strong-permitter 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +6 -0
- data/README.md +15 -1
- data/Rakefile +5 -0
- data/lib/strong_permitter/manager.rb +7 -5
- data/lib/strong_permitter/permission/base.rb +30 -7
- data/lib/strong_permitter/version.rb +1 -1
- data/spec/lib/strong_permitter/manager_spec.rb +74 -0
- data/spec/lib/strong_permitter/permission/base_spec.rb +64 -0
- data/spec/spec_helper.rb +1 -0
- data/strong-permitter.gemspec +1 -0
- metadata +24 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8f4c40942316855614f9f688b714a50f2969e7c4
|
4
|
+
data.tar.gz: 74828bdbc10f2417d20e29292dcf71bf0112332e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7ecf50cf6cef3ccd88f85c507a5246f2375ffbe9bf75f53786cec68a5a31eaf900cc8ae3c7e0c0fbbd506786456aa14369ab003ae326c0279ec306e90b990eb5
|
7
|
+
data.tar.gz: 697d4b2dfc4958a1aa56361d4e190a49fb3ced63b3693d43c48c66a9cbd5d4c8f081891f75f984a02599179cd7870d9b1d9fb2f1ff232a50198624264a8d26eb
|
data/.travis.yml
ADDED
data/README.md
CHANGED
@@ -1,8 +1,9 @@
|
|
1
|
+
[![Build Status](https://travis-ci.org/evg2108/strong-permitter.svg?branch=optional_resource_name_and_tests)](https://travis-ci.org/evg2108/strong-permitter)
|
1
2
|
[![Gem Version](https://badge.fury.io/rb/strong-permitter.svg)](https://badge.fury.io/rb/strong-permitter)
|
2
3
|
|
3
4
|
# StrongPermitter
|
4
5
|
|
5
|
-
This gem allows move params permissions from controllers to separated permission-objects.
|
6
|
+
This gem allows move params permissions from controllers to separated permission-objects. Used strong parameters whitelists.
|
6
7
|
|
7
8
|
## Installation
|
8
9
|
|
@@ -46,9 +47,22 @@ class ArticlesPermission < StrongPermitter::Permission::Base
|
|
46
47
|
# for non-standard actions permissions use:
|
47
48
|
# allowed_params_for :action_name, :param1, :param2, ...
|
48
49
|
allowed_params_for :activate_article, :activation_status
|
50
|
+
|
51
|
+
# also, you can set default resource name for this permission object (by default used controller name):
|
52
|
+
# self.resource_name = :blog
|
49
53
|
end
|
50
54
|
```
|
51
55
|
|
56
|
+
If you need use different resource names for different actions, you may set optional last argument `:resource` in `create_params`, `update_params` or `allowed_params_for` methods, like this:
|
57
|
+
|
58
|
+
```Ruby
|
59
|
+
class ArticlesPermission < StrongPermitter::Permission::Base
|
60
|
+
create_params :title, :description, :author_name, resource: :blog
|
61
|
+
update_params :title, :text, :blog_id, resource: :blog_post
|
62
|
+
end
|
63
|
+
```
|
64
|
+
|
65
|
+
|
52
66
|
After that, you may use `permitted_params` method for your action methods:
|
53
67
|
|
54
68
|
```ruby
|
data/Rakefile
CHANGED
@@ -1,13 +1,15 @@
|
|
1
1
|
module StrongPermitter
|
2
2
|
module Manager
|
3
3
|
def permitted_params
|
4
|
-
permission_class
|
5
|
-
return nil unless permission_class
|
4
|
+
@permission_class ||= "#{self.class.name.sub('Controller', '')}Permission".camelcase.safe_constantize
|
5
|
+
return nil unless @permission_class
|
6
6
|
|
7
|
-
|
8
|
-
allowed_attributes = permission_class.actions[action_name]
|
7
|
+
action_hash = @permission_class.actions[action_name.to_sym]
|
9
8
|
|
10
|
-
|
9
|
+
resource_name = action_hash[:resource] || @permission_class.resource_name || controller_name.singularize
|
10
|
+
allowed_params = action_hash[:permitted_params]
|
11
|
+
|
12
|
+
params.required(resource_name).permit(*allowed_params)
|
11
13
|
end
|
12
14
|
end
|
13
15
|
end
|
@@ -3,19 +3,25 @@ module StrongPermitter
|
|
3
3
|
class Base
|
4
4
|
class << self
|
5
5
|
def actions
|
6
|
-
@actions ||=
|
6
|
+
@actions ||= Hash.new { |hash,val| hash[val] = { permitted_params: [] } }
|
7
7
|
end
|
8
8
|
|
9
|
-
def create_params(*
|
10
|
-
allowed_params_for :create, *
|
9
|
+
def create_params(*param_names_and_options)
|
10
|
+
allowed_params_for :create, *param_names_and_options
|
11
11
|
end
|
12
12
|
|
13
|
-
def update_params(*
|
14
|
-
allowed_params_for :update, *
|
13
|
+
def update_params(*param_names_and_options)
|
14
|
+
allowed_params_for :update, *param_names_and_options
|
15
15
|
end
|
16
16
|
|
17
|
-
def allowed_params_for(action_name, *
|
18
|
-
|
17
|
+
def allowed_params_for(action_name, *param_names_and_options)
|
18
|
+
options = extract_options!(param_names_and_options)
|
19
|
+
param_names = param_names_and_options
|
20
|
+
|
21
|
+
resource_name = get_resource_name(options)
|
22
|
+
|
23
|
+
actions[action_name][:permitted_params] = param_names
|
24
|
+
actions[action_name][:resource] = resource_name if resource_name
|
19
25
|
end
|
20
26
|
|
21
27
|
def resource_name=(name)
|
@@ -25,6 +31,23 @@ module StrongPermitter
|
|
25
31
|
def resource_name
|
26
32
|
@resource_name
|
27
33
|
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
def extract_options!(param_names_and_options)
|
38
|
+
if param_names_and_options.last.is_a?(Hash)
|
39
|
+
if param_names_and_options.last[:resource]
|
40
|
+
options = param_names_and_options.last.keys.length == 1 ?
|
41
|
+
param_names_and_options.pop :
|
42
|
+
param_names_and_options.last.delete(:resource)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
options || {}
|
46
|
+
end
|
47
|
+
|
48
|
+
def get_resource_name(options)
|
49
|
+
options.is_a?(Hash) && options[:resource]
|
50
|
+
end
|
28
51
|
end
|
29
52
|
end
|
30
53
|
end
|
@@ -0,0 +1,74 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'action_controller'
|
3
|
+
|
4
|
+
class TestController < ActionController::Base
|
5
|
+
include StrongPermitter::Manager
|
6
|
+
|
7
|
+
def create
|
8
|
+
self.action_name = :create
|
9
|
+
@allowed_params = permitted_params
|
10
|
+
end
|
11
|
+
|
12
|
+
def update
|
13
|
+
self.action_name = :update
|
14
|
+
@allowed_params = permitted_params
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_action
|
18
|
+
self.action_name = :test_action
|
19
|
+
@allowed_params = permitted_params
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
class TestPermission < StrongPermitter::Permission::Base
|
24
|
+
create_params :arg1, :arg2, :arg5, :arg6
|
25
|
+
update_params :arg3, :arg4, resource: :another_resource
|
26
|
+
end
|
27
|
+
|
28
|
+
describe StrongPermitter::Manager do
|
29
|
+
subject { TestController.new }
|
30
|
+
|
31
|
+
describe '#permitted_params' do
|
32
|
+
before(:example) do
|
33
|
+
subject.params = ActionController::Parameters.new({ test: { arg1: 'arg1_val', arg2: 'arg2_val', other_arg: 'other_arg_val' }, another_resource: { arg3: 'arg3_val', arg4: 'arg4_val', other_arg: 'other_arg_val' }, another_resource2: { arg5: 'arg5_val', arg6: 'arg6_val', arg7: 'arg7_val'} })
|
34
|
+
end
|
35
|
+
|
36
|
+
context 'when :resource argument not set and resource_name not set' do
|
37
|
+
it 'calls params.require(controller_name.singularize).permit(*arguments_array)' do
|
38
|
+
subject.create
|
39
|
+
expect(subject.instance_variable_get(:@allowed_params)).to eq(HashWithIndifferentAccess.new({arg1: 'arg1_val', arg2: 'arg2_val'}))
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
context 'when :resource argument is set and resource_name not set' do
|
44
|
+
it 'calls params.require(<resource>).permit(*arguments_array)' do
|
45
|
+
subject.update
|
46
|
+
expect(subject.instance_variable_get(:@allowed_params)).to eq(HashWithIndifferentAccess.new({arg3: 'arg3_val', arg4: 'arg4_val'}))
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
context 'when resource_name is set' do
|
51
|
+
context 'and :resource argument not set' do
|
52
|
+
before(:example) do
|
53
|
+
TestPermission.resource_name = :another_resource2
|
54
|
+
end
|
55
|
+
|
56
|
+
it 'calls params.require(resource_name).permit(*arguments_array)' do
|
57
|
+
subject.create
|
58
|
+
expect(subject.instance_variable_get(:@allowed_params)).to eq(HashWithIndifferentAccess.new({arg5: 'arg5_val', arg6: 'arg6_val'}))
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
context 'and :resource argument is set' do
|
63
|
+
before(:example) do
|
64
|
+
TestPermission.resource_name = :another_resource2
|
65
|
+
end
|
66
|
+
|
67
|
+
it 'calls params.require(<resource>).permit(*arguments_array)' do
|
68
|
+
subject.update
|
69
|
+
expect(subject.instance_variable_get(:@allowed_params)).to eq(HashWithIndifferentAccess.new({arg3: 'arg3_val', arg4: 'arg4_val'}))
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,64 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'active_support/hash_with_indifferent_access'
|
3
|
+
|
4
|
+
describe StrongPermitter::Permission::Base do
|
5
|
+
subject { StrongPermitter::Permission::Base }
|
6
|
+
|
7
|
+
before(:example) do
|
8
|
+
subject.actions.keys.each { |key| subject.actions.delete(key) }
|
9
|
+
end
|
10
|
+
|
11
|
+
describe '.actions' do
|
12
|
+
context 'with not existed key' do
|
13
|
+
it 'returns hash with empty array for :permitted_params key' do
|
14
|
+
expect(subject.actions[:test][:permitted_params]).to eq([])
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
describe '.resource_name=' do
|
20
|
+
let(:test_val){ :test }
|
21
|
+
|
22
|
+
it 'assigns resource_name' do
|
23
|
+
subject.resource_name = test_val
|
24
|
+
expect(subject.resource_name).to eq(test_val)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
describe '.create_params' do
|
29
|
+
let(:params) { [:arg1, :arg2, :arg3, resource: :test_resource] }
|
30
|
+
it 'calls allowed_params_for with :create in first param' do
|
31
|
+
is_expected.to receive(:allowed_params_for).with(:create, *params)
|
32
|
+
subject.create_params(*params)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
describe '.update_params' do
|
37
|
+
let(:params) { [:arg1, :arg2, :arg3, resource: :test_resource] }
|
38
|
+
it 'calls allowed_params_for with :update in first param' do
|
39
|
+
is_expected.to receive(:allowed_params_for).with(:update, *params)
|
40
|
+
subject.update_params(*params)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
describe '.allowed_params_for' do
|
45
|
+
let(:test_action_name) { :test_action }
|
46
|
+
let(:params) { [:arg1, :arg2, :arg3] }
|
47
|
+
|
48
|
+
context 'with :resource last argument' do
|
49
|
+
let(:resource_arg) { { resource: :test_resource } }
|
50
|
+
|
51
|
+
it 'assigns actions[<first argument>] with hash contains params in :permitted_params key and resource name in :resource key' do
|
52
|
+
subject.allowed_params_for test_action_name, *(params + [resource_arg])
|
53
|
+
expect(subject.actions[test_action_name]).to eq({ permitted_params: params, resource: resource_arg[:resource] })
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
context 'without :resource last argument' do
|
58
|
+
it 'assigns actions[<first argument>] with hash contains params in :permitted_params key' do
|
59
|
+
subject.allowed_params_for test_action_name, *params
|
60
|
+
expect(subject.actions[test_action_name]).to eq({ permitted_params: params })
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'strong-permitter'
|
data/strong-permitter.gemspec
CHANGED
@@ -19,6 +19,7 @@ Gem::Specification.new do |spec|
|
|
19
19
|
|
20
20
|
spec.add_development_dependency 'bundler', '~> 1.7'
|
21
21
|
spec.add_development_dependency 'rake', '~> 10.0'
|
22
|
+
spec.add_development_dependency 'rspec'
|
22
23
|
spec.add_dependency 'actionpack', '~> 4.0'
|
23
24
|
spec.add_dependency 'railties', '~> 4.0'
|
24
25
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: strong-permitter
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- evg2108
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-12-
|
11
|
+
date: 2015-12-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - ~>
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '10.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - '>='
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: actionpack
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -75,6 +89,7 @@ extensions: []
|
|
75
89
|
extra_rdoc_files: []
|
76
90
|
files:
|
77
91
|
- .gitignore
|
92
|
+
- .travis.yml
|
78
93
|
- Gemfile
|
79
94
|
- LICENSE.txt
|
80
95
|
- README.md
|
@@ -86,6 +101,9 @@ files:
|
|
86
101
|
- lib/strong_permitter/permission/base.rb
|
87
102
|
- lib/strong_permitter/templates/initializer.rb
|
88
103
|
- lib/strong_permitter/version.rb
|
104
|
+
- spec/lib/strong_permitter/manager_spec.rb
|
105
|
+
- spec/lib/strong_permitter/permission/base_spec.rb
|
106
|
+
- spec/spec_helper.rb
|
89
107
|
- strong-permitter.gemspec
|
90
108
|
homepage: https://github.com/evg2108/strong-permitter
|
91
109
|
licenses:
|
@@ -111,4 +129,7 @@ rubygems_version: 2.2.2
|
|
111
129
|
signing_key:
|
112
130
|
specification_version: 4
|
113
131
|
summary: It allows move params permissions from controllers to separated permission-objects
|
114
|
-
test_files:
|
132
|
+
test_files:
|
133
|
+
- spec/lib/strong_permitter/manager_spec.rb
|
134
|
+
- spec/lib/strong_permitter/permission/base_spec.rb
|
135
|
+
- spec/spec_helper.rb
|