aclize 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b2f95212250080779c4cd98f14d0b83073d25743
+  data.tar.gz: ec841f33a6a1e6f437e26a56cb1e28c9ad4a7d5e
+SHA512:
+  metadata.gz: 023df60e150155e7a932f22b342ef5a0219b308ebcd16c2d19af882926bdeca89284a54efadc0e860019d4c391b4d0d5cbc9ebe6bcc0b1b49c29c8f636e6c71b
+  data.tar.gz: 92fed867177543f7ce28ebd27a1cab45e1189f494d5fabbc7ea03060e928e75665835de9cc67ef07470bc77d7a8399e7228b43a0f68a9d1032be16a73a6f08df

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.gem

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 2.0.0
+  - 2.1.0
+  - 2.2.1
+script:
+  - bundle exec rspec

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in aclize.gemspec
+gemspec
+
+group :development, :test do
+  gem "rspec", "~> 3"
+end

data/README.md

@@ -0,0 +1,94 @@
+# Aclize #
+
+[![Build Status](https://travis-ci.org/serioja90/aclize.svg)](https://travis-ci.org/serioja90/aclize)
+
+__Aclize__ is a Ruby gem that allows you to easily define an ACL (Access Controll List) to controllers and paths of your Ruby on Rails application.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'aclize'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install aclize
+
+## Usage
+
+The __Aclize__ gem will automatically load and will wrap `ActionController::Base`, in order to allow you to define the ACL rules from inside of your `ApplicationController` or any other controller that inherits from it.
+
+Here is an example of how to use __Aclize__ in your project:
+
+```ruby
+class ApplicationController < ActionController::Base
+  before_filter :setup_acl
+
+  protected
+
+  def setup_acl
+    if current_user.admin?
+      # setup the ACL for admin users
+      define_acl({
+        controllers: {
+          "*" => { allow: ["*"] } # grant permissions to access any action of any controller
+        }
+      })
+    else
+      # setup the ACL for other users
+      define_acl({
+        controllers: {
+          posts: {
+            allow: ["index", "show"] # allow to access only #index and #show actions of PostsController
+          }
+        }
+      })
+    end
+
+    filter_access!
+  end
+end
+```
+
+In the example above we asume that the user passed the authentication, so that we know the type of account the user has.
+
+__N.B:__ When you define the ACL with `define_acl(...)` you're defining it only for the current user.
+
+Once you've defined the ACL, __Aclize__ will automatically manage the access control and will render the `403 Forbidden` page when the user doesn't have enough permissions to access it.
+
+### Customizing 403 Page ###
+
+If you need to customize the `403 Forbidden` page, you could use the `if_unauthorized` helper for storing a callback, that will be executed when the access was denied to a user:
+
+```ruby
+class ApplicationController < ActionController::Base
+  if_unauthorized do
+    respond_to do |format|
+      format.html { render 'custom/403', disposition: 'inline', status: 403 }
+    end
+  end
+
+  before_filter :setup_acl
+
+  protected
+
+  def setup_acl
+    # YOUR ACL DEFINITION
+  end
+end
+```
+
+
+## Contributing
+
+1. Fork it ( https://github.com/serioja90/aclize/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/aclize.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'aclize/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "aclize"
+  spec.version       = Aclize::VERSION
+  spec.authors       = ["Groza Sergiu"]
+  spec.email         = ["serioja90@gmail.com"]
+
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = "https://rubygems.org"
+  end
+
+  spec.summary       = %q{ACL for your Rails application}
+  spec.description   = %q{This gem allows you to define an ACL (Access Control List) for your Ruby on Rails application. It is simple to use and allows you to define access permissions for controllers, actions an paths.}
+  spec.homepage      = "https://github.com/serioja90/aclize"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_runtime_dependency "actionpack", "~> 4.0"
+  spec.add_runtime_dependency "i18n", "~> 0.7"
+end

data/app/views/aclize/403.html.erb

@@ -0,0 +1,44 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>403 Forbidden</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 800px;
+      padding: 0 0em;
+      margin: 0 auto 0 auto;
+    }
+
+    div.dialog p {
+      font-size: 0.9em;
+    }
+
+    div.dialog h3 {
+      font-weight: normal;
+      color: #B71C1C;
+    }
+
+    h1 {
+      font-size: 500%;
+      color: #C62828;
+      line-height: 1em;
+    }
+
+    hr {
+      border: none;
+      border-bottom: solid 1px #DDD;
+    }
+  </style>
+</head>
+
+<body>
+  <h1>403</h1>
+  <div class="dialog">
+    <h3><%= t("aclize.unauthorized") %></h3>
+    <hr>
+    <p><%= t("aclize.suggestion") %></p>
+    <p><%= t("aclize.contact") %></p>
+  </div>
+</body>
+</html>

data/app/views/layouts/aclize.html.erb

@@ -0,0 +1 @@
+<%= yield %>

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "aclize"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config/locales/en.yml

@@ -0,0 +1,6 @@
+
+en:
+  aclize:
+    unauthorized: "You don't have enough permissions to access this page"
+    suggestion:   "Make sure the address is correct and that your account type allows you to access this page."
+    contact:      "Please, contact your site administrator if you think this is a mistake."

data/config/locales/it.yml

@@ -0,0 +1,6 @@
+
+it:
+  aclize:
+    unauthorized: "Non hai sufficienti permessi per accedere a questa pagina."
+    suggestion:   "Assicurati che l'URL sia corretta e che il tuo account permetta di accedere a questa pagina."
+    contact:      "Per favore, contatta l'amministratore del sito se credi che si tratti di un errore."

data/lib/aclize.rb

@@ -0,0 +1,144 @@
+require "aclize/version"
+require "aclize/helper"
+require "i18n"
+require "action_controller"
+
+module Aclize
+
+  def self.included(base)
+    base.extend ClassMethods
+    base.send :prepend, Initializer
+  end
+
+
+  # The ClassMethods module will implement the methods that we want to be accessible as
+  # class methods. This will permit to setup callbacks to execute on unauthorized access.
+  module ClassMethods
+    def aclized?
+      true
+    end
+
+    def if_unauthorized(&block)
+      if block_given?
+        before_filter do
+          register_callback(&block)
+        end
+      end
+    end
+  end
+
+
+  # The Initializer module will be used to initialize instance variables and to setup defaults.
+  module Initializer
+    def initialize
+      @_aclize_acl = {controllers: {}, paths: {} }.nested_under_indifferent_access
+      super
+    end
+  end
+
+  protected
+
+  # Returns the ACL definition as a Hash
+  def get_acl_definition
+    return @_aclize_acl
+  end
+
+  # Defines the structure of ACL for the current user
+  # TODO: implement a better or an alternative way for ACL definition
+  def define_acl(acl)
+    raise "Invalid ACL definition type: (expected: Hash, got: #{acl.class})" unless acl.is_a? Hash
+
+    if acl.has_key?(:controllers) && acl[:controllers].is_a?(Hash)
+      @_aclize_acl[:controllers] = acl[:controllers]
+    end
+
+    if acl.has_key?(:paths) && acl[:paths].is_a?(Hash)
+      @_aclize_acl[:paths] = acl[:paths]
+    end
+  end
+
+
+  # In no callbacks were defined for unauthorized access, Aclize will render a
+  # default 403 Forbidden page. Otherwise, the control will be passed to the callback.
+  def unauthorize!
+    path = request.path_info
+    flash.now[:alert] = I18n.t("aclize.unauthorized", path: path)
+
+    if @_aclize_callback.nil?
+      prepend_view_path File.expand_path("../../app/views", __FILE__)
+      respond_to do |format|
+        format.html { render 'aclize/403', disposition: "inline", status: 403, layout: false }
+      end
+    else
+      @_aclize_callback.call(path)
+    end
+  end
+
+
+  # Check if the current user have enough permissions to access the current controller/path
+  def filter_access!
+    unauthorize! if acl_action_denied? || acl_path_denied? || !(acl_action_allowed? || acl_path_allowed?)
+  end
+
+
+  # check if the current action is denied
+  def acl_action_denied?
+    actions = (@_aclize_acl[:controllers][controller_name] || @_aclize_acl[:controllers]["*"] || {})[:deny] || []
+    actions.map!{|action| action.to_s }
+
+    return actions.include?("*") || actions.include?(action_name)
+  end
+
+
+  # check if the current action is allowed
+  def acl_action_allowed?
+    actions = (@_aclize_acl[:controllers][controller_name] || @_aclize_acl[:controllers]["*"] || {})[:allow] || []
+    actions.map!{|action| action.to_s }
+
+    return actions.include?("*") || actions.include?(action_name)
+  end
+
+
+  # check if the current path is denied
+  def acl_path_denied?
+    paths  = @_aclize_acl[:paths][:deny] || []
+    denied = false
+
+    paths.each do |path|
+      denied ||= !request.path_info.match(Regexp.new("^#{path}$")).nil?
+      break if denied
+    end
+
+    return denied
+  end
+
+
+  # check if the current path is allowed
+  def acl_path_allowed?
+    paths  = @_aclize_acl[:paths][:allow] || []
+    allowed = false
+
+    paths.each do |path|
+      allowed ||= !request.path_info.match(Regexp.new("^#{path}$")).nil?
+      break if allowed
+    end
+
+    return allowed
+  end
+
+
+  # register a callback to call when the user is not authorized to access the page
+  def register_callback(&block)
+    @_aclize_callback = block
+  end
+end
+
+I18n.load_path += Dir[File.expand_path("../../config/locales/*.{rb,yml}", __FILE__)]
+
+class ActionController::Base
+  include Aclize
+end
+
+module ApplicationHelper
+  include Aclize::Helper
+end

data/lib/aclize/helper.rb

@@ -0,0 +1,61 @@
+
+module Aclize
+  module Helper
+    def aclized?
+      true
+    end
+
+    # Check if the user have permission to access the action
+    def action_allowed?(controller, action)
+      actions_allowed?(controller, [action], :all)
+    end
+
+
+    # Returns a boolean that indicates if the current used have enought permissions to access the
+    # specified list of actions. The policy argument indicates the type of verification. By default,
+    # its value is :all, that means the all the actions passed as argument have to be allowed. If the
+    # policy if :any, is sufficient that at least one of the specified actions to be allowed.
+    def actions_allowed?(controller, actions = [], policy = :all)
+      acl = @_aclize_acl[:controllers]
+      # If there's an entry for this controller in @acl, use that rule for permissions check.
+      # Otherwise, check if there's an '*' entry if @acl and use that rules.
+      methods = ( acl[controller.to_s] || acl['*'] || {} )
+      allow   = methods["allow"] || []
+      deny    = methods["deny"]  || []
+
+      # If the array of methods is empty, the controller isn't allowed
+      return false if allow.empty?
+
+      # Force the list of actions to be an Array of strings
+      normalized_actions = (actions.is_a?(Array) ? actions : [actions]).map{|action| action.to_s }
+
+      # If all the methods of the current controller are allowed or the list of actions to check is empty, return true
+      return true if (allow.include?("*") && (deny & normalized_actions).empty?) || normalized_actions.empty?
+
+      case policy.to_sym
+      when :all then return (deny & normalized_actions).empty? && (allow & normalized_actions == normalized_actions) # all the actions have to be allowed
+      when :any then return !((allow & normalized_actions) - deny).empty?                                            # at least one action have to be allowed
+      else
+        logger.warn "Invalid policy: #{policy}."
+        return false
+      end
+    end
+
+
+    # Verify if the path could be accessed by the user. Returns true when
+    # the path is accessible
+    def path_allowed?(path)
+      paths = @_aclize_acl[:paths]
+
+      (paths[:deny] || []).each do |filter|
+        return false if !path.match(Regexp(filter)).nil?
+      end
+
+      (paths[:allow] || []).each do |filter|
+        return true if !path.match(Regexp(filter)).nil?
+      end
+
+      return false
+    end
+  end
+end

data/lib/aclize/version.rb

@@ -0,0 +1,3 @@
+module Aclize
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,106 @@
+--- !ruby/object:Gem::Specification
+name: aclize
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Groza Sergiu
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2015-11-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+description: This gem allows you to define an ACL (Access Control List) for your Ruby
+  on Rails application. It is simple to use and allows you to define access permissions
+  for controllers, actions an paths.
+email:
+- serioja90@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- README.md
+- Rakefile
+- aclize.gemspec
+- app/views/aclize/403.html.erb
+- app/views/layouts/aclize.html.erb
+- bin/console
+- bin/setup
+- config/locales/en.yml
+- config/locales/it.yml
+- lib/aclize.rb
+- lib/aclize/helper.rb
+- lib/aclize/version.rb
+homepage: https://github.com/serioja90/aclize
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: ACL for your Rails application
+test_files: []