grut 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d0a152aead7d0328607420a097d0c2dc43d3bbad
+  data.tar.gz: d9b0a008d5489237a692f31172634f1230d0e42d
+SHA512:
+  metadata.gz: 1b7aef20f767db66ca8a0c2996f9fde8d5ea943509439cbed06912f0522c82d2fdc132320291140c1cb2e1f582b0273a8e6f7c32c28536c1c95a81e8255774eb
+  data.tar.gz: 8ac137414db8a7dea64ede667ecca2492a0faeeb6750c5da58db93d68e8c1a4c8f696906474c1640752d2516721bc05a2df58ca221f7b389c75044cbb4586bae

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rubocop.yml

@@ -0,0 +1,2 @@
+AllCops:
+  DisabledByDefault: true

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.3.1
+before_install: gem install bundler -v 1.14.3

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at ka8725@gmail.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in grut.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Andrey Koleshko
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+# Grut
+
+Define user permissions in a Ruby project dynamically and store them in a database with Grut's help.
+This allows to manage access to specific entities for concrete users on the fly through a user interface.
+
+## Installation
+
+Grut requires already installed any of the database adapters supported by [sequel](https://github.com/jeremyevans/sequel). `pg` and `mysql2` are the most popular ones.
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'grut'
+```
+
+Configure the database connection after that in some place of the project that have Grut installed. For example, it could be the following line in the `config/application.rb` of a Rails project:
+
+```ruby
+Grut::Config.instance.db_url = 'postgres://ka8725:@localhost/check_development'
+```
+
+## Usage
+
+There are two main classes: `Grut::Guardian` and `Grut::Statement`. Use `Grut::Guardian` to manage control
+access for entries and `Grut::Statement` to get information about defined permissions for a given user.
+Look into the following code snippet that demonstrates their usage:
+
+```ruby
+user = Struct.new(:id).new(42)
+store = Struct.new(:id).new(12)
+
+guardian = Grut::Guardian.new(user, :admin)
+statement = Grut::Statement.new(user)
+
+guardian.permitted?(:manage_store, all: true) # => false
+guardian.permitted?(:manage_store, id: store.id) # => false
+statement.all #=> []
+
+guardian.permit(:manage_store, all: true)
+guardian.permitted?(:manage_store, all: true) # => true
+guardian.permitted?(:manage_store, id: store.id) # => true
+statement.all #=> [#<struct Grut::Statement::Entry role="admin", permission="manage_store", contract_key="all", contract_value="true">]
+
+guardian.forbid(:manage_store, all: true)
+guardian.permitted?(:manage_store, all: true) # => false
+guardian.permitted?(:manage_store, id: store.id) # => false
+statement.all #=> []
+
+guardian.permit(:manage_store, id: 1)
+guardian.permitted?(:manage_store, all: true) # => true
+guardian.permitted?(:manage_store, id: store.id) # => true
+statement.all #=> [#<struct Grut::Statement::Entry role="admin", permission="manage_store", contract_key="id", contract_value="1">]
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/Andrey Koleshko/grut. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,12 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+require_relative './lib/grut'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :test_db_setup => ['grut:remove', 'grut:install']
+task :default => [:test_db_setup, :test]

data/grut.gemspec

@@ -0,0 +1,34 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'grut/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'grut'
+  spec.version       = Grut::VERSION
+  spec.authors       = ['Andrey Koleshko']
+  spec.email         = ['ka8725@gmail.com']
+
+  spec.summary       = %q{Flexible authorization solution.}
+  spec.description   = %q{
+                         Thi is an authorization system for a Ruby (including Rails) project,
+                         that allows to specify dynamic permissions. All data is stored
+                         in an SQL database, supported by Sequel.
+                       }
+  spec.homepage      = ''
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features|config|bin)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_development_dependency 'bundler', '~> 1.14'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'minitest', '~> 5.0'
+  spec.add_development_dependency 'pry-byebug'
+  spec.add_development_dependency 'pg'
+  spec.add_dependency 'sequel'
+end

data/lib/grut.rb

@@ -0,0 +1,10 @@
+require 'grut/version'
+require 'grut/concerns/db_tables'
+require 'grut/asset'
+require 'grut/config'
+require 'grut/db'
+require 'grut/guardian'
+require 'grut/statement'
+
+require 'rake'
+load 'tasks/grut.rake'

data/lib/grut/asset.rb

@@ -0,0 +1,24 @@
+module Grut
+  module Asset
+    def self.stringify_hash(hash)
+      hash.reduce({}) do |res, (key, val)|
+        res[key.to_s] = val.to_s
+        res
+      end
+    end
+
+    def self.sanitize_contract_hash(hash)
+      hash.reduce({}) do |res, (key, val)|
+        res[:"key_#{key}"] = key
+        res[:"val_#{val}"] = val
+        res
+      end
+    end
+
+    def self.contract_sql_condition(hash)
+      hash.map do |key, value|
+        "key = :key_#{key} and value = :val_#{value}"
+      end.join(' and ')
+    end
+  end
+end

data/lib/grut/concerns/db_tables.rb

@@ -0,0 +1,19 @@
+module Grut
+  module Concerns
+    module DBTables
+      private
+
+      def roles_table
+        @roles_table ||= Grut::Config.instance.db_tables[:roles]
+      end
+
+      def permissions_table
+        @permissions_table ||= Grut::Config.instance.db_tables[:permissions]
+      end
+
+      def permission_params_table
+        @permission_params_table ||= Grut::Config.instance.db_tables[:permission_params]
+      end
+    end
+  end
+end

data/lib/grut/config.rb

@@ -0,0 +1,17 @@
+require 'singleton'
+
+module Grut
+  class Config
+    include Singleton
+
+    attr_accessor :db_url
+
+    def db_tables
+      @tables ||= {
+        roles: :grut_roles,
+        permissions: :grut_permissions,
+        permission_params: :grut_permission_params
+      }
+    end
+  end
+end

data/lib/grut/db.rb

@@ -0,0 +1,22 @@
+require 'sequel'
+require 'singleton'
+
+class DB
+  include Singleton
+
+  def self.conn
+    instance.conn
+  end
+
+  def conn
+    @conn ||= Sequel.connect(db_url)
+  end
+
+  private
+
+  def db_url
+    url = Grut::Config.instance.db_url
+    fail 'Database connection is not configured' unless url
+    url
+  end
+end

data/lib/grut/guardian.rb

@@ -0,0 +1,108 @@
+module Grut
+  class Guardian
+    include Concerns::DBTables
+
+    def initialize(user, role)
+      @user = user
+      @role = role.to_s
+    end
+
+    def permit(permission, params = {})
+      params = Asset.stringify_hash(params)
+      permission = permission.to_s
+
+      return false if role_exists?(permission, params)
+      permit_role_with_params(permission, params)
+      true
+    end
+
+    def forbid(permission, params = {})
+      params = Asset.stringify_hash(params)
+      permission = permission.to_s
+
+      forbit_role_with_params(permission, params)
+      true
+    end
+
+    def permitted?(permission, params = {})
+      params = Asset.stringify_hash(params)
+      permission = permission.to_s
+
+      role_exists?(permission, params)
+    end
+
+    private
+
+    def role_exists?(permission, params)
+      params_conditions = Asset.contract_sql_condition(params)
+      params = Asset.sanitize_contract_hash(params)
+      select = DB.conn[<<-SQL, params.merge(user_id: @user.id, role: @role, permission: permission)]
+        select 1 from #{roles_table} r
+          join #{permissions_table} p on p.role_id = r.id and (p.name = :permission or p.name = 'manage')
+            join #{permission_params_table} pp on pp.permission_id = p.id and (
+              (#{params_conditions}) or (key = 'all' and value = 'true')
+            )
+          where r.user_id = :user_id and r.name = :role and (
+            p.name = :permission or (p.name = 'manage' and pp.key = 'all' and pp.value = 'true')
+          )
+      SQL
+      select.count > 0
+    end
+
+    def permit_role_with_params(permission_name, params)
+      DB.conn.transaction do
+        role = find_or_create(_Role, user_id: @user.id, name: @role)
+        break if role_manages_all?(role[:id])
+        permission = find_or_create(_Permission, role_id: role[:id], name: permission_name)
+        if params['all'] == 'true'
+          _PermissionParam.where(permission_id: permission[:id]).delete
+          find_or_create(_PermissionParam, permission_id: permission[:id], key: 'all', value: 'true')
+        else
+          params.each do |key, value|
+            find_or_create(_PermissionParam, permission_id: permission[:id], key: key, value: value)
+          end
+        end
+      end
+    end
+
+    def forbit_role_with_params(permission_name, params)
+      role = _Role[user_id: @user.id] || {}
+      permission = _Permission[role_id: role[:id], name: permission_name] || {}
+      is_all = params['all'] == 'true'
+      permission_params = is_all ? [] : (params.map do |key, val|
+        _PermissionParam[permission_id: permission[:id], key: key, value: val]
+      end.compact)
+      DB.conn.transaction do
+        if is_all
+          _PermissionParam.where(permission_id: permission[:id]).delete
+        else
+          _PermissionParam.where(id: permission_params.map { |pp| pp[:id] }).delete
+        end
+        _Permission.where(id: permission[:id]).delete if _PermissionParam.count(permission_id: permission[:id]) == 0
+        _Role.where(id: role[:id]).delete if _Permission.count(role_id: role[:id]) == 0
+      end
+    end
+
+    def find_or_create(entity, params)
+      entity[params] || entity[id: entity.insert(params)]
+    end
+
+    def role_manages_all?(role_id)
+      permission = _Permission[name: 'manage', role_id: role_id]
+      return false unless permission
+      _PermissionParam[key: 'all', value: 'true', permission_id: permission[:id]] != nil
+    end
+
+    def _Role
+      @_Role ||= DB.conn[roles_table]
+    end
+
+    def _Permission
+      @_Permission ||= DB.conn[permissions_table]
+    end
+
+    def _PermissionParam
+      @_PermissionParam ||= DB.conn[permission_params_table]
+    end
+  end
+end

data/lib/grut/statement.rb

@@ -0,0 +1,33 @@
+module Grut
+  class Statement
+    include Concerns::DBTables
+
+    Entry = Struct.new(:role, :permission, :contract_key, :contract_value) do
+      def self.from_hash(hash)
+        new(*hash.values_at(:role, :permission, :contract_key, :contract_value))
+      end
+    end
+
+    def initialize(user)
+      @user = user
+    end
+
+    def all(role: nil, permission: nil, contract: {})
+      permission = permission.to_s if permission
+      role = role.to_s if role
+      contract = Asset.stringify_hash(contract)
+
+      permission_condition = permission ? 'and p.name = :permission' : ''
+      role_condition = role ? 'and r.name = :role' : ''
+      contract_condition = contract.any? ? "and #{Asset.contract_sql_condition(contract)}" : ''
+
+      args = Asset.sanitize_contract_hash(contract).merge(user_id: @user.id, role: role, permission: permission)
+      DB.conn[<<-SQL, args].map { |args| Entry.from_hash(args) }
+        select r.name as role, p.name as permission, pp.key as contract_key, pp.value as contract_value from #{roles_table} r
+          join #{permissions_table} p on p.role_id = r.id #{permission_condition}
+            join #{permission_params_table} pp on pp.permission_id = p.id #{contract_condition}
+          where r.user_id = :user_id #{role_condition}
+      SQL
+    end
+  end
+end

data/lib/grut/version.rb

@@ -0,0 +1,3 @@
+module Grut
+  VERSION = '0.1.0'.freeze
+end

data/lib/tasks/grut.rake

@@ -0,0 +1,39 @@
+namespace :grut do
+  task :config do
+    require 'yaml'
+    Grut::Config.instance.db_url ||= YAML.load_file('config/grut_database.yml')
+  end
+
+  desc 'Create necessary tables in the DB, specified by a config'
+  task :install => :config do
+    DB.conn.create_table Grut::Config.instance.db_tables[:roles] do
+      primary_key :id
+      Integer :user_id, null: false
+      String :name, null: false
+      index [:user_id, :name], unique: true, name: :grut_uniq_name_on_user_id_index
+    end
+
+    DB.conn.create_table Grut::Config.instance.db_tables[:permissions] do
+      primary_key :id
+      foreign_key :role_id, Grut::Config.instance.db_tables[:roles], null: false
+      String :name, null: false
+      index [:role_id, :name], unique: true, name: :grut_uniq_name_on_role_id_index
+    end
+
+    DB.conn.create_table Grut::Config.instance.db_tables[:permission_params] do
+      primary_key :id
+      foreign_key :permission_id, Grut::Config.instance.db_tables[:permissions], null: false
+      String :key, index: true, null: false
+      String :value, index: true, null: false
+    end
+  end
+
+  desc 'Deletes all created tables in the DB'
+  task :remove => :config do
+    DB.conn.run(<<-SQL)
+      drop table if exists #{Grut::Config.instance.db_tables[:permission_params]};
+      drop table if exists #{Grut::Config.instance.db_tables[:permissions]};
+      drop table if exists #{Grut::Config.instance.db_tables[:roles]};
+    SQL
+  end
+end

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: grut
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Andrey Koleshko
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2017-04-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.14'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: "\n                         Thi is an authorization system for a Ruby
+  (including Rails) project,\n                         that allows to specify dynamic
+  permissions. All data is stored\n                         in an SQL database, supported
+  by Sequel.\n                       "
+email:
+- ka8725@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- grut.gemspec
+- lib/grut.rb
+- lib/grut/asset.rb
+- lib/grut/concerns/db_tables.rb
+- lib/grut/config.rb
+- lib/grut/db.rb
+- lib/grut/guardian.rb
+- lib/grut/statement.rb
+- lib/grut/version.rb
+- lib/tasks/grut.rake
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Flexible authorization solution.
+test_files: []