strongbolt 0.3.8 → 0.3.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +75 -0
- data/app/controllers/strongbolt/user_groups_users_controller.rb +3 -0
- data/lib/generators/strongbolt/fix_unique_group_members_generator.rb +19 -0
- data/lib/generators/strongbolt/templates/fix_unique_group_members.rb +5 -0
- data/lib/generators/strongbolt/templates/migration.rb +2 -0
- data/lib/strongbolt.rb +13 -11
- data/lib/strongbolt/bolted.rb +21 -19
- data/lib/strongbolt/tenantable.rb +2 -2
- data/lib/strongbolt/user_abilities.rb +9 -9
- data/lib/strongbolt/version.rb +1 -1
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/db/migrate/20160531110509_fix_unique_group_members.rb +5 -0
- data/spec/dummy/db/schema.rb +2 -1
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/strongbolt/bolted_spec.rb +10 -10
- data/spec/strongbolt/tenantable_spec.rb +7 -7
- data/spec/strongbolt/user_abilities_spec.rb +24 -24
- data/spec/support/db_setup.rb +2 -0
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 085945fde7504a693c9d0bd3a6a98b04da72911f
|
|
4
|
+
data.tar.gz: cde8841b764409146e570aab407bd352e626c373
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f57f6215dfaf0cd3b095d02fbc5c88073d52514de38767903a451e93c8fc3afd43b2fcee1bdbbcc77f54451683e73dd5a0d517b88122888974e0ef5a919415bd
|
|
7
|
+
data.tar.gz: 96236affc3e1b2eed63fe6a9e4ce4cbc1a4a323fd8cc408bca2c46ed08c093e1c861aeef96f8427dd0a1914527989c5a31307d34aa8530ce13b2249e7b137f86
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -112,6 +112,81 @@ To achieve this, use the following within your model:
|
|
|
112
112
|
authorize_as "Movie"
|
|
113
113
|
```
|
|
114
114
|
|
|
115
|
+
All ActiveRecord models will get the following methods added by Strongbolt.
|
|
116
|
+
|
|
117
|
+
##### ::bolted?
|
|
118
|
+
|
|
119
|
+
Returns true if authorization checks are enabled.
|
|
120
|
+
|
|
121
|
+
##### ::unbolted?
|
|
122
|
+
|
|
123
|
+
Returns true if authorization checks are disabled.
|
|
124
|
+
|
|
125
|
+
##### ::owned?
|
|
126
|
+
|
|
127
|
+
Returns true when the model is owned by user (has a belongs_to association with the user class). Example: `Client.owned?`
|
|
128
|
+
|
|
129
|
+
##### ::owner_attribute
|
|
130
|
+
|
|
131
|
+
The attribute of the model which is used to determine the owner. Example: `Client.owner_attribute` would return `:user_id`, `User.owner_attribute` would `:id`.
|
|
132
|
+
|
|
133
|
+
##### ::tenant?
|
|
134
|
+
|
|
135
|
+
Returns true when the model is a tenant (see below for a description of tenants).
|
|
136
|
+
|
|
137
|
+
##### ::authorize_as
|
|
138
|
+
|
|
139
|
+
See above. Allows a different model to be used for authorization checks instead.
|
|
140
|
+
|
|
141
|
+
##### ::name_for_authorization
|
|
142
|
+
|
|
143
|
+
See above. Returns the name of the model to be used for authorization checks.
|
|
144
|
+
|
|
145
|
+
### Users
|
|
146
|
+
|
|
147
|
+
Your user class (configured in the initializer via `config.user_class`) will have the following methods added by Strongbolt.
|
|
148
|
+
|
|
149
|
+
##### #capabilities
|
|
150
|
+
|
|
151
|
+
Returns all capabilities assigned to the user, including inherited ones. The return type is an array of `Strongbolt::Capability` instances. Example: `user.capabilities`
|
|
152
|
+
|
|
153
|
+
##### #add_tenant(tenant_instance)
|
|
154
|
+
|
|
155
|
+
Give the user access to the given tenant (see below for a description of tenants). Example: `user.add_tenant Client.find_by(name: 'AMG')`
|
|
156
|
+
|
|
157
|
+
##### #owns?(instance)
|
|
158
|
+
|
|
159
|
+
Checks whether the user own the given instance and returns a boolean. `instance` can be any instance of an ActiveRecord model. If the model has an attribute `user_id` it is compared to the user's ID to decide if he owns it. A user owns his own user instance. Example: `user.owns? Client.find_by(name: 'AMG')`, `user.owns? user`
|
|
160
|
+
|
|
161
|
+
##### #can?(action, instance, attrs = :any, all_instance = false)
|
|
162
|
+
|
|
163
|
+
Return true/false and determines whether the user is authorized to perform `action` on `instance`. `action` has to be a symbol (`:find, :create, :update, :destroy`). `instance` has to be a class or instance of an ActiveRecord model. `attrs` has to be `:any` always for now (it could be used for attribute level authorization, but that's not supported yet). `all_instance` can be set to true when `instance` is a call, to check whether the user can perform `action` on all instances of that class.
|
|
164
|
+
Examples:
|
|
165
|
+
- `user.can?(:find, Client.find_by(name: 'AMG'))`
|
|
166
|
+
- `user.can?(:create, Plan)`
|
|
167
|
+
- `user.can?(:update, Client, :any, true)`
|
|
168
|
+
|
|
169
|
+
##### #cannot?(...)
|
|
170
|
+
|
|
171
|
+
Inverse of `user.can?(...)`
|
|
172
|
+
|
|
173
|
+
##### #user_groups
|
|
174
|
+
|
|
175
|
+
ActiveRecord has_may Association with `Strongbolt::UserGroup`
|
|
176
|
+
|
|
177
|
+
##### #roles
|
|
178
|
+
|
|
179
|
+
ActiveRecord has_may Association with `Strongbolt::Role` through `Strongbolt::UserGroup`
|
|
180
|
+
|
|
181
|
+
##### #{tenants}
|
|
182
|
+
|
|
183
|
+
ActiveRecord has_may Association with the tenant model. The name is the pluralized version of the tenant model name. Example: `User.clients`
|
|
184
|
+
|
|
185
|
+
##### #accessible_{tenants}
|
|
186
|
+
|
|
187
|
+
Method returning all tenants of the type the user has access to. Example: `User.accessible_clients`
|
|
188
|
+
|
|
189
|
+
|
|
115
190
|
### Tenants
|
|
116
191
|
|
|
117
192
|
Strongbolt allows the utilization of _tenants_. Tenants are vertical scopes within your application.
|
|
@@ -9,6 +9,9 @@ module Strongbolt
|
|
|
9
9
|
|
|
10
10
|
@user_group.users << @user unless @user_group.users.include?(@user)
|
|
11
11
|
|
|
12
|
+
redirect_to request.referrer || user_group_path(@user_group)
|
|
13
|
+
rescue ActiveRecord::RecordNotUnique
|
|
14
|
+
# user was already in the group, just ignoring this
|
|
12
15
|
redirect_to request.referrer || user_group_path(@user_group)
|
|
13
16
|
end
|
|
14
17
|
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
require "strongbolt/generators/migration"
|
|
2
|
+
|
|
3
|
+
module Strongbolt
|
|
4
|
+
module Generators
|
|
5
|
+
#
|
|
6
|
+
# Creates a migration to fix a has many through with users tenants problem
|
|
7
|
+
#
|
|
8
|
+
class FixUniqueGroupMembersGenerator < Rails::Generators::Base
|
|
9
|
+
include Strongbolt::Generators::Migration
|
|
10
|
+
|
|
11
|
+
source_root File.expand_path('../templates', __FILE__)
|
|
12
|
+
|
|
13
|
+
def copy_fix
|
|
14
|
+
copy_migration "fix_unique_group_members", "fix_unique_group_members"
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -68,6 +68,8 @@ class CreateStrongboltTables < ActiveRecord::Migration
|
|
|
68
68
|
add_index :strongbolt_users_tenants, :tenant_id
|
|
69
69
|
add_index :strongbolt_users_tenants, :type
|
|
70
70
|
add_index :strongbolt_users_tenants, [:tenant_id, :type]
|
|
71
|
+
|
|
72
|
+
add_index :strongbolt_user_groups_users, [:user_group_id, :user_id], unique: true, name: :index_strongbolt_user_groups_users_unique
|
|
71
73
|
end
|
|
72
74
|
end
|
|
73
75
|
|
data/lib/strongbolt.rb
CHANGED
|
@@ -104,16 +104,6 @@ module Strongbolt
|
|
|
104
104
|
Grant::User.current_user = user unless Grant::User.current_user == user
|
|
105
105
|
end
|
|
106
106
|
|
|
107
|
-
#
|
|
108
|
-
# Ensures the user instance given is a valid user for that configuration
|
|
109
|
-
# It checks whether the class or the base_class (in case of STI) of the instance class
|
|
110
|
-
# has been configured as the user model
|
|
111
|
-
#
|
|
112
|
-
def self.valid_user? user
|
|
113
|
-
user.class.name == Strongbolt::Configuration.user_class ||
|
|
114
|
-
user.class.base_class.name == Strongbolt::Configuration.user_class
|
|
115
|
-
end
|
|
116
|
-
|
|
117
107
|
#
|
|
118
108
|
# Setting up Strongbolt
|
|
119
109
|
#
|
|
@@ -180,6 +170,17 @@ Error message:
|
|
|
180
170
|
! enabled?
|
|
181
171
|
end
|
|
182
172
|
|
|
173
|
+
#
|
|
174
|
+
# Ensures the user instance given is a valid user for that configuration
|
|
175
|
+
# It checks whether the class or the base_class (in case of STI) of the instance class
|
|
176
|
+
# has been configured as the user model
|
|
177
|
+
#
|
|
178
|
+
def self.valid_user? user
|
|
179
|
+
user.class.name == Strongbolt::Configuration.user_class ||
|
|
180
|
+
user.class.base_class.name == Strongbolt::Configuration.user_class
|
|
181
|
+
end
|
|
182
|
+
private_class_method :valid_user?
|
|
183
|
+
|
|
183
184
|
# Include helpers in the given scope to AC and AV.
|
|
184
185
|
def self.include_helpers(scope)
|
|
185
186
|
ActiveSupport.on_load(:action_controller) do
|
|
@@ -191,10 +192,11 @@ Error message:
|
|
|
191
192
|
end
|
|
192
193
|
end
|
|
193
194
|
|
|
194
|
-
# Not to use directly
|
|
195
|
+
# Not to use directly, only used in tests
|
|
195
196
|
def self.tenants= tenants
|
|
196
197
|
@@tenants = tenants
|
|
197
198
|
end
|
|
199
|
+
private_class_method :tenants=
|
|
198
200
|
end
|
|
199
201
|
|
|
200
202
|
#
|
data/lib/strongbolt/bolted.rb
CHANGED
|
@@ -17,7 +17,7 @@ module Strongbolt
|
|
|
17
17
|
|
|
18
18
|
#
|
|
19
19
|
# Not secure if Grant is disabled, there's no current user
|
|
20
|
-
# or if we're using Rails console
|
|
20
|
+
# or if we're using Rails console
|
|
21
21
|
#
|
|
22
22
|
def unbolted?
|
|
23
23
|
Grant::Status.grant_disabled? || (defined?(Rails) && defined?(Rails.console)) ||
|
|
@@ -29,20 +29,7 @@ module Strongbolt
|
|
|
29
29
|
# relationship with the user class
|
|
30
30
|
#
|
|
31
31
|
def owned?
|
|
32
|
-
@owned ||=
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
#
|
|
36
|
-
# Returns the association to the user, if present
|
|
37
|
-
#
|
|
38
|
-
def owner_association
|
|
39
|
-
@owner_association ||= reflect_on_all_associations(:belongs_to).select do |assoc|
|
|
40
|
-
unless assoc.options.has_key? :polymorphic
|
|
41
|
-
assoc.klass.name == Configuration.user_class
|
|
42
|
-
else
|
|
43
|
-
false
|
|
44
|
-
end
|
|
45
|
-
end.try(:first)
|
|
32
|
+
@owned ||= self <= Configuration.user_class.constantize || owner_association.present?
|
|
46
33
|
end
|
|
47
34
|
|
|
48
35
|
#
|
|
@@ -51,13 +38,20 @@ module Strongbolt
|
|
|
51
38
|
def owner_attribute
|
|
52
39
|
return unless owned?
|
|
53
40
|
|
|
54
|
-
@owner_attribute ||= if
|
|
41
|
+
@owner_attribute ||= if self <= Configuration.user_class.constantize
|
|
55
42
|
:id
|
|
56
43
|
else
|
|
57
44
|
owner_association.foreign_key.to_sym
|
|
58
45
|
end
|
|
59
46
|
end
|
|
60
47
|
|
|
48
|
+
#
|
|
49
|
+
# Authorize as another model
|
|
50
|
+
#
|
|
51
|
+
def authorize_as model_name
|
|
52
|
+
@name_for_authorization = model_name
|
|
53
|
+
end
|
|
54
|
+
|
|
61
55
|
#
|
|
62
56
|
# Returns the model name for authorization
|
|
63
57
|
#
|
|
@@ -65,11 +59,19 @@ module Strongbolt
|
|
|
65
59
|
@name_for_authorization ||= self.name
|
|
66
60
|
end
|
|
67
61
|
|
|
62
|
+
private
|
|
63
|
+
|
|
68
64
|
#
|
|
69
|
-
#
|
|
65
|
+
# Returns the association to the user, if present
|
|
70
66
|
#
|
|
71
|
-
def
|
|
72
|
-
@
|
|
67
|
+
def owner_association
|
|
68
|
+
@owner_association ||= reflect_on_all_associations(:belongs_to).select do |assoc|
|
|
69
|
+
unless assoc.options.has_key? :polymorphic
|
|
70
|
+
assoc.klass <= Configuration.user_class.constantize
|
|
71
|
+
else
|
|
72
|
+
false
|
|
73
|
+
end
|
|
74
|
+
end.try(:first)
|
|
73
75
|
end
|
|
74
76
|
|
|
75
77
|
end
|
|
@@ -4,6 +4,8 @@ module Strongbolt
|
|
|
4
4
|
|
|
5
5
|
def tenant?() (@tenant.present? && @tenant) || Strongbolt.tenants.include?(name); end
|
|
6
6
|
|
|
7
|
+
private
|
|
8
|
+
|
|
7
9
|
#
|
|
8
10
|
# Returns associations potential name
|
|
9
11
|
#
|
|
@@ -14,8 +16,6 @@ module Strongbolt
|
|
|
14
16
|
@plural_association_name ||= self.name.demodulize.underscore.pluralize.to_sym
|
|
15
17
|
end
|
|
16
18
|
|
|
17
|
-
private
|
|
18
|
-
|
|
19
19
|
#
|
|
20
20
|
# Specifies that the class can be tenanted
|
|
21
21
|
# It will traverse all the has_many relationships
|
|
@@ -52,10 +52,10 @@ module Strongbolt
|
|
|
52
52
|
# Determine the model name and the actual model (if we need to traverse the hierarchy)
|
|
53
53
|
if instance.is_a?(ActiveRecord::Base)
|
|
54
54
|
model = instance.class
|
|
55
|
-
model_name = model.name_for_authorization
|
|
55
|
+
model_name = model.send(:name_for_authorization)
|
|
56
56
|
elsif instance.is_a?(Class)
|
|
57
57
|
model = instance
|
|
58
|
-
model_name = model.name_for_authorization
|
|
58
|
+
model_name = model.send(:name_for_authorization)
|
|
59
59
|
else
|
|
60
60
|
model = nil # We could do model_name.constantize, but there's a big cost to doing this
|
|
61
61
|
# if we don't need it, so just defer until we determine there's an actual need
|
|
@@ -87,6 +87,7 @@ module Strongbolt
|
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
|
|
90
|
+
private
|
|
90
91
|
|
|
91
92
|
#
|
|
92
93
|
# Populate the capabilities cache
|
|
@@ -144,7 +145,6 @@ module Strongbolt
|
|
|
144
145
|
|
|
145
146
|
|
|
146
147
|
|
|
147
|
-
|
|
148
148
|
#----------------------------------------------------------#
|
|
149
149
|
# #
|
|
150
150
|
# Checks if the user can perform 'action' on 'instance' #
|
|
@@ -228,14 +228,14 @@ module Strongbolt
|
|
|
228
228
|
begin
|
|
229
229
|
if instance.class == tenant
|
|
230
230
|
tenant_ids = [instance.id]
|
|
231
|
-
elsif instance.respond_to?(tenant.singular_association_name)
|
|
232
|
-
if instance.send(tenant.singular_association_name).present?
|
|
233
|
-
tenant_ids = [instance.send(tenant.singular_association_name).id]
|
|
231
|
+
elsif instance.respond_to?(tenant.send(:singular_association_name))
|
|
232
|
+
if instance.send(tenant.send(:singular_association_name)).present?
|
|
233
|
+
tenant_ids = [instance.send(tenant.send(:singular_association_name)).id]
|
|
234
234
|
else
|
|
235
235
|
tenant_ids = []
|
|
236
236
|
end
|
|
237
|
-
elsif instance.respond_to?(tenant.plural_association_name)
|
|
238
|
-
tenant_ids = instance.send("#{tenant.singular_association_name}_ids")
|
|
237
|
+
elsif instance.respond_to?(tenant.send(:plural_association_name))
|
|
238
|
+
tenant_ids = instance.send("#{tenant.send(:singular_association_name)}_ids")
|
|
239
239
|
else
|
|
240
240
|
next result
|
|
241
241
|
end
|
|
@@ -260,7 +260,7 @@ module Strongbolt
|
|
|
260
260
|
@tenants_cache = {}
|
|
261
261
|
# Go over each tenants
|
|
262
262
|
Strongbolt.tenants.each do |tenant|
|
|
263
|
-
@tenants_cache[tenant.name] = send("accessible_#{tenant.plural_association_name}").pluck(:id)
|
|
263
|
+
@tenants_cache[tenant.name] = send("accessible_#{tenant.send(:plural_association_name)}").pluck(:id)
|
|
264
264
|
Strongbolt.logger.debug "#{@tenants_cache[tenant.name].size} #{tenant.name}"
|
|
265
265
|
end
|
|
266
266
|
end
|
data/lib/strongbolt/version.rb
CHANGED
|
Binary file
|
data/spec/dummy/db/schema.rb
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
#
|
|
12
12
|
# It's strongly recommended that you check this file into your version control system.
|
|
13
13
|
|
|
14
|
-
ActiveRecord::Schema.define(version:
|
|
14
|
+
ActiveRecord::Schema.define(version: 20160531110509) do
|
|
15
15
|
|
|
16
16
|
create_table "strongbolt_capabilities", force: true do |t|
|
|
17
17
|
t.string "name"
|
|
@@ -67,6 +67,7 @@ ActiveRecord::Schema.define(version: 20150630212251) do
|
|
|
67
67
|
t.integer "user_id"
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
+
add_index "strongbolt_user_groups_users", ["user_group_id", "user_id"], name: "index_strongbolt_user_groups_users_unique", unique: true
|
|
70
71
|
add_index "strongbolt_user_groups_users", ["user_group_id"], name: "index_strongbolt_user_groups_users_on_user_group_id"
|
|
71
72
|
add_index "strongbolt_user_groups_users", ["user_id"], name: "index_strongbolt_user_groups_users_on_user_id"
|
|
72
73
|
|
data/spec/dummy/db/test.sqlite3
CHANGED
|
Binary file
|
|
@@ -3,7 +3,7 @@ require "spec_helper"
|
|
|
3
3
|
module Strongbolt
|
|
4
4
|
|
|
5
5
|
describe Bolted do
|
|
6
|
-
|
|
6
|
+
|
|
7
7
|
#
|
|
8
8
|
# Bolted?
|
|
9
9
|
#
|
|
@@ -67,7 +67,7 @@ module Strongbolt
|
|
|
67
67
|
expect(User.owner_attribute).to eq :id
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
|
-
|
|
70
|
+
|
|
71
71
|
context 'when model is ownable' do
|
|
72
72
|
|
|
73
73
|
before do
|
|
@@ -91,11 +91,11 @@ module Strongbolt
|
|
|
91
91
|
it "should have the right owner attribute" do
|
|
92
92
|
expect(OwnedModel.owner_attribute).to eq :user_id
|
|
93
93
|
end
|
|
94
|
-
|
|
94
|
+
|
|
95
95
|
end
|
|
96
|
-
|
|
96
|
+
|
|
97
97
|
context 'when model isnt ownable' do
|
|
98
|
-
|
|
98
|
+
|
|
99
99
|
it "should be true" do
|
|
100
100
|
expect(UnownedModel).not_to be_owned
|
|
101
101
|
end
|
|
@@ -105,7 +105,7 @@ module Strongbolt
|
|
|
105
105
|
UnownedModel.new.strongbolt_owner_id
|
|
106
106
|
end.to raise_error ModelNotOwned
|
|
107
107
|
end
|
|
108
|
-
|
|
108
|
+
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
end
|
|
@@ -115,7 +115,7 @@ module Strongbolt
|
|
|
115
115
|
#
|
|
116
116
|
describe 'name_for_authorization' do
|
|
117
117
|
it "should default to model name" do
|
|
118
|
-
expect(Model.name_for_authorization).to eq "Model"
|
|
118
|
+
expect(Model.send(:name_for_authorization)).to eq "Model"
|
|
119
119
|
end
|
|
120
120
|
end
|
|
121
121
|
|
|
@@ -123,14 +123,14 @@ module Strongbolt
|
|
|
123
123
|
# Authorize as
|
|
124
124
|
#
|
|
125
125
|
describe 'authorize_as' do
|
|
126
|
-
|
|
126
|
+
|
|
127
127
|
before { Model.authorize_as "ParentModel" }
|
|
128
128
|
after { Model.authorize_as nil }
|
|
129
129
|
|
|
130
130
|
it "should have changed name for authorization" do
|
|
131
|
-
expect(Model.name_for_authorization).to eq "ParentModel"
|
|
131
|
+
expect(Model.send(:name_for_authorization)).to eq "ParentModel"
|
|
132
132
|
end
|
|
133
133
|
|
|
134
134
|
end
|
|
135
135
|
|
|
136
|
-
end
|
|
136
|
+
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Strongbolt::Tenantable do
|
|
4
|
-
|
|
4
|
+
|
|
5
5
|
it "should have been included in ActiveRecord::Base" do
|
|
6
6
|
expect(ActiveRecord::Base.included_modules).to include Strongbolt::Tenantable
|
|
7
7
|
end
|
|
@@ -109,7 +109,7 @@ describe Strongbolt::Tenantable do
|
|
|
109
109
|
self.table_name = "child_models"
|
|
110
110
|
|
|
111
111
|
belongs_to :other_child_model, foreign_key: :model_id
|
|
112
|
-
end
|
|
112
|
+
end
|
|
113
113
|
|
|
114
114
|
#
|
|
115
115
|
# Cousin of second degree child
|
|
@@ -119,7 +119,7 @@ describe Strongbolt::Tenantable do
|
|
|
119
119
|
|
|
120
120
|
belongs_to :model, polymorphic: true
|
|
121
121
|
has_one :unowned_model, foreign_key: :model_id
|
|
122
|
-
end
|
|
122
|
+
end
|
|
123
123
|
|
|
124
124
|
#
|
|
125
125
|
# Top level model, parent of Tenant Model
|
|
@@ -202,9 +202,9 @@ describe Strongbolt::Tenantable do
|
|
|
202
202
|
#
|
|
203
203
|
# When an association lacks an inverse (none configured and none found)
|
|
204
204
|
#
|
|
205
|
-
|
|
205
|
+
|
|
206
206
|
context "when an association lacks an inverse" do
|
|
207
|
-
|
|
207
|
+
|
|
208
208
|
before(:all) do
|
|
209
209
|
#
|
|
210
210
|
# Tenant Model
|
|
@@ -242,9 +242,9 @@ describe Strongbolt::Tenantable do
|
|
|
242
242
|
#
|
|
243
243
|
# When a direct association lacks a reference to the tenant
|
|
244
244
|
#
|
|
245
|
-
|
|
245
|
+
|
|
246
246
|
context "when an association lacks an inverse" do
|
|
247
|
-
|
|
247
|
+
|
|
248
248
|
before(:all) do
|
|
249
249
|
#
|
|
250
250
|
# Tenant Model
|
|
@@ -76,7 +76,7 @@ describe Strongbolt::UserAbilities do
|
|
|
76
76
|
@other_tenant_model = TenantModel.create!
|
|
77
77
|
# Add to the user
|
|
78
78
|
user.add_tenant @tenant_model
|
|
79
|
-
|
|
79
|
+
|
|
80
80
|
# Another user
|
|
81
81
|
@other_user = User.create!
|
|
82
82
|
# A owned model, owned
|
|
@@ -123,7 +123,7 @@ describe Strongbolt::UserAbilities do
|
|
|
123
123
|
# But can create setting only the attribute name
|
|
124
124
|
@role.capabilities.create! model: "UnownedModel", action: "create", attr: "name",
|
|
125
125
|
:require_tenant_access => false
|
|
126
|
-
|
|
126
|
+
|
|
127
127
|
# Admin can do whatever
|
|
128
128
|
@other_role.capabilities.create! model: "UnownedModel", action: "create"
|
|
129
129
|
end
|
|
@@ -135,7 +135,7 @@ describe Strongbolt::UserAbilities do
|
|
|
135
135
|
# Adding a tenant to the user
|
|
136
136
|
#
|
|
137
137
|
describe "add_tenant" do
|
|
138
|
-
|
|
138
|
+
|
|
139
139
|
context 'when instance is from a tenant' do
|
|
140
140
|
let(:model) { TenantModel.create! }
|
|
141
141
|
|
|
@@ -172,38 +172,38 @@ describe Strongbolt::UserAbilities do
|
|
|
172
172
|
before { create_fixtures }
|
|
173
173
|
|
|
174
174
|
context "when same tenant" do
|
|
175
|
-
|
|
175
|
+
|
|
176
176
|
it "should be true when model is tenant" do
|
|
177
|
-
expect(user.has_access_to_tenants
|
|
177
|
+
expect(user.send :has_access_to_tenants?, @tenant_model).to eq true
|
|
178
178
|
end
|
|
179
179
|
|
|
180
180
|
it "should be true when model is first child" do
|
|
181
|
-
expect(user.has_access_to_tenants
|
|
181
|
+
expect(user.send :has_access_to_tenants?, @unowned_model).to eq true
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
it "should be true when grand child" do
|
|
185
|
-
expect(user.has_access_to_tenants
|
|
185
|
+
expect(user.send :has_access_to_tenants?, @child_model).to eq true
|
|
186
186
|
end
|
|
187
187
|
|
|
188
188
|
it "should be true for a user defined association" do
|
|
189
|
-
expect(user.has_access_to_tenants
|
|
189
|
+
expect(user.send :has_access_to_tenants?, @linked_to_tenant).to eq true
|
|
190
190
|
end
|
|
191
191
|
|
|
192
192
|
end
|
|
193
193
|
|
|
194
194
|
context "when different tenant" do
|
|
195
195
|
it "should be false when model is tenant" do
|
|
196
|
-
expect(user.has_access_to_tenants
|
|
196
|
+
expect(user.send :has_access_to_tenants?, @other_tenant_model).to eq false
|
|
197
197
|
end
|
|
198
198
|
|
|
199
199
|
it "should be false when model is first child" do
|
|
200
|
-
expect(user.has_access_to_tenants
|
|
200
|
+
expect(user.send :has_access_to_tenants?, @unmanaged_model).to eq false
|
|
201
201
|
end
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
context "when model doesn't have link to tenant" do
|
|
205
205
|
it "should return true" do
|
|
206
|
-
expect(user.has_access_to_tenants
|
|
206
|
+
expect(user.send :has_access_to_tenants?, @model).to eq true
|
|
207
207
|
end
|
|
208
208
|
end
|
|
209
209
|
end
|
|
@@ -214,7 +214,7 @@ describe Strongbolt::UserAbilities do
|
|
|
214
214
|
# All Capabilities
|
|
215
215
|
#
|
|
216
216
|
describe 'capabilities' do
|
|
217
|
-
|
|
217
|
+
|
|
218
218
|
before { create_fixtures }
|
|
219
219
|
|
|
220
220
|
let(:capabilities) { user.capabilities }
|
|
@@ -233,11 +233,11 @@ describe Strongbolt::UserAbilities do
|
|
|
233
233
|
#
|
|
234
234
|
|
|
235
235
|
describe "can?" do
|
|
236
|
-
|
|
236
|
+
|
|
237
237
|
before { create_fixtures }
|
|
238
238
|
|
|
239
239
|
describe "creating an owned model" do
|
|
240
|
-
|
|
240
|
+
|
|
241
241
|
context "when authorized" do
|
|
242
242
|
let(:tenant_model) { TenantModel.create! }
|
|
243
243
|
|
|
@@ -284,7 +284,7 @@ describe Strongbolt::UserAbilities do
|
|
|
284
284
|
]
|
|
285
285
|
end
|
|
286
286
|
end
|
|
287
|
-
after do
|
|
287
|
+
after do
|
|
288
288
|
Strongbolt.setup do |config|
|
|
289
289
|
config.default_capabilities = []
|
|
290
290
|
end
|
|
@@ -320,7 +320,7 @@ describe Strongbolt::UserAbilities do
|
|
|
320
320
|
end # Updating an owned model
|
|
321
321
|
|
|
322
322
|
describe "creating a model with attribute restriction" do
|
|
323
|
-
|
|
323
|
+
|
|
324
324
|
context "when requiring all attributes" do
|
|
325
325
|
it "should return false" do
|
|
326
326
|
expect(user.can? :create, UnownedModel, :all).to eq false
|
|
@@ -392,13 +392,13 @@ describe Strongbolt::UserAbilities do
|
|
|
392
392
|
#
|
|
393
393
|
|
|
394
394
|
describe "Populate Capabilities Cache" do
|
|
395
|
-
|
|
395
|
+
|
|
396
396
|
#
|
|
397
397
|
# We create some fixtures for the population of cache to be tested
|
|
398
398
|
#
|
|
399
399
|
before { create_fixtures }
|
|
400
400
|
|
|
401
|
-
let(:cache) { user.populate_capabilities_cache }
|
|
401
|
+
let(:cache) { user.send(:populate_capabilities_cache) }
|
|
402
402
|
|
|
403
403
|
subject { cache }
|
|
404
404
|
|
|
@@ -430,14 +430,14 @@ describe Strongbolt::UserAbilities do
|
|
|
430
430
|
# OWNS?
|
|
431
431
|
#
|
|
432
432
|
describe "owns?" do
|
|
433
|
-
|
|
433
|
+
|
|
434
434
|
#
|
|
435
435
|
# Another user
|
|
436
436
|
#
|
|
437
437
|
context "when testing against a user" do
|
|
438
438
|
|
|
439
439
|
context 'when other user' do
|
|
440
|
-
|
|
440
|
+
|
|
441
441
|
let(:other_user) { User.create! }
|
|
442
442
|
|
|
443
443
|
it "should not own it" do
|
|
@@ -459,7 +459,7 @@ describe Strongbolt::UserAbilities do
|
|
|
459
459
|
# Another object
|
|
460
460
|
#
|
|
461
461
|
context "when testing against another model having user_id" do
|
|
462
|
-
|
|
462
|
+
|
|
463
463
|
context "when owning it" do
|
|
464
464
|
let(:model) { Model.create! user_id: user.id }
|
|
465
465
|
|
|
@@ -467,7 +467,7 @@ describe Strongbolt::UserAbilities do
|
|
|
467
467
|
expect(user.owns? model).to eq true
|
|
468
468
|
end
|
|
469
469
|
end
|
|
470
|
-
|
|
470
|
+
|
|
471
471
|
context "when not owning it" do
|
|
472
472
|
let(:model) { Model.create! user_id: 0 }
|
|
473
473
|
|
|
@@ -485,7 +485,7 @@ describe Strongbolt::UserAbilities do
|
|
|
485
485
|
# Another object unowned
|
|
486
486
|
#
|
|
487
487
|
context "when testing against a model not having user id" do
|
|
488
|
-
|
|
488
|
+
|
|
489
489
|
let(:model) { UnownedModel.create! }
|
|
490
490
|
|
|
491
491
|
it "should not own it" do
|
|
@@ -506,4 +506,4 @@ describe Strongbolt::UserAbilities do
|
|
|
506
506
|
end
|
|
507
507
|
end
|
|
508
508
|
|
|
509
|
-
end
|
|
509
|
+
end
|
data/spec/support/db_setup.rb
CHANGED
|
@@ -123,6 +123,8 @@ class TestsMigrations < ActiveRecord::Migration
|
|
|
123
123
|
add_index :strongbolt_users_tenants, :tenant_id
|
|
124
124
|
add_index :strongbolt_users_tenants, :type
|
|
125
125
|
add_index :strongbolt_users_tenants, [:tenant_id, :type]
|
|
126
|
+
|
|
127
|
+
add_index :strongbolt_user_groups_users, [:user_group_id, :user_id], unique: true, name: :index_strongbolt_user_groups_users_unique
|
|
126
128
|
end
|
|
127
129
|
end
|
|
128
130
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strongbolt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Césaré-Herriau
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-05-
|
|
12
|
+
date: 2016-05-31 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: awesome_nested_set
|
|
@@ -208,9 +208,11 @@ files:
|
|
|
208
208
|
- app/views/strongbolt/user_groups/new.html.erb
|
|
209
209
|
- app/views/strongbolt/user_groups/show.html.erb
|
|
210
210
|
- lib/generators/strongbolt/fix_generator.rb
|
|
211
|
+
- lib/generators/strongbolt/fix_unique_group_members_generator.rb
|
|
211
212
|
- lib/generators/strongbolt/indexes_generator.rb
|
|
212
213
|
- lib/generators/strongbolt/install_generator.rb
|
|
213
214
|
- lib/generators/strongbolt/templates/fix.rb
|
|
215
|
+
- lib/generators/strongbolt/templates/fix_unique_group_members.rb
|
|
214
216
|
- lib/generators/strongbolt/templates/indexes.rb
|
|
215
217
|
- lib/generators/strongbolt/templates/migration.rb
|
|
216
218
|
- lib/generators/strongbolt/templates/strongbolt.rb
|
|
@@ -286,6 +288,7 @@ files:
|
|
|
286
288
|
- spec/dummy/db/development.sqlite3
|
|
287
289
|
- spec/dummy/db/migrate/20150630212236_create_strongbolt_tables.rb
|
|
288
290
|
- spec/dummy/db/migrate/20150630212251_create_strongbolt_tables_indexes.rb
|
|
291
|
+
- spec/dummy/db/migrate/20160531110509_fix_unique_group_members.rb
|
|
289
292
|
- spec/dummy/db/schema.rb
|
|
290
293
|
- spec/dummy/db/test.sqlite3
|
|
291
294
|
- spec/dummy/lib/assets/.keep
|
|
@@ -389,6 +392,7 @@ test_files:
|
|
|
389
392
|
- spec/dummy/db/development.sqlite3
|
|
390
393
|
- spec/dummy/db/migrate/20150630212236_create_strongbolt_tables.rb
|
|
391
394
|
- spec/dummy/db/migrate/20150630212251_create_strongbolt_tables_indexes.rb
|
|
395
|
+
- spec/dummy/db/migrate/20160531110509_fix_unique_group_members.rb
|
|
392
396
|
- spec/dummy/db/schema.rb
|
|
393
397
|
- spec/dummy/db/test.sqlite3
|
|
394
398
|
- spec/dummy/lib/assets/.keep
|