cancanright 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f9a9182e701015c6a9d10c66a2e0a6d5d2535d1a
+  data.tar.gz: 2b1203da16f841429eb56d165b61ba5de04aded3
+SHA512:
+  metadata.gz: 483a8b9a7d281c555924207e2423fe8a6aecf550c31311030e42f42c871e4eff1662b196c743dbe736db7234da88a8e268d3748592b800573729e1ba14530669
+  data.tar.gz: 3dcee5d48dbc3c89c331caccc6e4e1a8ae7738d949c717d1a46f433e70013132ae911f28e3839f2d1ed81969864794c89f039d36c37d949344315ac5b7d88edb

data/CHANGELOG.md

@@ -0,0 +1,8 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+This changelog adheres to [Keep a CHANGELOG](http://keepachangelog.com/).
+
+## [0.0.1] - 2016-12-09
+### Added
+- Initial release

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 SeaLink Travel Group
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,52 @@
+# CanCanRight - Database driven rules for CanCan
+
+[![Build Status](https://travis-ci.org/sealink/cancanright.svg?branch=master)](https://travis-ci.org/sealink/cancanright)
+
+In order to allow for flexible and fine-grained access control across a large application it may
+be useful to mange your CanCan abilities in your application's database. With CanCanRight users
+are assigned many Roles which have many Rights. Rights represent CanCan rules.
+
+CanCanRight is built for Rails 3+
+
+
+## Installation
+
+Add this to your Gemfile:
+
+    gem 'cancanright'
+
+and run the `bundle install` command.
+
+
+## Getting Started
+
+CanCanRight extends upon CanCan's features. It expects a `current_user` method to exist in the
+controller. For information on getting started with CanCan please visit the
+[CanCanCan Wiki](https://github.com/CanCanCommunity/cancancan/wiki).
+
+
+## Defining Abilities
+
+User permissions are defined in an `Ability` class. CanCanRight includes a Rails generator for
+creating this class.
+
+    rails g cancanright:ability
+
+This creates an Ability class with an example of how to create CanCan Rules from Rights.
+Additionally all of the existing CanCan features for defining abilities are available. See
+[Defining Abilities](https://github.com/CanCanCommunity/cancancan/wiki/defining-abilities) for
+details.
+
+
+## Development
+
+After checking out the repo, run `bundle install` to install dependencies. Then, run `rake spec`
+to run the tests.
+
+
+## Contributing
+
+If you find a bug please add an [issue on GitHub](https://github.com/sealink/cancanright/issues)
+or fork the project and send a pull request. This project is intended to be a safe, welcoming
+space for collaboration, and contributors are expected to adhere to the
+[Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/lib/cancanright.rb

@@ -0,0 +1,7 @@
+require 'cancanright/model/right'
+require 'cancanright/model/role'
+require 'cancanright/ability'
+require 'cancanright/controller_additions'
+require 'cancanright/error'
+require 'cancanright/role_model'
+require 'cancanright/rule'

data/lib/cancanright/ability.rb

@@ -0,0 +1,9 @@
+module CanCanRight
+  module Ability
+    include CanCan::Ability
+
+    private def add_rule_for(right)
+      add_rule(CanCanRight::Rule.rule_for(right))
+    end
+  end
+end

data/lib/cancanright/controller_additions.rb

@@ -0,0 +1,18 @@
+module CanCanRight
+  module ControllerAdditions
+    def authorize_action!
+      controller = self.rights_from || params[:controller]
+      action = params[:action]
+
+      return if can?(:access, controller) || can?(:access, controller + '#' + action)
+
+      fail CanCan::AccessDenied, "You are not authorized to access this page."
+    end
+  end
+end
+
+if defined? ActionController::Base
+  ActionController::Base.class_eval do
+    include CanCanRight::ControllerAdditions
+  end
+end

data/lib/cancanright/error.rb

@@ -0,0 +1,3 @@
+module CanCanRight
+  class Error < StandardError; end
+end

data/lib/cancanright/model/right.rb

@@ -0,0 +1,21 @@
+module CanCanRight
+  module Model
+    class Right < ActiveRecord::Base
+      has_and_belongs_to_many :roles, :class_name => 'CanCan::Model::Role'
+
+      validates :action, presence: true
+      validates :can, presence: true
+      validates :name, presence: true, uniqueness: true
+
+      scope :ordered, -> { order :name }
+
+      def sensible_name
+        name.humanize.titleize.gsub(/#/, ' - ')
+      end
+
+      def to_s
+        name
+      end
+    end
+  end
+end

data/lib/cancanright/model/role.rb

@@ -0,0 +1,14 @@
+module CanCanRight
+  module Model
+    class Role < ActiveRecord::Base
+      has_and_belongs_to_many :rights, :class_name => 'CanCanRight::Model::Right'
+
+      validates :title, presence: true, uniqueness: true
+
+      def to_s
+        self.title.try(:titleize)
+      end
+      alias_method :name, :to_s
+    end
+  end
+end

data/lib/cancanright/role_model.rb

@@ -0,0 +1,10 @@
+module CanCanRight
+  module RoleModel
+    def self.included(base)
+      base.module_eval 'has_and_belongs_to_many :roles, :class_name => "CanCanRight::Model::Role"'
+      base.module_eval 'has_many :rights, through: :roles, :class_name => "CanCanRight::Model::Right"'
+
+      Model::Role.module_eval "has_and_belongs_to_many :#{base.table_name}"
+    end
+  end
+end

data/lib/cancanright/rule.rb

@@ -0,0 +1,51 @@
+module CanCanRight
+  class Rule
+    def self.rule_for(right)
+      self.new(right).call
+    end
+
+    def initialize(right)
+      @right = right
+    end
+
+    def call
+      validate!
+
+      CanCan::Rule.new(can?, action, subject, conditions, nil)
+    end
+
+    private
+
+    def validate!
+      fail CanCanRight::Error, 'must specify an action' unless @right.action.present?
+    end
+
+    def can?
+      @right.can
+    end
+
+    def action
+      @right.action.to_sym
+    end
+
+    def subject
+      model_class || @right.subject
+    end
+
+    def conditions
+      model_class ? @right.conditions : nil
+    end
+
+    def model_class
+      return nil unless @right.subject.present?
+
+      begin
+        model_class = self.class.const_get(@right.subject)
+      rescue NameError
+        model_class = Class
+      end
+
+      return model_class if model_class.ancestors.include?(ActiveRecord::Base)
+    end
+  end
+end

data/lib/cancanright/version.rb

@@ -0,0 +1,3 @@
+module CanCanRight
+  VERSION = '0.0.1'
+end

data/lib/generators/cancanright/ability/USAGE

@@ -0,0 +1,4 @@
+Description:
+  The cancanright:ability generator creates an Ability class in the models
+  directory. You can move this file anywhere you want as long as it
+  is in the load path.

data/lib/generators/cancanright/ability/ability_generator.rb

@@ -0,0 +1,11 @@
+module CanCanRight
+  module Generators
+    class AbilityGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      def generate_ability
+        copy_file "ability.rb", "app/models/ability.rb"
+      end
+    end
+  end
+end

data/lib/generators/cancanright/ability/templates/ability.rb

@@ -0,0 +1,47 @@
+class Ability
+  include CanCanRight::Ability
+
+  def initialize(user)
+    # Define abilities for the passed in user here. For example:
+    #
+    #   user ||= User.new # guest user (not logged in)
+    #   if user.admin?
+    #     can :manage, :all
+    #   else
+    #     can :read, :all
+    #   end
+    #
+    # The first argument to `can` is the action you are giving the user
+    # permission to do.
+    # If you pass :manage it will apply to every action. Other common actions
+    # here are :read, :create, :update and :destroy.
+    #
+    # The second argument is the resource the user can perform the action on.
+    # If you pass :all it will apply to every resource. Otherwise pass a Ruby
+    # class of the resource.
+    #
+    # The third argument is an optional hash of conditions to further filter the
+    # objects.
+    # For example, here the user can only update published articles.
+    #
+    #   can :update, Article, :published => true
+    #
+    # See the wiki for details:
+    # https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities
+    #
+    # CanCanRight extends upon the default CanCan ability with a useful helper.
+    #
+    # To define an ability for a right you can use:
+    #
+    #   add_rule_for(right)
+    #
+    # To automatically define all abilities for a user you can just loop over the association.
+    #
+    #   user.rights.each do |right|
+    #     add_rule_for(right)
+    #   end
+    #
+    # Further abilities to extend or override can be defined as usual.
+    end
+  end
+end

metadata

@@ -0,0 +1,170 @@
+--- !ruby/object:Gem::Specification
+name: cancanright
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Grant Colegate
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-11-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.15.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.15.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.12.5
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.12.5
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 11.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 11.3.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.5.0
+- !ruby/object:Gem::Dependency
+  name: coverage-kit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: simplecov-rcov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+description: Database driven rules for CanCan
+email:
+- support@travellink.com.au
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE
+- README.md
+- lib/cancanright.rb
+- lib/cancanright/ability.rb
+- lib/cancanright/controller_additions.rb
+- lib/cancanright/error.rb
+- lib/cancanright/model/right.rb
+- lib/cancanright/model/role.rb
+- lib/cancanright/role_model.rb
+- lib/cancanright/rule.rb
+- lib/cancanright/version.rb
+- lib/generators/cancanright/ability/USAGE
+- lib/generators/cancanright/ability/ability_generator.rb
+- lib/generators/cancanright/ability/templates/ability.rb
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Database driven rules for CanCan
+test_files: []