serodriguez68 / authz Goto Github PK
View Code? Open in Web Editor NEWAuthz is an opinionated almost-turnkey solution for managing authorization in your Rails application.
License: MIT License
Authz is an opinionated almost-turnkey solution for managing authorization in your Rails application.
License: MIT License
Note: please note that this is a note to self and not a bug in the gem.
The current definition of a role implies that the same scoping rules apply for every action a role can do. A counterexample that breaks this assumption is “a writer should be able to see everyone’s reports but only edit his”. In this case, the writer is both allowed to view and to edit reports, but the scoping rules that apply for the actions are different (Scope By User: “all” and “mine”) respectively.
This use case can still be handled by creating 2 roles “all content reader” and “own content editor” and assigning them both to writer users. However, the clarity of the structure suffers. Alternatively, if these cases are not prevalent, developers can choose to handle them by hand.
Request from the community to natively support these types of use cases are expected. However, it is still too early to tell the extent of the support required and waiting to hear back from the community is advisable.
Additionally, the role composition feature which is a candidate for the pipeline could solve this issue altogether.
The command rails g authz:install
copies the internal Authz migrations into the host application. The user is then prompted to run rails db:migrate
to setup all the tables that are required by Authz.
The problem is that all Authz migrations have a hardcoded < ActiveRecord::Migration[5.2]
that does not adapt to the host's Rails version.
Hello, thanks for this gem, it fits perfectly with what my team wants, but I am having issues with implementing it in the API we have. Using the demo app as a guide, alongside the documentation of the gem, I have been able to create a business process, role and controller actions. I was also able to assign the role to a user that I have in my DB. But when I try to access the resource that the user assigned role has access to I get a 500 status error, I am unsure where that's coming from.
Here is what my application_controller.rb file looks like.
class ApplicationController < ActionController::API
# include MailerUrlHelper
# before_action :set_mailer_url_options, if: :devise_controller?
include DeviseTokenAuth::Concerns::SetUserByToken
before_action :configure_permitted_parameters, if: :devise_controller?
include ActionController::Helpers
before_action :authenticate_api_v1_user! # Typical for devise
include Authz::Controllers::AuthorizationManager
rescue_from Authz::Controllers::AuthorizationManager::NotAuthorized, with: :unauthorized_handler
helper_method :current_user_authz
private
def current_user_authz
current_api_v1_user.try(:user)
end
protected
def configure_permitted_parameters
keys = %i[full_name work_phone company_role role team_size phone_number]
devise_parameter_sanitizer.permit(:sign_up, keys: keys)
devise_parameter_sanitizer.permit(:account_update, keys: keys)
end
def unauthorized_handler
msg = 'Ooops! It seems that you are not authorized to do that!'
render json: { success: false, response: msg }
end
end
Here is the controller action
def index
authorize skip_scoping: true
data = ::V1::TaskParam.new(params).index
@tasks = Campaigns::Task.includes(assignee: :user).where(data).before(with_cursor).limit(per_page)
render json: ::V1::TaskSerializer.new(@tasks, index_options).serializable_hash
end
I didn't tamper with the configuration file. Any idea what I could possibly be doing wrong? Thanks.
Unsure what would cause this, but rails won't even boot. Using Rails5. Let me know what information would be helpful in troubleshooting this.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.