action_authorizer 1.3.1

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NDUwOGM3ZjMzYTYwNzllMmJkYTQ5ZDNiMDQ5YTRlNDRhYjRlMTM5ZA==
+  data.tar.gz: !binary |-
+    YWM4Y2JmNzczOTViMWU0YWFmMTIxZmQ1YjUyMzBjODdlM2RmZTU4Yg==
+SHA512:
+  metadata.gz: !binary |-
+    ZDE4ODdkYTEyYzY4NDFhZWRlYTQ4NGI0MWI2YWUzMWE0NWE5MGNmOTBjNTVj
+    ODQyM2EwMzA5MWJjZWIwNDBhN2Q1ZDIyYjJlOWUyYmFkNzgwZThlOGFhNjA0
+    MzQ2NDI2OGJjMGJlNDFmYjJjNDMxMGExMGRlNTNhZTI2YTNjOGE=
+  data.tar.gz: !binary |-
+    YjQ2NmZmYzdhOWRlNWZiMWE4ZTYyNDAwNTZlNjM1M2MxNjEwZDIxZmIyZmE5
+    ZDU2YjE1YzYxNjFiMzc4MGVlZjhiYmJmZDcxYzUzNTU3YTBkNWIyOTQ5YTNk
+    OTc2YWRkZTBjNmI1YjkwZGU5NjdlZjQwMmM5Y2IyMGYzZjI1ZTg=

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2016 Marcelo Junior
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,472 @@
+# Action Authorizer
+
+[![Gem Version](https://badge.fury.io/rb/action_authorizer.svg)](https://badge.fury.io/rb/action_authorizer)
+[![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=1.3.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+
+Rails authorization with controllers's actions.
+
+ActionAuthorizer is a gem to authorize the controllers's actions. Designed to work with RSpec and Devise. Where each controller will have an authorizer with the same actions. Each authorizer's action will return your permission's result.
+
+## Tested against Rails >= 3.0 and Ruby >= 1.9
+
+  - Rails 3.0 and Ruby 1.9
+  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+  - Rails 3.1 and Ruby 1.9
+  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.1)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+  - Rails 3.2 and Ruby 2.0
+  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.2)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+  - Rails 4.0 and Ruby 2.0
+  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+  - Rails 4.1 and Ruby 2.1
+  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.1)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+  - Rails 4.2 and Ruby 2.2
+  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.2)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+  - Rails 5.0 and Ruby 2.3
+  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-5.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+
+## Getting Started
+
+After setting up your Rspec and Devise! Set up your ActionAuthorizer.
+
+now configure your: Gemfile
+```ruby
+gem 'action_authorizer', '~> 1.3'
+```
+
+run
+```console
+bundle install
+rails generate action_authorizer:install
+```
+
+it will be generated: app/authorizers/application_authorizer.rb
+```ruby
+class ApplicationAuthorizer < ActionAuthorizer::Base
+end
+```
+
+it will be generated: app/helpers/action_authorizer_helper.rb
+```ruby
+module ActionAuthorizerHelper
+  # Add helpers to check authorization authenticated.
+  # def unauthorized? controller, action, params = {}
+  # def authorized? controller, action, params = {}
+  # ex.:
+  #   <%= link_to 'Models', models_path if authorized? :models, :index %>
+  #   <%= link_to 'Models Dashboard', dashboard_models_path if authorized? 'dashborad/models', :index %>
+  #   <%= link_to 'Model', model_path(@model) if authorized? :models, :show, id: @model.id %>
+  #   <%= link_to 'Model', edit_model_path(@model) if authorized? :models, :edit, id: @model.to_param %>
+  #
+  #   <%= link_to 'Models', models_path if unauthorized? :models, :index %>
+  #   <%= link_to 'Models Dashboard', dashboard_models_path if unauthorized? 'dashborad/models', :index %>
+  #   <%= link_to 'Model', model_path(@model) if unauthorized? :models, :show, id: @model.id %>
+  #   <%= link_to 'Model', edit_model_path(@model) if unauthorized? :models, :edit, id: @model.to_param %>
+  include ActionAuthorizer::Helper
+  
+  # def authenticated
+  #   current_user
+  # end
+end
+```
+
+now configure your: spec/rails_helper.rb
+```ruby
+RSpec.configure do |config|
+  # Controllers Spec with ActionAuthorizer
+  config.before :each, type: :controller do
+    allow(controller).to receive(:authorize!)
+  end
+
+  # Views Spec with ActionAuthorizer
+  # case rails < 3.1
+  # config.before :each, type: :view do
+  #   view.extend ActionAuthorizerHelper
+  # end
+end
+```
+
+now configure your: app/controllers/application_controller.rb
+```ruby
+class ApplicationController < ActionController::Base
+  include ActionAuthorizer::Config
+
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+
+  before_action :authenticate_user!
+  before_action :authorize!, unless: :devise_controller?
+
+  # def authenticated
+  #   current_user
+  # end
+
+  # def respond_unauthorized_on_production_environment
+  #   render file: Rails.root.join('public/404'), layout: false, status: :not_found
+  # end
+end
+```
+
+### Authorizing models with module
+
+run
+```console
+rails generate action_authorizer:authorizer namespace/model
+```
+
+### Authorizing models without module
+
+run
+```console
+rails generate action_authorizer:authorizer model
+```
+
+it will be generated: app/authorizers/models_authorizer.rb
+```ruby
+# Authorize reference controller actions when return:
+#   Present values different hash:
+#     ex.:
+#       true
+#       'nil'
+#       'false'
+#       0
+#       '0'
+#       [0]
+#   Empty requested params:
+#     ex. to requested params {}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#       { id: ['one', 'two'] }
+#   A hash with key:values including requested params key:value:
+#     ex. to requested params {id: 1, other: 3}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#     ex. to requested params {id: 'one', other: 'three'}:
+#       { id: ['one', 'two'] }
+#   A hash with keys different requested params keys:
+#     ex. to requested params {other: 3}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#     ex. to requested params {other: 'three'}:
+#       { id: ['one', 'two'] }
+#
+# Unauthorize reference controller actions when return:
+#   Blank values different hash:
+#     ex.:
+#       nil
+#       false
+#       ''
+#       ' '
+#       []
+#   A hash with key:values excluding requested params key:value:
+#     ex. to requested params {id: 3, other: 3}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#     ex. to requested params {id: 'three', other: 'three'}:
+#       { id: ['one', 'two'] }
+class ModelsAuthorizer < ApplicationAuthorizer
+  # All actions automatically validating the need of user logged.
+  # Skip this check for all actions:
+  # skip_authentication
+  # Or skip_authentication_only for some actions:
+  # skip_authentication_only :index, :new, :destroy, ...
+
+  def index
+    # true
+  end
+
+  def show
+    # true
+    # Model.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.model_ids }
+  end
+
+  def new
+    # true
+    # Model.where(user: authenticated).find(params[:id]).avaliable?
+  end
+
+  def edit
+    # true
+    # Model.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.model_ids }
+  end
+
+  def create
+    # true
+    # Model.where(user: authenticated).find(params[:id]).avaliable?
+  end
+
+  def update
+    # true
+    # Model.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.model_ids }
+  end
+
+  def destroy
+    # true
+    # Model.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.model_ids }
+  end
+
+end
+```
+
+it will be generated: spec/authorizers/models_authorizer_spec.rb
+```ruby
+require 'rails_helper'
+
+RSpec.describe ModelsAuthorizer, type: :authorizer do
+
+  # let(:guest_user) { nil }
+  # let(:one_user) { double('Authenticated', user_group?: true, model_ids: [1]) }
+  # let(:two_user) { double('Authenticated', user_group?: true, model_ids: [2]) }
+  # let(:admin_user) { double('Authenticated', admin_group?: true) }
+
+  # context '#index' do
+  #   describe 'authorize' do
+  #     it { expect(ModelsAuthorizer.new(one_user, :index)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :index)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :index)).to be_authorized }
+  #   end
+  #
+  #   describe 'not authorize' do
+  #     it { expect(ModelsAuthorizer.new(guest_user, :index)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#show' do
+  #   describe 'authorize' do
+  #     it { expect(ModelsAuthorizer.new(one_user, :show, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :show, id: 2)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :show, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :show, id: 2)).to be_authorized }
+  #   end
+  #
+  #   describe 'not authorize' do
+  #     it { expect(ModelsAuthorizer.new(guest_user, :show, id: 1)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(one_user, :show, id: 2)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :show, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#new' do
+  #   describe 'authorize' do
+  #     it { expect(ModelsAuthorizer.new(one_user, :new)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :new)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :new)).to be_authorized }
+  #   end
+  #
+  #   describe 'not authorize' do
+  #     it { expect(ModelsAuthorizer.new(guest_user, :new)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#edit' do
+  #   describe 'authorize' do
+  #     it { expect(ModelsAuthorizer.new(one_user, :edit, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :edit, id: 2)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :edit, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :edit, id: 2)).to be_authorized }
+  #   end
+  #
+  #   describe 'not authorize' do
+  #     it { expect(ModelsAuthorizer.new(guest_user, :edit, id: 1)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(one_user, :edit, id: 2)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :edit, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#create' do
+  #   describe 'authorize' do
+  #     it { expect(ModelsAuthorizer.new(one_user, :create)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :create)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :create)).to be_authorized }
+  #   end
+  #
+  #   describe 'not authorize' do
+  #     it { expect(ModelsAuthorizer.new(guest_user, :create)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#update' do
+  #   describe 'authorize' do
+  #     it { expect(ModelsAuthorizer.new(one_user, :update, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :update, id: 2)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :update, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :update, id: 2)).to be_authorized }
+  #   end
+  #
+  #   describe 'not authorize' do
+  #     it { expect(ModelsAuthorizer.new(guest_user, :update, id: 1)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(one_user, :update, id: 2)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :update, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#destroy' do
+  #   describe 'authorize' do
+  #     it { expect(ModelsAuthorizer.new(one_user, :destroy, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :destroy, id: 2)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :destroy, id: 1)).to be_authorized }
+  #     it { expect(ModelsAuthorizer.new(admin_user, :destroy, id: 2)).to be_authorized }
+  #   end
+  #
+  #   describe 'not authorize' do
+  #     it { expect(ModelsAuthorizer.new(guest_user, :destroy, id: 1)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(one_user, :destroy, id: 2)).to be_unauthorized }
+  #     it { expect(ModelsAuthorizer.new(two_user, :destroy, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+end
+```
+
+## Authorizing Account's Record or Cancellation (Optional)
+
+now edit your: app/controllers/application_controller.rb
+```ruby
+class ApplicationController < ActionController::Base
+  include ActionAuthorizer::Config
+
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+
+  before_action :authenticate_user!
+  before_action :authorize!, if: :authorizer_controller?
+
+  # def authenticated
+  #   current_user
+  # end
+
+  # def respond_unauthorized_on_production_environment
+  #   render file: Rails.root.join('public/404'), layout: false, status: :not_found
+  # end
+
+  private
+
+  def authorizer_controller?
+    controller_path == 'devise/registrations' || !devise_controller?
+  end
+end
+```
+
+now edit your: /app/views/devise/registrations/edit.html.erb
+```ruby
+<% if authorized? 'devise/registrations', :cancel %>
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete %></p>
+<% end %>
+```
+
+now edit your: /app/views/devise/shared/_links.html.erb
+```ruby
+<%- if devise_mapping.registerable? && controller_name != 'registrations' %>
+  <%= link_to "Sign up", new_registration_path(resource_name) if authorized? 'devise/registrations', :new %><br />
+<% end -%>
+```
+
+run
+```console
+rails generate action_authorizer:authorizer devise/registration
+```
+
+now edit your: app/authorizers/devise/registrations_authorizer.rb
+```ruby
+class Devise::RegistrationsAuthorizer < ApplicationAuthorizer
+  skip_authentication_only :new, :create
+
+  # Account registration page
+  def new
+  end
+
+  # Account edition page
+  def edit
+    true
+  end
+
+  # Account registration submition
+  def create
+  end
+
+  # Account edition submition
+  def update
+    true
+  end
+
+  # Account cancellation page
+  def destroy
+  end
+
+  # Account cancellation submition
+  def cancel
+  end
+
+end
+```
+
+now edit your: /spec/authorizers/devise/registrations_authorizer_spec.rb
+```ruby
+require 'rails_helper'
+
+RSpec.describe Devise::RegistrationsAuthorizer, type: :authorizer do
+
+  let(:guest_user) { nil }
+  let(:user) { double('Authenticated') }
+
+  context '#new' do
+    describe 'not authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(user, :new)).to be_unauthorized }
+
+      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :new)).to be_unauthorized }
+    end
+  end
+
+  context '#edit' do
+    describe 'authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(user, :edit)).to be_authorized }
+    end
+
+    describe 'not authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :edit)).to be_unauthorized }
+    end
+  end
+
+  context '#create' do
+    describe 'not authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(user, :create)).to be_unauthorized }
+
+      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :create)).to be_unauthorized }
+    end
+  end
+
+  context '#update' do
+    describe 'authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(user, :update)).to be_authorized }
+    end
+
+    describe 'not authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :update)).to be_unauthorized }
+    end
+  end
+
+  context '#destroy' do
+    describe 'not authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(user, :destroy)).to be_unauthorized }
+
+      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :destroy)).to be_unauthorized }
+    end
+  end
+
+  context '#cancel' do
+    describe 'not authorize' do
+      it { expect(Devise::RegistrationsAuthorizer.new(user, :cancel)).to be_unauthorized }
+
+      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :cancel)).to be_unauthorized }
+    end
+  end
+
+end
+```

data/lib/action_authorizer.rb

@@ -0,0 +1,5 @@
+module ActionAuthorizer
+  load 'action_authorizer/base.rb'
+  load 'action_authorizer/config.rb'
+  load 'action_authorizer/helper.rb'
+end

data/lib/action_authorizer/base.rb

@@ -0,0 +1,60 @@
+class ActionAuthorizer::Base
+
+  def initialize(authenticated, action, params = {})
+    @authenticated = authenticated
+    @action = action.to_sym
+    @params = params
+  end
+
+  def unauthorized?
+    return true if !authenticated && !skip_authentication && skip_authentication_only.exclude?(action)
+
+    @result = send(action)
+    if !result.kind_of?(Hash)
+      result.blank?
+    elsif params.empty?
+      false
+    else
+      unauthorized_params?
+    end
+  end
+
+  def authorized?
+    !unauthorized?
+  end
+
+  class << self
+    def skip_authentication
+      define_method(:skip_authentication) do
+        true
+      end
+    end
+
+    def skip_authentication_only *actions
+      define_method(:skip_authentication_only) do
+        actions
+      end
+    end
+  end
+
+  private
+
+  attr_reader :authenticated, :action, :params, :result
+
+  def unauthorized_params?
+    unauthorized_params = result.select do |name, values|
+      param_value = params[name].to_s
+      param_value.present? && values.map!{|v| v.to_s}.exclude?(param_value)
+    end
+    unauthorized_params.any?
+  end
+
+  def skip_authentication
+    false
+  end
+
+  def skip_authentication_only
+    []
+  end
+
+end

data/lib/action_authorizer/config.rb

@@ -0,0 +1,31 @@
+require 'active_support/concern'
+
+module ActionAuthorizer::Config
+  extend ActiveSupport::Concern
+
+  def authenticated
+    current_user
+  end
+
+  def respond_unauthorized_on_production_environment
+    render file: Rails.root.join('public/404'), layout: false, status: :not_found
+  end
+
+  def authorize!
+    unauthorize! if unauthorized?
+  end
+
+  def unauthorized?
+    authorizer = "#{controller_path}_authorizer".classify.constantize
+    authorizer.new(authenticated, action_name.to_sym, params.except(:controller, :action)).unauthorized?
+  end
+
+  def unauthorize!
+    if Rails.env.production?
+      respond_unauthorized_on_production_environment
+    else
+      raise ActionController::RoutingError, "No route matches [#{env['REQUEST_METHOD']}] #{env['PATH_INFO'].inspect}"
+    end
+  end
+
+end

data/lib/action_authorizer/helper.rb

@@ -0,0 +1,19 @@
+require 'active_support/concern'
+
+module ActionAuthorizer::Helper
+  extend ActiveSupport::Concern
+
+  def authenticated
+    current_user
+  end
+
+  def authorized? controller, action, params = {}
+    !unauthorized? controller, action, params
+  end
+
+  def unauthorized? controller, action, params = {}
+    authorizer = "#{controller.to_s}_authorizer".classify.constantize
+    authorizer.new(authenticated, action.to_sym, params).unauthorized?
+  end
+
+end

data/lib/action_authorizer/version.rb

@@ -0,0 +1,3 @@
+module ActionAuthorizer
+  VERSION = "1.3.1".freeze
+end

data/lib/generators/action_authorizer/authorizer/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+
+Example:
+    rails generate authorizer Thing
+
+    This will create:
+        what/will/it/create

data/lib/generators/action_authorizer/authorizer/authorizer_generator.rb

@@ -0,0 +1,19 @@
+require 'rails/generators/resource_helpers'
+
+class ActionAuthorizer::AuthorizerGenerator < Rails::Generators::NamedBase
+  include Rails::Generators::ResourceHelpers
+
+  source_root File.expand_path('../templates', __FILE__)
+
+  argument :actions, type: :array, default: [], banner: 'action action'
+
+  check_class_collision suffix: 'Authorizer'
+
+  def create_authorizer_file
+    template 'authorizer.rb', File.join('app/authorizers', controller_class_path, "#{controller_file_name}_authorizer.rb")
+  end
+
+  def create_authorizer_spec_file
+    template 'authorizer_spec.rb', File.join('spec/authorizers', controller_class_path, "#{controller_file_name}_authorizer_spec.rb")
+  end
+end

data/lib/generators/action_authorizer/authorizer/templates/authorizer.rb

@@ -0,0 +1,87 @@
+# Authorize reference controller actions when return:
+#   Present values different hash:
+#     ex.:
+#       true
+#       'nil'
+#       'false'
+#       0
+#       '0'
+#       [0]
+#   Empty requested params:
+#     ex. to requested params {}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#       { id: ['one', 'two'] }
+#   A hash with key:values including requested params key:value:
+#     ex. to requested params {id: 1, other: 3}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#     ex. to requested params {id: 'one', other: 'three'}:
+#       { id: ['one', 'two'] }
+#   A hash with keys different requested params keys:
+#     ex. to requested params {other: 3}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#     ex. to requested params {other: 'three'}:
+#       { id: ['one', 'two'] }
+
+# Unauthorize reference controller actions when return:
+#   Blank values different hash:
+#     ex.:
+#       nil
+#       false
+#       ''
+#       ' '
+#       []
+#   A hash with key:values excluding requested params key:value:
+#     ex. to requested params {id: 3, other: 3}:
+#       { id: [1, 2] }
+#       { id: ['1', '2'] }
+#     ex. to requested params {id: 'three', other: 'three'}:
+#       { id: ['one', 'two'] }
+class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
+  # All actions automatically validating the need of user logged.
+  # Skip this check for all actions:
+  # skip_authentication
+  # Or skip_authentication_only for some actions:
+  # skip_authentication_only :index, :new, :destroy, ...
+
+<% unless options[:singleton] -%>
+  def index
+    # true
+  end
+<% end -%>
+
+  def show
+    # true
+    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.<%= singular_table_name %>_ids }
+  end
+
+  def new
+    # true
+  end
+
+  def edit
+    # true
+    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.<%= singular_table_name %>_ids }
+  end
+
+  def create
+    # true
+  end
+
+  def update
+    # true
+    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.<%= singular_table_name %>_ids }
+  end
+
+  def destroy
+    # true
+    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
+    # { id: authenticated.<%= singular_table_name %>_ids }
+  end
+
+end

data/lib/generators/action_authorizer/authorizer/templates/authorizer_spec.rb

@@ -0,0 +1,134 @@
+require 'rails_helper'
+
+RSpec.describe <%= controller_class_name %>Authorizer, type: :authorizer do
+
+  # let(:guest_user) { nil }
+  # let(:one_user) { double('Authenticated', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [1]) }
+  # let(:two_user) { double('Authenticated', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [2]) }
+  # let(:admin_user) { double('Authenticated', admin_group?: true, user_group?: false) }
+
+<% unless options[:singleton] -%>
+  # context '#index' do
+  #   describe 'authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :index)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :index)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :index)).to be_authorized }
+  #   end
+
+  #   describe 'not authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :index)).to be_unauthorized }
+  #   end
+  # end
+<% end -%>
+
+  # context '#show' do
+  #   describe 'authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :show, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :show, id: 2)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :show, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :show, id: 2)).to be_authorized }
+  #   end
+
+  #   describe 'not authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :show, id: 1)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :show, id: 2)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :show, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#new' do
+  #   describe 'authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :new)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :new)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :new)).to be_authorized }
+  #   end
+
+  #   describe 'not authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :new)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#edit' do
+  #   describe 'authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :edit, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :edit, id: 2)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :edit, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :edit, id: 2)).to be_authorized }
+  #   end
+
+  #   describe 'not authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :edit, id: 1)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :edit, id: 2)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :edit, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#create' do
+  #   describe 'authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :create)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :create)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :create)).to be_authorized }
+  #   end
+
+  #   describe 'not authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :create)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#update' do
+  #   describe 'authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :update, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :update, id: 2)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :update, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :update, id: 2)).to be_authorized }
+  #   end
+
+  #   describe 'not authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :update, id: 1)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :update, id: 2)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :update, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+  # context '#destroy' do
+  #   describe 'authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :destroy, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :destroy, id: 2)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :destroy, id: 1)).to be_authorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :destroy, id: 2)).to be_authorized }
+  #   end
+
+  #   describe 'not authorize' do
+  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :destroy, id: 1)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :destroy, id: 2)).to be_unauthorized }
+
+  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :destroy, id: 1)).to be_unauthorized }
+  #   end
+  # end
+
+end

data/lib/generators/action_authorizer/install/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+
+Example:
+    rails generate authorizer Thing
+
+    This will create:
+        what/will/it/create

data/lib/generators/action_authorizer/install/install_generator.rb

@@ -0,0 +1,31 @@
+class ActionAuthorizer::InstallGenerator < Rails::Generators::Base # :nodoc:
+  desc 'Creates an initializer with default action_authorizer configuration and copy locale file'
+
+  def create_application_authorize_file
+    create_file 'app/authorizers/application_authorizer.rb', <<-RUBY
+class ApplicationAuthorizer < ActionAuthorizer::Base
+end
+    RUBY
+  end
+
+  def create_action_authorizer_helper_file
+    create_file 'app/helpers/action_authorizer_helper.rb', <<-RUBY
+module ActionAuthorizerHelper
+  # Add helpers to check authorization authenticated.
+  # def unauthorized? controller, action, params = {}
+  # def authorized? controller, action, params = {}
+  # ex.:
+  #   <%= link_to 'Models', models_path if authorized? :models, :index %>
+  #   <%= link_to 'Models Dashboard', dashboard_models_path if authorized? 'dashborad/models', :index %>
+  #   <%= link_to 'Model', model_path(@model) if authorized? :models, :show, id: @model.id %>
+  #   <%= link_to 'Model', edit_model_path(@model) if authorized? :models, :edit, id: @model.to_param %>
+  include ActionAuthorizer::Helper
+
+  # def authenticated
+  #   current_user
+  # end
+end
+    RUBY
+  end
+
+end

data/lib/tasks/action_authorizer_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :action_authorizer do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: action_authorizer
+version: !ruby/object:Gem::Version
+  version: 1.3.1
+platform: ruby
+authors:
+- Marcelo Junior
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-11-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: Rails authorization with controllers's actions.
+email: juniormesquitadandao@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- lib/action_authorizer.rb
+- lib/action_authorizer/base.rb
+- lib/action_authorizer/config.rb
+- lib/action_authorizer/helper.rb
+- lib/action_authorizer/version.rb
+- lib/generators/action_authorizer/authorizer/USAGE
+- lib/generators/action_authorizer/authorizer/authorizer_generator.rb
+- lib/generators/action_authorizer/authorizer/templates/authorizer.rb
+- lib/generators/action_authorizer/authorizer/templates/authorizer_spec.rb
+- lib/generators/action_authorizer/install/USAGE
+- lib/generators/action_authorizer/install/install_generator.rb
+- lib/tasks/action_authorizer_tasks.rake
+homepage: https://github.com/juniormesquitadandao/action_authorizer
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '1.9'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Action Authorizer
+test_files: []