action_bouncer 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 737c58734c45cfd9ea3b705412d84a0674952509
-  data.tar.gz: 428e63fc796799241ced68c3a3f12b3d74886e12
+  metadata.gz: ea988351cd9b96ae83cfcb77a9523a6012d87eac
+  data.tar.gz: 9a7046bfc38c1f086854076f45a80a5535ceb621
 SHA512:
-  metadata.gz: 7a2a51d32a80c19f0c6d859581bdc3965b07eec6537c9e92b340e2212725208b274fe8f3ff8923e1b918f0344a4f023616449159ce76d48ff51449dde57cc3e6
-  data.tar.gz: 899deb6408b2523f08b70259375c9b95cdc7002379c08a573aef05c5200e2da0e903fb96110f2b179ee9d1bb939364a03733d911b4f04149fa45bc450d340806
+  metadata.gz: 44b598c4812fb59bc9ba1758ee9d59e76119bc89347537771cf50f9ff85abcb252582f741f594f3e7f7512a0b0873e4accbfcae243d61a1286037e68317545fd
+  data.tar.gz: 800b74c749214f02d234e9c7787b61205b2ad2be53720e5b2cb4332c67518575a43d28f4f9fb09d2dc7d34ea8faf5ca434e99d48139d89f3ea37f84745af4d7c

data/README.md

@@ -0,0 +1,94 @@
+# ActionBouncer
+
+[![Circle CI](https://circleci.com/gh/oswaldoferreira/action_bouncer/tree/master.svg?style=svg)](https://circleci.com/gh/oswaldoferreira/action_bouncer/tree/master)
+
+It's a dead simple Rails authorization lib for well defined authorization objects interfaces.
+
+## Installing
+
+Add it to your gemfile:
+
+`gem 'action_bouncer'`
+
+Or manually install it:
+
+`gem install action_bouncer`
+
+## Examples
+
+Allowing user to access specific actions:
+
+```ruby
+class UsersController < ApplicationController
+  allow :current_user, to: [:index, :new], if: :admin?
+
+  def index
+  end
+
+  def new
+  end
+
+  def edit
+  end
+end
+```
+
+Allowing user to access all actions:
+
+```ruby
+class UsersController < ApplicationController
+  allow :current_user, to: :all, if: :admin?
+
+  def index
+  end
+
+  def new
+  end
+
+  def edit
+  end
+end
+```
+
+Also, you can pass multiple methods that your authorizable object responds to:
+
+```ruby
+allow :current_user, to: [:index, :new], if: [:admin?, :leader?]
+```
+
+And allow users with different authorizations to access different actions:
+
+```ruby
+allow :current_user, to: :index, if: :leader?
+allow :current_user, to: :all, if: :admin?
+```
+
+When not authorized, `ActionBouncer` raises an exception that can be rescued on your `ApplicationController`:
+
+```ruby
+class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception
+
+  before_action :authenticate_user!
+
+  include ActionBouncer
+
+  rescue_from ActionBouncer::Unauthorized,
+    with: :user_not_authorized
+
+  private
+
+  def user_not_authorized
+    render nothing: true, status: :unauthorized
+  end
+end
+```
+
+## Development
+
+```
+bundle install
+bundle exec rspec spec
+```
+
+Feel free to create issues and submit pull requests.

data/Rakefile

@@ -14,11 +14,6 @@ RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
 
-
-
-
-
-
 Bundler::GemHelper.install_tasks
 
 require 'rake/testtask'

data/lib/action_bouncer.rb

@@ -1,14 +1,16 @@
+require 'action_bouncer/allowance'
 require 'action_bouncer/authorization'
 
 module ActionBouncer
   def self.included(klass)
     klass.class_eval do
       def self.allow(resource, options)
-        @_authorization = Authorization.new(resource, options)
+				@_allowances ||= []
+        @_allowances << Allowance.new(resource, options)
       end
 
       def self._authorization
-        @_authorization
+        Authorization.new(@_allowances)
       end
 
       before_action { self.class._authorization.try(:authorize!, self) }

data/lib/action_bouncer/allowance.rb

@@ -0,0 +1,32 @@
+module ActionBouncer
+  class Allowance
+    attr_reader :resource_sym
+
+    def initialize(resource_sym, options)
+      @resource_sym, @options = resource_sym, options
+    end
+
+    def not_allowed?(controller, action)
+      resource = controller.send(@resource_sym)
+      !allowed_action?(action) || !matches_resource_condition?(resource)
+    end
+
+    private
+
+    def allowed_action?(action)
+      allowed_actions.include?(action.to_sym) || allowed_actions.include?(:all)
+    end
+
+    def matches_resource_condition?(resource)
+      conditions.any? { |condition| resource.send(condition).present? }
+    end
+
+    def allowed_actions
+      Array.wrap(@options[:to])
+    end
+
+    def conditions
+      Array.wrap(@options[:if])
+    end
+  end
+end

data/lib/action_bouncer/authorization.rb

@@ -2,41 +2,20 @@ module ActionBouncer
   class Unauthorized < StandardError; end
 
   class Authorization
-    attr_reader :resource_sym
-
-    def initialize(resource_sym, options)
-      @resource_sym, @options = resource_sym, options
+    def initialize(allowances)
+      @allowances = allowances
     end
 
     def authorize!(controller)
-      action = controller.send(:params).fetch(:action)
-      resource = controller.send(@resource_sym)
-
-      fail Unauthorized if unauthorized?(action, resource)
+      return if @allowances.nil?
+      fail Unauthorized if unauthorized?(controller)
     end
 
     private
 
-    def unauthorized?(action, resource)
-      !authorized_action?(action) || !matches_resource_condition?(resource)
-    end
-
-    def authorized_action?(action)
-      allowed_actions.include?(action.to_sym) || allowed_actions.include?(:all)
-    end
-
-    def matches_resource_condition?(resource)
-      conditions.any? { |condition| resource.send(condition).present? }
-    end
-
-    def allowed_actions
-      allowed_actions = @options[:to]
-      allowed_actions.is_a?(Array) ? allowed_actions : [allowed_actions]
-    end
-
-    def conditions
-      conditions = @options[:if]
-      conditions.is_a?(Array) ? conditions : [conditions]
+    def unauthorized?(controller)
+      action = controller.send(:params).fetch(:action)
+      @allowances.all? { |allowance| allowance.not_allowed?(controller, action) }
     end
   end
 end

data/lib/action_bouncer/version.rb

@@ -1,3 +1,3 @@
 module ActionBouncer
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

data/spec/controllers/all_param_controller_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+class AllParamController < ActionController::Base
+  helper_method :current_user
+
+  include ActionBouncer
+
+  allow :current_user, to: :all, if: :admin?
+
+  def index
+    render nothing: true, status: :success
+  end
+
+  def new
+    render nothing: true, status: :success
+  end
+
+  def edit
+    render nothing: true, status: :success
+  end
+end
+
+describe AllParamController do
+  before do
+    Rails.application.routes.draw do
+      get '/index' => 'all_param#index'
+      get '/new' => 'all_param#new'
+      get '/edit' => 'all_param#edit'
+    end
+  end
+
+  context 'when authorized' do
+    before do
+      allow(subject).to receive(:current_user) { OpenStruct.new(admin?: true) }
+    end
+
+    it { expect{ get :edit }.not_to raise_error }
+    it { expect{ get :index }.not_to raise_error }
+    it { expect{ get :new }.not_to raise_error }
+  end
+
+  context 'when not authorized' do
+    before do
+      allow(subject).to receive(:current_user) { OpenStruct.new(admin?: false) }
+    end
+
+    it { expect{ get :edit }.to raise_error{ ActionBouncer::Unauthorized } }
+    it { expect{ get :index }.to raise_error{ ActionBouncer::Unauthorized } }
+    it { expect{ get :new }.to raise_error{ ActionBouncer::Unauthorized } }
+  end
+end
+

data/spec/controllers/array_params_controller_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+class ArrayParamsController < ActionController::Base
+  helper_method :current_user
+
+  def current_user
+    OpenStruct.new(admin?: false, leader?: true)
+  end
+
+  include ActionBouncer
+
+  allow :current_user, to: [:index, :new], if: [:admin?, :leader?]
+
+  def index
+    render nothing: true, status: :success
+  end
+
+  def new
+    render nothing: true, status: :success
+  end
+
+  def edit
+    render nothing: true, status: :success
+  end
+end
+
+describe ArrayParamsController do
+  before do
+    Rails.application.routes.draw do
+      get '/index' => 'array_params#index'
+      get '/new' => 'array_params#new'
+      get '/edit' => 'array_params#edit'
+    end
+  end
+
+  it { expect{ get :edit }.to raise_error(ActionBouncer::Unauthorized) }
+  it { expect{ get :index }.not_to raise_error }
+  it { expect{ get :new }.not_to raise_error }
+end

data/spec/controllers/multiple_allowances_controller_spec.rb

@@ -0,0 +1,64 @@
+require 'spec_helper'
+
+class MultipleAllowancesController < ActionController::Base
+  helper_method :current_user
+
+  include ActionBouncer
+
+  allow :current_user, to: [:index, :new], if: [:leader?, :admin?]
+  allow :current_user, to: :edit, if: :admin?
+
+  def index
+    render nothing: true, status: :success
+  end
+
+  def new
+    render nothing: true, status: :success
+  end
+
+  def edit
+    render nothing: true, status: :success
+  end
+end
+
+describe MultipleAllowancesController do
+  before do
+    Rails.application.routes.draw do
+      get '/index' => 'multiple_allowances#index'
+      get '/new' => 'multiple_allowances#new'
+      get '/edit' => 'multiple_allowances#edit'
+    end
+  end
+
+  context 'when authorized' do
+    context 'as leader' do
+      before do
+        allow(subject).to receive(:current_user) { OpenStruct.new(leader?: true) }
+      end
+
+      it { expect{ get :index }.not_to raise_error }
+      it { expect{ get :new }.not_to raise_error }
+    end
+
+    context 'as admin' do
+      before do
+        allow(subject).to receive(:current_user) { OpenStruct.new(admin?: true) }
+      end
+
+      it { expect{ get :index }.not_to raise_error }
+      it { expect{ get :new }.not_to raise_error }
+      it { expect{ get :edit }.not_to raise_error }
+    end
+  end
+
+  context 'when not authorized' do
+    context 'when leader' do
+      before do
+        allow(subject).to receive(:current_user) { OpenStruct.new(leader?: true) }
+      end
+
+      it { expect{ get :edit }.to raise_error{ ActionBouncer::Unauthorized } }
+    end
+  end
+end
+

data/spec/controllers/no_setup_controller_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+class NoSetupController < ActionController::Base
+  helper_method :current_user
+
+  include ActionBouncer
+
+  def index
+    render nothing: true, status: :success
+  end
+end
+
+describe NoSetupController do
+  before do
+    Rails.application.routes.draw do
+      get '/index' => 'no_setup#index'
+    end
+  end
+
+  it { expect{ get :index }.not_to raise_error }
+end
+

data/spec/controllers/symbol_params_controller_spec.rb

@@ -0,0 +1,34 @@
+require 'spec_helper'
+
+class SymbolParamsController < ActionController::Base
+  helper_method :current_user
+
+  def current_user
+    OpenStruct.new(admin?: true)
+  end
+
+  include ActionBouncer
+
+  allow :current_user, to: :index, if: :admin?
+
+  def index
+    render nothing: true, status: :success
+  end
+
+  def new
+    render nothing: true, status: :success
+  end
+end
+
+describe SymbolParamsController do
+  before do
+    Rails.application.routes.draw do
+      get '/index' => 'symbol_params#index'
+      get '/new' => 'symbol_params#new'
+    end
+  end
+
+  it { expect{ get :new }.to raise_error(ActionBouncer::Unauthorized) }
+  it { expect{ get :index }.not_to raise_error }
+end
+