authorizable 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 77b3ab727e51ec220be5820eed631d12c66e9bc9
+  data.tar.gz: e613cfad5041f4419977489325edbe0054aca213
+SHA512:
+  metadata.gz: c28114098c0412fe8238865421378c5c97a1f82b8a1499bfe6264658d71e0541410ed1eacaa26ff1623b6d6883733c0092f054fd31da8bd4f051597bf55a3ba7
+  data.tar.gz: 3ae8cd4b03c111c7e826b9bd102fa58b68c228818f3354fb538a604946389f2821edee2ddd74958e830a7f2a6829b0fa71fb10a9c65c0efa65fb01e117606bf3

data/.gitignore

@@ -0,0 +1,33 @@
+*.rbc
+capybara-*.html
+.rspec
+/log
+/spec/rails_app/log
+/tmp
+/spec/rails_app/tmp
+/db/*.sqlite3
+/public/system
+/coverage/
+/spec/tmp
+**.orig
+rerun.txt
+pickle-email-*.html
+
+# TODO Comment out these rules if you are OK with secrets being uploaded to the repo
+config/initializers/secret_token.rb
+config/secrets.yml
+
+## Environment normalisation:
+/.bundle
+/vendor/bundle
+
+# these should all be checked in to normalise the environment:
+# Gemfile.lock, .ruby-version, .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# if using bower-rails ignore default bower_components path bower.json files
+/vendor/assets/bower_components
+*.bowerrc
+bower.json

data/.travis.yml

@@ -0,0 +1,14 @@
+language: ruby
+bundler_args: --without guard
+rvm:
+  - "2.0"
+  - "2.1"
+  - ruby-head
+script: "bundle exec rspec"
+addons:
+  code_climate:
+    repo_token: 68f28e1d037ca7b58d24f943b59d82cd649e1f9b9f79437d4a5d864140dd4eb0
+branches:
+  only: master
+notifications:
+  email: false

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in authorizable.gemspec
+gemspec
+
+gem "codeclimate-test-reporter", git: "https://github.com/codeclimate/ruby-test-reporter.git", branch: "check_git_dir"

data/Gemfile.lock

@@ -0,0 +1,178 @@
+GIT
+  remote: https://github.com/codeclimate/ruby-test-reporter.git
+  revision: 7eeff8c596b1b540cb7ff004b93053265e4d8be5
+  branch: check_git_dir
+  specs:
+    codeclimate-test-reporter (0.4.4)
+      simplecov (>= 0.7.1, < 1.0.0)
+
+PATH
+  remote: .
+  specs:
+    authorizable (0.9.0)
+      activesupport (>= 3.0.0)
+      i18n
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.2.0)
+      actionpack (= 4.2.0)
+      actionview (= 4.2.0)
+      activejob (= 4.2.0)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.0)
+      actionview (= 4.2.0)
+      activesupport (= 4.2.0)
+      rack (~> 1.6.0)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    actionview (4.2.0)
+      activesupport (= 4.2.0)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    activejob (4.2.0)
+      activesupport (= 4.2.0)
+      globalid (>= 0.3.0)
+    activemodel (4.2.0)
+      activesupport (= 4.2.0)
+      builder (~> 3.1)
+    activerecord (4.2.0)
+      activemodel (= 4.2.0)
+      activesupport (= 4.2.0)
+      arel (~> 6.0)
+    activesupport (4.2.0)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    arel (6.0.0)
+    awesome_print (1.6.1)
+    builder (3.2.2)
+    byebug (3.5.1)
+      columnize (~> 0.8)
+      debugger-linecache (~> 1.2)
+      slop (~> 3.6)
+    coderay (1.1.0)
+    columnize (0.9.0)
+    debugger-linecache (1.2.0)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    erubis (2.7.0)
+    factory_girl (4.5.0)
+      activesupport (>= 3.0.0)
+    factory_girl_rails (4.5.0)
+      factory_girl (~> 4.5.0)
+      railties (>= 3.0.0)
+    globalid (0.3.0)
+      activesupport (>= 4.1.0)
+    hike (1.2.3)
+    i18n (0.7.0)
+    json (1.8.1)
+    loofah (2.0.1)
+      nokogiri (>= 1.5.9)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    method_source (0.8.2)
+    mime-types (2.4.3)
+    mini_portile (0.6.2)
+    minitest (5.5.0)
+    multi_json (1.10.1)
+    nokogiri (1.6.5)
+      mini_portile (~> 0.6.0)
+    pry (0.10.1)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    pry-byebug (2.0.0)
+      byebug (~> 3.4)
+      pry (~> 0.10)
+    rack (1.6.0)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (4.2.0)
+      actionmailer (= 4.2.0)
+      actionpack (= 4.2.0)
+      actionview (= 4.2.0)
+      activejob (= 4.2.0)
+      activemodel (= 4.2.0)
+      activerecord (= 4.2.0)
+      activesupport (= 4.2.0)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.0)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.5)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.1)
+      loofah (~> 2.0)
+    railties (4.2.0)
+      actionpack (= 4.2.0)
+      activesupport (= 4.2.0)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-rails (3.1.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+      rspec-support (~> 3.1.0)
+    rspec-support (3.1.2)
+    simplecov (0.9.1)
+      docile (~> 1.1.0)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.8.0)
+    simplecov-html (0.8.0)
+    slop (3.6.0)
+    sprockets (2.12.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.2.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (>= 2.8, < 4.0)
+    sqlite3 (1.3.10)
+    thor (0.19.1)
+    thread_safe (0.3.4)
+    tilt (1.4.1)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  authorizable!
+  awesome_print
+  bundler
+  codeclimate-test-reporter!
+  factory_girl_rails (~> 4.4)
+  pry-byebug
+  rails (>= 4)
+  rspec
+  rspec-rails
+  sqlite3

data/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 L. Preston Sego III
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

data/README.md

@@ -0,0 +1,80 @@
+authorizable
+============
+
+A gem for rails giving vast flexibility in authorization management.
+
+[![docs](https://img.shields.io/badge/docs-yardoc-blue.svg?style=flat-square)](http://www.rubydoc.info/github/NullVoxPopuli/authorizable)
+[![Build Status](http://img.shields.io/travis/NullVoxPopuli/authorizable.svg?style=flat-square)](https://travis-ci.org/NullVoxPopuli/authorizable)
+[![Code Climate](http://img.shields.io/codeclimate/github/NullVoxPopuli/authorizable.svg?style=flat-square)](https://codeclimate.com/github/NullVoxPopuli/authorizable)
+[![Test Coverage](http://img.shields.io/codeclimate/coverage/github/NullVoxPopuli/authorizable.svg?style=flat-square)](https://codeclimate.com/github/NullVoxPopuli/authorizable)
+
+
+## Features
+
+ - Customizable Permissions
+ - Permissions are all defined in one place
+ - Role-Based
+ - Easy UI Generation
+ - Categorization for Organizing Permission in the UI
+ - Easily Extensible (e.g.: adding support for permission groups )
+ - Automatic controller response upon unauthorized status
+ - Controller response is customizable
+ - Controller behavior defined in one place (optionally in the controller)
+
+## Installation
+
+Gemfile
+
+    gem "authorizable", github: "NullVoxPopuli/authorizable"
+
+## Configuration
+### Defining permissions
+
+There are a couple ways that permissions can be defined.
+
+If you like calling methods for configuration:
+
+    module Authorizable
+      class Permissions
+        can :delete_event
+      end
+    end
+
+will create a permission definition called `delete_event` which can be accessed by calling
+`user.can_delete_event?(@event)`
+
+    module Authorizable
+      class Permissions
+        can :edit_event, true, "Edit an Event", nil, ->(e, user){ e.user == user }
+      end
+    end
+
+will create a permission definition called `edit_event` with an additional condition allowing editing only if the user owns the event
+
+    Authorizable::Permissions.set(
+      edit_organization:   [Authorizable::OBJECT, true],
+      delete_organization: [Authorizable::OBJECT, [true, false], nil, ->(e, user){ e.user == user }, ->(e, user){ e.owner == user }]
+    )
+
+This is how Authorizable references the permission definitions internally, just as raw permission: definition sets. Note that `Authorizable::Permissions.set` overrides the definitions list each time.
+
+### Customizing roles
+
+coming soon...
+
+### Supporting group-based permissions
+
+coming soon...
+
+## Why not CanCan?
+
+Initially, I wanted something more customizable and that could aid in the generation of a UI where users
+can customize permissions for various groups or organizations. My goal is to at least support everything CanCan has, but with the mindset and intention of customizing behavior and remaining DRY.
+
+## Contributing
+
+1. Fork the project
+2. Create a new, descriptively named branch
+3. Add Test(s)!
+4. Commit your proposed changes
+5. Submit a pull request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/authorizable.gemspec

@@ -0,0 +1,40 @@
+# -*- encoding: utf-8 -*-
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "authorizable/version"
+
+Gem::Specification.new do |s|
+  s.name        = "authorizable"
+  s.version     = Authorizable::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.license     = "MIT"
+  s.authors     = ["L. Preston Sego III"]
+  s.email       = "LPSego3+dev@gmail.com"
+  s.homepage    = "https://github.com/NullVoxPopuli/authorizable"
+  s.summary     = "Authorizable-#{Authorizable::VERSION}"
+  s.description = "A gem for rails giving vast flexibility in authorization management."
+
+
+  s.files         = `git ls-files`.split($/)
+  s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.require_paths = ["lib"]
+
+
+  s.add_runtime_dependency "activesupport", ">= 3.0.0"
+  s.add_runtime_dependency "i18n"
+
+  # for testing a gem with a rails app (controller specs)
+  # https://codingdaily.wordpress.com/2011/01/14/test-a-gem-with-the-rails-3-stack/
+  s.add_development_dependency "bundler"
+  s.add_development_dependency "rails", ">= 4"
+  s.add_development_dependency "factory_girl_rails", "~> 4.4"
+  s.add_development_dependency "awesome_print"
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "rspec-rails"
+  s.add_development_dependency "sqlite3"
+  s.add_development_dependency "pry-byebug"
+  # s.add_development_dependency "codeclimate-test-reporter", "0.4.3"
+
+end

data/config/locales/en.yml

@@ -0,0 +1,6 @@
+en:
+  authorizable:
+    redirect_path_must_be_proc: ":redirect_path must be a proc"
+    redirect_path_required: ":redirect_path is required"
+    permission_required: ":permission is required when :target is omitted"
+    not_authorized: You do not have permission to do that

data/lib/authorizable.rb

@@ -0,0 +1,31 @@
+require 'active_record'
+require 'active_support'
+require 'action_controller'
+
+require 'authorizable/permission_utilities'
+require 'authorizable/permissions'
+require 'authorizable/controller'
+require 'authorizable/model'
+require 'authorizable/version'
+
+module Authorizable
+  OBJECT = PermissionUtilities::OBJECT
+  ACCESS = PermissionUtilities::ACCESS
+
+  def self.definitions
+    Authorizable::Permissions.definitions || {}
+  end
+end
+
+# add authorizable method to ActionController
+ActionController::Base.send(:include, Authorizable::Controller)
+# class ActionController::Base
+#   include Authorizable::Controller
+
+#   def self.authorizable
+#     ap 'wat'
+#   end
+# end
+
+# add authorizable method to ActiveModel
+# ActiveRecord::Base.send( :extend, Authorizable::Model )

data/lib/authorizable/controller.rb

@@ -0,0 +1,156 @@
+module Authorizable
+  module Controller
+    extend ActiveSupport::Concern
+
+    included do
+
+      # where the config for this controller is stored
+      # after validation
+      class_attribute :authorizable_config
+    end
+
+    module ClassMethods
+      # sets up a before filter that will redirect if the permission
+      # condition fails
+      #
+      # @example
+      #  authorizable(
+      #    edit: { # implies current_user.can_edit?(@event)
+      #      target: :event,
+      #      redirect_path: Proc.new{ hosted_event_path(@event) }
+      #    }
+      #  )
+      #
+      # @example
+      #  authorizable(
+      #    create: {
+      #      permission: :can_create_event?,
+      #      redirect_path: Proc.new{ hosted_events_path }
+      #    },
+      #    destroy: { # implies current_user.can_delete?(@event)
+      #      target: :event,
+      #      redirect_path: Proc.new{ hosted_event_path(@event) }
+      #    }
+      #  )
+      #
+      # @param [Hash] config the list of options to configure actions to be authorizable
+      # @option config [Symbol] action the action to authorize with
+      # @option action [ActiveRecord::Base] :user (current_user) object to run the condition on
+      # @option action [Symbol] :permission (can_{action}?(target)) the condition to run on the :user
+      # @option action [Symbol] :target ("@#{target}") the name of the object passed to the :permission
+      #   if no target is provided :permission becomes a required option
+      # @option action [Proc] :redirect_path where to go upon unauthorized
+      # @option action [String] :message (I18n.t('authorizable.not_authorized'))
+      #   message to display as a flash message upon an unauthorized attempt
+      # @option action [Symbol] :flash_type (:alert) what flash type to use for displaying the :message
+      def authorizable(config = {})
+        Authorizable::Controller.parameters_are_valid?(config)
+
+        self.authorizable_config = config
+
+        self.send(:before_filter, :authorizable_authorized?)
+      end
+    end
+
+    private
+
+    def authorizable_authorized?
+      result = false
+      action = params[:action].to_sym
+
+      if !self.class.authorizable_config[action]
+        action = Authorizable::Controller.alias_action(action)
+      end
+
+      settings_for_action = self.class.authorizable_config[action]
+
+      return true unless settings_for_action.present?
+
+      defaults = {
+        user: current_user,
+        permission: "can_#{action.to_s}?",
+        message: I18n.t('authorizable.not_authorized'),
+        flash_type: :alert
+      }
+
+      options = defaults.merge(settings_for_action)
+
+      # run permission
+      if options[:target]
+        object = instance_variable_get("@#{options[:target]}")
+        result = options[:user].send(options[:permission], object)
+      else
+        result = options[:user].send(options[:permission])
+      end
+
+      # redirect
+      unless result
+        authorizable_respond_with(
+          options[:flash_type],
+          options[:message],
+          options[:redirect_path]
+        )
+
+        # halt
+        return false
+      end
+
+      # proceed with execution
+      true
+    end
+
+
+    def authorizable_respond_with(flash_type, message, path)
+      flash[flash_type] = message
+
+      respond_to do |format|
+        format.html{
+          path = self.instance_eval(&path)
+          redirect_to path
+        }
+        format.json{
+          render json: {}, status: 401
+        }
+      end
+
+    end
+
+    def self.alias_action(action)
+      if action == :update
+        action = :edit
+      elsif action == :edit
+        action = :update
+      elsif action == :create
+        action = :new
+      elsif action == :new
+        action = :create
+      end
+
+      action
+    end
+
+    # @see @authorizable for options
+    # @return [Boolean]
+    def self.parameters_are_valid?(config)
+      config.each do |action, settings|
+        if !settings[:target]
+          # permission is required
+          if !settings[:permission]
+            raise ArgumentError.new(I18n.t('authorizable.permission_required'))
+          end
+        end
+
+        # redirect_path is always required
+        redirect_path = settings[:redirect_path]
+        if !redirect_path
+          raise ArgumentError.new(I18n.t('authorizable.redirect_path_required'))
+        else
+          if !redirect_path.is_a?(Proc)
+            raise ArgumentError.new(I18n.t("authorizable.redirect_path_must_be_proc"))
+          end
+        end
+      end
+    end
+
+  end
+end