authorize_rbac 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 37f104963cfd49645af2755dc226ce87d81c21dc
+  data.tar.gz: a0c10f66541a762c607b414e99b24a6286b17427
+SHA512:
+  metadata.gz: 358b211fde4f2f55a1b9129c2e68eeb823f64cfea8668bc8918cdb5590d30ce3f49025a99044961f56ff54d0a6697f3f4624e5e8a1b810a69cf8b17c49dd0a36
+  data.tar.gz: bff086372e0feb28a0c951b0466da5ca04a15bbb9ce3410ced04822cbb9dd14454ffcefe278c11f63c8a56fe5f1cbf505cd0c3e9bc9dafec6294c4ef275e1e50

data/lib/authorize_rbac.rb

@@ -0,0 +1,64 @@
+require "authorize_rbac/version"
+require "authorize_rbac/authorize_rbac_methods"
+require "authorize_rbac/configuration"
+require 'rails'
+
+module AuthorizeRbac
+  def self.included(base)
+    base.extend(AuthorizeRbacMethods)
+  end
+
+  def self.configuration
+    @configration ||= Configuration.new
+  end
+
+  def self.configure
+    yield(configuration)
+  end
+
+  def authorization_filter
+    if access_allowed?
+      logger.debug "Authorized to access #{request.original_url}, User: #{auth_user.user_name} (role: #{user_role})"
+      return true
+    else
+      logger.info "#{auth_user.user_name} (role: #{user_role}) attempted to access\
+        #{self.class}##{action_name} without the proper permissions."
+      flash[:notice] = "Not authorized to access #{request.original_url}!"
+      redirect_to :controller => AuthorizeRbac.configuration.default_controller , :action => AuthorizeRbac.configuration.default_action
+      return false
+    end
+  end
+
+  def user_role
+    auth_user.role.nil? ? "user" : auth_user.role.name.to_s
+  end
+
+  def action_roles
+    self.class.rbac[action_name]
+  end
+
+  def action_name
+    request.parameters[:action].to_sym
+  end
+
+  def access_allowed?
+    return true if action_roles.nil?
+
+    allowed_from_source = action_roles.include? user_role.to_sym
+    allowed_from_db     = user_permissions.include?(permission_name(self.class, action_name))
+
+    allowed_from_source || allowed_from_db
+  end
+
+  def permission_name(cotroller, action)
+    "#{cotroller.to_s.chomp("Controller").downcase}_#{action}"
+  end
+
+  def auth_user
+    self.send(AuthorizeRbac.configuration.current_user_method)
+  end
+
+  def user_permissions
+    auth_user.role.permissions
+  end
+end

data/lib/authorize_rbac/authorize_rbac_methods.rb

@@ -0,0 +1,24 @@
+module AuthorizeRbac
+  module AuthorizeRbacMethods
+    def self.extended(base)
+      class <<base
+        @rbac = {}
+        attr_reader :rbac
+      end
+    end
+
+    def roles(*roles)
+      @roles = roles
+    end
+
+    def method_added(method)
+      return if private_method_defined? method
+      access_list[method] = @roles
+      @roles = nil
+    end
+
+    def access_list
+      @rbac ||= {}
+    end
+  end
+end

data/lib/authorize_rbac/configuration.rb

@@ -0,0 +1,39 @@
+module AuthorizeRbac
+  class Configuration
+
+    CONFIG_KEYS = [
+     :current_user_method,
+     :default_controller,
+     :default_action
+    ]
+
+    def initialize
+      @configs = {}
+    end
+
+    def []=(key, value)
+      raise InvalidKey, key unless CONFIG_KEYS.include?(key)
+
+      @configs[key] = value
+    end
+
+    def [](key)
+      @configs[key]
+    end
+
+    CONFIG_KEYS.each do |config_key|
+      define_method(config_key) do
+        @configs[config_key]
+      end
+      define_method("#{config_key}=") do |value|
+        @configs[config_key] = value
+      end
+    end
+
+    class InvalidKey < StandardError
+      def initialize(key)
+        super("Configuration option '#{key.inspect}' is not a valid key")
+      end
+    end
+  end
+end

data/lib/authorize_rbac/version.rb

@@ -0,0 +1,3 @@
+module AuthorizeRbac
+  VERSION = "0.1.0"
+end

data/lib/generators/authorize_rbac/USAGE

@@ -0,0 +1,44 @@
+Description:
+    Explain the generator
+
+Command:
+    rails generate authorize_rbac install
+
+    This will:
+        - Role Role Model and database migration.
+        - Create AddRoleToUsers database migration.
+        - Add the following lines to the ApplicationController
+          ```
+            include AuthorizeRbac
+            before_action :authorization_filter, except: [ :logout ]
+          ```
+
+Command:
+    rails generate authorize_rbac user_migrate
+
+    This will:
+        - Create AddRoleToUsers database migration.
+
+Command:
+    rails generate authorize_rbac role_migrate
+
+    This will:
+        - Role Role Model and database migration.
+
+Command:
+    rails generate authorize_rbac update_application_controller
+
+    This will:
+        - Add the following lines to the ApplicationController
+          ```
+            include AuthorizeRbac
+            before_action :authorization_filter, except: [ :logout ]
+          ```
+Command:
+    rails generate authorize_rbac update_user_model
+
+    This will:
+        - Add the following lines to the User Model
+          ```
+            belongs_to :role
+          ```

data/lib/generators/authorize_rbac/authorize_rbac_generator.rb

@@ -0,0 +1,61 @@
+require 'rails/generators'
+module AuthorizeRbac
+  class AuthorizeRbacGenerator < Rails::Generators::NamedBase
+    source_root File.expand_path('../', __FILE__)
+    ACTIONS = %w(intall user_migrate role_migrate update_application_controller update_user_model initializer help).freeze
+    def generate_controllers
+      ACTIONS.include?(action_name) ?  self.send(action_name) : help
+    end
+
+    private
+    def action_name
+      name.to_s.downcase
+    end
+
+    def install
+      user_migrate
+      role_migrate
+      update_application_controller
+      update_user_model
+    end
+
+    def initializer
+       copy_file "#{AuthorizeRbacGenerator.source_root}/templates/initializer.rb", "config/initializers/authorize_rbac.rb"
+    end
+
+    def user_migrate
+      generate "migration", "AddRoleToUsers role:references"
+    end
+
+    def role_migrate
+      generate "model", "Role name:string permissions:text"
+      update_role_model
+    end
+
+    def update_application_controller
+      inject_into_file 'app/controllers/application_controller.rb',
+        "  include AuthorizeRbac\n",
+        after: "class ApplicationController < ActionController::Base\n"
+
+      inject_into_file 'app/controllers/application_controller.rb',
+        "  before_action :authorization_filter, except: [ :logout ]\n",
+        after: "protect_from_forgery with: :exception\n"
+    end
+
+    def update_user_model
+      inject_into_file 'app/models/user.rb',
+        " belongs_to :role\n",
+        after: "class User < ActiveRecord::Base\n"
+    end
+
+    def update_role_model
+      inject_into_file 'app/models/role.rb',
+        " serialize :permissions, JSON\n",
+        after: "class Role < ApplicationRecord\n"
+    end
+
+    def help
+      puts File.read "#{AuthorizeRbacGenerator.source_root}/USAGE"
+    end
+  end
+end

data/lib/generators/authorize_rbac/templates/initializer.rb

@@ -0,0 +1,5 @@
+AuthorizeRbac.configure do |config|
+  config.current_user_method = "current_user"
+  config.default_controller = "admin"
+  config.default_action = "index"
+end

metadata

@@ -0,0 +1,108 @@
+--- !ruby/object:Gem::Specification
+name: authorize_rbac
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Al-waleed shihadeh
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-09-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+description: Rule Based Access Control gem for Ruby on Rails applications
+email:
+- wshihadh@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/authorize_rbac.rb
+- lib/authorize_rbac/authorize_rbac_methods.rb
+- lib/authorize_rbac/configuration.rb
+- lib/authorize_rbac/version.rb
+- lib/generators/authorize_rbac/USAGE
+- lib/generators/authorize_rbac/authorize_rbac_generator.rb
+- lib/generators/authorize_rbac/templates/initializer.rb
+homepage: https://github.com/wshihadeh/authorize_rbac
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Rule Based Access Control gem for Ruby on Rails
+test_files: []