eaco 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e72095b7ec920c9b83c284fa3c7331253733bbc8
-  data.tar.gz: 40f6b7c39dc3796bf3495f57d7f4708d233037f4
+  metadata.gz: 064c893c7bbedea1c0ef2d5b26e28e9595b1c195
+  data.tar.gz: b3113b80fbe9d98dd6a25d2581ff42ed984e7510
 SHA512:
-  metadata.gz: a8834f93d09048dad12cb0afd5dcae646b8dccb73c193320e6a9eb1bb4a7292b642ef0a02ec9db437616d8ecda44295237853b849138a9157d6e59af8fe7945b
-  data.tar.gz: f107e5cef842ee26018c0fd148ae9ea4d4d91a64f49763b892c56ffe108ee6cc30276661254dadca5b3297c3bf83ce1b7a3075b0ff92ae8411952a1423281994
+  metadata.gz: 4673c887e41e8ce7df0b4886b4aa1a88f3eaa0b39f30d014cf74ba6524fdcd5f8d426bcc472ae5cbaf5314c23f39f8e0da978bdead17883f938dd825ac7b756f
+  data.tar.gz: bb14983548c641806fe0929ec99e7752fbf3391c24c872469f3f72f41ec627a26b17990622046d76365ac94e3262fa058fadf73ac1de68206f976e0dd65a96a8

data/Guardfile

@@ -14,7 +14,7 @@ guard :rspec, version: 3, cmd: 'rspec' do
   watch('spec/spec_helper.rb') { "spec" }
 
   # When a source changes run its unit spec.
-  watch(%r{^lib/(.+)\.rb$}) {|m| "spec/#{m[1]}_spec.rb"
+  watch(%r{^lib/(.+)\.rb$}) {|m| "spec/#{m[1]}_spec.rb" }
 end
 
 guard :cucumber do
@@ -22,13 +22,13 @@ guard :cucumber do
   watch(%r{^features/.+\.feature$})
 
   # When support code changes, rerun all features.
-  watch(%r{^features/support/.+$})                      { 'features' }
+  watch(%r{^features/support/.+$}) { 'features' }
 
   # When a step definition for a feature changes, rerun the corresponding feature.
   watch(%r{^features/step_definitions/(.+)_steps\.rb$}) { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'features' }
 end
 
-guard :shell do
-  # Rerun scenarios when source code changes
-  watch(%r{^lib/.+\.rb$}) { 'cucumber' }
-end
+#guard :shell do
+#  # Rerun scenarios when source code changes
+#  watch(%r{^lib/.+\.rb$}) { 'cucumber' }
+#end

data/README.md

@@ -1,8 +1,10 @@
 # Eaco
 
-[![Build Status](https://travis-ci.org/ifad/eaco.svg)](https://travis-ci.org/ifad/eaco) *currently writing specs*
+[![Build Status](https://travis-ci.org/ifad/eaco.svg)](https://travis-ci.org/ifad/eaco)
+[![Coverage Status](https://coveralls.io/repos/ifad/eaco/badge.svg)](https://coveralls.io/r/ifad/eaco) (*currently writing specs*)
 [![Code Climate](https://codeclimate.com/github/ifad/eaco/badges/gpa.svg)](https://codeclimate.com/github/ifad/eaco)
 [![Inline docs](http://inch-ci.org/github/ifad/eaco.svg?branch=master)](http://inch-ci.org/github/ifad/eaco/master)
+[![Gem Version](https://badge.fury.io/rb/eaco.svg)](http://badge.fury.io/rb/eaco)
 
 Eacus, the holder of the keys of Hades, is an ACL-based authorization
 framework for Ruby.
@@ -222,4 +224,8 @@ focus on a single release, use `appraisal rails-X.Y rake`, where `X.Y` can be
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create a new Pull Request
 
+## Denominazione d'Origine Controllata
+
+This software is Made in :italy:.
+
 [eaco-e-telamone]: http://upload.wikimedia.org/wikipedia/commons/7/70/Aeacus_telemon.jpg "Aeacus telemon by user Ravenous at en.wikipedia.org - Public domain through Wikimedia Commons - http://commons.wikimedia.org/wiki/File:Aeacus_telemon.jpg#mediaviewer/File:Aeacus_telemon.jpg"

data/eaco.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
     ["bundler", "~> 1.6"],
     "rake", "byebug", "guard", "yard", "appraisal",
     "rspec",  "guard-rspec", "yard-rspec",
-    "cucumber", "guard-cucumber"
+    "cucumber", "guard-cucumber", "coveralls"
 
   ].each {|gem| spec.add_development_dependency *gem }
 end

data/features/rails_integration.feature

@@ -2,9 +2,10 @@ Feature: Rails integration
   The framework should play nice with the most recent major Rails version
 
   Background:
-    Given I am connected to the database
-    And I have a schema defined
+    Given I have a Document resource defined as
+     """
+     authorize $MODEL, using: :pg_jsonb
+     """
 
   Scenario:
-    When I authorize the Document model
     Then I should be able to set an ACL on it

data/features/role_based_authorization.feature

@@ -0,0 +1,33 @@
+Feature: Role-Based authorization
+  Access to a Resource by an Actor is determined by the
+  ACL set on the Resource and the Designators the Actor
+  is eligible.
+
+  Background:
+    Given I have a Document resource defined as
+     """
+     authorize $MODEL, using: :pg_jsonb do
+        roles :reader, :writer
+
+        permissions do
+          reader :read
+          writer reader, :write
+        end
+      end
+     """
+    And I have an User actor defined as
+     """
+     actor $MODEL do
+       designators do
+         user from: :id
+       end
+     end
+     """
+    Given I have an actor named Bob
+      And I have an actor named Tom
+
+  Scenario:
+     And I have a confidential one named "Supa Dupa Fly"
+     And I grant Bob access as a reader in quality of user
+    Then Bob should be able to read it
+     And Tom should not be able to read it

data/features/step_definitions/actor_definition.rb

@@ -0,0 +1,30 @@
+Given(/I have an (\w+) actor defined as/) do |model_name, author_definition|
+  @actor_model = find_model(model_name)
+
+  eval_dsl author_definition, @actor_model
+end
+
+Given(/I have an actor named (\w+)/) do |actor_name|
+  actor = @actor_model.new
+  actor.name = actor_name
+
+  @actors ||= {}
+  @actors[actor_name] = actor
+end
+
+When(/I grant (\w+) access as a (\w+) in quality of (\w+)/) do |actor_name, role_name, designator|
+  actor = @actors.fetch(actor_name)
+  @resource.grant role_name, designator, actor
+  @resource.save!
+end
+
+Then(/(\w+) should be able to (\w+) it/) do |actor_name, permission_name|
+  actor = @actors.fetch(actor_name)
+  actor.can? permission_name, @resource
+end
+
+Then(/(\w+) should not be able to (\w+) it/) do |actor_name, permission_name|
+  actor = @actors.fetch(actor_name)
+  actor.cannot? permission_name, @resource
+end
+

data/features/step_definitions/resource_authorization.rb

@@ -1,15 +1,19 @@
-When(/I authorize the (\w+) model/) do |model_name|
-  @model = Eaco::Cucumber::ActiveRecord.const_get(model_name)
+When(/I have a (\w+) resource defined as/) do |model_name, resource_definition|
+  @resource_model = find_model(model_name)
 
-  Eaco::DSL.authorize @model, using: :pg_jsonb
+  eval_dsl resource_definition, @resource_model
+end
+
+When(/I have a confidential one named "([\w\s]+)"/) do |name|
+  @resource = @resource_model.new(name: name)
 end
 
 Then(/I should be able to set an ACL on it/) do
-  instance = @model.new
+  instance = @resource_model.new
 
   instance.acl = {foo: :bar}
   instance.save!
-  instance = @model.find(instance.id)
+  instance = @resource_model.find(instance.id)
 
-  instance.acl == {foo: :bar} && instance.acl.class.kind_of?(Eaco::ACL)
+  instance.acl == {foo: :bar} && instance.acl.class.kind_of?(@resource_model.acl)
 end

data/features/support/env.rb

@@ -1,9 +1,24 @@
 require 'bundler/setup'
 require 'byebug'
+
+require 'coveralls'
+Coveralls.wear!
+
 require 'eaco'
 require 'eaco/cucumber'
 
-# Create a whole new world
+##
+# Create a whole new world.
+# @see {World}
+# @!method World
 World do
   Eaco::Cucumber::World.new
 end
+
+##
+# Recreate the schema before each feature, to start fresh.
+# @see {ActiveRecord.define_schema!}
+# @!method Before
+Before do
+  Eaco::Cucumber::ActiveRecord.define_schema!
+end

data/lib/eaco/acl.rb

@@ -25,7 +25,7 @@ module Eaco
     # @return [ACL] this ACL
     #
     def initialize(definition = {})
-      definition.each do |designator, role|
+      (definition || {}).each do |designator, role|
         self[designator] = role.intern
       end
     end

data/lib/eaco/actor.rb

@@ -81,6 +81,16 @@ module Eaco
     def can?(action, resource)
       resource.allows?(action, self)
     end
+
+    ##
+    # Opposite of {#can?}.
+    #
+    # @param (see #can?)
+    # @return (see #can?)
+    #
+    def cannot?(*args)
+      !can?(*args)
+    end
   end
 
 end

data/lib/eaco/adapters/active_record/compatibility.rb

@@ -19,13 +19,21 @@ module Eaco
         end
 
         ##
-        # Checks whether the model is compatible. Looks up the
-        # {#support_module} and includes it.
+        # Checks whether this model is compatible.
+        #
+        # Looks up the {#support_module} and, if found, includes it in the
+        # target model.
         #
         # @see #support_module
+        #
+        # @return [nil]
+        #
         def check!
-          layer = support_module
-          base.instance_eval { include layer }
+          mod = support_module
+          return unless mod
+          base.instance_eval { include mod }
+
+          nil
         end
 
         private
@@ -51,18 +59,12 @@ module Eaco
         # Tries to look up the support module for the {#active_record_version}
         # in the {Compatibility} namespace.
         #
-        # @return [Module] the support module
-        #
-        # @raise [Eaco::Error] if not found.
+        # @return [Module] the support module or nil if not required.
         #
         # @see check!
         #
         def support_module
-          unless self.class.const_defined?(support_module_name)
-            raise Eaco::Error, <<-EOF
-              Unsupported Active Record version: #{active_record_version}
-            EOF
-          end
+          return unless self.class.const_defined?(support_module_name)
 
           self.class.const_get support_module_name
         end

data/lib/eaco/cucumber/active_record/schema.rb

@@ -11,7 +11,6 @@ module Eaco
       ::ActiveRecord::Schema.define(version: '2015022301') do
         create_table 'documents', force: true do |t|
           t.string :name
-          t.text   :contents
           t.column :acl, :jsonb
         end
 

data/lib/eaco/cucumber/active_record/user.rb

@@ -13,7 +13,7 @@ module Eaco
       # @see Eaco::Cucumber::World
       #
       class User < ::ActiveRecord::Base
-        autoload :Designators, 'lib/eaco/cucumber/designators.rb'
+        autoload :Designators, 'eaco/cucumber/active_record/user/designators.rb'
 
         has_many :positions
         has_many :departments, through: :positions

data/lib/eaco/cucumber/active_record/user/designators.rb

@@ -0,0 +1,18 @@
+module Eaco
+  module Cucumber
+    module ActiveRecord
+      class User
+
+        ##
+        # The example {Designator}s for the {User} class.
+        #
+        # @see World
+        #
+        module Designators
+          autoload :User, 'eaco/cucumber/active_record/user/designators/user.rb'
+        end
+
+      end
+    end
+  end
+end

data/lib/eaco/cucumber/active_record/user/designators/user.rb

@@ -0,0 +1,48 @@
+module Eaco
+  module Cucumber
+    module ActiveRecord
+      class User
+        module Designators
+
+          ##
+          # The simplest {Designator}. It resolves actors by their unique ID,
+          # such as an autoincrementing ID in a relational database.
+          #
+          # The ID is available as the {Designator#value}. If the Designator
+          # is instantiated with a live instance (see {Designator#initialize})
+          # then it is re-used and a query to the database is avoided.
+          #
+          # The designator string representation for user 42 is +"user:42"+.
+          #
+          class User < Eaco::Designator
+            ##
+            # @return [String] the {User}'s name.
+            #
+            def describe(*)
+              "User '%s'" % [target_user.name]
+            end
+
+            ##
+            # @return [Array] this very {User} wrapped in an +Array+.
+            #
+            def resolve
+              [target_user]
+            end
+
+            private
+              ##
+              # Looks up this user by ID, and memoizes it using the
+              # {Designator#instance=} accessor.
+              #
+              # @return [User] this very user.
+              #
+              def target_user
+                self.instance ||= ActiveRecord::User.find(self.value)
+              end
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/eaco/cucumber/world.rb

@@ -130,6 +130,37 @@ module Eaco
     # Belonging to a department is the Designator of type +:department+
     #
     class World
+
+      ##
+      # Set up the World:
+      #
+      # * Connect to ActiveRecord
+      #
+      def initialize
+        Eaco::Cucumber::ActiveRecord.connect!
+      end
+
+      ##
+      # @return [Class] a model in the {ActiveRecord} namespace.
+      #
+      def find_model(model_name)
+        Eaco::Cucumber::ActiveRecord.const_get(model_name)
+      end
+
+      ##
+      # Evaluates the given {Eaco::DSL} code, substituting the
+      # +$MODEL+ string with the given model name.
+      #
+      # @param code [String] the DSL code to eval
+      # @param model [Class] the model name to substitute
+      #
+      # @return [void]
+      #
+      def eval_dsl(code, model)
+        # Sub in place to print final code when running cucumber
+        code.sub! '$MODEL', model.name
+        Eaco.eval! code, '(feature)'
+      end
     end
 
   end

data/lib/eaco/designator.rb

@@ -194,7 +194,7 @@ module Eaco
     attr_reader :value
 
     # The instance given to {Designator#initialize}
-    attr_reader :instance
+    attr_accessor :instance
 
     ##
     # Should return an extended description for this designator. You can then

data/lib/eaco/dsl/acl.rb

@@ -7,19 +7,23 @@ module Eaco
     # Block-less DSL to set up the {ACL} machinery onto an authorized {Resource}.
     #
     # * Defines an {ACL} subclass in the Resource namespace
+    #   ({#define_acl_subclass})
+    #
     # * Defines syntactic sugar on the ACL to easily retrieve {Actor}s with a
-    #   specific Role
+    #   specific Role ({#define_role_getters})
+    #
     # * Installs {ACL} objects persistance for the supported ORMs
-    # * Installs the authorized collection extraction strategy +.accessible_by+
+    #   ({#install_persistance})
+    #
+    # * Installs the authorized collection extraction strategy
+    #   +.accessible_by+ ({#install_strategy})
     #
     class ACL < Base
 
       ##
-      # Performs ACL setup on the target Resource class.
+      # Performs ACL setup on the target Resource model.
       #
-      # @see #define_acl_subclass
-      # @see #define_role_getters
-      # @see #install_persistance
+      # @return [nil]
       #
       def initialize(*)
         super
@@ -27,6 +31,9 @@ module Eaco
         define_acl_subclass
         define_role_getters
         install_persistance
+        install_strategy
+
+        nil
       end
 
       private
@@ -74,13 +81,11 @@ module Eaco
       end
 
       ##
-      # Sets up the persistance layer for ACLs (+#acl+ and +#acl=+) and the
-      # authorized collection extraction strategy (+.accessible_by+).
+      # Sets up the persistance layer for ACLs (+#acl+ and +#acl=+).
       #
-      # All these APIs can be implemented directly in your models, as
-      # long as the +acl+ accessor accepts and returns the model's ACL
-      # subclass (see {.define_acl_subclass}); and the +.accessible_by+
-      # returns an +Enumerable+ collection.
+      # These APIs can be implemented directly in your Resource model, as long
+      # as the +acl+ accessor accepts and returns the Resource model's ACL
+      # subclass (see {.define_acl_subclass})
       #
       # See each adapter for the details of the extraction strategies
       # they provide.
@@ -99,7 +104,18 @@ module Eaco
             accessor on <#{target}> that accepts and returns a <#{target.acl}>.
           EOF
         end
+      end
 
+      ##
+      # Sets up the authorized collection extraction strategy
+      # (+.accessible_by+).
+      #
+      # This API can be implemented directly in your model, as long as
+      # +.accessible_by+ returns an +Enumerable+ collection.
+      #
+      # @return [void]
+      #
+      def install_strategy
         unless target.respond_to?(:accessible_by)
           strategies = adapter ? adapter.strategies.keys : []
 

data/lib/eaco/dsl/resource.rb

@@ -102,7 +102,7 @@ module Eaco
       #
       def roles(*keys)
         target_eval do
-          @_roles = keys.flatten.freeze
+          @_roles = Set.new(keys.flatten).freeze
         end
       end
 

data/lib/eaco/rake/default_task.rb

@@ -122,7 +122,7 @@ module Eaco
       # @return [nil]
       #
       def croak(msg)
-        $stderr.puts fancy(msg)
+        $stderr.puts fancy(with_appraisal(msg))
       end
 
       ##
@@ -135,6 +135,20 @@ module Eaco
         raise RuntimeError, fancy(msg)
       end
 
+      ##
+      # Adds the current appraisal name to msg, if present
+      #
+      # @param msg [String]
+      # @return [String]
+      #
+      def with_appraisal(msg)
+        if appraisal
+          msg = "%s \033[1;31m[%s]" % [msg, appraisal]
+        end
+
+        return msg
+      end
+
       ##
       # Makes +msg+ fancy.
       #
@@ -142,7 +156,18 @@ module Eaco
       # @return [String]
       #
       def fancy(msg)
-        ">>>\n>>> EACO: #{msg}\n>>>\n"
+        "\n\033[1;32m>>>\n>>> EACO: \033[1;37m#{msg}\033[1;32m\n>>>\n\033[0m"
+      end
+
+      ##
+      # @return [String] the current appraisal name, or nil
+      #
+      def appraisal
+        return unless running_appraisals?
+
+        gemfile = ENV['BUNDLE_GEMFILE']
+
+        File.basename(gemfile, '.*') if gemfile
       end
 
       ##

data/lib/eaco/resource.rb

@@ -37,7 +37,7 @@ module Eaco
       # @param role [Symbol] role name.
       #
       def role?(role)
-        role.to_sym.in?(roles)
+        roles.include?(role.to_sym)
       end
 
       ##
@@ -65,8 +65,8 @@ module Eaco
       end
 
       ##
-      # @return [Symbol] the given +actor+ role in the given resource, or +nil+ if no
-      # access is granted.
+      # @return [Symbol] the given +actor+ role in the given resource, or
+      # +nil+ if no access is granted.
       #
       # @param actor_or_designator [Actor or Designator]
       # @param resource [Resource]
@@ -103,28 +103,36 @@ module Eaco
       ##
       # The permissions defined for each role.
       #
-      # @see DSL::Resource#initialize
+      # @return [Hash] the defined permissions, keyed by +role+
+      #
+      # @see DSL::Resource::Permissions
       #
       def permissions
       end
 
       # The defined roles.
       #
-      # @see DSL::Resource#initialize
+      # @return [Set]
+      #
+      # @see DSL::Resource
       #
       def roles
       end
 
       # Roles' priority map keyed by role symbol.
       #
-      # @see DSL::Resource#initialize
+      # @return [Hash]
+      #
+      # @see DSL::Resource
       #
       def roles_priority
       end
 
       # Role labels map keyed by role symbol
       #
-      # @see DSL::Resource#initialize
+      # @return [Hash]
+      #
+      # @see DSL::Resource
       #
       def roles_with_labels
       end

data/lib/eaco/version.rb

@@ -2,6 +2,6 @@ module Eaco
 
   # Current version
   #
-  VERSION = '0.5.0'
+  VERSION = '0.6.0'
 
 end

data/spec/spec_helper.rb

@@ -1,7 +1,11 @@
 require 'rspec'
-require 'eaco'
 require 'byebug'
 
+require 'coveralls'
+Coveralls.wear!
+
+require 'eaco'
+
 # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
 #
 RSpec.configure do |config|

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: eaco
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Marcello Barnaba
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-24 00:00:00.000000000 Z
+date: 2015-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -164,6 +164,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: 
 email:
 - vjt@openssl.it
@@ -185,7 +199,8 @@ files:
 - features/active_record.example.yml
 - features/active_record.travis.yml
 - features/rails_integration.feature
-- features/step_definitions/database.rb
+- features/role_based_authorization.feature
+- features/step_definitions/actor_definition.rb
 - features/step_definitions/resource_authorization.rb
 - features/support/env.rb
 - gemfiles/rails_3.2.gemfile
@@ -213,6 +228,8 @@ files:
 - lib/eaco/cucumber/active_record/position.rb
 - lib/eaco/cucumber/active_record/schema.rb
 - lib/eaco/cucumber/active_record/user.rb
+- lib/eaco/cucumber/active_record/user/designators.rb
+- lib/eaco/cucumber/active_record/user/designators/user.rb
 - lib/eaco/cucumber/world.rb
 - lib/eaco/designator.rb
 - lib/eaco/dsl.rb
@@ -273,7 +290,8 @@ test_files:
 - features/active_record.example.yml
 - features/active_record.travis.yml
 - features/rails_integration.feature
-- features/step_definitions/database.rb
+- features/role_based_authorization.feature
+- features/step_definitions/actor_definition.rb
 - features/step_definitions/resource_authorization.rb
 - features/support/env.rb
 - spec/eaco/acl_spec.rb

data/features/step_definitions/database.rb

@@ -1,7 +0,0 @@
-Given(/I am connected to the database/) do
-  Eaco::Cucumber::ActiveRecord.connect!
-end
-
-Given(/I have a schema defined/) do
-  Eaco::Cucumber::ActiveRecord.define_schema!
-end