RubyGems - cannie - Versions diffs - 0.0.1 → 0.0.2 - Mend

cannie 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.rspec +1 -0
data/Gemfile +2 -1
data/README.md +8 -8
data/cannie.gemspec +2 -0
data/lib/cannie/controller_extensions.rb +92 -0
data/lib/cannie/exceptions.rb +7 -0
data/lib/cannie/permissions.rb +71 -0
data/lib/cannie/rule.rb +19 -0
data/lib/cannie/version.rb +1 -1
data/lib/cannie.rb +1 -1
data/lib/generators/cannie/permissions/USAGE +3 -0
data/lib/generators/cannie/permissions/permissions_generator.rb +11 -0
data/lib/generators/cannie/permissions/templates/permissions.rb +15 -0
data/spec/cannie/controller_extensions_spec.rb +95 -0
data/spec/cannie/permissions_spec.rb +80 -0
data/spec/spec_helper.rb +15 -0
metadata +45 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4767806af908d3fbb42922daeb46aa9793c43f09
-  data.tar.gz: d1e4a3df2a8055cfa9e80645b63ceb62a66ea88c
+  metadata.gz: ec9ec75cbf4049751bdc12e6a3724880a39d729b
+  data.tar.gz: 0f5750f17a62373de640dfe3765c59bb640778d9
 SHA512:
-  metadata.gz: 28cae6c32b9616c3d9af5983b0044cd1b34044b552f55856a680adc3560548d6b82e064ca6a9356ef09bbc37cf4672e81293a35ffd4152786435f77111700b3c
-  data.tar.gz: a03394d05eaea44c85b0e7d2572f911b24f10700c0d5fd3e78c578919af0ebffaa6114cb234100fb936ce67718f4193f6e78261a44f9979e65e310324861bc2c
+  metadata.gz: 083fc7fa69ee1b74fb976edc60be681aea8d1f57e85b8d75d82ca1fa985b775e3f8bfd668d14f7da4dc1bc3b6d4d308579ad14fe24c864f1d589c3266ece6015
+  data.tar.gz: 92e63adbc1ad697c13bb14c460f4f516a008a8a98748cb8e5b4870d040c52e3fd58420f5a317b7941bb6fe650bb414910b20beeaaf1774073538eddb433048e3

data/.gitignore CHANGED Viewed

@@ -15,3 +15,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+.idea

data/.rspec ADDED Viewed

	@@ -0,0 +1 @@
1	+ --colour

data/Gemfile CHANGED Viewed

@@ -1,6 +1,7 @@
 source 'https://rubygems.org'
-gem 'rails', '~> 4.0'
+gem 'activesupport', '>= 4.0'
+gem 'actionpack', '>= 4.0'
 group :test do
   gem 'rspec'

data/README.md CHANGED Viewed

@@ -65,14 +65,14 @@ To skip checking permissions for controller, add `skip_check_permissions` method
 Checking of permissions on per-action basis is done by calling `permit!` method inside of controller's actions:
-   class PostsController < ApplicationController
-     check_permissions
-     def index
-       @posts = Posts.all
-       permit! :read, on: posts # checks whether user able to read fetched posts
-     end
-   end
+    class PostsController < ApplicationController
+      check_permissions
+      def index
+        @posts = Posts.all
+        permit! :read, on: posts # checks whether user able to read fetched posts
+      end
+    end
 ### Handling of unpermitted access

data/cannie.gemspec CHANGED Viewed

@@ -19,4 +19,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
+  spec.add_runtime_dependency "actionpack", ">= 4.0"
+  spec.add_runtime_dependency "activesupport", ">= 4.0"
 end

data/lib/cannie/controller_extensions.rb ADDED Viewed

@@ -0,0 +1,92 @@
+module Cannie
+  module ControllerExtensions
+    extend ActiveSupport::Concern
+    included do
+      extend ClassMethods
+      helper_method :can?, :current_permissions
+    end
+    module ClassMethods
+      # Method is used to be sure, that permissions checking is handled for each action inside controller.
+      #
+      #   class PostsController < ApplicationController
+      #     check_permissions
+      #
+      #     #...
+      #   end
+      #
+      def check_permissions(options={})
+        after_action(options.slice(:only, :except)) do |controller|
+          next if controller.permitted?
+          next if options[:if] && !controller.instance_eval(options[:if])
+          next if options[:unless] && controller.instance_eval(options[:unless])
+          raise CheckPermissionsNotPerformed, 'Action failed the check_permissions because it does not calls permit! method. Add skip_check_permissions to bypass this check.'
+        end
+      end
+      # Skip handling of permissions checking, that was defined by `check_permissions` method
+      #
+      #   class PostsController < ApplicationController
+      #     skip_check_permissions
+      #
+      #     #...
+      #   end
+      def skip_check_permissions(*args)
+        before_action(*args) do |controller|
+          controller.instance_variable_set(:@_permitted, true)
+        end
+      end
+    end
+    # Checks whether passed action is permitted for passed subject
+    #
+    #   can? :read, on: @posts
+    #
+    # or
+    #
+    #   can? :read, on: Post
+    #
+    # @param [Symbol] action
+    # @param [Object] subject
+    # @return [Boolean] result of checking permission
+    #
+    def can?(action, on: nil)
+      raise Cannie::SubjectNotSetError, 'Subject should be specified' unless on
+      current_permissions.can?(action, on: on)
+    end
+    # Define permissions, that should be checked inside controller's action
+    #
+    #  def index
+    #    permit! :read, on: Post
+    #    @posts = Post.all
+    #  end
+    #
+    # @param [Symbol] action
+    # @param [Object] subject
+    #
+    def permit!(action, on: nil)
+      raise Cannie::SubjectNotSetError, 'Subject should be specified' unless on
+      current_permissions.permit!(action, on: on)
+      @_permitted = true
+    end
+    def permitted?
+      !!@_permitted
+    end
+    def current_permissions
+      @current_permissions ||= ::Permissions.new(current_user)
+    end
+    private
+    attr_reader :_permitted
+  end
+end
+if defined? ActionController::Base
+  ActionController::Base.class_eval do
+    include Cannie::ControllerExtensions
+  end
+end

data/lib/cannie/exceptions.rb ADDED Viewed

@@ -0,0 +1,7 @@
+module Cannie
+  class SubjectNotSetError < StandardError; end
+  class CheckPermissionsNotPerformed < StandardError; end
+  class ActionForbidden < StandardError; end
+end

data/lib/cannie/permissions.rb ADDED Viewed

@@ -0,0 +1,71 @@
+module Cannie
+  # This module provides possibility to define permissions using "allow" method
+  #
+  #   class Permissions
+  #     include Cannie::Permissions
+  #
+  #     def initialize(user)
+  #       allow :read, on: Model
+  #       allow :manage, on: Model do |*entries|
+  #         entries.all?{|v| v.user == user}
+  #       end
+  #     end
+  #   end
+  #
+  module Permissions
+    # Define rules for further permissions checking
+    #
+    #   allow :read, on: Model
+    #
+    # @param actions
+    # @param on
+    # @return array of rules
+    def allow(*actions, on: nil, &block)
+      rules << Rule.new(*actions, on, &block)
+    end
+    # Check permission by given action on subject, that is passed in 'on' parameter
+    #
+    #   can? :read, on: Model
+    #
+    # or
+    #
+    #   can? :read, on: models
+    #
+    # @param action
+    # @param on
+    # @return result of permissions check
+    #
+    def can?(action, on: nil)
+      rules_for(action, on).all? do |rule|
+        rule.permits?(*on)
+      end
+    end
+    # Permit access for action on a subject
+    #
+    #   permit! :read, on: Model
+    #
+    # or
+    #
+    #   permit! :manage, on: models
+    #
+    # @param [Symbol] Action
+    #
+    def permit!(action, on: nil)
+      raise Cannie::ActionForbidden unless can?(action, on: on)
+    end
+    private
+    def rules
+      @rules ||= []
+    end
+    def rules_for(action, subject)
+      klass = subject.is_a?(Class) ? subject : subject.class
+      rules.select do |r|
+        r.actions.include?(action) && (subject == :all || klass <= r.subject)
+      end
+    end
+  end
+end

data/lib/cannie/rule.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Cannie
+  class Rule
+    attr_reader :actions, :subject, :condition
+    def initialize(*actions, subject, &block)
+      @actions = actions
+      @subject = subject
+      @condition = block
+    end
+    def permits?(*args)
+      if condition
+        !!condition.call(*args)
+      else
+        true
+      end
+    end
+  end
+end

data/lib/cannie/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Cannie
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/lib/cannie.rb CHANGED Viewed

@@ -1,8 +1,8 @@
+require 'cannie/version'
 require 'cannie/exceptions'
 require 'cannie/rule'
 require 'cannie/permissions'
 require 'cannie/controller_extensions'
-require 'cannie/version'
 module Cannie
 end

data/lib/generators/cannie/permissions/USAGE ADDED Viewed

@@ -0,0 +1,3 @@
+Description:
+  The cannie:permissions generator creates an Permissions class in the models
+  directory.

data/lib/generators/cannie/permissions/permissions_generator.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module Cannie
+  module Generators
+    class PermissionsGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      def generate_permissions
+        copy_file 'permissions.rb', 'app/models/permissions.rb'
+      end
+    end
+  end
+end

data/lib/generators/cannie/permissions/templates/permissions.rb ADDED Viewed

@@ -0,0 +1,15 @@
+class Permissions
+  include Cannie::Permissions
+  def initialize(user)
+    # Define abilities for the passed user:
+    #
+    #   user ||= User.new
+    #   if user.admin?
+    #     allow :manage, on: Model
+    #   else
+    #     can :read, on: Model
+    #   end
+    #
+  end
+end

data/spec/cannie/controller_extensions_spec.rb ADDED Viewed

@@ -0,0 +1,95 @@
+require 'spec_helper'
+class TestController < ActionController::Base
+  check_permissions
+  def action
+  end
+end
+describe Cannie::ControllerExtensions do
+  subject { TestController.new }
+  let(:before_filters) do
+    subject.class._process_action_callbacks.select{|f| f.kind == :before}.map(&:raw_filter)
+  end
+  let(:after_filters) do
+    subject.class._process_action_callbacks.select{|f| f.kind == :after}.map(&:raw_filter)
+  end
+  let(:permissions) do
+    Class.new do
+      include Cannie::Permissions
+      def initialize
+        allow :update, on: Array do |*attrs|
+          attrs.all?{|v| v % 3 == 0}
+        end
+      end
+    end
+  end
+  describe '.check_permissions' do
+    it 'raises exception if controller.permitted? evaluates to false' do
+      expect { after_filters.first.call(subject) }.to raise_error(Cannie::CheckPermissionsNotPerformed)
+    end
+    it 'does not raise exception if controller.permitted? evaluates to true' do
+      subject.stub(:permitted?).and_return(true)
+      expect { after_filters.first.call(subject) }.not_to raise_error
+    end
+    it 'raises exception if :if block executed in controller scope returns false' do
+      pending
+    end
+    it 'raises exception if :if block executed in controller scope returns true' do
+      pending
+    end
+  end
+  describe '.skip_check_permissions' do
+    it 'sets @_permitted to true to bypass permissions checking' do
+      subject.class.instance_eval do
+        skip_check_permissions
+      end
+      before_filters.first.call(subject)
+      expect(subject.permitted?).to be_true
+    end
+  end
+  describe '#can?' do
+    it 'raises SubjectNotSetError if value of :on param is nil' do
+      expect { subject.can? :action }.to raise_error(Cannie::SubjectNotSetError)
+    end
+    it 'returns true if action allowed on subject' do
+      subject.stub(:current_permissions).and_return permissions.new
+      expect(subject.can? :update, on: [3,6,9]).to be_true
+    end
+    it 'returns false if action not allowed on subject' do
+      subject.stub(:current_permissions).and_return permissions.new
+      expect(subject.can? :update, on: [3,7,9]).to be_false
+    end
+  end
+  describe '#permit!' do
+    it 'raises SubjectNotSetError if value of :on param is nil' do
+      expect { subject.permit! :action }.to raise_error(Cannie::SubjectNotSetError)
+    end
+    it 'assigns @_permitted to true if action is allowed on subject' do
+      subject.stub(:current_permissions).and_return permissions.new
+      subject.permit! :update, on: [3,6,9]
+      expect(subject.permitted?).to be_true
+    end
+    it 'raises AccessDenied error if action is not allowed on subject' do
+      subject.stub(:current_permissions).and_return permissions.new
+      expect { subject.permit! :update, on: [3,6,11] }.to raise_error(Cannie::ActionForbidden)
+    end
+  end
+end

data/spec/cannie/permissions_spec.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require 'spec_helper'
+describe Cannie::Permissions do
+  subject { Class.new { include Cannie::Permissions } }
+  describe '#allow' do
+    before do
+      subject.class_eval do
+        def initialize
+          allow :read, :update, on: Array
+        end
+      end
+    end
+    let(:rules) { subject.new.send(:rules) }
+    it 'creates only one rule for each call of allow method' do
+      expect(rules.size).to eq(1)
+    end
+    it 'creates and stores Rule object with passed actions' do
+      expect(rules.first.actions).to eq([:read, :update])
+    end
+    it 'creates and stores Rule object with passed subject' do
+      expect(rules.first.subject).to eq(Array)
+    end
+    it 'creates and stores Rule object with passed condition block' do
+      expect(rules.first.condition).to be_nil
+    end
+  end
+  describe '#can?' do
+    before do
+      subject.class_eval do
+        def initialize
+          allow :read, on: Array
+          allow(:read, on: Array) do |*args|
+            args.all?{|v| v % 2 == 0}
+          end
+        end
+      end
+    end
+    let(:permissions) { subject.new }
+    it 'returns true if all rules for action & subject are permitted' do
+      expect(permissions.can? :read, on: [2, 4, 8]).to be_true
+    end
+    it 'returns false if not all rules for action & subject are permitted' do
+      expect(permissions.can? :read, on: [1, 2, 3]).to be_false
+    end
+  end
+  describe '#permit!' do
+    before do
+      subject.class_eval do
+        def initialize
+          allow :read, on: Array do |*args|
+            args.all?{|v| v % 2 == 0}
+          end
+        end
+      end
+    end
+    let(:permissions) { subject.new }
+    it 'raises AccessDenied error if permission checking failed' do
+      expect { permissions.permit! :read, on: [1, 2, 3] }.to raise_error
+    end
+    it 'does not raise AccessDenied error if permission checking was successfull' do
+      expect { permissions.permit! :read, on: [2, 4, 6] }.not_to raise_error
+    end
+  end
+end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'simplecov'
+SimpleCov.start
+require 'rubygems'
+require 'active_support/concern'
+require 'action_controller/railtie'
+require 'cannie'
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.filter_run focus: true
+  config.run_all_when_everything_filtered = true
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cannie
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - hck
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-09-07 00:00:00.000000000 Z
+date: 2013-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,6 +38,34 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '4.0'
 description: Cannie is a gem for authorization/permissions checking on per-controller/per-action
   basis.
 email:
@@ -46,14 +74,25 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .rspec
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - cannie.gemspec
 - lib/cannie.rb
+- lib/cannie/controller_extensions.rb
+- lib/cannie/exceptions.rb
+- lib/cannie/permissions.rb
+- lib/cannie/rule.rb
 - lib/cannie/version.rb
+- lib/generators/cannie/permissions/USAGE
+- lib/generators/cannie/permissions/permissions_generator.rb
+- lib/generators/cannie/permissions/templates/permissions.rb
+- spec/cannie/controller_extensions_spec.rb
+- spec/cannie/permissions_spec.rb
 - spec/cannie/rule_spec.rb
+- spec/spec_helper.rb
 homepage: http://guthub.com/hck/cannie
 licenses:
 - MIT
@@ -74,9 +113,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.0.3
+rubygems_version: 2.1.1
 signing_key:
 specification_version: 4
 summary: Simple gem for checking permissions on per-action basis
 test_files:
+- spec/cannie/controller_extensions_spec.rb
+- spec/cannie/permissions_spec.rb
 - spec/cannie/rule_spec.rb
+- spec/spec_helper.rb