break_dance 0.4.0 → 0.9.0

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    ZDMyMDU1MTVkZDVkNjFjM2Q1MTAxM2I1ZDNlODUyNWRmNmNkMWU3ZA==
-  data.tar.gz: !binary |-
-    M2YyZmQ4N2JmZWQ1YWUyNGJmZmVjNWNjYzAxMDJmOTY5MDAzZWZmMw==
+SHA1:
+  metadata.gz: 0d2eded9292f501fe9c7c4cd28220706c696a3bb
+  data.tar.gz: 9c818de083853d12006836607e5f0265b2a92875
 SHA512:
-  metadata.gz: !binary |-
-    ODQzMjMxZjQ4OWNkOGM4NDc3N2M2NTQ1NmJlNjhhZjY0YTBlMjBjN2RlOTcx
-    YjQ5YTI4ZTdhZDMxYzNlYjJhMzhjYmMwNTIxMzJjODFlZjYwMzEzNjdiNDQx
-    YTk0Mjk4MjdlZTMyN2UxN2E1NWI5MTQ0MWRlZGI5MTYyOTdkODk=
-  data.tar.gz: !binary |-
-    ZGI2ZjZhMTJlY2ZhZGFjMWRjMzFmOWY4YzczZDFkYzRiOTRmOTM2Yjg2YjRi
-    MDQ1MDBmYmU5Njg0MGUyZGM2ZDQ1ZWFjMzk5Njc2Njc3MThkZGVlNzc5Mzcx
-    Y2ZhNzdkZDk3NWRlZDY5NTk5MGE3OGZiZjJmNzU0NzU1ZWU0M2I=
+  metadata.gz: 570bb6582af6055b94bfec493269f45ab06773f36ae98aa5e1bfbe57f02b3aa7a5ef9f60f2020fdc6c45361a5d2eb3173b55e7152d32d0bd154e5081b92e0b3d
+  data.tar.gz: 7e7264a95d88a99142cbc77f4405180ba2d9c96e3aa69ad46bc553a6b855e5343c3c8eeab945cba26c37044442d7de30c1c17ca7703426d0cc992344286fcd4d

data/{LICENSE.txt → MIT-LICENSE}

@@ -1,6 +1,4 @@
-Copyright (c) 2014 Zlatko Zahariev
-
-MIT License
+Copyright 2017 Zlatko Zahariev
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,29 +1,28 @@
 # BreakDance
+Short description and motivation.
 
-TODO: Write a gem description
+## Usage
+How to use my plugin.
 
 ## Installation
-
 Add this line to your application's Gemfile:
 
-    gem 'break_dance'
+```ruby
+gem 'break_dance'
+```
 
 And then execute:
-
-    $ bundle
+```bash
+$ bundle
+```
 
 Or install it yourself as:
-
-    $ gem install break_dance
-
-## Usage
-
-TODO: Write usage instructions here
+```bash
+$ gem install break_dance
+```
 
 ## Contributing
+Contribution directions go here.
 
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
+## License
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -1 +1,33 @@
-require "bundler/gem_tasks"
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'BreakDance'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/break_dance.rb

@@ -1,14 +1,12 @@
-require 'request_store'
+require 'request_store_rails'
 
 require 'break_dance/controller_additions'
 require 'break_dance/exceptions'
-require 'break_dance/security_policy_additions'
-require 'break_dance/security_policies_holder'
-require 'break_dance/security_scoping'
-require 'break_dance/version'
+require 'break_dance/policy'
+require 'break_dance/policy_additions'
+require 'break_dance/application_record_additions'
 
-ActiveRecord::Base.send(:include, BreakDance::SecurityScoping)
+require 'break_dance/version'
 
 module BreakDance
-
-end
+end

data/lib/break_dance/application_record_additions.rb

@@ -0,0 +1,57 @@
+module BreakDance
+  module ApplicationRecordAdditions
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # We cannot use alias_method here, because "super" of the aliased method is the "super" of the original method.
+      %w(default_scoped unscoped).each do |method_name|
+        define_method method_name do |unsecured: false, &block|
+          if RequestLocals.store[:break_dance_enabled] && !unsecured
+            policy = RequestLocals.store[:break_dance_policy]
+
+            raise PolicyNotFound.new('BreakDance::Policy is not defined. By design BreakDance requires all models to be scoped.')                                   unless policy.is_a?(BreakDance::Policy)
+            raise ModelWithoutScope.new("Model \"#{self.name}\" is missing BreakDance::Policy declaration. By design BreakDance requires all models to be scoped.") unless policy.scopes.has_key?(self.name)
+
+            super(&block).merge(policy.scopes[self.name])
+          else
+            super(&block)
+          end
+        end
+      end
+
+      def unsecured!(&block)
+        default_scoped(unsecured: true, &block)
+      end
+
+      def unsecured_unscoped!(&block)
+        unscoped(unsecured: true, &block)
+      end
+
+    end
+
+  end
+end
+
+# We monkey patch target_scope by just call .unsecured! on relation = ...
+# This is necessary because otherwise some parts of the BreakDance scopes leaked from some joined models.
+# The worse thing here is that this method excludes some parts of the scopes. So we can end up with leaked "where"
+# with no "select" or "join".
+# ToDo: However This may lead to unexpected behaviour if AR changes in future version, it is not tested for STI models and I generally don't like exactly this approach.
+module ActiveRecord
+  module Associations
+    module ThroughAssociation
+
+      def target_scope
+        scope = super
+        reflection.chain.drop(1).each do |reflection|
+          relation = reflection.klass.unsecured!.all
+          scope.merge!(
+            relation.except(:select, :create_with, :includes, :preload, :joins, :eager_load)
+          )
+        end
+        scope
+      end
+
+    end
+  end
+end

data/lib/break_dance/controller_additions.rb

@@ -2,8 +2,8 @@ module BreakDance
   module ControllerAdditions
     module ClassMethods
       def enable_authorization!
-        before_filter :prepare_security_policy
-        before_filter :access_filter
+        append_before_action :prepare_policy
+        append_before_action :access_filter
       end
     end
 
@@ -12,25 +12,21 @@ module BreakDance
       base.helper_method :can?, :cannot?
     end
 
-    def with_authorization?
-      @with_authorization || false
-    end
-
     def can?(action, resource)
-      return true unless with_authorization?
+      return true unless RequestLocals.store[:break_dance_enabled]
 
       allowed_permissions = current_permissions['resources'].select { |_,v| v == '1'}
 
       allowed = allowed_permissions.any? do |r|
-        RequestStore.store[:security_policy_holder].resources[r[0].to_sym] and RequestStore.store[:security_policy_holder].resources[r[0].to_sym][:can].any? do |k,v|
+        RequestLocals.store[:break_dance_policy].resources[r[0].to_sym] and RequestLocals.store[:break_dance_policy].resources[r[0].to_sym][:can].any? do |k,v|
           v = Array.wrap(v)
           k == resource.to_sym && (
           (
             v.include?(:all_actions) &&
             !(
-              RequestStore.store[:security_policy_holder].resources[r[0].to_sym][:except] &&
-              RequestStore.store[:security_policy_holder].resources[r[0].to_sym][:except][resource.to_sym] &&
-              RequestStore.store[:security_policy_holder].resources[r[0].to_sym][:except][resource.to_sym].include?(action.to_sym)
+              RequestLocals.store[:break_dance_policy].resources[r[0].to_sym][:except] &&
+              RequestLocals.store[:break_dance_policy].resources[r[0].to_sym][:except][resource.to_sym] &&
+              RequestLocals.store[:break_dance_policy].resources[r[0].to_sym][:except][resource.to_sym].include?(action.to_sym)
             )
           ) || v.include?(action.to_sym) )
         end
@@ -49,12 +45,9 @@ module BreakDance
 
     private
 
-    def prepare_security_policy
-      @with_authorization = true
-
-      RequestStore.store[:security_policy_holder] = BreakDance::SecurityPoliciesHolder.new
-
+    def prepare_policy
       SecurityPolicy.new(current_user)
+      RequestLocals.store[:break_dance_enabled] = true
     end
 
     def access_filter

data/lib/break_dance/exceptions.rb

@@ -1,4 +1,10 @@
 module BreakDance
   class AccessDenied < StandardError
   end
+
+  class PolicyNotFound < StandardError
+  end
+
+  class ModelWithoutScope < StandardError
+  end
 end

data/lib/break_dance/policy.rb

@@ -0,0 +1,11 @@
+module BreakDance
+  class Policy
+    attr_accessor :scopes, :resources, :excluded_select_values
+
+    def initialize
+      @scopes = {}
+      @resources = {}
+      @excluded_select_values = {}
+    end
+  end
+end

data/lib/break_dance/policy_additions.rb

@@ -0,0 +1,35 @@
+module BreakDance
+  module PolicyAdditions
+    def scope(model)
+      RequestLocals.store[:break_dance_policy] ||= BreakDance::Policy.new
+
+      model_scope = RequestLocals.store[:break_dance_policy].scopes[model.name]
+
+      RequestLocals.store[:break_dance_policy].scopes[model.name] = model_scope.nil? ? yield(model.unscoped) : model_scope.merge(yield(model.unscoped))
+    end
+
+    def resource(key, resource)
+      RequestLocals.store[:break_dance_policy] ||= BreakDance::Policy.new
+
+      RequestLocals.store[:break_dance_policy].resources[key] = resource
+    end
+
+    # ToDo: Check & fix if we need to redefine also object.attributes or any other method to return us all attributes skipping direct attribute method call
+    #       I.e. we now will receive 'nil' if a "column" is excluded, but we may access it via Object.find(x).attributes[:excluded_attribute]
+    def exclude_select_values(model, select_values)
+      RequestLocals.store[:break_dance_policy] ||= BreakDance::Policy.new
+
+      RequestLocals.store[:break_dance_policy].excluded_select_values[model.name] = select_values
+
+      select_values.each do |sv|
+        model.redefine_method sv do
+          if RequestLocals.store[:break_dance_policy]&.excluded_select_values[model.name]&.include? sv
+            nil
+          else
+            super()
+          end
+        end
+      end
+    end
+  end
+end

data/lib/break_dance/version.rb

@@ -1,3 +1,3 @@
 module BreakDance
-  VERSION = "0.4.0"
-end
+  VERSION = '0.9.0'
+end

data/lib/tasks/break_dance_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :break_dance do
+#   # Task goes here
+# end

metadata

@@ -1,55 +1,55 @@
 --- !ruby/object:Gem::Specification
 name: break_dance
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Zlatko Zahariev
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-15 00:00:00.000000000 Z
+date: 2017-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: request_store
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 5.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: 5.0.0
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: request_store_rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
-  type: :development
+        version: '0'
+  type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Rails authorization gem.
@@ -59,19 +59,17 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- Gemfile
-- LICENSE.txt
+- MIT-LICENSE
 - README.md
 - Rakefile
-- break_dance.gemspec
 - lib/break_dance.rb
+- lib/break_dance/application_record_additions.rb
 - lib/break_dance/controller_additions.rb
 - lib/break_dance/exceptions.rb
-- lib/break_dance/security_policies_holder.rb
-- lib/break_dance/security_policy_additions.rb
-- lib/break_dance/security_scoping.rb
+- lib/break_dance/policy.rb
+- lib/break_dance/policy_additions.rb
 - lib/break_dance/version.rb
+- lib/tasks/break_dance_tasks.rake
 homepage: https://github.com/notentered/breakdance
 licenses:
 - MIT
@@ -82,17 +80,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.6.12
 signing_key: 
 specification_version: 4
 summary: Rails authorization for data-centric applications based on ActiveRecord.

data/.gitignore

@@ -1,20 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp
-.idea
-.ruby-version
-.ruby-gemset

data/Gemfile

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in break_dance.gemspec
-gemspec

data/break_dance.gemspec

@@ -1,25 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'break_dance/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "break_dance"
-  spec.version       = BreakDance::VERSION
-  spec.authors       = ['Zlatko Zahariev']
-  spec.email         = ['zlatko.zahariev@gmail.com']
-  spec.description   = %q{Rails authorization gem.}
-  spec.summary       = %q{Rails authorization for data-centric applications based on ActiveRecord.}
-  spec.homepage      = 'https://github.com/notentered/breakdance'
-  spec.license       = 'MIT'
-
-  spec.files         = `git ls-files`.split($/)
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ["lib"]
-
-  spec.add_dependency "request_store", "~> 1.0"
-
-  spec.add_development_dependency "bundler", "~> 1.3"
-  spec.add_development_dependency "rake"
-end

data/lib/break_dance/security_policies_holder.rb

@@ -1,10 +0,0 @@
-module BreakDance
-  class SecurityPoliciesHolder < BasicObject
-    attr_accessor :policies, :resources, :suppress_security_for
-
-    def initialize
-      @policies = {}
-      @resources = {}
-    end
-  end
-end

data/lib/break_dance/security_policy_additions.rb

@@ -1,19 +0,0 @@
-module BreakDance
-  module SecurityPolicyAdditions
-    def policy(name)
-      @policy_name = name
-      yield
-    end
-
-    def scope(model)
-      model_name = model.name
-      if @user and @user.permissions and @user.permissions['models'] and @user.permissions['models'].has_key? model_name and @user.permissions['models'][model_name] == @policy_name
-        RequestStore.store[:security_policy_holder].policies[model.name] = yield(model.unscoped)
-      end
-    end
-
-    def resource(key, resource)
-      RequestStore.store[:security_policy_holder].resources[key] = resource
-    end
-  end
-end

data/lib/break_dance/security_scoping.rb

@@ -1,33 +0,0 @@
-module BreakDance
-  module SecurityScoping
-    extend ActiveSupport::Concern
-
-    module ClassMethods
-      def where(scope = nil, *options)
-        scope = super(scope, *options)
-        return ActiveRecord::Relation.new(self, Arel::Table.new(table_name)) unless scope
-
-        sph = RequestStore.store[:security_policy_holder]
-        if sph
-          if sph.suppress_security_for == self.name
-            sph.suppress_security_for = nil
-            scope
-          else
-            scope.merge(sph.policies[self.name]).readonly(false)
-          end
-        else
-          scope
-        end
-      end
-
-      def unsecured
-        if RequestStore.store[:security_policy_holder]
-          RequestStore.store[:security_policy_holder].suppress_security_for = self.name
-          where
-        else
-          self
-        end
-      end
-    end
-  end
-end