
+ border-right-color: #999;
47
+ border-left-color: #999;
48
+ border-bottom-color: #999;
49
+ border-bottom-left-radius: 4px;
50
+ border-bottom-right-radius: 4px;
51
+ border-top-color: #DADADA;
52
+ color: #666;
53
+ box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
54
+ }
55
+ %body.rails-default-error-page
56
+ / This file lives in public/404.html
57
+ .dialog
58
+ %div
59
+ %h1 The page you were looking for requires priviligies you do not have.
60
+ %p If you think you should be allowed to view this page, please contact somebody.
61
+ %p You are missing scope #{missing_scope}
data/shopapp.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'shopapp'
3
- s.version = '0.0.11'
4
- s.date = '2018-01-09'
3
+ s.version = '0.0.12'
4
+ s.date = '2018-05-15'
5
5
  s.summary = 'Do a shoplift.'
6
6
  s.description = 'Ha! Art thou Bedlam? Dost thou thirst base Trojan, to have me fold up Parca\'s fatal web? Hence!\
7
7
  I am qualmish at the smell of leek.'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: shopapp
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.11
4
+ version: 0.0.12
5
5
  platform: ruby
6
6
  authors:
7
7
  - Zeljko
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-01-09 00:00:00.000000000 Z
11
+ date: 2018-05-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties
@@ -162,6 +162,7 @@ files:
162
162
  - app/controllers/user_authenticated_controller.rb
163
163
  - app/controllers/user_authenticated_or_api_controller.rb
164
164
  - app/views/layouts/_header_menu.html.haml
165
+ - app/views/shopapp/403.html.haml
165
166
  - app/views/shopapp/_shopapp.html.haml
166
167
  - config/initializers/active_settings.rb
167
168
  - lib/shopapp.rb