denied 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b94163c06da89e4067fb3b83d0141d3205461dba
+  data.tar.gz: d630061324ba20cba1c060d3ef3e62d5ce8bed49
+SHA512:
+  metadata.gz: 6f6ab2449c746a7932aa91db6b60f1fae2ba00f7cdb042aa7cb7bf278275c2945b195a934cd0bde747534e60a21468b3cc84bc383c73dd2769cb795f4c930827
+  data.tar.gz: 39c519ff2f631a0ec99c4b1d175f07410400e2a2fd26b041239ebd4269246cc4abf4f2c0cff45c406602920aa9c063cf30af847827af649afc03e78876790bce

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -0,0 +1,12 @@
+rvm:
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+  - 2.1.1
+
+script: 'bundle exec rake spec'
+
+notifications:
+  disabled: false
+  recipients:
+    - johannes.opper@gmail.com

data/CHANGELOG.md

@@ -0,0 +1,3 @@
+2014-08-21 Initial import
+  * Includes plain and conditional restrictions
+  * ..and RSpec matcher

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in denied.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,13 @@
+ DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+                    Version 2, December 2004
+
+ Copyright (C) 2014 Johannes Opper <johannes.opper@gmail.com>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+            DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.

data/README.md

@@ -0,0 +1,29 @@
+# Denied
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'denied'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install denied
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/denied/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec)
+task :default => :spec
+
+desc "Open an irb session preloaded with this library"
+task :console do
+  sh "irb -rubygems -I lib -r denied.rb"
+end

data/denied.gemspec

@@ -0,0 +1,29 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'denied/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "denied"
+  spec.version       = Denied::VERSION
+  spec.authors       = ["Johannes Opper"]
+  spec.email         = ["johannes.opper@gmail.com"]
+  spec.summary       = %q{Simple access control dsl for controllers.}
+  spec.description   = %q{Simple access control dsl for controllers}
+  spec.homepage      = "https://github.com/xijo/denied"
+  spec.license       = "WTFPL"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'rails', '> 3.0'
+
+  spec.add_development_dependency 'bundler', '~> 1.5'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'codeclimate-test-reporter'
+end

data/lib/denied/access_denied.rb

@@ -0,0 +1,4 @@
+module Denied
+  class AccessDenied < Error
+  end
+end

data/lib/denied/error.rb

@@ -0,0 +1,4 @@
+module Denied
+  class Error < StandardError
+  end
+end

data/lib/denied/gatekeeper.rb

@@ -0,0 +1,27 @@
+module Denied
+  class Gatekeeper
+    def eye(controller)
+      restriction = current_restriction(controller)
+      restriction and handle_restriction(restriction, controller)
+    end
+
+    private
+
+    def handle_restriction(restriction, controller)
+      controller.current_user or raise Denied::LoginRequired
+
+      if restriction.allow_if
+        unless controller.__send__(restriction.allow_if)
+          raise Denied::AccessDenied, reason: restriction
+        end
+      end
+    end
+
+    def current_restriction(controller)
+      controller.restrictions or return
+      controller.restrictions.find do |restriction|
+        restriction.restricts?(controller.action_name)
+      end
+    end
+  end
+end

data/lib/denied/login_required.rb

@@ -0,0 +1,4 @@
+module Denied
+  class LoginRequired < Error
+  end
+end

data/lib/denied/rails/controller.rb

@@ -0,0 +1,26 @@
+module Denied
+  module Rails
+    module Controller
+      extend ActiveSupport::Concern
+
+      included do
+        cattr_accessor :restrictions
+        self.restrictions ||= []
+        before_filter :invoke_gatekeeper
+      end
+
+      module ClassMethods
+        def restrict(*args)
+          self.restrictions ||= []
+          restrictions << Denied::Restriction.new(*args)
+        end
+      end
+
+      private
+
+      def invoke_gatekeeper
+        Denied::Gatekeeper.new.eye(self)
+      end
+    end
+  end
+end

data/lib/denied/restriction.rb

@@ -0,0 +1,17 @@
+module Denied
+  class Restriction
+    attr_accessor :actions, :role, :allow_if
+
+    def initialize(*args)
+      options   = args.extract_options!
+      @role     = options[:role]
+      @allow_if = options[:allow_if]
+      @actions  = args
+      actions.empty? and raise ArgumentError, "expected actions to restrict, but got #{actions.inspect}"
+    end
+
+    def restricts?(action_name)
+      actions.include?(action_name.to_sym)
+    end
+  end
+end

data/lib/denied/rspec/matcher.rb

@@ -0,0 +1,44 @@
+RSpec::Matchers.define :have_restriction_on do |given_action_name|
+  match do |given_controller|
+    @given_action_name = given_action_name
+    @given_controller = given_controller
+
+    @restriction = given_controller.restrictions.find do |restriction|
+      restriction.restricts?(given_action_name)
+    end
+
+    if @restriction
+      if @given_allow_if
+        @restriction.allow_if == @given_allow_if
+      else
+        true
+      end
+    else
+      false
+    end
+  end
+
+  chain :with_allow_if do |given_allow_if|
+    @given_allow_if = given_allow_if
+  end
+
+  failure_message do |actual|
+    if @restriction && @given_allow_if
+      "Expected restriction to call #{@given_allow_if.inspect}, but calls #{@restriction.allow_if.inspect}"
+    else
+      "Expected to have restriction on #{@given_action_name}, but was not found in #{@given_controller.restrictions.inspect}"
+    end
+  end
+
+  failure_message_when_negated do |actual|
+    if @given_allow_if
+      "Expected restriction not to call #{@given_allow_if.inspect}, but calls #{@restriction.allow_if.inspect}"
+    else
+      "Expected not to have restriction on #{@given_action_name}, but was found in #{@given_controller.restrictions.inspect}"
+    end
+  end
+
+  def description
+    "Checks if a restriction for a given action is defined on the controller"
+  end
+end

data/lib/denied/version.rb

@@ -0,0 +1,3 @@
+module Denied
+  VERSION = "0.0.1"
+end

data/lib/denied.rb

@@ -0,0 +1,13 @@
+require 'active_support'
+
+require 'denied/version'
+require 'denied/error'
+require 'denied/login_required'
+require 'denied/access_denied'
+require 'denied/restriction'
+require 'denied/gatekeeper'
+require 'denied/rails/controller'
+
+module Denied
+  # Your code goes here...
+end

data/spec/lib/denied/gatekeeper_spec.rb

@@ -0,0 +1,67 @@
+require 'spec_helper'
+
+describe Denied::Gatekeeper do
+
+  let(:gatekeeper) { Denied::Gatekeeper.new }
+  let(:controller) { ExampleController.new }
+  let(:user)       { FakeUser.new }
+
+  before { controller.action_name = 'edit' }
+
+  describe '#eye' do
+    context 'without restriction' do
+      it 'grants anonymous access' do
+        expect { gatekeeper.eye(controller) }.not_to raise_error
+      end
+
+      it 'grants user access' do
+        controller.current_user = user
+        expect { gatekeeper.eye(controller) }.not_to raise_error
+      end
+    end
+
+    context 'with plain restriction' do
+      before { controller.class.restrict :edit }
+
+      it 'denies anonymous access' do
+        expect { gatekeeper.eye(controller) }.to raise_error(Denied::LoginRequired)
+      end
+
+      it 'grants user access' do
+        controller.current_user = user
+        expect { gatekeeper.eye(controller) }.not_to raise_error
+      end
+    end
+
+    context 'with conditional restriction' do
+      before do
+        controller.class.restrict :action1, allow_if: :missing
+        controller.class.restrict :action2, allow_if: :falsy
+        controller.class.restrict :action3, allow_if: :truthy
+      end
+
+      it 'raises on missing method' do
+        controller.current_user = user
+        controller.action_name = 'action1'
+        expect { gatekeeper.eye(controller) }.to raise_error(NoMethodError)
+      end
+
+      it 'denies anonymous access' do
+        controller.action_name = 'action1'
+        expect { gatekeeper.eye(controller) }.to raise_error(Denied::LoginRequired)
+      end
+
+      it 'denies access on falsy return value' do
+        controller.current_user = user
+        controller.action_name = 'action2'
+        expect { gatekeeper.eye(controller) }.to raise_error(Denied::AccessDenied)
+      end
+
+      it 'grants access on truthy return value' do
+        controller.current_user = user
+        controller.action_name = 'action3'
+        expect { gatekeeper.eye(controller) }.not_to raise_error
+      end
+    end
+  end
+end

data/spec/lib/denied/rails/controller_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe Denied::Rails::Controller do
+
+  let(:controller) { ExampleController.new }
+
+  before do
+    controller.class.restrict :index
+    controller.class.restrict :show, allow_if: :access_allowed?
+  end
+
+  describe '#restrict' do
+    it 'builds and adds a plain restriction' do
+      expect(controller).to have_restriction_on(:index)
+    end
+
+    it 'builds and adds a conditional restriction' do
+      expect(controller).to have_restriction_on(:show).with_allow_if(:access_allowed?)
+    end
+  end
+
+  describe '#included' do
+    it 'adds the before filter' do
+      expect(controller.before_filters).to include :invoke_gatekeeper
+    end
+  end
+
+  describe '#invoke_gatekeeper' do
+    it 'builds and calls a gatekeeper for the controller' do
+      expect_any_instance_of(Denied::Gatekeeper).to receive(:eye).with(controller)
+      controller.__send__ :invoke_gatekeeper
+    end
+  end
+
+end

data/spec/lib/denied/restriction_spec.rb

@@ -0,0 +1,36 @@
+require 'spec_helper'
+
+describe Denied::Restriction do
+  let(:restriction) { Denied::Restriction.new(:show, :edit, role: :manager) }
+
+  describe '#initialize' do
+    it 'knows about its actions' do
+      expect(restriction.actions).to eq [:show, :edit]
+    end
+
+    it 'raises an error if no actions were given' do
+      expect { Denied::Restriction.new }.to raise_error(ArgumentError)
+    end
+  end
+
+  describe '#restricts?' do
+    it 'returns true if the given action is contained' do
+      expect(restriction).to be_restricts(:show)
+    end
+
+    it 'returns false if the given action name is not contained' do
+      expect(restriction).not_to be_restricts(:index)
+    end
+  end
+
+  describe '#role' do
+    it 'returns the role name if given' do
+      expect(restriction.role).to eq :manager
+    end
+
+    it 'returns nil if non was given' do
+      expect(Denied::Restriction.new(:foo).role).to be_nil
+    end
+  end
+
+end

data/spec/lib/denied/rspec/matcher_spec.rb

@@ -0,0 +1,84 @@
+require 'spec_helper'
+
+describe 'have_restriction_on' do
+  let(:controller) { ExampleController.new }
+
+  # before do
+  #   controller.class.restrict :index
+  #   controller.class.restrict :show, allow_if: :access_allowed?
+  # end
+
+
+  context 'without restrictions' do
+    it 'matcher fails' do
+      expect {
+        expect(controller).to have_restriction_on(:show)
+      }.to raise_error RSpec::Expectations::ExpectationNotMetError
+    end
+
+    it 'negated matcher passes' do
+      expect(controller).not_to have_restriction_on(:show)
+    end
+  end
+
+  context 'with plain restriction' do
+    before { controller.class.restrict :show }
+
+    it 'matcher passes' do
+      expect(controller).to have_restriction_on(:show)
+    end
+
+    it 'wrong matcher fails' do
+      expect {
+        expect(controller).to have_restriction_on(:index)
+      }.to raise_error RSpec::Expectations::ExpectationNotMetError
+    end
+
+    it 'negated matcher fails' do
+      expect {
+        expect(controller).not_to have_restriction_on(:show)
+      }.to raise_error RSpec::Expectations::ExpectationNotMetError
+    end
+
+    it 'matcher conditional chain fails' do
+      expect {
+        expect(controller).to have_restriction_on(:show).with_allow_if(:something)
+      }.to raise_error RSpec::Expectations::ExpectationNotMetError
+    end
+
+    it 'negated matcher with conditional chain passes' do
+      expect(controller).not_to have_restriction_on(:show).with_allow_if(:something)
+    end
+  end
+
+  context 'with conditional restriction' do
+    before { controller.class.restrict :show, allow_if: :something }
+
+    it 'matcher passes' do
+      expect(controller).to have_restriction_on(:show)
+    end
+
+    it 'wrong matcher fails' do
+      expect {
+        expect(controller).to have_restriction_on(:index)
+      }.to raise_error RSpec::Expectations::ExpectationNotMetError
+    end
+
+    it 'negated matcher fails' do
+      expect {
+        expect(controller).not_to have_restriction_on(:show)
+      }.to raise_error RSpec::Expectations::ExpectationNotMetError
+    end
+
+    it 'matcher conditional chain passes' do
+      expect(controller).to have_restriction_on(:show).with_allow_if(:something)
+    end
+
+    it 'negated matcher with conditional chain passes' do
+      expect {
+        expect(controller).not_to have_restriction_on(:show).with_allow_if(:something)
+      }.to raise_error RSpec::Expectations::ExpectationNotMetError
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,46 @@
+require 'codeclimate-test-reporter'
+CodeClimate::TestReporter.start
+
+require 'simplecov'
+require 'byebug'
+
+SimpleCov.profiles.define 'gem' do
+  add_filter '/spec/'
+  add_filter '/autotest/'
+  add_group 'Libraries', '/lib/'
+end
+SimpleCov.start 'gem'
+
+require 'denied'
+require 'denied/rspec/matcher'
+
+RSpec.configure do |config|
+  config.after do
+    ExampleController.restrictions = []
+  end
+end
+
+# Mimics the behavior of ActionController::Base
+class FakeController
+  attr_accessor :action_name, :current_user
+  cattr_accessor :before_filters
+
+  def self.before_filter(filter)
+    self.before_filters ||= []
+    before_filters << filter
+  end
+end
+
+FakeUser = Struct.new(:foo)
+
+class ExampleController < FakeController
+  include Denied::Rails::Controller
+
+  def falsy
+    false
+  end
+
+  def truthy
+    true
+  end
+end

metadata

@@ -0,0 +1,170 @@
+--- !ruby/object:Gem::Specification
+name: denied
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Johannes Opper
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-08-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple access control dsl for controllers
+email:
+- johannes.opper@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- denied.gemspec
+- lib/denied.rb
+- lib/denied/access_denied.rb
+- lib/denied/error.rb
+- lib/denied/gatekeeper.rb
+- lib/denied/login_required.rb
+- lib/denied/rails/controller.rb
+- lib/denied/restriction.rb
+- lib/denied/rspec/matcher.rb
+- lib/denied/version.rb
+- spec/lib/denied/gatekeeper_spec.rb
+- spec/lib/denied/rails/controller_spec.rb
+- spec/lib/denied/restriction_spec.rb
+- spec/lib/denied/rspec/matcher_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/xijo/denied
+licenses:
+- WTFPL
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Simple access control dsl for controllers.
+test_files:
+- spec/lib/denied/gatekeeper_spec.rb
+- spec/lib/denied/rails/controller_spec.rb
+- spec/lib/denied/restriction_spec.rb
+- spec/lib/denied/rspec/matcher_spec.rb
+- spec/spec_helper.rb