authorize_if 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: fea95712c0006a402eef0bff57366a89a7b6cb67
+  data.tar.gz: b667cf8c07496f7fa6b1970107e5de1e44b53db2
+SHA512:
+  metadata.gz: 34aff8dfa5ddeeea9ca00539a375c3e97c719b11d86b0367b2bbfdfcbc8d0cd0d58038040ba42f5b108cd4c96fe4e20524779962366e61bae31096840f999d08
+  data.tar.gz: 761953381f50d9842b22183bbe2582ea680a8650d28848a0dc37bbf2f54eabc0f4c16afa5f58316c700e4e2e3458fe1dcd0aac7d916ca64e82c0a40acac736f4

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Vladimir Rybas
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,200 @@
+# authorize_if
+
+Minimalistic authorization library for Ruby on Rails applications. It
+defines controller methods `authorize` and `authorize_if`, which accept
+authorization rules and raise exception if rule evaluates to `false`.
+
+And that's it.
+
+## Installation
+
+Add gem to your application's `Gemfile`:
+
+    gem 'authorize_if'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install authorize_if
+
+## Usage
+
+#### `authorize_if`
+
+Accepts any `truthy` or `falsey` Ruby object.
+
+```ruby
+class ArticlesController
+  def index
+    authorize_if current_user
+    # ...
+  end
+
+  def show
+    article = Article.find(params[:id])
+
+    authorize_if article.authored_by?(current_user) ||
+                 article.group.members.include?(current_user)
+    # ...
+  end
+
+  def edit
+    article = Article.find(params[:id])
+
+    authorize_if can_manage?(article)
+    # ...
+  end
+
+  private
+
+  def can_manage?(article)
+    # ...
+  end
+end
+```
+
+It raises `AuthorizeIf::NotAuthorizedError` exception, which you can
+rescue right in the controller method
+
+```ruby
+class ArticlesController
+  def index
+    authorize_if current_user
+    # ...
+
+  rescue AuthorizeIf::NotAuthorizedError
+    head 403
+
+  end
+end
+```
+
+or with `rescue_from` in `ApplicaitonController`:
+
+```ruby
+class ApplicationController < ActionController::Base
+  rescue_from "AuthorizeIf::NotAuthorizedError" do |exception|
+    head 403
+  end
+end
+```
+
+You can set custom error message by using configuration block
+
+```ruby
+class ArticlesController
+  def index
+    authorize_if(current_user) do |config|
+      config.error_message = "You are not authorized!"
+    end
+    # ...
+  end
+end
+
+class ApplicationController < ActionController::Base
+  rescue_from "AuthorizeIf::NotAuthorizedError" do |exception|
+    render text: exception.message, status: 403
+  end
+end
+```
+
+#### `authorize`
+
+This method helps to extract authorization rules out of controller. It
+expects corresponding authorization rule to exist.
+
+```ruby
+class ArticlesController
+  def index
+    authorize
+
+    # ...
+  end
+
+  private
+
+  def authorize_index?
+    current_user.present?
+  end
+end
+```
+
+You can extract those rules into a module and include them to the
+controller.
+
+```ruby
+module AuthorizationRules
+  def authorize_index?
+    current_user.present?
+  end
+end
+
+class ArticlesController
+  include AuthorizationRules
+
+  def index
+    authorize
+
+    # ...
+  end
+end
+```
+
+`authorize` accepts any parameters and passes them to authorization
+rule.
+
+```ruby
+class ArticlesController
+  def edit
+    article = Article.find(params[:id])
+
+    authorize(article)
+
+    # ...
+  end
+
+  private
+
+  def authorize_edit?(article)
+    article.author == current_user
+  end
+end
+```
+
+It can also be customized by using configuration block.
+
+```ruby
+class ArticlesController
+  def edit
+    article = Article.find(params[:id])
+
+    authorize(article) do |config|
+      config.error_message = "You are not authorized!"
+    end
+
+    # ...
+  end
+
+  private
+
+  def authorize_edit?(article)
+    article.author == current_user
+  end
+end
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/vrybas/authorize_if/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## License
+
+Copyright 2016 Vladimir Rybas. MIT License (see LICENSE for details).
+

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AuthorizeIf'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/authorize_if.rb

@@ -0,0 +1,138 @@
+# Provides a set of methods to handle authorization scenarios.
+# It is included to ActionController::Base on load.
+#
+module AuthorizeIf
+  NotAuthorizedError            = Class.new(StandardError)
+  MissingAuthorizationRuleError = Class.new(StandardError)
+
+  Configuration = Class.new do
+    attr_accessor :error_message
+  end
+
+  # Evaluates given object as boolean. Returns 'true' if object
+  # evaluates to 'true'. Raises `AuthorizeIf::NotAuthorizedError`
+  # if object evaluates to 'false'.
+  #
+  # Also accepts block and calls it with `AuthorizeIf::Configuration`
+  # object as parameter. Behavior can be customized by calling methods
+  # on configuraiton object.
+  #
+  # @param [Object] rule
+  #   The authorization rule. Any "truthy" or "falsey" Ruby object.
+  #
+  # @param [Proc] block
+  #   The configuration block. Supported configuration:
+  #     `error_message=()` - custom error message, which will be raised
+  #                          along with `AuthorizeIf::NotAuthorizedError`
+  #                          exception.
+  #
+  # @example
+  #     class ArticlesController
+  #       def index
+  #         authorize_if current_user
+  #         # => true
+  #
+  #         ...
+  #       end
+  #
+  #       def edit
+  #         @article = Article.find(params[:id])
+  #
+  #         authorize_if @article.authors.include?(current_user) do |config|
+  #           config.error_message = "You are not authorized!"
+  #         end
+  #         # => AuthorizeIf::NotAuthorizedError: You are not authorized!
+  #
+  #         ...
+  #       end
+  #     end
+  #
+  #
+  # @return [Boolean]
+  #   Returns 'true' if given object evaluates to 'true'.
+  #
+  # @raise [AuthorizeIf::NotAuthorizedError]
+  #   Raised if given object evaluates to 'false'.
+  #
+  def authorize_if(rule, &block)
+    config = Configuration.new
+    block.call(config) if block
+
+    !!rule || raise(NotAuthorizedError, config.error_message)
+  end
+
+  # Accepts any arguments and configuration block. Calls corresponding
+  # authorization rule method with given arguments, except block.
+  #
+  # Then calls `#authorize_if` with the returning value of corresponding
+  # authorization rule as first argument, and with given configuration block.
+  #
+  # @param *args
+  #   Any arguments, which will be given to corresponding
+  #   authorization rule.
+  #
+  # @param [Proc] block
+  #   The configuration block. See `#authorize_if` for complete list of
+  #   configuration options.
+  #
+  # @example
+  #     class ArticlesController
+  #       def index
+  #         authorize
+  #         # => true
+  #
+  #         ...
+  #       end
+  #
+  #       def edit
+  #         @article = Article.find(params[:id])
+  #
+  #         authorize(@article) do |config|
+  #           config.error_message = "You are not authorized!"
+  #         end
+  #         # => AuthorizeIf::NotAuthorizedError: You are not authorized!
+  #
+  #         ...
+  #       end
+  #
+  #       def destroy
+  #         authorize
+  #         # => AuthorizeIf::MissingAuthorizationRuleError: No authorization
+  #           rule defined for action articles#destroy. Please define
+  #           method #authorize_destroy? for ArticlesController
+  #
+  #         ...
+  #       end
+  #
+  #       private
+  #
+  #       def authorize_index?
+  #         current_user.present?
+  #       end
+  #
+  #       def authorize_edit?(article)
+  #         article.author == current_user
+  #       end
+  #     end
+  #
+  def authorize(*args, &block)
+    rule_method_name = "authorize_#{action_name}?"
+
+    unless self.respond_to?(rule_method_name, true)
+      msg = [
+        "No authorization rule defined for action",
+        "#{controller_name}##{action_name}.",
+        "Please define method ##{rule_method_name} for",
+        self.class.name
+      ].join(' ')
+
+      raise(MissingAuthorizationRuleError, msg)
+    end
+
+    authorize_if(self.send(rule_method_name, *args), &block)
+  end
+end
+
+ActiveSupport.on_load :action_controller do
+  include AuthorizeIf
+end

data/lib/authorize_if/version.rb

@@ -0,0 +1,3 @@
+module AuthorizeIf
+  VERSION = "0.0.1"
+end

data/lib/tasks/authorize_if_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :authorize_if do
+#   # Task goes here
+# end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.