abilities 0.1.2 → 4.0.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 73ae248bbe708f9a398a788c4db88773f66bbf08
-  data.tar.gz: c59fcc7224d4493496754293d535d2e35e28a5b4
+  metadata.gz: d2bc9ac0cfbd40fc108a5cd619f54e7844096292
+  data.tar.gz: 1e8aa0c9839cad844c4b540e663124e070cbfe63
 SHA512:
-  metadata.gz: ad7edc77a9356754a83df963fa96ff53fb677e89a3cbab259b68465973bbf581b594cf40c52fcd0edf663be587471816e3628943ec2940f94a50b7221f941687
-  data.tar.gz: 55d7a75da416b82320cb3fb36c5d8499ed478485d03baf4c5aab7ed74e06d0e34c37d66e42d1f4a083fdca262346a03712a2b2ea26f1409c85f92310da14f47a
+  metadata.gz: 1b83c49c8ce1332ca10d8b9dcee7d1415572ed39cc849a2801b5970176fc3b8f5095d822d4fa8560f53b8133f568bd403e98b763df67456c075e3a79910a5e32
+  data.tar.gz: 32d1b4733cf942cf5247110c5790b9c093eb7212febdf11ca1d0ec8f17f44b7ec32710f4e9907dabe3ce1753f9706c1b4c171ad3f6fb7d88fc54c2b4935fc3e5

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright 2015 Mathías Montossi
+Copyright 2016 Mathías Montossi
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -5,7 +5,14 @@
 
 # Abilities
 
-Minimalistic authorization inspired in cancan for rails.
+Authorization dsl to manage permissions in rails.
+
+## Why
+
+I did this gem to:
+
+- Use a dsl instead of a plain class to simplify the syntax.
+- Limit authorizations to only controllers and their views.
 
 ## Install
 
@@ -21,65 +28,45 @@ $ bundle
 
 ## Configuration
 
-Generate the abilities configuration file:
+Generate the definitions file:
 ```
 bundle exec rails g abilities:install
 ```
 
-Define the user fetcher for your controllers and views:
+Ensure there is a current_user method in your controllers:
 ```ruby
-Abilities.configure do |config|
-  config.fetcher do
-    current_user
+class ApplicationController < ActionController::Base
+  def current_user
+    @current_user ||= User.find(session[:user_id])
   end
 end
 ```
 
-Add the abilities concern to the model if you want to call can? and cannot? in the user instance:
-```ruby
-class User < ActiveRecord::Base
-  include Abilities::Concern
-end
-```
-
 ## Usage
 
-### Defining
+### Definitions
 
-All the abilities are defined in config/abilities.rb by can and cannot methods:
+Use can and cannot methods to define the policies:
 ```ruby
 Abilities.define do
-  can :create, Post
-  cannot :destroy, User unless admin?
-  can :edit, Post do |subject|
-    subject.user == self
+  can :view, :any
+  can :manage, User do |user|
+    user == self
   end
-  can :manage, User
-  can :touch, :all
+  can :detroy, Product if admin?
 end
 ```
 
-If you want to load the abilities from the database you may do something like this:
-```ruby
-Abilities.define do
-  permissions.each do |permission|
-    can premissions.action, permissions.subject
-  end
-end
-```
+NOTE: Methods besides can and cannot are sent to the current_user.
 
-NOTE: Any method besides can and cannot references the user instance.
-
-### Checking
-
-#### Controllers
+### Controllers
 
 With the authorize! method Abilities::AccessDenied is raised if authorization fails:
 ```ruby
-class PostsController < ApplicationController
+class UsersController < ApplicationController
   def edit
-    @post = Post.find(params[:id])
-    authorize! :edit, @post
+    @user = User.find(params[:id])
+    authorize! :edit, @user
   end
 end
 ```
@@ -88,9 +75,9 @@ If you don't want an exception to be raised use can? and cannot? helpers:
 ```ruby
 class UsersController < ApplicationController
   def edit
-    @post = Post.find(params[:id])
-    if can? :edit, @post
-      @post.update post_params
+    @user = User.find(params[:id])
+    if can?(:edit, @user)
+      @user.update post_params
     else
       # handle access denied
     end
@@ -98,12 +85,12 @@ class UsersController < ApplicationController
 end
 ```
 
-#### Views
+### Views
 
-The helpers can? and cannot? are available here too:
+The helpers can? and cannot? are available in the controller views too:
 ```erb
-<% if can? :create, Post %>
-  <%= link_to new_post_path %>
+<% if can?(:detroy, @product) %>
+  <%= link_to product_path(@product), method: 'delete' %>
 <% end %>
 ```
 

data/Rakefile

@@ -4,19 +4,6 @@ rescue LoadError
   puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
 end
 
-require 'rdoc/task'
-
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Abilities'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.rdoc')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
-
-
-
-
 Bundler::GemHelper.install_tasks
 
 require 'rake/testtask'
@@ -26,7 +13,7 @@ Rake::TestTask.new(:test) do |t|
   t.libs << 'test'
   t.pattern = 'test/**/*_test.rb'
   t.verbose = false
+  t.warning = false
 end
 
-
 task default: :test

data/lib/abilities.rb

@@ -1,33 +1,24 @@
-require 'abilities/action_controller/base'
-require 'abilities/action_view/base'
-require 'abilities/proxy'
-require 'abilities/configuration'
+require 'abilities/extensions/action_controller/base'
 require 'abilities/definitions'
 require 'abilities/exceptions'
-require 'abilities/concern'
+require 'abilities/proxy'
 require 'abilities/railtie'
+require 'abilities/version'
 
 module Abilities
   class << self
 
-    def configure
-      yield configuration
-    end
-
-    def configuration
-      @configuration ||= Configuration.new
-    end
+    attr_reader :block
 
     def define(&block)
       @block = block
     end
 
-    def can?(actor, action, subject)
-      Definitions.new(actor, &@block).can?(action, subject)
-    end
-
-    def cannot?(*args)
-      !can?(*args)
+    %i(can? cannot?).each do |name|
+      define_method name do |user, action, resource|
+        definitions = Definitions.new(user, &block)
+        definitions.send name, action, resource
+      end
     end
 
   end

data/lib/abilities/definitions.rb

@@ -1,31 +1,23 @@
 module Abilities
   class Definitions
 
-    def initialize(actor, &block)
-      @actor = actor
-      Proxy.new(actor, self, &block)
-    end
+    attr_reader :user
 
-    def add(actions, subjects, behavior, &block)
-      actions = [actions] unless actions.is_a? Array
-      subjects = [subjects] unless subjects.is_a? Array
-      subjects.each do |subject|
-        actions.each do |action|
-          (all[find_subject_id(subject)] ||= {})[action.to_s] = block_given? ? block : behavior
-        end
-      end
+    def initialize(user, &block)
+      @user = user
+      Proxy.new self, &block
     end
 
-    def can?(action, subject)
-      subject_id = find_subject_id(subject)
-      if subject_id != 'all' and can?(action, 'all')
+    def can?(action, resource)
+      id = resource_id(resource)
+      if id != :any && can?(action, :any)
         true
-      elsif actions = all[subject_id]
-        if behavior = (actions[action.to_s] || actions['manage'])
-          if behavior.is_a? Proc
-            @actor.instance_exec subject, &behavior
+      elsif actions = registry[id]
+        if policy = (actions[action] || actions[:manage])
+          if policy.is_a?(Proc)
+            user.instance_exec resource, &policy
           else
-            behavior
+            policy
           end
         else
           false
@@ -39,19 +31,36 @@ module Abilities
       !can?(*args)
     end
 
-    protected
+    def add(actions, resources, policy)
+      unless actions.is_a?(Array)
+        actions = [actions]
+      end
+      unless resources.is_a?(Array)
+        resources = [resources]
+      end
+      resources.each do |resource|
+        actions.each do |action|
+          id = resource_id(resource)
+          registry[id] ||= {}
+          registry[id][action] = policy
+        end
+      end
+    end
+
+    private
 
-    def all
-      @all ||= {}
+    def registry
+      @registry ||= {}
     end
 
-    def find_subject_id(subject)
-      if subject.to_s == 'all'
-        subject.to_s
-      elsif subject.is_a? Class
-        subject.name
+    def resource_id(resource)
+      case resource
+      when :any
+        resource
+      when Class
+        resource.name.underscore.to_sym
       else
-        subject.class.name
+        resource.class.name.underscore.to_sym
       end
     end
 

data/lib/abilities/extensions/action_controller/base.rb

@@ -0,0 +1,28 @@
+module Abilities
+  module Extensions
+    module ActionController
+      module Base
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :can?, :cannot?
+        end
+
+        %w(can? cannot?).each do |name|
+          define_method name do |action, resource|
+            Abilities.send name, current_user, action, resource
+          end
+        end
+
+        private
+
+        def authorize!(action, subject)
+          if cannot?(action, subject)
+            raise Abilities::AccessDenied
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/abilities/proxy.rb

@@ -1,22 +1,21 @@
 module Abilities
   class Proxy
 
-    def initialize(actor, definitions, &block)
-      @actor = actor
+    def initialize(definitions, &block)
       @definitions = definitions
       instance_eval &block
     end
 
-    def can(actions, subjects, &block)
-      @definitions.add actions, subjects, true, &block
+    def can(actions, resources, &block)
+      @definitions.add actions, resources, (block_given? ? block : true)
     end
 
-    def cannot(actions, subjects, &block)
-      @definitions.add actions, subjects, false, &block
+    def cannot(actions, resources, &block)
+      @definitions.add actions, resources, (block_given? ? block : false)
     end
 
     def method_missing(name, *args, &block)
-      @actor.send name, *args, &block
+      @definitions.user.send name, *args, &block
     end
 
   end

data/lib/abilities/railtie.rb

@@ -1,9 +1,10 @@
 module Abilities
   class Railtie < Rails::Railtie
 
-    initializer 'abilites' do
-      ::ActionView::Base.send :include, Abilities::ActionView::Base
-      ::ActionController::Base.send :include, Abilities::ActionController::Base
+    initializer 'abilites.extensions' do
+      ::ActionController::Base.include(
+        Abilities::Extensions::ActionController::Base
+      )
     end
 
     config.after_initialize do

data/lib/abilities/version.rb

@@ -1,5 +1,5 @@
 module Abilities
 
-  VERSION = '0.1.2'
+  VERSION = '4.0.0.0'
 
 end

data/lib/generators/abilities/install/install_generator.rb

@@ -0,0 +1,15 @@
+require 'rails/generators'
+
+module Abilities
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+
+      source_root File.expand_path('../templates', __FILE__)
+
+      def create_configuration_file
+        copy_file 'configuration.rb', 'config/abilities.rb'
+      end
+
+    end
+  end
+end

data/test/dummy/Rakefile

@@ -2,5 +2,4 @@
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
 require File.expand_path('../config/application', __FILE__)
-
 Rails.application.load_tasks

data/test/dummy/app/assets/javascripts/application.js

@@ -2,12 +2,12 @@
 // listed below.
 //
 // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
-// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
 //
 // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
 // compiled file.
 //
-// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
 // about supported directives.
 //
 //= require_tree .

data/test/dummy/app/assets/stylesheets/application.css

@@ -3,7 +3,7 @@
  * listed below.
  *
  * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
  *
  * You're free to add application-wide styles to this file and they'll appear at the bottom of the
  * compiled file so the styles you add here take precedence over styles defined in any styles

data/test/dummy/app/controllers/products_controller.rb

@@ -0,0 +1,10 @@
+class ProductsController < ApplicationController
+
+  attr_accessor :current_user
+
+  def show
+    @current_user = User.new
+    @product = Product.new
+  end
+
+end