consent 0.6.0 → 2.0.0

metadata

@@ -1,71 +1,113 @@
 --- !ruby/object:Gem::Specification
 name: consent
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Carlos Palhares
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-12-22 00:00:00.000000000 Z
+date: 2022-09-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.2.1
+- !ruby/object:Gem::Dependency
+  name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.11
+        version: '5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 4.1.11
+        version: '5'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.3
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.17.3
+        version: '2.1'
 - !ruby/object:Gem::Dependency
-  name: cancancan
+  name: combustion
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.15.0
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: license_finder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '7.0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 3.9.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -81,20 +123,48 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.65.0
+        version: 5.1.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.65.0
-description: Consent
+        version: 5.1.2
+- !ruby/object:Gem::Dependency
+  name: rubocop-powerhome
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.5.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.4.2
+description: Consent permission based authorization
 email:
 - chjunior@gmail.com
 executables: []
@@ -102,38 +172,49 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
-- ".rspec"
 - ".rubocop.yml"
 - ".rubocop_todo.yml"
-- ".ruby-version"
-- ".travis.yml"
 - Gemfile
-- LICENSE
-- README.md
 - Rakefile
-- TODO.md
+- app/models/concerns/consent/authorizable.rb
+- app/models/consent/application_record.rb
+- app/models/consent/history.rb
+- app/models/consent/permission.rb
 - bin/console
 - bin/setup
+- config.ru
 - consent.gemspec
+- db/migrate/20211104225614_create_nitro_auth_authorization_permissions.rb
+- db/migrate/20220420135558_create_nitro_auth_authorization_histories.rb
+- doc/dependency_decisions.yml
+- docs/CHANGELOG.md
+- docs/README.md
 - lib/consent.rb
 - lib/consent/ability.rb
 - lib/consent/action.rb
 - lib/consent/dsl.rb
-- lib/consent/permission.rb
-- lib/consent/permissions.rb
-- lib/consent/railtie.rb
+- lib/consent/engine.rb
+- lib/consent/model_additions.rb
+- lib/consent/permission_migration.rb
 - lib/consent/reloader.rb
 - lib/consent/rspec.rb
+- lib/consent/rspec/consent_action.rb
+- lib/consent/rspec/consent_view.rb
 - lib/consent/subject.rb
+- lib/consent/subject_coder.rb
+- lib/consent/symbol_adapter.rb
 - lib/consent/version.rb
 - lib/consent/view.rb
 - lib/generators/consent/permissions_generator.rb
 - lib/generators/consent/templates/permissions.rb.erb
 - lib/generators/consent/templates/permissions_spec.rb.erb
-homepage: 
+- mkdocs.yml
+- renovate.json
+homepage: https://github.com/powerhome/power-tools
 licenses:
 - MIT
-metadata: {}
+metadata:
+  rubygems_mfa_required: 'true'
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -142,16 +223,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '2.7'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
-summary: Consent
+summary: Consent permission based authorization
 test_files: []

data/.rspec

@@ -1,2 +0,0 @@
---format documentation
---color

data/.ruby-version

@@ -1 +0,0 @@
-2.5.0

data/.travis.yml

@@ -1,18 +0,0 @@
-sudo: false
-language: ruby
-rvm:
-- 2.2.2
-- 2.5.0
-before_install: gem install bundler -v 1.17.3
-script:
-  - bundle exec rubocop
-  - bundle exec rspec
-deploy:
-  provider: rubygems
-  api_key:
-    secure: aCipdg6IqKaxQmWQXFlqI2JqGOrCAxzYlutOn6nCSk9VCzmlRjDoEp1M99ASvmF5CP3KQgfRq8bxfLql8jss8tymK0u2ExvKaUglK0zb2KoLQDGDGuHw3RxCTnaxPBuO4/2PuS+nso6IcdqUaGOzh8FA7ePKPBmxl3kyNtArEDV88Eyx6tQYs1/1w153bAeBk57nTiu8CPS+dIWg+guQADTLPZ61fH4xKjPWXnr65pFF7YtU5YdPBHFkqL60X384OZj1c7ZTGvFj70+36oo617HigSg8HCE+E0R1N4JQ8/5xo2yHBdrtgsAqYyYWRgm1C6qu+T6yKMuokdoSd0Ji3Rigz6VRrOJfjmQQkwMnno9fCY3vND62zOb9Ow+MCNuQYSgNHc+YPURKmT05wadG0FpZdmo6hstPusleuG89NxnB/s2YjR0QWQK05MW1uhFdru1S2gBd1fMH1GLoThhdfGG1UJSkKOipUJyRupFaB9zimJO3HwaTP0Q+wP8MGZDAqbyzQ3bJSZaQmJC6loC2EtxxnOQxUIxaySLtNEU2LOr9IijExj1ldXkz8X1fIWwRr6BPnIeChFnuST+L9UDYtqk1WgQTUs+tOAxUjepAWhtIUL5h3Jg2NZd9RxPXq8IngDWZJwT8yA3E9wloQx5JzTIMas5wHwCQJuwjjk5ibss=
-  gem: consent
-  on:
-    tags: true
-    repo: powerhome/consent
-    ruby: 2.5.0

data/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright Power Home Remodeling Group, LLC
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

data/README.md

@@ -1,245 +0,0 @@
-# Consent [![Build Status](https://travis-ci.org/powerhome/consent.svg?branch=master)](https://travis-ci.org/powerhome/consent)
-
-## Installation
-
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'consent'
-```
-
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install consent
-
-## What is Consent
-
-Consent makes defining permissions easier by providing a clean, concise DSL for authorization so that all abilities do not have to be in your `Ability`
-class.
-
-Consent takes application permissions and models them so that permissions are organized and can be defined granularly. It does so using the
-following models:
-
-* View: A collection of objects limited by a given condition.
-* Action: An action performed on top of the objects limited by the view. For example, one user could only `:view` something, while another could `:manage` it.
-* Subject: Holds the scope of the actions.
-* Permission: What is given to the user. Combines a subject, an action and
-a view.
-
-## What Consent Is Not
-
-Consent isn't a tool to enforce permissions -- it is intended to be used with CanCanCan and is only to make permissions more easily readable and definable.
-
-## Subject
-
-The subject is the central point of a group of actions and views. It will typically
-be an `ActiveRecord` class, a `:symbol`, or any Plain Old Ruby Object.
-
-You define a subject with the following DSL:
-
-```ruby
-Consent.define Project, 'Our Projects' do
-  #in this case, Project is the subject
-  # and `Our Projects` is the description that makes it clear to users
-  # what the subject is acting upon.
-  …
-end
-```
-
-The scope is the action that's being performed on the subject. It can be anything, but will typically be an ActiveRecord class, a `:symbol`, or a PORO.
-
-For instance:
-
-```ruby
-Consent.define :features, 'Beta Features' do
-  # whatever you put inside this method defines the scope
-end
-```
-
-## Views
-
-Views are the rules that limit the access to actions. For instance,
-a user may see a `Project` from his department, but not from others. That rule
-could be enforced with a `:department` view, defined like this:
-
-### Hash Conditions
-
-This is probably the most commonly used and is useful, for example,
-when the view can be defined using a where condition in an ActiveRecord context.
-It follows a match condition and will return all objects that meet the criteria
-and is based off a boolean:
-
-```ruby
-Consent.define Project, 'Projects' do
-  view :department, "User's department only" do |user|
-    { department_id: user.id }
-  end
-end
-```
-
-Although hash conditions (matching object's attributes) are recommended,
-the constraints can be anything you want. Since Consent does not enforce the
-rules, those rules are directly given to CanCan. Following [CanCan rules](https://github.com/CanCanCommunity/cancancan/wiki/Defining-Abilities%3A-Best-Practice)
-for defining abilities is recommended.
-
-### Object Conditions
-
-If you're not matching for equal values, then you would need to use an object
-condition, which matches data based off a range.
-
-If you already have an object and want to check to see whether the user has
-permission to view that specific object, you would use object conditions.
-
-If your needs can't be satisfied by hash conditions, it is recommended that a
-second condition is given for constraining object instances. For example, if you
-want to restrict a view for smaller volume projects:
-
-```ruby
-Consent.define Project, 'Projects' do
-  view :small_volumes, "User's department only",
-    -> (user) {
-      ['amount < ?', user.volume_limit]
-    end,
-    -> (user, project) {
-      project.amount < user.volume_limit
-    }
-end
-```
-
-For object conditions, the latter argument will be the referred object, while the
-former will be the context given to the [Permission](#permission) (also check
-[CanCan integration](#cancan-integration)).
-
-## Action
-
-An action is anything you can perform on a given subject. In the example of
-Features this would look like the following using Consent's DSL:
-
-```ruby
-Consent.define :features, 'Beta Features' do
-  action :beta_chat, 'Beta Chat App'
-end
-```
-
-To associate different views to the same action:
-
-```ruby
-Consent.define Project, 'Projects' do
-  # returns conditions that can be used as a matcher for objects so the matcher
-  # can return true or false (hash version)
-  view :department, "User's department only" do |user|
-    { department_id: user.id }
-  end
-  view :future_projects, "User's department only",
-    # returns a condition to be applied to a collection of objects
-    -> (_) {
-      ['starts_at > ?', Date.today]
-    end,
-    # returns true/false based on a condition -- to use this, you must pass in
-    # an instance of an object in order to check the permission
-    -> (user, project) {
-      project.starts_at > Date.today
-    }
-
-  action :read, 'Read projects', views: [:department, :future_projects]
-end
-```
-
-If you have a set of actions with the same set of views, you can use a
-`with_defaults` block to simplify the writing:
-
-```ruby
-with_defaults views: [:department, :small_volumes] do
-  action :read, 'Read projects'
-  action :approve, 'Approve projects'
-end
-```
-
-## Permission
-
-A permission is what is consented to the user. It is the *permission* to perform
-an *action* on a limited *view* of the *subject*. It marries the three concepts
-to consent an access to the user.
-
-A permission is not specified by the user, it is calculated from a permissions
-hash owned by a `User`, or a `Role` on an application.
-
-The permissions hash looks like the following:
-
-```ruby
-{
-  project: {
-    read: 'department',
-    approve: 'small_volumes'
-  }
-}
-```
-
-In other words:
-
-```ruby
-{
-  <subject>: {
-    <action>: <view>
-  }
-}
-```
-
-### Full Access
-
-Full (unrestricted by views) access is granted when view is `'1'`, `true` or
-`'true'`. For instance:
-
-In other words:
-
-```ruby
-{
-  projects: {
-    approve: true
-  }
-}
-```
-
-## CanCan Integration
-
-Consent provides a CanCan ability (Consent::Ability) to integrate your
-permissions with frameworks like Rails. To use it with Rails check out the
-example at [Ability for Other Users](https://github.com/CanCanCommunity/cancancan/wiki/Ability-for-Other-Users)
-on CanCanCan's wiki.
-
-In the ability you define the scope of the permissions. This is typically an
-user:
-
-```ruby
-Consent::Ability.new(user.permissions, user)
-```
-
-The first parameter given to the ability is the permissions hash, seen at
-[Permission](#permission). The following parameters are the permission context.
-These parameters are given directly to the condition blocks defined by the views
-in the exact same order, so it's up to you to define what your context is.
-
-## Rails Integration
-
-Consent is integrated into Rails with `Consent::Railtie`. To define where
-your permission files will be, use `config.consent.path`. This defaults to
-`app/permissions/` to conform to Rails' standards.
-
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run
-`rake spec` to run the tests. You can also run `bin/console` for an interactive
-prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`. To
-release a new version, update the version number in `version.rb`, and then run
-`bundle exec rake release`, which will create a git tag for the version, push
-git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
-
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at https://github.com/powerhome/consent.

data/TODO.md

@@ -1 +0,0 @@
-* DSL validate Consent state

data/lib/consent/permission.rb

@@ -1,35 +0,0 @@
-# frozen_string_literal: true
-
-module Consent
-  class Permission # :nodoc:
-    def initialize(subject, action, view = nil)
-      @subject = subject
-      @action = action
-      @view = view
-    end
-
-    def subject_key
-      @subject.key
-    end
-
-    def action_key
-      @action.key
-    end
-
-    # Disables Sytle/SafeNavigation to keep this code
-    # compatible with ruby < 2.3
-    # rubocop:disable Style/SafeNavigation
-    def view_key
-      @view && @view.key
-    end
-
-    def conditions(*args)
-      @view && @view.conditions(*args)
-    end
-
-    def object_conditions(*args)
-      @view && @view.object_conditions(*args)
-    end
-    # rubocop:enable Style/SafeNavigation
-  end
-end

data/lib/consent/permissions.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-module Consent
-  class Permissions # :nodoc:
-    include Enumerable
-
-    def initialize(permissions)
-      @permissions = permissions
-    end
-
-    def each(&block)
-      Consent.subjects.each do |subject|
-        subject.actions.map do |action|
-          map_permission subject, action
-        end.compact.each(&block)
-      end
-    end
-
-    private
-
-    def map_permission(subject, action)
-      subject_key = subject.permission_key
-      actions = @permissions[subject_key] || @permissions[subject_key.to_s]
-      view = actions && (actions[action.key] || actions[action.key.to_s])
-      full(subject, action, view) || partial(subject, action, view)
-    end
-
-    def full(subject, action, view_key)
-      return unless Consent::FULL_ACCESS.include?(view_key.to_s.strip)
-
-      Permission.new(subject, action)
-    end
-
-    def partial(subject, action, view_key)
-      view = subject.view_for(action, view_key.to_s.to_sym)
-      return if view.nil?
-
-      Permission.new(subject, action, view)
-    end
-  end
-end