vigilante 1.0.12 → 1.0.17
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Gemfile.lock +25 -22
- data/VERSION +1 -1
- data/app/controllers/abilities_controller.rb +11 -3
- data/app/models/ability.rb +2 -0
- data/app/models/permission_hash.rb +14 -4
- data/db/migrate/20150609151817_create_permissions.rb +1 -1
- data/db/migrate/20150609151836_create_abilities.rb +1 -1
- data/db/migrate/20150609151845_create_ability_permissions.rb +1 -1
- data/db/migrate/20150609152056_create_authorizations.rb +1 -1
- data/db/migrate/20150609152444_create_authorization_extents.rb +1 -1
- data/lib/vigilante/watched_operator.rb +2 -8
- data/spec/models/permission_hash_spec.rb +14 -0
- data/vigilante.gemspec +21 -21
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 9ac92fe7c0c3c93811c09c945b6ceece2c80e10945b7705cc2e9261ed641d735
|
|
4
|
+
data.tar.gz: ea33e40fb34da51c938cb71d67493f04c8b16664540deaf769acabcb1866c02e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7ee496de6afd0f006f7212c5ae0031084d878bdc49ef08d1931732d4b6e6640767bfa70e0400d658bee85b1c8c596bf20f9a4a3a9381ddbf39190615dcf2fe08
|
|
7
|
+
data.tar.gz: c41cf4a5c9dd9973a5faca557807e5d6da8bace717486f393fabe118a178e3689c151b9f57f2619e2295a1b08c4c5db823efdfd4bd37c90f0fce12edd2b336bd
|
data/Gemfile.lock
CHANGED
|
@@ -36,16 +36,17 @@ GEM
|
|
|
36
36
|
minitest (~> 5.1)
|
|
37
37
|
thread_safe (~> 0.3, >= 0.3.4)
|
|
38
38
|
tzinfo (~> 1.1)
|
|
39
|
-
addressable (2.
|
|
39
|
+
addressable (2.6.0)
|
|
40
|
+
public_suffix (>= 2.0.2, < 4.0)
|
|
40
41
|
arel (6.0.0)
|
|
41
42
|
builder (3.2.2)
|
|
42
43
|
descendants_tracker (0.0.4)
|
|
43
44
|
thread_safe (~> 0.3, >= 0.3.1)
|
|
44
45
|
diff-lcs (1.2.5)
|
|
45
46
|
erubis (2.7.0)
|
|
46
|
-
faraday (0.9.
|
|
47
|
+
faraday (0.9.2)
|
|
47
48
|
multipart-post (>= 1.2, < 3)
|
|
48
|
-
git (1.
|
|
49
|
+
git (1.5.0)
|
|
49
50
|
github_api (0.11.3)
|
|
50
51
|
addressable (~> 2.3)
|
|
51
52
|
descendants_tracker (~> 0.0.1)
|
|
@@ -56,38 +57,40 @@ GEM
|
|
|
56
57
|
oauth2
|
|
57
58
|
globalid (0.3.5)
|
|
58
59
|
activesupport (>= 4.1.0)
|
|
59
|
-
hashie (3.
|
|
60
|
-
highline (
|
|
60
|
+
hashie (3.6.0)
|
|
61
|
+
highline (2.0.2)
|
|
61
62
|
i18n (0.7.0)
|
|
62
|
-
jeweler (2.
|
|
63
|
+
jeweler (2.1.2)
|
|
63
64
|
builder
|
|
64
65
|
bundler (>= 1.0)
|
|
65
66
|
git (>= 1.2.5)
|
|
66
|
-
github_api
|
|
67
|
+
github_api (~> 0.11.0)
|
|
67
68
|
highline (>= 1.6.15)
|
|
68
69
|
nokogiri (>= 1.5.10)
|
|
69
70
|
rake
|
|
70
71
|
rdoc
|
|
71
|
-
|
|
72
|
-
|
|
72
|
+
semver
|
|
73
|
+
json (1.8.6)
|
|
74
|
+
jwt (2.2.1)
|
|
73
75
|
loofah (2.0.2)
|
|
74
76
|
nokogiri (>= 1.5.9)
|
|
75
77
|
mail (2.6.3)
|
|
76
78
|
mime-types (>= 1.16, < 3)
|
|
77
79
|
mime-types (2.6.1)
|
|
78
|
-
|
|
80
|
+
mini_portile2 (2.1.0)
|
|
79
81
|
minitest (5.7.0)
|
|
80
|
-
multi_json (1.
|
|
81
|
-
multi_xml (0.
|
|
82
|
-
multipart-post (2.
|
|
83
|
-
nokogiri (1.6.
|
|
84
|
-
|
|
85
|
-
oauth2 (
|
|
86
|
-
faraday (>= 0.8, < 0.
|
|
87
|
-
jwt (
|
|
82
|
+
multi_json (1.13.1)
|
|
83
|
+
multi_xml (0.6.0)
|
|
84
|
+
multipart-post (2.1.1)
|
|
85
|
+
nokogiri (1.6.8.1)
|
|
86
|
+
mini_portile2 (~> 2.1.0)
|
|
87
|
+
oauth2 (1.4.1)
|
|
88
|
+
faraday (>= 0.8, < 0.16.0)
|
|
89
|
+
jwt (>= 1.0, < 3.0)
|
|
88
90
|
multi_json (~> 1.3)
|
|
89
91
|
multi_xml (~> 0.5)
|
|
90
|
-
rack (
|
|
92
|
+
rack (>= 1.2, < 3)
|
|
93
|
+
public_suffix (3.0.3)
|
|
91
94
|
rack (1.6.1)
|
|
92
95
|
rack-test (0.6.3)
|
|
93
96
|
rack (>= 1.0)
|
|
@@ -116,8 +119,7 @@ GEM
|
|
|
116
119
|
rake (>= 0.8.7)
|
|
117
120
|
thor (>= 0.18.1, < 2.0)
|
|
118
121
|
rake (10.4.2)
|
|
119
|
-
rdoc (
|
|
120
|
-
json (~> 1.4)
|
|
122
|
+
rdoc (5.1.0)
|
|
121
123
|
rspec (2.14.1)
|
|
122
124
|
rspec-core (~> 2.14.0)
|
|
123
125
|
rspec-expectations (~> 2.14.0)
|
|
@@ -134,6 +136,7 @@ GEM
|
|
|
134
136
|
rspec-core (~> 2.14.0)
|
|
135
137
|
rspec-expectations (~> 2.14.0)
|
|
136
138
|
rspec-mocks (~> 2.14.0)
|
|
139
|
+
semver (1.0.1)
|
|
137
140
|
shoulda-matchers (2.8.0)
|
|
138
141
|
activesupport (>= 3.0.0)
|
|
139
142
|
sprockets (3.2.0)
|
|
@@ -160,4 +163,4 @@ DEPENDENCIES
|
|
|
160
163
|
sqlite3
|
|
161
164
|
|
|
162
165
|
BUNDLED WITH
|
|
163
|
-
1.
|
|
166
|
+
1.16.6
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.0.
|
|
1
|
+
1.0.17
|
|
@@ -15,7 +15,7 @@ class AbilitiesController < ApplicationController
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def create
|
|
18
|
-
@ability = Ability.new(
|
|
18
|
+
@ability = Ability.new(ability_params)
|
|
19
19
|
if @ability.save
|
|
20
20
|
flash[:notice] = t('ability.created')
|
|
21
21
|
redirect_to :action => :index
|
|
@@ -32,7 +32,7 @@ class AbilitiesController < ApplicationController
|
|
|
32
32
|
def update
|
|
33
33
|
@ability = Ability.find(params[:id])
|
|
34
34
|
|
|
35
|
-
if @ability.update_attributes(
|
|
35
|
+
if @ability.update_attributes(ability_params)
|
|
36
36
|
flash[:notice] = t('ability.saved')
|
|
37
37
|
redirect_to :action => :index
|
|
38
38
|
else
|
|
@@ -40,7 +40,15 @@ class AbilitiesController < ApplicationController
|
|
|
40
40
|
end
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
-
|
|
43
|
+
protected
|
|
44
|
+
|
|
45
|
+
def ability_params
|
|
46
|
+
params.require(:ability).permit(:name, :description,
|
|
47
|
+
:ability_permissions_attributes => [:id, :permission_id, :_destroy,
|
|
48
|
+
:permission_attributes => [:id, :allowed_action, :_destroy]
|
|
49
|
+
]
|
|
50
|
+
)
|
|
51
|
+
end
|
|
44
52
|
|
|
45
53
|
|
|
46
54
|
end
|
data/app/models/ability.rb
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
class Ability < ActiveRecord::Base
|
|
2
2
|
has_many :ability_permissions
|
|
3
3
|
has_many :permissions, :through => :ability_permissions
|
|
4
|
+
has_many :authorizations
|
|
5
|
+
has_many :operators, :through => :authorizations
|
|
4
6
|
|
|
5
7
|
accepts_nested_attributes_for :permissions
|
|
6
8
|
accepts_nested_attributes_for :ability_permissions
|
|
@@ -25,8 +25,13 @@ class PermissionHash < HashWithIndifferentAccess
|
|
|
25
25
|
self[extent][path] ||= {}
|
|
26
26
|
|
|
27
27
|
allowed_actions = [:index, :show] if allowed_actions.nil? || allowed_actions.empty?
|
|
28
|
+
# always allow edit/update and create/new as a pair (allowing one immediately allows the other)
|
|
28
29
|
allowed_actions.push(:update) if allowed_actions.include?(:edit) && !allowed_actions.include?(:update)
|
|
30
|
+
allowed_actions.push(:edit) if allowed_actions.include?(:update) && !allowed_actions.include?(:edit)
|
|
29
31
|
allowed_actions.push(:create) if allowed_actions.include?(:new) && !allowed_actions.include?(:create)
|
|
32
|
+
allowed_actions.push(:new) if allowed_actions.include?(:create) && !allowed_actions.include?(:new)
|
|
33
|
+
allowed_actions.push(:destroy) if allowed_actions.include?(:delete) && !allowed_actions.include?(:destroy)
|
|
34
|
+
allowed_actions.push(:delete) if allowed_actions.include?(:destroy) && !allowed_actions.include?(:delete)
|
|
30
35
|
|
|
31
36
|
allowed_actions.each do |a|
|
|
32
37
|
self[extent][path][a] = 1
|
|
@@ -85,9 +90,13 @@ class PermissionHash < HashWithIndifferentAccess
|
|
|
85
90
|
|
|
86
91
|
|
|
87
92
|
def to_controller_name(klass)
|
|
88
|
-
klass_str = klass.is_a?(Class)
|
|
89
|
-
|
|
90
|
-
klass.
|
|
93
|
+
klass_str = if klass.is_a?(Class)
|
|
94
|
+
klass.name
|
|
95
|
+
elsif klass.is_a?(String) || klass.is_a?(Symbol)
|
|
96
|
+
klass.to_s
|
|
97
|
+
else
|
|
98
|
+
klass.class.name
|
|
99
|
+
end
|
|
91
100
|
"#{klass_str.underscore.pluralize}"
|
|
92
101
|
end
|
|
93
102
|
|
|
@@ -113,6 +122,7 @@ class PermissionHash < HashWithIndifferentAccess
|
|
|
113
122
|
action = action || 'index'
|
|
114
123
|
action = action.to_sym
|
|
115
124
|
controller_name = 'homepage' if controller_name == '/'
|
|
125
|
+
controller_name = controller_name.underscore
|
|
116
126
|
controller_name = controller_name[1..-1] if controller_name.starts_with?('/')
|
|
117
127
|
|
|
118
128
|
p = ''
|
|
@@ -129,4 +139,4 @@ class PermissionHash < HashWithIndifferentAccess
|
|
|
129
139
|
result
|
|
130
140
|
end
|
|
131
141
|
|
|
132
|
-
end
|
|
142
|
+
end
|
|
@@ -10,15 +10,9 @@ module Vigilante
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def add_authorization(role, extent=nil)
|
|
13
|
-
ability = Ability.
|
|
13
|
+
ability = Ability.where("lower(name) = '#{role.downcase}'").first
|
|
14
14
|
raise StandardError.new("Role #{role} is not converted to a corresponding authorization. It does not exist.") if ability.nil?
|
|
15
15
|
|
|
16
|
-
# extent_params = {}
|
|
17
|
-
# unless extent.nil?
|
|
18
|
-
# extent_params[:extent] = extent.id
|
|
19
|
-
# extent_params[:extent_type] = extent.class.name
|
|
20
|
-
# end
|
|
21
|
-
|
|
22
16
|
new_authorization = ::Authorization.create(:operator_id => self.id, :ability_id => ability.id)
|
|
23
17
|
unless extent.nil?
|
|
24
18
|
new_authorization.add_extent(extent)
|
|
@@ -232,4 +226,4 @@ module Vigilante
|
|
|
232
226
|
end
|
|
233
227
|
|
|
234
228
|
end
|
|
235
|
-
end
|
|
229
|
+
end
|
|
@@ -66,6 +66,20 @@ describe PermissionHash do
|
|
|
66
66
|
it "can visit posts index in context 1" do
|
|
67
67
|
@ph.is_allowed_by_context('posts', :index, ['1']).should be_true
|
|
68
68
|
end
|
|
69
|
+
describe "alternative writing styles" do
|
|
70
|
+
it "can visit :post index in context 1" do
|
|
71
|
+
@ph.is_allowed_by_context(:post, :index, ['1']).should be_true
|
|
72
|
+
end
|
|
73
|
+
it "can visit :post index in context 1" do
|
|
74
|
+
@ph.is_allowed_by_context(Post, :index, ['1']).should be_true
|
|
75
|
+
end
|
|
76
|
+
it "can visit :post index in context 1" do
|
|
77
|
+
@ph.is_allowed_by_context(:posts, :index, ['1']).should be_true
|
|
78
|
+
end
|
|
79
|
+
it "cannot visit 'post' index in context 1 --strings are not transformed" do
|
|
80
|
+
@ph.is_allowed_by_context('post', :index, ['1']).should be_false
|
|
81
|
+
end
|
|
82
|
+
end
|
|
69
83
|
it "cannot visit posts index without context" do
|
|
70
84
|
@ph.is_allowed_by_context('posts', :index, nil).should be_false
|
|
71
85
|
end
|
data/vigilante.gemspec
CHANGED
|
@@ -2,18 +2,18 @@
|
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
|
-
# stub: vigilante 1.0.
|
|
5
|
+
# stub: vigilante 1.0.17 ruby lib
|
|
6
6
|
|
|
7
7
|
Gem::Specification.new do |s|
|
|
8
|
-
s.name = "vigilante"
|
|
9
|
-
s.version = "1.0.
|
|
8
|
+
s.name = "vigilante".freeze
|
|
9
|
+
s.version = "1.0.17"
|
|
10
10
|
|
|
11
|
-
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
12
|
-
s.require_paths = ["lib"]
|
|
13
|
-
s.authors = ["Nathan Van der Auwera"]
|
|
14
|
-
s.date = "
|
|
15
|
-
s.description = "Vigilante is a db-backed authorisation, completely configurable and dynamic; where permissions can be limited to extents."
|
|
16
|
-
s.email = "nathan@dixis.com"
|
|
11
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
|
|
12
|
+
s.require_paths = ["lib".freeze]
|
|
13
|
+
s.authors = ["Nathan Van der Auwera".freeze]
|
|
14
|
+
s.date = "2020-09-06"
|
|
15
|
+
s.description = "Vigilante is a db-backed authorisation, completely configurable and dynamic; where permissions can be limited to extents.".freeze
|
|
16
|
+
s.email = "nathan@dixis.com".freeze
|
|
17
17
|
s.extra_rdoc_files = [
|
|
18
18
|
"README.markdown"
|
|
19
19
|
]
|
|
@@ -117,26 +117,26 @@ Gem::Specification.new do |s|
|
|
|
117
117
|
"spec/vigilante_spec.rb",
|
|
118
118
|
"vigilante.gemspec"
|
|
119
119
|
]
|
|
120
|
-
s.homepage = "http://github.com/vigilante"
|
|
121
|
-
s.rubygems_version = "2.
|
|
122
|
-
s.summary = "Context-based, db-backed authorisation for your rails3 apps"
|
|
120
|
+
s.homepage = "http://github.com/vigilante".freeze
|
|
121
|
+
s.rubygems_version = "2.7.10".freeze
|
|
122
|
+
s.summary = "Context-based, db-backed authorisation for your rails3 apps".freeze
|
|
123
123
|
|
|
124
124
|
if s.respond_to? :specification_version then
|
|
125
125
|
s.specification_version = 4
|
|
126
126
|
|
|
127
127
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
128
|
-
s.add_runtime_dependency(%q<rails
|
|
129
|
-
s.add_development_dependency(%q<jeweler
|
|
130
|
-
s.add_development_dependency(%q<rspec-rails
|
|
128
|
+
s.add_runtime_dependency(%q<rails>.freeze, [">= 4.0.0"])
|
|
129
|
+
s.add_development_dependency(%q<jeweler>.freeze, [">= 0"])
|
|
130
|
+
s.add_development_dependency(%q<rspec-rails>.freeze, ["~> 2.14.0"])
|
|
131
131
|
else
|
|
132
|
-
s.add_dependency(%q<rails
|
|
133
|
-
s.add_dependency(%q<jeweler
|
|
134
|
-
s.add_dependency(%q<rspec-rails
|
|
132
|
+
s.add_dependency(%q<rails>.freeze, [">= 4.0.0"])
|
|
133
|
+
s.add_dependency(%q<jeweler>.freeze, [">= 0"])
|
|
134
|
+
s.add_dependency(%q<rspec-rails>.freeze, ["~> 2.14.0"])
|
|
135
135
|
end
|
|
136
136
|
else
|
|
137
|
-
s.add_dependency(%q<rails
|
|
138
|
-
s.add_dependency(%q<jeweler
|
|
139
|
-
s.add_dependency(%q<rspec-rails
|
|
137
|
+
s.add_dependency(%q<rails>.freeze, [">= 4.0.0"])
|
|
138
|
+
s.add_dependency(%q<jeweler>.freeze, [">= 0"])
|
|
139
|
+
s.add_dependency(%q<rspec-rails>.freeze, ["~> 2.14.0"])
|
|
140
140
|
end
|
|
141
141
|
end
|
|
142
142
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: vigilante
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Van der Auwera
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-09-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -177,7 +177,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
177
177
|
version: '0'
|
|
178
178
|
requirements: []
|
|
179
179
|
rubyforge_project:
|
|
180
|
-
rubygems_version: 2.
|
|
180
|
+
rubygems_version: 2.7.10
|
|
181
181
|
signing_key:
|
|
182
182
|
specification_version: 4
|
|
183
183
|
summary: Context-based, db-backed authorisation for your rails3 apps
|