ae_declarative_authorization 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: 8e62642cf9fe998ece4ba143412287594b4a1d2f6e04dbc7f0eaf81a46f618ec
-  data.tar.gz: 1929dd4c3e60164a8ec16031a74e75f72737f0befbb989b5c9f17efc4f210f2c
+SHA1:
+  metadata.gz: 472752db4ce46f5b1874c430aa3e0125e8020742
+  data.tar.gz: cbcce0652438604b6b86fd640461ac5750382428
 SHA512:
-  metadata.gz: 0a5a7bbc9d574269bd472d9831b160fe5f41749a0353b9141139c956d53424d20c213bc4cd3570cb066e6fc19dde495a05c80f6d0eaaa320ad4536b71ebb8b22
-  data.tar.gz: f7f119805d0ebedabc85b981f0bca3fa11c46e2feebea0a51a114244c3d3bdf2007a8ec0c825d5d4d95b8833c1661d358a4a4c916a5ca7e02667e7dcb7312435
+  metadata.gz: 0f82c160fb05a04325589327eabbf04a81cee92a2a8609919aebd8f9d91394eb68aa5d8300f1fdd6fcc5a74f5ac1a581c8b023fb780e3ee0e3ad0774d0974d48
+  data.tar.gz: 458d39b82c4b55ca4c2d29b470cf82aea89d2040ef7a800fe58242eb5550038a8e9b7c66745ddd1ec36dbd19ca36dcb9790924e9e5d568125c8e026185e71df2

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    ae_declarative_authorization (0.8.0)
+    ae_declarative_authorization (0.9.0)
       blockenspiel (~> 0.5.0)
       rails (>= 4.2.5.2, < 6)
 
@@ -68,7 +68,7 @@ GEM
       nokogiri (>= 1.5.9)
     mail (2.7.0)
       mini_mime (>= 0.1.1)
-    marcel (0.3.2)
+    marcel (0.3.3)
       mimemagic (~> 0.3.2)
     metaclass (0.0.4)
     method_source (0.9.0)

data/README.md

@@ -1,6 +1,6 @@
 # Declarative Authorization
 
-The declarative authorization plugin offers an authorization mechanism inspired 
+The declarative authorization plugin offers an authorization mechanism inspired
 by _RBAC_. The most notable distinction to other authorization plugins is the
 declarative approach. That is, authorization rules are not defined
 programmatically in between business logic but in an authorization configuration.
@@ -25,7 +25,7 @@ Plugin features
 
 
 Requirements
-* An authentication mechanism 
+* An authentication mechanism
   * User object in Controller#current_user
   * (For model security) Setting Authorization.current_user
 * User objects need to respond to a method `:role_symbols` that returns an
@@ -85,7 +85,7 @@ authorization do
     # add permissions for guests here, e.g.
     # has_permission_on :conferences, :to => :read
   end
-  
+
   # permissions on other roles, such as
   # role :admin do
   #   has_permission_on :conferences, :to => :manage
@@ -157,12 +157,12 @@ Declarative Authorization will use `current_user` to check authorization.
                                 '-----------'   '---------'  '-----------'
 ```
 
-In the application domain, each *User* may be assigned to *Roles* that should 
-define the users' job in the application, such as _Administrator_. On the 
-right-hand side of this diagram, application developers specify which *Permissions* 
+In the application domain, each *User* may be assigned to *Roles* that should
+define the users' job in the application, such as _Administrator_. On the
+right-hand side of this diagram, application developers specify which *Permissions*
 are necessary for users to perform activities, such as calling a controller action,
 viewing parts of a View or acting on records in the database. Note that
-Permissions consist of an *Privilege* that is to be performed, such as _read_, 
+Permissions consist of an *Privilege* that is to be performed, such as _read_,
 and a *Context* in that the Operation takes place, such as _companies_.
 
 In the authorization configuration, Permissions are assigned to Roles and Role
@@ -192,7 +192,7 @@ class EmployeesController < ApplicationController
 end
 ```
 
-See `Authorization::AuthorizationInController::ClassMethods` for options on
+See `Authorization::Controller::DSL` for options on
 nested resources and custom member and collection actions.
 
 By default, Declarative Authorization will enable `filter_resource_access` compatibility with `strong_parameters`.
@@ -237,7 +237,7 @@ end
 ```
 
 For some actions it might be necessary to check certain attributes of the
-object the action is to be acting on. Then, the object needs to be loaded 
+object the action is to be acting on. Then, the object needs to be loaded
 before the action's access control is evaluated. On the other hand, some actions
 might prefer the authorization to ignore specific attribute checks as the object is
 unknown at checking time, so attribute checks and thus automatic loading of
@@ -275,9 +275,9 @@ end
 
 If the access is denied, a `permission_denied` method is called on the
 current_controller, if defined, and the issue is logged.
-For further customization of the filters and object loading, have a look at 
-the complete API documentation of `filter_access_to` in 
-`Authorization::AuthorizationInController::ClassMethods`.
+For further customization of the filters and object loading, have a look at
+the complete API documentation of `filter_access_to` in
+`Authorization::Controller::DSL`.
 
 
 ## Views
@@ -337,8 +337,8 @@ end
 Thus,
     `Employee.create(...)`
 fails, if the current user is not allowed to `:create` `:employees` according
-to the authorization rules. For the application to find out about what 
-happened if an operation is denied, the filters throw 
+to the authorization rules. For the application to find out about what
+happened if an operation is denied, the filters throw
 `Authorization::NotAuthorized` exceptions.
 
 As access control on read are costly, with possibly lots of objects being
@@ -366,8 +366,8 @@ the usual find method:
 Employee.with_permissions_to(:read).find(:all, :conditions => ...)
 ```
 
-If the current user is completely missing the permissions, an 
-`Authorization::NotAuthorized` exception is raised. Through 
+If the current user is completely missing the permissions, an
+`Authorization::NotAuthorized` exception is raised. Through
 `Model.obligation_conditions`, application developers may retrieve
 the conditions for manual rewrites.
 
@@ -422,9 +422,9 @@ privileges do
   privilege :manage, :employees, :includes => :increase_salary
 end
 ```
-For more complex use cases, authorizations need to be based on attributes. Note 
+For more complex use cases, authorizations need to be based on attributes. Note
 that you then also need to set `:attribute_check => true` in controllers for `filter_access_to`.
-E.g. if a branch admin should manage only employees of his branch (see 
+E.g. if a branch admin should manage only employees of his branch (see
 `Authorization::Reader` in the API docs for a full list of available operators):
 
 ```ruby
@@ -510,7 +510,7 @@ class EmployeeTest < ActiveSupport::TestCase
   end
 end
 ```
-    
+
 Or, with RSpec, it would work like this:
 
 ```ruby
@@ -540,7 +540,7 @@ See `Authorization::TestHelper` for more information.
 ## Providing the Plugin's Requirements
 The requirements are
 * Rails >= 4.2.5.2 and Ruby >= 2.1.x
-* An authentication mechanism 
+* An authentication mechanism
 * A user object returned by Controller#current_user
 * An array of role symbols returned by User#role_symbols
 * (For model security) Setting Authorization.current_user to the request's user
@@ -553,7 +553,7 @@ restful_authentication.
    cd ../.. && ruby script/generate authenticated user sessions
 * Move "include AuthenticatedSystem" to ApplicationController
 * Add +filter_access_to+ calls as described above.
-* If you'd like to use model security, add a before_action that sets the user 
+* If you'd like to use model security, add a before_action that sets the user
   globally to your ApplicationController. This is thread-safe.
    before_action :set_current_user
    protected
@@ -562,9 +562,9 @@ restful_authentication.
    end
 
 * Add roles field to the User model through a :+has_many+ association
-  (this is just one possible approach; you could just as easily use 
+  (this is just one possible approach; you could just as easily use
   :+has_many+ :+through+ or a serialized roles array):
-  * create a migration for table roles 
+  * create a migration for table roles
 
      class CreateRoles < ActiveRecord::Migration
        def self.up
@@ -584,7 +584,7 @@ restful_authentication.
        belongs_to :user
      end
 
-  * add +has_many+ :+roles+ to the User model and a roles method that returns the roles 
+  * add +has_many+ :+roles+ to the User model and a roles method that returns the roles
     as an Array of Symbols, e.g.
      class User < ActiveRecord::Base
        has_many :roles

data/README.rdoc

@@ -1,6 +1,6 @@
 = Declarative Authorization
 
-The declarative authorization plugin offers an authorization mechanism inspired 
+The declarative authorization plugin offers an authorization mechanism inspired
 by _RBAC_.  The most notable distinction to other authorization plugins is the
 declarative approach.  That is, authorization rules are not defined
 programmatically in between business logic but in an authorization configuration.
@@ -25,7 +25,7 @@ Plugin features
 
 
 Requirements
-* An authentication mechanism 
+* An authentication mechanism
   * User object in Controller#current_user
   * (For model security) Setting Authorization.current_user
 * User objects need to respond to a method :role_symbols that returns an
@@ -83,7 +83,7 @@ at the end of this README if you do not use the above installer.
         # add permissions for guests here, e.g.
         # has_permission_on :conferences, :to => :read
       end
-      
+
       # permissions on other roles, such as
       # role :admin do
       #   has_permission_on :conferences, :to => :manage
@@ -147,12 +147,12 @@ Declarative Authorization will use +current_user+ to check authorization.
                                  | Privilege |   | Context |  | Attribute |
                                  '-----------'   '---------'  '-----------'
 
-In the application domain, each *User* may be assigned to *Roles* that should 
-define the users' job in the application, such as _Administrator_.  On the 
-right-hand side of this diagram, application developers specify which *Permissions* 
+In the application domain, each *User* may be assigned to *Roles* that should
+define the users' job in the application, such as _Administrator_.  On the
+right-hand side of this diagram, application developers specify which *Permissions*
 are necessary for users to perform activities, such as calling a controller action,
 viewing parts of a View or acting on records in the database.  Note that
-Permissions consist of an *Privilege* that is to be performed, such as _read_, 
+Permissions consist of an *Privilege* that is to be performed, such as _read_,
 and a *Context* in that the Operation takes place, such as _companies_.
 
 In the authorization configuration, Permissions are assigned to Roles and Role
@@ -180,7 +180,7 @@ filter_access_to with the appropriate parameters to protect the CRUD methods.
       ...
     end
 
-See Authorization::AuthorizationInController::ClassMethods for options on
+See Authorization::Controller::DSL for options on
 nested resources and custom member and collection actions.
 
 By default, declarative_authorization will enable filter_resource_access compatibility with strong_parameters in Rails 4.  If you want to disable this behavior, you can use the +:strong_parameters+ option.
@@ -223,7 +223,7 @@ filter_access_to call may become more verbose:
     end
 
 For some actions it might be necessary to check certain attributes of the
-object the action is to be acting on.  Then, the object needs to be loaded 
+object the action is to be acting on.  Then, the object needs to be loaded
 before the action's access control is evaluated.  On the other hand, some actions
 might prefer the authorization to ignore specific attribute checks as the object is
 unknown at checking time, so attribute checks and thus automatic loading of
@@ -257,9 +257,9 @@ sure, your before_actions occur before any of the filter_access_to calls.
 
 If the access is denied, a +permission_denied+ method is called on the
 current_controller, if defined, and the issue is logged.
-For further customization of the filters and object loading, have a look at 
-the complete API documentation of filter_access_to in 
-Authorization::AuthorizationInController::ClassMethods.
+For further customization of the filters and object loading, have a look at
+the complete API documentation of filter_access_to in
+Authorization::Controller::DSL.
 
 
 == Views
@@ -310,8 +310,8 @@ model that model security should be enforced on, i.e.
 Thus,
     Employee.create(...)
 fails, if the current user is not allowed to :create :employees according
-to the authorization rules.  For the application to find out about what 
-happened if an operation is denied, the filters throw 
+to the authorization rules.  For the application to find out about what
+happened if an operation is denied, the filters throw
 Authorization::NotAuthorized exceptions.
 
 As access control on read are costly, with possibly lots of objects being
@@ -333,8 +333,8 @@ the usual find method:
 
     Employee.with_permissions_to(:read).find(:all, :conditions => ...)
 
-If the current user is completely missing the permissions, an 
-Authorization::NotAuthorized exception is raised.  Through 
+If the current user is completely missing the permissions, an
+Authorization::NotAuthorized exception is raised.  Through
 Model.obligation_conditions, application developers may retrieve
 the conditions for manual rewrites.
 
@@ -382,9 +382,9 @@ Privilege hierarchies may be context-specific, e.g. applicable to :employees.
       privilege :manage, :employees, :includes => :increase_salary
     end
 
-For more complex use cases, authorizations need to be based on attributes.  Note 
+For more complex use cases, authorizations need to be based on attributes.  Note
 that you then also need to set :attribute_check => true in controllers for filter_access_to.
-E.g. if a branch admin should manage only employees of his branch (see 
+E.g. if a branch admin should manage only employees of his branch (see
 Authorization::Reader in the API docs for a full list of available operators):
 
     authorization do
@@ -458,7 +458,7 @@ setup and assume certain identities for tests:
         end
       end
     end
-    
+
 Or, with RSpec, it would work like this:
 
   describe Employee do
@@ -493,17 +493,17 @@ One of three options to install the plugin:
 * Alternatively, in Rails 2, to install from github, execute in your application's root directory
     cd vendor/plugins && git clone git://github.com/stffn/declarative_authorization.git
 
-Then, 
-* provide the requirements as noted below, 
-* create a basic config/authorization_rules.rb--you might want to take the 
-  provided example authorization_rules.dist.rb in the plugin root as a starting 
-  point, 
+Then,
+* provide the requirements as noted below,
+* create a basic config/authorization_rules.rb--you might want to take the
+  provided example authorization_rules.dist.rb in the plugin root as a starting
+  point,
 * add +filter_access_to+, +permitted_to+? and model security as needed.
 
 == Providing the Plugin's Requirements
 The requirements are
 * Rails >= 4.2.5.2 and Ruby >= 2.3.3
-* An authentication mechanism 
+* An authentication mechanism
 * A user object returned by Controller#current_user
 * An array of role symbols returned by User#role_symbols
 * (For model security) Setting Authorization.current_user to the request's user
@@ -516,7 +516,7 @@ restful_authentication.
    cd ../.. && ruby script/generate authenticated user sessions
 * Move "include AuthenticatedSystem" to ApplicationController
 * Add +filter_access_to+ calls as described above.
-* If you'd like to use model security, add a before_action that sets the user 
+* If you'd like to use model security, add a before_action that sets the user
   globally to your ApplicationController.  This is thread-safe.
    before_action :set_current_user
    protected
@@ -525,9 +525,9 @@ restful_authentication.
    end
 
 * Add roles field to the User model through a :+has_many+ association
-  (this is just one possible approach; you could just as easily use 
+  (this is just one possible approach; you could just as easily use
   :+has_many+ :+through+ or a serialized roles array):
-  * create a migration for table roles 
+  * create a migration for table roles
      class CreateRoles < ActiveRecord::Migration
        def self.up
          create_table "roles" do |t|
@@ -546,7 +546,7 @@ restful_authentication.
        belongs_to :user
      end
 
-  * add +has_many+ :+roles+ to the User model and a roles method that returns the roles 
+  * add +has_many+ :+roles+ to the User model and a roles method that returns the roles
     as an Array of Symbols, e.g.
      class User < ActiveRecord::Base
        has_many :roles

data/gemfiles/rails4252.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    ae_declarative_authorization (0.7.1)
+    ae_declarative_authorization (0.8.0)
       blockenspiel (~> 0.5.0)
       rails (>= 4.2.5.2, < 6)
 
@@ -48,15 +48,32 @@ GEM
       rake
       thor (>= 0.14.0)
     arel (6.0.4)
+    axiom-types (0.1.1)
+      descendants_tracker (~> 0.0.4)
+      ice_nine (~> 0.11.0)
+      thread_safe (~> 0.3, >= 0.3.1)
     blockenspiel (0.5.0)
     builder (3.2.3)
+    coercible (1.0.0)
+      descendants_tracker (~> 0.0.1)
     concurrent-ruby (1.0.5)
     crass (1.0.4)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    equalizer (0.0.11)
     erubis (2.7.0)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
+    grape (1.1.0)
+      activesupport
+      builder
+      mustermann-grape (~> 1.0.0)
+      rack (>= 1.3.0)
+      rack-accept
+      virtus (>= 1.0.0)
     i18n (0.9.5)
       concurrent-ruby (~> 1.0)
+    ice_nine (0.11.2)
     json (1.8.6)
     loofah (2.2.2)
       crass (~> 1.0.2)
@@ -69,9 +86,14 @@ GEM
     minitest (5.11.3)
     mocha (1.7.0)
       metaclass (~> 0.0.1)
+    mustermann (1.0.3)
+    mustermann-grape (1.0.0)
+      mustermann (~> 1.0.0)
     nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
     rack (1.6.10)
+    rack-accept (0.4.5)
+      rack (>= 0.4)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (4.2.5.2)
@@ -111,6 +133,11 @@ GEM
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
+    virtus (1.0.5)
+      axiom-types (~> 0.1)
+      coercible (~> 1.0)
+      descendants_tracker (~> 0.0, >= 0.0.3)
+      equalizer (~> 0.0, >= 0.0.9)
 
 PLATFORMS
   ruby
@@ -118,6 +145,7 @@ PLATFORMS
 DEPENDENCIES
   ae_declarative_authorization!
   appraisal (~> 2.1)
+  grape
   mocha (~> 1.0)
   rails (= 4.2.5.2)
   sqlite3

data/gemfiles/rails4271.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    ae_declarative_authorization (0.7.1)
+    ae_declarative_authorization (0.8.0)
       blockenspiel (~> 0.5.0)
       rails (>= 4.2.5.2, < 6)
 
@@ -123,4 +123,4 @@ DEPENDENCIES
   sqlite3
 
 BUNDLED WITH
-   1.16.3
+   1.16.5

data/gemfiles/rails507.gemfile

@@ -7,5 +7,6 @@ gem "mocha", "~> 1.0", require: false
 gem "sqlite3"
 gem "rails", "5.0.7"
 gem "rails-controller-testing"
+gem 'grape', "~> 1.1"
 
 gemspec path: "../"

data/gemfiles/rails507.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: ..
   specs:
-    ae_declarative_authorization (0.7.1)
+    ae_declarative_authorization (0.8.0)
       blockenspiel (~> 0.5.0)
       rails (>= 4.2.5.2, < 6)
 
@@ -50,15 +50,32 @@ GEM
       rake
       thor (>= 0.14.0)
     arel (7.1.4)
+    axiom-types (0.1.1)
+      descendants_tracker (~> 0.0.4)
+      ice_nine (~> 0.11.0)
+      thread_safe (~> 0.3, >= 0.3.1)
     blockenspiel (0.5.0)
     builder (3.2.3)
+    coercible (1.0.0)
+      descendants_tracker (~> 0.0.1)
     concurrent-ruby (1.0.5)
     crass (1.0.4)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    equalizer (0.0.11)
     erubis (2.7.0)
     globalid (0.4.1)
       activesupport (>= 4.2.0)
+    grape (1.1.0)
+      activesupport
+      builder
+      mustermann-grape (~> 1.0.0)
+      rack (>= 1.3.0)
+      rack-accept
+      virtus (>= 1.0.0)
     i18n (1.1.0)
       concurrent-ruby (~> 1.0)
+    ice_nine (0.11.2)
     loofah (2.2.2)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
@@ -68,13 +85,18 @@ GEM
     method_source (0.9.0)
     mini_mime (1.0.1)
     mini_portile2 (2.3.0)
-    minitest (5.8.5)
+    minitest (5.11.3)
     mocha (1.7.0)
       metaclass (~> 0.0.1)
+    mustermann (1.0.3)
+    mustermann-grape (1.0.0)
+      mustermann (~> 1.0.0)
     nio4r (2.3.1)
     nokogiri (1.8.4)
       mini_portile2 (~> 2.3.0)
     rack (2.0.5)
+    rack-accept (0.4.5)
+      rack (>= 0.4)
     rack-test (0.6.3)
       rack (>= 1.0)
     rails (5.0.7)
@@ -117,6 +139,11 @@ GEM
     thread_safe (0.3.6)
     tzinfo (1.2.5)
       thread_safe (~> 0.1)
+    virtus (1.0.5)
+      axiom-types (~> 0.1)
+      coercible (~> 1.0)
+      descendants_tracker (~> 0.0, >= 0.0.3)
+      equalizer (~> 0.0, >= 0.0.9)
     websocket-driver (0.6.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.3)
@@ -127,6 +154,7 @@ PLATFORMS
 DEPENDENCIES
   ae_declarative_authorization!
   appraisal (~> 2.1)
+  grape (~> 1.1)
   mocha (~> 1.0)
   rails (= 5.0.7)
   rails-controller-testing