checkin 0.4.3

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,5 @@
+source "http://rubygems.org"
+
+group :development do
+  gem "jeweler", "~> 1.8.3"
+end

data/Gemfile.lock

@@ -0,0 +1,19 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    git (1.2.5)
+    jeweler (1.8.3)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+      rdoc
+    json (1.7.1)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  jeweler (~> 1.8.3)

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2012 mcasimir
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,188 @@
+# Checkin
+
+**Checkin** is an authorization gem for Ruby on Rails
+
+## Installation
+
+Put this in your Gemfile
+
+    gem 'checkin'
+    
+and update your bundle
+  
+    bundle install
+
+## Usage
+
+Create a **subject class** in your load path
+
+_ex._
+
+``` rb
+class UserSubject < Checkin::Subject
+
+      role :guest, :alias => :anonymous do
+          !subject_model
+      end
+
+      role :logged_in, :alias => [:connected] do
+          !!subject_model
+      end
+
+      role :owner, :require => [:logged_in, :author], :method => :own do |object|
+          object && object.respond_to?(:author) && ( subject_model == object.author )
+      end
+
+      role :author, :require => :logged_in do
+          subject_model.has_role?(:contributor) || subject_model.has_role?(:author)
+      end
+
+      role :editor, :require => :logged_in do
+          subject_model.has_role?(:editor)
+      end
+
+      role :administrator, :require => :logged_in, :alias => :admin do
+          subject_model.has_role?(:administrator)
+      end
+
+      role :mantainer, :require => :logged_in do
+          subject_model.has_role?(:mantainer)
+      end
+
+      role :staff, :require => :logged_in do
+       subject_model.has_role?(:administrator) ||
+       subject_model.has_role?(:mantainer) ||
+       subject_model.has_role?(:editor) ||
+       subject_model.has_role?(:author) ||
+       subject_model.has_role?(:contributor) ||
+       subject_model.has_role?(:photographer)
+      end
+
+      role :tester, :require => :logged_in do
+        subject_model.has_role?(:tester)
+      end
+
+      role :nexta_supervisor, :require => :logged_in do
+        subject_model.has_role?(:nexta)
+      end
+
+      role :self, :require  => :logged_in do |object|
+          object && object.is_a?(User) && subject_model == object
+      end
+
+      #
+      # Permissions
+      #
+
+      scope :site do
+        permissions :for => [:messages, :replies] do
+          allow :logged_in
+          allow :guests, :to => [:show, :index]
+          deny  :guests
+        end
+        permissions :for => :network do
+          allow [:administrators, :nexta_supervisors], :to => [:see]
+          deny
+        end
+      end
+
+      # Admin
+      scope :admin do
+        permissions do
+          allow :administrators, :mantainers
+          deny
+        end
+      end
+
+      scope :api do
+        allow :staff
+        deny
+      end
+
+      # Mantainer
+      scope :mantainer do
+        permissions do
+          allow :mantainers
+          deny
+        end
+      end
+
+      # Staff
+      scope :staff do
+        permissions do
+          allow :administrators, :mantainers
+          allow :editors, :to => [:edit, :update]
+          allow :authors, :to => [:new, :create]
+          allow :owners,  :to => [:edit, :update]
+          deny
+        end
+
+        permissions :for => :guides do
+          allow :administrators, :mantainers
+          allow :logged_in, :to => [:index, :show]
+          deny
+        end
+
+        permissions :for => :drafts do
+          allow :authors, :to => :submit
+        end
+
+        permissions_to_set :published do
+          allow :editors, :administrators, :mantainers
+          deny
+        end
+
+      end
+end
+```
+
+Use in controller
+
+_ex._
+
+``` rb
+class ApplicationController < ActionController::Base
+  rescue_from Checkin::AccessDenied, :with => :rescue_access_denied
+
+  protect_from_forgery
+  checkin(:scope => :admin)
+
+  protected
+
+  def rescue_access_denied
+    if subject.guest?
+      redirect_to new_user_session_path, :notice => "Accedi per completare l'operazione"
+    else
+      render :text => "Not Authorized", :status => 403
+    end
+  end
+
+end
+```
+
+
+
+
+---
+
+Copyright (c) 2012 mcasimir
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+

data/Rakefile

@@ -0,0 +1,26 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "checkin"
+  gem.homepage = "http://github.com/mcasimir/checkin"
+  gem.license = "MIT"
+  gem.summary = %Q{Checkin is an authorization gem for Ruby on Rails}
+  gem.description = %Q{Checkin is an authorization gem for Ruby on Rails}
+  gem.email = "maurizio.cas@gmail.com"
+  gem.authors = ["mcasimir"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new

data/VERSION

@@ -0,0 +1 @@
+0.4.3

data/checkin.gemspec

@@ -0,0 +1,57 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "checkin"
+  s.version = "0.4.3"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["mcasimir"]
+  s.date = "2012-05-07"
+  s.description = "Checkin is an authorization gem for Ruby on Rails"
+  s.email = "maurizio.cas@gmail.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "checkin.gemspec",
+    "lib/checkin.rb",
+    "lib/checkin/access_denied.rb",
+    "lib/checkin/dsl/permissions.rb",
+    "lib/checkin/dsl/roles.rb",
+    "lib/checkin/filters.rb",
+    "lib/checkin/role.rb",
+    "lib/checkin/rule.rb",
+    "lib/checkin/subject.rb",
+    "test/helper.rb",
+    "test/test_checkin.rb"
+  ]
+  s.homepage = "http://github.com/mcasimir/checkin"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.24"
+  s.summary = "Checkin is an authorization gem for Ruby on Rails"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<jeweler>, ["~> 1.8.3"])
+    else
+      s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
+    end
+  else
+    s.add_dependency(%q<jeweler>, ["~> 1.8.3"])
+  end
+end
+

data/lib/checkin/access_denied.rb

@@ -0,0 +1,46 @@
+#  Author::    Maurizio Casimirri (mailto:maurizio.cas@gmail.com)
+#  Copyright:: Copyright (c) 2012 Maurizio Casimirri
+#  
+#  Permission is hereby granted, free of charge, to any person obtaining
+#  a copy of this software and associated documentation files (the
+#  "Software"), to deal in the Software without restriction, including
+#  without limitation the rights to use, copy, modify, merge, publish,
+#  distribute, sublicense, and/or sell copies of the Software, and to
+#  permit persons to whom the Software is furnished to do so, subject to
+#  the following conditions:
+#  
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#  
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module Checkin
+  class AccessDenied < StandardError
+      attr_reader :subject, :action, :resource, :object
+
+      def initialize(subject, action, object_or_resource, options = {})
+        
+        @message  = options[:message]
+        @subject  = subject
+        @action   = action
+        @object   = ( object_or_resource.is_a?(Symbol) || object_or_resource.is_a?(String)) ? nil : object_or_resource
+        @resource = object ? object.class.name.demodulize.underscore.to_sym  : "#{object_or_resource}".singularize.to_sym
+        
+        @default_message = I18n.t(:"unauthorized.default", :default => "You are not authorized to access this page.")
+      end
+
+      def scope
+        @subject.scope if @subject
+      end
+
+      def to_s
+        @message || @default_message
+      end
+  end
+end

data/lib/checkin/dsl/permissions.rb

@@ -0,0 +1,167 @@
+#  Author::    Maurizio Casimirri (mailto:maurizio.cas@gmail.com)
+#  Copyright:: Copyright (c) 2012 Maurizio Casimirri
+#  
+#  Permission is hereby granted, free of charge, to any person obtaining
+#  a copy of this software and associated documentation files (the
+#  "Software"), to deal in the Software without restriction, including
+#  without limitation the rights to use, copy, modify, merge, publish,
+#  distribute, sublicense, and/or sell copies of the Software, and to
+#  permit persons to whom the Software is furnished to do so, subject to
+#  the following conditions:
+#  
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#  
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'checkin/rule'
+
+#
+# Permissions DSL
+#
+
+module Checkin
+  module Dsl
+    module Permissions
+      extend ActiveSupport::Concern
+
+      included do
+        attr_writer :explain
+      end
+
+      module ClassMethods
+
+        def rules
+          @rules ||= []
+        end
+
+        def add_rule_block(rules)
+          @rules ||= []
+          @rules = rules + @rules
+        end
+
+        def attribute_rules
+          @attribute_rules ||= []
+        end
+
+        def add_attribute_rules_block(rules)
+          @attribute_rules ||= []
+          @attribute_rules = rules + @attribute_rules
+        end
+
+        def scope(scope, &block)
+          _current_options[:scope] = scope
+          yield
+          _current_options.delete(:scope)
+        end
+
+        def permissions(*args)
+          _current_options[:mode] = :cascade
+          opts = args.extract_options!
+          _current_options[:resources] = [opts[:for]].flatten.compact.uniq.map {|r| "#{r}".singularize.to_sym}
+          yield
+          add_rule_block(_current_rule_block)
+          _reset_current_options
+          _reset_current_rule_block
+        end
+
+        def permissions_to_set(*args)
+          _current_options[:mode] = :attributes
+          opts = args.extract_options!
+          resources_options = opts[:on]
+          _current_options[:resources] = [resources_options].flatten.compact.uniq.map {|r| "#{r}".singularize.to_sym}
+          _current_options[:attributes] = args.flatten
+          yield
+          add_attribute_rules_block(_current_attributes_block)
+          _reset_current_options
+          _reset_current_attributes_block
+        end
+
+        def allow(*args)
+          if _current_options[:mode] == :cascade
+            _add_rule_to_current_rule_block(:allow, *args)
+          elsif _current_options[:mode] == :attributes
+            _add_rule_to_current_attributes_block(:allow, *args)
+          end
+        end
+
+        def deny(*args)
+          if _current_options[:mode] == :cascade
+            _add_rule_to_current_rule_block(:deny, *args)
+          elsif _current_options[:mode] == :attributes
+            _add_rule_to_current_attributes_block(:deny, *args)
+          end
+        end
+
+        def _current_options
+          @_current_options ||= ::ActiveSupport::HashWithIndifferentAccess.new
+        end
+
+        def _reset_current_options
+          scope = _current_options[:scope]
+          @_current_options = ::ActiveSupport::HashWithIndifferentAccess.new
+          @_current_options[:scope] = scope
+          @_current_options
+        end
+
+        def _current_rule_block
+          @_current_rule_block ||= []
+        end
+
+        def _reset_current_rule_block
+          @_current_rule_block = []
+        end
+
+        def _add_rule_to_current_rule_block(kind, *args)
+          opts    = args.extract_options!
+          actions = _actions_from_options(args, opts)
+          roles   = _roles_from_options(args, opts)
+
+          rule = ::Checkin::Rule.new(kind, :resources => _current_options[:resources], :roles => roles, :actions_or_attributes => actions, :scope => _current_options[:scope])
+
+          @_current_rule_block ||= []
+          @_current_rule_block << rule
+
+          rule
+        end
+
+        def _current_attributes_block
+          @_current_attributes_block ||= []
+        end
+
+        def _reset_current_attributes_block
+          @_current_attributes_block = []
+        end
+
+        def _add_rule_to_current_attributes_block(kind, *args)
+          opts    = args.extract_options!
+          roles   = _roles_from_options(args, opts)
+
+          rule = ::Checkin::Rule.new(kind, :resources => _current_options[:resources], :roles => roles, :actions_or_attributes => _current_options[:attributes], :scope => _current_options[:scope])
+
+          @_current_attributes_block ||= []
+          @_current_attributes_block << rule
+
+          rule
+        end
+
+        def _actions_from_options(args, opts)
+          [ opts[:to] ].flatten.compact.uniq.map {|a| "#{a}".to_sym}
+        end
+
+        def _roles_from_options(args, opts)
+          args.flatten.compact.uniq.map {|a| "#{a}".singularize.to_sym}
+        end
+
+      end
+
+    end
+  end
+end
+

data/lib/checkin/dsl/roles.rb

@@ -0,0 +1,149 @@
+#  Author::    Maurizio Casimirri (mailto:maurizio.cas@gmail.com)
+#  Copyright:: Copyright (c) 2012 Maurizio Casimirri
+#  
+#  Permission is hereby granted, free of charge, to any person obtaining
+#  a copy of this software and associated documentation files (the
+#  "Software"), to deal in the Software without restriction, including
+#  without limitation the rights to use, copy, modify, merge, publish,
+#  distribute, sublicense, and/or sell copies of the Software, and to
+#  permit persons to whom the Software is furnished to do so, subject to
+#  the following conditions:
+#  
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#  
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'checkin/role'
+
+module Checkin
+  module Dsl
+    module Roles
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+
+        def role(*args, &block)
+          opts = args.extract_options!
+
+          if args.empty?
+            raise ::ArgumentError.new("wrong number of arguments")
+          end
+
+          role_name = args.first
+
+          if role_name.to_s =~ /^can_([A-z]_)+\?$/
+            raise "bad role name: '#{role_name}'. Roles can not be in the form of 'can [...]?''"
+          end
+
+          if role_name.to_s.singularize != role_name.to_s
+            raise "bad role name: '#{role_name}'. Roles can not be in the plural form"
+          end
+
+          role = ::Checkin::Role.new
+          role.name                 = role_name
+          role.dependencies         = [ opts[:require] ].flatten.compact.uniq
+          role.check_proc           = block
+          role.aliases              = ([ opts[:alias] ] + [ opts[:aliases] ]).flatten.compact.uniq.map {|a| "#{a.to_s.gsub(/\?$/, "")}?"}
+          role.check_method_name    = "#{(opts[:method] || role_name).to_s.gsub(/\?$/, "")}?"
+
+          self.register_role(role)
+        end
+
+        def roles
+          @roles ||= ::ActiveSupport::HashWithIndifferentAccess.new
+        end
+
+        def role_methods
+          @role_methods ||= ::ActiveSupport::HashWithIndifferentAccess.new
+        end
+
+        def register_role(role)
+
+          self.register_role_method(role.check_method_name, role)
+
+          role.aliases.each do |a|
+            self.register_role_method(a, role)
+          end
+
+          self.roles[role.name] = role
+
+        end
+
+        def register_role_method(meth, role)
+          self.role_methods[meth] = role
+        end
+
+        def find_role_by_method(meth)
+          self.role_methods[meth]
+        end
+
+        def find_role_by_name(name)
+          self.roles[name]
+        end
+
+        def role_names
+          self.roles.keys.map {|k| k.to_s}
+        end
+
+        def symbolized_role_names
+          self.roles.keys.map {|k| k.to_sym}
+        end
+
+      end
+
+        def roles(*args)
+          roles = []
+          self.class.roles.each do |role_key, role|
+            roles << "#{role_key}".to_sym if check_role(role, *args)
+          end
+          roles
+        end
+
+        def role?(role, *args)
+          !!( check_role(role, *args) if (role = find_role_by_name(name)) )
+        end
+
+        protected
+
+        def find_role_by_method(meth)
+          self.class.find_role_by_method(meth)
+        end
+
+        def find_role_by_name(name)
+          self.class.find_role_by_name(name)
+        end
+
+        def is_role_method?(meth)
+          !!find_role_by_method(meth)
+        end
+
+        def check_role(role, *args)
+
+          roles_chain = role.dependencies.map{|d|
+            find_role_by_name(d) || (raise "required role not found '#{d}' for '#{role.name}")
+          } + [role]
+
+          roles_chain.each do |chain_role|
+            check_proc = chain_role.check_proc
+            check_args = args.slice(0, chain_role.check_proc.arity)
+
+            if !instance_exec(*check_args, &check_proc)
+              return false
+            end
+
+          end
+
+          true
+        end
+
+    end
+  end
+end
+

data/lib/checkin/filters.rb

@@ -0,0 +1,78 @@
+module Checkin
+  module Filters
+    extend ActiveSupport::Concern
+  
+    module ClassMethods
+      # checkin(:subject => :user, :scope => nil, :skip_authorization => false, :object => :object, rescue_with => lambda {
+      #   if subject.guest?
+      #     redirect_to new_user_session_path, :notice => "Accedi per completare l'operazione"
+      #   else
+      #     render :text => "Not Authorized", :status => 403
+      #   end
+      # })
+
+      def checkin(opts = {})
+        opts.symbolize_keys!
+        from_subject = :"#{(opts[:subject] || :user_subject)}"
+        subject_name = :"#{(opts[:as] || :subject)}"
+        subject_model = :"#{(opts[:from] || :current_user)}"
+        subject_class = from_subject.to_s.camelize.constantize
+        object_method = :"#{(opts[:object] || :fetch_object)}"
+        find_method   =  opts[:find_object]
+
+      
+        define_method "#{subject_name}" do
+          if !instance_variable_get("@checkin_#{subject_name}")
+            instance_variable_set("@checkin_#{subject_name}", subject_class.new(self.send(subject_model), :scope => opts[:scope]))
+          else
+            instance_variable_get("@checkin_#{subject_name}")
+          end       
+        end
+        
+        helper_method :"#{subject_name}"
+
+        if opts[:rescue_with]
+          block = opts[:rescue_with]
+          define_method :rescue_from_checkin_access_denied, &block
+          rescue_from Checkin::AccessDenied, :with => :rescue_from_checkin_access_denied        
+        end
+      
+        if !opts[:skip_authorization]
+          define_method :"#{object_method}" do   
+
+            
+            if params[:id]  
+              model_class   = self.controller_name.singularize.camelize.constantize
+              singular_name = :"#{model_class.name.underscore.singularize}"
+              if !instance_variable_get("@#{singular_name}")
+                find_method = if find_method.nil?
+                   Proc.new {|model_class, params|
+                    model_class.find(params[:id])
+                  }
+                elsif find_method.is_a?(Proc) || find_method.is_a?(Method)
+                  find_method
+                elsif find_method.is_a?(Symbol) || find_method.is_a?(String)
+                  self.method(find_method)
+                else
+                  raise "'#{find_method.class.name}' is an invalid type for find method"
+                end
+                instance_variable_set("@#{singular_name}", find_method.call(model_class, params))
+              else
+                instance_variable_get("@#{singular_name}")
+              end
+            end
+          end
+        
+          before_filter do |controller|
+            if Rails.env.development?
+              controller.send(subject_name).explain!
+            end
+            controller.send(subject_name).checkin!( :"#{controller.action_name}", (controller.send(:"#{object_method}") || {:for => :"#{controller.controller_name}"}) )
+            controller.send(subject_name).delete_denied_params( :"#{controller.action_name}", (controller.send(:"#{object_method}") || {:for => :"#{controller.controller_name}"}), (params[:"#{controller.controller_name.singularize}"] || {}) )
+          end
+        end      
+      end
+    end
+    
+  end
+end

data/lib/checkin/role.rb

@@ -0,0 +1,26 @@
+#  Author::    Maurizio Casimirri (mailto:maurizio.cas@gmail.com)
+#  Copyright:: Copyright (c) 2012 Maurizio Casimirri
+#  
+#  Permission is hereby granted, free of charge, to any person obtaining
+#  a copy of this software and associated documentation files (the
+#  "Software"), to deal in the Software without restriction, including
+#  without limitation the rights to use, copy, modify, merge, publish,
+#  distribute, sublicense, and/or sell copies of the Software, and to
+#  permit persons to whom the Software is furnished to do so, subject to
+#  the following conditions:
+#  
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#  
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class Checkin::Role
+    attr_accessor :name, :dependencies, :check_proc, :aliases, :check_method_name
+end
+

data/lib/checkin/rule.rb

@@ -0,0 +1,104 @@
+#  Author::    Maurizio Casimirri (mailto:maurizio.cas@gmail.com)
+#  Copyright:: Copyright (c) 2012 Maurizio Casimirri
+#  
+#  Permission is hereby granted, free of charge, to any person obtaining
+#  a copy of this software and associated documentation files (the
+#  "Software"), to deal in the Software without restriction, including
+#  without limitation the rights to use, copy, modify, merge, publish,
+#  distribute, sublicense, and/or sell copies of the Software, and to
+#  permit persons to whom the Software is furnished to do so, subject to
+#  the following conditions:
+#  
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#  
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+class Checkin::Rule
+    attr_accessor :kind, :actions_or_attributes, :roles, :resources, :scope
+
+    def initialize(kind, *args)
+      opts = args.extract_options!
+      @kind = kind
+      @actions_or_attributes = (opts[:actions_or_attributes] || []).map {|a| "#{a}".to_sym }
+      @roles = (opts[:roles] || []).map {|r| "#{r}".to_sym }
+      @resources = (opts[:resources] || []).map {|r| "#{r}".singularize.to_sym }
+      @scope = opts[:scope].present? ? opts[:scope].to_sym : nil
+    end
+
+    def check(subject, action_or_attribute, object_or_resource)
+      scope   = subject.scope
+      action  = "#{action}".to_sym
+      
+      object_or_resource = object_or_resource[:for] if object_or_resource.is_a?(Hash)
+      object   = ( object_or_resource.is_a?(Symbol) || object_or_resource.is_a?(String)) ? nil : object_or_resource 
+      resource = object ? object.class.name.demodulize.underscore.to_sym  : "#{object_or_resource}".singularize.to_sym
+
+      if affect_scope?(scope) && affect_role?(subject, object) && affect_action_or_attribute?(action_or_attribute) && affect_resource?(resource)
+         deny? ? :denied : :allowed
+      else
+         :skip
+      end
+    end
+
+    def to_s
+      formatted_roles = roles.map {|r| ":#{r}" }.join(", ") if roles.any?
+      formatted_actions = ":to => [" + actions_or_attributes.map {|a| ":#{a}" }.join(", ") + "]" if actions_or_attributes.any?
+      formatted_scope = ":scope => :#{scope}" if scope
+      formatted_resources = ":resources => [" + actions_or_attributes.map {|r| ":#{r}" }.join(", ") + "]" if resources.any?
+      args = [formatted_roles, formatted_actions, formatted_resources, formatted_scope].compact.join(", ")
+      "#{kind}(#{args})"
+    end
+
+    private
+
+    def affect_scope?(scope)
+      scope && ( any_scope? || @scope == scope.to_sym )
+    end
+
+    def affect_role?(subject, object)
+       args = [object].compact
+       any_role? || (subject.roles(*args) & @roles).any?
+    end
+
+    def affect_action_or_attribute?(action_or_attribute)
+      any_action_or_attribute? || @actions_or_attributes.include?(action_or_attribute)
+    end
+
+    def affect_resource?(resource)
+      any_resource? || @resources.include?(resource)
+    end
+
+    def any_role?
+      !!@roles.empty?
+    end
+
+    def any_action_or_attribute?
+      !!@actions_or_attributes.empty?
+    end
+
+    def any_scope?
+      @scope.blank?
+    end
+
+    def any_resource?
+      !!@resources.empty?
+    end
+
+    def deny?
+      @kind == :deny
+    end
+
+    def allow?
+      @kind == :allow
+    end
+
+
+end
+

data/lib/checkin/subject.rb

@@ -0,0 +1,137 @@
+#  Author::    Maurizio Casimirri (mailto:maurizio.cas@gmail.com)
+#  Copyright:: Copyright (c) 2012 Maurizio Casimirri
+#  
+#  Permission is hereby granted, free of charge, to any person obtaining
+#  a copy of this software and associated documentation files (the
+#  "Software"), to deal in the Software without restriction, including
+#  without limitation the rights to use, copy, modify, merge, publish,
+#  distribute, sublicense, and/or sell copies of the Software, and to
+#  permit persons to whom the Software is furnished to do so, subject to
+#  the following conditions:
+#  
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#  
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'checkin/dsl/roles'
+require 'checkin/dsl/permissions'
+
+class Checkin::Subject
+  include ::Checkin::Dsl::Roles
+  include ::Checkin::Dsl::Permissions
+
+  def initialize(subject_model, scope = {})
+    @subject_model = subject_model
+    @scope = scope[:scope]
+  end
+
+  def subject_model
+    @subject_model
+  end
+
+  def scope
+    :"#{@scope}"
+  end
+
+  def can?(action, object_or_resource)
+
+    if @explain
+       Rails.logger.info " + can?(:#{action}, #{object_or_resource})"
+    end
+          
+    self.class.rules.each do|rule|
+      result = rule.check(self, :"#{action}", object_or_resource)
+
+      if @explain
+        Rails.logger.info ["    - #{rule}".ljust(65), ":#{result}"].join(" => ")
+      end
+
+      case result
+        when :denied
+          return false
+        when :allowed
+          return true
+        else
+      end
+    end
+    true
+  end
+
+  def allowed_to_set?(attribute, on = {})
+
+    object = on[:on]
+    if @explain
+       Rails.logger.info " + allowed_to_set?(:#{attribute}, on => #{object})"
+    end
+          
+    self.class.attribute_rules.each do|rule|
+      result = rule.check(self, :"#{attribute}", object)
+
+      if @explain
+         Rails.logger.info  ["    - #{rule}".ljust(65), ":#{result}"].join(" => ")
+      end
+
+      case result
+        when :denied
+          return false
+        when :allowed
+          return true
+        else
+      end
+    end
+
+    true
+  end
+
+  def explain!
+    @explain = true
+  end
+
+  def stop_explaining!
+    @explain = false
+  end
+
+  def checkin!(action, object_or_resource)
+    raise Checkin::AccessDenied.new(self, action, object_or_resource) unless self.can?(action, object_or_resource)
+  end
+        
+  def delete_denied_params(action, object_or_resource, resource_params)
+    to_be_deleted = []
+    resource_params.keys.each {|key|
+      to_be_deleted.push(key) unless self.allowed_to_set?(key, :on => object_or_resource)
+    }
+    to_be_deleted.each do |key_to_delete|
+      resource_params.delete(key_to_delete)
+    end
+    resource_params
+  end
+
+  def method_missing(mid, *args)
+    missing_method = mid.to_s
+    prefixed_with_can = (missing_method =~ /^can_/) && (missing_method =~ /\?$/)
+
+    if prefixed_with_can
+      action = missing_method.gsub(/^can_/, "").gsub(/\?$/, "")
+      self.can?(action, *args)
+
+    elsif self.respond_to?(:"is_role_method?") && self.is_role_method?(missing_method)
+      role = self.find_role_by_method(missing_method)
+      self.check_role(role, *args)
+
+    elsif @subject_model && @subject_model.respond_to?(missing_method)
+      @subject_model.send(missing_method, *args)
+
+    else
+      raise NoMethodError.new("undefined method `#{missing_method}' for #{self.class.name}")
+    end
+  end
+
+end
+

data/lib/checkin.rb

@@ -0,0 +1,32 @@
+#  Author::    Maurizio Casimirri (mailto:maurizio.cas@gmail.com)
+#  Copyright:: Copyright (c) 2012 Maurizio Casimirri
+#  
+#  Permission is hereby granted, free of charge, to any person obtaining
+#  a copy of this software and associated documentation files (the
+#  "Software"), to deal in the Software without restriction, including
+#  without limitation the rights to use, copy, modify, merge, publish,
+#  distribute, sublicense, and/or sell copies of the Software, and to
+#  permit persons to whom the Software is furnished to do so, subject to
+#  the following conditions:
+#  
+#  The above copyright notice and this permission notice shall be
+#  included in all copies or substantial portions of the Software.
+#  
+#  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#  LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#  OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#  WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+module Checkin
+end
+
+require 'checkin/filters'
+require 'checkin/subject'
+require 'checkin/access_denied'
+
+class ActionController::Base
+  include Checkin::Filters
+end

data/test/helper.rb

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'checkin'
+
+class Test::Unit::TestCase
+end

data/test/test_checkin.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestCheckin < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification
+name: checkin
+version: !ruby/object:Gem::Version
+  version: 0.4.3
+  prerelease: 
+platform: ruby
+authors:
+- mcasimir
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.8.3
+description: Checkin is an authorization gem for Ruby on Rails
+email: maurizio.cas@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- .document
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- checkin.gemspec
+- lib/checkin.rb
+- lib/checkin/access_denied.rb
+- lib/checkin/dsl/permissions.rb
+- lib/checkin/dsl/roles.rb
+- lib/checkin/filters.rb
+- lib/checkin/role.rb
+- lib/checkin/rule.rb
+- lib/checkin/subject.rb
+- test/helper.rb
+- test/test_checkin.rb
+homepage: http://github.com/mcasimir/checkin
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 1307085424481181596
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Checkin is an authorization gem for Ruby on Rails
+test_files: []