cant_cant_cant 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a444a3ec5b00cf225f6af59760d9d263122b1114
+  data.tar.gz: 12325af0887c6d17735fc232a183530bf0dc3b2f
+SHA512:
+  metadata.gz: 782820cfc64752416cc5f4ff36a37a45465c0eacff61f120bcd1abefb73ccf97039d3c2fbaafe608cd0032ea0590ef77d0c11f10e85fc46bd99b86192ecb343f
+  data.tar.gz: ffab247b6a21bd60d729cf4fc6176de998b1d155613b77a03a3f7b08217ae479ba1f0ae0298436c6e84b26ec0ade132a5d5b4d844cd9394637154602fa7fa6be

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Shou Ya
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,86 @@
+# CantCantCant
+
+[![Build Status](https://travis-ci.org/shouya/cant_cant_cant.svg?branch=master)](https://travis-ci.org/shouya/cant_cant_cant)
+
+I want an authentication to:
+
+- be light weight and simple, working in a controllable way;
+- be role based, where roles and users are multiple-to-multiple relation;
+- apply on controller actions;
+- have access control in a single configuration file;
+- be able to export a list of permissions for roles
+
+So CanCan[Can] just can't satisfy my requirement. And then CantCantCant is the wheel invented for above purposes.
+
+## Installation
+
+Add the following line to your `Gemfile` and execute `bundle`.
+
+    gem 'cant_cant_cant'
+
+Then run:
+
+    $ rails generate cant_cant_cant:install
+
+to generate the config and the initializer.
+
+To get authentication works, you have to adjust `config/cant_cant_cant.yml` for your own need.
+
+After all you need to tell CantCantCant how to acquire your current role(s). Modify the code in `config/initializers/cant_cant_cant.rb`.
+
+CantCantCant will raise an exception on unauthorized access. In order to handle the error yourself, take a look on the related code in `config/initializers/cant_cant_cant.rb`.
+
+## Usage
+
+You're done. There is no need to configure more in any of your controllers.
+
+Note that live reloading is not supported yet; it means you'll need to restart your server after modifying your actions/controllers/config to take effect.
+
+If you need to acquire a list of actions that given roles have access to, just call `CantCantCant.permissions_for(roles)`.
+
+
+## Configuration
+
+The configuration is located in `config/cant_cant_cant.yml`. The path to configuration file can be modified in the initializer.
+
+The configuration is a YAML document that looks like:
+
+```yaml
+user: &default_permissions
+  test#public: allow
+  test#admin_only: deny
+  test#no_access: deny
+
+admin:
+  <<: *default_permissions
+  test#admin_only: allow
+```
+
+## Initializer
+
+You can adjust the initializer as you want, the only thing to notice is that you need to call `CantCantCant.initialize` before making any request, otherwise the authentication won't take effect.
+
+CantCantCant need a `current_roles` method, you should implement it by your own according to the template, either in the initializer or in your own `ApplicationController`. You can also handle the `PermissionDenied` exception in the same way.
+
+Using `rails generate cant_cant_cant:install`, the template will be generated for you in the initializer.
+
+```ruby
+class ActionController::Base
+  # Write your own handler
+  rescue_from CantCantCant::PermissionDenied do
+    render plain: 'permission denied', status: 403
+  end
+
+  # Write your own method to return the roles for current user
+  def current_roles
+    return [] unless defined? current_user
+    return [] if current_user.empty?
+
+    current_user.roles
+  end
+end
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,34 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'CantCantCant'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task default: :test

data/lib/cant_cant_cant/version.rb

@@ -0,0 +1,3 @@
+module CantCantCant
+  VERSION = '0.1.0'
+end

data/lib/cant_cant_cant.rb

@@ -0,0 +1,76 @@
+require 'yaml'
+
+module CantCantCant
+  PermissionDenied = Class.new(RuntimeError)
+  InvalidControllerOrAction = Class.new(RuntimeError)
+  InvalidConfiguration = Class.new(RuntimeError)
+
+  class << self
+    def initialize(config)
+      @config_file = config
+      @cache = {}
+
+      inject_actions
+    end
+
+    def inject_actions
+      validate_config
+
+      permission_table.values.map(&:keys).flatten.uniq.each do |param|
+        inject_action(param)
+      end
+    end
+
+    def allow?(param, roles)
+      permissions_for(roles).include? param
+    end
+
+    def permissions_for(roles)
+      @cache[roles.sort.join(',')] ||=
+        permission_table
+        .values_at(*roles)
+        .select(&:present?)
+        .map { |x| x.keep_if { |_, v| v == 'allow' }.keys }
+        .flatten
+        .uniq
+    end
+
+    private
+
+    def permission_table
+      @permission_table ||= YAML.load_file(@config_file).freeze
+    end
+
+    def extract_controller(param)
+      controller, action = param.split('#')
+      raise if controller.blank? || action.blank?
+
+      controller = (controller.classify + 'Controller').constantize
+      raise unless action.in? controller.instance_methods(false).map(&:to_s)
+
+      [controller, action]
+    rescue RuntimeError, NameError
+      raise InvalidControllerOrAction, param
+    end
+
+    def inject_action(param)
+      controller, action = extract_controller(param)
+      controller.class_eval do
+        before_action(only: [action]) do
+          next true if CantCantCant.allow?(param, current_roles)
+          raise PermissionDenied, param
+        end
+      end
+    end
+
+    def validate_config
+      permission_table.each do |_, perms|
+        perms.each do |param, access|
+          next unless access.blank?
+          next unless access.in? %w(allow deny)
+          raise InvalidConfiguration, param
+        end
+      end
+    end
+  end
+end

data/lib/generators/cant_cant_cant/install/install_generator.rb

@@ -0,0 +1,33 @@
+require 'rails/generators/base'
+
+module CantCantCant::Generators
+  class InstallGenerator < Rails::Generators::Base
+    desc 'Generate CantCantCant configuration file and initializer'
+
+    source_root File.expand_path('../templates', __FILE__)
+
+    def create_config_file
+      template 'config.yml', 'config/cant_cant_cant.yml'
+    end
+
+    def create_initializer_file
+      template 'initializer.rb', 'config/initializers/cant_cant_cant.rb'
+    end
+
+    private
+
+    def user_params
+      routes = Rails.application.routes.routes.to_a.reject(&:internal)
+      routes.map(&:defaults).reject(&:empty?).uniq
+    end
+
+    def user_permission_table
+      map = {}
+      user_params.each do |p|
+        key = "#{p[:controller]}##{p[:action]}"
+        map[key] = :deny
+      end
+      map
+    end
+  end
+end

data/lib/generators/cant_cant_cant/install/templates/config.yml

@@ -0,0 +1,12 @@
+# This configuration file is initialized using `rails g cantcantcant:install`
+
+# The default permission is generated by scanning all non-internal routes
+user: &default_permissions
+<%- user_permission_table.each do |k,v| -%>
+  <%=k%>: <%=v%>
+<%- end -%>
+
+admin:
+  <<: *default_permissions
+  # Specify your permission rules below
+  # admin#rm_rf: allow

data/lib/generators/cant_cant_cant/install/templates/initializer.rb

@@ -0,0 +1,17 @@
+config = File.join(Rails.root, 'config/cant_cant_cant.yml')
+CantCantCant.initialize(config)
+
+class ActionController::Base
+  # Write your own handler
+  rescue_from CantCantCant::PermissionDenied do
+    render plain: 'permission denied', status: 403
+  end
+
+  # Write your own method to return the roles for current user
+  def current_roles
+    return [] unless defined? current_user
+    return [] if current_user.empty?
+
+    current_user.roles
+  end
+end

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: cant_cant_cant
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Shou Ya
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-09-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: CanCan[Can] just can't satisfy me
+email:
+- github@lain.li
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/cant_cant_cant.rb
+- lib/cant_cant_cant/version.rb
+- lib/generators/cant_cant_cant/install/install_generator.rb
+- lib/generators/cant_cant_cant/install/templates/config.yml
+- lib/generators/cant_cant_cant/install/templates/initializer.rb
+homepage: https://github.com/shouya/cantcantcant
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: CanCan[Can] just can't satisfy me
+test_files: []