active_entry 1.2.4 → 2.0.0

data/app/controllers/concerns/active_entry/concern.rb

@@ -0,0 +1,57 @@
+require "active_support/concern"
+
+module ActiveEntry
+  module ControllerConcern
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # Methods .authenticate_now!, .authorize_now!, and .pass_now!
+      [:authenticate, :authorize, :pass].each do |method_name|
+        define_method "#{method_name}_now!" do
+          before_action do
+            args = {}
+            instance_variables.collect{ |v| v.to_s.remove("@").to_sym }.each do |name|
+              value = instance_variable_get ["@", name].join
+              next if value.nil?
+              args[name] = value
+            end
+            send "#{method_name}!", **args
+          end
+        end
+      end
+
+      def verify_authentication!
+        after_action do
+          raise AuthenticationNotPerformedError.new(self.class, action_name) unless @__authentication_done
+        end
+      end
+
+      def verify_authorization!
+        after_action do
+          raise AuthorizationNotPerformedError.new(self.class, action_name) unless @__authorization_done
+        end
+      end
+    end
+
+    def pass! **args
+      authenticate! **args
+      authorize! **args
+    end
+    
+    def authenticate! **args
+      policy_class::Authentication.pass! action_name, **args unless @__authentication_done
+      @__authentication_done = true
+    end
+
+    def authorize! **args
+      policy_class::Authorization.pass! action_name, **args unless @__authorization_done
+      @__authorization_done = true
+    end
+
+    private
+
+    def policy_class
+      PolicyFinder.policy_for self.class.name.remove("Controller")
+    end
+  end
+end

data/app/helpers/active_entry/view_helper.rb

@@ -0,0 +1,20 @@
+module ActiveEntry
+  module ViewHelper
+    def authorized_for? controller_name, action, **args
+      controller_name = controller_name.to_s.camelize.remove "Controller"
+      policy = ActiveEntry::PolicyFinder.policy_for controller_name
+      policy::Authorization.pass? action, **args
+    end
+
+    def link_to_if_authorized name = nil, options = nil, html_options = nil, &block
+      url = url_for options
+      method = options&.is_a?(Hash) && options[:method] ? options[:method].to_s.upcase : "GET"
+
+      recognized_path = Rails.application.routes.recognize_path(url, method: method)
+
+      authorized = authorized_for? recognized_path[:controller], recognized_path[:action]
+      
+      link_to name, options, html_options, &block if authorized
+    end
+  end
+end

data/lib/active_entry.rb

@@ -1,94 +1,13 @@
 require "active_entry/version"
+require "active_entry/generators"
 require "active_entry/errors"
-require "active_entry/controller_methods"
-require "active_entry/railtie" if defined? Rails::Railtie
+require "active_entry/base"
+require "active_entry/policy_finder"
 
-module ActiveEntry
-  # Verifies that #authenticate! has been called in the controller.
-  def verify_authentication!
-    raise ActiveEntry::AuthenticationNotPerformedError unless @_authentication_done == true
-  end
-
-  # Authenticates the user
-  def authenticate!
-    general_decision_maker_method_name = :authenticated?
-    scoped_decision_maker_method_name = [action_name, :authenticated?].join("_").to_sym
-
-    general_decision_maker_defined = respond_to? general_decision_maker_method_name, true
-    scoped_decision_maker_defined = respond_to? scoped_decision_maker_method_name, true
-
-    # Check if a scoped decision maker method is defined and use it over
-    # general decision maker method.
-    decision_maker_to_use = scoped_decision_maker_defined ? scoped_decision_maker_method_name : general_decision_maker_method_name
-
-    # Raise an error if the #authenticate? action isn't defined.
-    #
-    # This ensures that you actually do authentication in your controller.
-    if !scoped_decision_maker_defined && !general_decision_maker_defined 
-      raise ActiveEntry::AuthenticationDecisionMakerMissingError
-    end
-    
-    error = {}
-
-    if method(decision_maker_to_use).arity > 0
-      is_authenticated = send decision_maker_to_use, error
-    else
-      is_authenticated = send decision_maker_to_use
-    end
-
-    # Tell #verify_authentication! that authentication
-    # has been performed.
-    @_authentication_done = true
-    
-    # If the authenticated? method returns not true
-    # it raises the ActiveEntry::NotAuthenticatedError.
-    #
-    # Use the .rescue_from method from ActionController::Base
-    # to catch the exception and show the user a proper error message.
-    raise ActiveEntry::NotAuthenticatedError.new(error) unless is_authenticated == true
-  end
+require_relative "../app/controllers/concerns/active_entry/concern" if defined?(ActionController::Base)
+require 'active_entry/railtie' if defined?(Rails)
 
-  # Verifies that #authorize! has been called in the controller.
-  def verify_authorization!
-    raise ActiveEntry::AuthorizationNotPerformedError unless @_authorization_done == true
-  end
-  
-  # Authorizes the user.
-  def authorize!
-    general_decision_maker_method_name = :authorized?
-    scoped_decision_maker_method_name = [action_name, :authorized?].join("_").to_sym
+require "active_support/inflector"
 
-    general_decision_maker_defined = respond_to? general_decision_maker_method_name, true
-    scoped_decision_maker_defined = respond_to? scoped_decision_maker_method_name, true
-
-    # Check if a scoped decision maker method is defined and use it over
-    # general decision maker method.
-    decision_maker_to_use = scoped_decision_maker_defined ? scoped_decision_maker_method_name : general_decision_maker_method_name
-
-    # Raise an error if the #authorize? action isn't defined.
-    #
-    # This ensures that you actually do authorization in your controller. 
-    if !scoped_decision_maker_defined && !general_decision_maker_defined 
-      raise ActiveEntry::AuthorizationDecisionMakerMissingError
-    end
-    
-    error = {}
-
-    if method(decision_maker_to_use).arity > 0
-      is_authorized = send(decision_maker_to_use, error)
-    else
-      is_authorized = send(decision_maker_to_use)
-    end
-
-    # Tell #verify_authorization! that authorization
-    # has been performed.
-    @_authorization_done = true
-
-    # If the authorized? method does not return true
-    # it raises the ActiveEntry::NotAuthorizedError
-    #
-    # Use the .rescue_from method from ActionController::Base
-    # to catch the exception and show the user a proper error message.
-    raise ActiveEntry::NotAuthorizedError.new(error) unless is_authorized == true
-  end
+module ActiveEntry
 end

data/lib/active_entry/base.rb

@@ -0,0 +1,66 @@
+module ActiveEntry
+  class Base
+    class Authentication < Base
+      AUTH_ERROR = NotAuthenticatedError
+      
+      def self.pass! method_name, **args
+        new(method_name, **args).pass!
+      end
+
+      def self.pass? method_name, **args
+        new(method_name, **args).pass?
+      end
+    end
+
+    class Authorization < Base
+      AUTH_ERROR = NotAuthorizedError
+      
+      def self.pass! method_name, **args
+        new(method_name, **args).pass!
+      end
+
+      def self.pass? method_name, **args
+        new(method_name, **args).pass?
+      end
+    end
+
+    def initialize method_name, **args
+      @_method_name_to_entrify = method_name
+      @_args = args
+      @_args.each { |name, value| instance_variable_set ["@", name].join, value }
+    end
+
+    class << self
+      def pass! method_name, **args
+        Authentication.pass! method_name, **args
+        Authorization.pass! method_name, **args
+      end
+
+      def pass? method_name, **args
+        Authentication.pass? method_name, **args
+        Authorization.pass? method_name, **args
+      end
+    end
+
+
+    def pass!
+      pass? or raise self.class::AUTH_ERROR.new(@error, @_method_name_to_entrify, @_args)
+    end
+
+    def pass?
+      decision_maker_method.call == true
+    end
+
+    def success
+      true
+    end
+
+    private
+
+    def decision_maker_method
+      decision_maker_method_name = [@_method_name_to_entrify, "?"].join
+      raise DecisionMakerMethodNotDefinedError.new(self.class, decision_maker_method_name) unless respond_to?(decision_maker_method_name)
+      method decision_maker_method_name
+    end
+  end
+end

data/lib/active_entry/errors.rb

@@ -1,82 +1,65 @@
-# @author Tobias Feistmantl
 module ActiveEntry
-  # Generic authorization error.
-  # Other, more specific, errors inherit from this one.
-  #
-  # @raise [AuthorizationError]
-  #    if something generic is happening.
-  class AuthorizationError < StandardError
+  class Error < StandardError
   end
 
-  # Error for controllers in which authorization isn't handled.
-  #
-  # @raise [AuthorizationNotPerformedError]
-  #    if authorize! is not called
-  #    in the controller class.
-  class AuthorizationNotPerformedError < AuthorizationError
+  class AuthError < Error
+    attr_reader :error, :method, :arguments
+
+    def initialize error, method, arguments
+      @error = error
+      @method = method 
+      @arguments = arguments
+      @message = "Not authenticated/authorized for method ##{@method}"
+
+      super @message
+    end
   end
 
-  # Error for controllers in which authorization decision maker is missing.
-  #
-  # @raise [AuthorizationDecisionMakerMissingError]
-  #    if the #authorized? method isn't defined
-  #    in the controller class.
-  class AuthorizationDecisionMakerMissingError < AuthorizationError
+  class NotAuthenticatedError < AuthError
   end
 
-  # Error if user unauthorized.
-  #
-  # @raise [NotAuthorizedError]
-  #    if authorized? isn't returning true.
-  #
-  # @note
-  #    Should always be called at the end
-  #    of the #authorize! method.
-  class NotAuthorizedError < AuthorizationError
-    attr_reader :error
+  class NotAuthorizedError < AuthError
+  end
 
-    def initialize(error={})
-      @error = error
+  class NotPerformedError < Error
+    attr_reader :class_name, :method
+
+    def initialize class_name, method
+      @class_name = class_name
+      @method = method
+      @message = "Auth not performed for #{@class_name}##{@method}."
+      
+      super @message
     end
   end
 
-
-  # Base class for authentication errors.
-  #
-  # @raise [AuthenticationError]
-  #    if something generic happens.
-  class AuthenticationError < StandardError
+  class AuthenticationNotPerformedError < NotPerformedError
   end
 
-  # Error for controllers in which authentication isn't handled.
-  #
-  # @raise [AuthenticationNotPerformedError]
-  #    if authenticate! is not called
-  #    in the controller class.
-  class AuthenticationNotPerformedError < AuthenticationError
+  class AuthorizationNotPerformedError < NotPerformedError
   end
 
-  # Error for controllers in which authentication decision maker is missing.
-  #
-  # @raise [AuthenticationDecisionMakerMissingError]
-  #    if the #authenticated? method isn't defined
-  #    in the controller class.
-  class AuthenticationDecisionMakerMissingError < AuthenticationError
+  class NotDefinedError < Error
+    attr_reader :policy_name, :class_name
+
+    def initialize policy_name, class_name
+      @policy_name = policy_name
+      @class_name = class_name
+      @message = "Policy #{policy_name} for class #{@class_name} not defined."
+
+      super @message
+    end
   end
 
-  # Error if user not authenticated
-  #
-  # @raise [NotAuthenticatedError]
-  #    if authenticated? isn't returning true.
-  #
-  # @note
-  #    Should always be called at the end
-  #    of the #authenticate! method.
-  class NotAuthenticatedError < AuthenticationError
-    attr_reader :error
+  class DecisionMakerMethodNotDefinedError < Error
+    attr_reader :policy_name, :decision_maker_method_name
 
-    def initialize(error={})
-      @error = error
+    def initialize policy_name, decision_maker_method_name
+      @policy_name = policy_name
+      @decision_maker_method_name = decision_maker_method_name
+      @message = "Decision maker #{policy_name}##{decision_maker_method_name} is not defined."
+
+      super @message
     end
   end
 end

data/lib/active_entry/generators.rb

@@ -0,0 +1,4 @@
+module ActiveEntry
+  module Generators
+  end
+end

data/lib/active_entry/policy_finder.rb

@@ -0,0 +1,25 @@
+module ActiveEntry
+  class PolicyFinder
+    attr_reader :class_name
+
+    def initialize class_name
+      @class_name = class_name
+    end
+
+    class << self
+      def policy_for class_name
+        new(class_name).policy
+      end
+    end
+
+    def policy
+      policy_class_name.safe_constantize or raise NotDefinedError.new(policy_class_name, @class_name)
+    end
+
+    private
+
+    def policy_class_name
+      [@class_name, "Policy"].join
+    end
+  end
+end

data/lib/active_entry/railtie.rb

@@ -1,9 +1,9 @@
+require_relative '../../app/helpers/active_entry/view_helper'
+
 module ActiveEntry
-  class Railtie < ::Rails::Railtie
-    initializer 'active_entry.include_in_action_controller' do
-      ActiveSupport.on_load :action_controller do
-        ::ActionController::Base.include(ActiveEntry)
-      end
+  class Railtie < Rails::Railtie
+    initializer "active_entry.view_helper" do
+      ActiveSupport.on_load(:action_view) { include ActiveEntry::ViewHelper }
     end
   end
-end
+end

data/lib/active_entry/rspec.rb

@@ -0,0 +1,56 @@
+module ActiveEntry
+  module Rspec
+    module Matchers
+      extend ::RSpec::Matchers::DSL
+
+      matcher :be_authenticated_for do |action, **args|
+        match do |policy|
+          policy.pass? action, **args
+        end
+
+        description do
+          "be authenticated for #{action}"
+        end
+
+        failure_message do |policy|
+          "expected that #{policy} passes authentication for #{action}"
+        end
+      end
+
+      matcher :be_authorized_for do |action, **args|
+        match do |policy|
+          policy.pass? action, **args
+        end
+
+        description do
+          "be authorized for #{action}"
+        end
+
+        failure_message do |policy|
+          "expected that #{policy} passes authorization for #{action}"
+        end
+      end
+    end
+
+    module DSL
+    end
+
+    module PolicyExampleGroup
+      include ActiveEntry::Rspec::Matchers
+
+      def self.included(base)
+        base.metadata[:type] = :policy
+        base.extend ActiveEntry::Rspec::DSL
+        super
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include(
+    ActiveEntry::Rspec::PolicyExampleGroup,
+    type: :policy,
+    file_path: %r{spec/policies}
+  )
+end