RubyGems - guachiman - Versions diffs - 0.3.2 → 1.0.1 - Mend

guachiman 0.3.2 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/README.md +56 -117
data/guachiman.gemspec +4 -7
data/lib/guachiman.rb +19 -6
data/lib/guachiman/version.rb +1 -1
data/test/guachiman_test.rb +34 -0
metadata +8 -56
data/lib/generators/guachiman/install/install_generator.rb +0 -12
data/lib/generators/guachiman/install/templates/permission.rb +0 -32
data/lib/guachiman/params.rb +0 -48
data/lib/guachiman/permissions.rb +0 -30
data/lib/guachiman/rails/permissible.rb +0 -49
data/lib/guachiman/rails/railtie.rb +0 -8
data/test/generators/install_generator_test.rb +0 -30
data/test/test_helper.rb +0 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4916879c98565075de3207f59c7523e2b17cbb94
-  data.tar.gz: f4ac1da14be00cdcfc68d3fc9bfa670f00be2db7
+  metadata.gz: 97d7c5faf252acffc4cd784ae04bd48dc95bbfcc
+  data.tar.gz: 1e87686d64536b2672e1554bb67e32007e8c2494
 SHA512:
-  metadata.gz: ccc80328ac823ebcd3ec11e4128d3fad117815e99adda13727ec4b2fa22488696e3562bb5030b92826e2dab9ad3b00de4c1d5cfbade31942822e0e90dadddf04
-  data.tar.gz: db6437b784d2074dda9748dc0311df09e9e192ac84a5a87d59593febbb5362a6ee1b33428e3fbd225ac2b5ad599e57639aa7ca574820cc022358babf6a293b13
+  metadata.gz: ac3f9f4298eb754ad5c743546304c0f258b10869fdb19e48c7f4fc342fed8544fe2f71132bc3ac6fe3810df457db54d1d32e3d6986a1ccbfb4305bf1dad564b2
+  data.tar.gz: 81f6dc65dacdb2250978b11914a49fe5b0a72ec423ccd0fbff188d64743ca224383c70c1e53318fa0ed06fee6ebe585dc1afd05aad5f3993372d27fcf01bb532

data/README.md CHANGED

@@ -1,13 +1,34 @@
 Guachiman
 =========
-Basic Authorization gem. Based on [RailsCast #385 Authorization from Scratch](http://railscasts.com/episodes/385-authorization-from-scratch-part-1)
-from Ryan Bates.
+Minimal authorization library inspired by [RailsCast #385 Authorization from Scratch][1] by Ryan Bates.
+Guachiman allows you to store authorization rules as a tree of permissions nested within groups.
+Permissions can be either `true` or a block that takes an object. In that case the permission will
+be the result of the block evaluation.
+[![Codeship Status for goddamnhippie/guachiman][2]][3]
+[1]: http://railscasts.com/episodes/385-authorization-from-scratch-part-1
+[2]: https://www.codeship.io/projects/f3a90030-f43c-0131-65bd-5a054a318c0e/status
+[3]: https://www.codeship.io/projects/28071
+Upgrading to v1.0.0
+-------------------
+**Starting with version 1.0.0 all Rails-specific code and support has been removed.**
+A new gem called guachiman-rails will be the recommended way to use Guachiman with Rails.
+More info [in the repo][4].
+[4]: https://github.com/goddamnhippie/guachiman-rails
 Installation
 ------------
-Add this line to your application's Gemfile:
+Add this line to your application's `Gemfile`:
 ```ruby
 gem 'guachiman'
@@ -19,156 +40,74 @@ And then execute:
 $ bundle
 ```
-Or install it yourself as:
+Or install it directly:
 ```bash
 $ gem install guachiman
 ```
 Usage
 -----
-Run `rails g guachiman:install`
-This will generate a `permission.rb` file in `app/models`.
-Include `Guachiman::Permissible` in `ApplicationController` and implement a `current_user` method there.
+Describe your authorization objects in this way:
 ```ruby
-include Guachiman::Permissible
-def current_user
-  @current_user ||= User.find_by_auth_token(cookies[:auth_token]) if cookies[:auth_token]
-end
-```
-You can also override these methods to handle failed authorizations for GET, non-AJAX requests:
-```ruby
-def not_authorized
-  redirect_to root_path, alert: t('flashes.not_authorized')
-end
-def not_signed_in
-  session[:next] = request.url
-  redirect_to sign_in_path, alert: t('flashes.please_sign_in')
-end
-```
-And you can also override this method to handle failed non-GET or AJAX requests:
-```ruby
-def render_unauthorized
-  render text: "NO", status: :unauthorized
-end
-```
+class Authorization
+  include Guachiman
-That's it, now you can describe your permissions in this way:
-```ruby
-class Permission
-  include Guachiman::Permissions
-  include Guachiman::Params
-  attr_reader :current_user, :current_request
-  def initialize user, request
-    @current_user    = user
-    @current_request = request
-    if current_user.nil?
-      guest
-    elsif current_user.admin?
-      admin
+  def initialize(user)
+    if @current_user = user
+      member_authorization
     else
-      member
+      guest_authorization
     end
   end
 private
-  def guest
-    allow :sessions, [:new, :create, :destroy]
-    allow :users,    [:new, :create]
-    allow_param :user, [:name, :email, :password]
+  def guest_authorization
+    allow :sessions, [:new]
   end
-  def member
-    guest
-    allow :users, [:show, :edit, :update]
-  end
+  def member_authorization
+    guest_authorization
-  def admin
-    allow_all!
+    allow :users, [:show, :edit, :update] do |user_id|
+      @current_user.id == user_id
+    end
   end
 end
 ```
-* `#allow` takes a **controller** params key or array of keys and an array of **actions**.
-* `#allow_param` takes a **model** params key or array of keys and an array of **attributes**.
-* `#allow_all!` is a convenience method to allow **all** controllers, actions and parameteres.
-You can also go a bit further in the way you specify your permissions, if you override `current_resource`:
+So that you can use them like this:
 ```ruby
-class OrdersController < ApplicationController
-...
-private
-  def current_resource
-    @order ||= params[:id].present? ? Order.find(params[:id]) : Order.new
-  end
-end
-```
+user  = User.find(user_id)
-The `current_resource` is passed to a block that needs to return a truthy object to allow the action.
+guest_authorization = Authorization.new
+user_authorization  = Authorization.new(user)
-```ruby
-def guest
-  allow :sessions, [:new, :create, :destroy]
-  allow :users,    [:new, :create]
-  allow :orders,   [:show, :edit, :update] do |order|
-    order.accessible_by_token? current_request.cookies['cart_token']
-  end
+guest_authorization.allow?(:sessions, :new)
+# => true
-  allow_param :user, [:name, :email, :password]
-end
+user_authorization.allow?(:users, :show)
+# => false
-def member
-  guest
-  allow :users,  [:show, :edit, :update] do |user|
-    current_user == user
-  end
-  allow :orders, [:show, :edit, :update] do |order|
-    order.accessible_by_user? user
-  end
-end
+user_authorization.allow?(:users, :show, user.id)
+# => true
 ```
-You can also be more specific about the param permissions setting them to be read or write.
-```ruby
-def member
-  ...
+### `#allow`
-  allow_read_param  :contact, [:name, :phone, :email]
-  allow_write_param :contact, [:name, :phone]
-end
-```
+This is what you use to set permissions. It takes two parameters, `group` and `permissions`, and a block.
+All are optional and depend on how specific you want to be.
-That can also be useful on the views because you get a `current_permission` helper that you can use like this:
+### `#allow?`
-```erb
-<%= form_for @contact do |f| %>
-  <% current_permission.write_allowed_params[:contact].each do |p| %>
-    <%= f.text_field p %>
-  <% end %>
+This is what you use to check permissions. It takes a `group` param, a `permission` param, and an optional `object`
+param to evaluate in the block.
-  <%= f.submit %>
-<% end %>
-```
 License
 -------

data/guachiman.gemspec CHANGED

@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
   spec.version       = Guachiman::VERSION
   spec.authors       = ['Francesco Rodriguez', 'Gustavo Beathyate']
   spec.email         = ['lrodriguezsanc@gmail.com', 'gustavo.bt@me.com']
-  spec.summary       = 'Basic authorization library'
-  spec.description   = "#{spec.summary} based on Ryan Bates' Railscasts #385 and #386"
+  spec.summary       = 'Minimal authorization library'
+  spec.description   = "#{ spec.summary } inspired by Ryan Bates' Railscasts #385 and #386"
   spec.homepage      = 'https://github.com/goddamnhippie/guachiman'
   spec.license       = 'MIT'
@@ -17,10 +17,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test)/})
   spec.require_paths = ['lib']
-  spec.add_dependency 'railties',     '~> 4.0', '>= 4.0.0'
-  spec.add_dependency 'activerecord', '~> 4.0', '>= 4.0.0'
   spec.add_development_dependency 'rake',     '~> 10.3', '>= 10.3.0'
-  spec.add_development_dependency 'minitest', '~> 5.3',  '>= 5.3.3'
-  spec.add_development_dependency 'bundler',  '~> 1.6',  '>= 1.6.0'
+  spec.add_development_dependency 'minitest', '~>  5.3', '>=  5.3.3'
+  spec.add_development_dependency 'bundler',  '~>  1.6', '>=  1.6.0'
 end

data/lib/guachiman.rb CHANGED

@@ -1,9 +1,22 @@
 require 'guachiman/version'
-require 'guachiman/permissions'
-require 'guachiman/params'
-if defined? Rails
-  require 'guachiman/rails/railtie'
-  require 'guachiman/rails/permissible'
-  require 'active_record'
+module Guachiman
+  def rules
+    @rules ||= {}
+  end
+  def allow(group, permissions, &block)
+    permissions.each do |permission|
+      rules[group] ||= {}
+      rules[group][permission] = (block || true)
+    end
+  end
+  def allow?(group, permission, object = nil)
+    if rule = rules[group] && rules[group][permission]
+      rule == true || object && rule.call(object)
+    else
+      false
+    end
+  end
 end

data/lib/guachiman/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Guachiman
-  VERSION = '0.3.2'
+  VERSION = '1.0.1'
 end

data/test/guachiman_test.rb ADDED

@@ -0,0 +1,34 @@
+require 'bundler/setup'
+require 'minitest/autorun'
+require 'guachiman'
+class GuachimanTest < MiniTest::Test
+  def setup
+    @authorization = Class.new do
+      include Guachiman
+      def initialize
+        allow :group, [:permission1, :permission2]
+        allow :group, [:permission3, :permission4] do |object|
+          object == 1
+        end
+      end
+    end.new
+  end
+  def test_basic_rules
+    refute @authorization.allow?(:group, :permission0)
+    assert @authorization.allow?(:group, :permission1)
+    assert @authorization.allow?(:group, :permission2)
+  end
+  def test_block_rules
+    refute @authorization.allow?(:group, :permission3)
+    refute @authorization.allow?(:group, :permission4)
+    refute @authorization.allow?(:group, :permission3, 0)
+    refute @authorization.allow?(:group, :permission4, 0)
+    assert @authorization.allow?(:group, :permission3, 1)
+    assert @authorization.allow?(:group, :permission4, 1)
+  end
+end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: guachiman
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 1.0.1
 platform: ruby
 authors:
 - Francesco Rodriguez
@@ -9,48 +9,8 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-08 00:00:00.000000000 Z
+date: 2014-07-23 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: railties
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
-- !ruby/object:Gem::Dependency
-  name: activerecord
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -111,8 +71,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.0
-description: 'Basic authorization library based on Ryan Bates'' Railscasts #385 and
-  #386'
+description: 'Minimal authorization library inspired by Ryan Bates'' Railscasts #385
+  and #386'
 email:
 - lrodriguezsanc@gmail.com
 - gustavo.bt@me.com
@@ -126,16 +86,9 @@ files:
 - README.md
 - Rakefile
 - guachiman.gemspec
-- lib/generators/guachiman/install/install_generator.rb
-- lib/generators/guachiman/install/templates/permission.rb
 - lib/guachiman.rb
-- lib/guachiman/params.rb
-- lib/guachiman/permissions.rb
-- lib/guachiman/rails/permissible.rb
-- lib/guachiman/rails/railtie.rb
 - lib/guachiman/version.rb
-- test/generators/install_generator_test.rb
-- test/test_helper.rb
+- test/guachiman_test.rb
 homepage: https://github.com/goddamnhippie/guachiman
 licenses:
 - MIT
@@ -156,10 +109,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.4.1
 signing_key:
 specification_version: 4
-summary: Basic authorization library
+summary: Minimal authorization library
 test_files:
-- test/generators/install_generator_test.rb
-- test/test_helper.rb
+- test/guachiman_test.rb

data/lib/generators/guachiman/install/install_generator.rb DELETED

@@ -1,12 +0,0 @@
-module Guachiman
-  module Generators
-    class InstallGenerator < ::Rails::Generators::Base
-      desc 'Install guachiman'
-      source_root File.expand_path '../templates', __FILE__
-      def copy_permission_model
-        template 'permission.rb', 'app/models/permission.rb'
-      end
-    end
-  end
-end

data/lib/generators/guachiman/install/templates/permission.rb DELETED

@@ -1,32 +0,0 @@
-class Permission
-  include Guachiman::Permissions
-  include Guachiman::Params
-  attr_reader :current_user, :current_request
-  def initialize user, request
-    @current_user    = user
-    @current_request = request
-    if current_user.nil?
-      guest
-    elsif current_user.admin?
-      admin
-    else
-      member
-    end
-  end
-private
-  def guest
-  end
-  def member
-    guest
-  end
-  def admin
-    allow_all!
-  end
-end

data/lib/guachiman/params.rb DELETED

@@ -1,48 +0,0 @@
-module Guachiman
-  module Params
-    attr_reader :read_allowed_params, :write_allowed_params
-    [:read, :write].each do |action|
-      ivar = "@#{action}_allowed_params"
-      define_method "allow_#{action}_param" do |resources, attributes|
-        instance_variable_set(ivar, {}) unless instance_variable_get ivar
-        Array(resources).each do |resource|
-          instance_variable_get(ivar)[resource] ||= []
-          instance_variable_get(ivar)[resource] += Array(attributes)
-        end
-      end
-      define_method "allow_#{action}_param?" do |resource, attribute|
-        if instance_variable_get :@allow_all
-          true
-        elsif instance_variable_get(ivar) && instance_variable_get(ivar)[resource]
-          instance_variable_get(ivar)[resource].include? attribute
-        end
-      end
-    end
-    def allowed_params
-      read_allowed_params & write_allowed_params
-    end
-    def allow_param resources, attributes
-      allow_read_param  resources, attributes
-      allow_write_param resources, attributes
-    end
-    def allow_param? resource, attribute
-      allow_write_param?(resource, attribute) && allow_read_param?(resource, attribute)
-    end
-    def permit_params! params
-      if @allow_all
-        params.permit!
-      elsif write_allowed_params
-        write_allowed_params.each do |resource, attributes|
-          params[resource] = params[resource].permit(*attributes) if params[resource].respond_to? :permit
-        end
-      end
-    end
-  end
-end

data/lib/guachiman/permissions.rb DELETED

@@ -1,30 +0,0 @@
-module Guachiman
-  module Permissions
-    attr_reader :allowed_actions, :allow_all
-    def allow controllers, actions, &block
-      @allowed_actions ||= {}
-      Array(controllers).each do |controller|
-        Array(actions).each do |action|
-          allowed_actions[controller] ||= {}
-          allowed_actions[controller].merge! action => (block || true)
-        end
-      end
-    end
-    def allow? controller, action, resource=nil
-      allowed = allow_all || check_allowed_action(controller, action)
-      !!allowed && (allowed == true || resource && allowed.call(resource))
-    end
-    def allow_all!
-      @allow_all = true
-    end
-  private
-    def check_allowed_action controller, action
-      allowed_actions && allowed_actions[controller.to_sym] && allowed_actions[controller.to_sym][action.to_sym]
-    end
-  end
-end

data/lib/guachiman/rails/permissible.rb DELETED

@@ -1,49 +0,0 @@
-module Guachiman
-  module Permissible
-    extend ActiveSupport::Concern
-    included do
-      before_filter :authorize
-      helper_method :current_user
-      helper_method :current_permission
-      helper_method :current_resource
-    end
-    def current_user
-      raise 'This method must be implemented'
-    end
-    def current_permission
-      @current_permission ||= Permission.new current_user, request
-    end
-    def current_resource
-      nil
-    end
-    def authorize
-      if current_permission.allow? controller_name, action_name, current_resource
-        current_permission.permit_params! params
-      else
-        if request.get? && !request.xhr?
-          current_user ? not_authorized : not_signed_in
-        else
-          render_unauthorized
-        end
-      end
-    end
-    def not_authorized
-      redirect_to root_path, alert: t('flashes.not_authorized')
-    end
-    def not_signed_in
-      session[:next] = request.url
-      redirect_to sign_in_path, alert: t('flashes.please_sign_in')
-    end
-    def render_unauthorized
-      render text: "NO", status: :unauthorized
-    end
-  end
-end

data/lib/guachiman/rails/railtie.rb DELETED

@@ -1,8 +0,0 @@
-require 'rails'
-module Guachiman
-  module Rails
-    class Railtie < ::Rails::Railtie
-    end
-  end
-end

data/test/generators/install_generator_test.rb DELETED

@@ -1,30 +0,0 @@
-require 'test_helper'
-require 'rails/generators/test_case'
-require 'generators/guachiman/install/install_generator'
-class InstallGeneratorTest < Rails::Generators::TestCase
-  DESTINATION = File.expand_path File.join(File.dirname(__FILE__), '..', '..', 'tmp')
-  FileUtils.mkdir_p DESTINATION unless Dir.exist? DESTINATION
-  destination DESTINATION
-  tests Guachiman::Generators::InstallGenerator
-  setup :prepare_destination
-  def prepare_destination
-    FileUtils.rm_r    "#{DESTINATION}/app" if Dir.exists? "#{DESTINATION}/app"
-    FileUtils.mkdir_p "#{DESTINATION}/app"
-    FileUtils.mkdir_p "#{DESTINATION}/app/models"
-  end
-  test 'create permission' do
-    run_generator
-    assert_file 'app/models/permission.rb' do |f|
-      assert_match(/class Permission/, f)
-      assert_match(/include Guachiman::Permissions/, f)
-      assert_match(/include Guachiman::Params/, f)
-      assert_match(/initialize user, request/, f)
-    end
-  end
-end

data/test/test_helper.rb DELETED

@@ -1,4 +0,0 @@
-require 'bundler/setup'
-require 'minitest/autorun'
-require 'minitest/pride'
-require 'guachiman'