access_policy_rails 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 90e7d6b18bd059963e82d1cbc2486150a71a5a3c
+  data.tar.gz: 0a532c786ab1a225dab5ef6d8cb074083619aa5b
+SHA512:
+  metadata.gz: b4bbbde1e2ef3549b244a87206d706dd0b87daa64aed228e709241bb7e086e262a73116f314620f4ea8fbdae4e5c7bc54b6def6ed579c11bab8c20c5abbef51b
+  data.tar.gz: a1ae44e5234d0ebeab0d19c99bd585cd7ba6b7e4e52415d9178f1a2f7d4458654f52e8e994c86e1defabcef14da9439e13d2545b80119e2588e14f9e156f5e82

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format Fuubar

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+rvm:
+  - 2.1.0
+notifications:
+  recipients:
+    - shad0wrunner@gmx.de

data/Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in access_policy_rails.gemspec
+gemspec
+
+gem 'simplecov', require:  false, group: :test
+gem 'coveralls', require: false

data/Guardfile

@@ -0,0 +1,25 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard :rspec, all_after_pass: true ,
+              all_on_start: true do
+  
+  watch(%r{^spec/.+_spec\.rb$})
+
+  watch('lib/yaoc.rb')  { "spec" }
+
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/unit/lib/#{m[1]}_spec.rb" }
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/integration/lib/#{m[1]}_spec.rb" }
+
+  watch('spec/spec_helper.rb')  { "spec" }
+
+  watch(%r{^spec/support/(.+)\.rb$})                  { "spec" }
+
+end
+
+
+guard :bundler do
+  watch('Gemfile')
+  # Uncomment next line if your Gemfile contains the `gemspec' command.
+  watch(/^.+\.gemspec/)
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Dieter Späth
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,71 @@
+# AccessPolicyRails [![Code Climate](https://codeclimate.com/github/slowjack2k/access_policy_rails.png)](https://codeclimate.com/github/slowjack2k/access_policy_rails) [![Build Status](https://travis-ci.org/slowjack2k/access_policy_rails.png?branch=master)](https://travis-ci.org/slowjack2k/access_policy_rails) [![Coverage Status](https://coveralls.io/repos/slowjack2k/access_policy_rails/badge.png?branch=master)](https://coveralls.io/r/slowjack2k/access_policy_rails?branch=master) [![Gem Version](https://badge.fury.io/rb/access_policy_rails.png)](http://badge.fury.io/rb/access_policy_rails)
+
+Rails extension for AccessPolicy. Stores the policy_check_user (default current_user)
+in a RequestLocalStorage. So it is not needed to pass the user around.
+
+Further more some macros are provided to query permissions and protect actions.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'access_policy_rails'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install access_policy_rails
+
+## Usage
+
+```ruby
+
+  class DummyController < ActionController::Base
+    attr_accessor :current_user
+
+    # instead of
+    #
+    # def create
+    # end
+    #
+    # def show
+    # end
+
+    guarded_action :create do
+
+    end
+
+    guarded_action :show do
+
+    end
+  end
+
+
+  DummyControllerPolicy = Struct.new(:current_user, :controller) do
+      def create?
+        !! (current_user && current_user.create_allowed?)
+      end
+
+      def show?
+        !! (current_user && current_user.show_allowed?)
+      end
+   end
+
+  # Query permissions in controller or view
+
+  policy_for(an_object).allow?(:create)
+
+```
+
+
+
+## Contributing
+
+1. Fork it ( http://github.com/slowjack2k/access_policy_rails/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,14 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+
+task :default => :spec
+task :test => :spec
+
+desc "Run RSpec with code coverage"
+task :coverage do
+  ENV['SIMPLE_COVERAGE'] = "true"
+  Rake::Task["spec"].execute
+end

data/access_policy_rails.gemspec

@@ -0,0 +1,48 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'access_policy_rails/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "access_policy_rails"
+  spec.version       = AccessPolicyRails::VERSION
+  spec.authors       = ["Dieter Späth"]
+  spec.email         = ["shad0wrunner@gmx.de"]
+  spec.summary       = %q{Object oriented authorization for ruby.}
+  spec.description   = %q{Object oriented authorization for ruby.}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency 'access_policy'
+  spec.add_runtime_dependency 'request_store'
+  spec.add_runtime_dependency 'activesupport', '~> 4.0'
+
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+
+
+  spec.add_development_dependency "rails", '~>4.0.1'
+  spec.add_development_dependency "rspec-rails", "2.99.0.beta1"
+
+  # show nicely how many specs have to be run
+  spec.add_development_dependency "fuubar"
+  # extended console
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency 'pry-remote'
+
+  # automatic execute tasks on file changes
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'guard-bundler'
+  spec.add_development_dependency 'rb-fsevent'
+
+  # https://github.com/pry/pry-stack_explorer
+  spec.add_development_dependency 'pry-stack_explorer'
+  # https://github.com/nixme/pry-debugger
+  spec.add_development_dependency 'pry-debugger'
+end

data/lib/access_policy_rails/change_storage_scope.rb

@@ -0,0 +1,15 @@
+module AccessPolicyRails
+
+  module ChangedScopeStorage
+    def self.call
+      AccessPolicy.module_exec do
+        def _scope_storage
+          AccessPolicyRails::RequestLocalStorage
+        end
+      end
+    end
+  end
+
+end
+
+AccessPolicyRails::ChangedScopeStorage.call

data/lib/access_policy_rails/controller_extensions.rb

@@ -0,0 +1,69 @@
+module AccessPolicyRails
+  module ControllerExtensions
+    extend ActiveSupport::Concern
+
+     included do
+       include AccessPolicy
+
+       AccessPolicy.instance_methods.each do |method|
+         hide_action method
+       end
+
+       hide_action :policy_check_user
+       hide_action :authorize
+       hide_action :policy_for
+
+       helper_method :policy_for
+
+     end
+
+    def policy_check_user
+      current_user
+    end
+
+    def authorize(*args, &block)
+      _guard.authorize(*args, &block)
+    end
+
+    def policy_for(object_to_guard=self)
+      _guard.send(:switched_user_or_role, policy_check_user) do
+        PolicyWrapper.new(_guard.policy_for(object_to_guard))
+      end
+    end
+
+    module ClassMethods
+      def guarded_action(action_name, authorize_action: true, &block)
+        if authorize_action
+          authorized_action(action_name, &block)
+        else
+          authorized_service(action_name, &block)
+        end
+      end
+
+      def authorized_action(action_name, &block)
+        action_name_guarded = "#{action_name}_with_guard".to_sym
+        policy_guarded_method action_name_guarded, action_name ,&block
+
+        define_method action_name do
+          with_user_or_role(policy_check_user) do
+            self.send(action_name_guarded)
+          end
+        end
+
+        hide_action action_name_guarded
+        hide_action unsafe_action_name(action_name_guarded)
+      end
+
+      def authorized_service(action_name, &block)
+
+        define_method action_name do
+          with_user_or_role(policy_check_user) do
+            instance_exec &block
+          end
+        end
+
+      end
+
+    end
+  end
+end

data/lib/access_policy_rails/policy_wrapper.rb

@@ -0,0 +1,11 @@
+module AccessPolicyRails
+  require 'delegate'
+
+  class PolicyWrapper <  SimpleDelegator
+    def allow?(permission)
+      permission = permission.to_s.end_with?('?') ? permission : "#{permission}?"
+      self.send(permission)
+    end
+  end
+
+end

data/lib/access_policy_rails/railtie.rb

@@ -0,0 +1,11 @@
+module AccessPolicyRails
+  class Railtie < ::Rails::Railtie
+    initializer "access_policy_rails.extend_controllers" do |app|
+
+      ActiveSupport.on_load :action_controller do
+        include AccessPolicyRails::ControllerExtensions
+      end
+
+    end
+  end
+end

data/lib/access_policy_rails/request_local_storage.rb

@@ -0,0 +1,12 @@
+module AccessPolicyRails
+  require 'request_store'
+
+  class RequestLocalStorage < ScopedStorage::ThreadLocalStorage
+
+    def self.for(scope_name="default")
+      RequestStore.store["_#{name}_#{scope_name}"] ||= new
+    end
+
+  end
+end
+

data/lib/access_policy_rails/version.rb

@@ -0,0 +1,3 @@
+module AccessPolicyRails
+  VERSION = "0.0.1"
+end

data/lib/access_policy_rails.rb

@@ -0,0 +1,13 @@
+require 'access_policy_rails/version'
+require 'access_policy'
+require 'active_support/concern'
+
+module AccessPolicyRails
+
+end
+
+require 'access_policy_rails/request_local_storage'
+require 'access_policy_rails/change_storage_scope'
+require 'access_policy_rails/controller_extensions'
+require 'access_policy_rails/policy_wrapper'
+require 'access_policy_rails/railtie' if defined?(Rails)

data/spec/acceptance/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/spec/acceptance/dummy/Rakefile

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/acceptance/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/spec/acceptance/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/spec/acceptance/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/acceptance/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/acceptance/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application", media: "all" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/acceptance/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/acceptance/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/acceptance/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/acceptance/dummy/config/application.rb

@@ -0,0 +1,28 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+# require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+# require "sprockets/railtie"
+require "rails/test_unit/railtie"
+
+Bundler.require(*Rails.groups)
+require "access_policy_rails"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end
+

data/spec/acceptance/dummy/config/boot.rb

@@ -0,0 +1,5 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/acceptance/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Dummy::Application.initialize!

data/spec/acceptance/dummy/config/environments/development.rb

@@ -0,0 +1,27 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+end

data/spec/acceptance/dummy/config/environments/production.rb

@@ -0,0 +1,80 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both thread web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this).
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # Generate digests for assets URLs.
+  config.assets.digest = true
+
+  # Version of your assets, change this if you want to expire all your assets.
+  config.assets.version = '1.0'
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # Set to :debug to see everything in the log.
+  config.log_level = :info
+
+  # Prepend all log lines with the following tags.
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups.
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production.
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets.
+  # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
+  # config.assets.precompile += %w( search.js )
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found).
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Disable automatic flushing of the log to improve performance.
+  # config.autoflush_log = false
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+end