RubyGems - allowy - Versions diffs - 0.5.0 → 1.0.0 - Mend

allowy 0.5.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +34 -1
data/lib/allowy.rb +4 -2
data/lib/allowy/access_control.rb +20 -6
data/lib/allowy/version.rb +1 -1
data/spec/access_control_spec.rb +15 -5
data/spec/spec_helper.rb +4 -0
metadata +19 -19

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6226c1034c094d096ce0d675ece0e96742691b35
-  data.tar.gz: 7996daebd96790d93fdf834e5a31a6fd94757600
+  metadata.gz: 6e70d04247b27e11e8d0d39d0ce3ae32c2c873ad
+  data.tar.gz: d8d7186771b7dd8ce1176ce9fe082b9bf6fd205f
 SHA512:
-  metadata.gz: c3afa5620c56fee9b6d539542ea6a2e37019fe30f19e0dafe2fa04ede0b2dabfc994b5c8cb3782dc33f996db10ffe2aa77db7c3258e4dd73399f4cbfb8ebe417
-  data.tar.gz: d9237a944aba5343928381310eff16abd08369f8085067fa78fc037b0196ec6e497cfafebe5eddfdebdce50b93eefda92db7395a1e1be772f8420345386d6a3c
+  metadata.gz: 8c0870403d5852d0d0dbff52004ffec7fb88da6378fdefd81c60c73cfd366c104ebe964ecc1191f079712e99e054f21712cac19f5c5e270586d637028675ebf3
+  data.tar.gz: 9e571abf64019ca7aa3bcf5d1cb4bf344b142c1db220ca5de0522dd10d5e8bafbc2772ed369d4e8e1d94a3fbf460f9cfc99fe189cfaf2b5505fb032f7396660d

data/README.md CHANGED

@@ -130,6 +130,38 @@ end
 ```
+# Early termination
+If you have a pre-condition for any permission checks you can abort more complex logic by
+calling `deny!('my reason to deny')`.
+For example:
+```ruby
+class PageAccess < DefaultAccess
+  def view?(page)
+    deny!(:no_user) unless current_user
+    page and page.published? and domain_name =~ /^www\./i
+  end
+end
+```
+This is very similar to:
+```ruby
+class PageAccess < DefaultAccess
+  def view?(page)
+    return false unless current_user
+    page and page.published? and domain_name =~ /^www\./i
+  end
+end
+```
+Except that additional information on the exception will be available when calling `authorize!`.
+This information is available from the ` Allowy::AccessDenied#payload`.
 ## More comprehensive example
 You probably have multiple classes that you want to protect.
@@ -190,7 +222,8 @@ class PagesController < ApplicationController
   # Add this to the ApplicationController to handle it globally
   rescue_from Allowy::AccessDenied do |exception|
     logger.debug "Access denied on #{exception.action} #{exception.subject.inspect}"
-    redirect_to new_user_session_url, :alert => exception.message
+    redirect_to new_user_session_url if no_access.payload == :no_user
+    render('shared/no_permission', message: exception.message)
   end
 end
 ```

data/lib/allowy.rb CHANGED

@@ -1,3 +1,4 @@
+require 'active_support/core_ext'
 require 'active_support/concern'
 require 'active_support/inflector'
@@ -12,12 +13,13 @@ module Allowy
   class UndefinedAction < StandardError; end
   class AccessDenied < StandardError
-    attr_reader :action, :subject
+    attr_reader :action, :subject, :payload
-    def initialize(message, action, subject)
+    def initialize(message, action, subject, payload=nil)
       @message = message
       @action = action
       @subject = subject
+      @payload = payload
     end
   end
 end

data/lib/allowy/access_control.rb CHANGED

@@ -47,18 +47,32 @@ module Allowy
       @context = ctx
     end
-    def can?(action, *args)
-      m = "#{action}?"
-      raise UndefinedAction.new("The #{self.class.name} needs to have #{m} method. Please define it.") unless self.respond_to? m
-      send(m, *args)
+    def can?(action, subject, *params)
+      allowing, _ = check_permission(action, subject, *params)
+      allowing
     end
     def cannot?(*args)
       not can?(*args)
     end
-    def authorize!(*args)
-      raise AccessDenied.new("Not authorized", args.first, args[1]) unless can?(*args)
+    def authorize!(action, subject, *params)
+      allowing, payload = check_permission(action, subject, *params)
+      raise AccessDenied.new("Not authorized", action, subject, payload) if not allowing
+    end
+    def deny!(payload)
+      throw(:deny, payload)
+    end
+    private
+    def check_permission(action, subject, *params)
+      m = "#{action}?"
+      raise UndefinedAction.new("The #{self.class.name} needs to have #{m} method. Please define it.") unless self.respond_to? m
+      allowing = false
+      payload = catch(:deny) { allowing = send(m, subject, *params) }
+      [allowing, payload]
     end
   end

data/lib/allowy/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Allowy
-  VERSION = "0.5.0"
+  VERSION = "1.0.0"
 end

data/spec/access_control_spec.rb CHANGED

@@ -15,12 +15,12 @@ module Allowy
       end
     end
-    it "should allow" do
-      subject.should be_able_to :read, 'allow'
-    end
+    it { should be_able_to :read, 'allow' }
+    it { should_not be_able_to :read, 'deny' }
-    it "should deny" do
-      subject.should_not be_able_to :read, 'deny'
+    it "should deny with early termination" do
+      access.should_not be_able_to :early_deny, 'foo'
+      access.can?(:early_deny, 'xx').should == false
     end
     it "should raise if no permission defined" do
@@ -42,6 +42,16 @@ module Allowy
       it "should not raise error" do
         expect { subject.authorize! :read, 'allow' }.not_to raise_error
       end
+      it "should raise early termination error with payload" do
+        expect { subject.authorize! :early_deny, 'subject' }.to raise_error AccessDenied do |err|
+          err.message.should_not be_blank
+          err.action.should == :early_deny
+          err.subject.should == 'subject'
+          err.payload.should == 'early terminate: subject'
+        end
+      end
     end
   end

data/spec/spec_helper.rb CHANGED

@@ -14,6 +14,10 @@ class SampleAccess
     str == 'allow'
   end
+  def early_deny?(str)
+    deny! "early terminate: #{str}"
+  end
   def context_is_123?(*whatever)
     context === 123
   end

metadata CHANGED

@@ -1,97 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: allowy
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Dmytrii Nagirniak
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-02-26 00:00:00.000000000 Z
+date: 2014-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Allowy provides CanCan-like way of checking permission but doesn't enforce
@@ -102,8 +102,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
+- ".gitignore"
+- ".rspec"
 - Gemfile
 - Guardfile
 - README.md
@@ -131,17 +131,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: allowy
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key:
 specification_version: 4
 summary: Authorization with simplicity and explicitness in mind