strongbolt 0.3.8 → 0.3.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +75 -0
- data/app/controllers/strongbolt/user_groups_users_controller.rb +3 -0
- data/lib/generators/strongbolt/fix_unique_group_members_generator.rb +19 -0
- data/lib/generators/strongbolt/templates/fix_unique_group_members.rb +5 -0
- data/lib/generators/strongbolt/templates/migration.rb +2 -0
- data/lib/strongbolt.rb +13 -11
- data/lib/strongbolt/bolted.rb +21 -19
- data/lib/strongbolt/tenantable.rb +2 -2
- data/lib/strongbolt/user_abilities.rb +9 -9
- data/lib/strongbolt/version.rb +1 -1
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/db/migrate/20160531110509_fix_unique_group_members.rb +5 -0
- data/spec/dummy/db/schema.rb +2 -1
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/strongbolt/bolted_spec.rb +10 -10
- data/spec/strongbolt/tenantable_spec.rb +7 -7
- data/spec/strongbolt/user_abilities_spec.rb +24 -24
- data/spec/support/db_setup.rb +2 -0
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 085945fde7504a693c9d0bd3a6a98b04da72911f
|
|
4
|
+
data.tar.gz: cde8841b764409146e570aab407bd352e626c373
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f57f6215dfaf0cd3b095d02fbc5c88073d52514de38767903a451e93c8fc3afd43b2fcee1bdbbcc77f54451683e73dd5a0d517b88122888974e0ef5a919415bd
|
|
7
|
+
data.tar.gz: 96236affc3e1b2eed63fe6a9e4ce4cbc1a4a323fd8cc408bca2c46ed08c093e1c861aeef96f8427dd0a1914527989c5a31307d34aa8530ce13b2249e7b137f86
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -112,6 +112,81 @@ To achieve this, use the following within your model:
|
|
|
112
112
|
authorize_as "Movie"
|
|
113
113
|
```
|
|
114
114
|
|
|
115
|
+
All ActiveRecord models will get the following methods added by Strongbolt.
|
|
116
|
+
|
|
117
|
+
##### ::bolted?
|
|
118
|
+
|
|
119
|
+
Returns true if authorization checks are enabled.
|
|
120
|
+
|
|
121
|
+
##### ::unbolted?
|
|
122
|
+
|
|
123
|
+
Returns true if authorization checks are disabled.
|
|
124
|
+
|
|
125
|
+
##### ::owned?
|
|
126
|
+
|
|
127
|
+
Returns true when the model is owned by user (has a belongs_to association with the user class). Example: `Client.owned?`
|
|
128
|
+
|
|
129
|
+
##### ::owner_attribute
|
|
130
|
+
|
|
131
|
+
The attribute of the model which is used to determine the owner. Example: `Client.owner_attribute` would return `:user_id`, `User.owner_attribute` would `:id`.
|
|
132
|
+
|
|
133
|
+
##### ::tenant?
|
|
134
|
+
|
|
135
|
+
Returns true when the model is a tenant (see below for a description of tenants).
|
|
136
|
+
|
|
137
|
+
##### ::authorize_as
|
|
138
|
+
|
|
139
|
+
See above. Allows a different model to be used for authorization checks instead.
|
|
140
|
+
|
|
141
|
+
##### ::name_for_authorization
|
|
142
|
+
|
|
143
|
+
See above. Returns the name of the model to be used for authorization checks.
|
|
144
|
+
|
|
145
|
+
### Users
|
|
146
|
+
|
|
147
|
+
Your user class (configured in the initializer via `config.user_class`) will have the following methods added by Strongbolt.
|
|
148
|
+
|
|
149
|
+
##### #capabilities
|
|
150
|
+
|
|
151
|
+
Returns all capabilities assigned to the user, including inherited ones. The return type is an array of `Strongbolt::Capability` instances. Example: `user.capabilities`
|
|
152
|
+
|
|
153
|
+
##### #add_tenant(tenant_instance)
|
|
154
|
+
|
|
155
|
+
Give the user access to the given tenant (see below for a description of tenants). Example: `user.add_tenant Client.find_by(name: 'AMG')`
|
|
156
|
+
|
|
157
|
+
##### #owns?(instance)
|
|
158
|
+
|
|
159
|
+
Checks whether the user own the given instance and returns a boolean. `instance` can be any instance of an ActiveRecord model. If the model has an attribute `user_id` it is compared to the user's ID to decide if he owns it. A user owns his own user instance. Example: `user.owns? Client.find_by(name: 'AMG')`, `user.owns? user`
|
|
160
|
+
|
|
161
|
+
##### #can?(action, instance, attrs = :any, all_instance = false)
|
|
162
|
+
|
|
163
|
+
Return true/false and determines whether the user is authorized to perform `action` on `instance`. `action` has to be a symbol (`:find, :create, :update, :destroy`). `instance` has to be a class or instance of an ActiveRecord model. `attrs` has to be `:any` always for now (it could be used for attribute level authorization, but that's not supported yet). `all_instance` can be set to true when `instance` is a call, to check whether the user can perform `action` on all instances of that class.
|
|
164
|
+
Examples:
|
|
165
|
+
- `user.can?(:find, Client.find_by(name: 'AMG'))`
|
|
166
|
+
- `user.can?(:create, Plan)`
|
|
167
|
+
- `user.can?(:update, Client, :any, true)`
|
|
168
|
+
|
|
169
|
+
##### #cannot?(...)
|
|
170
|
+
|
|
171
|
+
Inverse of `user.can?(...)`
|
|
172
|
+
|
|
173
|
+
##### #user_groups
|
|
174
|
+
|
|
175
|
+
ActiveRecord has_may Association with `Strongbolt::UserGroup`
|
|
176
|
+
|
|
177
|
+
##### #roles
|
|
178
|
+
|
|
179
|
+
ActiveRecord has_may Association with `Strongbolt::Role` through `Strongbolt::UserGroup`
|
|
180
|
+
|
|
181
|
+
##### #{tenants}
|
|
182
|
+
|
|
183
|
+
ActiveRecord has_may Association with the tenant model. The name is the pluralized version of the tenant model name. Example: `User.clients`
|
|
184
|
+
|
|
185
|
+
##### #accessible_{tenants}
|
|
186
|
+
|
|
187
|
+
Method returning all tenants of the type the user has access to. Example: `User.accessible_clients`
|
|
188
|
+
|
|
189
|
+
|
|
115
190
|
### Tenants
|
|
116
191
|
|
|
117
192
|
Strongbolt allows the utilization of _tenants_. Tenants are vertical scopes within your application.
|
|
@@ -9,6 +9,9 @@ module Strongbolt
|
|
|
9
9
|
|
|
10
10
|
@user_group.users << @user unless @user_group.users.include?(@user)
|
|
11
11
|
|
|
12
|
+
redirect_to request.referrer || user_group_path(@user_group)
|
|
13
|
+
rescue ActiveRecord::RecordNotUnique
|
|
14
|
+
# user was already in the group, just ignoring this
|
|
12
15
|
redirect_to request.referrer || user_group_path(@user_group)
|
|
13
16
|
end
|
|
14
17
|
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
require "strongbolt/generators/migration"
|
|
2
|
+
|
|
3
|
+
module Strongbolt
|
|
4
|
+
module Generators
|
|
5
|
+
#
|
|
6
|
+
# Creates a migration to fix a has many through with users tenants problem
|
|
7
|
+
#
|
|
8
|
+
class FixUniqueGroupMembersGenerator < Rails::Generators::Base
|
|
9
|
+
include Strongbolt::Generators::Migration
|
|
10
|
+
|
|
11
|
+
source_root File.expand_path('../templates', __FILE__)
|
|
12
|
+
|
|
13
|
+
def copy_fix
|
|
14
|
+
copy_migration "fix_unique_group_members", "fix_unique_group_members"
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -68,6 +68,8 @@ class CreateStrongboltTables < ActiveRecord::Migration
|
|
|
68
68
|
add_index :strongbolt_users_tenants, :tenant_id
|
|
69
69
|
add_index :strongbolt_users_tenants, :type
|
|
70
70
|
add_index :strongbolt_users_tenants, [:tenant_id, :type]
|
|
71
|
+
|
|
72
|
+
add_index :strongbolt_user_groups_users, [:user_group_id, :user_id], unique: true, name: :index_strongbolt_user_groups_users_unique
|
|
71
73
|
end
|
|
72
74
|
end
|
|
73
75
|
|
data/lib/strongbolt.rb
CHANGED
|
@@ -104,16 +104,6 @@ module Strongbolt
|
|
|
104
104
|
Grant::User.current_user = user unless Grant::User.current_user == user
|
|
105
105
|
end
|
|
106
106
|
|
|
107
|
-
#
|
|
108
|
-
# Ensures the user instance given is a valid user for that configuration
|
|
109
|
-
# It checks whether the class or the base_class (in case of STI) of the instance class
|
|
110
|
-
# has been configured as the user model
|
|
111
|
-
#
|
|
112
|
-
def self.valid_user? user
|
|
113
|
-
user.class.name == Strongbolt::Configuration.user_class ||
|
|
114
|
-
user.class.base_class.name == Strongbolt::Configuration.user_class
|
|
115
|
-
end
|
|
116
|
-
|
|
117
107
|
#
|
|
118
108
|
# Setting up Strongbolt
|
|
119
109
|
#
|
|
@@ -180,6 +170,17 @@ Error message:
|
|
|
180
170
|
! enabled?
|
|
181
171
|
end
|
|
182
172
|
|
|
173
|
+
#
|
|
174
|
+
# Ensures the user instance given is a valid user for that configuration
|
|
175
|
+
# It checks whether the class or the base_class (in case of STI) of the instance class
|
|
176
|
+
# has been configured as the user model
|
|
177
|
+
#
|
|
178
|
+
def self.valid_user? user
|
|
179
|
+
user.class.name == Strongbolt::Configuration.user_class ||
|
|
180
|
+
user.class.base_class.name == Strongbolt::Configuration.user_class
|
|
181
|
+
end
|
|
182
|
+
private_class_method :valid_user?
|
|
183
|
+
|
|
183
184
|
# Include helpers in the given scope to AC and AV.
|
|
184
185
|
def self.include_helpers(scope)
|
|
185
186
|
ActiveSupport.on_load(:action_controller) do
|
|
@@ -191,10 +192,11 @@ Error message:
|
|
|
191
192
|
end
|
|
192
193
|
end
|
|
193
194
|
|
|
194
|
-
# Not to use directly
|
|
195
|
+
# Not to use directly, only used in tests
|
|
195
196
|
def self.tenants= tenants
|
|
196
197
|
@@tenants = tenants
|
|
197
198
|
end
|
|
199
|
+
private_class_method :tenants=
|
|
198
200
|
end
|
|
199
201
|
|
|
200
202
|
#
|
data/lib/strongbolt/bolted.rb
CHANGED
|
@@ -17,7 +17,7 @@ module Strongbolt
|
|
|
17
17
|
|
|
18
18
|
#
|
|
19
19
|
# Not secure if Grant is disabled, there's no current user
|
|
20
|
-
# or if we're using Rails console
|
|
20
|
+
# or if we're using Rails console
|
|
21
21
|
#
|
|
22
22
|
def unbolted?
|
|
23
23
|
Grant::Status.grant_disabled? || (defined?(Rails) && defined?(Rails.console)) ||
|
|
@@ -29,20 +29,7 @@ module Strongbolt
|
|
|
29
29
|
# relationship with the user class
|
|
30
30
|
#
|
|
31
31
|
def owned?
|
|
32
|
-
@owned ||=
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
#
|
|
36
|
-
# Returns the association to the user, if present
|
|
37
|
-
#
|
|
38
|
-
def owner_association
|
|
39
|
-
@owner_association ||= reflect_on_all_associations(:belongs_to).select do |assoc|
|
|
40
|
-
unless assoc.options.has_key? :polymorphic
|
|
41
|
-
assoc.klass.name == Configuration.user_class
|
|
42
|
-
else
|
|
43
|
-
false
|
|
44
|
-
end
|
|
45
|
-
end.try(:first)
|
|
32
|
+
@owned ||= self <= Configuration.user_class.constantize || owner_association.present?
|
|
46
33
|
end
|
|
47
34
|
|
|
48
35
|
#
|
|
@@ -51,13 +38,20 @@ module Strongbolt
|
|
|
51
38
|
def owner_attribute
|
|
52
39
|
return unless owned?
|
|
53
40
|
|
|
54
|
-
@owner_attribute ||= if
|
|
41
|
+
@owner_attribute ||= if self <= Configuration.user_class.constantize
|
|
55
42
|
:id
|
|
56
43
|
else
|
|
57
44
|
owner_association.foreign_key.to_sym
|
|
58
45
|
end
|
|
59
46
|
end
|
|
60
47
|
|
|
48
|
+
#
|
|
49
|
+
# Authorize as another model
|
|
50
|
+
#
|
|
51
|
+
def authorize_as model_name
|
|
52
|
+
@name_for_authorization = model_name
|
|
53
|
+
end
|
|
54
|
+
|
|
61
55
|
#
|
|
62
56
|
# Returns the model name for authorization
|
|
63
57
|
#
|
|
@@ -65,11 +59,19 @@ module Strongbolt
|
|
|
65
59
|
@name_for_authorization ||= self.name
|
|
66
60
|
end
|
|
67
61
|
|
|
62
|
+
private
|
|
63
|
+
|
|
68
64
|
#
|
|
69
|
-
#
|
|
65
|
+
# Returns the association to the user, if present
|
|
70
66
|
#
|
|
71
|
-
def
|
|
72
|
-
@
|
|
67
|
+
def owner_association
|
|
68
|
+
@owner_association ||= reflect_on_all_associations(:belongs_to).select do |assoc|
|
|
69
|
+
unless assoc.options.has_key? :polymorphic
|
|
70
|
+
assoc.klass <= Configuration.user_class.constantize
|
|
71
|
+
else
|
|
72
|
+
false
|
|
73
|
+
end
|
|
74
|
+
end.try(:first)
|
|
73
75
|
end
|
|
74
76
|
|
|
75
77
|
end
|
|
@@ -4,6 +4,8 @@ module Strongbolt
|
|
|
4
4
|
|
|
5
5
|
def tenant?() (@tenant.present? && @tenant) || Strongbolt.tenants.include?(name); end
|
|
6
6
|
|
|
7
|
+
private
|
|
8
|
+
|
|
7
9
|
#
|
|
8
10
|
# Returns associations potential name
|
|
9
11
|
#
|
|
@@ -14,8 +16,6 @@ module Strongbolt
|
|
|
14
16
|
@plural_association_name ||= self.name.demodulize.underscore.pluralize.to_sym
|
|
15
17
|
end
|
|
16
18
|
|
|
17
|
-
private
|
|
18
|
-
|
|
19
19
|
#
|
|
20
20
|
# Specifies that the class can be tenanted
|
|
21
21
|
# It will traverse all the has_many relationships
|
|
@@ -52,10 +52,10 @@ module Strongbolt
|
|
|
52
52
|
# Determine the model name and the actual model (if we need to traverse the hierarchy)
|
|
53
53
|
if instance.is_a?(ActiveRecord::Base)
|
|
54
54
|
model = instance.class
|
|
55
|
-
model_name = model.name_for_authorization
|
|
55
|
+
model_name = model.send(:name_for_authorization)
|
|
56
56
|
elsif instance.is_a?(Class)
|
|
57
57
|
model = instance
|
|
58
|
-
model_name = model.name_for_authorization
|
|
58
|
+
model_name = model.send(:name_for_authorization)
|
|
59
59
|
else
|
|
60
60
|
model = nil # We could do model_name.constantize, but there's a big cost to doing this
|
|
61
61
|
# if we don't need it, so just defer until we determine there's an actual need
|
|
@@ -87,6 +87,7 @@ module Strongbolt
|
|
|
87
87
|
end
|
|
88
88
|
|
|
89
89
|
|
|
90
|
+
private
|
|
90
91
|
|
|
91
92
|
#
|
|
92
93
|
# Populate the capabilities cache
|
|
@@ -144,7 +145,6 @@ module Strongbolt
|
|
|
144
145
|
|
|
145
146
|
|
|
146
147
|
|
|
147
|
-
|
|
148
148
|
#----------------------------------------------------------#
|
|
149
149
|
# #
|
|
150
150
|
# Checks if the user can perform 'action' on 'instance' #
|
|
@@ -228,14 +228,14 @@ module Strongbolt
|
|
|
228
228
|
begin
|
|
229
229
|
if instance.class == tenant
|
|
230
230
|
tenant_ids = [instance.id]
|
|
231
|
-
elsif instance.respond_to?(tenant.singular_association_name)
|
|
232
|
-
if instance.send(tenant.singular_association_name).present?
|
|
233
|
-
tenant_ids = [instance.send(tenant.singular_association_name).id]
|
|
231
|
+
elsif instance.respond_to?(tenant.send(:singular_association_name))
|
|
232
|
+
if instance.send(tenant.send(:singular_association_name)).present?
|
|
233
|
+
tenant_ids = [instance.send(tenant.send(:singular_association_name)).id]
|
|
234
234
|
else
|
|
235
235
|
tenant_ids = []
|
|
236
236
|
end
|
|
237
|
-
elsif instance.respond_to?(tenant.plural_association_name)
|
|
238
|
-
tenant_ids = instance.send("#{tenant.singular_association_name}_ids")
|
|
237
|
+
elsif instance.respond_to?(tenant.send(:plural_association_name))
|
|
238
|
+
tenant_ids = instance.send("#{tenant.send(:singular_association_name)}_ids")
|
|
239
239
|
else
|
|
240
240
|
next result
|
|
241
241
|
end
|
|
@@ -260,7 +260,7 @@ module Strongbolt
|
|
|
260
260
|
@tenants_cache = {}
|
|
261
261
|
# Go over each tenants
|
|
262
262
|
Strongbolt.tenants.each do |tenant|
|
|
263
|
-
@tenants_cache[tenant.name] = send("accessible_#{tenant.plural_association_name}").pluck(:id)
|
|
263
|
+
@tenants_cache[tenant.name] = send("accessible_#{tenant.send(:plural_association_name)}").pluck(:id)
|
|
264
264
|
Strongbolt.logger.debug "#{@tenants_cache[tenant.name].size} #{tenant.name}"
|
|
265
265
|
end
|
|
266
266
|
end
|
data/lib/strongbolt/version.rb
CHANGED
|
Binary file
|
data/spec/dummy/db/schema.rb
CHANGED
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
#
|
|
12
12
|
# It's strongly recommended that you check this file into your version control system.
|
|
13
13
|
|
|
14
|
-
ActiveRecord::Schema.define(version:
|
|
14
|
+
ActiveRecord::Schema.define(version: 20160531110509) do
|
|
15
15
|
|
|
16
16
|
create_table "strongbolt_capabilities", force: true do |t|
|
|
17
17
|
t.string "name"
|
|
@@ -67,6 +67,7 @@ ActiveRecord::Schema.define(version: 20150630212251) do
|
|
|
67
67
|
t.integer "user_id"
|
|
68
68
|
end
|
|
69
69
|
|
|
70
|
+
add_index "strongbolt_user_groups_users", ["user_group_id", "user_id"], name: "index_strongbolt_user_groups_users_unique", unique: true
|
|
70
71
|
add_index "strongbolt_user_groups_users", ["user_group_id"], name: "index_strongbolt_user_groups_users_on_user_group_id"
|
|
71
72
|
add_index "strongbolt_user_groups_users", ["user_id"], name: "index_strongbolt_user_groups_users_on_user_id"
|
|
72
73
|
|
data/spec/dummy/db/test.sqlite3
CHANGED
|
Binary file
|
|
@@ -3,7 +3,7 @@ require "spec_helper"
|
|
|
3
3
|
module Strongbolt
|
|
4
4
|
|
|
5
5
|
describe Bolted do
|
|
6
|
-
|
|
6
|
+
|
|
7
7
|
#
|
|
8
8
|
# Bolted?
|
|
9
9
|
#
|
|
@@ -67,7 +67,7 @@ module Strongbolt
|
|
|
67
67
|
expect(User.owner_attribute).to eq :id
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
|
-
|
|
70
|
+
|
|
71
71
|
context 'when model is ownable' do
|
|
72
72
|
|
|
73
73
|
before do
|
|
@@ -91,11 +91,11 @@ module Strongbolt
|
|
|
91
91
|
it "should have the right owner attribute" do
|
|
92
92
|
expect(OwnedModel.owner_attribute).to eq :user_id
|
|
93
93
|
end
|
|
94
|
-
|
|
94
|
+
|
|
95
95
|
end
|
|
96
|
-
|
|
96
|
+
|
|
97
97
|
context 'when model isnt ownable' do
|
|
98
|
-
|
|
98
|
+
|
|
99
99
|
it "should be true" do
|
|
100
100
|
expect(UnownedModel).not_to be_owned
|
|
101
101
|
end
|
|
@@ -105,7 +105,7 @@ module Strongbolt
|
|
|
105
105
|
UnownedModel.new.strongbolt_owner_id
|
|
106
106
|
end.to raise_error ModelNotOwned
|
|
107
107
|
end
|
|
108
|
-
|
|
108
|
+
|
|
109
109
|
end
|
|
110
110
|
|
|
111
111
|
end
|
|
@@ -115,7 +115,7 @@ module Strongbolt
|
|
|
115
115
|
#
|
|
116
116
|
describe 'name_for_authorization' do
|
|
117
117
|
it "should default to model name" do
|
|
118
|
-
expect(Model.name_for_authorization).to eq "Model"
|
|
118
|
+
expect(Model.send(:name_for_authorization)).to eq "Model"
|
|
119
119
|
end
|
|
120
120
|
end
|
|
121
121
|
|
|
@@ -123,14 +123,14 @@ module Strongbolt
|
|
|
123
123
|
# Authorize as
|
|
124
124
|
#
|
|
125
125
|
describe 'authorize_as' do
|
|
126
|
-
|
|
126
|
+
|
|
127
127
|
before { Model.authorize_as "ParentModel" }
|
|
128
128
|
after { Model.authorize_as nil }
|
|
129
129
|
|
|
130
130
|
it "should have changed name for authorization" do
|
|
131
|
-
expect(Model.name_for_authorization).to eq "ParentModel"
|
|
131
|
+
expect(Model.send(:name_for_authorization)).to eq "ParentModel"
|
|
132
132
|
end
|
|
133
133
|
|
|
134
134
|
end
|
|
135
135
|
|
|
136
|
-
end
|
|
136
|
+
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require "spec_helper"
|
|
2
2
|
|
|
3
3
|
describe Strongbolt::Tenantable do
|
|
4
|
-
|
|
4
|
+
|
|
5
5
|
it "should have been included in ActiveRecord::Base" do
|
|
6
6
|
expect(ActiveRecord::Base.included_modules).to include Strongbolt::Tenantable
|
|
7
7
|
end
|
|
@@ -109,7 +109,7 @@ describe Strongbolt::Tenantable do
|
|
|
109
109
|
self.table_name = "child_models"
|
|
110
110
|
|
|
111
111
|
belongs_to :other_child_model, foreign_key: :model_id
|
|
112
|
-
end
|
|
112
|
+
end
|
|
113
113
|
|
|
114
114
|
#
|
|
115
115
|
# Cousin of second degree child
|
|
@@ -119,7 +119,7 @@ describe Strongbolt::Tenantable do
|
|
|
119
119
|
|
|
120
120
|
belongs_to :model, polymorphic: true
|
|
121
121
|
has_one :unowned_model, foreign_key: :model_id
|
|
122
|
-
end
|
|
122
|
+
end
|
|
123
123
|
|
|
124
124
|
#
|
|
125
125
|
# Top level model, parent of Tenant Model
|
|
@@ -202,9 +202,9 @@ describe Strongbolt::Tenantable do
|
|
|
202
202
|
#
|
|
203
203
|
# When an association lacks an inverse (none configured and none found)
|
|
204
204
|
#
|
|
205
|
-
|
|
205
|
+
|
|
206
206
|
context "when an association lacks an inverse" do
|
|
207
|
-
|
|
207
|
+
|
|
208
208
|
before(:all) do
|
|
209
209
|
#
|
|
210
210
|
# Tenant Model
|
|
@@ -242,9 +242,9 @@ describe Strongbolt::Tenantable do
|
|
|
242
242
|
#
|
|
243
243
|
# When a direct association lacks a reference to the tenant
|
|
244
244
|
#
|
|
245
|
-
|
|
245
|
+
|
|
246
246
|
context "when an association lacks an inverse" do
|
|
247
|
-
|
|
247
|
+
|
|
248
248
|
before(:all) do
|
|
249
249
|
#
|
|
250
250
|
# Tenant Model
|
|
@@ -76,7 +76,7 @@ describe Strongbolt::UserAbilities do
|
|
|
76
76
|
@other_tenant_model = TenantModel.create!
|
|
77
77
|
# Add to the user
|
|
78
78
|
user.add_tenant @tenant_model
|
|
79
|
-
|
|
79
|
+
|
|
80
80
|
# Another user
|
|
81
81
|
@other_user = User.create!
|
|
82
82
|
# A owned model, owned
|
|
@@ -123,7 +123,7 @@ describe Strongbolt::UserAbilities do
|
|
|
123
123
|
# But can create setting only the attribute name
|
|
124
124
|
@role.capabilities.create! model: "UnownedModel", action: "create", attr: "name",
|
|
125
125
|
:require_tenant_access => false
|
|
126
|
-
|
|
126
|
+
|
|
127
127
|
# Admin can do whatever
|
|
128
128
|
@other_role.capabilities.create! model: "UnownedModel", action: "create"
|
|
129
129
|
end
|
|
@@ -135,7 +135,7 @@ describe Strongbolt::UserAbilities do
|
|
|
135
135
|
# Adding a tenant to the user
|
|
136
136
|
#
|
|
137
137
|
describe "add_tenant" do
|
|
138
|
-
|
|
138
|
+
|
|
139
139
|
context 'when instance is from a tenant' do
|
|
140
140
|
let(:model) { TenantModel.create! }
|
|
141
141
|
|
|
@@ -172,38 +172,38 @@ describe Strongbolt::UserAbilities do
|
|
|
172
172
|
before { create_fixtures }
|
|
173
173
|
|
|
174
174
|
context "when same tenant" do
|
|
175
|
-
|
|
175
|
+
|
|
176
176
|
it "should be true when model is tenant" do
|
|
177
|
-
expect(user.has_access_to_tenants
|
|
177
|
+
expect(user.send :has_access_to_tenants?, @tenant_model).to eq true
|
|
178
178
|
end
|
|
179
179
|
|
|
180
180
|
it "should be true when model is first child" do
|
|
181
|
-
expect(user.has_access_to_tenants
|
|
181
|
+
expect(user.send :has_access_to_tenants?, @unowned_model).to eq true
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
it "should be true when grand child" do
|
|
185
|
-
expect(user.has_access_to_tenants
|
|
185
|
+
expect(user.send :has_access_to_tenants?, @child_model).to eq true
|
|
186
186
|
end
|
|
187
187
|
|
|
188
188
|
it "should be true for a user defined association" do
|
|
189
|
-
expect(user.has_access_to_tenants
|
|
189
|
+
expect(user.send :has_access_to_tenants?, @linked_to_tenant).to eq true
|
|
190
190
|
end
|
|
191
191
|
|
|
192
192
|
end
|
|
193
193
|
|
|
194
194
|
context "when different tenant" do
|
|
195
195
|
it "should be false when model is tenant" do
|
|
196
|
-
expect(user.has_access_to_tenants
|
|
196
|
+
expect(user.send :has_access_to_tenants?, @other_tenant_model).to eq false
|
|
197
197
|
end
|
|
198
198
|
|
|
199
199
|
it "should be false when model is first child" do
|
|
200
|
-
expect(user.has_access_to_tenants
|
|
200
|
+
expect(user.send :has_access_to_tenants?, @unmanaged_model).to eq false
|
|
201
201
|
end
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
context "when model doesn't have link to tenant" do
|
|
205
205
|
it "should return true" do
|
|
206
|
-
expect(user.has_access_to_tenants
|
|
206
|
+
expect(user.send :has_access_to_tenants?, @model).to eq true
|
|
207
207
|
end
|
|
208
208
|
end
|
|
209
209
|
end
|
|
@@ -214,7 +214,7 @@ describe Strongbolt::UserAbilities do
|
|
|
214
214
|
# All Capabilities
|
|
215
215
|
#
|
|
216
216
|
describe 'capabilities' do
|
|
217
|
-
|
|
217
|
+
|
|
218
218
|
before { create_fixtures }
|
|
219
219
|
|
|
220
220
|
let(:capabilities) { user.capabilities }
|
|
@@ -233,11 +233,11 @@ describe Strongbolt::UserAbilities do
|
|
|
233
233
|
#
|
|
234
234
|
|
|
235
235
|
describe "can?" do
|
|
236
|
-
|
|
236
|
+
|
|
237
237
|
before { create_fixtures }
|
|
238
238
|
|
|
239
239
|
describe "creating an owned model" do
|
|
240
|
-
|
|
240
|
+
|
|
241
241
|
context "when authorized" do
|
|
242
242
|
let(:tenant_model) { TenantModel.create! }
|
|
243
243
|
|
|
@@ -284,7 +284,7 @@ describe Strongbolt::UserAbilities do
|
|
|
284
284
|
]
|
|
285
285
|
end
|
|
286
286
|
end
|
|
287
|
-
after do
|
|
287
|
+
after do
|
|
288
288
|
Strongbolt.setup do |config|
|
|
289
289
|
config.default_capabilities = []
|
|
290
290
|
end
|
|
@@ -320,7 +320,7 @@ describe Strongbolt::UserAbilities do
|
|
|
320
320
|
end # Updating an owned model
|
|
321
321
|
|
|
322
322
|
describe "creating a model with attribute restriction" do
|
|
323
|
-
|
|
323
|
+
|
|
324
324
|
context "when requiring all attributes" do
|
|
325
325
|
it "should return false" do
|
|
326
326
|
expect(user.can? :create, UnownedModel, :all).to eq false
|
|
@@ -392,13 +392,13 @@ describe Strongbolt::UserAbilities do
|
|
|
392
392
|
#
|
|
393
393
|
|
|
394
394
|
describe "Populate Capabilities Cache" do
|
|
395
|
-
|
|
395
|
+
|
|
396
396
|
#
|
|
397
397
|
# We create some fixtures for the population of cache to be tested
|
|
398
398
|
#
|
|
399
399
|
before { create_fixtures }
|
|
400
400
|
|
|
401
|
-
let(:cache) { user.populate_capabilities_cache }
|
|
401
|
+
let(:cache) { user.send(:populate_capabilities_cache) }
|
|
402
402
|
|
|
403
403
|
subject { cache }
|
|
404
404
|
|
|
@@ -430,14 +430,14 @@ describe Strongbolt::UserAbilities do
|
|
|
430
430
|
# OWNS?
|
|
431
431
|
#
|
|
432
432
|
describe "owns?" do
|
|
433
|
-
|
|
433
|
+
|
|
434
434
|
#
|
|
435
435
|
# Another user
|
|
436
436
|
#
|
|
437
437
|
context "when testing against a user" do
|
|
438
438
|
|
|
439
439
|
context 'when other user' do
|
|
440
|
-
|
|
440
|
+
|
|
441
441
|
let(:other_user) { User.create! }
|
|
442
442
|
|
|
443
443
|
it "should not own it" do
|
|
@@ -459,7 +459,7 @@ describe Strongbolt::UserAbilities do
|
|
|
459
459
|
# Another object
|
|
460
460
|
#
|
|
461
461
|
context "when testing against another model having user_id" do
|
|
462
|
-
|
|
462
|
+
|
|
463
463
|
context "when owning it" do
|
|
464
464
|
let(:model) { Model.create! user_id: user.id }
|
|
465
465
|
|
|
@@ -467,7 +467,7 @@ describe Strongbolt::UserAbilities do
|
|
|
467
467
|
expect(user.owns? model).to eq true
|
|
468
468
|
end
|
|
469
469
|
end
|
|
470
|
-
|
|
470
|
+
|
|
471
471
|
context "when not owning it" do
|
|
472
472
|
let(:model) { Model.create! user_id: 0 }
|
|
473
473
|
|
|
@@ -485,7 +485,7 @@ describe Strongbolt::UserAbilities do
|
|
|
485
485
|
# Another object unowned
|
|
486
486
|
#
|
|
487
487
|
context "when testing against a model not having user id" do
|
|
488
|
-
|
|
488
|
+
|
|
489
489
|
let(:model) { UnownedModel.create! }
|
|
490
490
|
|
|
491
491
|
it "should not own it" do
|
|
@@ -506,4 +506,4 @@ describe Strongbolt::UserAbilities do
|
|
|
506
506
|
end
|
|
507
507
|
end
|
|
508
508
|
|
|
509
|
-
end
|
|
509
|
+
end
|
data/spec/support/db_setup.rb
CHANGED
|
@@ -123,6 +123,8 @@ class TestsMigrations < ActiveRecord::Migration
|
|
|
123
123
|
add_index :strongbolt_users_tenants, :tenant_id
|
|
124
124
|
add_index :strongbolt_users_tenants, :type
|
|
125
125
|
add_index :strongbolt_users_tenants, [:tenant_id, :type]
|
|
126
|
+
|
|
127
|
+
add_index :strongbolt_user_groups_users, [:user_group_id, :user_id], unique: true, name: :index_strongbolt_user_groups_users_unique
|
|
126
128
|
end
|
|
127
129
|
end
|
|
128
130
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strongbolt
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Césaré-Herriau
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2016-05-
|
|
12
|
+
date: 2016-05-31 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: awesome_nested_set
|
|
@@ -208,9 +208,11 @@ files:
|
|
|
208
208
|
- app/views/strongbolt/user_groups/new.html.erb
|
|
209
209
|
- app/views/strongbolt/user_groups/show.html.erb
|
|
210
210
|
- lib/generators/strongbolt/fix_generator.rb
|
|
211
|
+
- lib/generators/strongbolt/fix_unique_group_members_generator.rb
|
|
211
212
|
- lib/generators/strongbolt/indexes_generator.rb
|
|
212
213
|
- lib/generators/strongbolt/install_generator.rb
|
|
213
214
|
- lib/generators/strongbolt/templates/fix.rb
|
|
215
|
+
- lib/generators/strongbolt/templates/fix_unique_group_members.rb
|
|
214
216
|
- lib/generators/strongbolt/templates/indexes.rb
|
|
215
217
|
- lib/generators/strongbolt/templates/migration.rb
|
|
216
218
|
- lib/generators/strongbolt/templates/strongbolt.rb
|
|
@@ -286,6 +288,7 @@ files:
|
|
|
286
288
|
- spec/dummy/db/development.sqlite3
|
|
287
289
|
- spec/dummy/db/migrate/20150630212236_create_strongbolt_tables.rb
|
|
288
290
|
- spec/dummy/db/migrate/20150630212251_create_strongbolt_tables_indexes.rb
|
|
291
|
+
- spec/dummy/db/migrate/20160531110509_fix_unique_group_members.rb
|
|
289
292
|
- spec/dummy/db/schema.rb
|
|
290
293
|
- spec/dummy/db/test.sqlite3
|
|
291
294
|
- spec/dummy/lib/assets/.keep
|
|
@@ -389,6 +392,7 @@ test_files:
|
|
|
389
392
|
- spec/dummy/db/development.sqlite3
|
|
390
393
|
- spec/dummy/db/migrate/20150630212236_create_strongbolt_tables.rb
|
|
391
394
|
- spec/dummy/db/migrate/20150630212251_create_strongbolt_tables_indexes.rb
|
|
395
|
+
- spec/dummy/db/migrate/20160531110509_fix_unique_group_members.rb
|
|
392
396
|
- spec/dummy/db/schema.rb
|
|
393
397
|
- spec/dummy/db/test.sqlite3
|
|
394
398
|
- spec/dummy/lib/assets/.keep
|