area_51 0.0.1

data/.gitignore

@@ -0,0 +1,5 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+doc

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in area_54.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/area_51.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "area_51/version"
+
+Gem::Specification.new do |s|
+  s.name        = "area_51"
+  s.version     = Area51::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Chad Boyd"]
+  s.email       = ["hoverlover@gmail.com"]
+  s.homepage    = "https://github.com/hoverlover"
+  s.summary     = %q{Gem used for simple path-based access control.}
+  s.description = %q{Area51 allows you to define restricted and unrestricted sections of your application by defining paths in your controllers.}
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/lib/area_51.rb

@@ -0,0 +1,192 @@
+module Area51
+  autoload :AuthorizationTrigger, 'area_51/authorization_trigger'
+
+  module ApiMethod
+
+    # This is the entry point into the Area51 library.  Here are some usage examples:
+    #
+    #   class ApplicationController < ActionController::Base
+    #     area_51 do
+    #       authorization_trigger("current_user.active?", :unrestricted) do
+    #         restricted_area "^/memers_only"
+    #         unrestricted_area "^/$"
+    #       end
+    #
+    #       authorization_trigger(true, :restricted) do
+    #         restricted_area "/top/secret/path"
+    #         unrestricted_area "/anyone_allowed"
+    #       end
+    #
+    #       trigger = proc {
+    #         # Some useful trigger condition here
+    #       }
+    #       authorization_trigger(trigger) do
+    #         unrestricted_area %r{^/totally_open}
+    #         unrestricted_area %r{^/anyone_allowed$}
+    #       end
+    #     end
+    #   end
+    #
+    # See documentation for authorization_trigger for details on how to use this method.
+    #
+    def area_51(&block)
+      self.send :extend, ClassMethods
+      self.send :include, InstanceMethods
+
+      self.default_access = :restricted
+      self.before_filter :area_51_check_access
+
+      yield
+    end
+  end
+
+  module ClassMethods
+
+    def self.extended(klass)
+      klass.cattr_accessor :authorization_trigger_paths
+      klass.cattr_accessor :authorization_triggers
+      klass.cattr_accessor :safe_zone
+      klass.cattr_accessor :default_access
+    end
+
+    # Defines a trigger condition that when met, will cause authorization
+    # to be performed.
+    #
+    # The +trigger+ can be either a String, +lambda+, or Proc.
+    # If a String, it will be +eval+'d, if a +lambda+ or Proc, it will
+    # be called, and anything else will be returned as-is.  If the result
+    # does not return an explicit +true+, authorization will not be performed.
+    #
+    # The +default_access+ parameter, if provided, must be one of +:restricted+ or
+    # +:unrestricted+.  The default is +:restricted+.  This specifies what type
+    # of access the undefined areas will have.  For example:
+    #
+    #   area_51 do
+    #     authorization_trigger("current_user.active?", :unrestricted) do
+    #       restricted_area "^/memers_only"
+    #       unrestricted_area "^/$"
+    #     end
+    #   end
+    #
+    # Now if a user tries to access a path that isn't defined above, they will be granted access
+    # due to the +:unrestricted+ parameter.
+    #
+    def authorization_trigger(trigger, default_access = nil, &block)
+      trigger = AuthorizationTrigger.new(trigger, default_access)
+
+      yield
+
+      self.authorization_triggers ||= {}
+      self.authorization_triggers[trigger] = self.authorization_trigger_paths.dup
+      self.authorization_trigger_paths.clear
+    end
+
+    # Ties a restricted path to the authorization trigger.  Must be
+    # called within an authorization_trigger block:
+    #
+    #  authorization_trigger("current_user.signed_in?") do
+    #    restricted_area %r{/top/secret/path/}
+    #  end
+    #
+    # +path+ can be either a String or a Regexp.  If a String, it will
+    # be converted to a Regexp.
+    #
+    def restricted_area(path)
+      add_path_to_trigger_paths path, :restricted
+    end
+
+    # Ties an unrestricted path to the authorization trigger.  Must be
+    # called within an authorization_trigger block:
+    #
+    #  authorization_trigger("current_user.signed_in?") do
+    #    unrestricted_area %r{/top/secret/path/}
+    #  end
+    #
+    # +path+ can be either a String or a Regexp.  If a String, it will
+    # be converted to a Regexp.
+    #
+    def unrestricted_area(path)
+      add_path_to_trigger_paths path, :unrestricted
+    end
+
+  private
+
+    def add_path_to_trigger_paths(path, type)
+      path = Regexp.new(path) if path.is_a? String
+
+      self.authorization_trigger_paths ||= {}
+      (self.authorization_trigger_paths[type] ||= []) << path
+    end
+  end
+
+  # This module contains methods which will be added as instance methods
+  # to your controller.
+  #
+  module InstanceMethods
+
+    # A +before_filter+ that checks if authorization is needed to access
+    # the current path.  If authorization is needed, and it fails, the user
+    # is redirected to the safe_zone, or to root_path if safe_zone is not defined.
+    # It also sets +flash#notice+ with a message, which should be defined
+    # in a locale file with the key +:restricted+.
+    #
+    def area_51_check_access
+      if entering_unauthorized_area?(request.path)
+        flash.notice = I18n.t(:restricted)
+        redirect_to self.class.safe_zone || self.root_path
+      end
+    end
+
+    # Checks to see if the user is entering a restricted zone.  It does this
+    # by enumerating through the list of configured authorization triggers
+    # for this controller.  If one of them returns +true+, the paths tied
+    # to the trigger are checked against the current path.
+    #
+    # If the current path matches one of the paths configured for the trigger, and the access type
+    # for the trigger is +:restricted+, the method returns +true+.  If it is
+    # +:unrestricted+, or the current path is the same as the safe_zone, it returns +false.
+    #
+    def entering_unauthorized_area?(path)
+      return false if path == self.class.safe_zone
+
+      self.class.authorization_triggers.any? do |trigger, paths|
+        if authorization_triggered? trigger
+
+          # Now that we know an authorization should be performed, let's do it!
+
+          if path.match(combined_paths(paths[:restricted]))
+            true
+          elsif path.match(combined_paths(paths[:unrestricted]))
+            false
+          else
+            trigger.default_access == :restricted
+          end
+        end
+      end
+    end
+
+  private
+
+    def combined_paths(paths)
+      paths ||= []
+      Regexp.union(*(paths.compact))
+    end
+
+    def authorization_triggered?(trigger)
+      trigger = trigger.body
+
+      case
+      when trigger.is_a?(String)
+        result = eval trigger
+      when trigger.respond_to?(:call)
+        result = trigger.call
+      else
+        result = trigger
+      end
+
+      !!result
+    end
+  end
+end
+
+ActionController::Base.send :extend, Area51::ApiMethod

data/lib/area_51/authorization_trigger.rb

@@ -0,0 +1,16 @@
+module Area51
+  class AuthorizationTrigger
+    attr_accessor :default_access
+    attr_accessor :body
+
+    def initialize(body, default_access = nil)
+      @body = body
+
+      if [:restricted, :unrestricted].include?(default_access)
+        @default_access = default_access
+      else
+        @default_access = :restricted
+      end
+    end
+  end
+end

data/lib/area_51/version.rb

@@ -0,0 +1,3 @@
+module Area51
+  VERSION = "0.0.1"
+end

metadata

@@ -0,0 +1,64 @@
+--- !ruby/object:Gem::Specification 
+name: area_51
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Chad Boyd
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-03-04 00:00:00 -06:00
+default_executable: 
+dependencies: []
+
+description: Area51 allows you to define restricted and unrestricted sections of your application by defining paths in your controllers.
+email: 
+- hoverlover@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- area_51.gemspec
+- lib/area_51.rb
+- lib/area_51/authorization_trigger.rb
+- lib/area_51/version.rb
+has_rdoc: true
+homepage: https://github.com/hoverlover
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.0
+signing_key: 
+specification_version: 3
+summary: Gem used for simple path-based access control.
+test_files: []
+