admission 0.4.5 → 0.4.6

data/README.md

@@ -1,24 +0,0 @@
-# Admission
-A system to manage user privileges. Heavily inspired by cancan.
-
-### Is it "cancancancan"?
-Yes, sort of. It's built around the same premise: having an index of rules, which resolve into entitling allowance for an user to a named action. But in Cancan you have to create your own system of privileges. Admission on the other hand is meant for the cases where you need the user to have multiple privileges, while having clear rules to resolve precedences between them.
-
-The other thing that always bugged me about cancan (and was proven problematic in production) is that users' ability rules are loaded every time again, for every instance of the user record. I tried to introduce some kind of caching - only ended up making this library.       
-
-## Is it any good?
-[yes](https://news.ycombinator.com/item?id=3067434)
-
-## write-me please
-### status 
-* used in production for a rails app
-* tests are only "ok"
-* documentation non-existent
-
-### to-do list
-- [ ] reuse arbitration instance
-- [x] Admission::Denied must be able to tell the requested action and scope
-- [x] minitest helpers
-- [ ] rspec helpers
-- [ ] test guides
-- [ ] rails example

data/bin/build

@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-cd visualisation
-yarn run build
-
-cd ..
-git add -f visualisation/dist/app.js
-
-rm *.gem
-gem build admission.gemspec

data/bin/rspec

@@ -1,8 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rubygems'
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
-require 'bundler/setup' if File.exists?(ENV['BUNDLE_GEMFILE'])
-
-load Gem.bin_path('rspec-core', 'rspec')

data/spec/integration/action_arbitrating_spec.rb

@@ -1,119 +0,0 @@
-require_relative '../spec_helper'
-
-RSpec.describe 'actions_arbitrating' do
-
-  def arbitration request, context=nil
-    person = Person.new 'person', Person::MALE, [:czech]
-    arbitration = Admission::Arbitration.new person, ACTIONS_RULES, request
-    arbitration.prepare_sitting context
-    arbitration
-  end
-
-  def privilege *args, context: nil
-    p = Admission::Privilege.get_from_order PRIVILEGES_ORDER, *args
-    p = p.dup_with_context context if context
-    p
-  end
-
-  def rule request, privilege
-    arbitration(request, privilege.context).rule_per_privilege privilege
-  end
-
-  it 'allows human to do anything' do
-    expect(
-        rule :anything, privilege(:human)
-    ).to eql(true)
-  end
-
-  it 'disallows woman to do anything' do
-    person = Person.new 'person', Person::FEMALE, [:czech]
-    arbitration = Admission::Arbitration.new person, ACTIONS_RULES, :anything
-    arbitration.prepare_sitting
-    expect(
-        arbitration.rule_per_privilege privilege(:human)
-    ).to eql(false)
-  end
-
-  it 'allow woman-count to do anything in her country' do
-    person = Person.new 'person', Person::FEMALE, [:czech]
-    arbitration = Admission::Arbitration.new person, ACTIONS_RULES, :anything
-    arbitration.prepare_sitting :czech
-    expect(
-        arbitration.rule_per_privilege privilege(:human, :count, context: :czech)
-    ).to eql(true)
-  end
-
-  it 'allows only king to raise taxes' do
-    expect(
-        rule :raise_taxes, privilege(:human)
-    ).to eql(:forbidden)
-
-    expect(
-        rule :raise_taxes, privilege(:human, :count)
-    ).to eql(:forbidden)
-
-    expect(
-        rule :raise_taxes, privilege(:human, :king)
-    ).to eql(true)
-  end
-
-  it 'allows count and king to impose corvee in his countries' do
-    expect(
-        rule :impose_corvee,
-            privilege(:human, :count, context: :czech)
-    ).to eql(true)
-
-    expect(
-        rule :impose_corvee,
-            privilege(:human, :king, context: :czech)
-    ).to eql(true)
-  end
-
-  it 'forbids count and king to impose corvee outside his countries' do
-    expect(
-        rule :impose_corvee,
-            privilege(:human, :count, context: :taiwan)
-    ).to eql(:forbidden)
-
-    expect(
-        rule :impose_corvee,
-            privilege(:human, :king, context: :taiwan)
-    ).to eql(:forbidden)
-  end
-
-  it 'forbids any human to impose a draft' do
-    expect(
-        rule :impose_draft, privilege(:human)
-    ).to eql(:forbidden)
-
-    expect(
-        rule :impose_draft, privilege(:human, :count)
-    ).to eql(:forbidden)
-
-    expect(
-        rule :impose_draft, privilege(:human, :king)
-    ).to eql(:forbidden)
-  end
-
-  it 'allows lord to impose draft' do
-    expect(
-        rule :impose_draft,
-            privilege(:vassal, :lord)
-    ).to eql(true)
-  end
-
-  it 'forbids emperor to impose draft because of inheritance' do
-    expect(
-        rule :impose_draft,
-            privilege(:emperor)
-    ).to eql(:forbidden)
-  end
-
-  it 'allows emperor to act as god' do
-    expect(
-        rule :act_as_god,
-            privilege(:emperor)
-    ).to eql(true)
-  end
-
-end

data/spec/integration/resource_arbitrating_spec.rb

@@ -1,276 +0,0 @@
-require_relative '../spec_helper'
-
-RSpec.describe 'resources_arbitrating' do
-
-  let(:person){ Person.new 'person', Person::MALE, [:czech] }
-  let(:female){ Person.new 'female', Person::FEMALE, [:czech] }
-
-  def arbitration scope, action, context=nil
-    arbitration = Admission::ResourceArbitration.new person, RESOURCE_RULES, action, scope
-    arbitration.prepare_sitting context
-    arbitration
-  end
-
-  def privilege *args, context: nil
-    p = Admission::Privilege.get_from_order PRIVILEGES_ORDER, *args
-    p = p.dup_with_context context if context
-    p
-  end
-
-  def actions_rule action, privilege
-    arbitration(:actions, action, privilege.context).rule_per_privilege privilege
-  end
-
-  def rule scope, action, privilege
-    arbitration(scope, action, privilege.context).rule_per_privilege privilege
-  end
-
-  describe 'actions scope' do
-
-    it 'allows human to do anything' do
-      expect(
-          actions_rule :anything, privilege(:human)
-      ).to eql(true)
-    end
-
-    it 'disallows woman to do anything' do
-      arbitration = Admission::ResourceArbitration.new female, RESOURCE_RULES,
-          :anything, :actions
-      arbitration.prepare_sitting
-      expect(
-          arbitration.rule_per_privilege privilege(:human)
-      ).to eql(false)
-    end
-
-    it 'allow woman-count to do anything in her country' do
-      arbitration = Admission::ResourceArbitration.new female, RESOURCE_RULES,
-          :anything, :actions
-      arbitration.prepare_sitting :czech
-      expect(
-          arbitration.rule_per_privilege privilege(:human, :count, context: :czech)
-      ).to eql(true)
-    end
-
-    it 'allows only king to raise taxes' do
-      expect(
-          actions_rule :raise_taxes, privilege(:human)
-      ).to eql(:forbidden)
-
-      expect(
-          actions_rule :raise_taxes, privilege(:human, :count)
-      ).to eql(:forbidden)
-
-      expect(
-          actions_rule :raise_taxes, privilege(:human, :king)
-      ).to eql(true)
-    end
-
-    it 'allows count and king to impose corvee in his countries' do
-      expect(
-          actions_rule :impose_corvee,
-              privilege(:human, :count, context: :czech)
-      ).to eql(true)
-
-      expect(
-          actions_rule :impose_corvee,
-              privilege(:human, :king, context: :czech)
-      ).to eql(true)
-    end
-
-    it 'forbids count and king to impose corvee outside his countries' do
-      expect(
-          actions_rule :impose_corvee,
-              privilege(:human, :count, context: :taiwan)
-      ).to eql(:forbidden)
-
-      expect(
-          actions_rule :impose_corvee,
-              privilege(:human, :king, context: :taiwan)
-      ).to eql(:forbidden)
-    end
-
-    it 'forbids any human to impose a draft' do
-      expect(
-          actions_rule :impose_draft, privilege(:human)
-      ).to eql(:forbidden)
-
-      expect(
-          actions_rule :impose_draft, privilege(:human, :count)
-      ).to eql(:forbidden)
-
-      expect(
-          actions_rule :impose_draft, privilege(:human, :king)
-      ).to eql(:forbidden)
-    end
-
-    it 'allows lord to impose draft' do
-      expect(
-          actions_rule :impose_draft, privilege(:vassal, :lord)
-      ).to eql(true)
-    end
-
-    it 'forbids emperor to impose draft because of inheritance' do
-      expect(
-          actions_rule :impose_draft, privilege(:emperor)
-      ).to eql(:forbidden)
-    end
-
-    it 'allows emperor to act as god' do
-      expect(
-          actions_rule :act_as_god, privilege(:emperor)
-      ).to eql(true)
-    end
-
-  end
-
-  describe 'resources scope' do
-
-    it 'allows vassal to see only himself' do
-      expect(
-          rule person, :show, privilege(:vassal)
-      ).to eql(true)
-
-      person = Person.new 'person', Person::FEMALE, [:czech]
-      expect(
-          rule person, :show, privilege(:vassal)
-      ).to eql(false)
-    end
-
-    it 'passes nil as argument if resource-arbiter accessed by name-scope' do
-      expect{
-        rule :persons, :show, privilege(:vassal)
-      }.to raise_error('person is nil')
-    end
-
-    it 'allows vassal to list persons only per his countries' do
-      expect(
-          rule :persons, :index, privilege(:vassal, context: :czech)
-      ).to eql(true)
-
-      expect(
-          rule :persons, :index, privilege(:vassal, context: :taiwan)
-      ).to eql(false)
-    end
-
-    it 'allows access scope-arbiter by resource' do
-      expect(
-          rule person, :index, privilege(:vassal, context: :czech)
-      ).to eql(true)
-    end
-
-    it 'allows lord to see any person' do
-      expect(
-          rule person, :show, privilege(:vassal, :lord)
-      ).to eql(true)
-
-      expect(
-          rule female, :show, privilege(:vassal, :lord)
-      ).to eql(true)
-    end
-
-    it 'allows lord to list persons from his country' do
-      expect(
-          rule person, :index, privilege(:vassal, context: :czech)
-      ).to eql(true)
-
-      expect(
-          rule :persons, :index, privilege(:vassal, context: :czech)
-      ).to eql(true)
-
-      expect(
-          rule person, :index, privilege(:vassal, context: :taiwan)
-      ).to eql(false)
-    end
-
-    it 'allows lord to update person that is from his country' do
-      expect(
-          rule female, :update,
-              privilege(:vassal, :lord, context: :czech)
-      ).to eql(true)
-
-      expect(
-          rule female, :update, privilege(:vassal, :lord)
-      ).to eql(false)
-    end
-
-    it 'disallows lord to update person not from his country' do
-      female = Person.new 'person', Person::FEMALE, [:taiwan]
-
-      expect(
-          rule female, :update,
-              privilege(:vassal, :lord, context: :czech)
-      ).to eql(false)
-
-      expect(
-          rule female, :update,
-              privilege(:vassal, :lord, context: :taiwan)
-      ).to eql(false)
-    end
-
-    it 'ensures lord cannot update person accessing him by scope-name' do
-      expect(
-          rule :persons, :update, privilege(:vassal, :lord)
-      ).to eql(false)
-    end
-
-    it 'disallows vassal to update person' do
-      expect(
-          rule person, :update, privilege(:vassal, context: :czech)
-      ).to eql(false)
-    end
-
-    it 'allows lord to destroy person from his country' do
-      female = Person.new 'person', Person::FEMALE, [:taiwan]
-
-      expect(
-          rule person, :destroy,
-              privilege(:vassal, :lord, context: :czech)
-      ).to eql(true)
-
-      expect(
-          rule female, :destroy,
-              privilege(:vassal, :lord, context: :czech)
-      ).to eql(false)
-    end
-
-    it 'disallows lord to destroy apache helicopter' do
-      helicopter = Person.new 'person', Person::APACHE_HELICOPTER, [:czech]
-      expect(
-          rule helicopter, :destroy,
-              privilege(:vassal, :lord, context: :czech)
-      ).to eql(false)
-    end
-
-  end
-
-  describe 'nested resource scope' do
-
-    it 'allows any lord to list others possessions' do
-      expect(
-          rule [person, :possessions], :index, privilege(:vassal, :lord)
-      ).to eql(true)
-
-      expect(
-          rule [person, :possessions], :index, privilege(:vassal)
-      ).to eql(false)
-    end
-
-    it 'allows lord to update possessions of his country' do
-      expect(
-          rule [person, :possessions], :update, privilege(:vassal, :lord)
-      ).to eql(false)
-
-      expect(
-          rule [person, :possessions], :update,
-              privilege(:vassal, :lord, context: :czech)
-      ).to eql(true)
-
-      expect(
-          rule [person, :possessions], :update,
-              privilege(:vassal, :lord, context: :taiwan)
-      ).to eql(false)
-    end
-
-  end
-
-end

data/spec/rspec_config.rb

@@ -1,103 +0,0 @@
-# This file was generated by the `rspec --init` command. Conventionally, all
-# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# The generated `.rspec` file contains `--require spec_helper` which will cause
-# this file to always be loaded, without a need to explicitly require it in any
-# files.
-#
-# Given that it is always loaded, you are encouraged to keep this file as
-# light-weight as possible. Requiring heavyweight dependencies from this file
-# will add to the boot time of your test suite on EVERY test run, even for an
-# individual file that may not need all of that loaded. Instead, consider making
-# a separate helper file that requires the additional dependencies and performs
-# the additional setup, and require it from the spec files that actually need
-# it.
-#
-# The `.rspec` file also contains a few flags that are not defaults but that
-# users commonly want.
-#
-# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
-RSpec.configure do |config|
-  # rspec-expectations config goes here. You can use an alternate
-  # assertion/expectation library such as wrong or the stdlib/minitest
-  # assertions if you prefer.
-  config.expect_with :rspec do |expectations|
-    # This option will default to `true` in RSpec 4. It makes the `description`
-    # and `failure_message` of custom matchers include text for helper methods
-    # defined using `chain`, e.g.:
-    #     be_bigger_than(2).and_smaller_than(4).description
-    #     # => "be bigger than 2 and smaller than 4"
-    # ...rather than:
-    #     # => "be bigger than 2"
-    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
-  end
-
-  # rspec-mocks config goes here. You can use an alternate test double
-  # library (such as bogus or mocha) by changing the `mock_with` option here.
-  config.mock_with :rspec do |mocks|
-    # Prevents you from mocking or stubbing a method that does not exist on
-    # a real object. This is generally recommended, and will default to
-    # `true` in RSpec 4.
-    mocks.verify_partial_doubles = true
-  end
-
-  # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
-  # have no way to turn it off -- the option exists only for backwards
-  # compatibility in RSpec 3). It causes shared context metadata to be
-  # inherited by the metadata hash of host groups and examples, rather than
-  # triggering implicit auto-inclusion in groups with matching metadata.
-  config.shared_context_metadata_behavior = :apply_to_host_groups
-
-# The settings below are suggested to provide a good initial experience
-# with RSpec, but feel free to customize to your heart's content.
-
-  # This allows you to limit a spec run to individual examples or groups
-  # you care about by tagging them with `:focus` metadata. When nothing
-  # is tagged with `:focus`, all examples get run. RSpec also provides
-  # aliases for `it`, `describe`, and `context` that include `:focus`
-  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
-  # config.filter_run_when_matching :focus
-
-  # Allows RSpec to persist some state between runs in order to support
-  # the `--only-failures` and `--next-failure` CLI options. We recommend
-  # you configure your source control system to ignore this file.
-  # config.example_status_persistence_file_path = "spec/examples.txt"
-
-  # Limits the available syntax to the non-monkey patched syntax that is
-  # recommended. For more details, see:
-  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
-  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
-  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
-  config.disable_monkey_patching!
-
-  # This setting enables warnings. It's recommended, but in some cases may
-  # be too noisy due to issues in dependencies.
-  # config.warnings = true
-
-  # Many RSpec users commonly either run the entire suite or an individual
-  # file, and it's useful to allow more verbose output when running an
-  # individual spec file.
-  # if config.files_to_run.one?
-  #   # Use the documentation formatter for detailed output,
-  #   # unless a formatter has already been configured
-  #   # (e.g. via a command-line flag).
-  #   config.default_formatter = 'doc'
-  # end
-
-  # Print the 10 slowest examples and example groups at the
-  # end of the spec run, to help surface which specs are running
-  # particularly slow.
-  # config.profile_examples = 10
-
-  # Run specs in random order to surface order dependencies. If you find an
-  # order dependency and want to debug it, you can fix the order by providing
-  # the seed, which is printed after each run.
-  #     --seed 1234
-  config.order = :random
-
-  # Seed global randomization in this process using the `--seed` CLI option.
-  # Setting this allows you to use `--seed` to deterministically reproduce
-  # test failures related to randomization by passing the same `--seed` value
-  # as the one that triggered the failure.
-  # Kernel.srand config.seed
-
-end