strong_actions 0.0.9 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +3 -3
- data/.travis.yml +2 -3
- data/HISTORY.md +15 -0
- data/README.md +32 -32
- data/lib/strong_actions/version.rb +1 -1
- data/strong_actions.gemspec +7 -7
- metadata +18 -20
- data/Gemfile.lock +0 -71
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: fdae0a8c14b6469d215869817d425b2eff058e5f5dec21a917907fcf3f2db64f
|
|
4
|
+
data.tar.gz: d8d4cbbdc46d75781563efdaa72386cb606dac64e8ef72abb5119c27c45ef1e5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4b3c1c3659fcdf6411e803babc9f420cd8702d053f41b224d8456ec0824f5dd952a9d94092f503bba65620d3ad8e3c54dffb0d819796d8e88d8ac80c19d15495
|
|
7
|
+
data.tar.gz: cca6fcc202d2718a0232398f6b5568d8064b7262df6ff17ea462365acb71a39ed40128bfe6910c18b80c28285517ec4e2ebd3206d4e4e8bed210b4a7c59f3826
|
data/.gitignore
CHANGED
|
@@ -26,9 +26,9 @@ build/
|
|
|
26
26
|
|
|
27
27
|
# for a library or gem, you might want to ignore these files since the code is
|
|
28
28
|
# intended to run in multiple environments; otherwise, check them in:
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
29
|
+
Gemfile.lock
|
|
30
|
+
.ruby-version
|
|
31
|
+
.ruby-gemset
|
|
32
32
|
|
|
33
33
|
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
|
34
34
|
.rvmrc
|
data/.travis.yml
CHANGED
data/HISTORY.md
CHANGED
|
@@ -1,5 +1,20 @@
|
|
|
1
1
|
# History
|
|
2
2
|
|
|
3
|
+
## 0.2.1
|
|
4
|
+
* drop support for rails-4.2, 5.0, 5.1(CVE-2020-8165)
|
|
5
|
+
|
|
6
|
+
## 0.2.0
|
|
7
|
+
* drop support for ruby-2.3, 2.4
|
|
8
|
+
|
|
9
|
+
## 0.1.1
|
|
10
|
+
* drop support for ruby-2.2
|
|
11
|
+
* add suport for rails-5.2
|
|
12
|
+
|
|
13
|
+
## 0.1.0
|
|
14
|
+
* drop support for ruby-2.1
|
|
15
|
+
* drop support for rails-4.1
|
|
16
|
+
* add suport for rails-5.1
|
|
17
|
+
|
|
3
18
|
## 0.0.9
|
|
4
19
|
* fixed thread safety issue on multi-thread environment.
|
|
5
20
|
|
data/README.md
CHANGED
|
@@ -26,53 +26,53 @@ Suppose method "current_user" is available for controllers and views,
|
|
|
26
26
|
and user has an attribute called admin and only admin can modify resource "users",
|
|
27
27
|
|
|
28
28
|
then prepare config/acl.yml
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
In above case, when a non-admin user try to access new_user_path, StrongActions::ForbiddenAction
|
|
29
|
+
```yaml
|
|
30
|
+
current_user:
|
|
31
|
+
users:
|
|
32
|
+
new: admin?
|
|
33
|
+
create: admin?
|
|
34
|
+
edit: admin?
|
|
35
|
+
update: admin?
|
|
36
|
+
destroy: admin?
|
|
37
|
+
```
|
|
38
|
+
In above case, when a non-admin user try to access new_user_path for example, StrongActions::ForbiddenAction will be thrown.
|
|
39
39
|
|
|
40
40
|
if all actions are restricted in the same way, you can make a definition on controller level.
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
41
|
+
```yaml
|
|
42
|
+
current_user:
|
|
43
|
+
users: admin?
|
|
44
|
+
```
|
|
45
45
|
controller definition can be namespaced.
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
46
|
+
```yaml
|
|
47
|
+
current_user:
|
|
48
|
+
admin/users: admin?
|
|
49
|
+
```
|
|
50
50
|
if you have multiple controllers under a namespace, namespace can be used.
|
|
51
|
-
ending with '/' indicates that is for namespace 'admin' and not controller 'admin'.
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
51
|
+
ending with '/' indicates that it is for namespace 'admin' and not controller 'admin'.
|
|
52
|
+
```yaml
|
|
53
|
+
current_user:
|
|
54
|
+
admin/: admin?
|
|
55
|
+
```
|
|
56
56
|
|
|
57
57
|
### Handling error in controller
|
|
58
58
|
|
|
59
59
|
In application_controller.rb, the error should be rescued like
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
60
|
+
```ruby
|
|
61
|
+
rescue_from StrongActions::ForbiddenAction do
|
|
62
|
+
render file: 'public/403.html', layout: false, status: :forbidden
|
|
63
|
+
end
|
|
64
|
+
```
|
|
65
65
|
In above case, all the forbidden accesses are handled by public/403.html.
|
|
66
66
|
|
|
67
67
|
### Disabling forbidden link in view
|
|
68
68
|
|
|
69
69
|
In views, use helper method "available?" so that links for forbidden actions are not shown.
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
70
|
+
```erb
|
|
71
|
+
<%= link_to 'Add User' new_user_path if available?('users', 'new') %>
|
|
72
|
+
```
|
|
73
73
|
## Contributing
|
|
74
74
|
|
|
75
|
-
1. Fork it ( https://github.com/
|
|
75
|
+
1. Fork it ( https://github.com/hybitz/strong_actions/fork )
|
|
76
76
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
77
77
|
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
78
78
|
4. Push to the branch (`git push origin my-new-feature`)
|
data/strong_actions.gemspec
CHANGED
|
@@ -17,13 +17,13 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
18
18
|
spec.require_paths = ["lib"]
|
|
19
19
|
|
|
20
|
-
spec.required_ruby_version = '~> 2.
|
|
20
|
+
spec.required_ruby_version = '~> 2.5'
|
|
21
21
|
|
|
22
|
-
spec.add_dependency "activesupport", '>= 4.
|
|
23
|
-
spec.add_dependency "actionpack", '>= 4.
|
|
24
|
-
spec.add_dependency "railties", '>= 4.
|
|
22
|
+
spec.add_dependency "activesupport", '>= 5.2.4.3', '< 6'
|
|
23
|
+
spec.add_dependency "actionpack", '>= 5.2.4.3', '< 6'
|
|
24
|
+
spec.add_dependency "railties", '>= 5.2.4.3', '< 6'
|
|
25
25
|
|
|
26
|
-
spec.add_development_dependency
|
|
27
|
-
spec.add_development_dependency
|
|
28
|
-
spec.add_development_dependency
|
|
26
|
+
spec.add_development_dependency 'bundler', '~> 2.0'
|
|
27
|
+
spec.add_development_dependency 'minitest'
|
|
28
|
+
spec.add_development_dependency 'rake', '~> 12.0'
|
|
29
29
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strong_actions
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- ichy
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-08-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -16,74 +16,74 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 5.2.4.3
|
|
20
20
|
- - "<"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
|
-
version: '
|
|
22
|
+
version: '6'
|
|
23
23
|
type: :runtime
|
|
24
24
|
prerelease: false
|
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
|
26
26
|
requirements:
|
|
27
27
|
- - ">="
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version:
|
|
29
|
+
version: 5.2.4.3
|
|
30
30
|
- - "<"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: '
|
|
32
|
+
version: '6'
|
|
33
33
|
- !ruby/object:Gem::Dependency
|
|
34
34
|
name: actionpack
|
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
|
36
36
|
requirements:
|
|
37
37
|
- - ">="
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version:
|
|
39
|
+
version: 5.2.4.3
|
|
40
40
|
- - "<"
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
|
-
version: '
|
|
42
|
+
version: '6'
|
|
43
43
|
type: :runtime
|
|
44
44
|
prerelease: false
|
|
45
45
|
version_requirements: !ruby/object:Gem::Requirement
|
|
46
46
|
requirements:
|
|
47
47
|
- - ">="
|
|
48
48
|
- !ruby/object:Gem::Version
|
|
49
|
-
version:
|
|
49
|
+
version: 5.2.4.3
|
|
50
50
|
- - "<"
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
|
-
version: '
|
|
52
|
+
version: '6'
|
|
53
53
|
- !ruby/object:Gem::Dependency
|
|
54
54
|
name: railties
|
|
55
55
|
requirement: !ruby/object:Gem::Requirement
|
|
56
56
|
requirements:
|
|
57
57
|
- - ">="
|
|
58
58
|
- !ruby/object:Gem::Version
|
|
59
|
-
version:
|
|
59
|
+
version: 5.2.4.3
|
|
60
60
|
- - "<"
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
|
-
version: '
|
|
62
|
+
version: '6'
|
|
63
63
|
type: :runtime
|
|
64
64
|
prerelease: false
|
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
|
66
66
|
requirements:
|
|
67
67
|
- - ">="
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version:
|
|
69
|
+
version: 5.2.4.3
|
|
70
70
|
- - "<"
|
|
71
71
|
- !ruby/object:Gem::Version
|
|
72
|
-
version: '
|
|
72
|
+
version: '6'
|
|
73
73
|
- !ruby/object:Gem::Dependency
|
|
74
74
|
name: bundler
|
|
75
75
|
requirement: !ruby/object:Gem::Requirement
|
|
76
76
|
requirements:
|
|
77
77
|
- - "~>"
|
|
78
78
|
- !ruby/object:Gem::Version
|
|
79
|
-
version: '
|
|
79
|
+
version: '2.0'
|
|
80
80
|
type: :development
|
|
81
81
|
prerelease: false
|
|
82
82
|
version_requirements: !ruby/object:Gem::Requirement
|
|
83
83
|
requirements:
|
|
84
84
|
- - "~>"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
|
-
version: '
|
|
86
|
+
version: '2.0'
|
|
87
87
|
- !ruby/object:Gem::Dependency
|
|
88
88
|
name: minitest
|
|
89
89
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -122,7 +122,6 @@ files:
|
|
|
122
122
|
- ".gitignore"
|
|
123
123
|
- ".travis.yml"
|
|
124
124
|
- Gemfile
|
|
125
|
-
- Gemfile.lock
|
|
126
125
|
- HISTORY.md
|
|
127
126
|
- LICENSE
|
|
128
127
|
- README.md
|
|
@@ -153,15 +152,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
153
152
|
requirements:
|
|
154
153
|
- - "~>"
|
|
155
154
|
- !ruby/object:Gem::Version
|
|
156
|
-
version: '2.
|
|
155
|
+
version: '2.5'
|
|
157
156
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
158
157
|
requirements:
|
|
159
158
|
- - ">="
|
|
160
159
|
- !ruby/object:Gem::Version
|
|
161
160
|
version: '0'
|
|
162
161
|
requirements: []
|
|
163
|
-
|
|
164
|
-
rubygems_version: 2.6.4
|
|
162
|
+
rubygems_version: 3.2.16
|
|
165
163
|
signing_key:
|
|
166
164
|
specification_version: 4
|
|
167
165
|
summary: access control for rails controller/action
|
data/Gemfile.lock
DELETED
|
@@ -1,71 +0,0 @@
|
|
|
1
|
-
PATH
|
|
2
|
-
remote: .
|
|
3
|
-
specs:
|
|
4
|
-
strong_actions (0.0.9)
|
|
5
|
-
actionpack (>= 4.1, < 5.1)
|
|
6
|
-
activesupport (>= 4.1, < 5.1)
|
|
7
|
-
railties (>= 4.1, < 5.1)
|
|
8
|
-
|
|
9
|
-
GEM
|
|
10
|
-
remote: https://rubygems.org/
|
|
11
|
-
specs:
|
|
12
|
-
actionpack (5.0.2)
|
|
13
|
-
actionview (= 5.0.2)
|
|
14
|
-
activesupport (= 5.0.2)
|
|
15
|
-
rack (~> 2.0)
|
|
16
|
-
rack-test (~> 0.6.3)
|
|
17
|
-
rails-dom-testing (~> 2.0)
|
|
18
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.2)
|
|
19
|
-
actionview (5.0.2)
|
|
20
|
-
activesupport (= 5.0.2)
|
|
21
|
-
builder (~> 3.1)
|
|
22
|
-
erubis (~> 2.7.0)
|
|
23
|
-
rails-dom-testing (~> 2.0)
|
|
24
|
-
rails-html-sanitizer (~> 1.0, >= 1.0.3)
|
|
25
|
-
activesupport (5.0.2)
|
|
26
|
-
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
27
|
-
i18n (~> 0.7)
|
|
28
|
-
minitest (~> 5.1)
|
|
29
|
-
tzinfo (~> 1.1)
|
|
30
|
-
builder (3.2.3)
|
|
31
|
-
concurrent-ruby (1.0.5)
|
|
32
|
-
erubis (2.7.0)
|
|
33
|
-
i18n (0.8.1)
|
|
34
|
-
loofah (2.0.3)
|
|
35
|
-
nokogiri (>= 1.5.9)
|
|
36
|
-
method_source (0.8.2)
|
|
37
|
-
mini_portile2 (2.1.0)
|
|
38
|
-
minitest (5.10.1)
|
|
39
|
-
nokogiri (1.7.1)
|
|
40
|
-
mini_portile2 (~> 2.1.0)
|
|
41
|
-
rack (2.0.1)
|
|
42
|
-
rack-test (0.6.3)
|
|
43
|
-
rack (>= 1.0)
|
|
44
|
-
rails-dom-testing (2.0.2)
|
|
45
|
-
activesupport (>= 4.2.0, < 6.0)
|
|
46
|
-
nokogiri (~> 1.6)
|
|
47
|
-
rails-html-sanitizer (1.0.3)
|
|
48
|
-
loofah (~> 2.0)
|
|
49
|
-
railties (5.0.2)
|
|
50
|
-
actionpack (= 5.0.2)
|
|
51
|
-
activesupport (= 5.0.2)
|
|
52
|
-
method_source
|
|
53
|
-
rake (>= 0.8.7)
|
|
54
|
-
thor (>= 0.18.1, < 2.0)
|
|
55
|
-
rake (12.0.0)
|
|
56
|
-
thor (0.19.4)
|
|
57
|
-
thread_safe (0.3.6)
|
|
58
|
-
tzinfo (1.2.3)
|
|
59
|
-
thread_safe (~> 0.1)
|
|
60
|
-
|
|
61
|
-
PLATFORMS
|
|
62
|
-
ruby
|
|
63
|
-
|
|
64
|
-
DEPENDENCIES
|
|
65
|
-
bundler (~> 1.7)
|
|
66
|
-
minitest
|
|
67
|
-
rake (~> 12.0)
|
|
68
|
-
strong_actions!
|
|
69
|
-
|
|
70
|
-
BUNDLED WITH
|
|
71
|
-
1.13.7
|