action_authorizer 1.3.1 → 2.0.1

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    NDUwOGM3ZjMzYTYwNzllMmJkYTQ5ZDNiMDQ5YTRlNDRhYjRlMTM5ZA==
-  data.tar.gz: !binary |-
-    YWM4Y2JmNzczOTViMWU0YWFmMTIxZmQ1YjUyMzBjODdlM2RmZTU4Yg==
+SHA256:
+  metadata.gz: 90d160822d4c7bb97bc552cbe80ba6c85a5c8429a45ba280889cd075addaf566
+  data.tar.gz: 44a7d8a8fbef87fa728f1c283c0df7fb4d7f0f344c6a33621094ea17d740a65e
 SHA512:
-  metadata.gz: !binary |-
-    ZDE4ODdkYTEyYzY4NDFhZWRlYTQ4NGI0MWI2YWUzMWE0NWE5MGNmOTBjNTVj
-    ODQyM2EwMzA5MWJjZWIwNDBhN2Q1ZDIyYjJlOWUyYmFkNzgwZThlOGFhNjA0
-    MzQ2NDI2OGJjMGJlNDFmYjJjNDMxMGExMGRlNTNhZTI2YTNjOGE=
-  data.tar.gz: !binary |-
-    YjQ2NmZmYzdhOWRlNWZiMWE4ZTYyNDAwNTZlNjM1M2MxNjEwZDIxZmIyZmE5
-    ZDU2YjE1YzYxNjFiMzc4MGVlZjhiYmJmZDcxYzUzNTU3YTBkNWIyOTQ5YTNk
-    OTc2YWRkZTBjNmI1YjkwZGU5NjdlZjQwMmM5Y2IyMGYzZjI1ZTg=
+  metadata.gz: 7d8cfe06dcb980139f9ff6cb7fd3aeee3707d00b1442cf1b1a1642328edb4ea89d4921fa6781282a10187d32d5ce14d9edb5111e1b0d5cee965e42e33e99468c
+  data.tar.gz: d5be7d4105b275536bb5206427b546254c8d37585259890fedbdc9350567bb9d9491ede5de45293733a5057b691d96528f36f57f664d74af760272cd24aa845f

data/README.md

@@ -5,72 +5,63 @@
 
 Rails authorization with controllers's actions.
 
-ActionAuthorizer is a gem to authorize the controllers's actions. Designed to work with RSpec and Devise. Where each controller will have an authorizer with the same actions. Each authorizer's action will return your permission's result.
-
-## Tested against Rails >= 3.0 and Ruby >= 1.9
-
-  - Rails 3.0 and Ruby 1.9
-  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
-  - Rails 3.1 and Ruby 1.9
-  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.1)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
-  - Rails 3.2 and Ruby 2.0
-  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-3.2)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
-  - Rails 4.0 and Ruby 2.0
-  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
-  - Rails 4.1 and Ruby 2.1
-  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.1)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
-  - Rails 4.2 and Ruby 2.2
-  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-4.2)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
-  - Rails 5.0 and Ruby 2.3
-  [![Build Status](https://travis-ci.org/juniormesquitadandao/action_authorizer.svg?branch=rails-5.0)](https://travis-ci.org/juniormesquitadandao/action_authorizer/branches)
+ActionAuthorizer is a gem to authorize the controllers's actions. Designed to work with RSpec and Devise. Where each controller will have an authorizer with the same actions. Each authorizer's action will return permission's result.
+
+```erb
+<% if authorized? :new %>
+  <a hre="<%= new_model_path %>">New</a>
+<% end %>
+```
 
 ## Getting Started
 
-After setting up your Rspec and Devise! Set up your ActionAuthorizer.
+After setting up Rspec and Devise! Set up ActionAuthorizer.
 
-now configure your: Gemfile
+- Edit: Gemfile
 ```ruby
-gem 'action_authorizer', '~> 1.3'
+gem 'action_authorizer', '~> 2.0'
 ```
 
-run
+- Run
 ```console
 bundle install
 rails generate action_authorizer:install
 ```
 
-it will be generated: app/authorizers/application_authorizer.rb
+- Edit: app/controllers/application_controller.rb
 ```ruby
-class ApplicationAuthorizer < ActionAuthorizer::Base
-end
-```
+class ApplicationController < ActionController::Base
+  include ActionAuthorizer
+  ...
+  before_action :authenticate_user!
+  before_action :authorize!, unless: :devise_controller?
+  ...
+  private
+  ...
+  def authorize!
+    unauthorize! unless authorized?
+  end
 
-it will be generated: app/helpers/action_authorizer_helper.rb
-```ruby
-module ActionAuthorizerHelper
-  # Add helpers to check authorization authenticated.
-  # def unauthorized? controller, action, params = {}
-  # def authorized? controller, action, params = {}
-  # ex.:
-  #   <%= link_to 'Models', models_path if authorized? :models, :index %>
-  #   <%= link_to 'Models Dashboard', dashboard_models_path if authorized? 'dashborad/models', :index %>
-  #   <%= link_to 'Model', model_path(@model) if authorized? :models, :show, id: @model.id %>
-  #   <%= link_to 'Model', edit_model_path(@model) if authorized? :models, :edit, id: @model.to_param %>
-  #
-  #   <%= link_to 'Models', models_path if unauthorized? :models, :index %>
-  #   <%= link_to 'Models Dashboard', dashboard_models_path if unauthorized? 'dashborad/models', :index %>
-  #   <%= link_to 'Model', model_path(@model) if unauthorized? :models, :show, id: @model.id %>
-  #   <%= link_to 'Model', edit_model_path(@model) if unauthorized? :models, :edit, id: @model.to_param %>
-  include ActionAuthorizer::Helper
-  
-  # def authenticated
-  #   current_user
-  # end
+  def authorized?
+    ActionAuthorizer::Base.authorized?(current_user, controller_path, action_name, params.except(:controller, :action))
+  end
+
+  def unauthorize!
+    if request.format.json?
+      render(json: {status: 404, error: 'Not Found'}, status: :not_found)
+    elsif Rails.env.production?
+      render(file: Rails.root.join('public/404'), layout: false, status: :not_found)
+    else
+      raise(ActionController::RoutingError, "No route matches [#{request.env['REQUEST_METHOD']}] #{request.env['PATH_INFO'].inspect}")
+    end
+  end
 end
 ```
 
-now configure your: spec/rails_helper.rb
+- Edit: spec/rails_helper.rb
 ```ruby
+require 'action_authorizer_matchers_helper'
+...
 RSpec.configure do |config|
   # Controllers Spec with ActionAuthorizer
   config.before :each, type: :controller do
@@ -85,265 +76,30 @@ RSpec.configure do |config|
 end
 ```
 
-now configure your: app/controllers/application_controller.rb
-```ruby
-class ApplicationController < ActionController::Base
-  include ActionAuthorizer::Config
-
-  # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
-
-  before_action :authenticate_user!
-  before_action :authorize!, unless: :devise_controller?
-
-  # def authenticated
-  #   current_user
-  # end
-
-  # def respond_unauthorized_on_production_environment
-  #   render file: Rails.root.join('public/404'), layout: false, status: :not_found
-  # end
-end
-```
-
 ### Authorizing models with module
 
-run
+- Run
 ```console
 rails generate action_authorizer:authorizer namespace/model
 ```
 
 ### Authorizing models without module
 
-run
+- Run
 ```console
 rails generate action_authorizer:authorizer model
 ```
 
-it will be generated: app/authorizers/models_authorizer.rb
-```ruby
-# Authorize reference controller actions when return:
-#   Present values different hash:
-#     ex.:
-#       true
-#       'nil'
-#       'false'
-#       0
-#       '0'
-#       [0]
-#   Empty requested params:
-#     ex. to requested params {}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#       { id: ['one', 'two'] }
-#   A hash with key:values including requested params key:value:
-#     ex. to requested params {id: 1, other: 3}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#     ex. to requested params {id: 'one', other: 'three'}:
-#       { id: ['one', 'two'] }
-#   A hash with keys different requested params keys:
-#     ex. to requested params {other: 3}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#     ex. to requested params {other: 'three'}:
-#       { id: ['one', 'two'] }
-#
-# Unauthorize reference controller actions when return:
-#   Blank values different hash:
-#     ex.:
-#       nil
-#       false
-#       ''
-#       ' '
-#       []
-#   A hash with key:values excluding requested params key:value:
-#     ex. to requested params {id: 3, other: 3}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#     ex. to requested params {id: 'three', other: 'three'}:
-#       { id: ['one', 'two'] }
-class ModelsAuthorizer < ApplicationAuthorizer
-  # All actions automatically validating the need of user logged.
-  # Skip this check for all actions:
-  # skip_authentication
-  # Or skip_authentication_only for some actions:
-  # skip_authentication_only :index, :new, :destroy, ...
-
-  def index
-    # true
-  end
-
-  def show
-    # true
-    # Model.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.model_ids }
-  end
-
-  def new
-    # true
-    # Model.where(user: authenticated).find(params[:id]).avaliable?
-  end
-
-  def edit
-    # true
-    # Model.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.model_ids }
-  end
-
-  def create
-    # true
-    # Model.where(user: authenticated).find(params[:id]).avaliable?
-  end
-
-  def update
-    # true
-    # Model.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.model_ids }
-  end
-
-  def destroy
-    # true
-    # Model.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.model_ids }
-  end
-
-end
-```
-
-it will be generated: spec/authorizers/models_authorizer_spec.rb
-```ruby
-require 'rails_helper'
-
-RSpec.describe ModelsAuthorizer, type: :authorizer do
-
-  # let(:guest_user) { nil }
-  # let(:one_user) { double('Authenticated', user_group?: true, model_ids: [1]) }
-  # let(:two_user) { double('Authenticated', user_group?: true, model_ids: [2]) }
-  # let(:admin_user) { double('Authenticated', admin_group?: true) }
-
-  # context '#index' do
-  #   describe 'authorize' do
-  #     it { expect(ModelsAuthorizer.new(one_user, :index)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :index)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :index)).to be_authorized }
-  #   end
-  #
-  #   describe 'not authorize' do
-  #     it { expect(ModelsAuthorizer.new(guest_user, :index)).to be_unauthorized }
-  #   end
-  # end
-
-  # context '#show' do
-  #   describe 'authorize' do
-  #     it { expect(ModelsAuthorizer.new(one_user, :show, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :show, id: 2)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :show, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :show, id: 2)).to be_authorized }
-  #   end
-  #
-  #   describe 'not authorize' do
-  #     it { expect(ModelsAuthorizer.new(guest_user, :show, id: 1)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(one_user, :show, id: 2)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :show, id: 1)).to be_unauthorized }
-  #   end
-  # end
-
-  # context '#new' do
-  #   describe 'authorize' do
-  #     it { expect(ModelsAuthorizer.new(one_user, :new)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :new)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :new)).to be_authorized }
-  #   end
-  #
-  #   describe 'not authorize' do
-  #     it { expect(ModelsAuthorizer.new(guest_user, :new)).to be_unauthorized }
-  #   end
-  # end
-
-  # context '#edit' do
-  #   describe 'authorize' do
-  #     it { expect(ModelsAuthorizer.new(one_user, :edit, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :edit, id: 2)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :edit, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :edit, id: 2)).to be_authorized }
-  #   end
-  #
-  #   describe 'not authorize' do
-  #     it { expect(ModelsAuthorizer.new(guest_user, :edit, id: 1)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(one_user, :edit, id: 2)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :edit, id: 1)).to be_unauthorized }
-  #   end
-  # end
-
-  # context '#create' do
-  #   describe 'authorize' do
-  #     it { expect(ModelsAuthorizer.new(one_user, :create)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :create)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :create)).to be_authorized }
-  #   end
-  #
-  #   describe 'not authorize' do
-  #     it { expect(ModelsAuthorizer.new(guest_user, :create)).to be_unauthorized }
-  #   end
-  # end
-
-  # context '#update' do
-  #   describe 'authorize' do
-  #     it { expect(ModelsAuthorizer.new(one_user, :update, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :update, id: 2)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :update, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :update, id: 2)).to be_authorized }
-  #   end
-  #
-  #   describe 'not authorize' do
-  #     it { expect(ModelsAuthorizer.new(guest_user, :update, id: 1)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(one_user, :update, id: 2)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :update, id: 1)).to be_unauthorized }
-  #   end
-  # end
-
-  # context '#destroy' do
-  #   describe 'authorize' do
-  #     it { expect(ModelsAuthorizer.new(one_user, :destroy, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :destroy, id: 2)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :destroy, id: 1)).to be_authorized }
-  #     it { expect(ModelsAuthorizer.new(admin_user, :destroy, id: 2)).to be_authorized }
-  #   end
-  #
-  #   describe 'not authorize' do
-  #     it { expect(ModelsAuthorizer.new(guest_user, :destroy, id: 1)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(one_user, :destroy, id: 2)).to be_unauthorized }
-  #     it { expect(ModelsAuthorizer.new(two_user, :destroy, id: 1)).to be_unauthorized }
-  #   end
-  # end
-
-end
-```
-
 ## Authorizing Account's Record or Cancellation (Optional)
 
-now edit your: app/controllers/application_controller.rb
+- Edit: app/controllers/application_controller.rb
 ```ruby
 class ApplicationController < ActionController::Base
   include ActionAuthorizer::Config
-
-  # Prevent CSRF attacks by raising an exception.
-  # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
-
+  ...
   before_action :authenticate_user!
   before_action :authorize!, if: :authorizer_controller?
 
-  # def authenticated
-  #   current_user
-  # end
-
-  # def respond_unauthorized_on_production_environment
-  #   render file: Rails.root.join('public/404'), layout: false, status: :not_found
-  # end
-
   private
 
   def authorizer_controller?
@@ -352,8 +108,8 @@ class ApplicationController < ActionController::Base
 end
 ```
 
-now edit your: /app/views/devise/registrations/edit.html.erb
-```ruby
+- Edit: /app/views/devise/registrations/edit.html.erb
+```erb
 <% if authorized? 'devise/registrations', :cancel %>
 <h3>Cancel my account</h3>
 
@@ -361,22 +117,22 @@ now edit your: /app/views/devise/registrations/edit.html.erb
 <% end %>
 ```
 
-now edit your: /app/views/devise/shared/_links.html.erb
-```ruby
+- Edit: /app/views/devise/shared/_links.html.erb
+```erb
 <%- if devise_mapping.registerable? && controller_name != 'registrations' %>
   <%= link_to "Sign up", new_registration_path(resource_name) if authorized? 'devise/registrations', :new %><br />
 <% end -%>
 ```
 
-run
+- Run
 ```console
 rails generate action_authorizer:authorizer devise/registration
 ```
 
-now edit your: app/authorizers/devise/registrations_authorizer.rb
+- Edit: app/authorizers/devise/registrations_authorizer.rb
 ```ruby
 class Devise::RegistrationsAuthorizer < ApplicationAuthorizer
-  skip_authentication_only :new, :create
+  skip_authentication only: %i[new create]
 
   # Account registration page
   def new
@@ -403,70 +159,63 @@ class Devise::RegistrationsAuthorizer < ApplicationAuthorizer
   # Account cancellation submition
   def cancel
   end
-
 end
 ```
 
-now edit your: /spec/authorizers/devise/registrations_authorizer_spec.rb
+- Edit: /spec/authorizers/devise/registrations_authorizer_spec.rb
 ```ruby
 require 'rails_helper'
 
 RSpec.describe Devise::RegistrationsAuthorizer, type: :authorizer do
-
   let(:guest_user) { nil }
-  let(:user) { double('Authenticated') }
-
-  context '#new' do
-    describe 'not authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(user, :new)).to be_unauthorized }
+  let(:user) { double('User') }
 
-      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :new)).to be_unauthorized }
+  describe '#new' do
+    context 'when not authorize' do
+      it { expect(user).to be_unauthorized(:new) }
+      it { expect(guest_user).to be_unauthorized(:new) }
     end
   end
 
-  context '#edit' do
-    describe 'authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(user, :edit)).to be_authorized }
+  describe '#edit' do
+    context 'when authorize' do
+      it { expect(user).to be_authorized(:edit) }
     end
 
-    describe 'not authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :edit)).to be_unauthorized }
+    context 'when not authorize' do
+      it { expect(guest_user).to be_unauthorized(:edit) }
     end
   end
 
-  context '#create' do
-    describe 'not authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(user, :create)).to be_unauthorized }
-
-      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :create)).to be_unauthorized }
+  describe '#create' do
+    context 'when not authorize' do
+      it { expect(user).to be_unauthorized(:create) }
+      it { expect(guest_user).to be_unauthorized(:create) }
     end
   end
 
-  context '#update' do
-    describe 'authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(user, :update)).to be_authorized }
+  describe '#update' do
+    context 'when authorize' do
+      it { expect(user).to be_authorized(:update) }
     end
 
     describe 'not authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :update)).to be_unauthorized }
+      it { expect(guest_user).to be_unauthorized(:update) }
     end
   end
 
-  context '#destroy' do
-    describe 'not authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(user, :destroy)).to be_unauthorized }
-
-      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :destroy)).to be_unauthorized }
+  describe '#destroy' do
+    context 'when not authorize' do
+      it { expect(user).to be_unauthorized(:destroy) }
+      it { expect(guest_user).to be_unauthorized(:destroy) }
     end
   end
 
-  context '#cancel' do
-    describe 'not authorize' do
-      it { expect(Devise::RegistrationsAuthorizer.new(user, :cancel)).to be_unauthorized }
-
-      it { expect(Devise::RegistrationsAuthorizer.new(guest_user, :cancel)).to be_unauthorized }
+  describe '#cancel' do
+    context 'when not authorize' do
+      it { expect(user).to be_unauthorized(:cancel) }
+      it { expect(guest_user).to be_unauthorized(:cancel) }
     end
   end
-
 end
 ```

data/lib/action_authorizer.rb

@@ -1,5 +1,2 @@
 module ActionAuthorizer
-  load 'action_authorizer/base.rb'
-  load 'action_authorizer/config.rb'
-  load 'action_authorizer/helper.rb'
 end

data/lib/action_authorizer/result_error.rb

@@ -0,0 +1,5 @@
+class ActionAuthorizer::ResultError < RuntimeError
+  def message
+    "Result (#{super}) is not a FalseClass or TrueClass"
+  end
+end

data/lib/action_authorizer/version.rb

@@ -1,3 +1,3 @@
 module ActionAuthorizer
-  VERSION = "1.3.1".freeze
-end
+  VERSION = '2.0.1'.freeze
+end

data/lib/generators/action_authorizer/authorizer/authorizer_generator.rb

@@ -1,6 +1,6 @@
 require 'rails/generators/resource_helpers'
 
-class ActionAuthorizer::AuthorizerGenerator < Rails::Generators::NamedBase
+class ActionAuthorizer::AuthorizerGenerator < Rails::Generators::NamedBase # :nodoc:
   include Rails::Generators::ResourceHelpers
 
   source_root File.expand_path('../templates', __FILE__)

data/lib/generators/action_authorizer/authorizer/templates/authorizer.rb

@@ -1,50 +1,7 @@
-# Authorize reference controller actions when return:
-#   Present values different hash:
-#     ex.:
-#       true
-#       'nil'
-#       'false'
-#       0
-#       '0'
-#       [0]
-#   Empty requested params:
-#     ex. to requested params {}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#       { id: ['one', 'two'] }
-#   A hash with key:values including requested params key:value:
-#     ex. to requested params {id: 1, other: 3}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#     ex. to requested params {id: 'one', other: 'three'}:
-#       { id: ['one', 'two'] }
-#   A hash with keys different requested params keys:
-#     ex. to requested params {other: 3}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#     ex. to requested params {other: 'three'}:
-#       { id: ['one', 'two'] }
-
-# Unauthorize reference controller actions when return:
-#   Blank values different hash:
-#     ex.:
-#       nil
-#       false
-#       ''
-#       ' '
-#       []
-#   A hash with key:values excluding requested params key:value:
-#     ex. to requested params {id: 3, other: 3}:
-#       { id: [1, 2] }
-#       { id: ['1', '2'] }
-#     ex. to requested params {id: 'three', other: 'three'}:
-#       { id: ['one', 'two'] }
 class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
-  # All actions automatically validating the need of user logged.
-  # Skip this check for all actions:
   # skip_authentication
-  # Or skip_authentication_only for some actions:
-  # skip_authentication_only :index, :new, :destroy, ...
+  # skip_authentication only: :index
+  # skip_authentication only: %i[:index, :show]
 
 <% unless options[:singleton] -%>
   def index
@@ -53,9 +10,8 @@ class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
 <% end -%>
 
   def show
-    # true
-    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.<%= singular_table_name %>_ids }
+    # current_user.<%= plural_table_name %>.exists?(id: params[:id])
+    # <%= singular_table_name.classify %>.exists?(id: params[:id])
   end
 
   def new
@@ -63,9 +19,7 @@ class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
   end
 
   def edit
-    # true
-    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.<%= singular_table_name %>_ids }
+    # current_user.<%= plural_table_name %>.exists?(id: params[:id])
   end
 
   def create
@@ -73,15 +27,10 @@ class <%= controller_class_name %>Authorizer < ApplicationAuthorizer
   end
 
   def update
-    # true
-    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.<%= singular_table_name %>_ids }
+    # current_user.<%= plural_table_name %>.exists?(id: params[:id])
   end
 
   def destroy
-    # true
-    # <%= singular_table_name.classify %>.where(user: authenticated).find(params[:id]).avaliable?
-    # { id: authenticated.<%= singular_table_name %>_ids }
+    # current_user.<%= plural_table_name %>.exists?(id: params[:id])
   end
-
 end

data/lib/generators/action_authorizer/authorizer/templates/authorizer_spec.rb

@@ -1,134 +1,106 @@
 require 'rails_helper'
 
 RSpec.describe <%= controller_class_name %>Authorizer, type: :authorizer do
-
   # let(:guest_user) { nil }
-  # let(:one_user) { double('Authenticated', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [1]) }
-  # let(:two_user) { double('Authenticated', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [2]) }
-  # let(:admin_user) { double('Authenticated', admin_group?: true, user_group?: false) }
+  # let(:one_user) { double('User', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [1]) }
+  # let(:two_user) { double('User', admin_group?: false, user_group?: true, <%= singular_table_name %>_ids: [2]) }
+  # let(:admin_user) { double('User', admin_group?: true, user_group?: false) }
 
 <% unless options[:singleton] -%>
-  # context '#index' do
-  #   describe 'authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :index)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :index)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :index)).to be_authorized }
+  # describe '#index' do
+  #   context 'when authorize' do
+  #     it { expect(one_user).to be_authorized(:index) }
+  #     it { expect(two_user).to be_authorized(:index) }
+  #     it { expect(admin_user).to be_authorized(:index) }
   #   end
 
-  #   describe 'not authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :index)).to be_unauthorized }
+  #   context 'when not authorize' do
+  #     it { expect(guest_user).to be_unauthorized(:index) }
   #   end
   # end
 <% end -%>
 
-  # context '#show' do
-  #   describe 'authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :show, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :show, id: 2)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :show, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :show, id: 2)).to be_authorized }
+  # describe '#show' do
+  #   context 'when authorize' do
+  #     it { expect(one_user).to be_authorized(:show, id: 1) }
+  #     it { expect(two_user).to be_authorized(:show, id: 2) }
+  #     it { expect(admin_user).to be_authorized(:show, id: 1) }
+  #     it { expect(admin_user).to be_authorized(:show, id: 2) }
   #   end
 
-  #   describe 'not authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :show, id: 1)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :show, id: 2)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :show, id: 1)).to be_unauthorized }
+  #   context 'when not authorize' do
+  #     it { expect(guest_user).to be_unauthorized(:show, id: 1) }
+  #     it { expect(one_user).to be_unauthorized(:show, id: 2) }
+  #     it { expect(two_user).to be_unauthorized(:show, id: 1) }
   #   end
   # end
 
-  # context '#new' do
-  #   describe 'authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :new)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :new)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :new)).to be_authorized }
+  # describe '#new' do
+  #   context 'when authorize' do
+  #     it { expect(one_user).to be_authorized(:new) }
+  #     it { expect(two_user).to be_authorized(:new) }
+  #     it { expect(admin_user).to be_authorized(:new) }
   #   end
 
-  #   describe 'not authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :new)).to be_unauthorized }
+  #   context 'when not authorize' do
+  #     it { expect(guest_user).to be_unauthorized(:new) }
   #   end
   # end
 
-  # context '#edit' do
-  #   describe 'authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :edit, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :edit, id: 2)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :edit, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :edit, id: 2)).to be_authorized }
+  # describe '#edit' do
+  #   context 'when authorize' do
+  #     it { expect(one_user).to be_authorized(:edit, id: 1) }
+  #     it { expect(two_user).to be_authorized(:edit, id: 2) }
+  #     it { expect(admin_user).to be_authorized(:edit, id: 1) }
+  #     it { expect(admin_user).to be_authorized(:edit, id: 2) }
   #   end
 
-  #   describe 'not authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :edit, id: 1)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :edit, id: 2)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :edit, id: 1)).to be_unauthorized }
+  #   context 'when not authorize' do
+  #     it { expect(guest_user).to be_unauthorized(:edit, id: 1) }
+  #     it { expect(one_user).to be_unauthorized(:edit, id: 2) }
+  #     it { expect(two_user).to be_unauthorized(:edit, id: 1) }
   #   end
   # end
 
-  # context '#create' do
-  #   describe 'authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :create)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :create)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :create)).to be_authorized }
+  # describe '#create' do
+  #   context 'when authorize' do
+  #     it { expect(one_user).to be_authorized(:create) }
+  #     it { expect(two_user).to be_authorized(:create) }
+  #     it { expect(admin_user).to be_authorized(:create) }
   #   end
 
-  #   describe 'not authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :create)).to be_unauthorized }
+  #   context 'when not authorize' do
+  #     it { expect(guest_user).to be_unauthorized(:create) }
   #   end
   # end
 
-  # context '#update' do
-  #   describe 'authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :update, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :update, id: 2)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :update, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :update, id: 2)).to be_authorized }
+  # describe '#update' do
+  #   context 'when authorize' do
+  #     it { expect(one_user).to be_authorized(:update, id: 1) }
+  #     it { expect(two_user).to be_authorized(:update, id: 2) }
+  #     it { expect(admin_user).to be_authorized(:update, id: 1) }
+  #     it { expect(admin_user).to be_authorized(:update, id: 2) }
   #   end
 
-  #   describe 'not authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :update, id: 1)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :update, id: 2)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :update, id: 1)).to be_unauthorized }
+  #   context 'when not authorize' do
+  #     it { expect(guest_user).to be_unauthorized(:update, id: 1) }
+  #     it { expect(one_user).to be_unauthorized(:update, id: 2) }
+  #     it { expect(two_user).to be_unauthorized(:update, id: 1) }
   #   end
   # end
 
-  # context '#destroy' do
-  #   describe 'authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :destroy, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :destroy, id: 2)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :destroy, id: 1)).to be_authorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(admin_user, :destroy, id: 2)).to be_authorized }
+  # describe '#destroy' do
+  #   context 'when authorize' do
+  #     it { expect(one_user).to be_authorized(:destroy, id: 1) }
+  #     it { expect(two_user).to be_authorized(:destroy, id: 2) }
+  #     it { expect(admin_user).to be_authorized(:destroy, id: 1) }
+  #     it { expect(admin_user).to be_authorized(:destroy, id: 2) }
   #   end
 
-  #   describe 'not authorize' do
-  #     it { expect(<%= controller_class_name %>Authorizer.new(guest_user, :destroy, id: 1)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(one_user, :destroy, id: 2)).to be_unauthorized }
-
-  #     it { expect(<%= controller_class_name %>Authorizer.new(two_user, :destroy, id: 1)).to be_unauthorized }
+  #   context 'when not authorize' do
+  #     it { expect(guest_user).to be_unauthorized(:destroy, id: 1) }
+  #     it { expect(one_user).to be_unauthorized(:destroy, id: 2) }
+  #     it { expect(two_user).to be_unauthorized(:destroy, id: 1) }
   #   end
   # end
-
 end

data/lib/generators/action_authorizer/install/install_generator.rb

@@ -1,31 +1,16 @@
 class ActionAuthorizer::InstallGenerator < Rails::Generators::Base # :nodoc:
-  desc 'Creates an initializer with default action_authorizer configuration and copy locale file'
+  source_root File.expand_path('../templates', __FILE__)
 
-  def create_application_authorize_file
-    create_file 'app/authorizers/application_authorizer.rb', <<-RUBY
-class ApplicationAuthorizer < ActionAuthorizer::Base
-end
-    RUBY
+  def create_authorizers
+    template 'app/authorizers/action_authorizer/base.rb'
+    template 'app/authorizers/application_authorizer.rb'
   end
 
-  def create_action_authorizer_helper_file
-    create_file 'app/helpers/action_authorizer_helper.rb', <<-RUBY
-module ActionAuthorizerHelper
-  # Add helpers to check authorization authenticated.
-  # def unauthorized? controller, action, params = {}
-  # def authorized? controller, action, params = {}
-  # ex.:
-  #   <%= link_to 'Models', models_path if authorized? :models, :index %>
-  #   <%= link_to 'Models Dashboard', dashboard_models_path if authorized? 'dashborad/models', :index %>
-  #   <%= link_to 'Model', model_path(@model) if authorized? :models, :show, id: @model.id %>
-  #   <%= link_to 'Model', edit_model_path(@model) if authorized? :models, :edit, id: @model.to_param %>
-  include ActionAuthorizer::Helper
-
-  # def authenticated
-  #   current_user
-  # end
-end
-    RUBY
+  def create_helpers
+    template 'app/helpers/action_authorizer_helper.rb'
   end
 
-end
+  def create_spec_helpers
+    template 'spec/action_authorizer_matchers_helper.rb'
+  end
+end

data/lib/generators/action_authorizer/install/templates/app/authorizers/action_authorizer/base.rb

@@ -0,0 +1,29 @@
+require 'action_authorizer/result_error.rb'
+
+class ActionAuthorizer::Base
+  attr_reader :current_user, :params
+
+  def initialize(current_user, params)
+    @current_user = current_user
+    @params = params
+  end
+
+  def skip?(action)
+    false
+  end
+
+  class << self
+    def authorized?(current_user, controller, action, params)
+      authorizer = "#{controller}_authorizer".classify.constantize.new(current_user, params)
+      result = (authorizer.skip?(action) || !!current_user&.persisted?) && authorizer.respond_to?(action.to_sym) && authorizer.send(action.to_sym)
+      raise ActionAuthorizer::ResultError.new(result) if [true, false].exclude?(result)
+      result
+    end
+
+    def skip_authentication(only: nil)
+      define_method(:skip?) do |action|
+        only.blank? || [only].compact.flatten.map!(&:to_sym).include?(action.to_sym)
+      end
+    end
+  end
+end

data/lib/generators/action_authorizer/install/templates/app/authorizers/application_authorizer.rb

@@ -0,0 +1,2 @@
+class ApplicationAuthorizer < ActionAuthorizer::Base
+end

data/lib/generators/action_authorizer/install/templates/app/helpers/action_authorizer_helper.rb

@@ -0,0 +1,9 @@
+module ActionAuthorizerHelper
+  def authorized?(action, params = {})
+    authozired_controller? controller_path, action, params
+  end
+
+  def authozired_controller?(controller, action, params = {})
+    ActionAuthorizer::Base.authorized?(current_user, controller, action, params)
+  end
+end

data/lib/generators/action_authorizer/install/templates/spec/action_authorizer_matchers_helper.rb

@@ -0,0 +1,13 @@
+RSpec::Matchers.define :be_authorized do |action, params = {}|
+  match do |current_user|
+    controller = described_class.to_s.underscore.gsub('_authorizer', '')
+    ActionAuthorizer::Base.authorized?(current_user, controller, action, params)
+  end
+end
+
+RSpec::Matchers.define :be_unauthorized do |action, params = {}|
+  match do |current_user|
+    controller = described_class.to_s.underscore.gsub('_authorizer', '')
+    !ActionAuthorizer::Base.authorized?(current_user, controller, action, params)
+  end
+end

metadata

@@ -1,27 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: action_authorizer
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 2.0.1
 platform: ruby
 authors:
 - Marcelo Junior
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-21 00:00:00.000000000 Z
+date: 2018-12-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.0'
 description: Rails authorization with controllers's actions.
@@ -33,9 +33,7 @@ files:
 - MIT-LICENSE
 - README.md
 - lib/action_authorizer.rb
-- lib/action_authorizer/base.rb
-- lib/action_authorizer/config.rb
-- lib/action_authorizer/helper.rb
+- lib/action_authorizer/result_error.rb
 - lib/action_authorizer/version.rb
 - lib/generators/action_authorizer/authorizer/USAGE
 - lib/generators/action_authorizer/authorizer/authorizer_generator.rb
@@ -43,7 +41,10 @@ files:
 - lib/generators/action_authorizer/authorizer/templates/authorizer_spec.rb
 - lib/generators/action_authorizer/install/USAGE
 - lib/generators/action_authorizer/install/install_generator.rb
-- lib/tasks/action_authorizer_tasks.rake
+- lib/generators/action_authorizer/install/templates/app/authorizers/action_authorizer/base.rb
+- lib/generators/action_authorizer/install/templates/app/authorizers/application_authorizer.rb
+- lib/generators/action_authorizer/install/templates/app/helpers/action_authorizer_helper.rb
+- lib/generators/action_authorizer/install/templates/spec/action_authorizer_matchers_helper.rb
 homepage: https://github.com/juniormesquitadandao/action_authorizer
 licenses:
 - MIT
@@ -54,17 +55,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '1.9'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Action Authorizer

data/lib/action_authorizer/base.rb

@@ -1,60 +0,0 @@
-class ActionAuthorizer::Base
-
-  def initialize(authenticated, action, params = {})
-    @authenticated = authenticated
-    @action = action.to_sym
-    @params = params
-  end
-
-  def unauthorized?
-    return true if !authenticated && !skip_authentication && skip_authentication_only.exclude?(action)
-
-    @result = send(action)
-    if !result.kind_of?(Hash)
-      result.blank?
-    elsif params.empty?
-      false
-    else
-      unauthorized_params?
-    end
-  end
-
-  def authorized?
-    !unauthorized?
-  end
-
-  class << self
-    def skip_authentication
-      define_method(:skip_authentication) do
-        true
-      end
-    end
-
-    def skip_authentication_only *actions
-      define_method(:skip_authentication_only) do
-        actions
-      end
-    end
-  end
-
-  private
-
-  attr_reader :authenticated, :action, :params, :result
-
-  def unauthorized_params?
-    unauthorized_params = result.select do |name, values|
-      param_value = params[name].to_s
-      param_value.present? && values.map!{|v| v.to_s}.exclude?(param_value)
-    end
-    unauthorized_params.any?
-  end
-
-  def skip_authentication
-    false
-  end
-
-  def skip_authentication_only
-    []
-  end
-
-end

data/lib/action_authorizer/config.rb

@@ -1,31 +0,0 @@
-require 'active_support/concern'
-
-module ActionAuthorizer::Config
-  extend ActiveSupport::Concern
-
-  def authenticated
-    current_user
-  end
-
-  def respond_unauthorized_on_production_environment
-    render file: Rails.root.join('public/404'), layout: false, status: :not_found
-  end
-
-  def authorize!
-    unauthorize! if unauthorized?
-  end
-
-  def unauthorized?
-    authorizer = "#{controller_path}_authorizer".classify.constantize
-    authorizer.new(authenticated, action_name.to_sym, params.except(:controller, :action)).unauthorized?
-  end
-
-  def unauthorize!
-    if Rails.env.production?
-      respond_unauthorized_on_production_environment
-    else
-      raise ActionController::RoutingError, "No route matches [#{env['REQUEST_METHOD']}] #{env['PATH_INFO'].inspect}"
-    end
-  end
-
-end

data/lib/action_authorizer/helper.rb

@@ -1,19 +0,0 @@
-require 'active_support/concern'
-
-module ActionAuthorizer::Helper
-  extend ActiveSupport::Concern
-
-  def authenticated
-    current_user
-  end
-
-  def authorized? controller, action, params = {}
-    !unauthorized? controller, action, params
-  end
-
-  def unauthorized? controller, action, params = {}
-    authorizer = "#{controller.to_s}_authorizer".classify.constantize
-    authorizer.new(authenticated, action.to_sym, params).unauthorized?
-  end
-
-end

data/lib/tasks/action_authorizer_tasks.rake

@@ -1,4 +0,0 @@
-# desc "Explaining what the task does"
-# task :action_authorizer do
-#   # Task goes here
-# end