action_sentinel 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: fa3b8401bf44885aec2145a79689ff7f38b02dac73c69922fbc22c0fdbd7b307
+  data.tar.gz: 6e4b635a86277548e76d18b6f4f73e5aa73619f5941923e2cfd5433acf7e526f
+SHA512:
+  metadata.gz: b19c9599910bce3915839ee7342090bfc66b5dbe46b8cbb11f6e96da2c55d0efed6a64e2bdae8b20d99b7e256f2bae3a2bf27aeb4b55b4315294a7a98f95d974
+  data.tar.gz: 22dd485c1ba4af40cdd4cd6076a98e267515510c6eb63f3c13e68c4567fce329d59dc940679170d644ef71bc4d3574a54925390c396aee1e258efbf1fc6051c6

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,32 @@
+AllCops:
+  TargetRubyVersion: 2.6
+  Exclude:
+    - "lib/generators/**/templates/*"
+  NewCops: disable
+
+Style/Documentation:
+  Enabled: true
+  Exclude:
+    - "lib/generators/action_sentinel/**"
+    - "spec/support/*"
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Style/StringLiteralsInInterpolation:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/LineLength:
+  Max: 120
+
+Metrics/BlockLength:
+  Enabled: true
+  Exclude:
+    - "spec/**/*"
+
+Naming/HeredocDelimiterNaming:
+  Enabled: true
+  Exclude:
+    - "action_sentinel.gemspec"

data/.yardopts

@@ -0,0 +1 @@
+--exclude lib/generators/action_sentinel/templates/

data/CHANGELOG.md

@@ -0,0 +1,5 @@
+## [Unreleased]
+
+## [0.1.0] - 2023-12-04
+
+- Initial release

data/Gemfile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in action_sentinel.gemspec
+gemspec
+
+gem "rake", "~> 13.0"

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2023 Denis Stael
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,170 @@
+# ActionSentinel
+
+Simple authorization of controller actions based on model-level permissions.
+
+This gem enables access authorization control, based on the access permission settings for each controller and its actions, at the model level.
+
+## Installation
+
+### 1. Add the gem into your project
+
+Add this to your Gemfile and run `bundle install`.
+
+```ruby
+gem 'action_sentinel'
+```
+
+Or install it yourself as:
+```sh
+gem install action_sentinel
+```
+
+### 2. Generate AccessPermission Model
+
+Use the ActionSentinel generator to create the AccessPermission model and its relationship, which AccessPermission will belong to. You must specify the name of the model that will have access permissions. For example, if you want to set permissions to a User model, you can use:
+
+```
+rails g action_sentinel:access_permission User
+```
+
+If your database uses UUID for the primary and foreign keys, you can pass the `--uuid` option:
+
+```
+rails g action_sentinel:access_permission User --uuid
+```
+
+The generator will create the AccessPermission model and a migration, and insert into your User class the method `action_permissible`, which includes the new methods and associates the model with the access permissions:
+
+```ruby
+# AccessPermission model
+class AccessPermission < ApplicationRecord
+  belongs_to :user
+
+  validates :controller_name, uniqueness: { scope: :group_id }
+end
+
+# User model with permissions added
+class User < ApplicationRecord
+  action_permissible
+end
+
+```
+
+### 3. Run the migration
+
+```
+rails db:migrate
+```
+
+### 4. Include authorization in ApplicationController
+
+Include `ActionSentinel::Authorization` into your application controller:
+
+```ruby
+class ApplicationController < ActionController::Base
+  include ActionSentinel::Authorization
+end
+```
+
+## Usage
+
+### Adding permissions
+
+It is possible to add one or more permissions to access a controller, calling:
+
+```ruby
+# Adding permission to access show action in UsersController
+user.add_permissions_to 'show', 'users'
+
+# Adding permissions to access create and update actions in UsersController
+user.add_permissions_to 'create', 'update', 'users'
+```
+_The arguments must be related to the actions of a controller, and the last argument is the name of the controller. The actions arguments must be in downcase format and must be equal to the actions methods of the controller. The controller argument, must be in downcase and plural format, ignoring the "Controller" prefix._
+
+_For example: a controller called `UsersController` must be passed just as `users`._
+
+Also is possible to pass the arguments as symbols:
+```ruby
+user.add_permissions_to :create, :update, :users
+```
+
+### Removing permissions
+
+It is possible to remove one or more permissions to access a controller, calling:
+
+```ruby
+# Removing permission to access create action in UsersController
+user.remove_permissions_to 'create', 'users'
+
+# Removing permissions to access create and update actions in UsersController
+user.remove_permissions_to 'create', 'update', 'users'
+```
+
+### Checking if has permission to access an action
+
+To check if the user has permission to access an action from a controller, you just need to call the method `has_permission_to?` passing the action and the controller as argument:
+
+```ruby
+user.has_permission_to? 'create', 'users'
+```
+
+## Authorization
+
+To authorize the actions in a controller, you must call `authorize_action!`. Action Sentinel will authorize the access if the current user has permission to access the action.
+
+```ruby
+def create
+  authorize_action!
+  
+  # implementation code
+end
+```
+
+Also can be called in `before_action` method:
+
+```ruby
+before_action :authorize_action!
+```
+
+### Action User
+
+The authorization module expects that a `current_user` method exists into your controller (if you are using devise for example), but you can override `action_user` method to reflect your current user:
+
+```ruby
+class ApplicationController < ActionController::Base
+  include ActionSentinel::Authorization
+
+  protected
+
+  def action_user
+    your_current_user
+  end
+end
+```
+
+### Rescuing an UnauthorizedAction in ApplicationController
+---
+
+Action Sentinel raises an `ActionSentinel::UnauthorizedAction` if the user does not have the permission to access an action. You can rescue this error and respond in your customized format using `rescue_from` in your `ApplicationController`:
+
+```ruby
+class ApplicationController < ActionController::Base
+  include ActionSentinel::Authorization
+
+  rescue_from ActionSentinel::UnauthorizedAction, with: :unauthorized_action
+
+  protected
+
+  def unauthorized_action(error)
+    render json: { error_message: error.message }, status: :forbidden
+  end
+end
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/Null-Bug-Company/action_sentinel.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+require "rubocop/rake_task"
+
+RuboCop::RakeTask.new
+
+task default: %i[spec rubocop]

data/lib/action_sentinel/authorization.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ActionSentinel
+  # Authorization methods for controlling access to controller actions.
+  module Authorization
+    protected
+
+    # Authorize the current user to access the controller action.
+    #
+    # @raise [UnauthorizedAction] if the user is not authorized.
+    # @return [void]
+    def authorize_action!
+      return if action_user.has_permission_to?(action_name, controller_name)
+
+      raise UnauthorizedAction, "Not allowed to access '#{action_name}' action in #{controller_name}_controller"
+    end
+
+    # Retrieve the user associated with the current action.
+    #
+    # This method expects a current_user method with the current authenticated user
+    # to exist or should be overridden to reflect the current user
+    #
+    # @return [Object] The user associated with the current action.
+    def action_user
+      current_user
+    end
+  end
+end

data/lib/action_sentinel/permissible.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+require "active_support/concern"
+
+module ActionSentinel
+  # Provides methods for managing access permissions associated with a model.
+  #
+  # This module is designed to be included in models that need to manage access permissions.
+  # It introduces methods for adding, removing, and checking permissions associated with a specific
+  # controller and actions.
+  #
+  # @example Including Permissible in a Model
+  #   class User < ApplicationRecord
+  #     include ActionSentinel::Permissible
+  #   end
+  #
+  #   user = User.new
+  #   user.add_permissions_to(:create, :update, :users)
+  #   user.has_permission_to?(:create, :users) # => true
+  #
+  module Permissible
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :access_permissions
+    end
+
+    # Add permissions to the access_permissions association for a specific controller.
+    #
+    # @param actions [Array<Symbol, String>] The actions to add permissions for.
+    # @param controller_name [String] The name of the controller.
+    # @return [Boolean] true if the permission was saved, false otherwise.
+    def add_permissions_to(*actions, controller_name)
+      permission = access_permissions.find_or_initialize_by(controller_name: controller_name)
+      permission.assign_attributes(actions: (permission.actions + sanitize_actions_array(actions)).uniq)
+      permission.save
+    end
+
+    # Remove permissions from the access_permissions association for a specific controller.
+    #
+    # @param actions [Array<Symbol, String>] The actions to remove permissions for.
+    # @param controller_name [String] The name of the controller.
+    # @return [Boolean, nil] true if the permission was saved, false if it was not or nil
+    #   if the permission was not found.
+    def remove_permissions_to(*actions, controller_name)
+      permission = access_permissions.find_by(controller_name: controller_name)
+      permission&.update(actions: (permission.actions - sanitize_actions_array(actions)))
+    end
+
+    # rubocop:disable Naming/PredicateName
+
+    # Check if the model has permission to perform a specific action in a controller.
+    #
+    # @param action [Symbol, String] The action to check permission for.
+    # @param controller_name [String] The name of the controller.
+    # @return [Boolean] true if the model has permission, false otherwise.
+    def has_permission_to?(action, controller_name)
+      query = access_permissions.where(controller_name: controller_name)
+
+      query = if %w[sqlite sqlite3].include? self.class.connection.adapter_name.downcase
+                query.where("actions LIKE ?", "%#{action}%")
+              else
+                query.where(':action = ANY("access_permissions"."actions")', action: action)
+              end
+
+      query.exists?
+    end
+    # rubocop:enable Naming/PredicateName
+
+    private
+
+    # Sanitize an array of actions by converting them to strings and removing blanks.
+    #
+    # @param actions [Array<Symbol, String>] The actions to sanitize.
+    # @return [Array<String>] The sanitized actions.
+    def sanitize_actions_array(actions)
+      actions.map { |action| action.to_s unless action.blank? }.compact
+    end
+  end
+end

data/lib/action_sentinel/railtie.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require "rails/railtie"
+
+module ActionSentinel
+  class Railtie < Rails::Railtie # :nodoc:
+    initializer "action_sentinel.initialize" do
+      ActiveSupport.on_load(:active_record) do
+        ActiveRecord::Base.extend ActionSentinel
+      end
+    end
+  end
+end

data/lib/action_sentinel/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module ActionSentinel
+  VERSION = "0.1.0"
+end

data/lib/action_sentinel.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require "action_sentinel/version"
+require "action_sentinel/railtie"
+require "action_sentinel/authorization"
+require "action_sentinel/permissible"
+
+# The ActionSentinel module provides a simple mechanism for user authorization
+# within Rails applications, based on permissions in model-level.
+module ActionSentinel
+  #
+  # Exception class raised when an unauthorized action is attempted.
+  class UnauthorizedAction < StandardError; end
+
+  # Includes the Permissible module in the calling model class
+  # to manage permissions for controller actions.
+  #
+  # @example:
+  #
+  #   class User < ApplicationRecord
+  #     action_permissible
+  #   end
+  #
+  # @see ActionSentinel::Permissible
+  def action_permissible
+    include ActionSentinel::Permissible
+  end
+end

data/lib/generators/action_sentinel/access_permission_generator.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+require "rails/generators"
+require "rails/generators/active_record"
+
+module ActionSentinel
+  class AccessPermissionGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+
+    source_root File.expand_path("templates", __dir__)
+
+    argument :model_name, type: :string, desc: "Name of the model to associate with AccessPermission"
+
+    class_option :uuid, type: :boolean, default: false, desc: "Use UUID type as primary/foreign key"
+
+    def self.next_migration_number(path)
+      ActiveRecord::Generators::Base.next_migration_number(path)
+    end
+
+    def create_access_pemission_and_migration
+      inject_action_permissible_into_model
+      generate_access_permission
+      generate_migration
+    end
+
+    private
+
+    def generate_access_permission
+      template "access_permission.rb", File.join("app", "models", "access_permission.rb")
+    end
+
+    def table_id_type
+      options.uuid? ? ", id: :uuid" : ""
+    end
+
+    def generate_migration
+      migration_template "migration.rb", "db/migrate/create_access_permissions.rb"
+    end
+
+    def model_class
+      model_name.camelize
+    end
+
+    def singular_model_name
+      model_name.underscore
+    end
+
+    def migration_version
+      "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
+    end
+
+    def inject_action_permissible_into_model
+      model_file = File.join("app", "models", "#{singular_model_name}.rb")
+      inject_into_class(model_file, model_class) do
+        "\taction_permissible\n\n"
+      end
+    end
+  end
+end

data/lib/generators/action_sentinel/templates/access_permission.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AccessPermission < ApplicationRecord
+  belongs_to :<%= singular_model_name %>
+
+  validates :controller_name, uniqueness: { scope: :<%= singular_model_name %>_id }
+end

data/lib/generators/action_sentinel/templates/migration.rb

@@ -0,0 +1,13 @@
+class CreateAccessPermissions < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :access_permissions<%= table_id_type %> do |t|
+      t.string :controller_name, null: false
+      t.string :actions, null: false, array: true, default: []
+      t.references :<%= singular_model_name %>, null: false<%= table_id_type %>
+
+      t.timestamps
+    end
+
+    add_index :access_permissions, [:controller_name, :<%= singular_model_name %>_id], unique: true
+  end
+end

metadata

@@ -0,0 +1,104 @@
+--- !ruby/object:Gem::Specification
+name: action_sentinel
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Denis Stael
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-12-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.21'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.2
+description: "    This gem enables access authorization control, based on the access
+  permission settings for \n    each controller and its actions, at the model level.\n"
+email:
+- denis@nullbug.dev
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- ".rubocop.yml"
+- ".yardopts"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/action_sentinel.rb
+- lib/action_sentinel/authorization.rb
+- lib/action_sentinel/permissible.rb
+- lib/action_sentinel/railtie.rb
+- lib/action_sentinel/version.rb
+- lib/generators/action_sentinel/access_permission_generator.rb
+- lib/generators/action_sentinel/templates/access_permission.rb
+- lib/generators/action_sentinel/templates/migration.rb
+homepage: https://github.com/Null-Bug-Company/action_sentinel
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/Null-Bug-Company/action_sentinel
+  source_code_uri: https://github.com/Null-Bug-Company/action_sentinel
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.6.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.3.7
+signing_key: 
+specification_version: 4
+summary: Simple authorization of controller actions based on model-level permissions
+test_files: []