Polar 0.2.0

data/.gitignore

@@ -0,0 +1,36 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## Rubinius
+*.rbc
+
+## PROJECT::GENERAL
+*.gem
+coverage
+rdoc
+pkg
+tmp
+doc
+log
+.yardoc
+measurements
+
+## BUNDLER
+.bundle
+Gemfile.local
+Gemfile.lock
+
+## PROJECT::SPECIFIC
+vendor

data/Polar.gemspec

@@ -0,0 +1,56 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{Polar}
+  s.version = "0.2.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Grzegorz Kazulak", "Lukasz Tackowiak"]
+  s.date = %q{2010-07-29}
+  s.description = %q{Control access like a bear}
+  s.email = %q{grzegorz.kazulak@gmail.com}
+  s.extra_rdoc_files = [
+    "README.md"
+  ]
+  s.files = [
+    ".gitignore",
+     "Polar.gemspec",
+     "README.md",
+     "Rakefile",
+     "VERSION",
+     "init.rb",
+     "lib/polar.rb",
+     "lib/polar/adapter.rb",
+     "lib/polar/adapters/active_record.rb",
+     "lib/polar/errors.rb",
+     "lib/polar/frameworks/rails.rb",
+     "lib/polar/groups.rb",
+     "lib/polar/permissions.rb",
+     "spec/polar_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/grzegorzkazulak/Polar}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{grizzlies}
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Access control for polar bears}
+  s.test_files = [
+    "spec/polar_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

data/README.md

@@ -0,0 +1,61 @@
+Polar
+===============================
+
+Polar is a simple, fast and powerful way to manage user permissions/groups. It uses redis as a backend storage mechanism for all your permissions mechanism and simple DSL to define all the available permissions within a system.
+
+Usage example
+----------
+
+	class User < ActiveRecord::Base
+	
+	  default :permissions do |p|
+	    p.edit_profile
+	    p.manage_addresses
+	  end
+  
+	  default :groups do |g|
+	    g.administrators
+	  end
+	end
+	
+Below the code definition to accompany the settings from User model. That should resist somewhere in your initializers folder.
+	
+Example definition
+----------
+
+	Polar.define :permissions do |gz|
+	  gz.edit_profile do |c|
+	    c.allow :users_controller, :only => [:edit, :update]
+	  end
+  
+	  gz.manage_addresses do |gz|
+	    c.allow :addresses_controller
+	  end
+	end
+	
+Example usage
+----------
+
+	@user = User.first
+	
+	# Check if user has specific permission
+	@user.can?(:edit_profile)
+	
+	# Check if user belongs to specific group
+	@user.member_of?(:administrators)
+	
+	
+## Note on Patches/Pull Requests
+
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+
+### Credits
+
+- Grzegorz Kazulak <grzegorz.kazulak@gmail.com>

data/Rakefile

@@ -0,0 +1,49 @@
+require 'rake'
+require 'spec/rake/spectask'
+adapters = Dir[File.dirname(__FILE__) + '/lib/polar/adapter/*.rb'].map{|file| File.basename(file, '.rb') }
+
+task :spec do
+  adapters.map{|adapter| "spec:#{adapter}"}.each do |spec|
+    Rake::Task[spec].invoke
+  end
+end
+
+namespace :spec do
+  adapters.each do |adapter|
+    Spec::Rake::SpecTask.new(adapter) do |spec|
+      spec.spec_files = FileList['spec/*_spec.rb']
+    end
+  end
+end
+
+Spec::Rake::SpecTask.new(:rcov) do |spec|
+  spec.libs << 'lib' << 'spec'
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :default => :spec
+
+begin
+  gem 'jeweler', '~> 1.4'
+  require 'jeweler'
+
+  Jeweler::Tasks.new do |gem|
+    gem.name        = 'Polar'
+    gem.summary     = 'Access control for polar bears'
+    gem.description = 'Control access like a bear'
+    gem.email       = 'grzegorz.kazulak@gmail.com'
+    gem.homepage    = 'http://github.com/grzegorzkazulak/%s' % gem.name
+    gem.authors     = [ 'Grzegorz Kazulak', 'Lukasz Tackowiak']
+
+    gem.rubyforge_project = 'grizzlies'
+  end
+
+  Jeweler::GemcutterTasks.new
+
+  FileList['tasks/**/*.rake'].each { |task| import task }
+rescue LoadError
+  puts 'Jeweler (or a dependency) not available. Install it with: gem install jeweler'
+end
+
+task(:spec) {} # stub out the spec task for as long as we don't have any specs

data/VERSION

@@ -0,0 +1 @@
+0.2.0

data/init.rb

@@ -0,0 +1 @@
+require 'polar'

data/lib/polar.rb

@@ -0,0 +1,23 @@
+require 'logger'
+require 'polar/adapter'
+require 'polar/errors'
+require 'polar/groups'
+require 'polar/permissions'
+require 'polar/frameworks/rails'
+
+module Polar
+
+  class << self
+    attr_accessor :logger    
+  end
+  
+  def self.define(type)
+    case type
+    when :permissions
+      yield(Polar::Permissions.define)
+    when :groups
+      yield(Polar::Groups.define)
+    end
+  end
+  self.logger = Logger.new(STDOUT)
+end

data/lib/polar/adapter.rb

@@ -0,0 +1,7 @@
+require File.expand_path(File.dirname(__FILE__) + '/adapters/active_record')
+
+module Polar #nodoc
+  module Adapter
+    
+  end
+end

data/lib/polar/adapters/active_record.rb

@@ -0,0 +1,86 @@
+require 'active_record'
+
+class UserPermission < ActiveRecord::Base;
+  def self.get_for_subject(subject_id)
+    find_all_by_user_id(subject_id)
+  end
+end
+
+class UserGroup < ActiveRecord::Base;
+  def self.get_for_subject(subject_id)
+    find_all_by_user_id(subject_id)
+  end
+end
+
+module Polar #nodoc
+  module ActiveRecordExtensions
+    
+    def self.included(base)
+        base.extend(ClassMethods)
+        base.send(:include, InstanceMethods)
+    end
+    
+    module InstanceMethods
+      def permission_object
+        UserPermission
+      end
+
+      def group_object
+        UserGroup
+      end
+
+      def permissions
+        return @permissions if defined?(@permissions)
+        auth = Polar::Permissions.new
+        auth.fill_subject_from_external_store(self.id, permission_object, group_object)
+        @permissions = auth.subject_store.sort { |a,b| a.to_s <=> b.to_s }
+      end
+      
+      def groups
+        return @groups if defined?(@groups)
+        auth = Polar::Groups.new
+        auth.fill_subject_from_external_store(self.id, group_object)
+        @groups = auth.subject_store.sort { |a,b| a.to_s <=> b.to_s }
+      end
+      
+      # Check whenever specific subject has right permission assigned to him
+      # either via defaults defined in the model or the database
+      def can?(permission)
+        raise Polar::PermissionNotDefined unless Polar::Permissions.defined_store.has_key?(permission)
+        permissions.include? permission
+      end
+      
+      # Check whenever specific subject is a member of a right group
+      # either via defaults defined in the model or the database
+      def member_of?(group)
+        groups.include? group
+      end
+      
+    end
+    
+    module ClassMethods
+      
+      def acts_as_polar
+      end
+      
+      def owner(authorization_subject)
+        # Return owner
+      end
+      
+      def default(kind)
+        case kind
+        when :permissions
+          # Permissions
+          yield(Polar::DefaultPermissions.instance)
+        when :groups
+          # Groups
+          yield(Polar::DefaultGroups.instance)
+        end
+      end
+    end
+  end
+end
+
+if defined? ActiveRecord::Base
+  ActiveRecord::Base.send(:include, Polar::ActiveRecordExtensions)
+end

data/lib/polar/errors.rb

@@ -0,0 +1,7 @@
+module Polar #nodoc
+  class PermissionNotDefinedButSetAsDefault < StandardError; end
+  class PermissionNotDefined < StandardError; end
+  class AuthorizationFailureNoUser < StandardError; end
+  class AuthorizationFailureDenyPermission < StandardError; end
+  class AuthorizationFailureMissedPermission < StandardError; end
+end

data/lib/polar/frameworks/rails.rb

@@ -0,0 +1,55 @@
+require 'action_controller'
+
+module Polar #nodoc
+  module ActionControllerExtensions
+
+    def self.included(base)
+        base.extend(ClassMethods)
+        base.send(:include, InstanceMethods)
+        base.class_eval do
+          before_filter "authorized?"
+        end
+    end
+
+    module InstanceMethods
+      def authorized?
+        begin
+          name = "#{controller_path.gsub('/', '__')}_controller".to_sym
+          if Polar::Permissions.for_controller.has_key?(name)
+            perm_info = Polar::Permissions.for_controller[name]
+            action = perm_info.has_key?(action_name.to_sym) ? action_name.to_sym : :all
+            user = current_user
+            if perm_info[:action].present?
+              perm_info[action][:deny].each do |deny_perm|
+                raise Polar::AuthorizationFailureNoUser if user.nil?
+                raise Polar::AuthorizationFailureDenyPermission if user.can?(deny_perm)
+              end
+              perm_info[action][:allow].each do |allow_perm|
+                raise Polar::AuthorizationFailureNoUser if user.nil?
+                raise Polar::AuthorizationFailureMissedPermission unless user.can?(allow_perm)
+              end
+            end
+          end
+        rescue Polar::AuthorizationFailureNoUser
+          logger.debug "=> No valid User found"
+          redirect_to root_path
+        rescue Polar::AuthorizationFailureDenyPermission
+          logger.debug "=> User #{current_user.id} has :deny permission on this action"
+          redirect_to root_path
+        rescue Polar::AuthorizationFailureMissedPermission
+          logger.debug "=> Authorization Failure :: User #{current_user.id} doesn't have required permissions"
+          redirect_to root_path
+        end
+        return true
+      end
+    end
+
+    module ClassMethods
+
+    end
+  end
+end
+
+if defined? ActionController::Base
+  ActionController::Base.send(:include, Polar::ActionControllerExtensions)
+end

data/lib/polar/groups.rb

@@ -0,0 +1,71 @@
+module Polar #nodoc
+  class DefaultGroups
+    
+    # This method is executed whenever a default group is defined
+    # in subject's model
+    def method_missing(method, *params)
+      Groups.instance.subject_store << method
+      self
+    end
+    
+    # Protects from creating more than one instance of this class
+    def self.instance
+      @__instance__ ||= new
+    end
+    
+  end
+  
+  class Groups      
+    attr_accessor :defined_groups_store
+    attr_accessor :subject_store
+
+    def initialize(instance_object = false)
+      @defined_groups_store ||= []
+      @subject_store ||= []
+      unless instance_object
+        @defined_groups_store = self.class.instance.defined_groups_store.clone
+        @subject_store = self.class.instance.subject_store.clone
+      end
+
+      self
+    end
+
+    def self.instance
+      @__instance__ ||= new(true)
+    end
+    
+    def self.define(&block)
+      self
+    end
+    
+    def self.method_missing(method, &block)
+      yield GroupHash.new(method) if block_given?
+    end
+    
+    def self.defined_store
+      @defined_groups_store ||= {}
+    end
+
+    def fill_subject_from_external_store(subject_id, storage)
+      storage.get_for_subject(subject_id).each do |group|
+        self.subject_store << group.group_name.to_sym
+      end
+    end
+  end
+  
+  class GroupHash < Hash
+    
+    def initialize(method)
+      self[:group_name] = method.to_sym
+    end
+    
+    def have(*params)
+      self[:params] = params
+      Polar::Groups.defined_store[self[:group_name]] = self
+    end
+    
+    def deny(*params)
+      
+    end
+  end
+end

data/lib/polar/permissions.rb

@@ -0,0 +1,101 @@
+module Polar #nodoc
+  class DefaultPermissions
+    
+    # This method is executed whenever a default permission is defined
+    # in subject's model
+    def method_missing(method, *params)
+      Permissions.instance.subject_store << method.to_sym
+      self
+    end
+    
+    # Protects from creating more than one instance of this class    
+    def self.instance
+      @__instance__ ||= new
+    end
+    
+  end
+  
+  class Permissions
+    attr_accessor :defined_permissions_store
+    attr_accessor :subject_store
+    attr_accessor :permissions_for_controller
+
+    def initialize(instance_object = false)
+      @defined_permissions_store ||= []
+      @subject_store ||= []
+      unless instance_object
+        @defined_permissions_store = self.class.instance.defined_permissions_store.clone
+        @subject_store = self.class.instance.subject_store.clone
+      end
+
+      self
+    end
+    
+    def self.instance
+      @__instance__ ||= new(true)
+    end  
+      
+    def self.define(&block)
+      self
+    end
+      
+    def self.method_missing(method, &block)
+      yield PermissionHash.new(method) if block_given?
+    end
+      
+    def self.defined_store
+      @defined_permissions_store ||= {}
+    end
+
+    def self.for_controller
+      @permissions_for_controller ||= {}
+    end
+
+    def self.add_for_controller(perm_hash)
+      controller = perm_hash[:object].to_sym
+      actions = perm_hash[:params].present? && perm_hash[:params].has_key?(:only) ? perm_hash[:params][:only] : [:all]      
+      for_controller[controller] ||= {}
+      actions.each do |action|
+        for_controller[controller][action] ||= {:allow => [], :deny => []}
+        for_controller[controller][action][perm_hash[:access_type]] << perm_hash[:permission_name]
+      end
+    end
+
+    def fill_subject_from_external_store(subject_id, perm_storage, group_storage)
+      perm_storage.get_for_subject(subject_id).each do |perm|
+        self.subject_store << perm.permission_name.to_sym
+      end
+      groups = Polar::Groups.new
+      groups.fill_subject_from_external_store(subject_id, group_storage)
+      groups.subject_store.each do |group|
+        if Polar::Groups.defined_store.has_key?(group.to_sym)
+          self.subject_store.concat(Polar::Groups.defined_store[group.to_sym][:params])          
+        end
+      end
+    end
+  end
+  
+  class PermissionHash < Hash
+    
+    def initialize(method)
+      self[:permission_name] = method.to_sym
+    end
+    
+    def allow(*params)
+      add(:allow, params)
+    end
+    
+    def deny(*params)
+      add(:deny, params)      
+    end
+
+    def add(perm_type, params)
+      self[:access_type] = perm_type
+      self[:object] = params.shift
+      self[:params] = params.first
+      Polar::Permissions.add_for_controller(self)
+      Polar::Permissions.defined_store[self[:permission_name]] ||= []
+      Polar::Permissions.defined_store[self[:permission_name]] << self
+    end
+  end
+end

data/spec/polar_spec.rb

@@ -0,0 +1,54 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Polar do
+  before do
+    @user = User.create
+  end
+  
+  it "should respond to default" do
+    User.should respond_to(:default)
+  end
+  
+  it "should respond to owner" do
+    User.should respond_to(:owner)
+  end
+
+  it "should return default permissions for user" do
+    @user.permissions
+  end  
+  
+  it "should check if user is a member of specific group" do
+    @user.member_of?(:clients).should be(true)
+  end
+  
+  it "should return true if user is a member of a group stored in database" do
+    UserGroup.create(:user_id => @user.id, :group_name => "test_group")
+    UserGroup.create(:user_id => @user.id, :group_name => "another_group")
+    @user.member_of?(:test_group).should be(true)
+  end
+  
+  it "should check and return false if user is NOT a member of specific group" do
+    @user.member_of?(:not_existing_group).should be(false)
+  end
+  
+  it "should check if user has specific permission" do
+    @user.can?(:edit_profile).should be(true)    
+  end
+  
+  it "should return false for permission NOT assigned for specific, even in database" do
+    @user.can?(:add_addresses).should be(false)
+  end
+  
+  it "should return true for permission assigned for specific user in database" do
+    UserPermission.create(:user_id => @user.id, :permission_name => "add_addresses")
+    @user.can?(:add_addresses).should be(true)
+  end
+  
+  it "should return false if user DO NOT have specific permission" do
+    lambda { 
+      @user.can?(:do_something_that_doesnt_exist)
+    }.should raise_error(Polar::PermissionNotDefined)
+  end
+  
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,94 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+require 'rubygems'
+require 'polar'
+require 'spec'
+require 'spec/autorun'
+require 'active_record'
+
+Spec::Runner.configure do |config|
+  #EMPTY
+end
+
+
+##########################################################################
+# Active Record connection
+##########################################################################
+
+begin
+  ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+rescue ArgumentError
+  ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :dbfile => ":memory:")
+end
+
+
+##########################################################################
+# Database schema
+##########################################################################
+
+ActiveRecord::Base.configurations = true
+ActiveRecord::Schema.define(:version => 1) do
+  create_table :users do |t|
+    t.string    :name
+    t.datetime  :created_at    
+    t.datetime  :updated_at
+  end
+  
+  create_table :user_permissions do |t|
+    t.integer :user_id
+    t.string  :permission_name
+  end
+  
+  create_table :user_groups do |t|
+    t.integer :user_id
+    t.string :group_name
+  end
+  
+  create_table :groups do |t|
+    t.string :group_name
+  end
+  
+  create_table :permission_groups do |t|
+    t.string :permission_name
+    t.integer :group_id
+  end
+  
+end
+
+##########################################################################
+# Define permissions
+##########################################################################
+
+Polar.define :permissions do |gp|
+  gp.edit_profile do |c|
+    c.allow :users_controller, :only => [:edit, :update]
+  end
+  
+  gp.add_addresses do |c|
+    c.allow :addresses_controller, :only => [:new, :create]
+  end
+end
+
+##########################################################################
+# Define groups
+##########################################################################
+
+Polar.define :groups do |gg|
+  gg.administrators do |a|
+    a.have :add_addresses, :edit_profile
+  end
+  
+  gg.clients do |c|
+    c.have :edit_profile
+  end
+end
+
+class User < ActiveRecord::Base
+  include Polar::ActiveRecordExtensions
+  acts_as_polar
+  
+  default :groups do |g|
+    g.clients
+  end
+end

metadata

@@ -0,0 +1,83 @@
+--- !ruby/object:Gem::Specification 
+name: Polar
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  - 0
+  version: 0.2.0
+platform: ruby
+authors: 
+- Grzegorz Kazulak
+- Lukasz Tackowiak
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-07-29 00:00:00 +02:00
+default_executable: 
+dependencies: []
+
+description: Control access like a bear
+email: grzegorz.kazulak@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.md
+files: 
+- .gitignore
+- Polar.gemspec
+- README.md
+- Rakefile
+- VERSION
+- init.rb
+- lib/polar.rb
+- lib/polar/adapter.rb
+- lib/polar/adapters/active_record.rb
+- lib/polar/errors.rb
+- lib/polar/frameworks/rails.rb
+- lib/polar/groups.rb
+- lib/polar/permissions.rb
+- spec/polar_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/grzegorzkazulak/Polar
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: grizzlies
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Access control for polar bears
+test_files: 
+- spec/polar_spec.rb
+- spec/spec_helper.rb