canner 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d4c1916c358ac2040e5e7af1b5f458694f1d7556
+  data.tar.gz: 48e86af5958f48b6ce380c3352ab959f9bbcdf54
+SHA512:
+  metadata.gz: 8ad895fff72a54398cbe5fd46fffdb5484c09f11cbd3a345d5e2519fd6469ec2b3c94f2c837dadbc99582ef59d5f8f9ac70befba74fc4a5af8316d45b5176d83
+  data.tar.gz: da99f014df61265620e9ae56cdb8af833d852b0e71b0fc6a3bbdd91ecea5b13854ee420138ff817305fa57938238f4087e87b888eae451f0c5a4c567adc1d8c5

data/.gitignore

@@ -0,0 +1,25 @@
+*.rbc
+capybara-*.html
+.rspec
+/log
+/tmp
+/db/*.sqlite3
+/public/system
+/coverage/
+/spec/tmp
+**.orig
+rerun.txt
+pickle-email-*.html
+config/initializers/secret_token.rb
+config/secrets.yml
+
+## Environment normalisation:
+/.bundle
+/vendor/bundle
+
+# these should all be checked in to normalise the environment:
+# Gemfile.lock, .ruby-version, .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+Gemfile.lock

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in canner.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,339 @@
+GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+            How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    {description}
+    Copyright (C) {year}  {fullname}
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  {signature of Ty Coon}, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.

data/README.md

@@ -0,0 +1,231 @@
+Canner
+======
+
+Canner is an authorization gem heavily modeled after Pundit.
+The goal is to take away some of the magic that exists in other auth gems out there and
+provide the flexibility needed for your specific app.
+
+Who needs another auth gem?  There's a bunch of very good ones out there.
+Pundit, cancan, cancancan, Declarative Authorization to name a few very good alternatives.
+
+Unfortunately none of those solutions had built in support for a requirement I had on a project.
+My application needed to authorize a user at a given store location.
+
+Suppose I opened a store in Pittsburgh named Joe's Hash Rockets. The word quickly got around that Joe's
+hash rockets are the best in town!  Business is booming and after some market research I determine that
+Cleveland is a perfect place to open another store location.
+
+The problem is that I have some reports that only the store manager should see.
+In any of the above listed gems if you have a manager role you could see all the reports regardless
+of the store location aka store branch.
+
+Canner takes this additional layer of authorization in to account.
+Instead of saying:
+Can the currently signed in user access this particular report.
+Canner can say:
+Can the currently signed in user access this particular report for this particular branch.
+
+To do this in other libraries you might find yourself creating roles like
+pittsburgh_manager and cleveland_manager.  Or maybe writing some monkey patches to hack in what you need.
+
+Canner is designed to give you an outline of what you'll need for your app's auth needs and leaves
+the level of complexity needed up to the requirements of your particular application.
+
+## Installation
+
+I've only tested Canner on rails 4 but it should work find in rails 3.2 apps.
+
+To install Canner just put the following in your gem file.
+``` ruby
+gem "canner"
+```
+
+Then run
+
+``` ruby
+bundle install
+```
+
+After the gem is installed you'll need to run the install generator:
+
+``` ruby
+rails g canner:install
+```
+
+This will create a policies directory and create the base_policy.rb
+
+Now include canner in your application_controller.rb
+
+``` ruby
+include Canner
+```
+
+You'll then need to create a Policy class for the models you'd like to authorize.
+
+``` ruby
+rails g canner:policy user
+```
+
+Restart your server
+
+## Policies
+
+As mentioned Canner is strongly influenced by Pundit and is also based on Policy objects.
+Your policy objects should be named using the pattern model_namePolicy.rb.
+i.e UserPolicy, CustomerPolicy, AppPolicy.
+
+Your policy models need to implement 2 methods:
+``` ruby
+def canner_scope
+end
+
+def can?
+end
+```
+
+### canner_scope
+
+The canner_scope method is used to scope the models consistently in your app.
+
+For example in my app the Customers controller uses the canner_scope to
+ensure only Users from the current_company are displayed.
+
+``` ruby
+class CustomersController < ApplicationController
+  respond_to :html, :json
+  before_action :authenticate_user!
+
+  def index
+    @customers = canner_scope(:index, :customer)
+
+    can?(:index, :customer)
+  end
+end
+```
+
+and the policy is:
+
+``` ruby
+class CustomerPolicy < BasePolicy
+
+  def canner_scope
+    case @method
+    when :index
+      User.where(company_id: @current_branch.company.id)
+    else
+      User.none
+    end
+  end
+
+  def can?
+    case @method
+    when :new, :index, :create, :update, :edit
+      has_role?(:admin)
+    else
+      false
+    end
+  end
+
+end
+```
+
+### can?
+
+You probably recognize this method from Ryan Bates' cancan gem.  The idea is the same as well.
+
+You use the can method to determine if the current_user is able to access an action or resource.
+
+The example above uses a straightforward case statement to determine if the current_user can
+access the current action or resource.
+
+The symbols in the when portion of the case match your typical actions in the example but they
+can be whatever you want really.
+
+``` ruby
+case @method
+when :something_random
+  has_role?(:admin)
+else
+  false
+end
+
+# Then in controller do:
+can?(:something_random, :customer)
+```
+
+In english the can method is saying:
+
+Can the currently signed in user access the something_random action?  Oh, and by the way please
+use the CustomerPolicy's can? method to do the checking.
+
+`can?(:something_random, :user)` would use the ... you guessed it UserPolicy's can? method.
+
+### Force the Use of Policies
+
+Also like Pundit you can force your app to use policies.
+I recommend you do this so you don't forget to wrap authorization about some of your resources.
+
+To make sure your controller actions are using the can? method add this to your
+application_controller.rb
+
+``` ruby
+after_action :ensure_auth
+```
+
+And to make sure you are using the canner_scope do the following:
+``` ruby
+after_action :ensure_scope, only: :index
+```
+
+Note the use of only here.  You usually won't need the canner_scope on anything except
+for the index to be strictly enforced.
+
+### Handle Canner Authorization Failures
+
+When a user does stumble onto something they don't have access to you'll want to politely
+tell them about it and direct the app flow as you see fit.
+
+To accomplish this in your application_controller.rb add
+
+``` ruby
+  rescue_from Canner::NotAuthorizedError, with: :user_not_authorized
+```
+
+You can name your method whatever you want.  Mine is user_not_authorized and looks like this:
+
+``` ruby
+  private
+
+  def user_not_authorized(exception)
+    flash[:error] = exception.message
+    redirect_to(request.referrer || root_path)
+  end
+```
+
+### Using can? in views
+
+You'll likely want to show or hide on screen items based on a users' role.
+This is done in canner like this:
+
+``` ruby
+  = link_to 'Create Customer', new_customer_path if canner_policy(:new, :customer).can?
+```
+
+This will look in the CustomerPolicy's can? method implemention and follow whatever rules
+you have for the :new symbol.
+
+So assuming the CustomerPolicy can? method provided below the currently signed in user
+would only be able to see the create customer link if they had an admin role.
+
+``` ruby
+  def can?
+    case @method
+    when :new
+      has_role?(:admin)
+    else
+      false
+    end
+  end
+```
+
+

data/Rakefile

@@ -0,0 +1,17 @@
+require 'rubygems'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+require 'yard'
+
+desc "Run all examples"
+RSpec::Core::RakeTask.new(:spec) do |t|
+  #t.rspec_path = 'bin/rspec'
+  t.rspec_opts = %w[--color]
+end
+
+YARD::Rake::YardocTask.new do |t|
+  t.files   = ['lib/**/*.rb']
+  #t.options = ['--any', '--extra', '--opts'] # optional
+end
+
+task :default => [:spec]

data/canner.gemspec

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'canner/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "canner"
+  gem.version       = Canner::VERSION
+  gem.authors       = ["Joe Acklin"]
+  gem.email         = ["joe@acklin.me"]
+  gem.summary       = %q{Rails Auth}
+  gem.description   = %q{No magic authorization for Rails}
+  gem.homepage      = "https://github.com/jacklin10/canner"
+  gem.license       = "MIT"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency "activesupport"
+  gem.add_development_dependency "activemodel"
+  gem.add_development_dependency "bundler", "~> 1.3"
+  gem.add_development_dependency "rspec", "~> 3.0"
+  gem.add_development_dependency "pry"
+  gem.add_development_dependency "rake"
+  gem.add_development_dependency "yard"
+end

data/lib/canner/util.rb

@@ -0,0 +1,21 @@
+class Util
+
+  # ensures whatever is passed in comes out an array of symbols
+  class << self
+    def prepare(str)
+      symbolize(arrayify(str))
+    end
+
+    # ensures the array elements are symbols
+    def symbolize(strings)
+      strings.map{|s| s.to_sym}
+    end
+
+    # ensure given roles are in the form of an array
+    def arrayify(roles)
+      roles.class == Array ? roles : [roles].flatten
+    end
+
+  end
+
+end

data/lib/canner/version.rb

@@ -0,0 +1,3 @@
+module Canner
+  VERSION = "0.0.2"
+end

data/lib/canner.rb

@@ -0,0 +1,59 @@
+# ASSUMES that your permissions policy is in a file with the same name as your model but with Perm.
+# i.e UserPerm, CustomerPerm
+module Canner
+
+  # so you don't have to have a helper method in the app_controller
+  def self.included(c)
+    c.helper_method :canner_policy
+  end
+
+  class NotAuthorizedError < StandardError
+    attr_accessor :role, :method
+  end
+
+  class AuthNotUsedError < StandardError; end
+  class ScopeNotUsedError < StandardError; end
+
+  # method_name - The controller action method that you are concerned with access
+  # target_model - Name of the object you are limiting access to. ( :user, :pet, :customer )
+  # target_obj   - The instance obj for what you want to test.  ( does user 1 have access to company 1?)
+  def instance_can?(method_name, target_model, target_obj)
+    policy = canner_policy(method_name, target_model)
+    raise NotAuthorizedError.new("You do not have access to this #{target_model.capitalize}") unless policy.instance_can?(target_obj)
+  end
+
+  # method_name - The controller action method that you are concerned with access
+  # target_model - Name of the object you are limiting access to. ( :user, :pet, :customer )
+  def can?(method_name, target_model)
+    @auth_used = true
+    raise NotAuthorizedError.new("You are not authorized to perform this action.") unless canner_policy(method_name, target_model).can?
+  end
+
+  # method_name - The controller action method that you are concerned with access
+  # target_model - Name of the object you are limiting access to. ( :user, :pet, :customer )
+  def canner_scope(method_name, target_model)
+    @scope_used = true
+    canner_policy(method_name, target_model).canner_scope
+  end
+
+  protected
+
+  def ensure_scope
+    return if devise_controller? rescue false
+    raise ScopeNotUsedError.new("Must use a canner_scope or exclude this action from the after_action") unless @scope_used
+  end
+
+  def ensure_auth
+    return if devise_controller? rescue false
+    raise AuthNotUsedError.new("Must use can? method or exclude this action from the after_action") unless @auth_used
+  end
+
+  def canner_policy(method_name, target_model)
+    derive_class_name(target_model).constantize.new(current_user, current_branch, method_name)
+  end
+
+  def derive_class_name(target_model)
+    "#{target_model.to_s.classify}Policy"
+  end
+
+end

data/lib/generators/canner/install/USAGE

@@ -0,0 +1,2 @@
+Description:
+    Generates the canner base policy.  All your policies need to inherit from this policy.

data/lib/generators/canner/install/install_generator.rb

@@ -0,0 +1,11 @@
+module Canner
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
+
+      def copy_application_policy
+        template 'base_policy.rb', 'app/policies/base_policy.rb'
+      end
+    end
+  end
+end

data/lib/generators/canner/install/templates/base_policy.rb

@@ -0,0 +1,52 @@
+class BasePolicy
+
+  def initialize(current_user, current_branch, method)
+    @current_user = current_user
+    @current_branch = current_branch
+    @method = method.to_sym
+    @roles = fetch_roles
+  end
+
+  # implement this in your policy class
+  # expects an array or strings or symbols that represent the user roles
+  def fetch_roles
+    raise ArgumentError.new("YOU NEED TO IMPLEMENT")
+    # ex. User.roles
+  end
+
+  # implement in your policy class to auto scope in an action
+  def canner_scope
+    raise ArgumentError.new("NOT IMPLEMENTED")
+    # ex:
+    # case @method
+    # when :index
+    #   User.by_branch(@current_branch)
+    # else
+    #   User.none
+    # end
+  end
+
+  # implment in your policy class.
+  # return true when the user can access the action or resource and false when they can't
+  def can?
+    raise ArgumentError.new("NOT IMPLEMENTED")
+    # ex:
+    # case @method
+    # when :index, :show
+    #   has_role?(:admin)
+    # else
+    #   false
+    # end
+  end
+
+  protected
+
+  def is_method?(methods)
+    prepare(methods).include?(@method)
+  end
+
+  def has_role?(roles)
+    @roles.any?{|r| prepare(roles).include?(r.to_sym) }
+  end
+
+end

data/lib/generators/canner/policy/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Generates a policy for a model with the given name.
+
+Example:
+    rails generate canner:policy user
+
+    This will create:
+        app/policies/user_policy.rb

data/lib/generators/canner/policy/policy_generator.rb

@@ -0,0 +1,13 @@
+module Canner
+  module Generators
+    class PolicyGenerator < ::Rails::Generators::NamedBase
+      source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
+
+      def create_policy
+        template 'policy.rb', File.join('app/policies', class_path, "#{file_name}_policy.rb")
+      end
+
+      hook_for :test_framework
+    end
+  end
+end

data/lib/generators/canner/policy/templates/policy.rb

@@ -0,0 +1,24 @@
+<% module_namespacing do -%>
+class <%= class_name %>Policy < BasePolicy
+
+  def canner_scope
+    case @method
+    when :index
+      # Add any special scoping you might need here
+      <%= class_name %>.all
+    else
+      <%= class_name %>.none
+    end
+  end
+
+  def can?
+    case @method
+    when :index
+      # has_role?(:admin)
+    else
+      false
+    end
+  end
+
+end
+<% end -%>

data/lib/generators/rspec/policy_generator.rb

@@ -0,0 +1,11 @@
+module Rspec
+  module Generators
+    class PolicyGenerator < ::Rails::Generators::NamedBase
+      source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
+
+      def create_policy_spec
+        template 'policy_spec.rb', File.join('spec/policies', class_path, "#{file_name}_policy_spec.rb")
+      end
+    end
+  end
+end

data/lib/generators/rspec/templates/policy_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+describe <%= class_name %>Policy do
+
+  let(:user) { User.new }
+  subject { <%= class_name %>Policy }
+
+end

data/spec/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in canner.gemspec
+gemspec

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: canner
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Joe Acklin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-07-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: No magic authorization for Rails
+email:
+- joe@acklin.me
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- canner.gemspec
+- lib/canner.rb
+- lib/canner/rspec.rb
+- lib/canner/util.rb
+- lib/canner/version.rb
+- lib/generators/canner/install/USAGE
+- lib/generators/canner/install/install_generator.rb
+- lib/generators/canner/install/templates/base_policy.rb
+- lib/generators/canner/policy/USAGE
+- lib/generators/canner/policy/policy_generator.rb
+- lib/generators/canner/policy/templates/policy.rb
+- lib/generators/rspec/policy_generator.rb
+- lib/generators/rspec/templates/policy_spec.rb
+- spec/Gemfile
+homepage: https://github.com/jacklin10/canner
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.0
+signing_key: 
+specification_version: 4
+summary: Rails Auth
+test_files:
+- spec/Gemfile