authoraise 0.1.1 → 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG +7 -0
  3. data/README.md +32 -3
  4. data/lib/authoraise.rb +3 -5
  5. data/lib/authoraise/version.rb +1 -1
  6. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5f24e784a52e7c2725bfc0eade0fe98a1909fcd4
4
- data.tar.gz: cb91b76b2dea79aac821e178bfa288947d7d5f46
3
+ metadata.gz: bad448d3d7ef8c5805470e70819ecbb6575daaa1
4
+ data.tar.gz: 4e85ac9821aaa0f96a1afc490c6554512036b2b2
5
5
  SHA512:
6
- metadata.gz: 4c60e2997ea5f5dabd5773a09315c9d81015b2064d85ad4d4d7b301a7ac410c17f249ab51e3ced94db87c75b1447162bc9329899ecf4a8f3911ccffa6b20601b
7
- data.tar.gz: 922747b570f4d91313c363af7e394faf7f7cb853863808b2f2c2d7ed633d3b850d75b1bf7c18f0495c41166fe511e3172ec7d0f259c5410862b3d1e35564c2ec
6
+ metadata.gz: cd68a93363b33ba04674cf5a90a932eefbac6c80130842d273b8775f9357583e8030d1b200da7c298d776cb4776eb6cb32fee5d9d022fce37622a01c4688772a
7
+ data.tar.gz: 6bb5bb7a4724ae819a318f276d0bd5cbe9d91dca8890cf572ec197e7eb4e1baed77f1954f2494f49023351275b62cae05ed0d97ae7bfb8a603d29c6ff14b42ef
data/CHANGELOG ADDED
@@ -0,0 +1,7 @@
1
+ v0.1.2
2
+
3
+ * Policy constructor now accepts block: policy = Policy.new{ |p| p.allow{} }
4
+
5
+ v0.1.1
6
+
7
+ * The beginning
data/README.md CHANGED
@@ -1,10 +1,39 @@
1
1
  # Authoraise
2
2
 
3
- So your authorization logic is getting complex, and eventually you start forgetting to pass in all the options that are used to check access. When that happens, your boolean expressions return false, causing false negatives. This tool solves the problem by raising helpful error messages, but also allows you to ignore the issue where it's intended to be that way. No more false negatives!
3
+ This gem is not like other authorization gems because it doesn't enforce any kind of structure or vocabulary on your app. Its only job is to wrap and audit your boolean expressions that you use for authorization.
4
+
5
+ So instead of writing boolean expressions like this.
6
+
7
+ ~~~ruby
8
+ options[:post] &&
9
+ (options[:post].publised? || (options[:post].user == options[:user]))
10
+ ~~~
11
+
12
+ You would write them like this.
13
+
14
+ ~~~ruby
15
+ policy = Authoraise::Policy.new
16
+ policy.allow { |post| post.published? }
17
+ policy.allow { |post, user| post.user == user }
18
+ policy.authorize(options)
19
+ ~~~
20
+
21
+ Or like this.
22
+
23
+ ~~~ruby
24
+ authorize(options) do |policy|
25
+ policy.allow { |post| post.published? }
26
+ policy.allow { |post, user| post.user == user }
27
+ end
28
+ ~~~
29
+
30
+ You may wonder why would you do that. Well, when your authorization logic gets more complex, you might start forgetting to pass in all the options that are used to check access. When that happens, your boolean expressions return false, causing false negatives. Take a look at the first example above, and think what happens if post is not published and `options[:user]` is not passed in. Hint: you just get a `false`. Your program would lie to you, because really you never gave it a user to check, so how does it know if it's a false? It's straight up missing some data.
31
+
32
+ This gem solves the problem by raising helpful error messages, but also allowing you to ignore the issue where it's intended to be that way. So in the examples above if you pass an unpublished post and forget to pass in a user in the options, you will see a helpful error message.
4
33
 
5
34
  ## Usage
6
35
 
7
- Follow these examples to see what happens when sometimes you forget to pass the keys needed for a certain authorization check.
36
+ Follow these examples to understand how things work in various cases.
8
37
 
9
38
  ~~~ruby
10
39
  require 'authoraise'
@@ -51,7 +80,7 @@ end
51
80
  # Let's see what happens in strict mode.
52
81
  Authoraise.strict_mode = true
53
82
 
54
- # In stict mode any missing key raises an error, even if other checks passed.
83
+ # In strict mode any missing key raises an error, even if other checks passed.
55
84
  authorize(user: 'sammy') do |policy|
56
85
  policy.allow { |user| user == 'sammy' }
57
86
  policy.allow { |post| post == 'foo' }
data/lib/authoraise.rb CHANGED
@@ -6,10 +6,8 @@ module Authoraise
6
6
 
7
7
  class << self; attr_accessor :strict_mode end
8
8
 
9
- def authorize(options = {})
10
- policy = Policy.new
11
- yield(policy)
12
- policy.authorize(options)
9
+ def authorize(options = {}, &block)
10
+ Policy.new(&block).authorize(options)
13
11
  end
14
12
 
15
13
  class Check
@@ -38,7 +36,7 @@ module Authoraise
38
36
  class Policy
39
37
  def initialize
40
38
  @checks = []
41
- @mode = :any
39
+ yield(self) if block_given?
42
40
  end
43
41
 
44
42
  def allow(&procedure)
data/lib/authoraise/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Authoraise
2
- VERSION = "0.1.1"
2
+ VERSION = "0.1.2"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authoraise
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.1
4
+ version: 0.1.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Maxim Chernyak
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2015-03-10 00:00:00.000000000 Z
11
+ date: 2015-03-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -61,6 +61,7 @@ extra_rdoc_files: []
61
61
  files:
62
62
  - ".gitignore"
63
63
  - ".travis.yml"
64
+ - CHANGELOG
64
65
  - CODE_OF_CONDUCT.md
65
66
  - Gemfile
66
67
  - LICENSE.txt