access_rules 0.1.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in access_rules.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 TODO: Write your name
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# AccessRules
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'access_rules'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install access_rules
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/access_rules.rb

@@ -0,0 +1,13 @@
+require "access_rules/version"
+require "access_rules/rules"
+require "access_rules/defining"
+require "access_rules/checking"
+
+module AccessRules
+  # Your code goes here...
+end
+
+ActiveRecord::Base.send( :include, AccessRules::Defining )
+ActionController::Base.send( :include, AccessRules::Checking::ControllerMethods )
+# TODO: this should not be included in Object
+Object.send( :include, AccessRules::Checking::InstanceMethods )

data/lib/access_rules/checking.rb

@@ -0,0 +1,38 @@
+module AccessRules
+  module Checking
+
+    module ControllerMethods
+
+      def self.included(klass)
+        klass.class_eval do
+          helper_method :check_action_rules, :check_current_action_rules
+        end
+      end
+
+      # We assume controller here
+      def check_current_action_rules( object, user, site = nil )
+        check_action_rules( params[:action], object, user, site )
+      end
+
+      # Controller need to respond to action_rules method
+      def check_action_rules( action, object, user, site = nil )
+        rule = action_rules[action.to_sym] || action_rules[:default]
+        if rule
+          result = rule.check( object, user, site )
+          return result
+        else
+          return true
+        end
+      end
+    end
+
+    module InstanceMethods
+
+      def rule( rule_name )
+        return Rules::Base.new( rule_name )
+      end
+
+    end
+
+  end
+end

data/lib/access_rules/defining.rb

@@ -0,0 +1,28 @@
+module AccessRules
+  module Defining
+
+    def self.included(klass)
+      klass.class_eval do
+        class_attribute :rules
+        self.rules = {}
+      end
+      klass.extend( ClassMethods )
+    end
+
+    module ClassMethods
+
+      # Defines rules one by one
+      def define_rule( name, rule )
+        # class_attribute requires that the var is reassigned to make it override the inherited one
+        self.rules = self.rules.merge( name.to_sym => rule )
+      end
+
+      # Defines all rules at once
+      def define_rules( rules )
+        self.rules = rules
+      end
+
+    end
+
+  end
+end

data/lib/access_rules/rules.rb

@@ -0,0 +1,112 @@
+module AccessRules::Rules
+
+  class Base
+    
+    # Creates a rule given its name. Name is a dot-separated string, eg:
+    # forum_post.forum_thread.forum.group.member
+    # where
+    # forum_post - name of initial object class
+    # forum_thread.forum.group - associations to traverse: last one is supposed
+    # to contain the rule itself. Associations may be omitted - in this case
+    # initial object should contain the rule
+    # member - name of rule. This may be a rule defined using define_rule(s) or
+    # just a name of method in rule class. If it's a method it must accept:
+    # TODO: disregard that, now only no-arg methods work
+    # 2 arguments - user, site
+    # 1 arguments - user
+    # 0 arguments 
+    # and return true/false indicating whether the rules succeeded
+    def initialize( rule_name )
+      @rule_name = rule_name
+      elems = rule_name.split( '.' )
+      klass = elems.shift.classify.constantize
+      proc_or_method = elems.pop
+      @associations = elems.dup
+      @associations.each do |assoc|
+        reflection = klass.reflect_on_association( assoc.to_sym )
+        raise "No rule named #{rule_name}, failed token: #{assoc}" unless reflection
+        klass = reflection.class_name.constantize
+      end
+      @proc = klass.rules[proc_or_method.to_sym]
+      unless @proc
+        @method_name = proc_or_method
+        # TODO: method_defined? fails for attribute accessors
+        #raise "No rule named #{rule_name}, failed token: #{@method_name}" unless klass.method_defined?( @method_name ) 
+      end
+    end
+
+    def check( object, user, site = nil )
+      # XXX: we assume has_one or belongs_to association here
+      object_to_check = @associations.inject( object ) { |obj, assoc| obj.send( assoc ) }
+
+      if @proc
+        result = @proc.call( object_to_check, user, site )
+      else
+        # TODO: check if object.class matches klass (from initialize)
+        result = object_to_check.send( @method_name )
+        # TODO: the code below fails eg. for forum.public?
+        #method = object_to_check.method( @method_name )
+        #result = case method.arity
+        #when 0
+        #  method.call
+        #when 1
+        #  method.call( user )
+        #when 2
+        #  method.call( user, site )
+        #else
+        #  raise "Can't use method #{@method_name} on #{object_to_check} with arity #{method.arity} for access rule #{@rule_name} (arity out of (0..2) range)"
+        #end
+      end
+      Rails.logger.debug( "----------access rule check: #{@rule_name}: #{result}" )
+      return result
+    end
+
+    # AND rule
+    def & (rule)
+      return And.new( self, rule )
+    end
+
+    # OR rule
+    def | (rule)
+      return Or.new( self, rule )
+    end
+
+    # NOT rule
+    def ~
+      Not.new( @rule_name )
+    end
+  end
+
+  class And < Base
+
+    def initialize( *rules )
+      @rules = rules
+    end
+
+    def check( object, user, site = nil )
+      @rules.all? { |rule| rule.check( object, user, site ) }
+    end
+
+  end
+
+  class Or < Base
+
+    def initialize( *rules )
+      @rules = rules
+    end
+
+    def check( object, user, site = nil )
+      @rules.any? { |rule| rule.check( object, user, site ) }
+    end
+
+  end
+
+  class Not < Base
+    
+    def check( object, user, site = nil )
+      ! super
+    end
+
+  end
+
+end

data/lib/access_rules/version.rb

@@ -0,0 +1,3 @@
+module AccessRules
+  VERSION = "0.1.0"
+end

data/test/access_rules_test.rb

@@ -0,0 +1,9 @@
+# -*- encoding : utf-8 -*-
+require 'test/unit'
+
+class AccessRulesTest < Test::Unit::TestCase
+  # Replace this with your real tests.
+  def test_this_plugin
+    flunk
+  end
+end

metadata

@@ -0,0 +1,56 @@
+--- !ruby/object:Gem::Specification
+name: access_rules
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Marek Janukowicz
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-01-07 00:00:00.000000000 Z
+dependencies: []
+description: Authorization for Rails
+email:
+- marek@janukowicz.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/access_rules/checking.rb
+- lib/access_rules/version.rb
+- lib/access_rules/defining.rb
+- lib/access_rules/rules.rb
+- lib/access_rules.rb
+- Gemfile
+- LICENSE.txt
+- Rakefile
+- README.md
+- test/access_rules_test.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: ''
+test_files:
+- test/access_rules_test.rb