RubyGems - admission - Versions diffs - 0.2.8 → 0.4.4 - Mend

admission 0.2.8 → 0.4.4

Files changed (130) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cdbe6dd75f329be81da0823bb25211a2c105dc1f
-  data.tar.gz: 4f77657ad36e58f3a4029fd3734d6c9837882a7b
+  metadata.gz: 27226e2614355243e1aba9de00267129fbef0f70
+  data.tar.gz: f88d58e66dd6c602dd6ba2fe0ae78d6d951c2a36
 SHA512:
-  metadata.gz: d66fd06ba392c274786b71e74b25f171bbf9b419ff5b3c0d1cf7a2c252fb4528827a7ff7bfad329fb62dc30ffbf0f954ca8b50ab738df286e81cb23e6f52b4b9
-  data.tar.gz: e051486a2089dbcf6bce1fda7d783047d0949434ecb5499cc7bf27b2d8ea421ebea79017f435884676f6aff18242bc34f297a315cbfb91603974d3ac62e423dd
+  metadata.gz: 0771d53e94477f7e59def1e84f8652d9e825f4d0bcdacd50be7a52185c82a87b65f7d2465abfaab41df43c1abb114d5d7198199d0dcc10ff74cd80bfea5c63aa
+  data.tar.gz: f6755cb896151dbcd63c80d4d101dab2656b2a39e38011632dcd562bc1abcc9ca9a06f374ce6f7cef0266eb255cbb9aa96075dc0a2b9654ff24249ae5b8fb57b

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.3.3
1	+ 2.3.6

data/Gemfile CHANGED Viewed

@@ -3,4 +3,5 @@ source "https://rubygems.org"
 gem 'rspec'
 gem 'byebug'
-gem 'rack'
+gem 'rack'
+gem 'simplecov', require: false

data/README.md CHANGED Viewed

@@ -1,2 +1,24 @@
-write-me
-(sorry, work in progress)
+# Admission
+A system to manage user privileges. Heavily inspired by cancan.
+### Is it "cancancancan"?
+Yes, sort of. It's built around the same premise: having an index of rules, which resolve into entitling allowance for an user to a named action. But in Cancan you have to create your own system of privileges. Admission on the other hand is meant for the cases where you need the user to have multiple privileges, while having clear rules to resolve precedences between them.
+The other thing that always bugged me about cancan (and was proven problematic in production) is that users' ability rules are loaded every time again, for every instance of the user record. I tried to introduce some kind of caching - only ended up making this library.
+## Is it any good?
+[yes](https://news.ycombinator.com/item?id=3067434)
+## write-me please
+### status
+* used in production for a rails app
+* tests are only "ok"
+* documentation non-existent
+### to-do list
+- [ ] reuse arbitration instance
+- [x] Admission::Denied must be able to tell the requested action and scope
+- [x] minitest helpers
+- [ ] rspec helpers
+- [ ] test guides
+- [ ] rails example

data/examples/rails5_feudalism/.gitignore ADDED Viewed

@@ -0,0 +1,19 @@
+# See https://help.github.com/articles/ignoring-files for more about ignoring files.
+#
+# If you find yourself ignoring temporary files generated by your text editor
+# or operating system, you probably want to add a global ignore instead:
+#   git config --global core.excludesfile '~/.gitignore_global'
+# Ignore bundler config.
+/.bundle
+# Ignore all logfiles and tempfiles.
+/log/*
+/tmp/*
+!/log/.keep
+!/tmp/.keep
+/node_modules
+/yarn-error.log
+.byebug_history

data/examples/rails5_feudalism/.ruby-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 2.3.3

data/examples/rails5_feudalism/Gemfile ADDED Viewed

@@ -0,0 +1,52 @@
+source 'https://rubygems.org'
+git_source(:github) do |repo_name|
+  repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/")
+  "https://github.com/#{repo_name}.git"
+end
+# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
+gem 'rails', '~> 5.1.4'
+# Use postgresql as the database for Active Record
+gem 'pg', '~> 0.18'
+# Use Puma as the app server
+gem 'puma', '~> 3.7'
+# Use SCSS for stylesheets
+gem 'sass-rails', '~> 5.0'
+# Use Uglifier as compressor for JavaScript assets
+gem 'uglifier', '>= 1.3.0'
+# See https://github.com/rails/execjs#readme for more supported runtimes
+# gem 'therubyracer', platforms: :ruby
+# Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
+gem 'jbuilder', '~> 2.5'
+# Use ActiveModel has_secure_password
+# gem 'bcrypt', '~> 3.1.7'
+# Use Capistrano for deployment
+# gem 'capistrano-rails', group: :development
+group :development, :test do
+  # Call 'byebug' anywhere in the code to stop execution and get a debugger console
+  gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
+  # Adds support for Capybara system testing and selenium driver
+  gem 'capybara', '~> 2.13'
+  gem 'selenium-webdriver'
+end
+group :development do
+  # Access an IRB console on exception pages or by using <%= console %> anywhere in the code.
+  gem 'web-console', '>= 3.3.0'
+  gem 'listen', '>= 3.0.5', '< 3.2'
+  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
+  gem 'spring'
+  gem 'spring-watcher-listen', '~> 2.0.0'
+end
+# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
+gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
+########################################################################################################################
+gem 'admission', path: File.expand_path('../../..', __FILE__)

data/examples/rails5_feudalism/README.md ADDED Viewed

@@ -0,0 +1,17 @@
+# Admission example: Rails app mimicking the mess of feudalism rules
+## Goal
+Show how to integrate Admission::ResourceArbitration into a rails app, that uses a complex case of privileges system. Each user (person) can have multiple privileges from multiple areas (countries), resulting in situations where one can do something in one area, but not in the other; where a privilege disallow doing a thing only in a single particular area. European feudalism has these wild and complex rules of inheritance, which is perfect to demonstrate how Admission's privileges one-way inheritance system deals with not that truly one-way real-world privilege inheritance system (you could've became a king -a sovereign- over a man to whom you're a vassal, resulting of insolvable situation: who's the lord to whom?).
+## Integration to Rails
+Admission is not meant to be only-rails privilege system. I'd like to include some helpers into the library though. This example then, is actually just a sandbox for me to find out the smoothest integration (controllers helpers, ActiveRecord to save privileges and more).
+## to-do list
+- [x] user privileges persistence
+- [x] privileges system (popes, other christian patriarchs, emperors, kings, lords, ...)
+- [ ] controller use of `#request!` and `Admission::Denied` handling
+- [ ] god mode: status modification and transient admission plug-off
+- [ ] nested resources allowance
+- [ ] controllers helper for resources
+- [ ] view usage of `#can?`
+- [ ] model methods and attributes allowance (params permitting?)

data/examples/rails5_feudalism/Rakefile ADDED Viewed

@@ -0,0 +1,6 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+require_relative 'config/application'
+Rails.application.load_tasks

data/examples/rails5_feudalism/app/assets/config/manifest.js ADDED Viewed

@@ -0,0 +1,3 @@
+//= link_tree ../images
+//= link_directory ../javascripts .js
+//= link_directory ../stylesheets .css

data/examples/rails5_feudalism/app/assets/images/.keep ADDED Viewed

File without changes

data/examples/rails5_feudalism/app/assets/javascripts/application.js ADDED Viewed

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, or any plugin's
+// vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file. JavaScript code in this file should be added after the last require_* statement.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require rails-ujs
+//= require jquery
+//= require_tree .

data/examples/rails5_feudalism/app/assets/stylesheets/application.css ADDED Viewed

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, or any plugin's
+ * vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. Styles in this file should be added after the last require_* statement.
+ * It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/examples/rails5_feudalism/app/assets/stylesheets/scaffolds.scss ADDED Viewed

@@ -0,0 +1,84 @@
+body {
+  background-color: #fff;
+  color: #333;
+  margin: 33px;
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size: 13px;
+  line-height: 18px;
+}
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+a {
+  color: #000;
+  &:visited {
+    color: #666;
+  }
+  &:hover {
+    color: #fff;
+    background-color: #000;
+  }
+}
+th {
+  padding-bottom: 5px;
+}
+td {
+  padding: 0 5px 7px;
+}
+div {
+  &.field, &.actions {
+    margin-bottom: 10px;
+  }
+}
+#notice {
+  color: green;
+}
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px 7px 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+  h2 {
+    text-align: left;
+    font-weight: bold;
+    padding: 5px 5px 5px 15px;
+    font-size: 12px;
+    margin: -7px -7px 0;
+    background-color: #c00;
+    color: #fff;
+  }
+  ul li {
+    font-size: 12px;
+    list-style: square;
+  }
+}
+label {
+  display: block;
+}

data/examples/rails5_feudalism/app/controllers/application_controller.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception
+  require 'admission/rails'
+  include Admission::Rails::ControllerAddon
+  Admission::Rails.log_access = true
+  def request_admission! action, scope
+    @requested_admission = {action: action, scope: scope}
+    puts "ADMISSION: #{action} over  #{scope}"
+  end
+end

data/examples/rails5_feudalism/app/controllers/concerns/.keep ADDED Viewed

File without changes

data/examples/rails5_feudalism/app/controllers/users_controller.rb ADDED Viewed

@@ -0,0 +1,75 @@
+class UsersController < ApplicationController
+  before_action :set_user, only: %i[show edit update destroy]
+  before_action :prepare_privilege_params!, only: %i[create update]
+  def index
+    @users = User.all
+  end
+  def show
+  end
+  def new
+    @user = User.new
+  end
+  def edit
+  end
+  def create
+    @user = User.new(user_params)
+    if @user.save
+      redirect_to @user, notice: 'User was successfully created.'
+    else
+      render :new
+    end
+  end
+  def update
+    if @user.update(user_params)
+      redirect_to @user, notice: 'User was successfully updated.'
+    else
+      render :edit
+    end
+  end
+  def destroy
+    @user.destroy
+    redirect_to users_url, notice: 'User was successfully destroyed.'
+  end
+  private
+  # Use callbacks to share common setup or constraints between actions.
+  def set_user
+    @user = User.find(params[:id])
+  end
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    params.fetch(:user, {}).permit privileges: {}
+  end
+  def prepare_privilege_params!
+    return unless params[:user]
+    privileges = params[:user][:privileges]
+    unless privileges
+      params[:user][:privileges] = nil
+      return
+    end
+    countries = (privileges[:country].presence || [])
+    names = privileges[:name].presence || []
+    list = countries.zip(names).map do |country, name|
+      name, level = name.split '-'
+      UserStatus.privilege_for_country name, level.presence, country
+    end
+    params[:user][:privileges] = UserStatus.dump_privileges list.compact
+    params[:user][:privileges].permit!
+  end
+end

data/examples/rails5_feudalism/app/helpers/application_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ module ApplicationHelper
2	+ end

data/examples/rails5_feudalism/app/jobs/application_job.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class ApplicationJob < ActiveJob::Base
2	+ end

data/examples/rails5_feudalism/app/models/application_record.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+end

data/examples/rails5_feudalism/app/models/concerns/.keep ADDED Viewed

File without changes

data/examples/rails5_feudalism/app/models/person.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class Person < ApplicationRecord
+  COUNTRIES = %w[Moravia Bohemia Silesia].freeze
+  has_one :user, dependent: :destroy
+  has_many :possessions, dependent: :destroy
+  has_many :traits, dependent: :destroy
+  validates_presence_of :name
+  validates_inclusion_of :country, in: COUNTRIES
+end

data/examples/rails5_feudalism/app/models/possession.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Possession < ApplicationRecord
+  belongs_to :person
+  validates_presence_of :name
+end

data/examples/rails5_feudalism/app/models/trait.rb ADDED Viewed

@@ -0,0 +1,7 @@
+class Trait < ApplicationRecord
+  belongs_to :person
+  validates_presence_of :name
+end

data/examples/rails5_feudalism/app/models/user.rb ADDED Viewed

@@ -0,0 +1,17 @@
+class User < ApplicationRecord
+  belongs_to :person
+  validates_presence_of :person
+  scope :with_privilege, -> (names) {
+    names = [names] unless names.is_a? Array
+    names = names.map{|name| "'#{name}'"}.join ','
+    where.not(privileges: nil).where("\"users\".\"privileges\"->'_all' ?| ARRAY[#{names}]")
+  }
+  def status
+    @status ||= UserStatus.for_user(self)
+  end
+end