discretion 0.4.0.pre.alpha → 1.0.0.pre.alpha

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5b39ae6911fe8a0aa3da936ad083d93c346af721
-  data.tar.gz: 5e34a6059f263690d797e97455777ad7a01cc4ed
+  metadata.gz: a56b9cc6109e4904c4c4ffa1569af797b4e043a7
+  data.tar.gz: 77a3f57cd1628eee0ed41ca2ae4c71f032309829
 SHA512:
-  metadata.gz: b50620eef4fe55b2117695f3aace6a6cb9311d277b7210cc4af07d043947af8b4dbb5b192bc60e505909a433cfce8c5167261c13c778ec7f99b3f70632d87d4e
-  data.tar.gz: 98118e6239097bad701fd7de80641eec0f3ebccb6f973bd556e40213fee71aba20b4b00e186f3747e493f883de20d63395517e3ab6693495263a5062ed30c5c3
+  metadata.gz: 2ec9587ef19c98cd89b9ed107c16907a9a7c3fe1316f58b86b6ac66e38c4bef621c959e1286d2f04466e6b4dea1168e12a8e20959b8b33a5395eaa9816c2bd7a
+  data.tar.gz: e3b5fcad23ef87209535356e5ea6d5c4c9d2bc3d60d4cc722c1a772ab05e92a420a6d4cb74fc2d87adcca341b44d61b80d44e2b13fa3db736d3b85ef88f89c01

data/.gitignore

@@ -1,3 +1,4 @@
+.byebug_history
 /.bundle/
 /.yardoc
 /Gemfile.lock
@@ -7,3 +8,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+vendor/

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/README.md

@@ -1,5 +1,7 @@
 # Discretion
 
+**tldr; Discretion is a simple privacy/authorization framework for Rails projects. You define `can_see?(viewer)` methods in a model class to determine if a given viewer is allowed to view/load/read the model (record). If so, you can query and load the record as you normally would in Rails (e.g. using `find`, `where`, `limit`, ...). If not, then Discretion will throw an exception when you try to fetch the record. Something similar is done for writes as well.**
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -25,7 +27,7 @@ Or install it yourself as:
 
 The idea is simple: we colocate the read and write policies with the model definitions themselves by defining `can_see?(viewer)` and optionally `can_write?(viewer)`. The semantics are straightforward: given a `viewer` (typically a `User` but can be anything you want -- more on this below), can that viewer see the record encapsulated by the model class?
 
-For example, let's say we have a web app for a large non-profit organization which has staff who have to raise money from donors. So we might have models like `Donor`, `Staff`, and `Donation`s. Below we will describe how we would set up authorization/privacy policies for these models using Discretion.
+For example, let's say we have a web app for a large non-profit organization which has staff who have to raise money from donors. So we might have models like `Donor`, `Staff`, and `Donation`. Below we will describe how we would set up authorization/privacy policies for these models using Discretion.
 
 ### Opt-In
 
@@ -185,7 +187,7 @@ Discretion is totally opaque and should not require any changes in how you query
 
 After checking out the repo, run `bin/setup` to install dependencies. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+To install this gem onto your local machine, run `bundle exec rake install`.
 
 ## Contributing
 

data/Rakefile

@@ -1,2 +1,5 @@
-require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+require 'bundler/gem_tasks'
+
+RSpec::Core::RakeTask.new(:spec)
 task :default => :spec

data/discretion.gemspec

@@ -14,6 +14,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = 'https://github.com/abeland/discretion'
   spec.license       = 'MIT'
 
+  spec.add_dependency 'activesupport'
   spec.add_dependency 'rails', '~>5'
   spec.add_dependency 'request_store', '~>1.3'
   spec.required_ruby_version = '>= 2.2.2'
@@ -25,6 +26,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
+  spec.add_development_dependency 'activerecord'
   spec.add_development_dependency 'bundler', '~> 1.15'
+  spec.add_development_dependency 'factory_bot_rails'
   spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rspec-rails'
+  spec.add_development_dependency 'sqlite3'
 end

data/lib/discretion.rb

@@ -5,7 +5,7 @@ require 'discretion/errors'
 require 'discretion/helpers'
 require 'discretion/meta'
 require 'discretion/middleware'
-require 'discretion/railtie'
+require 'discretion/railtie' if defined?(Rails)
 require 'discretion/version'
 
 ActiveRecord::Base.send(:include, Discretion::Meta) if defined?(ActiveRecord)

data/lib/discretion/can.rb

@@ -2,6 +2,7 @@ module Discretion
   class << self
     def can_see_record?(viewer, record)
       return true unless record.is_a?(Discretion::DiscreetModel)
+      return true if Discretion::OMNISCIENT_VIEWER == viewer || Discretion::OMNIPOTENT_VIEWER == viewer
 
       record.send(:can_see?, viewer)
     end
@@ -10,16 +11,17 @@ module Discretion
       can_see_record?(Discretion.current_viewer, record)
     end
 
-    def can_write_record?(viewer, record)
+    def can_write_record?(viewer, record, changes, new_record)
       return true unless record.is_a?(Discretion::DiscreetModel)
+      return true if Discretion::OMNIPOTENT_VIEWER == viewer
 
       record.respond_to?(:can_write?, true) ?
-        record.send(:can_write?, viewer) :
+        record.send(:can_write?, viewer, changes, new_record) :
         can_see_record?(viewer, record)
     end
 
-    def current_viewer_can_write_record?(record)
-      can_write_record?(Discretion.current_viewer, record)
+    def current_viewer_can_write_record?(record, changes, new_record)
+      can_write_record?(Discretion.current_viewer, record, changes, new_record)
     end
   end
 end

data/lib/discretion/current_viewer.rb

@@ -1,4 +1,7 @@
 module Discretion
+  OMNISCIENT_VIEWER = :__discretion_omnisient_viewer_val
+  OMNIPOTENT_VIEWER = :__discretion_omnipotent_viewer_val
+
   class << self
     CURRENT_VIEWER_KEY = :__discretion_current_viewer
 

data/lib/discretion/discreet_model.rb

@@ -1,3 +1,5 @@
+require 'active_support/concern'
+
 module Discretion
   module DiscreetModel
     extend ActiveSupport::Concern
@@ -8,7 +10,9 @@ module Discretion
       end
 
       before_save do |record|
-        raise Discretion::CannotWriteError unless Discretion.current_viewer_can_write_record?(record)
+        unless Discretion.current_viewer_can_write_record?(record, changes, new_record?)
+          raise Discretion::CannotWriteError
+        end
       end
     end
   end

data/lib/discretion/helpers.rb

@@ -12,8 +12,28 @@ module Discretion
       records.all? { |record| Discretion.can_see_record?(viewer, record) }
     end
 
-    def can_write_records?(viewer, *records)
-      records.all? { |record| Discretion.can_write_record?(viewer, record) }
+    def omnisciently
+      # Calling Proc.new will create a Proc from the implicitly given block to
+      # the current method.
+      # cf. http://ruby-doc.org/core-2.5.0/Proc.html#method-c-new
+      with_viewer(Discretion::OMNISCIENT_VIEWER, &Proc.new)
+    end
+
+    def omnipotently
+      # Calling Proc.new will create a Proc from the implicitly given block to
+      # the current method.
+      # cf. http://ruby-doc.org/core-2.5.0/Proc.html#method-c-new
+      with_viewer(Discretion::OMNIPOTENT_VIEWER, &Proc.new)
+    end
+
+    private
+
+    def with_viewer(viewer)
+      orig_viewer = Discretion.current_viewer
+      Discretion.set_current_viewer(viewer)
+      yield
+    ensure
+      Discretion.set_current_viewer(orig_viewer)
     end
   end
 end

data/lib/discretion/railtie.rb

@@ -1,3 +1,5 @@
+require 'rails'
+
 module Discretion
   class Railtie < ::Rails::Railtie
     initializer 'discretion.insert_middleware' do |app|

data/lib/discretion/version.rb

@@ -1,3 +1,3 @@
 module Discretion
-  VERSION = '0.4.0.pre.alpha'.freeze
+  VERSION = '1.0.0.pre.alpha'.freeze
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: discretion
 version: !ruby/object:Gem::Version
-  version: 0.4.0.pre.alpha
+  version: 1.0.0.pre.alpha
 platform: ruby
 authors:
 - Abe Land
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-11-26 00:00:00.000000000 Z
+date: 2018-02-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
@@ -38,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +80,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.15'
+- !ruby/object:Gem::Dependency
+  name: factory_bot_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +108,48 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A simple privacy/authorization framework for Rails projects.
 email:
 - codeclimbcoffee@gmail.com
@@ -74,6 +158,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rspec"
 - CODE_OF_CONDUCT.md
 - Gemfile
 - LICENSE.txt