strongbolt 0.3.9 → 0.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -1
- data/lib/generators/strongbolt/fix_unique_group_members_generator.rb +2 -1
- data/lib/strongbolt/user_abilities.rb +12 -6
- data/lib/strongbolt/version.rb +1 -1
- data/spec/spec_helper.rb +9 -0
- data/spec/strongbolt/user_abilities_multiple_tenants_spec.rb +93 -0
- data/spec/support/db_setup.rb +20 -0
- data/strongbolt.gemspec +1 -0
- metadata +18 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cae9f523b7f4e7e3e8a20d8e1dce761dff86ed09
|
|
4
|
+
data.tar.gz: 5541d8ac7cbf7f88f264c0b516cdbd11a4d297a0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 89eecd3ddf5d3c503e154c6405121530d163d40e742bdf3a30fd6a368526377052bfc9223666e70ab03238130e39755ff177cace84790e4a8c5da8343abdc526
|
|
7
|
+
data.tar.gz: 57ad08612046396dc58ed27161ee3525afe978cad2cf800f228e94f28aa14e96923da2525f292a871994c3171da65f057c36c42b5bae8cd2efba4027c38365b1
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
strongbolt (0.3.
|
|
4
|
+
strongbolt (0.3.9)
|
|
5
5
|
awesome_nested_set (~> 3.0.0)
|
|
6
6
|
grant (~> 3.0)
|
|
7
7
|
simple_form (~> 3.0)
|
|
@@ -40,6 +40,7 @@ GEM
|
|
|
40
40
|
activerecord (>= 4.0.0, < 5)
|
|
41
41
|
builder (3.2.2)
|
|
42
42
|
concurrent-ruby (1.0.2)
|
|
43
|
+
database_cleaner (1.5.3)
|
|
43
44
|
diff-lcs (1.2.5)
|
|
44
45
|
erubis (2.7.0)
|
|
45
46
|
fabrication (2.15.2)
|
|
@@ -119,6 +120,7 @@ PLATFORMS
|
|
|
119
120
|
|
|
120
121
|
DEPENDENCIES
|
|
121
122
|
bundler (> 1.7.0)
|
|
123
|
+
database_cleaner
|
|
122
124
|
fabrication
|
|
123
125
|
fuubar
|
|
124
126
|
rails (~> 4.1.0)
|
|
@@ -3,7 +3,8 @@ require "strongbolt/generators/migration"
|
|
|
3
3
|
module Strongbolt
|
|
4
4
|
module Generators
|
|
5
5
|
#
|
|
6
|
-
# Creates a migration to
|
|
6
|
+
# Creates a migration to add an unique index to user_groups_users,
|
|
7
|
+
# so that a user can only exist once in a group.
|
|
7
8
|
#
|
|
8
9
|
class FixUniqueGroupMembersGenerator < Rails::Generators::Base
|
|
9
10
|
include Strongbolt::Generators::Migration
|
|
@@ -121,10 +121,10 @@ module Strongbolt
|
|
|
121
121
|
@results_cache["#{k}#{attr_k}-#{user_id}"] = true
|
|
122
122
|
@results_cache["#{k}any-#{user_id}"] = true
|
|
123
123
|
else
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
124
|
+
# On the other hand, it doesn't make sense to pre-populate the valid
|
|
125
|
+
# IDs for the models with a lot of instances when we probably are never
|
|
126
|
+
# going to need to know this. Instead, adding 'owned' is a hint to actually look
|
|
127
|
+
# up later if we own a particular geography.
|
|
128
128
|
@results_cache["#{k}#{attr_k}-owned"] = true
|
|
129
129
|
@results_cache["#{k}any-owned"] = true
|
|
130
130
|
end
|
|
@@ -216,6 +216,8 @@ module Strongbolt
|
|
|
216
216
|
#
|
|
217
217
|
# Checks if the instance given fulfills tenant management rules
|
|
218
218
|
#
|
|
219
|
+
# returns true even if instance has no relationship to any tenant
|
|
220
|
+
#
|
|
219
221
|
def has_access_to_tenants? instance, tenants = nil
|
|
220
222
|
# If no tenants list given, we take all
|
|
221
223
|
tenants ||= Strongbolt.tenants
|
|
@@ -224,7 +226,8 @@ module Strongbolt
|
|
|
224
226
|
|
|
225
227
|
# Go over each tenants and check if we access to at least one of the tenant
|
|
226
228
|
# models linked to it
|
|
227
|
-
|
|
229
|
+
found_any_tenant_relationship = false
|
|
230
|
+
has_access_to_any_tenant = tenants.inject(false) do |result, tenant|
|
|
228
231
|
begin
|
|
229
232
|
if instance.class == tenant
|
|
230
233
|
tenant_ids = [instance.id]
|
|
@@ -245,8 +248,11 @@ module Strongbolt
|
|
|
245
248
|
rescue ActiveModel::MissingAttributeError
|
|
246
249
|
tenant_ids = []
|
|
247
250
|
end
|
|
248
|
-
|
|
251
|
+
found_any_tenant_relationship = true unless tenant_ids.empty?
|
|
252
|
+
has_access_to_current_tenant = (tenant_ids.size > 0 && (@tenants_cache[tenant.name] & tenant_ids).present?)
|
|
253
|
+
result || has_access_to_current_tenant
|
|
249
254
|
end
|
|
255
|
+
has_access_to_any_tenant || !found_any_tenant_relationship
|
|
250
256
|
end
|
|
251
257
|
|
|
252
258
|
#
|
data/lib/strongbolt/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
|
@@ -36,6 +36,7 @@ require 'shoulda/matchers'
|
|
|
36
36
|
|
|
37
37
|
require 'rspec/rails'
|
|
38
38
|
require 'fabrication'
|
|
39
|
+
require 'database_cleaner'
|
|
39
40
|
|
|
40
41
|
# Requires supporting files with custom matchers and macros, etc,
|
|
41
42
|
# in ./support/ and its subdirectories.
|
|
@@ -74,6 +75,14 @@ RSpec.configure do |config|
|
|
|
74
75
|
config.before(:suite) do
|
|
75
76
|
TestsMigrations.new.migrate :up
|
|
76
77
|
User.send :include, Strongbolt::UserAbilities
|
|
78
|
+
DatabaseCleaner.clean_with :truncation
|
|
79
|
+
DatabaseCleaner.strategy = :transaction
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
config.around(:each) do |spec|
|
|
83
|
+
DatabaseCleaner.start
|
|
84
|
+
spec.run
|
|
85
|
+
DatabaseCleaner.clean
|
|
77
86
|
end
|
|
78
87
|
|
|
79
88
|
config.after(:suite) do
|
|
@@ -0,0 +1,93 @@
|
|
|
1
|
+
require "spec_helper"
|
|
2
|
+
|
|
3
|
+
describe Strongbolt::UserAbilities do
|
|
4
|
+
|
|
5
|
+
before(:all) do
|
|
6
|
+
define_model "TenantA" do
|
|
7
|
+
self.table_name = "tenant_a"
|
|
8
|
+
|
|
9
|
+
has_many :model_with_tenant
|
|
10
|
+
end
|
|
11
|
+
define_model "TenantB" do
|
|
12
|
+
self.table_name = "tenant_b"
|
|
13
|
+
|
|
14
|
+
has_many :model_with_tenant
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
define_model "ModelWithTenant" do
|
|
18
|
+
self.table_name = "model_with_tenants"
|
|
19
|
+
|
|
20
|
+
belongs_to :tenant_a
|
|
21
|
+
belongs_to :tenant_b
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
Strongbolt::Configuration.add_tenant TenantA
|
|
25
|
+
Strongbolt::Configuration.add_tenant TenantB
|
|
26
|
+
end
|
|
27
|
+
after(:all) do
|
|
28
|
+
undefine_model TenantA
|
|
29
|
+
undefine_model TenantB
|
|
30
|
+
Strongbolt::Configuration.tenants = []
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
|
|
34
|
+
#
|
|
35
|
+
# Creates some fixtures for the tests here
|
|
36
|
+
#
|
|
37
|
+
def create_fixtures
|
|
38
|
+
@user1 = User.create!
|
|
39
|
+
@user2 = User.create!
|
|
40
|
+
@user3 = User.create!
|
|
41
|
+
|
|
42
|
+
@tenant_a = TenantA.create!
|
|
43
|
+
@tenant_b = TenantB.create!
|
|
44
|
+
@user1.add_tenant @tenant_a
|
|
45
|
+
@user1.add_tenant @tenant_b
|
|
46
|
+
@user2.add_tenant @tenant_a
|
|
47
|
+
@user3.add_tenant @tenant_b
|
|
48
|
+
|
|
49
|
+
@tenanted_model1 = ModelWithTenant.create! tenant_a: @tenant_a, tenant_b: @tenant_b
|
|
50
|
+
@tenanted_model2 = ModelWithTenant.create! tenant_a: @tenant_a
|
|
51
|
+
@tenanted_model3 = ModelWithTenant.create! tenant_b: @tenant_b
|
|
52
|
+
|
|
53
|
+
@group = Strongbolt::UserGroup.create! name: "Normal"
|
|
54
|
+
@group.users << @user1
|
|
55
|
+
@group.users << @user2
|
|
56
|
+
@group.users << @user3
|
|
57
|
+
|
|
58
|
+
@role = @group.roles.create! name: "Normal"
|
|
59
|
+
@role.capabilities.create! model: "User", action: "update", require_ownership: true
|
|
60
|
+
@role.capabilities.create! model: "ModelWithTenant", action: "find", require_tenant_access: true
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
|
|
65
|
+
#
|
|
66
|
+
# Has access to tenants?
|
|
67
|
+
#
|
|
68
|
+
describe "has_access_to_tenants?" do
|
|
69
|
+
before { create_fixtures }
|
|
70
|
+
|
|
71
|
+
it "should be true when model is tenant" do
|
|
72
|
+
expect(@user1.send :has_access_to_tenants?, @tenant_a).to eq true
|
|
73
|
+
expect(@user1.send :has_access_to_tenants?, @tenant_b).to eq true
|
|
74
|
+
expect(@user2.send :has_access_to_tenants?, @tenant_a).to eq true
|
|
75
|
+
expect(@user2.send :has_access_to_tenants?, @tenant_b).to eq false
|
|
76
|
+
expect(@user3.send :has_access_to_tenants?, @tenant_a).to eq false
|
|
77
|
+
expect(@user3.send :has_access_to_tenants?, @tenant_b).to eq true
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
it "should be true when model is first child" do
|
|
81
|
+
expect(@user1.send :has_access_to_tenants?, @tenanted_model1).to eq true
|
|
82
|
+
expect(@user1.send :has_access_to_tenants?, @tenanted_model2).to eq true
|
|
83
|
+
expect(@user1.send :has_access_to_tenants?, @tenanted_model3).to eq true
|
|
84
|
+
expect(@user2.send :has_access_to_tenants?, @tenanted_model1).to eq true
|
|
85
|
+
expect(@user2.send :has_access_to_tenants?, @tenanted_model2).to eq true
|
|
86
|
+
expect(@user2.send :has_access_to_tenants?, @tenanted_model3).to eq false
|
|
87
|
+
expect(@user3.send :has_access_to_tenants?, @tenanted_model1).to eq true
|
|
88
|
+
expect(@user3.send :has_access_to_tenants?, @tenanted_model2).to eq false
|
|
89
|
+
expect(@user3.send :has_access_to_tenants?, @tenanted_model3).to eq true
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
end
|
data/spec/support/db_setup.rb
CHANGED
|
@@ -55,6 +55,26 @@ class TestsMigrations < ActiveRecord::Migration
|
|
|
55
55
|
t.integer :child_id
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
+
create_table :tenant_a, :force => true do |t|
|
|
59
|
+
t.string :name
|
|
60
|
+
|
|
61
|
+
t.timestamps
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
create_table :tenant_b, :force => true do |t|
|
|
65
|
+
t.string :name
|
|
66
|
+
|
|
67
|
+
t.timestamps
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
create_table :model_with_tenants, :force => true do |t|
|
|
71
|
+
t.string :name
|
|
72
|
+
t.integer :tenant_a_id
|
|
73
|
+
t.integer :tenant_b_id
|
|
74
|
+
|
|
75
|
+
t.timestamps
|
|
76
|
+
end
|
|
77
|
+
|
|
58
78
|
create_table :strongbolt_capabilities, :force => true do |t|
|
|
59
79
|
t.string :name
|
|
60
80
|
t.string :description
|
data/strongbolt.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strongbolt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Césaré-Herriau
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-
|
|
12
|
+
date: 2016-06-27 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: awesome_nested_set
|
|
@@ -165,6 +165,20 @@ dependencies:
|
|
|
165
165
|
- - ">="
|
|
166
166
|
- !ruby/object:Gem::Version
|
|
167
167
|
version: '0'
|
|
168
|
+
- !ruby/object:Gem::Dependency
|
|
169
|
+
name: database_cleaner
|
|
170
|
+
requirement: !ruby/object:Gem::Requirement
|
|
171
|
+
requirements:
|
|
172
|
+
- - ">="
|
|
173
|
+
- !ruby/object:Gem::Version
|
|
174
|
+
version: '0'
|
|
175
|
+
type: :development
|
|
176
|
+
prerelease: false
|
|
177
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
178
|
+
requirements:
|
|
179
|
+
- - ">="
|
|
180
|
+
- !ruby/object:Gem::Version
|
|
181
|
+
version: '0'
|
|
168
182
|
description: Use model-level authorization with a very granular roles and permissions
|
|
169
183
|
definition.
|
|
170
184
|
email:
|
|
@@ -311,6 +325,7 @@ files:
|
|
|
311
325
|
- spec/strongbolt/helpers_spec.rb
|
|
312
326
|
- spec/strongbolt/role_spec.rb
|
|
313
327
|
- spec/strongbolt/tenantable_spec.rb
|
|
328
|
+
- spec/strongbolt/user_abilities_multiple_tenants_spec.rb
|
|
314
329
|
- spec/strongbolt/user_abilities_spec.rb
|
|
315
330
|
- spec/strongbolt/user_group_spec.rb
|
|
316
331
|
- spec/strongbolt/users_tenant_spec.rb
|
|
@@ -415,6 +430,7 @@ test_files:
|
|
|
415
430
|
- spec/strongbolt/helpers_spec.rb
|
|
416
431
|
- spec/strongbolt/role_spec.rb
|
|
417
432
|
- spec/strongbolt/tenantable_spec.rb
|
|
433
|
+
- spec/strongbolt/user_abilities_multiple_tenants_spec.rb
|
|
418
434
|
- spec/strongbolt/user_abilities_spec.rb
|
|
419
435
|
- spec/strongbolt/user_group_spec.rb
|
|
420
436
|
- spec/strongbolt/users_tenant_spec.rb
|