gatekeeper-rails 0.1.0

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,95 @@
+PATH
+  remote: .
+  specs:
+    gatekeeper-rails (0.1.0)
+      rails (>= 2.1.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.3)
+      actionpack (= 3.2.3)
+      mail (~> 2.4.4)
+    actionpack (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.2)
+    activemodel (3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+    activerecord (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+    activesupport (3.2.3)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    builder (3.0.0)
+    erubis (2.7.0)
+    hike (1.2.1)
+    i18n (0.6.0)
+    journey (1.0.3)
+    json (1.6.6)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.18)
+    multi_json (1.3.1)
+    polyglot (0.3.3)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.2.3)
+      actionmailer (= 3.2.3)
+      actionpack (= 3.2.3)
+      activerecord (= 3.2.3)
+      activeresource (= 3.2.3)
+      activesupport (= 3.2.3)
+      bundler (~> 1.0)
+      railties (= 3.2.3)
+    railties (3.2.3)
+      actionpack (= 3.2.3)
+      activesupport (= 3.2.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    sprockets (2.1.2)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    step-up (0.8.1)
+      thor (>= 0.14.6)
+    thor (0.14.6)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  gatekeeper-rails!
+  rails (~> 3.2.0)
+  step-up

data/README.md

@@ -0,0 +1,84 @@
+# Gatekeeper
+
+gatekeeper-rails provides a simple DSL to do authorization checks in rails controllers.
+
+It's independent of any authencation/authorization lib.
+Feel free within a block!
+
+## Simple example
+
+```ruby
+class PostsController < ApplicationController
+  
+  # Gatekeeper will close the doors
+  # to all actions
+  #
+  include Gatekeeper
+  
+  # Tell to Gatekeeper allow access
+  # to action index when the signed user
+  # is admin or guest
+  #
+  allow :index do
+    signed_user.is_admin? ||
+    signed_user.is_guest?
+  end
+  
+  # Tell to Gatekeeper allow access
+  # to action new, create, update and destroy
+  # only when the signed user is admin!
+  #
+  allow :new, :create, :update do
+    signed_user.is_admin?
+  end
+  
+  # Tell to Gatekeeper allow access
+  # to action destroy only when the signed user
+  # is admin, is older than 21 and it's before
+  # 10 pm :)
+  #
+  allow :destroy do
+    signed_user.is_admin? &&
+    signed_user.age >= 21 &&
+    Time.now.hour < 22
+  end
+  
+  # Tell to Gatekeeper what it should do when
+  # the access is denied
+  #
+  when_access_denied do
+    render :text => "No donuts for you!!!", :status => '403'
+  end
+  
+  # Controller actions
+  #
+  def index
+    render :text => 'Index post action'
+  end
+  
+  def new
+    render :text => 'New post action'
+  end
+  
+  def create
+    render :text => 'Create post action'
+  end
+  
+  def update
+    render :text => 'Update post action'
+  end
+  
+  def destroy
+    render :text => 'Destroy post action'
+  end
+  
+end
+```
+
+## Using
+
+Add gatekeeper-rails to your Gemfile:
+
+```ruby
+gem 'gatekeeper-rails', :require => 'gatekeeper'
+```

data/Rakefile

@@ -0,0 +1,26 @@
+require 'rake/testtask'
+
+task :default => :test
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/**/*_test.rb']
+  t.verbose = true
+end
+
+desc "Build the gem"
+task :build do
+  opers = Dir.glob('*.gem')
+  opers = ["rm #{ opers.join(' ') }"] unless opers.empty?
+  opers << ["gem build mcp_client.gemspec"]
+  sh opers.join(" && ")
+end
+
+desc "Build and install the gem, removing old installation"
+task :install => :build do
+  gem = Dir.glob('*.gem').first
+  if gem.nil?
+    puts "could not install the gem"
+  else
+    sh "gem uninstall mcp_client; gem install #{ gem }"
+  end
+end

data/lib/gatekeeper.rb

@@ -0,0 +1,59 @@
+# encoding: UTF-8
+
+module Gatekeeper
+  autoload :VERSION, 'gatekeeper/version.rb'
+
+  module ClassMethods
+
+    def allow(*actions, &block)
+      permission = block || :permission_not_required
+
+      actions.each do |action|
+        actions_access_rules[action] = permission
+      end
+    end
+
+    def when_access_denied(&block)
+      self.access_denied_response = block
+    end
+  end
+
+  def self.included(receiver)
+    receiver.extend ClassMethods
+    receiver.instance_eval do
+      before_filter :authorize
+
+      class << self
+        attr_accessor :actions_access_rules, :access_denied_response
+      end
+
+      self.actions_access_rules = {}
+    end
+  end
+
+  private
+
+  def authorize
+    actions_access_rules = self.class.actions_access_rules
+
+    permission_defined_for_action = actions_access_rules[action_name.to_sym] || actions_access_rules[:all]
+    if permission_defined_for_action
+      unless permission_defined_for_action == :permission_not_required
+        unless self.instance_eval &permission_defined_for_action
+          return access_denied
+        end
+      end
+    else
+      return access_denied
+    end
+  end
+
+  def access_denied
+    if self.class.access_denied_response
+      self.instance_eval &self.class.access_denied_response
+    else
+      render :text => "Access not authorized.", :status => 403
+    end
+  end
+
+end

data/lib/gatekeeper/version.rb

@@ -0,0 +1,10 @@
+module Gatekeeper
+  version = nil
+  version = $1 if ::File.expand_path('../..', __FILE__) =~ /\/gatekeeper-rails-([\w\.\-]+)/
+  if version.nil? && ::File.exists?(::File.expand_path('../../../.git', __FILE__))
+    require "step-up"
+    version = StepUp::Driver::Git.last_version
+  end
+  version = "0.0.0" if version.nil?
+  VERSION = version.gsub(/^v?([^\+]+)\+?\d*$/, '\1')
+end

data/test/gatekeeper_test.rb

@@ -0,0 +1,254 @@
+# encoding: UTF-8
+
+require File.expand_path(File.dirname(__FILE__) + '/test_helper.rb')
+
+module PostControllerTestHelper
+  def define_post_controller_with(string_block)
+    class_eval %{
+      class PostController < ApplicationController
+        include Gatekeeper
+
+        def index
+          fake_action_result('Index HTML')
+        end
+
+        def edit
+          fake_action_result('Edit HTML')
+        end
+
+        #{string_block}
+      end
+    }
+  end
+
+  def define_post_controller
+    define_post_controller_with ''
+  end
+end
+
+module RequestAssertsHelper
+  def assert_request_successfully(body)
+    assert_equal body, @response.body.strip
+    assert_equal '200', @response.code
+  end
+
+  def assert_request_not_authorized(body = "Access not authorized.", status_code = '403')
+    assert_equal body, @response.body.strip
+    assert_equal status_code, @response.code
+  end
+end
+
+class PostControllerWithoutDefinedRulesTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller
+  tests PostController
+
+  def test_index_action_has_access_denied
+    get :index
+    assert_request_not_authorized
+  end
+end
+
+class PostControllerWithSatisfiedRuleTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :index do
+      true
+    end
+  }
+  tests PostController
+
+  def test_index_action_has_success
+    get :index
+    assert_request_successfully("Index HTML")
+  end
+end
+
+class PostControllerWithInsatisfiedRuleTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :index do
+      false
+    end
+  }
+  tests PostController
+
+  def test_index_action_has_access_denied
+    get :index
+    assert_request_not_authorized
+  end
+end
+
+class PostControllerWithRuleThatAccessMethodsTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :index do
+      authorized_request?
+    end
+
+    def authorized_request?
+      true
+    end
+  }
+  tests PostController
+
+  def test_method_was_executed_in_correct_scope
+    assert_nothing_raised do
+      get :index
+    end
+  end
+
+  def test_index_action_has_success
+    get :index
+    assert_request_successfully("Index HTML")
+  end
+end
+
+class PostControllerWithRuleWithouBlockTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :index
+  }
+  tests PostController
+
+  def test_index_action_has_success
+    get :index
+    assert_request_successfully("Index HTML")
+  end
+end
+
+class PostControllerWithMultipleRulesWithouBlockTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :index, :edit
+  }
+  tests PostController
+
+  def test_index_action_has_success
+    get :index
+    assert_request_successfully("Index HTML")
+  end
+
+  def test_edit_action_has_success
+    get :edit
+    assert_request_successfully("Edit HTML")
+  end
+end
+
+class PostControllerWithInsatisfiedMultipleRulesTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :index, :edit do
+      false
+    end
+  }
+  tests PostController
+
+  def test_index_action_has_access_denied
+    get :index
+    assert_request_not_authorized
+  end
+
+  def test_edit_action_has_access_denied
+    get :edit
+    assert_request_not_authorized
+  end
+end
+
+class PostControllerWithSatisfiedRulesForAllActionsTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :all do
+      true
+    end
+  }
+  tests PostController
+
+  def test_index_action_has_success
+    get :index
+    assert_request_successfully("Index HTML")
+  end
+
+  def test_edit_action_has_success
+    get :edit
+    assert_request_successfully("Edit HTML")
+  end
+end
+
+class PostControllerWithRulesForAllActionsWithoutBlockTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :all
+  }
+  tests PostController
+
+  def test_index_action_has_success
+    get :index
+    assert_request_successfully("Index HTML")
+  end
+
+  def test_edit_action_has_success
+    get :edit
+    assert_request_successfully("Edit HTML")
+  end
+end
+
+class PostControllerWithRulesForAllActionsAndOneActionTest < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    allow :all
+
+    allow :edit do
+      false
+    end
+  }
+  tests PostController
+
+  def test_index_action_has_success
+    get :index
+    assert_request_successfully("Index HTML")
+  end
+
+  def test_edit_action_has_access_denied
+    get :edit
+    assert_request_not_authorized
+  end
+end
+
+class PostControllerWithRuleForAccessDeniedResponse < ActionController::TestCase
+  extend PostControllerTestHelper
+  include RequestAssertsHelper
+
+  define_post_controller_with %{
+    when_access_denied do
+      fake_action_result("No donuts for you!!!", 401)
+    end
+  }
+  tests PostController
+
+  def test_index_action_has_access_denied
+    get :index
+    assert_request_not_authorized("No donuts for you!!!", '401')
+  end
+end
+

data/test/test_helper.rb

@@ -0,0 +1,33 @@
+require 'rubygems'
+require 'test/unit'
+
+LIB_PATH = File.expand_path(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+$LOAD_PATH.unshift(LIB_PATH)
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'gatekeeper'
+
+# Simulating a rails app for tests
+#
+require 'action_controller'
+require 'rails'
+require 'rails/test_help'
+
+module MyTestApplication 
+  class Application < Rails::Application
+  end
+end
+
+Rails.application.routes.draw do
+  match '/:controller(/:action(/:id))'
+end
+
+class ApplicationController < ActionController::Base
+  include Rails.application.routes.url_helpers
+  
+  protected
+  def fake_action_result(view_content = nil, status = 200)
+    view_content ||= "any view content"
+    render :text => view_content, :status => status
+  end
+end

metadata

@@ -0,0 +1,106 @@
+--- !ruby/object:Gem::Specification
+name: gatekeeper-rails
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Eric Fer
+- Lucas Fais
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: step-up
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+description: ! "gatekeeper-rails provides a simple and \n    beaultiful DSL to do
+  authorization checks in rails controllers"
+email:
+- eric.fer@gmail.com
+- lucasfais@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/gatekeeper.rb
+- lib/gatekeeper/version.rb
+- test/gatekeeper_test.rb
+- test/test_helper.rb
+homepage: https://github.com/abril/gatekeeper-rails
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Simple DSL for authorization with Rails
+test_files:
+- test/gatekeeper_test.rb
+- test/test_helper.rb