exits 0.0.2

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NzNjOGQ5NjQyZGI4NGEzNWZhMTNiYTAwZDMzNmMzYTAwOTQ4ZGUxMw==
+  data.tar.gz: !binary |-
+    NDQwMjQ3ODYzNmE0MTBmNWM0NDYzODlkYWY3NzZlYWFlYWE1MGRkOA==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    OTA3Nzc3ZmM0N2I5NmEyZWZkYWU2OGJmYTY0OTU3MzZiNmYwZWVlNTc0ZGYy
+    ZmM4ODY4MTVlOWVhY2EwMjRjOGFjZTAzMmNhZDc5MmJhMWYyMjY1M2U0ZWNi
+    OTc3NGVmYTEzMjE2ZWNlMmZjMGMzYjg5NzhkN2IwOWY5MGZhYmE=
+  data.tar.gz: !binary |-
+    MTI3MWFmZjhiM2U1Y2NlY2I2Njg1NjUwOTQ5NzRkNzcwNmFkZTk1ZjhmZDE2
+    NTJiZGJiMDE0YzhlM2I5NmI1NDJjMTVhNmU3NzdlOTExZTQxYjA3ZjczZGVk
+    ZGI1M2M2MzI4MDU4YWQ2NjRlMjc5NDQ3ZWI3YWM2ZGU1YjRiMTI=

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.DS_Store

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in exits.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Pier-Olivier Thibault
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,85 @@
+# Exits
+When you want to restrict access to your Rails application.
+
+## Description
+You want to restrict access to your application so Administrator & User can have different access level. Exits provides two level of authorization that works in conjunction so you can fine tuned access to your need. All the authorization logic is set in the *controller* to make it easy for you to figure out who has access to what.
+
+Designed with an emphasis on readability, it also is designed to work with your authentication setup(Warden, Devise).
+
+
+## How to use
+
+Let's assume you have Admin & User and want to let admin have access to everything and restrict User to edit their own stuff.
+
+		# controllers/application_controller.rb
+		class ApplicationController < ActionController::Base
+			before_action :restrict_routes!
+		end
+
+		# controllers/posts_controller.rb
+		class PostsController < ActionController::Base
+			allow Admin, :all
+			allow User, :show, :new, :create, :edit
+
+			def admin
+			end
+
+			def edit
+				@post = Post.find params[:id].to_i
+				allow! User do
+					current_user.eql? @post.user
+				end
+			end
+		end
+
+First of all, for Exits to work, you need to add `before_action :restrict_routes` to your ApplicationController.
+
+Exits takes a very strict approach to handling access. If you don't allow access to an action for a given user class, _it won't be authorized to access such action._
+
+This is by designed, it's a tradeoff between boilerplate code & readability. It's much easier to understand permissions if they are explicit in every controller and presented in the same manner throughout your application.
+
+To give access to a controller, you have to use `allow` the class as shown above in PostsController[line 2-3].
+
+If you need to be more specific about a permission, you can be more precise inside the controller method using `allow!`. This method takes a block that needs to return _true_ or _false_.
+
+If it returns false, Exits will raise an exception and redirect you to :root (You can customize this behavior). 
+
+*Remember:* You have to set permission inside your controller's class. If a user class does not have permission to access the controller, it will never reach the controller's method! e.g PostsController#edit
+
+### Unauthorized
+When a user is unauthorized the default behavior is to set a flash message and redirect to :root.
+
+You can override this behavior.
+
+		# controllers/application_controller.rb
+		class ApplicationController < ActionController::Base
+			before_action :restrict_routes!
+		
+			def unauthorized	(exception)
+				# Handle unauthorized user here
+			end
+		end
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'exits'
+
+And then execute:
+
+    $ bundle
+
+## Test
+Exits comes with a test suite.
+
+		$ rake test
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,11 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Bundler::GemHelper.install_tasks
+
+Rake::TestTask.new do |t|
+end
+
+desc 'Run test suite'
+task :default => :test
+

data/exits.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'exits/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "exits"
+  spec.version       = Exits::VERSION
+  spec.authors       = ["Pier-Olivier Thibault"]
+  spec.email         = ["pothibo@gmail.com"]
+  spec.description   = %q{Exits authorize user to access specific part of your application with a clear syntax}
+  spec.summary       = %q{Authorization for your rails' application}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport", ">= 4.0"
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency 'minitest', "~> 4.2"
+end

data/lib/exits/action_controller/helpers.rb

@@ -0,0 +1,52 @@
+require 'active_support'
+
+module Exits
+  module ActionController
+    module Helpers
+      extend ActiveSupport::Concern
+
+      included do
+        rescue_from Exits::Rules::Unauthorized do |exception|
+          unauthorized exception
+        end
+      end
+
+      module ClassMethods
+
+        def allow(kls, *actions)
+          rules.add self, kls, actions
+        end
+
+        def rules
+          @rules ||= ::Exits::Rules.new
+        end
+
+      end
+
+      def restrict_routes!
+        unless self.class.rules.authorized?(self.class, current_user.class, action_name)
+          restricted!
+        end
+      end
+
+      protected
+
+      def unauthorized(exception)
+        flash.alert = t("exits.unauthorized")
+        redirect_to :root
+      end
+
+      def allow!(kls, &block)
+        return unless current_user.instance_of?(kls)
+        unless yield
+          restricted!
+        end
+      end
+
+      def restricted!
+        raise Exits::Rules::Unauthorized
+      end
+
+    end
+  end
+end

data/lib/exits/railtie.rb

@@ -0,0 +1,11 @@
+require 'exits/action_controller/helpers'
+
+module Exits
+  class Railtie < ::Rails::Railtie
+    initializer "exits.railties.initializer" do |app|
+      ActiveSupport.on_load :action_controller do
+        include Exits::ActionController::Helpers
+      end
+    end
+  end
+end

data/lib/exits/rules/controller.rb

@@ -0,0 +1,24 @@
+module Exits
+  class Rules
+    class Controller
+      def initialize
+        @users = {}
+      end
+
+      def []=(user_class, actions)
+        @users[user_class] ||= Exits::Rules::User.new
+        @users[user_class].allow actions
+      end
+
+      def [](user_class)
+        @users[user_class]
+      end
+
+      def authorized?(klass, action)
+        user = self[klass]
+        return false if user.nil?
+        user.authorized? action
+      end
+    end
+  end
+end

data/lib/exits/rules/user.rb

@@ -0,0 +1,24 @@
+module Exits
+  class Rules
+    class User
+      class Exits::Rules::ConfusingRulesError < StandardError; end;
+      def initialize
+        @actions = []
+      end
+
+      def allow(*actions)
+        @actions = @actions | actions.flatten
+
+        if @actions.size > 1 && @actions.include?(:all)
+          raise Exits::Rules::ConfusingRulesError, "You have :all and specific actions within the same controller/user rule."
+        end
+      end
+
+      def authorized?(action)
+        return true if @actions.include?(:all)
+        return @actions.include?(action)
+      end
+    end
+  end
+end
+

data/lib/exits/rules.rb

@@ -0,0 +1,23 @@
+require 'exits/rules/controller'
+require 'exits/rules/user'
+
+module Exits
+  class Rules
+    class Unauthorized < StandardError; end;
+
+    def initialize
+      @controllers = Hash.new
+    end
+
+    def add(controller_class, klass, *actions)
+      @controllers[controller_class] ||= Exits::Rules::Controller.new
+      @controllers[controller_class][klass] = actions.flatten
+    end
+
+    def authorized?(controller_class, klass, action)
+      controller = @controllers.fetch(controller_class, {})
+      return false if controller.nil?
+      controller.authorized? klass, action
+    end
+  end
+end

data/lib/exits/version.rb

@@ -0,0 +1,3 @@
+module Exits
+  VERSION = "0.0.2"
+end

data/lib/exits.rb

@@ -0,0 +1,10 @@
+require "exits/version"
+require 'exits/rules'
+
+module Exits
+
+end
+
+if defined? Rails
+  require 'exits/railtie'
+end

data/test/test_controller.rb

@@ -0,0 +1,80 @@
+gem 'minitest'
+require 'minitest/autorun'
+require 'exits/rules'
+require 'exits/action_controller/helpers'
+
+class User
+  attr_accessor :id
+end
+
+class Admin < User; end;
+
+class SomeController
+  include ActiveSupport::Rescuable
+  include Exits::ActionController::Helpers
+  attr_accessor :action_name, :current_user
+
+  allow Admin, :all
+  allow User, :show, :index
+  
+  def index
+    @user = User.new
+    @user.id = 1
+    allow! User do
+      current_user.id == @user.id
+    end
+    return true
+  end
+
+end
+
+
+describe Exits::ActionController::Helpers do
+  def setup
+    @controller = SomeController.new
+  end
+
+  it 'should not authorize a user at the controller level' do
+    @controller.action_name = :edit
+    @controller.current_user = User.new
+
+    assert_raises Exits::Rules::Unauthorized do
+      @controller.send(:restrict_routes!)
+    end
+  end
+
+  it 'should not authorize a user at the action level' do
+    @controller.action_name = :edit
+    @controller.current_user = User.new
+
+    assert_raises Exits::Rules::Unauthorized do
+      @controller.index
+    end
+  end
+
+  it 'should authorize a user' do
+    @controller.action_name = :show
+    assert @controller.class.rules.authorized? @controller.class, User, @controller.action_name
+  end
+
+  it "should not authorize a user if he is not allowed within the action" do
+    @user = User.new
+    @user.id = 2
+    @controller.action_name = :index
+    @controller.current_user = @user
+    assert_raises Exits::Rules::Unauthorized do
+      @controller.index
+    end
+  end
+
+  it "should allow a user only if he's cleared the 2 levels" do
+    @user = User.new
+    @user.id = 1
+    @controller.action_name = :index
+    @controller.current_user = @user
+    assert @controller.class.rules.authorized?(@controller.class, @user.class, @controller.action_name), "Should be allowed on the controller level"
+    assert @controller.index, "Should be allowed on the action level"
+  end
+
+end
+

data/test/test_rules.rb

@@ -0,0 +1,86 @@
+gem 'minitest'
+require 'minitest/autorun'
+require 'exits/rules'
+
+class SomeController; end;
+class User; end;
+
+describe Exits::Rules do
+  def setup
+    @rules = Exits::Rules.new
+  end
+
+  describe Exits::Rules::User do
+    def setup
+      @rule = Exits::Rules::User.new
+    end
+
+    it 'should not authorize if no rules have been set' do
+      assert !@rule.authorized?(:show), "Shouldn't authorize :show"
+    end
+
+    it 'should be able to allow an action' do
+      @rule.allow(:show)
+      assert @rule.authorized?(:show), "Couldn't authorize :show"
+    end
+
+    it 'should make sure actions are unique' do
+      @rule.allow(:show, :show)
+      assert @rule.instance_variable_get("@actions").size == 1, "Should only be 1 instance of :show"
+    end
+
+    it 'should make a union of every call to Exits::Rules::User#allow' do
+      @rule.allow(:show)
+      @rule.allow(:show, :edit)
+      actions = @rule.instance_variable_get("@actions")
+
+      assert_equal [:show, :edit], actions, "Should only be 2 actions registered"
+    end
+
+    it 'should raise an error if :all is set with other actions' do
+      assert_raises Exits::Rules::ConfusingRulesError do
+        @rule.allow(:show)
+        @rule.allow(:all)
+      end
+    end
+
+    it 'should authorize any action if :all is set' do
+      @rule.allow(:all)
+      assert @rule.authorized?(:show), "Should authorize :show when :all is set"
+    end
+  end
+
+  describe Exits::Rules::Controller do
+    def setup
+      @rule = Exits::Rules::Controller.new
+    end
+
+    it 'should not authorize if no rules have been set' do
+      assert !@rule.authorized?(User, :show), "Shouldn't authorize User if there's no rule"
+    end
+
+    it 'should be able to add a rule & authorize' do
+      @rule[User] = :show, :edit
+      assert @rule.authorized?(User, :show), "Should authorize :show for User"
+    end
+
+  end
+
+  it 'should be able to add rules' do
+    @rules.add SomeController, User, [:show]
+    controllers = @rules.instance_variable_get("@controllers")
+    assert controllers.has_key?(SomeController), "No rules for #{SomeController.name}"
+    assert !controllers[SomeController][User].nil?, "Couldn't add a rule for #{User.name}"
+  end
+
+  it 'should authorize a user matching the rule' do
+    @rules.add SomeController, User, [:show]
+    assert @rules.authorized?(SomeController, User, :show), "Couldn't authorize User in SomeController for :show"
+  end
+
+  it 'should prohibit a user accessing an undefined action' do
+    @rules.add SomeController, User, [:show]
+    assert !@rules.authorized?(SomeController, User, :edit), "Shouldn't authorize User in SomeController for :edit"
+  end
+end
+

metadata

@@ -0,0 +1,118 @@
+--- !ruby/object:Gem::Specification
+name: exits
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Pier-Olivier Thibault
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '4.2'
+description: Exits authorize user to access specific part of your application with
+  a clear syntax
+email:
+- pothibo@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- exits.gemspec
+- lib/exits.rb
+- lib/exits/action_controller/helpers.rb
+- lib/exits/railtie.rb
+- lib/exits/rules.rb
+- lib/exits/rules/controller.rb
+- lib/exits/rules/user.rb
+- lib/exits/version.rb
+- test/test_controller.rb
+- test/test_rules.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Authorization for your rails' application
+test_files:
+- test/test_controller.rb
+- test/test_rules.rb