allowy 0.5.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6226c1034c094d096ce0d675ece0e96742691b35
-  data.tar.gz: 7996daebd96790d93fdf834e5a31a6fd94757600
+  metadata.gz: 6e70d04247b27e11e8d0d39d0ce3ae32c2c873ad
+  data.tar.gz: d8d7186771b7dd8ce1176ce9fe082b9bf6fd205f
 SHA512:
-  metadata.gz: c3afa5620c56fee9b6d539542ea6a2e37019fe30f19e0dafe2fa04ede0b2dabfc994b5c8cb3782dc33f996db10ffe2aa77db7c3258e4dd73399f4cbfb8ebe417
-  data.tar.gz: d9237a944aba5343928381310eff16abd08369f8085067fa78fc037b0196ec6e497cfafebe5eddfdebdce50b93eefda92db7395a1e1be772f8420345386d6a3c
+  metadata.gz: 8c0870403d5852d0d0dbff52004ffec7fb88da6378fdefd81c60c73cfd366c104ebe964ecc1191f079712e99e054f21712cac19f5c5e270586d637028675ebf3
+  data.tar.gz: 9e571abf64019ca7aa3bcf5d1cb4bf344b142c1db220ca5de0522dd10d5e8bafbc2772ed369d4e8e1d94a3fbf460f9cfc99fe189cfaf2b5505fb032f7396660d

data/README.md

@@ -130,6 +130,38 @@ end
 
 ```
 
+# Early termination
+
+If you have a pre-condition for any permission checks you can abort more complex logic by
+calling `deny!('my reason to deny')`.
+
+For example:
+
+```ruby
+class PageAccess < DefaultAccess
+  def view?(page)
+    deny!(:no_user) unless current_user
+    page and page.published? and domain_name =~ /^www\./i
+  end
+end
+```
+
+This is very similar to:
+
+```ruby
+class PageAccess < DefaultAccess
+  def view?(page)
+    return false unless current_user
+    page and page.published? and domain_name =~ /^www\./i
+  end
+end
+```
+
+Except that additional information on the exception will be available when calling `authorize!`.
+
+This information is available from the ` Allowy::AccessDenied#payload`.
+
+
 ## More comprehensive example
 
 You probably have multiple classes that you want to protect.
@@ -190,7 +222,8 @@ class PagesController < ApplicationController
   # Add this to the ApplicationController to handle it globally
   rescue_from Allowy::AccessDenied do |exception|
     logger.debug "Access denied on #{exception.action} #{exception.subject.inspect}"
-    redirect_to new_user_session_url, :alert => exception.message
+    redirect_to new_user_session_url if no_access.payload == :no_user
+    render('shared/no_permission', message: exception.message)
   end
 end
 ```

data/lib/allowy.rb

@@ -1,3 +1,4 @@
+require 'active_support/core_ext'
 require 'active_support/concern'
 require 'active_support/inflector'
 
@@ -12,12 +13,13 @@ module Allowy
   class UndefinedAction < StandardError; end
 
   class AccessDenied < StandardError
-    attr_reader :action, :subject
+    attr_reader :action, :subject, :payload
 
-    def initialize(message, action, subject)
+    def initialize(message, action, subject, payload=nil)
       @message = message
       @action = action
       @subject = subject
+      @payload = payload
     end
   end
 end

data/lib/allowy/access_control.rb

@@ -47,18 +47,32 @@ module Allowy
       @context = ctx
     end
 
-    def can?(action, *args)
-      m = "#{action}?"
-      raise UndefinedAction.new("The #{self.class.name} needs to have #{m} method. Please define it.") unless self.respond_to? m
-      send(m, *args)
+    def can?(action, subject, *params)
+      allowing, _ = check_permission(action, subject, *params)
+      allowing
     end
 
     def cannot?(*args)
       not can?(*args)
     end
 
-    def authorize!(*args)
-      raise AccessDenied.new("Not authorized", args.first, args[1]) unless can?(*args)
+    def authorize!(action, subject, *params)
+      allowing, payload = check_permission(action, subject, *params)
+      raise AccessDenied.new("Not authorized", action, subject, payload) if not allowing
+    end
+
+    def deny!(payload)
+      throw(:deny, payload)
+    end
+
+    private
+
+    def check_permission(action, subject, *params)
+      m = "#{action}?"
+      raise UndefinedAction.new("The #{self.class.name} needs to have #{m} method. Please define it.") unless self.respond_to? m
+      allowing = false
+      payload = catch(:deny) { allowing = send(m, subject, *params) }
+      [allowing, payload]
     end
   end
 

data/lib/allowy/version.rb

@@ -1,3 +1,3 @@
 module Allowy
-  VERSION = "0.5.0"
+  VERSION = "1.0.0"
 end

data/spec/access_control_spec.rb

@@ -15,12 +15,12 @@ module Allowy
       end
     end
 
-    it "should allow" do
-      subject.should be_able_to :read, 'allow'
-    end
+    it { should be_able_to :read, 'allow' }
+    it { should_not be_able_to :read, 'deny' }
 
-    it "should deny" do
-      subject.should_not be_able_to :read, 'deny'
+    it "should deny with early termination" do
+      access.should_not be_able_to :early_deny, 'foo'
+      access.can?(:early_deny, 'xx').should == false
     end
 
     it "should raise if no permission defined" do
@@ -42,6 +42,16 @@ module Allowy
       it "should not raise error" do
         expect { subject.authorize! :read, 'allow' }.not_to raise_error
       end
+
+      it "should raise early termination error with payload" do
+        expect { subject.authorize! :early_deny, 'subject' }.to raise_error AccessDenied do |err|
+          err.message.should_not be_blank
+          err.action.should == :early_deny
+          err.subject.should == 'subject'
+          err.payload.should == 'early terminate: subject'
+        end
+      end
+
     end
 
   end

data/spec/spec_helper.rb

@@ -14,6 +14,10 @@ class SampleAccess
     str == 'allow'
   end
 
+  def early_deny?(str)
+    deny! "early terminate: #{str}"
+  end
+
   def context_is_123?(*whatever)
     context === 123
   end

metadata

@@ -1,97 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: allowy
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Dmytrii Nagirniak
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-26 00:00:00.000000000 Z
+date: 2014-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: i18n
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '3.2'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: guard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Allowy provides CanCan-like way of checking permission but doesn't enforce
@@ -102,8 +102,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
+- ".gitignore"
+- ".rspec"
 - Gemfile
 - Guardfile
 - README.md
@@ -131,17 +131,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: allowy
-rubygems_version: 2.0.3
+rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: Authorization with simplicity and explicitness in mind