active_control 0.0.1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in access_control.gemspec
+gemspec

data/README.rdoc

@@ -0,0 +1,37 @@
+= ActiveControl
+
+<tt>ActiveControl</tt> is a very simple authorization solution with no dependencies. Each rule is stored in the class that grant permission. Other object can then check if they have access to a specific action via the <tt>can?</tt> method (or via <tt>cannot?</tt>).
+
+== Install
+
+    gem install active_control
+
+== Usage
+
+The first thing to do is to <tt>include ActiveControl::Ability</tt> in the object which needs to check if it can perform an action on another object.
+
+    class User
+      include ActiveControl::Ability
+    end
+
+At the other end <tt>include ActiveControl::Authorization</tt> in the object that will  give its "blessing" or not based on some internal rules defined by you. Rules are just normal methods you have to defined at the instance-level with a specific name. E.g. if an instance of the <tt>User:Class</tt> wants to update another object you have to define <tt>authorize_user_to_update?</tt> and make it returns a boolean.
+
+    class Page
+      include ActiveControl::Authorization
+  
+      ...
+  
+      def authorize_user_to_update?(user)
+        user.id == page.user_id
+      end
+    end
+
+Then you can do something like this
+
+    if @user.can? :update, @page
+      @page.update_attributes(params[:page])
+    else
+      ...
+    end
+
+And that's it. Simple uh!

data/Rakefile

@@ -0,0 +1,18 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask.rb'
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/test_*.rb']
+end
+
+require File.expand_path("../lib/active_control/version", __FILE__)
+desc "Build the documentation"
+task :doc do
+  sh [
+    "rm -rf doc/",
+    "sdoc -N -x test -x pkg -x '(Rake|Gem)file(.lock)?' -x 'active_control.gemspec' -m README.rdoc -t 'ActiveControl #{ActiveControl::VERSION}'",
+    "open doc/index.html"
+  ].join(" && ")
+end

data/active_control.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "active_control/version"
+
+Gem::Specification.new do |s|
+  s.name        = "active_control"
+  s.version     = ActiveControl::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.summary     = "Very simple authorization solution."
+  s.description = "Very simple authorization solution with no depedencies. Each permission is stored in its class and authorizations are given through a two methods interface."
+  s.homepage    = "https://github.com/robinclart/active_control"
+
+  s.authors     = ["Robin Clart"]
+  s.email       = ["robin@charlin.be"]
+
+  s.rubyforge_project = s.name
+
+  s.add_development_dependency "sdoc", ">= 0.2.20"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/lib/active_control.rb

@@ -0,0 +1,29 @@
+#--
+# Copyright (c) 20011 Robin Clart
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require 'active_control/version'
+
+module ActiveControl
+  autoload :Ability,        'active_control/ability'
+  autoload :Authorization,  'active_control/authorization'
+end

data/lib/active_control/ability.rb

@@ -0,0 +1,47 @@
+module ActiveControl
+  # == Active Control Ability
+  #
+  # Creates two methods +can?+ and +cannot?+ to check if a remote object allows
+  # this object to perform a specific action on it.
+  #
+  # To implement, just <tt>include ActiveControl::Ability</tt> in your class:
+  #
+  #   class User
+  #     include ActiveControl::Ability
+  #   end
+  #
+  # Those two methods requires that the remote object implements an +authorize?+
+  # method that returns a boolean.
+  #
+  # A minimal implementation could be:
+  #
+  #   class User
+  #     include ActiveControl::Ability
+  #   end
+  #
+  #   class Post
+  #     def authorize?(*args)
+  #       true
+  #     end
+  #   end
+  #
+  # You could then do something like this:
+  #
+  #   user = User.new
+  #   post = Post.new
+  #
+  #   puts user.can?(:update, post)
+  #   >> true
+  #
+  # Instead of defining an +authorize?+ method manually you could also implement
+  # ActiveControl::Authorization on the remote object.
+  module Ability
+    def can?(action, remote_object)
+      remote_object.authorize?(self, action)
+    end
+
+    def cannot?(*args)
+      !can?(*args)
+    end
+  end
+end

data/lib/active_control/authorization.rb

@@ -0,0 +1,31 @@
+module ActiveControl
+  # == Active Control Authorization
+  #
+  # Creates an +authorize?+ method.
+  #
+  # To implement, just <tt>include ActiveControl::Authorization</tt> in your
+  # class:
+  #
+  #   class User
+  #     include ActiveControl::Authorization
+  #   end
+  #
+  # The +authorize?+ method is responsible for giving authorization to another
+  # object to perform a specific action.
+  #
+  # Internally +authorize?+ will delegate to another method. The name of this
+  # other method is defined during runtime and is based on two things:
+  #
+  # * the class name of the object seeking for permission;
+  # * the action name.
+  #
+  # E.g. if an instance of the <tt>User:Class</tt> wanted to update your object
+  # you'd have to define a +authorize_user_to_update?+ method.
+  module Authorization
+    def authorize?(caller_object, action)
+      caller_name = caller_object.class.name.gsub("::", "_")
+      action = [caller_name, action.to_s].join("_to_").downcase
+      self.send "authorize_#{action}?", caller_object
+    end
+  end
+end

data/lib/active_control/version.rb

@@ -0,0 +1,3 @@
+module ActiveControl
+  VERSION = "0.0.1"
+end

data/test/test_active_control.rb

@@ -0,0 +1,54 @@
+require File.expand_path('../../lib/active_control', __FILE__)
+require 'minitest/autorun'
+
+class User
+  include ActiveControl::Ability
+end
+
+module Admin
+  class User
+  end
+end
+
+class Comment
+  include ActiveControl::Authorization
+
+  def authorize_admin_user_to_manage?(user)
+    true
+  end
+
+  def authorize_user_to_manage?(user)
+    true
+  end
+
+  def authorize_user_to_destroy?(user)
+    false
+  end
+
+  def authorize_user_to_read?(user)
+    true
+  end
+end
+
+class TestActiveControl < MiniTest::Unit::TestCase
+  def setup
+    @user = User.new
+    @comment = Comment.new
+  end
+
+  def test_can?
+    assert @user.can? :manage, @comment
+  end
+
+  def test_cannot?
+    assert @user.cannot? :destroy, @comment
+  end
+
+  def test_authorize?
+    assert @comment.authorize?(@user, :read)
+  end
+
+  def test_authorize_in_a_namespace
+    assert @comment.authorize?(Admin::User.new, :manage)
+  end
+end

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification 
+name: active_control
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Robin Clart
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-06-02 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: sdoc
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 0.2.20
+  type: :development
+  version_requirements: *id001
+description: Very simple authorization solution with no depedencies. Each permission is stored in its class and authorizations are given through a two methods interface.
+email: 
+- robin@charlin.be
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- README.rdoc
+- Rakefile
+- active_control.gemspec
+- lib/active_control.rb
+- lib/active_control/ability.rb
+- lib/active_control/authorization.rb
+- lib/active_control/version.rb
+- test/test_active_control.rb
+homepage: https://github.com/robinclart/active_control
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: active_control
+rubygems_version: 1.8.4
+signing_key: 
+specification_version: 3
+summary: Very simple authorization solution.
+test_files: 
+- test/test_active_control.rb