allows 0.2.1

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/README.md

@@ -0,0 +1,6 @@
+[![Build Status](https://secure.travis-ci.org/zeto/allows.png)](http://travis-ci.org/zeto/allows)
+
+allows
+======
+
+Simple authorization library 

data/Rakefile

@@ -0,0 +1,18 @@
+require 'rake'
+require 'rake/testtask'
+
+task :default => [:test_units]
+
+desc "Run tests"
+Rake::TestTask.new("test_units") do |t|
+  t.pattern = 'test/*_test.rb'
+  t.verbose = true
+  t.warning = false
+end
+
+
+desc "Open an irb session"
+task :console do
+  sh "irb -I lib -r allows.rb"
+end
+

data/allows.gemspec

@@ -0,0 +1,17 @@
+Gem::Specification.new do |s|
+  s.name        = 'allows'
+  s.version     = '0.2.1'
+  s.date        = '2012-09-24'
+  s.summary     = "Simple Authorization library"
+  s.description = "Simple Authorization for Rails"
+  s.authors     = ["Jose Goncalves"]
+  s.email       = 'zetoeu@gmail.com'
+  s.homepage    = 'http://github.com/zeto/allows'
+  s.files = Dir["**/*"] - Dir["*.gem"] - ["Gemfile.lock"]
+
+  s.require_paths = ["lib"]  
+  s.add_dependency 'actionpack'
+  s.add_development_dependency "turn"
+  s.add_development_dependency "debugger"
+  s.add_development_dependency "rake"
+end

data/lib/allows.rb

@@ -0,0 +1,121 @@
+require 'action_controller'
+require 'exceptions'
+
+module Allows
+
+  def self.included(base)
+    base.extend(ClassMethods)
+
+    base.send :before_filter, :set_permissions
+    base.send :before_filter, :check_permissions
+    
+    class << base
+      attr_accessor :permissions
+      cattr_accessor :permission_checker
+    end
+
+    # set default permission_checker
+    base.permission_checker = :current_user
+  end
+
+  public  
+
+  def check_permissions
+    im_allowed = false
+
+    klass = self.class
+    if klass.permission_checker && respond_to?(klass.permission_checker)
+      if klass.permissions
+        permissions_for_action = klass.permissions[action_name.to_sym]
+        if permissions_for_action
+          permissions_for_action.each do |permission|
+            if assert_permission(permission)
+              im_allowed = true
+            end
+          end
+        else
+          # Can execute the action. No "allow" rule affects this action.
+          im_allowed = true
+        end
+      else
+        # Can execute any action. Controller does not declare any "allow" rule
+        im_allowed = true
+      end
+    else
+      raise NoPermissionChecker # Permission checker isnt defined, so no permissions can be validated
+    end
+    raise Unauthorized unless im_allowed
+  end
+
+  protected
+
+  def set_permissions
+    self.class.set_permissions # Call class method instead
+  end
+
+  private
+
+  def assert_permission(permission)
+    targetted_permission = /(?<method>.+)_of_(?<target>.+)/.match(permission.to_s)
+
+    # Permission is something like: allow reader_of_post (<permission>_of_<target>)
+    if targetted_permission && targetted_permission.captures.size == 2
+      raise NoInstanceVariable unless instance_variable_get("@#{targetted_permission[:target]}")
+      (self.send self.class.permission_checker).send "#{targetted_permission[:method]}?", instance_variable_get("@#{targetted_permission[:target]}")
+    else
+      (self.send self.class.permission_checker).send "#{permission.to_s}?"
+    end
+  end
+
+  module ClassMethods
+    def allow(*options, &block)
+      @allows ||= Array.new
+      @allows << options
+    end
+
+    def set_permissions
+      # Permissions are calculated only once per class for performance considerations
+      # This behaviour is overridden in development so permissions are always calculated
+      if (!@permissions && @allows) || (defined?(RAILS_ENV) && RAILS_ENV == 'development')
+        @permissions = Hash.new
+        
+        if @allows 
+          @allows.each do |p|
+            allowed = Hash.new
+            hash = p.select{|o| o.is_a?(Hash)}
+            
+            allowed[:permissions] = p - hash
+
+            actions = hash.first
+            if hash.first
+              allowed[:except] = actions[:except] 
+              allowed[:only] = actions[:only]
+            end
+
+            if allowed[:only]                               # Only for the specified actions
+              allowed_actions = Array(allowed[:only])
+            elsif allowed[:except]                          # All available actions EXCEPT the ones specified
+              allowed_actions = controller_actions - Array(allowed[:except])
+            else                                            # All available actions
+              allowed_actions = controller_actions
+            end
+
+            allowed_actions.each do |action|
+              @permissions[action.to_sym] = (Array(@permissions[action.to_sym]) + allowed[:permissions]).uniq
+            end
+          end
+        end
+      end
+    end
+
+    def clear_permissions
+      @permissions = nil
+    end
+
+    private
+
+    def controller_actions
+      (self.new.action_methods - ActionController::Base.new.action_methods).map {|am| am.to_sym} - [:check_permissions]
+    end
+  end
+end

data/lib/exceptions.rb

@@ -0,0 +1,14 @@
+class NoPermissionChecker < Exception
+end
+
+class NoDefinedPermissions < Exception
+end
+
+class NoPermissionDefinedForAction < Exception
+end
+
+class NoInstanceVariable < Exception
+end
+
+class Unauthorized < Exception
+end

data/test/allows_test.rb

@@ -0,0 +1,154 @@
+# -*- encoding : utf-8 -*-
+
+require 'minitest/autorun'
+require 'turn'
+require 'allows'
+require 'rubygems'
+#require 'action_pack'
+require 'action_controller'
+
+class AllowsTest < MiniTest::Unit::TestCase
+  def test_simple_permissions  
+    TestController.set_permissions
+    
+    assert TestController.permissions.count == 5
+
+    assert TestController.permissions[:index].include? :admin
+    refute TestController.permissions[:show].include? :gpd
+    assert TestController.permissions[:index].include? :dds
+  end
+
+  def test_complex_permissions
+    TestController.set_permissions
+
+    assert TestController.permissions.count == 5
+
+    assert TestController.permissions[:index].include? :a
+    assert TestController.permissions[:create].include? :b
+    assert TestController.permissions[:update].include? :c
+    
+    assert TestController.permissions[:create].include? :d
+    refute TestController.permissions[:index].include? :d
+    refute TestController.permissions[:new].include? :d
+    refute TestController.permissions[:show].include? :d
+
+    assert TestController.permissions[:create].include? :e
+    refute TestController.permissions[:index].include? :f
+  end
+
+  def test_must_not_include_nonexistant_action
+    TestController.set_permissions
+
+    refute TestController.permissions[:showw]
+    refute TestController.permissions[:accao_que_nao_existe]
+  end
+
+  def test_all_actions
+    TestController.set_permissions
+
+    assert TestController.permissions.count == 5
+
+    assert TestController.permissions.keys.include? :index
+    assert TestController.permissions.keys.include? :show
+    assert TestController.permissions.keys.include? :update
+    assert TestController.permissions.keys.include? :new
+    assert TestController.permissions.keys.include? :create
+  end
+
+  def test_generate_unauthorized
+    TestControllerNone.set_permissions
+
+    assert_raises Unauthorized do
+     TestControllerNone.new.check_permissions
+    end
+  end
+
+  def test_allow_that_depends_on_instance_variable
+    TestControllerComplex.set_permissions
+    
+    assert TestControllerComplex.permissions.count == 1
+
+    tcc = TestControllerComplex.new
+    tcc.instance_variable_set(:@requirement,RequirementStub.new)
+    tcc.instance_variable_set(:@post,3)
+
+    tcc.check_permissions
+  end
+
+end
+
+class TestController < ActionController::Base
+  include Allows
+
+  allow :admin
+  allow :gpd, :only => :index
+  allow :dds, :except => :show
+
+  allow :a, :b, :c
+  allow :d, :only => :create
+  allow :e, :f, :except => [:index, :update, :show]
+
+  def index; end
+  def show; end
+  def update; end
+  def new; end
+  def create; end
+
+  protected
+
+  def action_name; :show; end
+  def current_user; PermissionCheckerDeluxe.new; end
+  
+end
+
+class PermissionCheckerDeluxe
+  def admin?; true; end
+  def gpd?; true; end
+  def dds?; false; end
+  def a?; false; end
+  def b?; true; end
+  def c?; false; end
+  def d?; true; end
+  def e?; false; end
+  def f?; true; end
+end
+
+class TestControllerComplex < ActionController::Base
+  include Allows
+
+  allow :reader_of_requirement, :editor_of_post
+
+  def show; end
+
+  protected
+
+  def action_name; :show; end
+  def current_user; PermissionCheckerForRequirement.new; end
+end
+
+class PermissionCheckerForRequirement
+  def reader?(requirement); requirement.message == 'testing'; end
+  def editor?(post); post == 3; end
+end
+
+class RequirementStub
+  def message; 'testing'; end
+end
+
+class TestControllerNone < ActionController::Base
+  include Allows
+
+  allow :admin
+
+  def show; end
+
+  protected
+
+  def action_name; :show; end
+  def current_user; PermissionCheckerNone.new; end
+  
+end
+
+class PermissionCheckerNone
+  def admin?; false; end
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification
+name: allows
+version: !ruby/object:Gem::Version
+  version: 0.2.1
+  prerelease: 
+platform: ruby
+authors:
+- Jose Goncalves
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-09-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: turn
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: debugger
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple Authorization for Rails
+email: zetoeu@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/allows.rb
+- lib/exceptions.rb
+- test/allows_test.rb
+- Gemfile
+- allows.gemspec
+- Rakefile
+homepage: http://github.com/zeto/allows
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Simple Authorization library
+test_files: []