can4 1.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8bf6c29d68e2f8a96d458d8baba14d9116f954a47ca29f32dac886942204006a
+  data.tar.gz: 41e2092f6921a89df7552db67c56a633f0f5dc893baab3f5bbbc5cbbbd4b6b2a
+SHA512:
+  metadata.gz: b3e57d7a3322f23b0d98b5e7963d284532840c6189be4de60c41ae8c17b7e68504cd48c67c8d67271bdbcfee912ceab1f4b8a921e7dab1f7cb1d669896917779
+  data.tar.gz: b5dfcd9ea63efe103f94d479009340fdc87059c207c848561f5ad048e1d29c86ef7fa88dfb5e0fea1ba47c9bf07ea43eb123379e731d7cedd40e18edef60f981

data/.gitignore

@@ -0,0 +1,2 @@
+.yardoc
+/doc

data/.yardopts

@@ -0,0 +1,2 @@
+--no-private
+--embed-mixin ClassMethods

data/Gemfile

@@ -0,0 +1,16 @@
+source 'https://rubygems.org'
+
+# Declare your gem's dependencies in can4.gemspec.
+# Bundler will treat runtime dependencies like base dependencies, and
+# development dependencies will be added by default to the :development group.
+gemspec
+
+# Declare any dependencies that are still in development here instead of in
+# your gemspec. These might include edge Rails or gems from your path or
+# Git. Remember to move these dependencies to your gemspec before releasing
+# your gem to rubygems.org.
+
+# To use a debugger
+# gem 'byebug', group: [:development, :test]
+gem 'rubocop'
+gem 'yard'

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2019 Liam P. White
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,3 @@
+# Can4
+
+An opinionated Ruby ACL module for Rails applications.

data/can4.gemspec

@@ -0,0 +1,16 @@
+require_relative 'lib/can4/version'
+
+Gem::Specification.new do |s|
+  s.name          = 'can4'
+  s.version       = Can4::VERSION
+  s.author        = 'Liam P. White'
+  s.email         = 'liamwhite@users.noreply.github.com'
+  s.homepage      = 'https://github.com/liamwhite/can4'
+  s.summary       = 'Opinionated ACL framework'
+  s.license       = 'MIT'
+
+  s.files         = `git ls-files`.split("\n")
+  s.require_paths = ['lib']
+
+  s.add_runtime_dependency 'rails'
+end

data/lib/can4.rb

@@ -0,0 +1,9 @@
+require 'can4/version'
+require 'can4/rule'
+require 'can4/ability'
+require 'can4/controller_additions'
+require 'can4/exceptions'
+
+# A simple, fast authorization framework.
+module Can4
+end

data/lib/can4/ability.rb

@@ -0,0 +1,111 @@
+module Can4
+  # Ability class for resources.
+  #
+  # To define an ability model for your resource, define an ability class in
+  # a location of your choosing, and define the actions available to the
+  # resource on construction.
+  #
+  # @example
+  #   class Ability < Can4::Ability
+  #     def initialize(user)
+  #       # Handle unauthenticated users.
+  #       user ||= User.new
+  #
+  #       if user.admin?
+  #         # Allow admins to perform any action.
+  #         allow_anything!
+  #       else
+  #         # Will always return true for can?(:read, @comment).
+  #         can :read, Comment
+  #
+  #         # Will only return true for can?(:read, @private_message)
+  #         # if the user is allowed to read the private message.
+  #         can :read, PrivateMessage do |msg|
+  #           msg.user_id == user.id
+  #         end
+  #       end
+  #     end
+  #   end
+  #
+  class Ability
+    # Checks whether the object can perform an action on a subject.
+    #
+    # @overload can?(action, subject)
+    #   @param action [Symbol] The action, represented as a symbol.
+    #   @param subject [Object] The subject.
+    # @overload can?(action, subject, *args)
+    #   @param action [Symbol] The action, represented as a symbol.
+    #   @param subject [Object] The subject.
+    #   @param args [Object] Splat parameters to an installed block.
+    # @return [Boolean] True or false.
+    def can?(action, subject, *args)
+      lookup_rule(subject).authorized?(action, subject, args)
+    end
+
+    # Inverse of #can?.
+    #
+    # @see #can?
+    def cannot?(*args)
+      !can?(*args)
+    end
+
+    # Adds an access-granting rule.
+    #
+    # @param action [Symbol] The action, represented as a symbol.
+    # @param subject [Object] The subject.
+    # @param block [Proc] An optional Proc to install for matching.
+    def can(action, subject, &block)
+      rule_for(subject).add_grant(action, block)
+    end
+
+    # Allows the object to perform any action on any subject.
+    # This overrides all #cannot rules.
+    def allow_anything!
+      instance_eval do
+        def can?(*)
+          true
+        end
+
+        def cannot?(*)
+          false
+        end
+      end
+    end
+
+    # Checks whether this resource has authorization to perform an action on a
+    # particular subject. Raises {Can4::AccessDenied} if it doesn't.
+    #
+    # @param action [Symbol] The intended action.
+    # @param subject [Object] The subject of the action.
+    # @raise [AccessDenied] if the object does not have permission.
+    def authorize!(action, subject, *args)
+      raise AccessDenied if cannot?(action, subject, *args)
+    end
+
+    protected
+
+    # Subjects hash.
+    def subjects
+      @subjects ||= {}
+    end
+
+    # Find or create a new rule for the specified subject.
+    #
+    # @param subject [Object] The subject.
+    def rule_for(subject)
+      subjects[subject] ||= SubjectRule.new
+    end
+
+    # Lookup a rule for a particular subject.
+    #
+    # @param subject [Object] The subject.
+    def lookup_rule(subject)
+      case subject
+      when Symbol, Module
+        subjects[subject] || NullRule
+      else
+        subjects[subject.class] || NullRule
+      end
+    end
+  end
+end

data/lib/can4/controller_additions.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+module Can4
+  # Rails controller additions for Can4.
+  #
+  # In most cases, it is not necessary to define anything here, as it is
+  # included for you automatically when +ActionController::Base+ is defined.
+  #
+  # However, if your controller resource is not defined using a method named
+  # +current_user+, or you use different arguments for your +Ability+
+  # constructor, you will need to override the +current_ability+ method in
+  # your controller.
+  #
+  # @example
+  #   class ApplicationController < ActionController::Base
+  #     # ...
+  #
+  #     private
+  #
+  #     # This example shows a possible redefinition of current_ability
+  #     # with a different scope and two constructor arguments.
+  #     def current_ability
+  #       @current_ability ||= ::Ability.new(current_admin, request.remote_ip)
+  #     end
+  #   end
+  #
+  module ControllerAdditions
+    module ClassMethods
+      # Add this to a controller to ensure it performs authorization through an
+      # {#authorize!} call.
+      #
+      # If neither of these authorization methods are called, a
+      # {Can4::AuthorizationNotPerformed} exception will be raised.
+      #
+      # This can be placed in your ApplicationController to ensure all
+      # controller actions perform authorization.
+      def check_authorization(*args)
+        after_action(*args) do |controller|
+          next if controller.instance_variable_defined?(:@_authorized)
+
+          raise AuthorizationNotPerformed,
+            'This action failed to check_authorization because it did not ' \
+            'authorize a resource. Add skip_authorization_check to bypass ' \
+            'this check.'
+        end
+      end
+
+      # Call this in the class of a controller to skip the check_authorization
+      # behavior on the actions. Arguments are the same as +before_action+.
+      def skip_authorization_check(*args)
+        before_action(*args) do |controller|
+          controller.instance_variable_set(:@_authorized, true)
+        end
+      end
+    end
+
+    # Raises a {Can4::AccessDenied} exception if the current ability cannot
+    # perform the given action. This is usually called in a controller action
+    # or +before_action+.
+    #
+    # You can rescue from the exception in the controller to customize how
+    # unauthorized access is displayed.
+    #
+    # @raise [Can4::AccessDenied]
+    #   The current ability cannot perform the requested action.
+    def authorize!(*args)
+      @_authorized = true
+      current_ability.authorize!(*args)
+    end
+
+    # Creates and returns the current ability and caches it. If you want to
+    # override how the +Ability+ is defined, then this is the place. Simply
+    # redefine the method in the controller to change its behavior.
+    #
+    # Note that it is important to memoize the ability object so it is not
+    # recreated every time.
+    def current_ability
+      @current_ability ||= ::Ability.new(current_user)
+    end
+
+    # Use in the controller or view to check the resources's permission for a
+    # given action and object. This simply calls #can? on the current ability.
+    #
+    # @see Ability#can?
+    def can?(*args)
+      current_ability.can?(*args)
+    end
+
+    # Convenience method which works the same as {#can?}, but returns the
+    # opposite value.
+    #
+    # @see Ability#cannot?
+    def cannot?(*args)
+      current_ability.cannot?(*args)
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+
+      return unless base.respond_to?(:helper_method)
+
+      base.helper_method :can?, :cannot?, :current_ability
+    end
+  end
+end
+
+if defined?(ActionController::Base)
+  ActionController::Base.class_eval do
+    include Can4::ControllerAdditions
+  end
+end

data/lib/can4/exceptions.rb

@@ -0,0 +1,10 @@
+module Can4
+  # A general exception.
+  class Error < StandardError; end
+
+  # Raised when using +check_authorization+ without calling +authorize!+.
+  class AuthorizationNotPerformed < Error; end
+
+  # Raised when a resource fails a call to +authorize!+.
+  class AccessDenied < Error; end
+end

data/lib/can4/rule.rb

@@ -0,0 +1,43 @@
+module Can4
+  # Rule class representing actions performable on a subject.
+  # @!visibility private
+  class SubjectRule
+    def initialize
+      @actions = {}
+    end
+
+    # Add a granting ACL for a particular action.
+    #
+    # @param action [symbol] The action.
+    # @param block An optional block for granularity.
+    def add_grant(action, block)
+      @actions[action] = block || true
+    end
+
+    # Return whether or not an object can perform a particular action on a
+    # subject.
+    #
+    # @param action [Symbol] The action.
+    # @param subject [Object] The subject.
+    # @param args [Hash] Variable arguments for more granular matching.
+    # @return [Boolean] True or false.
+    def authorized?(action, subject, args)
+      block = @actions[:manage] || @actions[action]
+
+      return false unless block
+      return true if block == true
+
+      !!block.call(subject, *args)
+    end
+  end
+
+  # Fake rule representing nothing matched a subject when looking up its
+  # ability.
+  #
+  # @!visibility private
+  class NullRule
+    def self.authorized?(*)
+      false
+    end
+  end
+end

data/lib/can4/version.rb

@@ -0,0 +1,3 @@
+module Can4
+  VERSION = '1.0.2'.freeze
+end

metadata

@@ -0,0 +1,69 @@
+--- !ruby/object:Gem::Specification
+name: can4
+version: !ruby/object:Gem::Version
+  version: 1.0.2
+platform: ruby
+authors:
+- Liam P. White
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-05-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email: liamwhite@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".yardopts"
+- Gemfile
+- LICENSE
+- README.md
+- can4.gemspec
+- lib/can4.rb
+- lib/can4/ability.rb
+- lib/can4/controller_additions.rb
+- lib/can4/exceptions.rb
+- lib/can4/rule.rb
+- lib/can4/version.rb
+homepage: https://github.com/liamwhite/can4
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6.2
+signing_key: 
+specification_version: 4
+summary: Opinionated ACL framework
+test_files: []