active_permission 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5d51048fc3edb6e14ac8f39eaf433b70371fe9f7
+  data.tar.gz: a6dac96c1c9df176981a6fd6ae6a157f564c3d96
+SHA512:
+  metadata.gz: 2082819334f72c46e40522642d17542aa4aaf95d8fb690c860e6b31e2b2d1e5428e41200d584cf8a4e5e4cbc0cc73796870ef5ed859de06ba9752ff42f611ad2
+  data.tar.gz: 6d9e8299ea7b794178e401bb29d96ee80043741f70533671429e1eac50b8f1d83640b2e5ca5da75bc7d15a9b7c7ed2a94100214f7bdaffb4df92d92752befd0e

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in activepermission.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Evgeniy Shurmin
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,105 @@
+# ActivePermission
+
+This gem allow you load and authorize resource in Ruby on Rails inside controllers or views using rules with described permissions of user.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```
+gem 'activepermission'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install activepermission
+
+## Usage
+
+### Define Abilities
+
+Add a new class in `app/models/permissions.rb` with the following contents:
+
+```
+class Permissions < ActivePermission::Base
+  def initialize(user = nil)
+    can 'books', 'index'
+    can 'books, 'show' do |catalog, book|
+      catalog.published? and book.published?
+    end
+    can 'books, ['edit','update','destroy'] do |book|
+      book.author == user
+    end
+  end
+end
+```
+
+### Load Resource and authorization examples
+
+```
+class BooksController < ApplicationController
+  resource :book, object: 'Book'
+end
+```
+
+```
+class BooksController < ApplicationController
+  resource :book do
+    Book.find(params[:id])
+  end
+end
+```
+
+```
+class BooksController < ApplicationController
+  resource :catalog, object: 'Catalog', key: :catalog_id, parent: true
+  resource :book, through: :catalog, association: :books
+  authorize :catalog, :book, only: :show
+  authorize :book, only: [ :edit, :update, :destroy ]
+end
+```
+
+```
+class BooksController < ApplicationController
+  resource :book, object: 'Book', only: [ :show, :destroy ]
+  def show
+    @book = Book.find(params[:id])
+    authorize! @book
+  end
+  def destroy
+    @book = Book.find(params[:id])
+    if authorize @book, :destroy
+      @book.destroy
+    else
+      flash[:warning] = 'Can't delete book'
+    end
+  end
+end
+```
+
+### Check Abilities
+
+```
+<% if can? 'books', 'show', @book %>
+  <%= render 'book', book: @book %>
+<% end %>
+```
+
+```
+<% if can? 'books', ['edit', 'update'], @book %>
+  <%= render 'links', book: @book %>
+<% end %>
+```
+
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/activepermission/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,8 @@
+require 'rubygems'
+require 'bundler/gem_tasks'
+require 'rake'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new do |t|
+  t.verbose = false
+end

data/activepermission.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+
+require 'active_permission/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'active_permission'
+  spec.version       = ActivePermission::VERSION
+  spec.platform      = Gem::Platform::RUBY
+  spec.authors       = ['Evgeniy Shurmin']
+  spec.email         = ['eshurmin@gmail.com']
+  spec.summary       = %q{This gem allow you load and authorize resource in Ruby on Rails inside controllers or views using rules with described permissions of user.}
+  spec.homepage      = 'http://github.com/jpascal/active_permission'
+  spec.license       = 'MIT'
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_path  = 'lib'
+
+  spec.required_ruby_version = '>= 1.9.2'
+
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec'
+
+  spec.add_dependency 'activesupport'
+end

data/lib/active_permission.rb

@@ -0,0 +1,13 @@
+require 'active_permission/version'
+require 'active_permission/controller_additions'
+require 'active_permission/base'
+
+module ActivePermission
+  class AccessDenied < RuntimeError
+    attr_reader :secure
+    def initialize(message, secure = true)
+      super(message)
+      @secure = secure
+    end
+  end
+end

data/lib/active_permission/base.rb

@@ -0,0 +1,39 @@
+module ActivePermission
+  #   class UserPermission < ActivePermission::Base
+  #     def initialize(user)
+  #       if user.admin?
+  #         can 'manage/root', :index
+  #       else
+  #         can 'root', :all
+  #       end
+  #     end
+  #   end
+  class Base
+    def can(controllers, actions, &block)
+      @allowed_actions ||= {}
+      Array(controllers).each do |controller|
+        Array(actions).each do |action|
+          @allowed_actions[[controller.to_s, action.to_s]] = block || true
+        end
+      end
+    end
+    def can?(controllers, actions, *resource)
+      @allowed_actions ||= {}
+      Array(controllers).each do |controller|
+        Array(actions).each do |action|
+          allowed = @allowed_actions[[controller.to_s, action.to_s]]
+          result = allowed && (allowed == true || resource && allowed.call(*resource))
+          return result if result == true
+        end
+      end
+      false
+    end
+    def can!(controllers, actions, *resource)
+      if can?(controllers, actions, *resource)
+        true
+      else
+        raise AccessDenied.new("Access denied by #{self.class.name} to #{resource.inspect}")
+      end
+    end
+  end
+end

data/lib/active_permission/controller_additions.rb

@@ -0,0 +1,108 @@
+module ActivePermission
+  module ControllerAdditions
+    module ClassMethods
+      # Sets up a before filter which loads the model resource into an instance variable by name.
+      #
+      #   class BooksController < ApplicationController
+      #     resource :book, object: 'Book'
+      #   end
+      #
+      #   class BooksController < ApplicationController
+      #     resource :book do
+      #       Book.find(params[:id])
+      #     end
+      #   end
+      #
+      # Options:
+      # [:+only+]
+      #   Work as before filter parameter.
+      #
+      # [:+except+]
+      #   Work as before filter parameter.
+      #
+      # [:+if+]
+      #   Work as before filter parameter.
+      #
+      # [:+unless+]
+      #   Work as before filter parameter.
+      #
+      # [:+object+]
+      #   Object used to fetch record (string, symbol or class).
+      #
+      # [:+through+]
+      #   Load this resource through another one.
+      #
+      # [:+association+]
+      #   The name of the association to fetch the child records through the parent resource.
+      #
+      # [:+key+]
+      #   The name of parameters from params.
+      #
+      # [:+parent+]
+      #   Fetch first record from scope.
+
+      def resource(name, options = {}, &block)
+        send(:before_action, options.slice(:only, :except, :if, :unless)) do |controller|
+          if block_given?
+            instance_variable_set "@#{name}", controller.instance_eval(&block)
+          else
+            if options[:through] and options[:association]
+              object = instance_variable_get("@#{options[:through]}").send(options[:association])
+            elsif options[:object].nil?
+              raise AccessDenied.new("Access denied in #{controller.params[:controller]}::#{controller.params[:action]}. Required set a option :object.")
+            elsif options[:object].kind_of? Symbol
+              object = send(options[:object])
+            elsif options[:object].kind_of? String
+              object = options[:object].camelize.constantize
+            else
+              object = options[:object]
+            end
+
+            if options[:parent]
+              object = object.where(:id => controller.params[(options[:key] || :id).to_sym]).first!
+            else
+              if controller.params[:action].to_sym == :new
+                object = object.new
+              elsif not [:create, :index].include?(controller.params[:action].to_sym)
+                object = object.where(:id => controller.params[(options[:key] || :id).to_sym]).first!
+              end
+            end
+            instance_variable_set "@#{name}", object
+          end
+        end
+      end
+
+      def authorize(resources = nil, options = {})
+        send(:before_action, options.slice(:only, :except, :if, :unless)) do |controller|
+          objects = Array(resources).map {|resource| instance_variable_get("@#{resource.to_s}") }
+          current_permissions.can!(controller.params[:controller], controller.params[:action], *objects)
+        end
+      end
+      
+      def current_permissions
+        @permissions ||= ActivePermission::Base.new
+      end
+    end
+
+    module  InstanceMethods
+      def authorize!(resource, options = {})
+        options = params.merge(options)
+        current_permissions.can!(options[:controller], options[:action], resource)
+      end
+
+      def authorize?(resource, options = {})
+        options = params.merge(options)
+        current_permissions.can?(options[:controller], options[:action], resource)
+      end
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+      base.include InstanceMethods
+      base.delegate :can?, :can!, :to => :current_permissions
+      base.helper_method :can?, :can!
+    end
+
+  end
+end
+

data/lib/active_permission/version.rb

@@ -0,0 +1,3 @@
+module ActivePermission
+  VERSION = '0.1.1'
+end

data/spec/permissions_spec.rb

@@ -0,0 +1,44 @@
+require 'spec_helper'
+
+class Permissions < ActivePermission::Base
+  def initialize
+    can 'manage/root', :index
+    can 'manage/root', :show
+    can 'manage/root1', [:index, :show]
+    can %w(manage/root2 manage/root3), :index
+    can %w(manage/root4 manage/root5), [:index, :show]
+  end
+end
+
+describe ActivePermission::Base do
+  let(:permissions) { Permissions.new }
+  it 'abilities on manage/root' do
+    expect(permissions.can?('manage/root', 'index')).to eql(true)
+    expect(permissions.can?('manage/root', 'edit')).to eql(false)
+    expect(permissions.can?('manage/root', 'show')).to eql(true)
+  end
+  it 'abilities on manage/root1' do
+    expect(permissions.can?('manage/root1', 'index')).to eql(true)
+    expect(permissions.can?('manage/root1', 'edit')).to eql(false)
+    expect(permissions.can?('manage/root1', 'show')).to eql(true)
+  end
+  it 'abilities on manage/{root2, root3}' do
+    expect(permissions.can?('manage/root2', 'index')).to eql(true)
+    expect(permissions.can?('manage/root2', 'edit')).to eql(false)
+    expect(permissions.can?('manage/root2', 'show')).to eql(false)
+    expect(permissions.can?('manage/root3', 'index')).to eql(true)
+    expect(permissions.can?('manage/root3', 'edit')).to eql(false)
+    expect(permissions.can?('manage/root3', 'show')).to eql(false)
+  end
+  it 'abilities on manage/{root2, root3}' do
+    expect(permissions.can?('manage/root4', 'index')).to eql(true)
+    expect(permissions.can?('manage/root4', 'edit')).to eql(false)
+    expect(permissions.can?('manage/root4', 'show')).to eql(true)
+    expect(permissions.can?('manage/root5', 'index')).to eql(true)
+    expect(permissions.can?('manage/root5', 'edit')).to eql(false)
+    expect(permissions.can?('manage/root5', 'show')).to eql(true)
+  end
+  it 'default to deny' do
+    expect(permissions.can?('manage/unknown', 'show')).to eql(false)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+require 'bundler/setup'
+Bundler.setup
+
+require 'active_permission'
+
+RSpec.configure do |config|
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification
+name: active_permission
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Evgeniy Shurmin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-01-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- eshurmin@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- activepermission.gemspec
+- lib/active_permission.rb
+- lib/active_permission/base.rb
+- lib/active_permission/controller_additions.rb
+- lib/active_permission/version.rb
+- spec/permissions_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/jpascal/active_permission
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.9.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: This gem allow you load and authorize resource in Ruby on Rails inside controllers
+  or views using rules with described permissions of user.
+test_files:
+- spec/permissions_spec.rb
+- spec/spec_helper.rb