simple_acl 1.0.3 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/README.md +33 -0
- data/lib/simple_acl.rb +3 -2
- data/lib/simple_acl/acl.rb +23 -0
- data/lib/simple_acl/configuration.rb +4 -1
- data/lib/simple_acl/version.rb +1 -1
- metadata +7 -11
checksums.yaml
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
---
|
2
|
+
!binary "U0hBMQ==":
|
3
|
+
metadata.gz: !binary |-
|
4
|
+
NGZjN2RlMDM5ZjQ3NDFiMDYzNmM5ZGJiNTJiNGYxODEzZDJiMTMzYQ==
|
5
|
+
data.tar.gz: !binary |-
|
6
|
+
MzExYTAzZjc3NjZmMjYxMGU2MzE5ZTljNjE0NTdmOTg1MjQ5YmU4Yw==
|
7
|
+
SHA512:
|
8
|
+
metadata.gz: !binary |-
|
9
|
+
MzkwMzA4MGY5MWRiMDNlMWM2MWU0Y2U3NjE3Y2ZmZjhmYWFjOTkwZGZjYzY1
|
10
|
+
NmUzNzRhN2JmYTFmY2Y2YTEzZmMxZjA2NWUyNjcyM2Y1NTgxNzU0MzAxYzBk
|
11
|
+
ZTBlMjg3ZjQ2MTE1M2MyNzA4MzkwYmRlNTdmZmM4NDcwOGU1MmI=
|
12
|
+
data.tar.gz: !binary |-
|
13
|
+
NDc2ZTMxMjlhNTk2NmY5Yzk1OTYyMjA2ZWJkNmUxZjc3OGVjMjJlMmZlOGIz
|
14
|
+
NzNlNDczNTZiYTU1YWRmOGVjMGUzNmFjZDFhYjkzNTc3ZmNkY2RjMWZjMzIx
|
15
|
+
Mjk5ZjlkMmQ3MDRjZTM5N2ViYmEyYTlkNjdiOWM3ZTcwNjNhNzg=
|
data/README.md
CHANGED
@@ -69,6 +69,7 @@ To configure the ability of a role you can use:
|
|
69
69
|
Or the basic method `acl_role` with which you need to specify the role.
|
70
70
|
|
71
71
|
The key `privileges` must be a hash of assertions.
|
72
|
+
The key `filters` must be a hash of params filters
|
72
73
|
The key `inherit` must be the symbol of previous defined role.
|
73
74
|
|
74
75
|
Example:
|
@@ -117,6 +118,38 @@ If you have values containing `params` and your user model `current_user`
|
|
117
118
|
|
118
119
|
```
|
119
120
|
|
121
|
+
### Define filters for your roles
|
122
|
+
|
123
|
+
A filter is a list of allowed tokens for a given parameter. It assume the parameter is a comma delimited string.
|
124
|
+
A typical use case for this feature is to accept a prameter that provide a list of options. You want to control which options are available for each role.
|
125
|
+
|
126
|
+
Example
|
127
|
+
|
128
|
+
```ruby
|
129
|
+
acl_user privileges: { show: true },
|
130
|
+
filters: { features: [ 'opt1', 'opt2', 'opt3'] }
|
131
|
+
|
132
|
+
```
|
133
|
+
|
134
|
+
The filter above will parse the parameter 'features' and remove all token that are not one of the following `opt1`,`opt2`,`opt3`
|
135
|
+
|
136
|
+
a role can inherit filters from its parent. You can overide an inherited filter by redefining it. You can take advantage of the special value below.
|
137
|
+
|
138
|
+
* `:all` : Accept any value. It allow to remove an inherited filter
|
139
|
+
* `:none` : Reject any value
|
140
|
+
|
141
|
+
Example
|
142
|
+
|
143
|
+
```ruby
|
144
|
+
|
145
|
+
acl_user privileges: { show: true },
|
146
|
+
filters: { features: [ 'opt1', 'opt2', 'opt3'] }
|
147
|
+
|
148
|
+
acl_guest inherit: :user, filters: { features: :none }
|
149
|
+
|
150
|
+
acl_admin inherit: :user, filters: { features: :all }
|
151
|
+
```
|
152
|
+
|
120
153
|
## Contributing
|
121
154
|
|
122
155
|
1. Fork it
|
data/lib/simple_acl.rb
CHANGED
@@ -36,7 +36,7 @@ module SimpleAcl
|
|
36
36
|
end
|
37
37
|
|
38
38
|
def acl_values
|
39
|
-
Thread.current[:acl_values] ||= defined?(params) ? params : nil
|
39
|
+
Thread.current[:acl_values] ||= { params: (defined?(params) ? params : nil) }
|
40
40
|
end
|
41
41
|
|
42
42
|
# @param current_role used for the assertion
|
@@ -63,6 +63,7 @@ module SimpleAcl
|
|
63
63
|
|
64
64
|
begin
|
65
65
|
self.class.acl.check_acl(acl_current_role, acl_action, acl_values)
|
66
|
+
self.class.acl.filter_params(acl_current_role, acl_values[:params])
|
66
67
|
ensure
|
67
68
|
# in case of Thread,current is not cleaned
|
68
69
|
Thread.current[:acl_action] = nil
|
@@ -70,4 +71,4 @@ module SimpleAcl
|
|
70
71
|
Thread.current[:acl_values] = nil
|
71
72
|
end
|
72
73
|
end
|
73
|
-
end
|
74
|
+
end
|
data/lib/simple_acl/acl.rb
CHANGED
@@ -38,6 +38,15 @@ module SimpleAcl
|
|
38
38
|
unauthorized
|
39
39
|
end
|
40
40
|
|
41
|
+
def filter_params(role, params)
|
42
|
+
filters = configuration.acl_filters[role.to_sym] || {}
|
43
|
+
filters.each do |key,value|
|
44
|
+
if params.has_key?(key)
|
45
|
+
params[key] = filter(params[key], value)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
41
50
|
def self.unauthorized
|
42
51
|
raise ExceptionUnauthorized
|
43
52
|
end
|
@@ -46,5 +55,19 @@ module SimpleAcl
|
|
46
55
|
true
|
47
56
|
end
|
48
57
|
|
58
|
+
private
|
59
|
+
|
60
|
+
def filter(values, accepted_values)
|
61
|
+
if accepted_values == :all
|
62
|
+
values
|
63
|
+
elsif accepted_values == :none
|
64
|
+
''
|
65
|
+
elsif values == 'all'
|
66
|
+
accepted_values.join(',')
|
67
|
+
else
|
68
|
+
(values.split(',') & accepted_values).join(',')
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
49
72
|
end
|
50
73
|
end
|
@@ -2,15 +2,18 @@ module SimpleAcl
|
|
2
2
|
class Configuration
|
3
3
|
|
4
4
|
attr_reader :acl_privileges
|
5
|
+
attr_reader :acl_filters
|
5
6
|
|
6
7
|
def initialize
|
7
8
|
@acl_privileges = {}
|
9
|
+
@acl_filters = {}
|
8
10
|
end
|
9
11
|
|
10
12
|
def add_role(role, privileges)
|
11
13
|
check_keys(privileges)
|
12
14
|
|
13
15
|
@acl_privileges[role] = (@acl_privileges[privileges[:inherit]] || {}).merge(privileges[:privileges] || {})
|
16
|
+
acl_filters[role] = (acl_filters[privileges[:inherit]] || {}).merge(privileges[:filters] || {})
|
14
17
|
|
15
18
|
check_set_up(@acl_privileges[role])
|
16
19
|
|
@@ -22,7 +25,7 @@ module SimpleAcl
|
|
22
25
|
# check defined keys in privileges
|
23
26
|
def check_keys(privileges)
|
24
27
|
privileges.keys.each do |configuration_key|
|
25
|
-
raise ExceptionConfiguration, "Unknow configuration key #{configuration_key}" unless [:privileges, :inherit].include?(configuration_key)
|
28
|
+
raise ExceptionConfiguration, "Unknow configuration key #{configuration_key}" unless [:privileges, :inherit, :filters].include?(configuration_key)
|
26
29
|
end
|
27
30
|
raise ExceptionConfiguration, 'Inherit specified is not defined previously' if privileges[:inherit] && !@acl_privileges[privileges[:inherit]]
|
28
31
|
end
|
data/lib/simple_acl/version.rb
CHANGED
metadata
CHANGED
@@ -1,20 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: simple_acl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
5
|
-
prerelease:
|
4
|
+
version: 1.1.0
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- mtparet
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date: 2014-
|
11
|
+
date: 2014-03-07 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: rspec
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
17
|
-
none: false
|
18
16
|
requirements:
|
19
17
|
- - ~>
|
20
18
|
- !ruby/object:Gem::Version
|
@@ -22,7 +20,6 @@ dependencies:
|
|
22
20
|
type: :development
|
23
21
|
prerelease: false
|
24
22
|
version_requirements: !ruby/object:Gem::Requirement
|
25
|
-
none: false
|
26
23
|
requirements:
|
27
24
|
- - ~>
|
28
25
|
- !ruby/object:Gem::Version
|
@@ -35,34 +32,33 @@ extensions: []
|
|
35
32
|
extra_rdoc_files: []
|
36
33
|
files:
|
37
34
|
- README.md
|
35
|
+
- lib/simple_acl.rb
|
38
36
|
- lib/simple_acl/acl.rb
|
39
|
-
- lib/simple_acl/version.rb
|
40
37
|
- lib/simple_acl/configuration.rb
|
41
38
|
- lib/simple_acl/exceptions.rb
|
42
|
-
- lib/simple_acl.rb
|
39
|
+
- lib/simple_acl/version.rb
|
43
40
|
homepage: https://github.com/ifeelgoods/simple_acl
|
44
41
|
licenses:
|
45
42
|
- Apache License Version 2.0
|
43
|
+
metadata: {}
|
46
44
|
post_install_message:
|
47
45
|
rdoc_options: []
|
48
46
|
require_paths:
|
49
47
|
- lib
|
50
48
|
required_ruby_version: !ruby/object:Gem::Requirement
|
51
|
-
none: false
|
52
49
|
requirements:
|
53
50
|
- - ! '>='
|
54
51
|
- !ruby/object:Gem::Version
|
55
52
|
version: '0'
|
56
53
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
57
|
-
none: false
|
58
54
|
requirements:
|
59
55
|
- - ! '>='
|
60
56
|
- !ruby/object:Gem::Version
|
61
57
|
version: '0'
|
62
58
|
requirements: []
|
63
59
|
rubyforge_project:
|
64
|
-
rubygems_version:
|
60
|
+
rubygems_version: 2.2.2
|
65
61
|
signing_key:
|
66
|
-
specification_version:
|
62
|
+
specification_version: 4
|
67
63
|
summary: Simple gem to implement ACL in Ruby (especially in Rails).
|
68
64
|
test_files: []
|