apiphobic-authorization 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b495a30be17fcd8a76aac415fcbf6d98e56f074c782fb8b97da5485ef5c87117
+  data.tar.gz: 4540fba22161f2ca8169e8daad77c4c868911e33a1792d58fb1bf66df66d1e35
+SHA512:
+  metadata.gz: 3fdbe8d14d7a0cc433d73c71a2292470ff50a13182681a0f56d18959944393a8884027367ef19518027c843daa66cf9344ec22e5648d64d8f2526a9b71d1090d
+  data.tar.gz: 2c9a91ca38d27f3b78ee561481c12c4aeed6f920e77e19ac96b8e348f37575f93e362a4cbb1285e4adb0dc7a50bc634fc6a1b74b31d17b6120b06ff41afab952

data/LICENSE.txt

@@ -0,0 +1,19 @@
+Copyright (c) 2010-2016 The Kompanee, Ltd
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,35 @@
+# Authorization
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/authorization`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'authorization'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install authorization
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/jfelchner/authorization.

data/lib/apiphobic-authorization.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'apiphobic/authorization/version'

data/lib/apiphobic/authorization/authorizable_resource.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require 'apple_core/action_controller/resource_naming'
+require 'apiphobic/resource/model'
+
+module  Apiphobic
+module  Authorization
+module  Resource
+  RESOURCE_COLLECTION_ACTIONS = %w{index}.freeze
+
+  module ClassMethods
+    def authorizer_class
+      @authorizer_class ||= Object.const_get(authorizer_class_name)
+    end
+
+    def authorizer_parameters_class
+      @authorizer_parameters_class ||= \
+        Object.const_get(authorizer_class_name('Parameters'))
+    end
+
+    def authorizer_scope_class
+      @authorizer_scope_class ||= Object.const_get(authorizer_class_name('Scope'))
+    end
+
+    def authorized_scope_root_class
+      @authorized_scope_root_class ||= Object.const_get(singular_resource_class_name)
+    end
+
+    def authorizer_class_components(type = nil)
+      [
+        name_components['root_module'],
+        'Authorizers',
+        resource_name,
+        type,
+      ]
+        .compact
+    end
+
+    def authorizer_class_name(type = nil)
+      authorizer_class_components(type).join('::')
+    end
+  end
+
+  def self.included(base)
+    base.include AppleCore::ActionController::ResourceNaming
+    base.extend  ClassMethods
+
+    base.before_action :authorize
+  end
+
+  private
+
+  def authorize
+    return if authorizer.public_send(authorization_query)
+
+    Erratum.fail(
+      'ForbiddenError',
+      resource_name: self.class.singular_resource_name,
+      resource_id:   [params[:id]],
+      action:        action_name,
+    )
+  end
+
+  def authorized_parameters
+    @authorized_parameters ||= authorizer_parameters_class
+                                 .new(action:     action_name,
+                                      token:      token,
+                                      user:       authorized_user,
+                                      issuer:     authorized_issuer,
+                                      parameters: params)
+                                 .call
+  end
+
+  def authorized_scope
+    @authorized_scope ||= self
+                            .class
+                            .authorizer_scope_class
+                            .new(action:     action_name,
+                                 token:      token,
+                                 user:       authorized_user,
+                                 issuer:     authorized_issuer,
+                                 parameters: authorized_parameters,
+                                 scope_root: authorized_scope_root_class)
+                            .call
+  end
+
+  def authorized_attributes
+    @authorized_attributes ||= Authorization::Transformers::JsonApiToRailsAttributes
+                                 .new(parameters: authorized_parameters.slice(:data))
+                                 .call
+  end
+
+  def authorizer
+    @authorizer ||= self
+                      .class
+                      .authorizer_class
+                      .new(action:     action_name,
+                           token:      token,
+                           user:       authorized_user,
+                           issuer:     authorized_issuer,
+                           parameters: authorized_parameters,
+                           resource:   authorized_resource)
+  end
+
+  def authorized_resource
+    return if RESOURCE_COLLECTION_ACTIONS.include?(action_name)
+
+    @authorized_resource ||= public_send(self.class.singular_resource_name)
+  end
+
+  def authorized_collection
+    return unless RESOURCE_COLLECTION_ACTIONS.include?(action_name)
+
+    @authorized_collection ||= \
+      Resource::Model
+        .new(resource:   public_send(self.class.plural_resource_name),
+             parameters: authorized_parameters)
+  end
+
+  def authorized_user
+    current_user
+  end
+
+  def authorized_issuer
+    current_issuer
+  end
+
+  def authorization_query
+    @authorization_query ||= "able_to_#{action_name}?"
+  end
+end
+end
+end

data/lib/apiphobic/authorization/authorizer.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module  Apiphobic
+module  Authorization
+class   Authorizer
+  attr_accessor :action,
+                :token,
+                :user,
+                :params,
+                :resource
+
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(action:, token:, user:, issuer:, params:, resource:, **other)
+    self.action   = action
+    self.token    = token
+    self.user     = user
+    self.params   = params
+    self.resource = resource
+
+    other.each do |name, value|
+      public_send("#{name}=", value)
+    end
+  end
+  # rubocop:enable Metrics/ParameterLists
+
+  def able_to_index?
+    false
+  end
+
+  def able_to_show?
+    false
+  end
+
+  def able_to_create?
+    false
+  end
+
+  def able_to_update?
+    false
+  end
+
+  def able_to_destroy?
+    false
+  end
+end
+end
+end

data/lib/apiphobic/authorization/authorizers/parameters.rb

@@ -0,0 +1,282 @@
+# frozen_string_literal: true
+
+require 'apiphobic/errors/unpermitted_inclusions'
+require 'apiphobic/errors/unpermitted_sorts'
+
+# rubocop:disable Metrics/ClassLength
+module  Apiphobic
+module  Authorization
+module  Authorizers
+class   Parameters
+  JSON_API_PARAMETERS = %i{include sort page data filter}.freeze
+
+  attr_accessor :action,
+                :token,
+                :user,
+                :raw_parameters
+
+  attr_writer   :authorized_attributes,
+                :authorized_filters,
+                :authorized_inclusions,
+                :authorized_relationships,
+                :authorized_sorts
+
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(action:, token:, user:, issuer:, parameters:, **other)
+    self.action         = action
+    self.token          = token
+    self.user           = user
+    self.raw_parameters = parameters.slice(*JSON_API_PARAMETERS)
+
+    other.each do |name, value|
+      public_send("#{name}=", value)
+    end
+  end
+  # rubocop:enable Metrics/ParameterLists
+
+  def authorized_attributes
+    @authorized_attributes || []
+  end
+
+  def authorized_filters
+    @authorized_filters || []
+  end
+
+  def authorized_inclusions
+    @authorized_inclusions || []
+  end
+
+  def authorized_relationships
+    @authorized_relationships || []
+  end
+
+  def authorized_sorts
+    @authorized_sorts || []
+  end
+
+  def call
+    authorized_attributes.each do |attribute|
+      attribute = { name: attribute } unless attribute.is_a?(::Hash)
+
+      authorize_attribute(**attribute)
+    end
+
+    authorized_filters.each do |filter|
+      filter = { name: filter } unless filter.is_a?(::Hash)
+
+      authorize_filter(**filter)
+    end
+
+    authorized_relationships.each do |name|
+      name = { name: name } unless name.is_a?(::Hash)
+
+      authorize_relationship(**name)
+    end
+
+    authorize_inclusions(names: authorized_inclusions)
+    authorize_sorts(names: authorized_sorts)
+
+    raw_parameters.permit(*authorized_parameters)
+  end
+
+  private
+
+  def authorized_parameters
+    @authorized_parameters ||= [
+                                 {
+                                   data:   [
+                                             :type,
+                                             :id,
+                                             {
+                                               attributes:    nil,
+                                               relationships: nil,
+                                             },
+                                           ],
+                                   filter: nil,
+                                   page:   %i{
+                                             number
+                                             size
+                                             offset
+                                             limit
+                                             cursor
+                                           },
+                                 },
+                               ]
+  end
+
+  def authorize_attribute(**args)
+    authorize_parameter(value:                 raw_parameter_attribute_value(args[:name]),
+                        authorized_parameters: authorized_parameter_attributes,
+                        raw_parameters:        raw_parameter_attributes,
+                        **args)
+  end
+
+  def authorize_filter(**args)
+    authorize_parameter(value:                 raw_parameter_filter_value(args[:name]),
+                        authorized_parameters: authorized_parameter_filters,
+                        raw_parameters:        raw_parameter_filters,
+                        **args)
+  end
+
+  def authorize_inclusions(names:)
+    return if names.empty?
+
+    all_requested_inclusions_authorized = raw_parameter_inclusions
+                                            .to_s
+                                            .split(',')
+                                            .all? do |inclusion|
+                                              names.map(&:to_s).include?(inclusion.to_s)
+                                            end
+
+    fail Errors::UnpermittedInclusions.new(inclusions: raw_parameter_inclusions) \
+      unless all_requested_inclusions_authorized
+
+    authorized_parameters << :include
+  end
+
+  def authorize_sorts(names:)
+    return if names.empty?
+
+    all_requested_sorts_authorized = raw_parameter_sorts
+                                       .to_s
+                                       .delete('-')
+                                       .split(',')
+                                       .all? do |sort|
+                                         names.map(&:to_s).include?(sort.to_s)
+                                       end
+
+    fail Errors::UnpermittedSorts.new(sorts: raw_parameter_sorts) \
+      unless all_requested_sorts_authorized
+
+    authorized_parameters << :sort
+  end
+
+  def authorize_parameter(name:,
+                          value:,
+                          authorized_parameters:,
+                          raw_parameters:,
+                          override: { with: nil, if_admin: false, if_blank: false })
+
+    value = override_parameter(name:     name,
+                               value:    value,
+                               hash:     raw_parameters,
+                               override: override)
+
+    if value.class == ::Array
+      authorized_parameters[0][name] = []
+    else
+      authorized_parameters << name
+    end
+  end
+
+  def authorize_relationship(name:, embedded_attributes: [])
+    relationship_data = raw_parameter_relationship_data(name)
+    to_many_relation  = relationship_data.is_a?(::Array)
+    first_relation    = if to_many_relation
+                          relationship_data[0]
+                        else
+                          relationship_data || {}
+                        end
+    embedded_relation = first_relation[:attributes]
+
+    authorized_parameter_relationships[name] = if relationship_data.nil?
+                                                 [:data]
+                                               elsif embedded_relation
+                                                 {
+                                                   data: [
+                                                           :id,
+                                                           :type,
+                                                           {
+                                                             attributes: %i{__id__} +
+                                                             embedded_attributes,
+                                                           },
+                                                         ],
+                                                 }
+                                               else
+                                                 { data: %i{type id} }
+                                               end
+  end
+
+  def override_parameter(name:, value:, hash:, override:)
+    return value unless override[:with] &&
+                        (!token.admin? || override[:if_admin]) &&
+                        (!value.nil?   || override[:if_blank])
+
+    hash[name] = override[:with]
+
+    override[:with]
+  end
+
+  def authorized_data_parameter
+    authorized_parameters[0][:data][2]
+  end
+
+  def authorized_parameter_attributes
+    authorized_data_parameter[:attributes] ||= [{}]
+  end
+
+  def authorized_parameter_relationships
+    authorized_data_parameter[:relationships] ||= {}
+  end
+
+  def authorized_parameter_filters
+    authorized_parameters[0][:filter] ||= [{}]
+  end
+
+  def authorized_parameter_inclusions
+    authorized_parameters[0][:include] ||= ''
+  end
+
+  def authorized_parameter_sorts
+    authorized_parameters[0][:sort] ||= ''
+  end
+
+  # rubocop:disable Layout/ExtraSpacing
+  def raw_parameter_attributes
+    @raw_parameter_attributes ||= begin
+      raw_parameters[:data]              ||= {}
+      raw_parameters[:data][:attributes] ||= {}
+
+      raw_parameters[:data][:attributes]
+    end
+  end
+  # rubocop:enable Layout/ExtraSpacing
+
+  def raw_parameter_filters
+    @raw_parameter_filters ||= raw_parameters[:filter] ||= {}
+  end
+
+  def raw_parameter_inclusions
+    @raw_parameter_inclusions ||= raw_parameters[:include] ||= ''
+  end
+
+  def raw_parameter_relationships
+    @raw_parameter_relationships ||= raw_parameters
+                                       .fetch(:data,          {})
+                                       .fetch(:relationships, {})
+  end
+
+  def raw_parameter_sorts
+    @raw_parameter_sorts ||= raw_parameters[:sort] ||= ''
+  end
+
+  def raw_parameter_attribute_value(name)
+    raw_parameter_attributes[name]
+  end
+
+  def raw_parameter_filter_value(name)
+    raw_parameter_filters[name]
+  end
+
+  def raw_parameter_relationship(name)
+    raw_parameter_relationships.fetch(name, {})
+  end
+
+  def raw_parameter_relationship_data(name)
+    raw_parameter_relationship(name).fetch(:data, nil)
+  end
+end
+end
+end
+end
+# rubocop:enable Metrics/ClassLength

data/lib/apiphobic/authorization/authorizers/scope.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+require 'apple_core/refinements/string'
+
+module  Apiphobic
+module  Authorization
+module  Authorizers
+class   Scope
+  using ::AppleCore::Refinements::String
+
+  attr_accessor :action,
+                :token,
+                :user,
+                :raw_parameters,
+                :scope_root
+
+  # rubocop:disable Metrics/ParameterLists
+  def initialize(action:, token:, user:, issuer:, parameters:, scope_root:, **other)
+    self.action         = action
+    self.token          = token
+    self.user           = user
+    self.raw_parameters = parameters
+    self.scope_root     = scope_root
+
+    other.each do |name, value|
+      public_send("#{name}=", value)
+    end
+  end
+  # rubocop:enable Metrics/ParameterLists
+
+  def user_scope
+    scope_root.public_send("for_#{user_underscored_class_name}", scope_user_id)
+  end
+
+  def public_scope
+    scope_root.none
+  end
+
+  def call
+    if scope_user_id
+      user_scope
+    else
+      public_scope
+    end
+  end
+
+  private
+
+  def scope_user_id
+    @scope_user_id ||= raw_parameters
+                         .fetch(:filter, {})
+                         .fetch(user_underscored_class_name, nil)
+  end
+
+  def user_underscored_class_name
+    @user_underscored_class_name ||= begin
+      base_user_class_name         = user.class.name[/([^:]+)\z/, 1]
+
+      base_user_class_name.underscore.downcase
+    end
+  end
+end
+end
+end
+end

data/lib/apiphobic/authorization/transformers/json_api_to_rails_attributes.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'apiphobic/json_api/relationship'
+
+module  Apiphobic
+module  Authorization
+module  Transformers
+class   JsonApiToRailsAttributes
+  attr_accessor :parameters
+
+  def initialize(parameters:)
+    self.parameters = parameters
+  end
+
+  def call
+    attributes.merge(relationship_attributes)
+  end
+
+  private
+
+  def attributes
+    @attributes = parameters
+                    .fetch(:data,       {})
+                    .fetch(:attributes, parameters_class.new)
+  end
+
+  def relationships
+    @relationships = parameters
+                       .fetch(:data,          {})
+                       .fetch(:relationships, parameters_class.new)
+  end
+
+  def relationship_attributes
+    parameters_class.new.tap do |relationship_attributes|
+      relationships.each_pair do |name, relationship|
+        relationship_attributes.merge!(JsonApi::Relationship
+                                         .new(name: name, data: relationship)
+                                         .to_rails_attributes)
+      end
+
+      relationship_attributes.permit! if relationship_attributes.respond_to?(:permit!)
+    end
+  end
+
+  def parameters_class
+    parameters.class
+  end
+end
+end
+end
+end

data/lib/apiphobic/authorization/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Apiphobic
+module Authorization
+  VERSION = '1.0.0'
+end
+end

data/lib/apiphobic/errors/unpermitted_inclusions.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'erratum/error'
+
+module  Apiphobic
+module  Errors
+class   UnpermittedInclusions < RuntimeError
+  include Erratum::Error
+
+  attr_accessor :inclusions
+
+  def http_status
+    422
+  end
+
+  def title
+    'Unpermitted Inclusion'
+  end
+
+  def detail
+    'One or more of the inclusions you attempted to pass via the "include" parameter ' \
+    'are either not available or not authorized.'
+  end
+
+  def source
+    { inclusions: inclusions }
+  end
+end
+end
+end

data/lib/apiphobic/errors/unpermitted_sorts.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'erratum/error'
+
+module  Apiphobic
+module  Errors
+class   UnpermittedSorts < RuntimeError
+  include Erratum::Error
+
+  attr_accessor :sorts
+
+  def http_status
+    422
+  end
+
+  def title
+    'Unpermitted Sort'
+  end
+
+  def detail
+    <<~HEREDOC.chomp.tr("\n", ' ')
+      One or more of the sorts you attempted to pass via the "sort" parameter
+      are either not available or not authorized.
+    HEREDOC
+  end
+
+  def source
+    { sorts: sorts }
+  end
+end
+end
+end

data/lib/apiphobic/json_api/relationship.rb

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+
+require 'apple_core/refinements/string'
+
+module  Apiphobic
+module  JsonApi
+class   Relationship
+  using ::AppleCore::Refinements::String
+
+  attr_accessor :name,
+                :raw_relationship,
+                :data_class
+
+  def initialize(name:, data:, data_class: nil)
+    self.name             = name
+    self.raw_relationship = data
+    self.data_class       = data_class || data.class
+  end
+
+  def to_rails_attributes
+    __send__("#{embedded}_#{type}_to_rails_attributes")
+  end
+
+  private
+
+  def embedded_has_one_to_rails_attributes
+    attribute = "#{name.singularize}_attributes".to_sym
+
+    with_data_class(attribute, relationship_attributes_to_rails_attributes(data))
+  end
+
+  def referenced_has_one_to_rails_attributes
+    attribute = "#{name.singularize}_id".to_sym
+
+    with_data_class(attribute, data[:id])
+  end
+
+  def embedded_has_many_to_rails_attributes
+    attribute = "#{name.pluralize}_attributes".to_sym
+
+    has_many_attributes = data.map do |datum|
+      relationship_attributes_to_rails_attributes(datum)
+    end
+
+    with_data_class(attribute, has_many_attributes)
+  end
+
+  def referenced_has_many_to_rails_attributes
+    attribute = "#{name.singularize}_ids".to_sym
+
+    has_many_attributes = data.map { |d| d[:id] }
+
+    with_data_class(attribute, has_many_attributes)
+  end
+
+  def empty_empty_to_rails_attributes
+    attribute = name.to_sym
+
+    with_data_class(attribute, nil)
+  end
+
+  def empty_has_many_to_rails_attributes
+    attribute = "#{name.singularize}_ids".to_sym
+
+    with_data_class(attribute, [])
+  end
+
+  def relationship_attributes_to_rails_attributes(other)
+    other[:attributes].dup.tap do |attrs|
+      attrs.delete(:__id__)
+      attrs[:id] = other[:id] if other[:id]
+    end
+  end
+
+  def type
+    return 'has_many' if     has_many?
+    return 'has_one'  if     has_one?
+    return 'empty'    unless has_data?
+  end
+
+  def embedded
+    if referenced?
+      'referenced'
+    elsif embedded?
+      'embedded'
+    elsif !has_data?
+      'empty'
+    end
+  end
+
+  def has_many?
+    data.is_a?(::Array)
+  end
+
+  def has_one?
+    data.is_a?(::Hash) || data.is_a?(::ActionController::Parameters)
+  rescue NameError
+    false
+  end
+
+  def referenced?
+    return false unless has_data?
+
+    !Array(data)[0][:attributes]
+  end
+
+  def embedded?
+    return false unless has_data?
+
+    Array(data)[0][:attributes]
+  end
+
+  def has_data?
+    @has_data ||= Array(data).compact.any?
+  end
+
+  def data
+    raw_relationship[:data]
+  end
+
+  def with_data_class(key, value)
+    if data_class == ::Hash
+      { key => value }
+    elsif data_class == ::ActionController::Parameters
+      ::ActionController::Parameters.new(key => value).tap(&:permit!)
+    end
+  rescue NameError
+    { key => value }
+  end
+end
+end
+end

metadata

@@ -0,0 +1,164 @@
+--- !ruby/object:Gem::Specification
+name: apiphobic-authorization
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- thegranddesign
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDqjCCApKgAwIBAgIBATANBgkqhkiG9w0BAQUFADBNMREwDwYDVQQDDAhydWJ5
+  Z2VtczEjMCEGCgmSJomT8ixkARkWE2xpdmluZ2hpZ2hvbnRoZWJsb2cxEzARBgoJ
+  kiaJk/IsZAEZFgNjb20wHhcNMTcwODAyMjI1OTM1WhcNMTgwODAyMjI1OTM1WjBN
+  MREwDwYDVQQDDAhydWJ5Z2VtczEjMCEGCgmSJomT8ixkARkWE2xpdmluZ2hpZ2hv
+  bnRoZWJsb2cxEzARBgoJkiaJk/IsZAEZFgNjb20wggEiMA0GCSqGSIb3DQEBAQUA
+  A4IBDwAwggEKAoIBAQDtLa7+7p49gW15OgOyRZad/F92iZcMdDjZ2kAxZlviXgVe
+  PCtjfdURobH+YMdt++6eRkE25utIFqHyN51Shxfdc21T3fPQe/ZEoMyiJK4tYzbh
+  7VjNJG4ldvKKpS1p7iVz9imnyTxNwb0JaIOsOFCA04T0u6aCQi2acNvAPLviXk0q
+  xJ/CKjI4QUTZKVrBt8Q1Egrp2yzmEnSNftDuTbBb8m4vDR+w325CwbKCgycHJ1/g
+  YZ3FO76TzJuRVbsYS/bU5XKHVEpkeFmWBqEXsk4DuUIWLa6WZEJcoZf+YP+1pycG
+  7YqSbydpINtEdopD+EEI+g+zNJ4nSI8/eQcQyEjBAgMBAAGjgZQwgZEwCQYDVR0T
+  BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFDWuVrg4ve0vLu71kqiGdyBnzJGV
+  MCsGA1UdEQQkMCKBIHJ1YnlnZW1zQGxpdmluZ2hpZ2hvbnRoZWJsb2cuY29tMCsG
+  A1UdEgQkMCKBIHJ1YnlnZW1zQGxpdmluZ2hpZ2hvbnRoZWJsb2cuY29tMA0GCSqG
+  SIb3DQEBBQUAA4IBAQDJIpHjbBPGiaY4wOHcXlltQ+BMmhWQNh+1fZtyajQd+7Ay
+  fv23mO7Mf25Q38gopQlpaODkfxq54Jt8FvQbr5RYRS4j+JEKb75NgrAtehd8USUd
+  CiJJGH+yvGNWug9IGZCGX91HIbTsLQ5IUUWQasC5jGP8nxXufUr9xgAJZZenewny
+  B2qKu8q1A/kj6cw62RCY7yBmUXxlcJBj8g+JKYAFbYYKUdQSzf50k9IiWLWunJM+
+  Y2GAoHKstmfIVhc4XHOPpmTd2o/C29O9oaRgjrkfQEhF/KvJ/PhoV5hvokzsCyI5
+  iUeXPfvrGD/itYIBCgk+fnzyQQ4QtE5hTQaWQ3o2
+  -----END CERTIFICATE-----
+date: 2018-05-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: apple_core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: erratum
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.7'
+- !ruby/object:Gem::Dependency
+  name: rspeckled
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.0'
+- !ruby/object:Gem::Dependency
+  name: timecop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.9.0
+description: ''
+email:
+- rubygems@livinghighontheblog.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/apiphobic-authorization.rb
+- lib/apiphobic/authorization/authorizable_resource.rb
+- lib/apiphobic/authorization/authorizer.rb
+- lib/apiphobic/authorization/authorizers/parameters.rb
+- lib/apiphobic/authorization/authorizers/scope.rb
+- lib/apiphobic/authorization/transformers/json_api_to_rails_attributes.rb
+- lib/apiphobic/authorization/version.rb
+- lib/apiphobic/errors/unpermitted_inclusions.rb
+- lib/apiphobic/errors/unpermitted_sorts.rb
+- lib/apiphobic/json_api/relationship.rb
+homepage: ''
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Authorization for API Requests
+test_files: []