consent 1.0.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 925e2e71db7ce7b4c7104784bbd54cfeb8273b2502f0f73f599e64754d5a010a
-  data.tar.gz: 256326fbd83020d39881b53eadc1b3b7cb9c5169bedee5aac5491661a0e3023b
+  metadata.gz: 4b1d6948271b3646f4e11a1dcede687c2fdc39f8c027ae15e13349ac37c2562e
+  data.tar.gz: f9d2751cd4be0849b431eae34b2a30f20738fae9f6c32d39545d7cd3945c08fd
 SHA512:
-  metadata.gz: 84ee14b357d0edd8c7be190cc4f79e67d6a0a7f8e0f869d1bf15b0d1ebe87e6f076939aa9db684c172eec8f489bb83f8794c3ca0946a4edc569c07f04a6a9889
-  data.tar.gz: 490da917b1363a0b5d2f209df9363978764874fbe74d500c548b91a95f16f3ca35fab2a80a1ab7ac4de7364e7892101efc4e4a022d25683d0dc82896c7b39da9
+  metadata.gz: 5df36d982389d1f4d3ee114ee8148bd8b117458bef2873895f0c3e731749194ccd81b5e230ff7db4aa3d4a7129432615613f84773cf938ed0f5fe53ea16e812a
+  data.tar.gz: 4386963f1938a72c92555f15f0b656c6fb0e3a2353bdab85306911065c1fe5cce25686454d27a0c171a1631dae68edc2f79fb4dd30e84ab4ffa07b125d42357f

data/.gitignore

@@ -1,10 +1,17 @@
 /.bundle/
 /.yardoc
-/Gemfile.lock
 /_yardoc/
-/coverage/
-/doc/
-/pkg/
+coverage
+pkg
 /spec/reports/
-/tmp/
-/consent-*.gem
+**/tmp/*
+!**/tmp/.gitkeep
+!tmp/.gitignore
+vendor/bundle
+*.log
+*.sqlite
+*.sqlite3
+
+# Ignore uploaded files in development
+/storage/*
+!/storage/.keep

data/.rubocop.yml

@@ -1 +1,18 @@
 inherit_from: .rubocop_todo.yml
+
+require:
+  - rubocop-powerhome
+
+AllCops:
+  TargetRubyVersion: 3.0
+
+Style/FrozenStringLiteralComment:
+  Exclude:
+    - 'gemfiles/*'
+
+Bundler/OrderedGems:
+  Exclude:
+    - 'gemfiles/*'
+
+Rails:
+  Enabled: false

data/.rubocop_todo.yml

@@ -1,21 +1,19 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2019-11-20 02:06:29 -0300 using RuboCop version 0.65.0.
+# on 2022-08-23 19:11:09 UTC using RuboCop version 1.35.1.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 5
-# Configuration parameters: CountComments, ExcludedMethods.
-# ExcludedMethods: refine
-Metrics/BlockLength:
+# Offense count: 3
+# Configuration parameters: AllowComments, AllowEmptyLambdas.
+Lint/EmptyBlock:
   Exclude:
-    - 'spec/**/*'
-    - 'lib/consent/rspec.rb'
+    - 'spec/consent_spec.rb'
 
-# Offense count: 9
-Style/Documentation:
+# Offense count: 1
+# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, AllowedMethods, AllowedPatterns, IgnoredMethods.
+Metrics/MethodLength:
   Exclude:
-    - 'spec/**/*'
-    - 'test/**/*'
+    - 'db/migrate/*.rb'

data/Appraisals

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+appraise "rails-6-1" do
+  gem "rails", "6.1.7.7"
+end
+
+appraise "rails-7-0" do
+  gem "rails", "7.0.8.7"
+end
+
+appraise "rails-7-1" do
+  gem "rails", "7.1.3.2"
+end

data/Gemfile

@@ -1,6 +1,15 @@
 # frozen_string_literal: true
 
-source 'https://rubygems.org'
+source "https://rubygems.org"
 
 # Specify your gem's dependencies in consent.gemspec
 gemspec
+
+gem "base64"
+gem "bigdecimal"
+gem "logger"
+gem "mutex_m"
+gem "net-imap", "< 0.5.0"
+gem "nokogiri", "< 1.18"
+gem "rubocop-powerhome", path: "../rubocop-powerhome"
+gem "zeitwerk", "< 2.7.0"

data/Gemfile.lock

@@ -0,0 +1,259 @@
+PATH
+  remote: ../rubocop-powerhome
+  specs:
+    rubocop-powerhome (0.5.3)
+      rubocop (= 1.66.1)
+      rubocop-performance
+      rubocop-rails
+      rubocop-rake
+      rubocop-rspec
+
+PATH
+  remote: .
+  specs:
+    consent (2.1.0)
+      cancancan (= 3.2.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (8.0.1)
+      actionview (= 8.0.1)
+      activesupport (= 8.0.1)
+      nokogiri (>= 1.8.5)
+      rack (>= 2.2.4)
+      rack-session (>= 1.0.1)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+      useragent (~> 0.16)
+    actionview (8.0.1)
+      activesupport (= 8.0.1)
+      builder (~> 3.1)
+      erubi (~> 1.11)
+      rails-dom-testing (~> 2.2)
+      rails-html-sanitizer (~> 1.6)
+    activemodel (8.0.1)
+      activesupport (= 8.0.1)
+    activerecord (8.0.1)
+      activemodel (= 8.0.1)
+      activesupport (= 8.0.1)
+      timeout (>= 0.4.0)
+    activesupport (8.0.1)
+      base64
+      benchmark (>= 0.3)
+      bigdecimal
+      concurrent-ruby (~> 1.0, >= 1.3.1)
+      connection_pool (>= 2.2.5)
+      drb
+      i18n (>= 1.6, < 2)
+      logger (>= 1.4.2)
+      minitest (>= 5.1)
+      securerandom (>= 0.3)
+      tzinfo (~> 2.0, >= 2.0.5)
+      uri (>= 0.13.1)
+    appraisal (2.5.0)
+      bundler
+      rake
+      thor (>= 0.14.0)
+    ast (2.4.2)
+    base64 (0.2.0)
+    benchmark (0.4.0)
+    bigdecimal (3.1.9)
+    builder (3.3.0)
+    byebug (11.1.3)
+    cancancan (3.2.1)
+    coderay (1.1.3)
+    combustion (1.5.0)
+      activesupport (>= 3.0.0)
+      railties (>= 3.0.0)
+      thor (>= 0.14.6)
+    concurrent-ruby (1.3.5)
+    connection_pool (2.5.0)
+    crass (1.0.6)
+    csv (3.3.2)
+    date (3.4.1)
+    diff-lcs (1.6.0)
+    drb (2.2.1)
+    erubi (1.13.1)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
+    io-console (0.8.0)
+    irb (1.15.1)
+      pp (>= 0.6.0)
+      rdoc (>= 4.0.0)
+      reline (>= 0.4.2)
+    json (2.10.1)
+    language_server-protocol (3.17.0.4)
+    license_finder (7.2.1)
+      bundler
+      csv (~> 3.2)
+      rubyzip (>= 1, < 3)
+      thor (~> 1.2)
+      tomlrb (>= 1.3, < 2.1)
+      with_env (= 1.1.0)
+      xml-simple (~> 1.1.9)
+    logger (1.6.6)
+    loofah (2.24.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    method_source (1.1.0)
+    mini_portile2 (2.8.8)
+    minitest (5.25.4)
+    mutex_m (0.3.0)
+    net-imap (0.4.19)
+      date
+      net-protocol
+    net-protocol (0.2.2)
+      timeout
+    nokogiri (1.17.2)
+      mini_portile2 (~> 2.8.2)
+      racc (~> 1.4)
+    nokogiri (1.17.2-arm64-darwin)
+      racc (~> 1.4)
+    nokogiri (1.17.2-x86_64-linux)
+      racc (~> 1.4)
+    parallel (1.26.3)
+    parser (3.3.7.1)
+      ast (~> 2.4.1)
+      racc
+    pp (0.6.2)
+      prettyprint
+    prettyprint (0.2.0)
+    pry (0.14.2)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    pry-byebug (3.10.1)
+      byebug (~> 11.0)
+      pry (>= 0.13, < 0.15)
+    psych (5.2.3)
+      date
+      stringio
+    racc (1.8.1)
+    rack (3.1.10)
+    rack-session (2.1.0)
+      base64 (>= 0.1.0)
+      rack (>= 3.0.0)
+    rack-test (2.2.0)
+      rack (>= 1.3)
+    rackup (2.2.1)
+      rack (>= 3)
+    rails-dom-testing (2.2.0)
+      activesupport (>= 5.0.0)
+      minitest
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.6.2)
+      loofah (~> 2.21)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
+    railties (8.0.1)
+      actionpack (= 8.0.1)
+      activesupport (= 8.0.1)
+      irb (~> 1.13)
+      rackup (>= 1.0.0)
+      rake (>= 12.2)
+      thor (~> 1.0, >= 1.2.2)
+      zeitwerk (~> 2.6)
+    rainbow (3.1.1)
+    rake (13.2.1)
+    rdoc (6.12.0)
+      psych (>= 4.0.0)
+    regexp_parser (2.10.0)
+    reline (0.6.0)
+      io-console (~> 0.5)
+    rexml (3.4.1)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.3)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.3)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.13.0)
+    rspec-rails (6.1.5)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.13)
+      rspec-expectations (~> 3.13)
+      rspec-mocks (~> 3.13)
+      rspec-support (~> 3.13)
+    rspec-support (3.13.2)
+    rubocop (1.66.1)
+      json (~> 2.3)
+      language_server-protocol (>= 3.17.0)
+      parallel (~> 1.10)
+      parser (>= 3.3.0.2)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 2.4, < 3.0)
+      rubocop-ast (>= 1.32.2, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.38.0)
+      parser (>= 3.3.1.0)
+    rubocop-performance (1.23.1)
+      rubocop (>= 1.48.1, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rails (2.29.1)
+      activesupport (>= 4.2.0)
+      rack (>= 1.1)
+      rubocop (>= 1.52.0, < 2.0)
+      rubocop-ast (>= 1.31.1, < 2.0)
+    rubocop-rake (0.6.0)
+      rubocop (~> 1.0)
+    rubocop-rspec (3.4.0)
+      rubocop (~> 1.61)
+    ruby-progressbar (1.13.0)
+    rubyzip (2.4.1)
+    securerandom (0.4.1)
+    sqlite3 (1.7.3)
+      mini_portile2 (~> 2.8.0)
+    sqlite3 (1.7.3-arm64-darwin)
+    sqlite3 (1.7.3-x86_64-linux)
+    stringio (3.1.3)
+    thor (1.3.2)
+    timeout (0.4.3)
+    tomlrb (2.0.3)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.6.0)
+    uri (1.0.2)
+    useragent (0.16.11)
+    with_env (1.1.0)
+    xml-simple (1.1.9)
+      rexml
+    zeitwerk (2.6.18)
+
+PLATFORMS
+  arm64-darwin-22
+  arm64-darwin-23
+  ruby
+  x86_64-linux
+
+DEPENDENCIES
+  activerecord (>= 5)
+  appraisal (~> 2.5.0)
+  base64
+  bigdecimal
+  bundler (~> 2.1)
+  combustion (~> 1.3)
+  consent!
+  license_finder (>= 7.0)
+  logger
+  mutex_m
+  net-imap (< 0.5.0)
+  nokogiri (< 1.18)
+  pry (>= 0.14.2)
+  pry-byebug (= 3.10.1)
+  rake (~> 13)
+  rspec (~> 3.0)
+  rspec-rails (~> 6.1.5)
+  rubocop-powerhome!
+  sqlite3 (~> 1.7.3)
+  zeitwerk (< 2.7.0)
+
+BUNDLED WITH
+   2.5.23

data/Rakefile

@@ -1,8 +1,14 @@
+#!/usr/bin/env rake
+
 # frozen_string_literal: true
 
-require 'bundler/gem_tasks'
-require 'rspec/core/rake_task'
+require "bundler/setup"
+Bundler::GemHelper.install_tasks
 
+require "rspec/core/rake_task"
 RSpec::Core::RakeTask.new(:spec)
 
-task default: :spec
+require "rubocop/rake_task"
+RuboCop::RakeTask.new(:rubocop)
+
+task default: %i[spec rubocop]

data/app/models/concerns/consent/authorizable.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+module Consent
+  module Authorizable
+    extend ::ActiveSupport::Concern
+
+    included do
+      has_many :permissions, class_name: "Consent::Permission",
+                             foreign_key: :role_id, inverse_of: false,
+                             dependent: :delete_all, autosave: true
+    end
+
+    # Grants all permissions in o permissions hash formatted as:
+    #
+    # `{ <subject> => { <action> => <view> } }`
+    #
+    # @example role.grant_all({ "user" => { "read" => "all" }})
+    # @example role.grant_all({ User => { read: :all }})
+    #
+    # When `replace: true`, it mark all existing permisions for destruction
+    #
+    # @example
+    #    role.grant_all(User => { read: :territory })
+    #    role.grant_all({ User => { write: :territory }, replace: true)
+    #    role.permissions
+    #    => [#<Consent::Permission subject: User(...), action: :write, view: :territory>]
+    #
+    # `grant_all` will only keep valid permissions, this excludes any permisison that grants nothing (:no_access)
+    #
+    # @param permissions [Hash] a hash formatted as documented above
+    # @param replace [Boolean] whether we should replace all existing granted permisions
+    #
+    def grant_all(permissions, replace: false)
+      changed = self.permissions
+                    .from_hash(permissions)
+                    .map { |permission| grant_permission(permission) }
+      (self.permissions - changed).each(&:mark_for_destruction) if replace
+    end
+
+    # Destructive form of {Authorizable#grant_all}. This methods grants all the given permissions and
+    # persists it to the database atomically
+    #
+    # @see #grant_all
+    # @yield after saving before commiting within the transaction
+    #
+    def grant_all!(*args, **kwargs)
+      transaction do
+        grant_all(*args, **kwargs)
+        tap(&:save!)
+        touch
+        yield if block_given?
+      end
+    end
+
+    # Grants a permission to a role, replacing any existing permission for the same subject/action pair:
+    #
+    # @example
+    #    role.grant(subject: "user", action: "read", view: "all")
+    #    role.grant(subject: "user", action: "read", view: "territory")
+    #    role.permissions
+    #    => [#<Consent::Permission subject: User(...), action: :read, view: :territory>]
+    #
+    # `grant` only grants valid permissions:
+    #
+    # @example
+    #    role.grant(subject: "user", action: "read", view: "no_access")
+    #    role.permissions
+    #    => []
+    #
+    # `grant` also does not persist the given permissions, so the caller must #save! the role
+    #
+    # @param subject [Symbol|String|Class] any valid subject
+    # @param action [String|Symbol] a valid action
+    # @param view [String|Symbol] a valid view
+    #
+    def grant(subject:, action:, view:)
+      grant_permission ::Consent::Permission.new(subject: subject, action: action, view: view)
+    end
+
+  private
+
+    def grant_permission(new_perm)
+      existing_perm = permissions.find { |p| p.subject.eql?(new_perm.subject) && p.action.eql?(new_perm.action) }
+      if existing_perm
+        existing_perm.view = new_perm.view
+        existing_perm.mark_for_destruction unless existing_perm.valid?
+        existing_perm
+      elsif new_perm.valid?
+        association(:permissions).add_to_target(new_perm)
+        new_perm
+      end
+    end
+  end
+end

data/app/models/consent/application_record.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Consent
+  class ApplicationRecord < ActiveRecord::Base
+    self.abstract_class = true
+  end
+end

data/app/models/consent/history.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+module Consent
+  class History < ::Consent::ApplicationRecord
+    include Consent::SubjectCoder::Model
+
+    enum command: { grant: "grant", revoke: "revoke" }
+
+    validates :subject, presence: true
+    validates :action, presence: true
+    validates :view, presence: true
+    validates :command, presence: true
+
+    def self.record(command, permission)
+      create!(
+        **permission.slice(:role_id, :subject, :action, :view),
+        command: command.to_s
+      )
+    end
+  end
+end

data/app/models/consent/permission.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module Consent
+  class Permission < ::Consent::ApplicationRecord
+    include Consent::SubjectCoder::Model
+
+    validates :subject, presence: true
+    validates :action, presence: true
+    validates :view, presence: true,
+                     exclusion: {
+                       in: [::Consent::NO_ACCESS],
+                       message: "must grant access",
+                     }
+    after_save { ::Consent::History.record(:grant, self) }
+    after_destroy { ::Consent::History.record(:revoke, self) }
+
+    scope :to, ->(subject:, action: nil, view: nil) do
+      where({ subject: subject, action: action, view: view }.compact)
+    end
+
+    # It is true when it is a replacement for another permission
+    # @private
+    #
+    def replaces?(permission)
+      subject == permission.subject && action == permission.action
+    end
+
+    # Symbol key of an action
+    #
+    def action
+      super&.to_sym
+    end
+
+    # Symbol key of a view or "1" for full access
+    #
+    def view
+      return "1" if Consent::FULL_ACCESS.include?(super)
+
+      super&.to_sym
+    end
+
+    # Transforms a hash of permissions and views to grant into a collection
+    # of Consent::Permission
+    #
+    # I.e.:
+    #   Permission.from_hash User => { write: :territory }
+    #   => [#<Consent::Permission view: :territory, action: :write, subject: User>]
+    #
+    #   Permission.from_hash User => { write: :territory, read: :all }
+    #   => [#<Consent::Permission view: :territory, action: :write, subject: User>,]
+    #       #<Consent::Permission view: :all, action: :read, subject: User>]
+    #
+    # It also eliminates any invalid permission from the resulting set
+    #
+    # I.e.:
+    #   Permission.from_hash User => { write: :territory, read: :no_access }, Department: { write: :all }
+    #   => [#<Consent::Permission view: :territory, action: :write, subject: User>,]
+    #       #<Consent::Permission view: :all, action: :write, subject: Department>]
+    #
+    # @param permissions [Hash] a set of permissions in the hash format
+    # @return [Array<Consent::Permission>]
+    #
+    def self.from_hash(permissions)
+      permissions.flat_map do |subject, actions|
+        actions.flat_map do |action, view|
+          new(subject: subject, action: action, view: view)
+        end
+      end.select(&:valid?)
+    end
+  end
+end

data/bin/console

@@ -1,8 +1,8 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'bundler/setup'
-require 'consent'
+require "bundler/setup"
+require "consent"
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -11,5 +11,5 @@ require 'consent'
 # require "pry"
 # Pry.start
 
-require 'irb'
+require "irb"
 IRB.start

data/config.ru

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require "rubygems"
+require "bundler"
+
+Bundler.require :default, :development
+
+Combustion.initialize! :all
+run Combustion::Application

data/consent.gemspec

@@ -1,31 +1,35 @@
 # frozen_string_literal: true
 
-lib = File.expand_path('lib', __dir__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'consent/version'
+require_relative "lib/consent/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = 'consent'
+  spec.name          = "consent"
   spec.version       = Consent::VERSION
-  spec.authors       = ['Carlos Palhares']
-  spec.email         = ['chjunior@gmail.com']
+  spec.authors       = ["Carlos Palhares"]
+  spec.email         = ["chjunior@gmail.com"]
 
-  spec.summary       = 'Consent'
-  spec.description   = 'Consent'
+  spec.summary       = "Consent permission based authorization"
+  spec.description   = "Consent permission based authorization"
+  spec.homepage = "https://github.com/powerhome/power-tools"
+  spec.license = "MIT"
+  spec.required_ruby_version = ">= 3.0"
 
-  spec.licenses = ['MIT']
+  spec.metadata["rubygems_mfa_required"] = "true"
+  spec.files = `git ls-files`.split.grep_v(/^(test|spec|features)/)
+  spec.require_paths = ["lib"]
 
-  spec.files = `git ls-files`.split.reject do |file|
-    file =~ /^(test|spec|features)/
-  end
-  spec.require_paths = ['lib']
+  spec.add_dependency "cancancan", "3.2.1"
 
-  spec.add_development_dependency 'activerecord', '>= 5'
-  spec.add_development_dependency 'bundler', '>= 1.17.3'
-  spec.add_development_dependency 'cancancan', '~> 1.15.0'
-  spec.add_development_dependency 'pry', '~> 0.14.1'
-  spec.add_development_dependency 'rake', '>= 12.3.3'
-  spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'rubocop', '~> 0.65.0'
-  spec.add_development_dependency 'sqlite3', '~> 1.4.2'
+  spec.add_development_dependency "activerecord", ">= 5"
+  spec.add_development_dependency "appraisal", "~> 2.5.0"
+  spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "combustion", "~> 1.3"
+  spec.add_development_dependency "license_finder", ">= 7.0"
+  spec.add_development_dependency "pry", ">= 0.14.2"
+  spec.add_development_dependency "pry-byebug", "3.10.1"
+  spec.add_development_dependency "rake", "~> 13"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "rspec-rails", "~> 6.1.5"
+  spec.add_development_dependency "rubocop-powerhome", "0.5.0"
+  spec.add_development_dependency "sqlite3", "~> 1.7.3"
 end