generic_auth 0.1.1

data/lib/generic_auth/auth_error.rb

@@ -0,0 +1,4 @@
+module GenericAuth
+	class AuthError < Exception
+	end
+end

data/lib/generic_auth/engine.rb

@@ -0,0 +1,139 @@
+require 'singleton'
+# roles[:person][:module_class_method] = [context_1, context_2, ...]
+module GenericAuth
+	class Engine
+		include Singleton
+
+		def initialize
+			@roles = {}
+			@user = Guest.new
+		end
+
+		def user= user=nil
+			user = GenericAuth::Guest.new if user.nil?
+			raise ArgumentError, 'User must respond_to? roles' unless user.respond_to?(:roles)
+			@user = user
+		end
+
+		def user
+			@user
+		end
+
+		def add_role role
+			require_no_role role
+
+			@roles[role] = {}
+		end
+
+		def clear_roles
+			@roles = {}
+		end
+
+		def remove_role role
+			require_role_symbol role
+
+			@roles.delete(role) if @roles[role]
+		end
+
+		def roles
+			@roles.keys
+		end
+
+		def add_activity role, activity, contexts = []
+			require_activity_symbol activity
+			require_defined_role role
+
+			@roles[role][activity] = contexts
+		end
+
+		def remove_activity role, activity
+			require_defined_role role
+			require_activity_symbol activity
+
+			@roles[role].delete(activity) if @roles[role][activity]
+		end
+
+		def clear_activities role
+			require_defined_role role
+			@roles[role] = {} if @roles[role]
+		end
+
+		def activities role
+			require_role_symbol role
+			@roles[role].keys
+		end
+
+		def add_context role, activity, &block
+			require_defined_activity role, activity
+			raise ArgumentError, 'Invalid callback, callback must respond_to? call' unless block.respond_to?(:call)
+
+			@roles[role][activity] << block
+		end
+
+		def remove_context role, activity, index
+			require_defined_activity role, activity
+
+			@roles[role][activity].delete_at(index) if @roles[role][activity]
+		end
+
+		def clear_contexts role, activity
+			require_role_symbol role
+			require_activity_symbol activity
+			@roles[role][activity] = [] if @roles[role] && @roles[role][activity]
+		end
+
+		def contexts role, activity
+			require_defined_role role
+			require_activity_symbol activity
+			@roles[role][activity]
+		end
+
+		def permitted? role, activity, object, *args
+			require_defined_role role
+			return false unless @roles[role][activity]
+			return true if @roles[role][activity].empty?
+			@roles[role][activity].all? do |context|
+				context.call(object, *args)
+			end
+		end
+
+		def wrap_class(klass)
+			wrapped = klass.to_s.camelize.constantize
+			raise 'Class must respond_to? generic_auth_on with an array of methods(activites) to authorize' unless wrapped.respond_to?(:generic_auth_on)
+			activities = wrapped.send(:generic_auth_on)
+			activities.each do |activity|
+				old = wrapped.instance_method(activity)
+				wrapped.send(:define_method, activity) do |*args|
+					GenericAuth::Guard.authorize activity, self, *args
+					old.bind(self).(*args)
+				end
+			end
+		end
+
+		private
+		def require_role_symbol role
+			raise ArgumentError, 'Role must be a symbol' unless role.is_a?(Symbol)
+		end
+
+		def require_activity_symbol activity
+			raise ArgumentError, 'Activity must be a symbol' unless activity.is_a?(Symbol)
+		end
+
+		def require_no_role role
+			require_role_symbol role
+			raise ArgumentError, 'Role is already defined' unless @roles[role].nil?
+		end
+
+		def require_defined_role role
+			require_role_symbol role
+			raise ArgumentError, "The #{role} role is not defined" if @roles[role].nil?
+		end
+
+		def require_defined_activity role, activity
+			require_defined_role role
+			require_activity_symbol activity
+			raise ArgumentError, "Role #{role} has no permission for activity #{activity}" if @roles[role][activity].nil?
+		end
+
+	end
+end

data/lib/generic_auth/guard.rb

@@ -0,0 +1,14 @@
+module GenericAuth
+	class Guard
+		def self.authorize activity, object, *args
+			permitted = false
+			Engine.instance.user.roles.each do |role|
+				if Engine.instance.permitted? role, activity, object, *args
+					permitted = true
+					break
+				end
+			end
+			raise GenericAuth::AuthError, "User not authorized for activity #{activity}" unless permitted
+		end
+	end
+end

data/lib/generic_auth/guest.rb

@@ -0,0 +1,7 @@
+module GenericAuth
+	class Guest
+		def roles
+			[:guest]
+		end
+	end
+end

data/lib/generic_auth/rules.rb

@@ -0,0 +1,43 @@
+module GenericAuth
+	class Rules
+
+		@role = nil
+		@wrapped = []
+
+		def self.define &block
+			instance_eval(&block)
+		end
+
+		def self.role role, &block
+			Engine.instance.add_role(role)
+			@role = role
+			yield
+		end
+
+		def self.permitted_to activities, options = {}, &block
+			activities = [activities] unless activities.is_a?(Array)
+			activities.each do |activity|
+				Engine.instance.add_activity(@role, activity)
+				@activity = activity
+				instance_eval(&block) if block_given?
+				unless @wrapped.include?(options[:on])
+					Engine.instance.wrap_class(options[:on]) 
+					@wrapped << options[:on]
+				end
+			end
+			@activity = nil
+		end
+
+		def self.context &block
+			raise 'Context must be declared inside an activity' if @activity.nil?
+			Engine.instance.add_context @role, @activity, &block if block_given?
+		end
+
+		def self.includes role
+			activities = Engine.instance.activities(role)
+			activities.each do |activity|
+				Engine.instance.add_activity(@role, activity)
+			end
+		end
+	end
+end

data/lib/generic_auth/version.rb

@@ -0,0 +1,3 @@
+module GenericAuth
+  VERSION = "0.1.1"
+end

data/lib/generic_auth.rb

@@ -0,0 +1,9 @@
+require "active_support/all"
+require 'generic_auth/engine'
+require 'generic_auth/rules'
+require 'generic_auth/guest'
+require 'generic_auth/guard'
+require 'generic_auth/auth_error'
+module GenericAuth
+
+end

metadata

@@ -0,0 +1,123 @@
+--- !ruby/object:Gem::Specification
+name: generic_auth
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+  prerelease: 
+platform: ruby
+authors:
+- Chris McLeod
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-08-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ! "This gem works on the most basic ruby classes. Its only dependency
+  is activesupport for some\n                     string and inflector functionality.
+  \ GenericAuth is very easy to use, simply create a rules file and your class methods\n
+  \                    are automatically wrapped to invoke authorization methods before
+  they are run.  You must set the user which must\n                     respond to
+  a roles method.  Your authorized classes must also specify which methods should
+  be authorized (generic_auth_on method) \n                     as an array of symbols
+  (see specs).  Other than that, its automatic"
+email:
+- chris12295@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/generic_auth.rb
+- lib/generic_auth/auth_error.rb
+- lib/generic_auth/engine.rb
+- lib/generic_auth/guard.rb
+- lib/generic_auth/guest.rb
+- lib/generic_auth/rules.rb
+- lib/generic_auth/version.rb
+homepage: https://github.com/chrismcleod/generic_auth
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: ! '[none]'
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Generic authorization for any class and framework
+test_files: []