super_auth 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/db/migrate/9_add_by_current_user_index.rb +12 -0
  4. data/db/migrate_activerecord/20250101000009_add_by_current_user_index_to_super_auth_authorizations.rb +7 -0
  5. data/lib/super_auth/active_record/by_current_user.rb +16 -16
  6. data/lib/super_auth/version.rb +1 -1
  7. data/super_auth.gemspec +35 -0
  8. metadata +4 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0e93633206ab371d51eb0519bc0afccf33a028bd1025d66ee2fc1fb17df19c20
4
- data.tar.gz: f99edcddc159742adee9fcf5888d8bc438beaad627d58f8576204e695a3436fa
3
+ metadata.gz: c87faea517d56f8cb6a8cc8753e6cac508d2065dfd06e4042d56a9da102d8763
4
+ data.tar.gz: 02dcddf01c47ca4a3e371e4a90d0b091f750faf22674a950c57cb1836573d540
5
5
  SHA512:
6
- metadata.gz: cedd01d07d249b8b49840915eed87eb68a0f7a16a2900dad8f93168338efc12c457b8c86ea910d5fd99def2844945abd8f148bd5bb360b476b22a3942eda8b7d
7
- data.tar.gz: 6158c6a1b379d27364ae97f570899fe1690ac172a9bf16732932058bf62504fd03180719fdce24974571b262ec5dfd4444d1c6dd967408e08892491791a45a6d
6
+ metadata.gz: cf5e6a02d96541c2ea2ddb838f757c8442594c03c8e90382dae230be0586bef8772e7805ac875afc8ef897e7f0ec9bc2bb6ee66ca8e6164da8ebb00cff3869cf
7
+ data.tar.gz: 037ab89f3f6fae85981c5b4789481a439f74d34209f1c402c8732564435bfca6acd56944595c59278594bfa01e75ef1ecc902f2f82a5272032dac12dd36d2c27
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- super_auth (0.1.5)
4
+ super_auth (0.2.0)
5
5
  sequel
6
6
 
7
7
  GEM
data/db/migrate/9_add_by_current_user_index.rb ADDED
@@ -0,0 +1,12 @@
1
+ Sequel.migration do
2
+ up do
3
+ add_index :super_auth_authorizations,
4
+ [:user_external_id, :resource_external_type, :resource_external_id],
5
+ name: :idx_sa_auth_by_current_user
6
+ end
7
+ down do
8
+ drop_index :super_auth_authorizations,
9
+ [:user_external_id, :resource_external_type, :resource_external_id],
10
+ name: :idx_sa_auth_by_current_user
11
+ end
12
+ end
data/db/migrate_activerecord/20250101000009_add_by_current_user_index_to_super_auth_authorizations.rb ADDED
@@ -0,0 +1,7 @@
1
+ class AddByCurrentUserIndexToSuperAuthAuthorizations < ActiveRecord::Migration[8.0]
2
+ def change
3
+ add_index :super_auth_authorizations,
4
+ [:user_external_id, :resource_external_type, :resource_external_id],
5
+ name: :idx_sa_auth_by_current_user
6
+ end
7
+ end
data/lib/super_auth/active_record/by_current_user.rb CHANGED
@@ -1,9 +1,7 @@
1
1
  module SuperAuth::ActiveRecord::ByCurrentUser
2
2
  def self.included(base)
3
- base.has_many :super_auth_authorizations
4
-
5
3
  base.send(:default_scope, **{all_queries: true}) do
6
- raise "SuperAuth.current_user not set" if SuperAuth.current_user.blank?
4
+ next none if SuperAuth.current_user.blank?
7
5
 
8
6
  if SuperAuth.current_user.respond_to?(:system?) && SuperAuth.current_user.system?
9
7
  self
@@ -15,25 +13,27 @@ module SuperAuth::ActiveRecord::ByCurrentUser
15
13
  { user_external_id: SuperAuth.current_user.id, user_external_type: SuperAuth.current_user.class.name }
16
14
  end
17
15
 
18
- resource_where =
19
- if try(:id)
20
- { resource_external_id: self.id, resource_external_type: self.class.name }
16
+ resource_type = self.model.name
17
+
18
+ # Type-level authorization (resource_external_id IS NULL) acts as wildcard:
19
+ # user has access to ALL records of this type (e.g., admin with ADMIN_ACCESS).
20
+ type_level = SuperAuth::ActiveRecord::Authorization
21
+ .where(**user_where, resource_external_type: resource_type, resource_external_id: nil)
22
+
23
+ if type_level.exists?
24
+ self
21
25
  else
22
- { resource_external_type: self.model.name }
26
+ # Per-record authorization: filter to specific records the user can access.
27
+ where(
28
+ id: SuperAuth::ActiveRecord::Authorization
29
+ .where(**user_where, resource_external_type: resource_type)
30
+ .where.not(resource_external_id: nil)
31
+ .select(:resource_external_id))
23
32
  end
24
-
25
- # Important:
26
- # We use a subquery here instead of a inner join because we don't want
27
- # to potentially affect break on queries issue count queries in their app.
28
- where(
29
- id: SuperAuth::ActiveRecord::Authorization
30
- .where(**user_where, **resource_where)
31
- .select(:resource_id))
32
33
  end
33
34
  end
34
35
  end
35
36
 
36
37
  module ClassMethods
37
38
  end
38
-
39
39
  end
data/lib/super_auth/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SuperAuth
2
- VERSION = "0.2.0"
2
+ VERSION = "0.3.0"
3
3
  end
data/super_auth.gemspec ADDED
@@ -0,0 +1,35 @@
1
+ require_relative "lib/super_auth/version"
2
+
3
+ Gem::Specification.new do |spec|
4
+ spec.name = "super_auth"
5
+ spec.version = SuperAuth::VERSION
6
+ spec.authors = ["Jonathan Frias"]
7
+ spec.email = ["jonathan@gofrias.com"]
8
+
9
+ spec.summary = "Make Unauthenticated State Unrepresentable"
10
+ spec.description = "Simple, yet super powerful authorization for you application"
11
+ spec.homepage = "https://github.com/JonathanFrias/super_auth"
12
+ spec.license = "MIT"
13
+ spec.required_ruby_version = ">= 2.6.0"
14
+
15
+ spec.metadata["homepage_uri"] = spec.homepage
16
+ spec.metadata["source_code_uri"] = "https://github.com/JonathanFrias/super_auth"
17
+ spec.metadata["changelog_uri"] = "https://github.com/JonathanFrias/super_auth/blob/main/CHANGELOG.md"
18
+
19
+ # Specify which files should be added to the gem when it is released.
20
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
21
+ spec.files = Dir.chdir(__dir__) do
22
+ `git ls-files -z`.split("\x0").reject do |f|
23
+ (f == __FILE__) || f.match(%r{\A(?:(?:bin|test|spec|features)/|\.(?:git|circleci)|appveyor)})
24
+ end
25
+ end
26
+ spec.bindir = "bin"
27
+ spec.executables = spec.files.grep(%r{\Abin/}) { |f| File.basename(f) }
28
+ spec.require_paths = ["lib"]
29
+
30
+ # Uncomment to register a new dependency of your gem
31
+ spec.add_dependency "sequel"
32
+ spec.add_development_dependency "sqlite3"
33
+ # For more information and examples about making a new gem, check out our
34
+ # guide at: https://bundler.io/guides/creating_gem.html
35
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: super_auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Frias
@@ -65,6 +65,7 @@ files:
65
65
  - db/migrate/6_edge.rb
66
66
  - db/migrate/7_authorization.rb
67
67
  - db/migrate/8_add_indexes_to_edges.rb
68
+ - db/migrate/9_add_by_current_user_index.rb
68
69
  - db/migrate_activerecord/20250101000001_create_super_auth_users.rb
69
70
  - db/migrate_activerecord/20250101000002_create_super_auth_groups.rb
70
71
  - db/migrate_activerecord/20250101000003_create_super_auth_permissions.rb
@@ -72,6 +73,7 @@ files:
72
73
  - db/migrate_activerecord/20250101000005_create_super_auth_resources.rb
73
74
  - db/migrate_activerecord/20250101000006_create_super_auth_edges.rb
74
75
  - db/migrate_activerecord/20250101000007_create_super_auth_authorizations.rb
76
+ - db/migrate_activerecord/20250101000009_add_by_current_user_index_to_super_auth_authorizations.rb
75
77
  - db/seeds/sample_data.rb
76
78
  - lib/basic_loader.rb
77
79
  - lib/generators/super_auth/install/install_generator.rb
@@ -98,6 +100,7 @@ files:
98
100
  - lib/super_auth/user.rb
99
101
  - lib/super_auth/version.rb
100
102
  - lib/tasks/super_auth_tasks.rake
103
+ - super_auth.gemspec
101
104
  - visualization.html
102
105
  homepage: https://github.com/JonathanFrias/super_auth
103
106
  licenses: