active_entry 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15c793e52a2f7f0b43f1752bb61303f2fae758c763264fe3e73561ca3c272b8b
-  data.tar.gz: 49ba592be85bb9f3f1642d748e4cbc235b4f49461dca4483773fb1de85252028
+  metadata.gz: 1e6ea0fd23af731840ed3e6f003c7b6beff6a14b2922bbb96444a5bfbeec58ae
+  data.tar.gz: b4a47cede63aa58e6f1675ab704fce6b7a7e4c4b46fc791330c4e770158bc6db
 SHA512:
-  metadata.gz: 1e009ca5bbd3b9c2d4153f96cf4dd864dd83196c317c276a7d2a71bde273325c6a59f2340e28ca6cadc83c4430da0fefa1f07846ffdd0d9e42409c2b91eab73e
-  data.tar.gz: 9e62985d0726b6323126b3929d7a3b9ad2d1d6d51e8488da8a6f7061b8c2d9efb94f284b260d69d344f0a8f140afa5b1428a4fb9c20d632a037542ca1d28da34
+  metadata.gz: c1dba6e952921afc6260b4a7e54878f2db97235f5d5c531dc769a34daf8bb65682f8d377670265000697e8715495f9a152a2be25aa05211a5916109e0db18e69
+  data.tar.gz: 5e813dd7d89ec9eb0514b470fcc3b1a7ffb256ea5d20f3f53e75bfc029a072dbff813a9413127cf83818e3d2d173f22240c7d91f0c3c2da335d069f0edd8b1e8

data/README.md

@@ -53,8 +53,10 @@ end
 
 Active Entry expects boolean return values from `authenticated?` and `authorized?`. `true` signals successful authentication/authorization, everything else not.
 
+### Rescuing from errors
+
 If the user is signed in, he is authenticated and authorized if he is an admin, otherwise an `ActiveEntry::NotAuthenticatedError` or `ActiveEntry::NotAuthorizedError` will be raised.
-Now you just have to catch this error and react accordingly. Rails has the convinient `rescue_from` for that.
+Now you just have to catch this error and react accordingly. Rails has the convenient `rescue_from` for that.
 
 ```ruby
 class ApplicationController < ActionController::Base
@@ -79,9 +81,38 @@ end
 
 In this example above, the user will be redirected with a flash message. But you can do whatever you want. For example logging.
 
-Active Entry also has a few helper methods which help you to distinguish between RESTful controller actions.
+### Scoped decision makers
+
+Instead of putting all authentication/authorization logic into `authenticated?` and `authorized?` you can create scoped decision makers:
+
+```ruby
+class DashboardController < ApplicationController
+  before_action :authenticate!, :authorize!
+
+  def index_authenticated?
+    # Do your authentication for the index action only
+  end
+  def index_authorized?
+    # Do your authorization for the index action only
+  end
+  def index
+    # Actual action
+  end
+end
+```
+
+This puts authentication/authorization logic a lot closer to the actual action that is performed and you don't get lost in endlessly long `authenticated?` or `authorized?` decision maker methods.
+
+**Note:** The scoped authentication/authorization decision maker methods take precendence over the general ones. That means if you have an `index_authenticated?` for your index action defined, the general `authenticated?` gets ignored.
+
+### Controller helper methods
+
+Active Entry also has a few helper methods which help you to distinguish between controller actions. You can check if a specific action got called, by adding `_action?` to the action name in your `authenticated?` or `authorized?`.
+For an action `show` this would be `show_action?`.
+
+**Note:** A `NoMethodError` gets raised if you try to call `_action?` if the actual action hasn't been implemented. For example `missing_implementation_action?` raises an error as long as `#missing_implementation` hasn't been implemented as action.
 
-The following methods are available:
+The are some more helpers that check for more than one RESTful action:
 
  * `read_action?` - If the called action just read. Actions: `index`, `show`
  * `write_action?` - If the called action writes something. Actions: `new`, `create`, `edit`, `update`, `destroy`
@@ -89,15 +120,32 @@ The following methods are available:
  * `create_action?` - If something will be created. Actions: `new`, `create`
  * `update_action?` - If something will be updated. Actions: `edit`, `update`
  * `destroy_action?` - If something will be destroyed. Action: `destroy`
+ * `delete_action?` - Alias for `destroy_action?`. Action: `destroy`
 
 So you can for example do:
 
 ```ruby
-def authorized?
-  return true if read_action?    # Everybody is authorized to call read actions
+class ApplicationController < ActionController::Base
+  # ...
+
+  def show
+  end
+
+  def custom
+  end
+
+  private
 
-  if write_action?
-    return true if admin_signed_in?		# Just admins are allowed to call write actions
+  def authorized?
+    return true if read_action?    # Everybody is authorized to call read actions
+
+    if write_action?
+      return true if admin_signed_in?		# Just admins are allowed to call write actions
+    end
+
+    if custom_action?   # For custom/non-RESTful actions
+      return true
+    end
   end
 end
 ```

data/lib/active_entry.rb

@@ -6,18 +6,29 @@ require "active_entry/railtie" if defined? Rails::Railtie
 module ActiveEntry
   # Authenticates the user
   def authenticate!
+    general_decision_maker_method_name = :authenticated?
+    scoped_decision_maker_method_name = [action_name, :authenticated?].join("_").to_sym
+
+    general_decision_maker_defined = respond_to? general_decision_maker_method_name, true
+    scoped_decision_maker_defined = respond_to? scoped_decision_maker_method_name, true
+
+    # Check if a scoped decision maker method is defined and use it over
+    # general decision maker method.
+    decision_maker_to_use = scoped_decision_maker_defined ? scoped_decision_maker_method_name : general_decision_maker_method_name
+
     # Raise an error if the #authenticate? action isn't defined.
     #
     # This ensures that you actually do authentication in your controller.
-    raise ActiveEntry::AuthenticationNotPerformedError unless defined?(authenticated?)
+    if !scoped_decision_maker_defined && !general_decision_maker_defined 
+      raise ActiveEntry::AuthenticationNotPerformedError
+    end
     
     error = {}
-    is_authenticated = nil
 
-    if method(:authenticated?).arity > 0
-      is_authenticated = authenticated?(error)
+    if method(decision_maker_to_use).arity > 0
+      is_authenticated = send decision_maker_to_use, error
     else
-      is_authenticated = authenticated?
+      is_authenticated = send decision_maker_to_use
     end
     
     # If the authenticated? method returns not true
@@ -30,18 +41,29 @@ module ActiveEntry
   
   # Authorizes the user.
   def authorize!
+    general_decision_maker_method_name = :authorized?
+    scoped_decision_maker_method_name = [action_name, :authorized?].join("_").to_sym
+
+    general_decision_maker_defined = respond_to? general_decision_maker_method_name, true
+    scoped_decision_maker_defined = respond_to? scoped_decision_maker_method_name, true
+
+    # Check if a scoped decision maker method is defined and use it over
+    # general decision maker method.
+    decision_maker_to_use = scoped_decision_maker_defined ? scoped_decision_maker_method_name : general_decision_maker_method_name
+
     # Raise an error if the #authorize? action isn't defined.
     #
     # This ensures that you actually do authorization in your controller. 
-    raise ActiveEntry::AuthorizationNotPerformedError unless defined?(authorized?)
+    if !scoped_decision_maker_defined && !general_decision_maker_defined 
+      raise ActiveEntry::AuthorizationNotPerformedError
+    end
     
     error = {}
-    is_authorized = nil
 
-    if method(:authorized?).arity > 0
-      is_authorized = authorized?(error)
+    if method(decision_maker_to_use).arity > 0
+      is_authorized = send(decision_maker_to_use, error)
     else
-      is_authorized = authorized?
+      is_authorized = send(decision_maker_to_use)
     end
 
     # If the authorized? method does not return true

data/lib/active_entry/controller_methods.rb

@@ -3,6 +3,20 @@
 # Helper methods for your controller
 # to identify RESTful actions.
 module ActiveEntry
+  def method_missing method_name, *args
+    method_name_str = method_name.to_s
+    
+    if methods.include?(:action_name) && method_name_str.include?("_action?")
+      method_name_str.slice! "_action?"
+      
+      if methods.include? method_name_str.to_sym
+        return method_name_str == action_name
+      end
+    end
+
+    super
+  end
+
   # @return [Boolean]
   #    True if the called action
   #    is a only-read action.
@@ -31,20 +45,6 @@ module ActiveEntry
     action_name == 'destroy'
   end
 
-  # @return [Boolean]
-  #    True if the called action
-  #    is the index action.
-  def index_action?
-    action_name == 'index'
-  end
-
-  # @return [Boolean]
-  #    True if the called action
-  #    is the show action.
-  def show_action?
-    action_name == 'show'
-  end
-
   # @note
   #    Also true for the pseudo
   #    update action `new`.
@@ -78,6 +78,5 @@ module ActiveEntry
   def destroy_action?
     action_name == 'destroy'
   end
-
   alias delete_action? destroy_action?
 end

data/lib/active_entry/version.rb

@@ -1,3 +1,3 @@
 module ActiveEntry
-  VERSION = '1.0.1'
+  VERSION = '1.1.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active_entry
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - TFM Agency GmbH
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-02 00:00:00.000000000 Z
+date: 2021-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -67,6 +67,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ffaker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: An easy and flexible access control system. No need for policies, abilities,
   etc. Do authentication and authorization directly in your controller.
 email: