strongbolt 0.3.9 → 0.3.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -1
- data/lib/generators/strongbolt/fix_unique_group_members_generator.rb +2 -1
- data/lib/strongbolt/user_abilities.rb +12 -6
- data/lib/strongbolt/version.rb +1 -1
- data/spec/spec_helper.rb +9 -0
- data/spec/strongbolt/user_abilities_multiple_tenants_spec.rb +93 -0
- data/spec/support/db_setup.rb +20 -0
- data/strongbolt.gemspec +1 -0
- metadata +18 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cae9f523b7f4e7e3e8a20d8e1dce761dff86ed09
|
|
4
|
+
data.tar.gz: 5541d8ac7cbf7f88f264c0b516cdbd11a4d297a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 89eecd3ddf5d3c503e154c6405121530d163d40e742bdf3a30fd6a368526377052bfc9223666e70ab03238130e39755ff177cace84790e4a8c5da8343abdc526
|
|
7
|
+
data.tar.gz: 57ad08612046396dc58ed27161ee3525afe978cad2cf800f228e94f28aa14e96923da2525f292a871994c3171da65f057c36c42b5bae8cd2efba4027c38365b1
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
strongbolt (0.3.
|
|
4
|
+
strongbolt (0.3.9)
|
|
5
5
|
awesome_nested_set (~> 3.0.0)
|
|
6
6
|
grant (~> 3.0)
|
|
7
7
|
simple_form (~> 3.0)
|
|
@@ -40,6 +40,7 @@ GEM
|
|
|
40
40
|
activerecord (>= 4.0.0, < 5)
|
|
41
41
|
builder (3.2.2)
|
|
42
42
|
concurrent-ruby (1.0.2)
|
|
43
|
+
database_cleaner (1.5.3)
|
|
43
44
|
diff-lcs (1.2.5)
|
|
44
45
|
erubis (2.7.0)
|
|
45
46
|
fabrication (2.15.2)
|
|
@@ -119,6 +120,7 @@ PLATFORMS
|
|
|
119
120
|
|
|
120
121
|
DEPENDENCIES
|
|
121
122
|
bundler (> 1.7.0)
|
|
123
|
+
database_cleaner
|
|
122
124
|
fabrication
|
|
123
125
|
fuubar
|
|
124
126
|
rails (~> 4.1.0)
|
|
@@ -3,7 +3,8 @@ require "strongbolt/generators/migration"
|
|
|
3
3
|
module Strongbolt
|
|
4
4
|
module Generators
|
|
5
5
|
#
|
|
6
|
-
# Creates a migration to
|
|
6
|
+
# Creates a migration to add an unique index to user_groups_users,
|
|
7
|
+
# so that a user can only exist once in a group.
|
|
7
8
|
#
|
|
8
9
|
class FixUniqueGroupMembersGenerator < Rails::Generators::Base
|
|
9
10
|
include Strongbolt::Generators::Migration
|
|
@@ -121,10 +121,10 @@ module Strongbolt
|
|
|
121
121
|
@results_cache["#{k}#{attr_k}-#{user_id}"] = true
|
|
122
122
|
@results_cache["#{k}any-#{user_id}"] = true
|
|
123
123
|
else
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
124
|
+
# On the other hand, it doesn't make sense to pre-populate the valid
|
|
125
|
+
# IDs for the models with a lot of instances when we probably are never
|
|
126
|
+
# going to need to know this. Instead, adding 'owned' is a hint to actually look
|
|
127
|
+
# up later if we own a particular geography.
|
|
128
128
|
@results_cache["#{k}#{attr_k}-owned"] = true
|
|
129
129
|
@results_cache["#{k}any-owned"] = true
|
|
130
130
|
end
|
|
@@ -216,6 +216,8 @@ module Strongbolt
|
|
|
216
216
|
#
|
|
217
217
|
# Checks if the instance given fulfills tenant management rules
|
|
218
218
|
#
|
|
219
|
+
# returns true even if instance has no relationship to any tenant
|
|
220
|
+
#
|
|
219
221
|
def has_access_to_tenants? instance, tenants = nil
|
|
220
222
|
# If no tenants list given, we take all
|
|
221
223
|
tenants ||= Strongbolt.tenants
|
|
@@ -224,7 +226,8 @@ module Strongbolt
|
|
|
224
226
|
|
|
225
227
|
# Go over each tenants and check if we access to at least one of the tenant
|
|
226
228
|
# models linked to it
|
|
227
|
-
|
|
229
|
+
found_any_tenant_relationship = false
|
|
230
|
+
has_access_to_any_tenant = tenants.inject(false) do |result, tenant|
|
|
228
231
|
begin
|
|
229
232
|
if instance.class == tenant
|
|
230
233
|
tenant_ids = [instance.id]
|
|
@@ -245,8 +248,11 @@ module Strongbolt
|
|
|
245
248
|
rescue ActiveModel::MissingAttributeError
|
|
246
249
|
tenant_ids = []
|
|
247
250
|
end
|
|
248
|
-
|
|
251
|
+
found_any_tenant_relationship = true unless tenant_ids.empty?
|
|
252
|
+
has_access_to_current_tenant = (tenant_ids.size > 0 && (@tenants_cache[tenant.name] & tenant_ids).present?)
|
|
253
|
+
result || has_access_to_current_tenant
|
|
249
254
|
end
|
|
255
|
+
has_access_to_any_tenant || !found_any_tenant_relationship
|
|
250
256
|
end
|
|
251
257
|
|
|
252
258
|
#
|
data/lib/strongbolt/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
|
@@ -36,6 +36,7 @@ require 'shoulda/matchers'
|
|
|
36
36
|
|
|
37
37
|
require 'rspec/rails'
|
|
38
38
|
require 'fabrication'
|
|
39
|
+
require 'database_cleaner'
|
|
39
40
|
|
|
40
41
|
# Requires supporting files with custom matchers and macros, etc,
|
|
41
42
|
# in ./support/ and its subdirectories.
|
|
@@ -74,6 +75,14 @@ RSpec.configure do |config|
|
|
|
74
75
|
config.before(:suite) do
|
|
75
76
|
TestsMigrations.new.migrate :up
|
|
76
77
|
User.send :include, Strongbolt::UserAbilities
|
|
78
|
+
DatabaseCleaner.clean_with :truncation
|
|
79
|
+
DatabaseCleaner.strategy = :transaction
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
config.around(:each) do |spec|
|
|
83
|
+
DatabaseCleaner.start
|
|
84
|
+
spec.run
|
|
85
|
+
DatabaseCleaner.clean
|
|
77
86
|
end
|
|
78
87
|
|
|
79
88
|
config.after(:suite) do
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
require "spec_helper"
|
|
2
|
+
|
|
3
|
+
describe Strongbolt::UserAbilities do
|
|
4
|
+
|
|
5
|
+
before(:all) do
|
|
6
|
+
define_model "TenantA" do
|
|
7
|
+
self.table_name = "tenant_a"
|
|
8
|
+
|
|
9
|
+
has_many :model_with_tenant
|
|
10
|
+
end
|
|
11
|
+
define_model "TenantB" do
|
|
12
|
+
self.table_name = "tenant_b"
|
|
13
|
+
|
|
14
|
+
has_many :model_with_tenant
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
define_model "ModelWithTenant" do
|
|
18
|
+
self.table_name = "model_with_tenants"
|
|
19
|
+
|
|
20
|
+
belongs_to :tenant_a
|
|
21
|
+
belongs_to :tenant_b
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
Strongbolt::Configuration.add_tenant TenantA
|
|
25
|
+
Strongbolt::Configuration.add_tenant TenantB
|
|
26
|
+
end
|
|
27
|
+
after(:all) do
|
|
28
|
+
undefine_model TenantA
|
|
29
|
+
undefine_model TenantB
|
|
30
|
+
Strongbolt::Configuration.tenants = []
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
#
|
|
35
|
+
# Creates some fixtures for the tests here
|
|
36
|
+
#
|
|
37
|
+
def create_fixtures
|
|
38
|
+
@user1 = User.create!
|
|
39
|
+
@user2 = User.create!
|
|
40
|
+
@user3 = User.create!
|
|
41
|
+
|
|
42
|
+
@tenant_a = TenantA.create!
|
|
43
|
+
@tenant_b = TenantB.create!
|
|
44
|
+
@user1.add_tenant @tenant_a
|
|
45
|
+
@user1.add_tenant @tenant_b
|
|
46
|
+
@user2.add_tenant @tenant_a
|
|
47
|
+
@user3.add_tenant @tenant_b
|
|
48
|
+
|
|
49
|
+
@tenanted_model1 = ModelWithTenant.create! tenant_a: @tenant_a, tenant_b: @tenant_b
|
|
50
|
+
@tenanted_model2 = ModelWithTenant.create! tenant_a: @tenant_a
|
|
51
|
+
@tenanted_model3 = ModelWithTenant.create! tenant_b: @tenant_b
|
|
52
|
+
|
|
53
|
+
@group = Strongbolt::UserGroup.create! name: "Normal"
|
|
54
|
+
@group.users << @user1
|
|
55
|
+
@group.users << @user2
|
|
56
|
+
@group.users << @user3
|
|
57
|
+
|
|
58
|
+
@role = @group.roles.create! name: "Normal"
|
|
59
|
+
@role.capabilities.create! model: "User", action: "update", require_ownership: true
|
|
60
|
+
@role.capabilities.create! model: "ModelWithTenant", action: "find", require_tenant_access: true
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
#
|
|
66
|
+
# Has access to tenants?
|
|
67
|
+
#
|
|
68
|
+
describe "has_access_to_tenants?" do
|
|
69
|
+
before { create_fixtures }
|
|
70
|
+
|
|
71
|
+
it "should be true when model is tenant" do
|
|
72
|
+
expect(@user1.send :has_access_to_tenants?, @tenant_a).to eq true
|
|
73
|
+
expect(@user1.send :has_access_to_tenants?, @tenant_b).to eq true
|
|
74
|
+
expect(@user2.send :has_access_to_tenants?, @tenant_a).to eq true
|
|
75
|
+
expect(@user2.send :has_access_to_tenants?, @tenant_b).to eq false
|
|
76
|
+
expect(@user3.send :has_access_to_tenants?, @tenant_a).to eq false
|
|
77
|
+
expect(@user3.send :has_access_to_tenants?, @tenant_b).to eq true
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
it "should be true when model is first child" do
|
|
81
|
+
expect(@user1.send :has_access_to_tenants?, @tenanted_model1).to eq true
|
|
82
|
+
expect(@user1.send :has_access_to_tenants?, @tenanted_model2).to eq true
|
|
83
|
+
expect(@user1.send :has_access_to_tenants?, @tenanted_model3).to eq true
|
|
84
|
+
expect(@user2.send :has_access_to_tenants?, @tenanted_model1).to eq true
|
|
85
|
+
expect(@user2.send :has_access_to_tenants?, @tenanted_model2).to eq true
|
|
86
|
+
expect(@user2.send :has_access_to_tenants?, @tenanted_model3).to eq false
|
|
87
|
+
expect(@user3.send :has_access_to_tenants?, @tenanted_model1).to eq true
|
|
88
|
+
expect(@user3.send :has_access_to_tenants?, @tenanted_model2).to eq false
|
|
89
|
+
expect(@user3.send :has_access_to_tenants?, @tenanted_model3).to eq true
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
end
|
data/spec/support/db_setup.rb
CHANGED
|
@@ -55,6 +55,26 @@ class TestsMigrations < ActiveRecord::Migration
|
|
|
55
55
|
t.integer :child_id
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
+
create_table :tenant_a, :force => true do |t|
|
|
59
|
+
t.string :name
|
|
60
|
+
|
|
61
|
+
t.timestamps
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
create_table :tenant_b, :force => true do |t|
|
|
65
|
+
t.string :name
|
|
66
|
+
|
|
67
|
+
t.timestamps
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
create_table :model_with_tenants, :force => true do |t|
|
|
71
|
+
t.string :name
|
|
72
|
+
t.integer :tenant_a_id
|
|
73
|
+
t.integer :tenant_b_id
|
|
74
|
+
|
|
75
|
+
t.timestamps
|
|
76
|
+
end
|
|
77
|
+
|
|
58
78
|
create_table :strongbolt_capabilities, :force => true do |t|
|
|
59
79
|
t.string :name
|
|
60
80
|
t.string :description
|
data/strongbolt.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strongbolt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Césaré-Herriau
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-
|
|
12
|
+
date: 2016-06-27 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: awesome_nested_set
|
|
@@ -165,6 +165,20 @@ dependencies:
|
|
|
165
165
|
- - ">="
|
|
166
166
|
- !ruby/object:Gem::Version
|
|
167
167
|
version: '0'
|
|
168
|
+
- !ruby/object:Gem::Dependency
|
|
169
|
+
name: database_cleaner
|
|
170
|
+
requirement: !ruby/object:Gem::Requirement
|
|
171
|
+
requirements:
|
|
172
|
+
- - ">="
|
|
173
|
+
- !ruby/object:Gem::Version
|
|
174
|
+
version: '0'
|
|
175
|
+
type: :development
|
|
176
|
+
prerelease: false
|
|
177
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
178
|
+
requirements:
|
|
179
|
+
- - ">="
|
|
180
|
+
- !ruby/object:Gem::Version
|
|
181
|
+
version: '0'
|
|
168
182
|
description: Use model-level authorization with a very granular roles and permissions
|
|
169
183
|
definition.
|
|
170
184
|
email:
|
|
@@ -311,6 +325,7 @@ files:
|
|
|
311
325
|
- spec/strongbolt/helpers_spec.rb
|
|
312
326
|
- spec/strongbolt/role_spec.rb
|
|
313
327
|
- spec/strongbolt/tenantable_spec.rb
|
|
328
|
+
- spec/strongbolt/user_abilities_multiple_tenants_spec.rb
|
|
314
329
|
- spec/strongbolt/user_abilities_spec.rb
|
|
315
330
|
- spec/strongbolt/user_group_spec.rb
|
|
316
331
|
- spec/strongbolt/users_tenant_spec.rb
|
|
@@ -415,6 +430,7 @@ test_files:
|
|
|
415
430
|
- spec/strongbolt/helpers_spec.rb
|
|
416
431
|
- spec/strongbolt/role_spec.rb
|
|
417
432
|
- spec/strongbolt/tenantable_spec.rb
|
|
433
|
+
- spec/strongbolt/user_abilities_multiple_tenants_spec.rb
|
|
418
434
|
- spec/strongbolt/user_abilities_spec.rb
|
|
419
435
|
- spec/strongbolt/user_group_spec.rb
|
|
420
436
|
- spec/strongbolt/users_tenant_spec.rb
|