From daf38f130d3a82e4d8eabe2d3be47bc1cbfeb9e7 Mon Sep 17 00:00:00 2001 From: Washington Botelho Date: Sat, 10 Feb 2024 17:41:20 -0300 Subject: [PATCH] v0.5.0 --- CHANGELOG.md | 6 ++++++ Gemfile.lock | 2 +- README.md | 28 +++++++++++++++++++++------- lib/authorizy/version.rb | 2 +- 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dd8017..6943598 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# v0.5.0 + +## Fixes + +- The `authorizy?` helper now accepts custom parameters; + # v0.4.1 ## Fixes diff --git a/Gemfile.lock b/Gemfile.lock index 3a95a90..3111e2b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - authorizy (0.4.1) + authorizy (0.5.0) GEM remote: https://rubygems.org/ diff --git a/README.md b/README.md index b9e89f2..9f5e97b 100644 --- a/README.md +++ b/README.md @@ -208,15 +208,29 @@ Using on view: <% end %> ``` +Usually, we use the helper to check DB permission, not the runtime permission using the Cop file, although you can do it. Just remember that the parameters will be related to the current page, not the action you're protecting. + Using on jBuilder view: ```ruby -json.create_link new_users_url if authorizy?(:users, :create) +if authorizy?(:users, :create) + link_to('Create', new_users_url) +end +``` + +But if you want to simulate the access on that resource you can manually provide the same parameters dispatched when you normally access that resource: + +```ruby +if authorizy?(:users, :create, params: { role: 'admin' }) + link_to('Create', new_users_url(role: 'admin')) +end ``` +Now you're providing the same parameters used in runtime when the user accesses the link, so now, we can check the "future" access and prevent or allow it before happens. + # Specs -To test some routes you'll need to give or not permission to the user, for that you have to ways, where the first is give permission to the user via session: +To test some routes you'll need to give or not permission to the user, for that you have two ways, where the first is the user via session: ```ruby before do @@ -238,7 +252,7 @@ end ## Checks -We have a couple of check, here is the order: +We have a couple of checks, here is the order: 1. `Authorizy::BaseCop#access?`; 2. `session[:permissions]`; @@ -247,15 +261,15 @@ We have a couple of check, here is the order: ## Performance -If you have few permissions, you can save the permissions in the session and avoid hit database many times, but if you have a couple of them, maybe it's a good idea save it in some place like [Redis](https://redis.io). +If you have few permissions, you can save the permissions in the session and avoid hitting the database many times, but if you have a couple of them, maybe it's a good idea to save them in some place like [Redis](https://redis.io). ## Management -It's a good idea you keep your permissions in the database, so the customer can change it dynamic. You can load all permissions when the user is logged and cache it later. For cache expiration, you can trigger a refresh everytime that the permissions change. +It's a good idea you keep your permissions in the database, so the customer can change it dynamically. You can load all permissions when the user is logged in and cache it later. For cache expiration, you can trigger a refresh every time that the permissions change. ## Database Structure -Inside database you can use the following relation to dynamicly change your permissions: +Inside the database, you can use the following relation to dynamically change your permissions: ```ruby plans -> plans_permissions <- permissions @@ -269,7 +283,7 @@ plans -> plans_permissions <- permissions ## RSpec -You can test you app passing through all authorizy layers: +You can test your app by passing through all Authorizy layers: ```ruby user = User.create!(permission: { permissions: [[:users, :create]] }) diff --git a/lib/authorizy/version.rb b/lib/authorizy/version.rb index 8b0d009..b8d3de1 100644 --- a/lib/authorizy/version.rb +++ b/lib/authorizy/version.rb @@ -1,5 +1,5 @@ # frozen_string_literal: true module Authorizy - VERSION = '0.4.1' + VERSION = '0.5.0' end