eaco 0.5.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e72095b7ec920c9b83c284fa3c7331253733bbc8
+  data.tar.gz: 40f6b7c39dc3796bf3495f57d7f4708d233037f4
+SHA512:
+  metadata.gz: a8834f93d09048dad12cb0afd5dcae646b8dccb73c193320e6a9eb1bb4a7292b642ef0a02ec9db437616d8ecda44295237853b849138a9157d6e59af8fe7945b
+  data.tar.gz: f107e5cef842ee26018c0fd148ae9ea4d4d91a64f49763b892c56ffe108ee6cc30276661254dadca5b3297c3bf83ce1b7a3075b0ff92ae8411952a1423281994

data/.gitignore

@@ -0,0 +1,21 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+gemfiles/*.gemfile.lock
+_yardoc
+coverage
+doc/
+features/active_record.yml
+features/active_record.log
+lib/bundler/man
+pkg
+rdoc
+tmp
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,18 @@
+rvm:
+  - 2.0.0
+  - 2.1.5
+  - 2.2.0
+
+gemfile:
+  - gemfiles/rails_3.2.gemfile
+  - gemfiles/rails_4.0.gemfile
+  - gemfiles/rails_4.1.gemfile
+  - gemfiles/rails_4.2.gemfile
+
+addons:
+  postgresql: "9.4"
+
+before_script:
+  - psql -c "CREATE DATABASE eaco;" -U postgres
+
+script: bundle exec rake EACO_AR_CONFIG=./features/active_record.travis.yml

data/.yardopts

@@ -0,0 +1 @@
+--protected --private --no-private --hide-void-return '{lib,features/support}/**/*.rb' - README.md LICENSE.txt

data/Appraisals

@@ -0,0 +1,22 @@
+# Test against 3.2 -> 4.2
+#
+appraise 'rails-3.2' do
+  gem 'rails', '~> 3.2.0'
+  gem 'pg'
+  gem 'activerecord-postgres-json'
+end
+
+appraise 'rails-4.0' do
+  gem 'rails', '~> 4.0.0'
+  gem 'pg'
+end
+
+appraise 'rails-4.1' do
+  gem 'rails', '~> 4.1.0'
+  gem 'pg'
+end
+
+appraise 'rails-4.2' do
+  gem 'rails', '~> 4.2.0'
+  gem 'pg'
+end

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in eaco.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,34 @@
+# Eaco's Guardfile
+
+# Watch lib/ and spec/
+directories %w(lib spec)
+
+# Clear the screen before every task
+clearing :on
+
+guard :rspec, version: 3, cmd: 'rspec' do
+  # When single specs change, run them.
+  watch(%r{^spec/.+_spec\.rb$})
+
+  # When spec_helper changes rerun all the specs.
+  watch('spec/spec_helper.rb') { "spec" }
+
+  # When a source changes run its unit spec.
+  watch(%r{^lib/(.+)\.rb$}) {|m| "spec/#{m[1]}_spec.rb"
+end
+
+guard :cucumber do
+  # When single features change, run them.
+  watch(%r{^features/.+\.feature$})
+
+  # When support code changes, rerun all features.
+  watch(%r{^features/support/.+$})                      { 'features' }
+
+  # When a step definition for a feature changes, rerun the corresponding feature.
+  watch(%r{^features/step_definitions/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'features' }
+end
+
+guard :shell do
+  # Rerun scenarios when source code changes
+  watch(%r{^lib/.+\.rb$}) { 'cucumber' }
+end

data/LICENSE.txt

@@ -0,0 +1,23 @@
+Copyright (c) 2013-2015 IFAD
+Copyright (c) 2013-2015 Marcello Barnaba <m.barnaba@ifad.org>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,225 @@
+# Eaco
+
+[![Build Status](https://travis-ci.org/ifad/eaco.svg)](https://travis-ci.org/ifad/eaco) *currently writing specs*
+[![Code Climate](https://codeclimate.com/github/ifad/eaco/badges/gpa.svg)](https://codeclimate.com/github/ifad/eaco)
+[![Inline docs](http://inch-ci.org/github/ifad/eaco.svg?branch=master)](http://inch-ci.org/github/ifad/eaco/master)
+
+Eacus, the holder of the keys of Hades, is an ACL-based authorization
+framework for Ruby.
+
+![Eaco e Telamone][eaco-e-telamone]
+
+## Design
+
+Eaco provides your context's Resources discretionary access by an Actor.
+Access to the Resource is determined using an ACL.
+
+Different Actors can have different levels of access to the same Resource,
+depending on their role as determined by the ACL.
+
+To each role are granted a set of possible abilities, and access is verified
+by checking whether a given actor can perform a specific ability.
+
+Actors are described by their Designators, a pluggable mechanism to be
+implemented in your application.
+
+Each Actor has many designators that describe either its identity or its
+belonging to a group or occupying a position in a department.
+
+Designators are Ruby classes that can embed any sort of custom behaviour that
+your application requires.
+
+ACLs are hashes with designators as keys and roles as values. Extracting
+authorized collections requires only an hash key lookup mechanism in your
+database. Adapters are provided for PG's jsonb and for CouchDB-Lucene.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'eaco', github: 'ifad/eaco'
+
+And then execute:
+
+    $ bundle
+
+## Usage
+
+Create `config/authorization.rb` [(rdoc)](http://www.rubydoc.info/github/ifad/eaco/master/Eaco/DSL)
+
+```ruby
+# Defines `Document` to be an authorized resource.
+#
+# Adds Document.accessible_by and Document#allows
+#
+authorize Document, using: :lucene do
+  roles :owner, :editor, :reader
+
+  permissions do
+    reader   :read
+    editor   reader, :edit
+    owner    editor, :destroy
+  end
+end
+
+# Defines an actor and the sources from which the
+# designators are harvested.
+#
+# Adds User#designators
+#
+actor User do
+  admin do |user|
+    user.admin?
+  end
+
+  designators do
+    user  from: :id
+    group from: :groups
+    tag   from: :tags
+  end
+end
+```
+
+Given a Resource [(rdoc)](http://www.rubydoc.info/github/ifad/eaco/master/Eaco/Resource)
+with an ACL [(rdoc)](http://www.rubydoc.info/github/ifad/eaco/master/Eaco/ACL):
+
+```ruby
+# An example ACL
+>> document = Document.first
+=> #<Document id:42 name:"President's report for loans.docx" [...]>
+>> document.acl
+=> #<Document::ACL {"user:10" => :owner, "group:reviewers" => :reader}>
+```
+
+and an Actor [(rdoc)](http://www.rubydoc.info/github/ifad/eaco/master/Eaco/Actor):
+
+```ruby
+# An example Actor
+>> user = User.find(10)
+=> #<User id:10 name:"Bob Fropp" group_ids:['employees'], tags:['english']>
+>> user.designators
+=> #<Set{ #<Designator(User) value:10>, #<Designator(Group) value:"employees">, #<Designator(Tag) value:"english"> }
+```
+
+you can check if the Actor can perform a specific action on the Resource:
+
+```ruby
+>> user.can? :read, document
+=> true
+
+>> document.allows? :read, user
+=> true
+```
+
+and which access level (`role`) the Actor has for this Resource:
+
+```ruby
+>> document.role_of user
+=> :owner
+
+>> boss = User.find_by_group('reviewer').first
+=> #<User id:42 name:"Jake Leister" group_ids:['reviewers', 'bosses']>
+
+>> document.role_of boss
+=> :reader
+
+>> boss.can? :read, document
+=> true
+
+>> boss.can? :destroy, document
+=> false
+
+>> user.can? :destroy, document
+=> true
+```
+
+Grant reader access to a specific user:
+
+```ruby
+>> user
+=> #<User id:42 name:"Bob Frop">
+
+>> document.grant :reader, :user, user.id
+=> #<Document::ACL "user:42" => :reader>
+
+>> user.can? :read, document
+=> true
+```
+
+Grant reader access to a group:
+
+```ruby
+>> user
+=> #<User id:42 groups:['reviewers']>
+
+>> document.grant :reader, :group, 3
+=> #<Document::ACL "group:reviewers" => :reader>
+
+>> user.can? :read, document
+=> true
+
+>> document.allows? :read, user
+=> true
+```
+
+Obtain a collection of Resources accessible by a given Actor [(rdoc)](http://www.rubydoc.info/github/ifad/eaco/master/Eaco/Adapters):
+
+```ruby
+>> Document.accessible_by(user)
+```
+
+Check whether a controller action can be accessed by an user. Your
+`ApplicationController` must respond to `current_user` for this to work.
+[(rdoc)](http://www.rubydoc.info/github/ifad/eaco/master/Eaco/Controller)
+
+```ruby
+class DocumentsController < ApplicationController
+  before_filter :find_document
+
+  authorize :edit, :update, [:document, :read]
+
+  private
+    def find_document
+      @document = Document.find(:id)
+    end
+end
+```
+
+## Running specs
+
+You need a running postgresql 9.4 instance.
+
+Create an user and a database:
+
+    $ sudo -u postgres psql
+
+    postgres=# CREATE ROLE eaco LOGIN;
+    CREATE ROLE
+
+    postgres=# CREATE DATABASE eaco OWNER eaco ENCODING 'utf8';
+    CREATE DATABASE
+
+    postgres=# ^D
+
+Create `features/active_record.yml` with your database configuration,
+see `features/active_record.example.yml` for an example.
+
+Run `bundle` once. This will install the base bundle.
+
+Run `appraisal` once. This will install the supported Rails versions and pg.
+
+Run `rake`. This will run the specs and cucumber features.
+
+Specs are run against the supported rails versions in turn. If you want to
+focus on a single release, use `appraisal rails-X.Y rake`, where `X.Y` can be
+`3.2`, `4.0`, `4.1` or `4.2`.
+
+## Contributing
+
+1. Fork it ( https://github.com/ifad/eaco/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+[eaco-e-telamone]: http://upload.wikimedia.org/wikipedia/commons/7/70/Aeacus_telemon.jpg "Aeacus telemon by user Ravenous at en.wikipedia.org - Public domain through Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Aeacus_telemon.jpg#mediaviewer/File:Aeacus_telemon.jpg"

data/Rakefile

@@ -0,0 +1,26 @@
+# Bundler
+require 'bundler/setup'
+require 'bundler/gem_tasks'
+
+# YARD
+require 'yard'
+YARD::Rake::YardocTask.new
+
+# RSpec
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+
+# Appraisal
+require 'appraisal/task'
+Appraisal::Task.new
+
+# Cucumber
+require 'cucumber'
+require 'cucumber/rake/task'
+Cucumber::Rake::Task.new
+
+# Our default rake task
+require 'eaco/rake'
+Eaco::Rake::DefaultTask.new
+
+# Thanks for reading.

data/eaco.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'eaco/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "eaco"
+  spec.version       = Eaco::VERSION
+  spec.authors       = ["Marcello Barnaba"]
+  spec.email         = ["vjt@openssl.it"]
+  spec.summary       = %q{Authorization framework}
+  spec.homepage      = "https://github.com/ifad/eaco"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  [
+    ["bundler", "~> 1.6"],
+    "rake", "byebug", "guard", "yard", "appraisal",
+    "rspec",  "guard-rspec", "yard-rspec",
+    "cucumber", "guard-cucumber"
+
+  ].each {|gem| spec.add_development_dependency *gem }
+end

data/features/active_record.example.yml

@@ -0,0 +1,8 @@
+# PostgreSQL 9.4 and up is required.
+#
+adapter:  "postgresql"
+database: "eaco"
+username: "aecus"
+password: "theGreat!"
+encoding: "utf8"
+hostname: "localhost"

data/features/active_record.travis.yml

@@ -0,0 +1,7 @@
+# PostgreSQL 9.4 and up is required.
+#
+adapter:  "postgresql"
+hostname: "localhost"
+database: "eaco"
+username: "postgres"
+password: ""