ez-permissions 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 63fcfa633d299ba98948f0139ad49873bbdd3098f45a6e714d2fb5da27f28b18
+  data.tar.gz: c392ff7f90575129d0c7c7a99d873c7552acf88d59b82460e766a3c42dac4461
+SHA512:
+  metadata.gz: e6bb7cfe77c7b5f3c51d38d5e4f9349d2e59c7d8e47de0f9c728c66190453013fef6ce348cfef4bfcba40cda3d58296d1b7a047a0001c1358a1274b01cbc152b
+  data.tar.gz: 37c0fe0b3dd8f727b20f8a4820cdd56c95e29dd413b0317c8f0cee204fe9e152129805a96f4a402e90255571b1b9ce9c0d8610af5057d07a31eb635d9806bd52

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2019 Volodymyr Sveredyuk
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,210 @@
+# Ez::Permissions
+
+[![Build Status](https://travis-ci.org/ez-engines/ez-permissions.svg?branch=master)](https://travis-ci.org/ez-engines/ez-permissions)
+
+**Ez Permissions** (read as "easy permissions") - one of the [ez-engines](https://github.com/ez-engines) collection that helps easily add permissions interface to your [Rails](http://rubyonrails.org/) application.
+
+- Most advanced RBAC model:
+- Flexible tool with simple DSL and confguration
+- All in one solution
+- Convetion over configuration principles.
+- Depends on [ez-core](https://github.com/ez-engines/ez-core)
+
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'ez-permissions'
+```
+
+## Generators
+
+Generate configuration file:
+```bash
+rails generate ez:permissions:install
+```
+
+### Configuration
+
+Configuration interface allows you to change default behavior
+```ruby
+Ez::Permissions.configure do |config|
+  # If in generated migrations you changed table names, please configure them here:
+  config.permission_table_name = 'my_permissions'
+  config.roles_table_name = 'my_roles'
+  config.models_roles_table_name = 'my_model_roles'
+  config.permissions_roles_table_name = 'my_permissions_roles'
+
+  # Define your custom callbacks
+  config.handle_no_permission_model = lambda { |context|
+    raise 'User not exist'
+  }
+
+  config.handle_not_authorized = lambda { |context|
+    raise 'Not authorized'
+  }
+end
+
+```
+### ActiveRecord migrations:
+
+**If you need change table names, please change configuration first**
+
+And run
+```bash
+rails generate ez:permissions:migrations
+```
+
+## DSL
+
+Simple DSL for difinition of permission relationships
+```ruby
+Ez::Permissions::DSL.define do |setup|
+  # You need add all resources of your application and possible actions
+  setup.add :roles, actions: %i[create read]
+
+  # Use `crud` for adding default `create`, `read`, `update` and `delete` actions
+  # And any your custom action
+  setup.add :permissions, actions: %i[crud my_custom_action]
+
+  # Actions option are not required. In such case you add all crud actions by default
+  setup.add :users
+  setup.add :projects
+end
+```
+
+## Permission model
+
+In your application, you usually have `User` model.
+```ruby
+class User < ActiveRecord::Base
+  include Ez::Permissions::Model
+end
+
+user = User.first
+
+# User model become permission model
+user.roles #=> [application level roles]
+user.assigned_roles #=> [user owned roles, gloabal and scoped]
+user.permissions #=> [user available permissions through assigned_roles]
+```
+
+## API
+
+**Please, do not use direct rails code like:** `Ez::Permissions::Permission.create(name: 'admin')`
+
+Instead you should use public api. You can extend you custom module with `API` mixin
+```ruby
+# Use engine facade methods
+Ez::Permissions::API
+
+# or extend your own module and keep your code clean
+module Permissions
+  extend Ez::Permissions::API::Roles
+  extend Ez::Permissions::API::Permissions
+  extend Ez::Permissions::API::Models
+  extend Ez::Permissions::API::Authorize
+end
+```
+
+### Roles
+```ruby
+# Create regular role
+Permissions.create_role(:user)
+Permissions.create_role(:admin)
+
+# Get role object by name
+Permissions.get_role(:user)
+
+# Update role attributes
+Permissions.update_role(:user, name: 'super_user')
+
+# Delete role
+Permissions.delete_role(:user)
+
+# Assign role to the user
+user = User.first
+Permissions.assign_role(user, :admin)
+
+# Assign role to the user in scope of any resource
+project = Project.first
+Permissions.assign_role(user, :admin, scoped: project)
+
+# Reject user role in global scope, but project admin role will stay
+Permissions.reject_role(user, :admin)
+```
+
+### Permissions
+```ruby
+# Create a role
+Permissions.create_role(:user)
+
+# Grant role's possibility to have action per resource
+Permissions.grant_permission(:user, :read, :projects)
+
+# Grant all defined actions per resource
+Permissions.grant_permission(:user, :all, :projects)
+
+# Revoke particular permission
+Permissions.revoke_permission(:user, :create, :projects)
+```
+
+### Authorize access
+```ruby
+user = User.first
+project = Project.first
+
+Permissions.create_role(:admin)
+Permissions.grant_permission(:admin, :all, :users)
+Permissions.assign_role(user, :admin, scoped: project)
+
+Permissions.authorize!(user, :create, :users, scoped: project) do
+  # code here would be executed if user has permissions
+  # for user creation in particular project
+end
+
+# otherwise catch exception
+Ez::Permissions::API::Authrozation::NotAuthorized
+
+# if you don't want raise exception, just use
+Permissions.authorize(user, :create, :users) { puts 'Yeahh!' } #=> false
+# Because user has scoped role in the project and don't has global role.
+```
+
+### Kepp it excplicit!
+You can wonder, why we just not add authorization methods to user instance, like:
+```ruby
+user.can?(:something)
+```
+Because ez-permissions engine don't want pollute your application and keep implementation isolated in external modules.
+Of course, you can use them as mixins, but it's up to you.
+
+## Understanding scoped roles
+- System have many roles
+- User has many assigned roles
+- User can has role in scope of some resource (Project, Company, Business, etc.)
+- User can has role in global scope (without scope)
+- If user want access data in scope of resource - user must has assigned role scoped for this resource
+- If user want access data in global scope - user must has assigned role wihtout any scoped resorce (global role)
+- User with global role - can't access scoped resources.
+- User with scoped role - can't access global resources.
+
+## TODO
+- [x] Add README
+- [x] Add Role model
+- [x] Add Permissions model
+- [x] Add PermissionsRole model
+- [x] Add rails generators for migrations
+- [x] Add rails generators for configuration
+- [x] Add configuration DSL
+- [x] Add Permissions API for managing relationships
+- [x] User can has multiple roles
+- [x] Better errors for non-existing records
+- [x] Add permissions helpers `authorize` and `authorize!`
+- [x] Move all erros under `Ez::Permissions::API` namespace and add `Error` suffix
+- [ ] Add helper methods for seed grant permissions
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Ez::Permissions'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path('spec/dummy/Rakefile', __dir__)
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/app/controllers/ez/permissions/application_controller.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+# TODO: Use this for potential UI or API features
+# module Ez
+#   module Permissions
+#     class ApplicationController < ActionController::Base
+#       protect_from_forgery with: :exception
+#     end
+#   end
+# end

data/app/models/ez/permissions/application_record.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class ApplicationRecord < ActiveRecord::Base
+      self.abstract_class = true
+    end
+  end
+end

data/app/models/ez/permissions/model.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    module Model
+      # rubocop:disable Metrics/MethodLength
+      def self.included(base)
+        base.has_many :assigned_roles,
+                      class_name: 'Ez::Permissions::ModelRole',
+                      as:         :model
+
+        base.has_many :roles,
+                      -> { distinct },
+                      through:    :assigned_roles,
+                      class_name: 'Ez::Permissions::Role'
+
+        base.has_many :permissions,
+                      -> { distinct },
+                      through:    :roles,
+                      class_name: 'Ez::Permissions::Permission'
+      end
+      # rubocop:enable Metrics/MethodLength
+    end
+  end
+end

data/app/models/ez/permissions/model_role.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class ModelRole < ApplicationRecord
+      self.table_name = Ez::Permissions.config.models_roles_table_name
+
+      belongs_to :model,  polymorphic: true
+      belongs_to :scoped, polymorphic: true, optional: true
+      belongs_to :role
+    end
+  end
+end

data/app/models/ez/permissions/permission.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class Permission < ApplicationRecord
+      self.table_name = Ez::Permissions.config.permissions_table_name
+
+      validates :resource, presence: true
+      validates :action, presence: true
+    end
+  end
+end

data/app/models/ez/permissions/permission_role.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class PermissionRole < ApplicationRecord
+      self.table_name = Ez::Permissions.config.permissions_roles_table_name
+
+      belongs_to :permission, class_name: 'Ez::Permissions::Permission'
+      belongs_to :role,       class_name: 'Ez::Permissions::Role'
+    end
+  end
+end

data/app/models/ez/permissions/role.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class Role < ApplicationRecord
+      self.table_name = Ez::Permissions.config.roles_table_name
+
+      has_and_belongs_to_many :permissions
+
+      validates :name, presence: true
+      validates :name, uniqueness: true
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+# TODO: Use this for potential UI or API features
+# Ez::Permissions::Engine.routes.draw do
+# end

data/lib/ez/permissions/api/authorize.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    module API
+      module Authorize
+        NotAuthorized = Class.new(StandardError)
+
+        def authorize!(model, *actions, resource, scoped: nil, &block)
+          authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
+        end
+
+        def authorize(model, *actions, resource, scoped: nil, raise_exception: false)
+          return handle_no_permission_model_callback.call(self) if handle_no_permission_model_callback && !model
+
+          return yield if permissions(model, *actions, resource, scoped: scoped).any?
+
+          return handle_not_authorized_callback.call(self) if handle_not_authorized_callback
+
+          raise NotAuthorized, not_authorized_msg(model, actions, resource, scoped) if raise_exception
+
+          false
+        end
+
+        private
+
+        def permissions(model, *actions, resource, scoped: nil)
+          # TODO: Refactor to 1 query with joins
+          roles_ids = model.assigned_roles.where(scoped: scoped).pluck(:role_id)
+          permission_ids = Ez::Permissions::PermissionRole.where(role_id: roles_ids).pluck(:permission_id)
+
+          Ez::Permissions::Permission.where(
+            id:       permission_ids,
+            resource: resource,
+            action:   actions.map(&:to_s)
+          )
+        end
+
+        def not_authorized_msg(model, actions, resource, scoped = nil)
+          msg = "#{model.class}##{model.id} is not authorized to [#{actions.join(', ')} -> #{resource}]"
+          msg = "#{msg} for #{scoped.class}##{scoped.id}" if scoped
+
+          msg
+        end
+
+        def handle_no_permission_model_callback
+          Ez::Permissions.config.handle_no_permission_model
+        end
+
+        def handle_not_authorized_callback
+          Ez::Permissions.config.handle_not_authorized
+        end
+      end
+    end
+  end
+end

data/lib/ez/permissions/api/models.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    module API
+      module Models
+        def assign_role(model, role_name, scoped: nil)
+          role = Ez::Permissions::API.get_role!(role_name)
+
+          Ez::Permissions::ModelRole.find_or_create_by!(
+            role:   role,
+            model:  model,
+            scoped: scoped
+          )
+        end
+
+        def reject_role(model, role_name, scoped: nil)
+          role = Ez::Permissions::API.get_role!(role_name)
+
+          Ez::Permissions::ModelRole.find_by(
+            role:   role,
+            model:  model,
+            scoped: scoped
+          )&.delete
+        end
+      end
+    end
+  end
+end

data/lib/ez/permissions/api/permissions.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    module API
+      module Permissions
+        PermissionNotFound = Class.new(StandardError)
+
+        def get_permission!(action, resource)
+          Ez::Permissions::Permission.find_by!(resource: resource, action: action)
+        rescue ActiveRecord::RecordNotFound
+          raise PermissionNotFound, "Permission [#{action} -> #{resource}] not found"
+        end
+
+        def grant_permission(role_name, action, resource)
+          role = Ez::Permissions::API.get_role!(role_name)
+
+          if action == :all
+            grant_all_permissions(role, resource)
+          else
+            permission = get_permission!(action, resource)
+            grant_single_permission(role, permission)
+          end
+        end
+
+        def revoke_permission(role_name, action, resource)
+          role = Ez::Permissions::API.get_role!(role_name)
+          permission = get_permission!(action, resource)
+
+          Ez::Permissions::PermissionRole.find_by(
+            role:       role,
+            permission: permission
+          )&.delete
+        end
+
+        private
+
+        def grant_single_permission(role, permission)
+          Ez::Permissions::PermissionRole.find_or_create_by!(
+            role:       role,
+            permission: permission
+          )
+        end
+
+        def grant_all_permissions(role, resource)
+          Ez::Permissions::DSL.resource(resource).actions.each do |action|
+            permission = get_permission!(action, resource)
+            grant_single_permission(role, permission)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ez/permissions/api/roles.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    module API
+      module Roles
+        RoleNotFound = Class.new(StandardError)
+
+        def create_role(name)
+          Role.create(name: name)
+        end
+
+        def get_role(name)
+          Role.find_by(name: name)
+        end
+
+        def get_role!(name)
+          Role.find_by!(name: name)
+        rescue ActiveRecord::RecordNotFound
+          raise RoleNotFound, "Role #{name} not found"
+        end
+
+        def update_role(role_name, name:)
+          role = get_role!(role_name)
+
+          role.update(name: name)
+        end
+
+        def delete_role(name)
+          role = get_role!(name)
+
+          role.delete
+        end
+      end
+    end
+  end
+end

data/lib/ez/permissions/api.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+require_relative 'api/roles'
+require_relative 'api/permissions'
+require_relative 'api/models'
+require_relative 'api/authorize'
+
+module Ez
+  module Permissions
+    module API
+      extend Ez::Permissions::API::Roles
+      extend Ez::Permissions::API::Permissions
+      extend Ez::Permissions::API::Models
+      extend Ez::Permissions::API::Authorize
+    end
+  end
+end

data/lib/ez/permissions/dsl.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+require_relative 'resource'
+
+module Ez
+  module Permissions
+    class DSL
+      include Singleton
+
+      def self.define
+        yield DSL.instance
+      end
+
+      def self.resources
+        DSL.instance.resources
+      end
+
+      def self.resource(name)
+        DSL.instance.resources.find { |r| r.name.to_sym == name.to_sym }
+      end
+
+      attr_reader :resources
+
+      def initialize
+        @resources = []
+      end
+
+      def add(name, options = {})
+        if self.class.resource(name)
+          return message("[WARN] Ez::Permissions resource [#{name}] has been already defined!")
+        end
+
+        resource = Ez::Permissions::Resource.new(name, options)
+
+        message(
+          "[SUCCESS] Ez::Permissions resource [#{name}] has been successfully registred with actions: \
+[#{resource.actions.join(', ')}]"
+        )
+
+        @resources << resource
+        seed_to_db resource
+      end
+
+      private
+
+      def message(txt)
+        STDOUT.puts(txt)
+      end
+
+      def seed_to_db(resource)
+        try_db_connection
+
+        return unless ActiveRecord::Base.connection.data_source_exists?(Ez::Permissions.config.permissions_table_name)
+
+        return unless resource.actions
+
+        resource.actions.each do |action|
+          Ez::Permissions::Permission.where(
+            resource: resource.name,
+            action:   action
+          ).first_or_create!
+        end
+      end
+
+      def try_db_connection
+        ActiveRecord::Base.connection
+      rescue ActiveRecord::NoDatabaseError
+        STDOUT.puts 'Database does not exist'
+      end
+    end
+  end
+end

data/lib/ez/permissions/engine.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class Engine < ::Rails::Engine
+      isolate_namespace Ez::Permissions
+    end
+  end
+end

data/lib/ez/permissions/railtie.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# TODO: Use this for potential UI or API features
+# module Ez
+#   module Permissions
+#     class Railtie < ::Rails::Railtie
+#     end
+#   end
+# end

data/lib/ez/permissions/resource.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class Resource
+      ACTIONS = %i[create read update delete].freeze
+
+      attr_reader :name, :model, :actions
+
+      def initialize(name, options = {})
+        @name    = name
+        @model   = options.fetch(:model, nil)
+        @actions = process_actions(options.fetch(:actions, nil))
+      end
+
+      def <=>(other)
+        name <=> other.name
+      end
+
+      private
+
+      def process_actions(actions)
+        return ACTIONS unless actions
+
+        actions.map { |action| action == :crud ? ACTIONS : action }.flatten
+      end
+    end
+  end
+end

data/lib/ez/permissions/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    VERSION = '0.1.0'
+  end
+end

data/lib/ez/permissions.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'ez/permissions/engine'
+require 'ez/permissions/dsl'
+require 'ez/permissions/api'
+require 'ez/configurator'
+
+module Ez
+  module Permissions
+    include Ez::Configurator
+
+    configure do |config|
+      config.permissions_table_name       = 'ez_permissions_permissions'
+      config.roles_table_name             = 'ez_permissions_roles'
+      config.models_roles_table_name      = 'ez_permissions_model_roles'
+      config.permissions_roles_table_name = 'ez_permissions_permissions_roles'
+    end
+  end
+end

data/lib/generators/ez/permissions/install_generator.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    class InstallGenerator < Rails::Generators::Base
+      def create_migration
+        create_file 'config/initializers/ez_permissions.rb',
+                    "# frozen_string_literal: true
+
+Ez::Permissions.configure do |config|
+  # config.permission_table_name = 'ez_permissions_permissions'
+  # config.roles_table_name = 'ez_permissions_roles'
+  # config.models_roles_table_name = 'ez_permissions_model_roles'
+  # config.permissions_roles_table_name = 'ez_permissions_permissions_roles'
+
+  # config.handle_no_permission_model = lambda { |context|
+  #   here you can define your custom callback
+  #   in case when permission model (user) is nil
+  # }
+
+  # config.handle_not_authorized = lambda { |context|
+  #  here you can define your custom callback
+  #  in case when model (user) is not authorized
+  # }
+end
+"
+      end
+    end
+  end
+end

data/lib/generators/ez/permissions/migrations_generator.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+# rubocop:disable all
+module Ez
+  module Permissions
+    class MigrationsGenerator < Rails::Generators::Base
+      def config
+        Ez::Permissions.config
+      end
+
+      def create_migration
+        create_file "db/migrate/#{Time.current.strftime('%Y%m%d%H%M%S')}_create_ez_permissions_roles.rb",
+                    "# frozen_string_literal: true
+
+class CreateEzPermissionsRoles < ActiveRecord::Migration[5.0]
+  def change
+    create_table :#{config.roles_table_name} do |t|
+      t.string :name, null: false
+      t.timestamps null: false
+    end
+  end
+end
+"
+        create_file "db/migrate/#{(Time.current + 1).strftime('%Y%m%d%H%M%S')}_create_ez_permissions_permissions.rb",
+                    "# frozen_string_literal: true
+
+class CreateEzPermissionsPermissions < ActiveRecord::Migration[5.0]
+  def change
+    create_table :#{config.permissions_table_name} do |t|
+      t.string :resource, index: true, null: false
+      t.string :action, index: true, null: false
+      t.timestamps null: false
+    end
+  end
+end
+"
+        create_file "db/migrate/#{(Time.current + 2).strftime('%Y%m%d%H%M%S')}_create_ez_permissions_model_roles.rb",
+                    "# frozen_string_literal: true
+
+class CreateEzPermissionsModelRoles < ActiveRecord::Migration[5.0]
+  def change
+    create_table :#{config.models_roles_table_name} do |t|
+      t.integer :model_id, index: true, null: false
+      t.string :model_type, index: true, null: false
+
+      t.integer :scoped_id, index: true
+      t.string :scoped_type, index: true
+
+      t.integer :role_id, index: true, null: false
+
+      t.timestamps null: false
+    end
+  end
+end
+"
+
+        create_file "db/migrate/#{(Time.current + 3).strftime('%Y%m%d%H%M%S')}_create_ez_permissions_permissions_roles.rb",
+                    "# frozen_string_literal: true
+
+class CreateEzPermissionsPermissionsRoles < ActiveRecord::Migration[5.0]
+  def change
+    create_table :#{config.permissions_roles_table_name} do |t|
+      t.integer :permission_id, index: true, null: false
+      t.integer :role_id, index: true
+    end
+  end
+end
+"
+      end
+    end
+  end
+end
+# rubocop: enable all

data/lib/tasks/ez/permissions_tasks.rake

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+# desc "Explaining what the task does"
+# task :ez_permissions do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,210 @@
+--- !ruby/object:Gem::Specification
+name: ez-permissions
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Volodya Sveredyuk
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-02-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ez-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '5.2'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: faker
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+description: Easy permissions engine for Rails app.
+email:
+- sveredyuk@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/ez/permissions/application_controller.rb
+- app/models/ez/permissions/application_record.rb
+- app/models/ez/permissions/model.rb
+- app/models/ez/permissions/model_role.rb
+- app/models/ez/permissions/permission.rb
+- app/models/ez/permissions/permission_role.rb
+- app/models/ez/permissions/role.rb
+- config/routes.rb
+- lib/ez/permissions.rb
+- lib/ez/permissions/api.rb
+- lib/ez/permissions/api/authorize.rb
+- lib/ez/permissions/api/models.rb
+- lib/ez/permissions/api/permissions.rb
+- lib/ez/permissions/api/roles.rb
+- lib/ez/permissions/dsl.rb
+- lib/ez/permissions/engine.rb
+- lib/ez/permissions/railtie.rb
+- lib/ez/permissions/resource.rb
+- lib/ez/permissions/version.rb
+- lib/generators/ez/permissions/install_generator.rb
+- lib/generators/ez/permissions/migrations_generator.rb
+- lib/tasks/ez/permissions_tasks.rake
+homepage: https://github.com/ez-permissions
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Easy permissions engine for Rails app.
+test_files: []