controlist 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0fe714a3aad4e99f1f5939eaeb793a6b61c485cf
+  data.tar.gz: 99b51da4fc36bd7c17f92d3de8c4c0afbace75dc
+SHA512:
+  metadata.gz: 5791061e742d2fd3f2dd9ae8fdd3cbb7ef211cdf9ddd5689e36b51ff650dae29b6202371125994a8d32cb8be1c74c839fdb68855bafe0925279778960bce6afc
+  data.tar.gz: b9fbeedd4de2e2c92f01fd5fdc1b9e7171dc8977a7bcbf9a594a596001a78b4b6a28fee60b095985e3646340f8061f4be21b732d9a77e5fa4a424c6f46ab0e39

data/.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+.ruby-version

data/Gemfile

@@ -0,0 +1,4 @@
+source 'http://ruby.taobao.org'
+
+# Specify your gem's dependencies in controlist.gemspec
+gemspec

data/Gemfile.lock.3.2

@@ -0,0 +1,106 @@
+PATH
+  remote: .
+  specs:
+    controlist (0.1.0)
+
+GEM
+  remote: http://ruby.taobao.org/
+  specs:
+    actionpack (3.2.22)
+      activemodel (= 3.2.22)
+      activesupport (= 3.2.22)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.22)
+      activesupport (= 3.2.22)
+      builder (~> 3.0.0)
+    activerecord (3.2.22)
+      activemodel (= 3.2.22)
+      activesupport (= 3.2.22)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activesupport (3.2.22)
+      i18n (~> 0.6, >= 0.6.4)
+      multi_json (~> 1.0)
+    ansi (1.5.0)
+    arel (3.0.3)
+    builder (3.0.4)
+    docile (1.1.5)
+    erubis (2.7.0)
+    hashie (3.4.2)
+    hike (1.2.3)
+    i18n (0.7.0)
+    journey (1.0.4)
+    json (1.8.3)
+    minitest (4.7.5)
+    minitest-rails (1.0.1)
+      minitest (~> 4.7)
+      minitest-test (~> 1.0)
+      railties (>= 3.0, < 4.1)
+    minitest-reporters (0.14.24)
+      ansi
+      builder
+      minitest (>= 2.12, < 5.0)
+      powerbar
+    minitest-test (1.1.0)
+      minitest (~> 4.0)
+    multi_json (1.11.1)
+    power_assert (0.2.3)
+    powerbar (1.0.12)
+      ansi (~> 1.5.0)
+      hashie (>= 1.1.0)
+    rack (1.4.7)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.4)
+      rack
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    railties (3.2.22)
+      actionpack (= 3.2.22)
+      activesupport (= 3.2.22)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.4.2)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    simplecov (0.10.0)
+      docile (~> 1.1.0)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    sprockets (2.2.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.10)
+    test-unit (3.1.2)
+      power_assert
+    thor (0.19.1)
+    tilt (1.4.1)
+    tzinfo (0.3.44)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 3.2.1)
+  activesupport (~> 3.2.1)
+  minitest
+  minitest-rails
+  minitest-reporters
+  controlist!
+  simplecov (~> 0.10.0)
+  sqlite3 (~> 1.3.10)
+  test-unit
+
+BUNDLED WITH
+   1.10.2

data/Gemfile.lock.4.1

@@ -0,0 +1,84 @@
+PATH
+  remote: .
+  specs:
+    controlist (0.1.0)
+
+GEM
+  remote: http://ruby.taobao.org/
+  specs:
+    actionpack (4.1.12)
+      actionview (= 4.1.12)
+      activesupport (= 4.1.12)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    actionview (4.1.12)
+      activesupport (= 4.1.12)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+    activemodel (4.1.12)
+      activesupport (= 4.1.12)
+      builder (~> 3.1)
+    activerecord (4.1.12)
+      activemodel (= 4.1.12)
+      activesupport (= 4.1.12)
+      arel (~> 5.0.0)
+    activesupport (4.1.12)
+      i18n (~> 0.6, >= 0.6.9)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.1)
+      tzinfo (~> 1.1)
+    ansi (1.5.0)
+    arel (5.0.1.20140414130214)
+    builder (3.2.2)
+    docile (1.1.5)
+    erubis (2.7.0)
+    i18n (0.7.0)
+    json (1.8.3)
+    minitest (5.7.0)
+    minitest-rails (2.1.1)
+      minitest (~> 5.4)
+      railties (~> 4.1)
+    minitest-reporters (1.0.17)
+      ansi
+      builder
+      minitest (>= 5.0)
+      ruby-progressbar
+    rack (1.5.5)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    railties (4.1.12)
+      actionpack (= 4.1.12)
+      activesupport (= 4.1.12)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    ruby-progressbar (1.7.5)
+    simplecov (0.10.0)
+      docile (~> 1.1.0)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    sqlite3 (1.3.10)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 4.1.1)
+  activesupport (~> 4.1.1)
+  bundler (~> 1.7)
+  minitest (~> 5.7.0)
+  minitest-rails (~> 2.1.1)
+  minitest-reporters (~> 1.0.17)
+  rake (~> 10.0)
+  controlist!
+  simplecov (~> 0.10.0)
+  sqlite3 (~> 1.3.10)
+
+BUNDLED WITH
+   1.10.2

data/Gemfile.lock.4.2

@@ -0,0 +1,101 @@
+PATH
+  remote: .
+  specs:
+    controlist (0.1.0)
+
+GEM
+  remote: http://ruby.taobao.org/
+  specs:
+    actionpack (4.2.3)
+      actionview (= 4.2.3)
+      activesupport (= 4.2.3)
+      rack (~> 1.6)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (4.2.3)
+      activesupport (= 4.2.3)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activemodel (4.2.3)
+      activesupport (= 4.2.3)
+      builder (~> 3.1)
+    activerecord (4.2.3)
+      activemodel (= 4.2.3)
+      activesupport (= 4.2.3)
+      arel (~> 6.0)
+    activesupport (4.2.3)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    ansi (1.5.0)
+    arel (6.0.0)
+    builder (3.2.2)
+    docile (1.1.5)
+    erubis (2.7.0)
+    i18n (0.7.0)
+    json (1.8.3)
+    loofah (2.0.2)
+      nokogiri (>= 1.5.9)
+    mini_portile (0.6.2)
+    minitest (5.7.0)
+    minitest-rails (2.1.1)
+      minitest (~> 5.4)
+      railties (~> 4.1)
+    minitest-reporters (1.0.17)
+      ansi
+      builder
+      minitest (>= 5.0)
+      ruby-progressbar
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
+    rack (1.6.4)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.6)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.3)
+      actionpack (= 4.2.3)
+      activesupport (= 4.2.3)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    ruby-progressbar (1.7.5)
+    simplecov (0.10.0)
+      docile (~> 1.1.0)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    sqlite3 (1.3.10)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 4.2.1)
+  activesupport (~> 4.2.1)
+  bundler (~> 1.7)
+  minitest (~> 5.7.0)
+  minitest-rails (~> 2.1.1)
+  minitest-reporters (~> 1.0.17)
+  rake (~> 10.0)
+  controlist!
+  simplecov (~> 0.10.0)
+  sqlite3 (~> 1.3.10)
+
+BUNDLED WITH
+   1.10.2

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 ALO7 Inc.
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,96 @@
+# Controlist
+
+## Fine-grained access control library for Ruby ActiveRecord
+
+Controlist support Ruby 1.9 and 2.x, ActiveRecord 3.2 and 4.1+
+
+## Use Case
+
+RBAC (Role-Based Access Control)
+Security for API Server
+Any scenario that need fine-grained or flexible access control
+
+## Feature
+
+* Support ActiveRecord CRUD permissions
+* Support attribute level permission
+* Support association level permission
+* Filter attributes for READ permission
+* Check changed and previous value for persistence operation
+* CRUD permission support lambda, argument is "Relation" for READ or "Object" for persistence(ActiveRecord 4.1+)
+* Attribute value check support lambda and raw sql
+* Modify permissions on the fly
+* Skip permission check on demand
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'controlist'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install controlist
+
+## Usage
+
+### Initialization
+
+```ruby
+require 'controlist'
+require 'controlist/managers/thread_based_manager'
+Controlist.initialize Controlist::Managers::ThreadBasedManager
+```
+
+You can use your customized manager or configuration to initialize Controlist
+
+```ruby
+require 'controlist'
+Controlist.initialize YourManager #, attribute_proxy: "_val", value_object_proxy: "_value_object", logger: Logger.new(STDOUT)
+
+```
+
+## Example
+
+```ruby
+Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+  Controlist::Permission.new(User, READ, true, [
+    SimpleConstrain.new("name", "Tom"),
+    SimpleConstrain.new("name", ["Grade 1", "Grade 2"], relation: "clazz"),
+    AdvancedConstrain.new(property: "age", value: 5, operator: ">="),
+    SimpleConstrain.new("age", "null"),
+    SimpleConstrain.new("age", [1,2,3]),
+    SimpleConstrain.new("clazz_id", -> { Clazz.select(:id).map(&:id) }),
+    AdvancedConstrain.new(clause: "age != 100"),
+    AdvancedConstrain.new(proc_read: lambda{|relation| relation.order("id DESC").limit(3) })
+  ])))
+relation = User.all
+relation.to_sql
+assert_equal [:clazz], relation.joins_values
+assert_equal ["(users.name = 'Tom') and (clazzs.name in ('Grade 1','Grade 2'))" +
+              " and (users.age >= 5) and (users.age is null) and (users.age in (1,2,3))" +
+              " and (users.clazz_id in (1,2)) and (age != 100)"], relation.where_values
+assert_equal 3, relation.limit_value
+assert_equal ["id DESC"], relation.order_values
+```
+
+And more examples, please see [more examples](https://github.com/alo7/controlist/blob/master/test/feature_test.rb)
+
+## Contributing
+
+1. Fork it ( https://github.com/alo7/controlist.git )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+
+## License
+
+Controlist is released under the [MIT License](http://www.opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+  t.pattern = "test/*_test.rb"
+end
+

data/controlist.gemspec

@@ -0,0 +1,42 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'controlist/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "controlist"
+  spec.version       = Controlist::VERSION
+  spec.authors       = ["Leon Li"]
+  spec.email         = ["qianthinking@gmail.com"]
+  spec.summary       = %q{Fine-grained access control library for Ruby ActiveRecord}
+  spec.description   = %q{Use Case: RBAC (Role-Based Access Control), security for API Server and any scenario that need fine-grained or flexible access control}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "minitest-rails", "~> 2.1.1"
+  spec.add_development_dependency "minitest-reporters", "~> 1.0.17"
+  spec.add_development_dependency "minitest", "~> 5.7.0"
+  spec.add_development_dependency "simplecov", "~> 0.10.0"
+  spec.add_development_dependency "sqlite3", "~> 1.3.10"
+  spec.add_development_dependency "activesupport", "~> 4.2.1"
+  spec.add_development_dependency "activerecord", "~> 4.2.1"
+
+  #For ActiveRecord 3 test
+  #spec.add_development_dependency "minitest-rails"
+  #spec.add_development_dependency "minitest-reporters"
+  #spec.add_development_dependency "minitest"
+  #spec.add_development_dependency "test-unit"
+  #spec.add_development_dependency "simplecov", "~> 0.10.0"
+  #spec.add_development_dependency "sqlite3", "~> 1.3.10"
+  #spec.add_development_dependency "activesupport", "~> 3.2.1"
+  #spec.add_development_dependency "activerecord", "~> 3.2.1"
+
+end

data/lib/controlist/errors.rb

@@ -0,0 +1,26 @@
+module Controlist
+
+  class ControlistError < StandardError
+  end
+
+  class NoPermissionError < ControlistError
+  end
+
+  class PermissionForbidden < ControlistError
+    attr_reader :permission
+
+    def initialize(message, permission = nil)
+      @permission = permission
+      super(message)
+    end
+  end
+
+  class NotReuseableError < ControlistError
+    attr_reader :relation
+    def initialize(message, relation = nil)
+      @relation = relation
+      super(message)
+    end
+  end
+
+end