Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
259 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
Feature: Authorizing Access using Pundit | ||
|
||
Background: | ||
Given I am logged in | ||
And 1 post exists | ||
And a configuration of: | ||
""" | ||
require 'pundit' | ||
ActiveAdmin.application.namespace(:admin).authorization_adapter = ActiveAdmin::PunditAdapter | ||
ActiveAdmin.register Post do | ||
end | ||
ActiveAdmin.register_page "No Access" do | ||
end | ||
""" | ||
And I am on the index page for posts | ||
|
||
@allow-rescue | ||
Scenario: Attempt to access a resource I am not authorized to see | ||
When I go to the last post's edit page | ||
Then I should see "You are not authorized to perform this action" | ||
|
||
Scenario: Viewing the default action items | ||
When I follow "View" | ||
Then I should not see an action item link to "Edit" | ||
|
||
@allow-rescue | ||
Scenario: Attempting to visit a Page without authorization | ||
When I go to the admin no access page | ||
Then I should see "You are not authorized to perform this action" | ||
|
||
@allow-rescue | ||
Scenario: Viewing a page with authorization | ||
When I go to the admin dashboard page | ||
Then I should see "Dashboard" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
require 'pundit' | ||
|
||
module ActiveAdmin | ||
|
||
class PunditAdapter < AuthorizationAdapter | ||
|
||
def authorized?(action, subject = nil) | ||
policy = retreive_policy(subject) | ||
action = format_action(action, subject) | ||
|
||
policy.class.method_defined?(action) && policy.send(action) | ||
end | ||
|
||
def scope_collection(collection, action = Auth::READ) | ||
# scoping is appliable only to read/index action | ||
# which means there is no way how to scope other actions | ||
Pundit.policy_scope!(user, collection) | ||
end | ||
|
||
|
||
def retreive_policy(subject) | ||
case subject | ||
when nil then Pundit.policy!(user, resource) | ||
when Class then Pundit.policy!(user, subject.new) | ||
else Pundit.policy!(user, subject) | ||
end | ||
end | ||
|
||
def format_action(action, subject) | ||
# https://github.com/elabs/pundit/blob/master/lib/generators/pundit/install/templates/application_policy.rb | ||
case action | ||
when Auth::CREATE then :create? | ||
when Auth::UPDATE then :update? | ||
when Auth::READ then subject.is_a?(Class) ? :index? : :show? | ||
when Auth::DESTROY then subject.is_a?(Class) ? :destroy_all? : :destroy? | ||
else "#{action}?" | ||
end | ||
end | ||
|
||
end | ||
|
||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
9 changes: 9 additions & 0 deletions
9
spec/support/templates/policies/active_admin/comment_policy.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
module ActiveAdmin | ||
class CommentPolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
end | ||
end |
18 changes: 18 additions & 0 deletions
18
spec/support/templates/policies/active_admin/page_policy.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
module ActiveAdmin | ||
class PagePolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
|
||
def show? | ||
case record.name | ||
when "Dashboard" | ||
true | ||
else | ||
false | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
class AdminUserPolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
|
||
def destroy? | ||
record != user | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
class ApplicationPolicy | ||
attr_reader :user, :record | ||
|
||
def initialize(user, record) | ||
@user = user | ||
@record = record | ||
end | ||
|
||
def index? | ||
true | ||
end | ||
|
||
def show? | ||
scope.where(:id => record.id).exists? | ||
end | ||
|
||
def new? | ||
create? | ||
end | ||
|
||
def create? | ||
true | ||
end | ||
|
||
def edit? | ||
update? | ||
end | ||
|
||
def update? | ||
true | ||
end | ||
|
||
def destroy? | ||
true | ||
end | ||
|
||
def destroy_all? | ||
true | ||
end | ||
|
||
|
||
def scope | ||
Pundit.policy_scope!(user, record.class) | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
class CategoryPolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
class PostPolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
|
||
def update? | ||
record.author == user | ||
end | ||
|
||
def destroy? | ||
update? | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
class StorePolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
|
||
def destroy? | ||
false | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
class UserPolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
|
||
def destroy_all? | ||
true | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
require 'spec_helper' | ||
|
||
describe ActiveAdmin::PunditAdapter do | ||
|
||
describe "full integration" do | ||
|
||
let(:application) { ActiveAdmin::Application.new } | ||
let(:namespace) { ActiveAdmin::Namespace.new(application, "Admin") } | ||
let(:resource) { namespace.register(Post) } | ||
let(:auth) { namespace.authorization_adapter.new(resource, double) } | ||
|
||
before do | ||
namespace.authorization_adapter = ActiveAdmin::PunditAdapter | ||
end | ||
|
||
it "should initialize the ability stored in the namespace configuration" do | ||
expect(auth.authorized?(:read, Post)).to eq true | ||
expect(auth.authorized?(:update, Post)).to eq false | ||
end | ||
|
||
it "should scope the collection" do | ||
class RSpec::Mocks::MockPolicy < ApplicationPolicy | ||
class Scope < Struct.new(:user, :scope) | ||
def resolve | ||
scope | ||
end | ||
end | ||
end | ||
|
||
collection = double | ||
auth.scope_collection(collection, :read) | ||
expect(collection).to eq collection | ||
end | ||
end | ||
|
||
end |