wcc-auth 0.3.3 → 0.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/wcc/auth/config.rb +27 -13
- data/lib/wcc/auth/version.rb +1 -1
- data/spec/spec_helper.rb +0 -1
- data/spec/wcc/auth/access_level_spec.rb +4 -4
- data/wcc-auth.gemspec +1 -1
- metadata +40 -41
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f10f1aef9cdf3ee3030f9773876053391acf537a
|
|
4
|
+
data.tar.gz: d1aa25a309e9648a8832f2a2042675de54a9976f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 83803f397bcb1f3d2714941f0a8e2ce085e7ca8f2eb699e0c64f801b63f05bbafcd56a42b77840fc2a74c1879215efb6c53f98849b403f418e28d5d3ef2cbce2
|
|
7
|
+
data.tar.gz: b0c2f79d95e663256c6387d1711efd6a0d85a6076abe57b5e5dd09e4490ebf93d84c581edfbec4318b9ad28164db1a4af70a400359345f62cb1108c620d6c880
|
data/lib/wcc/auth/config.rb
CHANGED
|
@@ -33,6 +33,12 @@ WCC::Auth::Config = Struct.new(:environment,
|
|
|
33
33
|
self[:app_domain_suffix] || default_app_domain_suffix
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
+
def url_for(app_name)
|
|
37
|
+
return ENV["#{app_name.to_s.upcase}_URL"] if ENV["#{app_name.to_s.upcase}_URL"]
|
|
38
|
+
|
|
39
|
+
"#{app_url_protocol_for(environment)}://#{app_name}#{app_domain_suffix_for(environment)}"
|
|
40
|
+
end
|
|
41
|
+
|
|
36
42
|
def nucleus_url
|
|
37
43
|
return ENV['NUCLEUS_URL'] if ENV['NUCLEUS_URL']
|
|
38
44
|
|
|
@@ -46,13 +52,18 @@ WCC::Auth::Config = Struct.new(:environment,
|
|
|
46
52
|
end
|
|
47
53
|
end
|
|
48
54
|
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
55
|
+
def app_domain_suffix_for(environment)
|
|
56
|
+
case environment.to_sym
|
|
57
|
+
when :production
|
|
58
|
+
".watermark.org"
|
|
59
|
+
when :staging
|
|
60
|
+
".staging.watermark.org"
|
|
61
|
+
when :development
|
|
62
|
+
".dev"
|
|
63
|
+
end
|
|
53
64
|
end
|
|
54
65
|
|
|
55
|
-
def
|
|
66
|
+
def app_url_protocol_for(environment)
|
|
56
67
|
case environment.to_sym
|
|
57
68
|
when :production
|
|
58
69
|
"https"
|
|
@@ -61,15 +72,18 @@ WCC::Auth::Config = Struct.new(:environment,
|
|
|
61
72
|
end
|
|
62
73
|
end
|
|
63
74
|
|
|
75
|
+
private
|
|
76
|
+
|
|
77
|
+
def default_app_url
|
|
78
|
+
"#{app_url_protocol}://#{app_name}#{app_domain_suffix}"
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
def default_app_url_protocol
|
|
82
|
+
app_url_protocol_for(environment)
|
|
83
|
+
end
|
|
84
|
+
|
|
64
85
|
def default_app_domain_suffix
|
|
65
|
-
|
|
66
|
-
when :production
|
|
67
|
-
".watermark.org"
|
|
68
|
-
when :staging
|
|
69
|
-
".staging.watermark.org"
|
|
70
|
-
when :development
|
|
71
|
-
".dev"
|
|
72
|
-
end
|
|
86
|
+
app_domain_suffix_for(environment)
|
|
73
87
|
end
|
|
74
88
|
|
|
75
89
|
def default_authorize_site
|
data/lib/wcc/auth/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
|
@@ -33,7 +33,7 @@ describe WCC::Auth::AccessLevel do
|
|
|
33
33
|
it "returns array of records as listed in db argument" do
|
|
34
34
|
levels = subject.all(test_db)
|
|
35
35
|
expect(levels.count).to eq(2)
|
|
36
|
-
expect(levels.all? { |level| level.kind_of?(klass) }).to
|
|
36
|
+
expect(levels.all? { |level| level.kind_of?(klass) }).to be_truthy
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
it "returns objects in level order" do
|
|
@@ -55,9 +55,9 @@ describe WCC::Auth::AccessLevel do
|
|
|
55
55
|
b = klass.new
|
|
56
56
|
a.level = 1
|
|
57
57
|
b.level = 2
|
|
58
|
-
expect(a < b).to
|
|
59
|
-
expect(b == a).to
|
|
60
|
-
expect(b < a).to
|
|
58
|
+
expect(a < b).to be_truthy
|
|
59
|
+
expect(b == a).to be_falsey
|
|
60
|
+
expect(b < a).to be_falsey
|
|
61
61
|
end
|
|
62
62
|
end
|
|
63
63
|
|
data/wcc-auth.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wcc-auth
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Travis Petticrew
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-11-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: cancancan
|
|
@@ -98,16 +98,16 @@ dependencies:
|
|
|
98
98
|
name: rspec
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
|
-
- - "
|
|
101
|
+
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version: '
|
|
103
|
+
version: '3.3'
|
|
104
104
|
type: :development
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
|
-
- - "
|
|
108
|
+
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version: '
|
|
110
|
+
version: '3.3'
|
|
111
111
|
description: Authentication / Authorization library for Watermark apps
|
|
112
112
|
email:
|
|
113
113
|
- tpetticrew@watermark.org
|
|
@@ -161,44 +161,43 @@ rubyforge_project:
|
|
|
161
161
|
rubygems_version: 2.4.2
|
|
162
162
|
signing_key:
|
|
163
163
|
specification_version: 4
|
|
164
|
-
summary:
|
|
165
|
-
Watermark's OAuth provider as well as authorizing the user has access to specific
|
|
164
|
+
summary: '# WCC::Auth Provides the necessary tools for handling authentication through
|
|
165
|
+
Watermark''s OAuth provider as well as authorizing the user has access to specific
|
|
166
166
|
features within the application. There are special hooks for Rails apps using Devise,
|
|
167
167
|
but the primitive structures could be used on any Ruby project. Currently, the only
|
|
168
|
-
tested path is Rails with Devise. ## Installation Add this line to your application's
|
|
169
|
-
Gemfile: ```ruby gem 'wcc-auth', '~> 0.3.2' ``` If you are using a Rails app
|
|
170
|
-
Devise you can use a special require hook that will setup all the Devise specific
|
|
171
|
-
configuration for you. ```ruby gem 'wcc-auth', '~> 0.3.2', require: 'wcc/auth/devise'
|
|
168
|
+
tested path is Rails with Devise. ## Installation Add this line to your application''s
|
|
169
|
+
Gemfile: ```ruby gem ''wcc-auth'', ''~> 0.3.2'' ``` If you are using a Rails app
|
|
170
|
+
with Devise you can use a special require hook that will setup all the Devise specific
|
|
171
|
+
configuration for you. ```ruby gem ''wcc-auth'', ''~> 0.3.2'', require: ''wcc/auth/devise''
|
|
172
172
|
``` ## Configuration There are a few steps to setup your app. These instructions
|
|
173
|
-
are specific to a Rails app. #### Add the configuration block to an initializer
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
for
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
can :manage, :all
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
Create new Pull Request"
|
|
173
|
+
are specific to a Rails app. #### Add the configuration block to an initializer In
|
|
174
|
+
order to configure the gem you must run the `WCC::Auth.setup` block. See below for
|
|
175
|
+
an example: ```ruby WCC::Auth.setup do |config| config.app_name = "app-name" config.environment
|
|
176
|
+
= Rails.env config.app_id = ''app-client-id-from-oauth-provider'' config.app_secret
|
|
177
|
+
= ''app-client-secret-from-oauth-provider'' end ``` #### Setup your controllers ```ruby
|
|
178
|
+
# Add this include to your ApplicationController class ApplicationController < ActionController::Base
|
|
179
|
+
include WCC::Auth::ControllerHelpers end ``` #### Setup your user model ```ruby
|
|
180
|
+
class User < ActiveRecord::Base include WCC::Auth::Providers::ActiveRecord devise
|
|
181
|
+
:omniauthable # ... end ``` #### Setup authorization (optional) If you would
|
|
182
|
+
like to use the `TieredAbility` class included with `WCC::Auth` just create an Ability
|
|
183
|
+
class that extends the `WCC::Auth::TieredAbility` class. The authenticated user
|
|
184
|
+
will include an info variables called `access_level_id`. This corresponds to a `WCC::Auth::AccessLevel`. The
|
|
185
|
+
access levels are broken down into 5 tiers with the following rules: * **No access**
|
|
186
|
+
-- This is the default level * **Basic** -- This is provides read-only access *
|
|
187
|
+
**Contribute** -- Read-write for only data the user owns * **Manage** -- Read-write
|
|
188
|
+
for other''s data * **App Admin** -- Can change app configuration * **System Admin**
|
|
189
|
+
-- Has full access to all features always Each tier inherits all priveleges of
|
|
190
|
+
the lower tiers. The rules here are guidelines for the app to follow. It is ultimately
|
|
191
|
+
up to the client application to decide what each of these tiers means for it. Do
|
|
192
|
+
your best to adhere to these rules. Here is an example Ability class using the
|
|
193
|
+
DSL provided by `WCC::Auth`. ```ruby class Ability < WCC::Auth::TieredAbility at_level(:contribute)
|
|
194
|
+
do |user| can :read, Person can :manage, Task, created_by_id: user.id can :manage,
|
|
195
|
+
Comment, created_by_id: user.id cannot :destroy, Task end at_level(:appadmin)
|
|
196
|
+
do |user| can :manage, :all cannot :create, TaskGroup end at_level(:sysadmin)
|
|
197
|
+
do |user| can :manage, :all end end ``` ## Contributing 1. Fork it 2. Create your
|
|
198
|
+
feature branch (`git checkout -b my-new-feature`) 3. Commit your changes (`git commit
|
|
199
|
+
-am ''Add some feature''`) 4. Push to the branch (`git push origin my-new-feature`)
|
|
200
|
+
5. Create new Pull Request'
|
|
202
201
|
test_files:
|
|
203
202
|
- spec/spec_helper.rb
|
|
204
203
|
- spec/wcc/auth/access_level_spec.rb
|