gatekeeper-rails 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source :rubygems
2
+
3
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,95 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ gatekeeper-rails (0.1.0)
5
+ rails (>= 2.1.0)
6
+
7
+ GEM
8
+ remote: http://rubygems.org/
9
+ specs:
10
+ actionmailer (3.2.3)
11
+ actionpack (= 3.2.3)
12
+ mail (~> 2.4.4)
13
+ actionpack (3.2.3)
14
+ activemodel (= 3.2.3)
15
+ activesupport (= 3.2.3)
16
+ builder (~> 3.0.0)
17
+ erubis (~> 2.7.0)
18
+ journey (~> 1.0.1)
19
+ rack (~> 1.4.0)
20
+ rack-cache (~> 1.2)
21
+ rack-test (~> 0.6.1)
22
+ sprockets (~> 2.1.2)
23
+ activemodel (3.2.3)
24
+ activesupport (= 3.2.3)
25
+ builder (~> 3.0.0)
26
+ activerecord (3.2.3)
27
+ activemodel (= 3.2.3)
28
+ activesupport (= 3.2.3)
29
+ arel (~> 3.0.2)
30
+ tzinfo (~> 0.3.29)
31
+ activeresource (3.2.3)
32
+ activemodel (= 3.2.3)
33
+ activesupport (= 3.2.3)
34
+ activesupport (3.2.3)
35
+ i18n (~> 0.6)
36
+ multi_json (~> 1.0)
37
+ arel (3.0.2)
38
+ builder (3.0.0)
39
+ erubis (2.7.0)
40
+ hike (1.2.1)
41
+ i18n (0.6.0)
42
+ journey (1.0.3)
43
+ json (1.6.6)
44
+ mail (2.4.4)
45
+ i18n (>= 0.4.0)
46
+ mime-types (~> 1.16)
47
+ treetop (~> 1.4.8)
48
+ mime-types (1.18)
49
+ multi_json (1.3.1)
50
+ polyglot (0.3.3)
51
+ rack (1.4.1)
52
+ rack-cache (1.2)
53
+ rack (>= 0.4)
54
+ rack-ssl (1.3.2)
55
+ rack
56
+ rack-test (0.6.1)
57
+ rack (>= 1.0)
58
+ rails (3.2.3)
59
+ actionmailer (= 3.2.3)
60
+ actionpack (= 3.2.3)
61
+ activerecord (= 3.2.3)
62
+ activeresource (= 3.2.3)
63
+ activesupport (= 3.2.3)
64
+ bundler (~> 1.0)
65
+ railties (= 3.2.3)
66
+ railties (3.2.3)
67
+ actionpack (= 3.2.3)
68
+ activesupport (= 3.2.3)
69
+ rack-ssl (~> 1.3.2)
70
+ rake (>= 0.8.7)
71
+ rdoc (~> 3.4)
72
+ thor (~> 0.14.6)
73
+ rake (0.9.2.2)
74
+ rdoc (3.12)
75
+ json (~> 1.4)
76
+ sprockets (2.1.2)
77
+ hike (~> 1.2)
78
+ rack (~> 1.0)
79
+ tilt (~> 1.1, != 1.3.0)
80
+ step-up (0.8.1)
81
+ thor (>= 0.14.6)
82
+ thor (0.14.6)
83
+ tilt (1.3.3)
84
+ treetop (1.4.10)
85
+ polyglot
86
+ polyglot (>= 0.3.1)
87
+ tzinfo (0.3.33)
88
+
89
+ PLATFORMS
90
+ ruby
91
+
92
+ DEPENDENCIES
93
+ gatekeeper-rails!
94
+ rails (~> 3.2.0)
95
+ step-up
data/README.md ADDED
@@ -0,0 +1,84 @@
1
+ # Gatekeeper
2
+
3
+ gatekeeper-rails provides a simple DSL to do authorization checks in rails controllers.
4
+
5
+ It's independent of any authencation/authorization lib.
6
+ Feel free within a block!
7
+
8
+ ## Simple example
9
+
10
+ ```ruby
11
+ class PostsController < ApplicationController
12
+
13
+ # Gatekeeper will close the doors
14
+ # to all actions
15
+ #
16
+ include Gatekeeper
17
+
18
+ # Tell to Gatekeeper allow access
19
+ # to action index when the signed user
20
+ # is admin or guest
21
+ #
22
+ allow :index do
23
+ signed_user.is_admin? ||
24
+ signed_user.is_guest?
25
+ end
26
+
27
+ # Tell to Gatekeeper allow access
28
+ # to action new, create, update and destroy
29
+ # only when the signed user is admin!
30
+ #
31
+ allow :new, :create, :update do
32
+ signed_user.is_admin?
33
+ end
34
+
35
+ # Tell to Gatekeeper allow access
36
+ # to action destroy only when the signed user
37
+ # is admin, is older than 21 and it's before
38
+ # 10 pm :)
39
+ #
40
+ allow :destroy do
41
+ signed_user.is_admin? &&
42
+ signed_user.age >= 21 &&
43
+ Time.now.hour < 22
44
+ end
45
+
46
+ # Tell to Gatekeeper what it should do when
47
+ # the access is denied
48
+ #
49
+ when_access_denied do
50
+ render :text => "No donuts for you!!!", :status => '403'
51
+ end
52
+
53
+ # Controller actions
54
+ #
55
+ def index
56
+ render :text => 'Index post action'
57
+ end
58
+
59
+ def new
60
+ render :text => 'New post action'
61
+ end
62
+
63
+ def create
64
+ render :text => 'Create post action'
65
+ end
66
+
67
+ def update
68
+ render :text => 'Update post action'
69
+ end
70
+
71
+ def destroy
72
+ render :text => 'Destroy post action'
73
+ end
74
+
75
+ end
76
+ ```
77
+
78
+ ## Using
79
+
80
+ Add gatekeeper-rails to your Gemfile:
81
+
82
+ ```ruby
83
+ gem 'gatekeeper-rails', :require => 'gatekeeper'
84
+ ```
data/Rakefile ADDED
@@ -0,0 +1,26 @@
1
+ require 'rake/testtask'
2
+
3
+ task :default => :test
4
+ Rake::TestTask.new do |t|
5
+ t.libs << "test"
6
+ t.test_files = FileList['test/**/*_test.rb']
7
+ t.verbose = true
8
+ end
9
+
10
+ desc "Build the gem"
11
+ task :build do
12
+ opers = Dir.glob('*.gem')
13
+ opers = ["rm #{ opers.join(' ') }"] unless opers.empty?
14
+ opers << ["gem build mcp_client.gemspec"]
15
+ sh opers.join(" && ")
16
+ end
17
+
18
+ desc "Build and install the gem, removing old installation"
19
+ task :install => :build do
20
+ gem = Dir.glob('*.gem').first
21
+ if gem.nil?
22
+ puts "could not install the gem"
23
+ else
24
+ sh "gem uninstall mcp_client; gem install #{ gem }"
25
+ end
26
+ end
data/lib/gatekeeper.rb ADDED
@@ -0,0 +1,59 @@
1
+ # encoding: UTF-8
2
+
3
+ module Gatekeeper
4
+ autoload :VERSION, 'gatekeeper/version.rb'
5
+
6
+ module ClassMethods
7
+
8
+ def allow(*actions, &block)
9
+ permission = block || :permission_not_required
10
+
11
+ actions.each do |action|
12
+ actions_access_rules[action] = permission
13
+ end
14
+ end
15
+
16
+ def when_access_denied(&block)
17
+ self.access_denied_response = block
18
+ end
19
+ end
20
+
21
+ def self.included(receiver)
22
+ receiver.extend ClassMethods
23
+ receiver.instance_eval do
24
+ before_filter :authorize
25
+
26
+ class << self
27
+ attr_accessor :actions_access_rules, :access_denied_response
28
+ end
29
+
30
+ self.actions_access_rules = {}
31
+ end
32
+ end
33
+
34
+ private
35
+
36
+ def authorize
37
+ actions_access_rules = self.class.actions_access_rules
38
+
39
+ permission_defined_for_action = actions_access_rules[action_name.to_sym] || actions_access_rules[:all]
40
+ if permission_defined_for_action
41
+ unless permission_defined_for_action == :permission_not_required
42
+ unless self.instance_eval &permission_defined_for_action
43
+ return access_denied
44
+ end
45
+ end
46
+ else
47
+ return access_denied
48
+ end
49
+ end
50
+
51
+ def access_denied
52
+ if self.class.access_denied_response
53
+ self.instance_eval &self.class.access_denied_response
54
+ else
55
+ render :text => "Access not authorized.", :status => 403
56
+ end
57
+ end
58
+
59
+ end
@@ -0,0 +1,10 @@
1
+ module Gatekeeper
2
+ version = nil
3
+ version = $1 if ::File.expand_path('../..', __FILE__) =~ /\/gatekeeper-rails-([\w\.\-]+)/
4
+ if version.nil? && ::File.exists?(::File.expand_path('../../../.git', __FILE__))
5
+ require "step-up"
6
+ version = StepUp::Driver::Git.last_version
7
+ end
8
+ version = "0.0.0" if version.nil?
9
+ VERSION = version.gsub(/^v?([^\+]+)\+?\d*$/, '\1')
10
+ end
@@ -0,0 +1,254 @@
1
+ # encoding: UTF-8
2
+
3
+ require File.expand_path(File.dirname(__FILE__) + '/test_helper.rb')
4
+
5
+ module PostControllerTestHelper
6
+ def define_post_controller_with(string_block)
7
+ class_eval %{
8
+ class PostController < ApplicationController
9
+ include Gatekeeper
10
+
11
+ def index
12
+ fake_action_result('Index HTML')
13
+ end
14
+
15
+ def edit
16
+ fake_action_result('Edit HTML')
17
+ end
18
+
19
+ #{string_block}
20
+ end
21
+ }
22
+ end
23
+
24
+ def define_post_controller
25
+ define_post_controller_with ''
26
+ end
27
+ end
28
+
29
+ module RequestAssertsHelper
30
+ def assert_request_successfully(body)
31
+ assert_equal body, @response.body.strip
32
+ assert_equal '200', @response.code
33
+ end
34
+
35
+ def assert_request_not_authorized(body = "Access not authorized.", status_code = '403')
36
+ assert_equal body, @response.body.strip
37
+ assert_equal status_code, @response.code
38
+ end
39
+ end
40
+
41
+ class PostControllerWithoutDefinedRulesTest < ActionController::TestCase
42
+ extend PostControllerTestHelper
43
+ include RequestAssertsHelper
44
+
45
+ define_post_controller
46
+ tests PostController
47
+
48
+ def test_index_action_has_access_denied
49
+ get :index
50
+ assert_request_not_authorized
51
+ end
52
+ end
53
+
54
+ class PostControllerWithSatisfiedRuleTest < ActionController::TestCase
55
+ extend PostControllerTestHelper
56
+ include RequestAssertsHelper
57
+
58
+ define_post_controller_with %{
59
+ allow :index do
60
+ true
61
+ end
62
+ }
63
+ tests PostController
64
+
65
+ def test_index_action_has_success
66
+ get :index
67
+ assert_request_successfully("Index HTML")
68
+ end
69
+ end
70
+
71
+ class PostControllerWithInsatisfiedRuleTest < ActionController::TestCase
72
+ extend PostControllerTestHelper
73
+ include RequestAssertsHelper
74
+
75
+ define_post_controller_with %{
76
+ allow :index do
77
+ false
78
+ end
79
+ }
80
+ tests PostController
81
+
82
+ def test_index_action_has_access_denied
83
+ get :index
84
+ assert_request_not_authorized
85
+ end
86
+ end
87
+
88
+ class PostControllerWithRuleThatAccessMethodsTest < ActionController::TestCase
89
+ extend PostControllerTestHelper
90
+ include RequestAssertsHelper
91
+
92
+ define_post_controller_with %{
93
+ allow :index do
94
+ authorized_request?
95
+ end
96
+
97
+ def authorized_request?
98
+ true
99
+ end
100
+ }
101
+ tests PostController
102
+
103
+ def test_method_was_executed_in_correct_scope
104
+ assert_nothing_raised do
105
+ get :index
106
+ end
107
+ end
108
+
109
+ def test_index_action_has_success
110
+ get :index
111
+ assert_request_successfully("Index HTML")
112
+ end
113
+ end
114
+
115
+ class PostControllerWithRuleWithouBlockTest < ActionController::TestCase
116
+ extend PostControllerTestHelper
117
+ include RequestAssertsHelper
118
+
119
+ define_post_controller_with %{
120
+ allow :index
121
+ }
122
+ tests PostController
123
+
124
+ def test_index_action_has_success
125
+ get :index
126
+ assert_request_successfully("Index HTML")
127
+ end
128
+ end
129
+
130
+ class PostControllerWithMultipleRulesWithouBlockTest < ActionController::TestCase
131
+ extend PostControllerTestHelper
132
+ include RequestAssertsHelper
133
+
134
+ define_post_controller_with %{
135
+ allow :index, :edit
136
+ }
137
+ tests PostController
138
+
139
+ def test_index_action_has_success
140
+ get :index
141
+ assert_request_successfully("Index HTML")
142
+ end
143
+
144
+ def test_edit_action_has_success
145
+ get :edit
146
+ assert_request_successfully("Edit HTML")
147
+ end
148
+ end
149
+
150
+ class PostControllerWithInsatisfiedMultipleRulesTest < ActionController::TestCase
151
+ extend PostControllerTestHelper
152
+ include RequestAssertsHelper
153
+
154
+ define_post_controller_with %{
155
+ allow :index, :edit do
156
+ false
157
+ end
158
+ }
159
+ tests PostController
160
+
161
+ def test_index_action_has_access_denied
162
+ get :index
163
+ assert_request_not_authorized
164
+ end
165
+
166
+ def test_edit_action_has_access_denied
167
+ get :edit
168
+ assert_request_not_authorized
169
+ end
170
+ end
171
+
172
+ class PostControllerWithSatisfiedRulesForAllActionsTest < ActionController::TestCase
173
+ extend PostControllerTestHelper
174
+ include RequestAssertsHelper
175
+
176
+ define_post_controller_with %{
177
+ allow :all do
178
+ true
179
+ end
180
+ }
181
+ tests PostController
182
+
183
+ def test_index_action_has_success
184
+ get :index
185
+ assert_request_successfully("Index HTML")
186
+ end
187
+
188
+ def test_edit_action_has_success
189
+ get :edit
190
+ assert_request_successfully("Edit HTML")
191
+ end
192
+ end
193
+
194
+ class PostControllerWithRulesForAllActionsWithoutBlockTest < ActionController::TestCase
195
+ extend PostControllerTestHelper
196
+ include RequestAssertsHelper
197
+
198
+ define_post_controller_with %{
199
+ allow :all
200
+ }
201
+ tests PostController
202
+
203
+ def test_index_action_has_success
204
+ get :index
205
+ assert_request_successfully("Index HTML")
206
+ end
207
+
208
+ def test_edit_action_has_success
209
+ get :edit
210
+ assert_request_successfully("Edit HTML")
211
+ end
212
+ end
213
+
214
+ class PostControllerWithRulesForAllActionsAndOneActionTest < ActionController::TestCase
215
+ extend PostControllerTestHelper
216
+ include RequestAssertsHelper
217
+
218
+ define_post_controller_with %{
219
+ allow :all
220
+
221
+ allow :edit do
222
+ false
223
+ end
224
+ }
225
+ tests PostController
226
+
227
+ def test_index_action_has_success
228
+ get :index
229
+ assert_request_successfully("Index HTML")
230
+ end
231
+
232
+ def test_edit_action_has_access_denied
233
+ get :edit
234
+ assert_request_not_authorized
235
+ end
236
+ end
237
+
238
+ class PostControllerWithRuleForAccessDeniedResponse < ActionController::TestCase
239
+ extend PostControllerTestHelper
240
+ include RequestAssertsHelper
241
+
242
+ define_post_controller_with %{
243
+ when_access_denied do
244
+ fake_action_result("No donuts for you!!!", 401)
245
+ end
246
+ }
247
+ tests PostController
248
+
249
+ def test_index_action_has_access_denied
250
+ get :index
251
+ assert_request_not_authorized("No donuts for you!!!", '401')
252
+ end
253
+ end
254
+
@@ -0,0 +1,33 @@
1
+ require 'rubygems'
2
+ require 'test/unit'
3
+
4
+ LIB_PATH = File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib'))
5
+
6
+ $LOAD_PATH.unshift(LIB_PATH)
7
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
8
+ require 'gatekeeper'
9
+
10
+ # Simulating a rails app for tests
11
+ #
12
+ require 'action_controller'
13
+ require 'rails'
14
+ require 'rails/test_help'
15
+
16
+ module MyTestApplication
17
+ class Application < Rails::Application
18
+ end
19
+ end
20
+
21
+ Rails.application.routes.draw do
22
+ match '/:controller(/:action(/:id))'
23
+ end
24
+
25
+ class ApplicationController < ActionController::Base
26
+ include Rails.application.routes.url_helpers
27
+
28
+ protected
29
+ def fake_action_result(view_content = nil, status = 200)
30
+ view_content ||= "any view content"
31
+ render :text => view_content, :status => status
32
+ end
33
+ end
metadata ADDED
@@ -0,0 +1,106 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: gatekeeper-rails
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Eric Fer
9
+ - Lucas Fais
10
+ autorequire:
11
+ bindir: bin
12
+ cert_chain: []
13
+ date: 2012-05-04 00:00:00.000000000 Z
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: rails
17
+ requirement: !ruby/object:Gem::Requirement
18
+ none: false
19
+ requirements:
20
+ - - ! '>='
21
+ - !ruby/object:Gem::Version
22
+ version: 2.1.0
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ none: false
27
+ requirements:
28
+ - - ! '>='
29
+ - !ruby/object:Gem::Version
30
+ version: 2.1.0
31
+ - !ruby/object:Gem::Dependency
32
+ name: step-up
33
+ requirement: !ruby/object:Gem::Requirement
34
+ none: false
35
+ requirements:
36
+ - - ! '>='
37
+ - !ruby/object:Gem::Version
38
+ version: '0'
39
+ type: :development
40
+ prerelease: false
41
+ version_requirements: !ruby/object:Gem::Requirement
42
+ none: false
43
+ requirements:
44
+ - - ! '>='
45
+ - !ruby/object:Gem::Version
46
+ version: '0'
47
+ - !ruby/object:Gem::Dependency
48
+ name: rails
49
+ requirement: !ruby/object:Gem::Requirement
50
+ none: false
51
+ requirements:
52
+ - - ~>
53
+ - !ruby/object:Gem::Version
54
+ version: 3.2.0
55
+ type: :development
56
+ prerelease: false
57
+ version_requirements: !ruby/object:Gem::Requirement
58
+ none: false
59
+ requirements:
60
+ - - ~>
61
+ - !ruby/object:Gem::Version
62
+ version: 3.2.0
63
+ description: ! "gatekeeper-rails provides a simple and \n beaultiful DSL to do
64
+ authorization checks in rails controllers"
65
+ email:
66
+ - eric.fer@gmail.com
67
+ - lucasfais@gmail.com
68
+ executables: []
69
+ extensions: []
70
+ extra_rdoc_files: []
71
+ files:
72
+ - Gemfile
73
+ - Gemfile.lock
74
+ - README.md
75
+ - Rakefile
76
+ - lib/gatekeeper.rb
77
+ - lib/gatekeeper/version.rb
78
+ - test/gatekeeper_test.rb
79
+ - test/test_helper.rb
80
+ homepage: https://github.com/abril/gatekeeper-rails
81
+ licenses: []
82
+ post_install_message:
83
+ rdoc_options: []
84
+ require_paths:
85
+ - lib
86
+ required_ruby_version: !ruby/object:Gem::Requirement
87
+ none: false
88
+ requirements:
89
+ - - ! '>='
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ required_rubygems_version: !ruby/object:Gem::Requirement
93
+ none: false
94
+ requirements:
95
+ - - ! '>='
96
+ - !ruby/object:Gem::Version
97
+ version: 1.3.6
98
+ requirements: []
99
+ rubyforge_project:
100
+ rubygems_version: 1.8.23
101
+ signing_key:
102
+ specification_version: 3
103
+ summary: Simple DSL for authorization with Rails
104
+ test_files:
105
+ - test/gatekeeper_test.rb
106
+ - test/test_helper.rb