RubyGems - guachiman - Versions diffs - 0.3.2 → 1.0.1 - Mend

guachiman 0.3.2 → 1.0.1

Files changed (15) hide show

checksums.yaml +4 -4
data/README.md +56 -117
data/guachiman.gemspec +4 -7
data/lib/guachiman.rb +19 -6
data/lib/guachiman/version.rb +1 -1
data/test/guachiman_test.rb +34 -0
metadata +8 -56
data/lib/generators/guachiman/install/install_generator.rb +0 -12
data/lib/generators/guachiman/install/templates/permission.rb +0 -32
data/lib/guachiman/params.rb +0 -48
data/lib/guachiman/permissions.rb +0 -30
data/lib/guachiman/rails/permissible.rb +0 -49
data/lib/guachiman/rails/railtie.rb +0 -8
data/test/generators/install_generator_test.rb +0 -30
data/test/test_helper.rb +0 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4916879c98565075de3207f59c7523e2b17cbb94
-  data.tar.gz: f4ac1da14be00cdcfc68d3fc9bfa670f00be2db7
+  metadata.gz: 97d7c5faf252acffc4cd784ae04bd48dc95bbfcc
+  data.tar.gz: 1e87686d64536b2672e1554bb67e32007e8c2494
 SHA512:
-  metadata.gz: ccc80328ac823ebcd3ec11e4128d3fad117815e99adda13727ec4b2fa22488696e3562bb5030b92826e2dab9ad3b00de4c1d5cfbade31942822e0e90dadddf04
-  data.tar.gz: db6437b784d2074dda9748dc0311df09e9e192ac84a5a87d59593febbb5362a6ee1b33428e3fbd225ac2b5ad599e57639aa7ca574820cc022358babf6a293b13
+  metadata.gz: ac3f9f4298eb754ad5c743546304c0f258b10869fdb19e48c7f4fc342fed8544fe2f71132bc3ac6fe3810df457db54d1d32e3d6986a1ccbfb4305bf1dad564b2
+  data.tar.gz: 81f6dc65dacdb2250978b11914a49fe5b0a72ec423ccd0fbff188d64743ca224383c70c1e53318fa0ed06fee6ebe585dc1afd05aad5f3993372d27fcf01bb532

data/README.md CHANGED

@@ -1,13 +1,34 @@
 Guachiman
 =========
-Basic Authorization gem. Based on [RailsCast #385 Authorization from Scratch](http://railscasts.com/episodes/385-authorization-from-scratch-part-1)
-from Ryan Bates.
+Minimal authorization library inspired by [RailsCast #385 Authorization from Scratch][1] by Ryan Bates.
+Guachiman allows you to store authorization rules as a tree of permissions nested within groups.
+Permissions can be either `true` or a block that takes an object. In that case the permission will
+be the result of the block evaluation.
+[![Codeship Status for goddamnhippie/guachiman][2]][3]
+[1]: http://railscasts.com/episodes/385-authorization-from-scratch-part-1
+[2]: https://www.codeship.io/projects/f3a90030-f43c-0131-65bd-5a054a318c0e/status
+[3]: https://www.codeship.io/projects/28071
+Upgrading to v1.0.0
+-------------------
+**Starting with version 1.0.0 all Rails-specific code and support has been removed.**
+A new gem called guachiman-rails will be the recommended way to use Guachiman with Rails.
+More info [in the repo][4].
+[4]: https://github.com/goddamnhippie/guachiman-rails
 Installation
 ------------
-Add this line to your application's Gemfile:
+Add this line to your application's `Gemfile`:
 ```ruby
 gem 'guachiman'
@@ -19,156 +40,74 @@ And then execute:
 $ bundle
 ```
-Or install it yourself as:
+Or install it directly:
 ```bash
 $ gem install guachiman
 ```
 Usage
 -----
-Run `rails g guachiman:install`
-This will generate a `permission.rb` file in `app/models`.
-Include `Guachiman::Permissible` in `ApplicationController` and implement a `current_user` method there.
+Describe your authorization objects in this way:
 ```ruby
-include Guachiman::Permissible
-def current_user
-  @current_user ||= User.find_by_auth_token(cookies[:auth_token]) if cookies[:auth_token]
-end
-```
-You can also override these methods to handle failed authorizations for GET, non-AJAX requests:
-```ruby
-def not_authorized
-  redirect_to root_path, alert: t('flashes.not_authorized')
-end
-def not_signed_in
-  session[:next] = request.url
-  redirect_to sign_in_path, alert: t('flashes.please_sign_in')
-end
-```
-And you can also override this method to handle failed non-GET or AJAX requests:
-```ruby
-def render_unauthorized
-  render text: "NO", status: :unauthorized
-end
-```
+class Authorization
+  include Guachiman
-That's it, now you can describe your permissions in this way:
-```ruby
-class Permission
-  include Guachiman::Permissions
-  include Guachiman::Params
-  attr_reader :current_user, :current_request
-  def initialize user, request
-    @current_user    = user
-    @current_request = request
-    if current_user.nil?
-      guest
-    elsif current_user.admin?
-      admin
+  def initialize(user)
+    if @current_user = user
+      member_authorization
     else
-      member
+      guest_authorization
     end
   end
 private
-  def guest
-    allow :sessions, [:new, :create, :destroy]
-    allow :users,    [:new, :create]
-    allow_param :user, [:name, :email, :password]
+  def guest_authorization
+    allow :sessions, [:new]
   end
-  def member
-    guest
-    allow :users, [:show, :edit, :update]
-  end
+  def member_authorization
+    guest_authorization
-  def admin
-    allow_all!
+    allow :users, [:show, :edit, :update] do |user_id|
+      @current_user.id == user_id
+    end
   end
 end
 ```
-* `#allow` takes a **controller** params key or array of keys and an array of **actions**.
-* `#allow_param` takes a **model** params key or array of keys and an array of **attributes**.
-* `#allow_all!` is a convenience method to allow **all** controllers, actions and parameteres.
-You can also go a bit further in the way you specify your permissions, if you override `current_resource`:
+So that you can use them like this:
 ```ruby
-class OrdersController < ApplicationController
-...
-private
-  def current_resource
-    @order ||= params[:id].present? ? Order.find(params[:id]) : Order.new
-  end
-end
-```
+user  = User.find(user_id)
-The `current_resource` is passed to a block that needs to return a truthy object to allow the action.
+guest_authorization = Authorization.new
+user_authorization  = Authorization.new(user)
-```ruby
-def guest
-  allow :sessions, [:new, :create, :destroy]
-  allow :users,    [:new, :create]
-  allow :orders,   [:show, :edit, :update] do |order|
-    order.accessible_by_token? current_request.cookies['cart_token']
-  end
+guest_authorization.allow?(:sessions, :new)
+# => true
-  allow_param :user, [:name, :email, :password]
-end
+user_authorization.allow?(:users, :show)
+# => false
-def member
-  guest
-  allow :users,  [:show, :edit, :update] do |user|
-    current_user == user
-  end
-  allow :orders, [:show, :edit, :update] do |order|
-    order.accessible_by_user? user
-  end
-end
+user_authorization.allow?(:users, :show, user.id)
+# => true
 ```
-You can also be more specific about the param permissions setting them to be read or write.
-```ruby
-def member
-  ...
+### `#allow`
-  allow_read_param  :contact, [:name, :phone, :email]
-  allow_write_param :contact, [:name, :phone]
-end
-```
+This is what you use to set permissions. It takes two parameters, `group` and `permissions`, and a block.
+All are optional and depend on how specific you want to be.
-That can also be useful on the views because you get a `current_permission` helper that you can use like this:
+### `#allow?`
-```erb
-<%= form_for @contact do |f| %>
-  <% current_permission.write_allowed_params[:contact].each do |p| %>
-    <%= f.text_field p %>
-  <% end %>
+This is what you use to check permissions. It takes a `group` param, a `permission` param, and an optional `object`
+param to evaluate in the block.
-  <%= f.submit %>
-<% end %>
-```
 License
 -------

data/guachiman.gemspec CHANGED

@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
   spec.version       = Guachiman::VERSION
   spec.authors       = ['Francesco Rodriguez', 'Gustavo Beathyate']
   spec.email         = ['lrodriguezsanc@gmail.com', 'gustavo.bt@me.com']
-  spec.summary       = 'Basic authorization library'
-  spec.description   = "#{spec.summary} based on Ryan Bates' Railscasts #385 and #386"
+  spec.summary       = 'Minimal authorization library'
+  spec.description   = "#{ spec.summary } inspired by Ryan Bates' Railscasts #385 and #386"
   spec.homepage      = 'https://github.com/goddamnhippie/guachiman'
   spec.license       = 'MIT'
@@ -17,10 +17,7 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test)/})
   spec.require_paths = ['lib']
-  spec.add_dependency 'railties',     '~> 4.0', '>= 4.0.0'
-  spec.add_dependency 'activerecord', '~> 4.0', '>= 4.0.0'
   spec.add_development_dependency 'rake',     '~> 10.3', '>= 10.3.0'
-  spec.add_development_dependency 'minitest', '~> 5.3',  '>= 5.3.3'
-  spec.add_development_dependency 'bundler',  '~> 1.6',  '>= 1.6.0'
+  spec.add_development_dependency 'minitest', '~>  5.3', '>=  5.3.3'
+  spec.add_development_dependency 'bundler',  '~>  1.6', '>=  1.6.0'
 end

data/lib/guachiman.rb CHANGED

@@ -1,9 +1,22 @@
 require 'guachiman/version'
-require 'guachiman/permissions'
-require 'guachiman/params'
-if defined? Rails
-  require 'guachiman/rails/railtie'
-  require 'guachiman/rails/permissible'
-  require 'active_record'
+module Guachiman
+  def rules
+    @rules ||= {}
+  end
+  def allow(group, permissions, &block)
+    permissions.each do |permission|
+      rules[group] ||= {}
+      rules[group][permission] = (block || true)
+    end
+  end
+  def allow?(group, permission, object = nil)
+    if rule = rules[group] && rules[group][permission]
+      rule == true || object && rule.call(object)
+    else
+      false
+    end
+  end
 end

data/lib/guachiman/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Guachiman
-  VERSION = '0.3.2'
+  VERSION = '1.0.1'
 end

data/test/guachiman_test.rb ADDED

@@ -0,0 +1,34 @@
+require 'bundler/setup'
+require 'minitest/autorun'
+require 'guachiman'
+class GuachimanTest < MiniTest::Test
+  def setup
+    @authorization = Class.new do
+      include Guachiman
+      def initialize
+        allow :group, [:permission1, :permission2]
+        allow :group, [:permission3, :permission4] do |object|
+          object == 1
+        end
+      end
+    end.new
+  end
+  def test_basic_rules
+    refute @authorization.allow?(:group, :permission0)
+    assert @authorization.allow?(:group, :permission1)
+    assert @authorization.allow?(:group, :permission2)
+  end
+  def test_block_rules
+    refute @authorization.allow?(:group, :permission3)
+    refute @authorization.allow?(:group, :permission4)
+    refute @authorization.allow?(:group, :permission3, 0)
+    refute @authorization.allow?(:group, :permission4, 0)
+    assert @authorization.allow?(:group, :permission3, 1)
+    assert @authorization.allow?(:group, :permission4, 1)
+  end
+end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: guachiman
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 1.0.1
 platform: ruby
 authors:
 - Francesco Rodriguez
@@ -9,48 +9,8 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-08 00:00:00.000000000 Z
+date: 2014-07-23 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: railties
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
-- !ruby/object:Gem::Dependency
-  name: activerecord
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '4.0'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -111,8 +71,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.6.0
-description: 'Basic authorization library based on Ryan Bates'' Railscasts #385 and
-  #386'
+description: 'Minimal authorization library inspired by Ryan Bates'' Railscasts #385
+  and #386'
 email:
 - lrodriguezsanc@gmail.com
 - gustavo.bt@me.com
@@ -126,16 +86,9 @@ files:
 - README.md
 - Rakefile
 - guachiman.gemspec
-- lib/generators/guachiman/install/install_generator.rb
-- lib/generators/guachiman/install/templates/permission.rb
 - lib/guachiman.rb
-- lib/guachiman/params.rb
-- lib/guachiman/permissions.rb
-- lib/guachiman/rails/permissible.rb
-- lib/guachiman/rails/railtie.rb
 - lib/guachiman/version.rb
-- test/generators/install_generator_test.rb
-- test/test_helper.rb
+- test/guachiman_test.rb
 homepage: https://github.com/goddamnhippie/guachiman
 licenses:
 - MIT
@@ -156,10 +109,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.4.1
 signing_key:
 specification_version: 4
-summary: Basic authorization library
+summary: Minimal authorization library
 test_files:
-- test/generators/install_generator_test.rb
-- test/test_helper.rb
+- test/guachiman_test.rb

data/lib/generators/guachiman/install/install_generator.rb DELETED

@@ -1,12 +0,0 @@
-module Guachiman
-  module Generators
-    class InstallGenerator < ::Rails::Generators::Base
-      desc 'Install guachiman'
-      source_root File.expand_path '../templates', __FILE__
-      def copy_permission_model
-        template 'permission.rb', 'app/models/permission.rb'
-      end
-    end
-  end
-end

data/lib/generators/guachiman/install/templates/permission.rb DELETED

@@ -1,32 +0,0 @@
-class Permission
-  include Guachiman::Permissions
-  include Guachiman::Params
-  attr_reader :current_user, :current_request
-  def initialize user, request
-    @current_user    = user
-    @current_request = request
-    if current_user.nil?
-      guest
-    elsif current_user.admin?
-      admin
-    else
-      member
-    end
-  end
-private
-  def guest
-  end
-  def member
-    guest
-  end
-  def admin
-    allow_all!
-  end
-end

data/lib/guachiman/params.rb DELETED

@@ -1,48 +0,0 @@
-module Guachiman
-  module Params
-    attr_reader :read_allowed_params, :write_allowed_params
-    [:read, :write].each do |action|
-      ivar = "@#{action}_allowed_params"
-      define_method "allow_#{action}_param" do |resources, attributes|
-        instance_variable_set(ivar, {}) unless instance_variable_get ivar
-        Array(resources).each do |resource|
-          instance_variable_get(ivar)[resource] ||= []
-          instance_variable_get(ivar)[resource] += Array(attributes)
-        end
-      end
-      define_method "allow_#{action}_param?" do |resource, attribute|
-        if instance_variable_get :@allow_all
-          true
-        elsif instance_variable_get(ivar) && instance_variable_get(ivar)[resource]
-          instance_variable_get(ivar)[resource].include? attribute
-        end
-      end
-    end
-    def allowed_params
-      read_allowed_params & write_allowed_params
-    end
-    def allow_param resources, attributes
-      allow_read_param  resources, attributes
-      allow_write_param resources, attributes
-    end
-    def allow_param? resource, attribute
-      allow_write_param?(resource, attribute) && allow_read_param?(resource, attribute)
-    end
-    def permit_params! params
-      if @allow_all
-        params.permit!
-      elsif write_allowed_params
-        write_allowed_params.each do |resource, attributes|
-          params[resource] = params[resource].permit(*attributes) if params[resource].respond_to? :permit
-        end
-      end
-    end
-  end
-end

data/lib/guachiman/permissions.rb DELETED

@@ -1,30 +0,0 @@
-module Guachiman
-  module Permissions
-    attr_reader :allowed_actions, :allow_all
-    def allow controllers, actions, &block
-      @allowed_actions ||= {}
-      Array(controllers).each do |controller|
-        Array(actions).each do |action|
-          allowed_actions[controller] ||= {}
-          allowed_actions[controller].merge! action => (block || true)
-        end
-      end
-    end
-    def allow? controller, action, resource=nil
-      allowed = allow_all || check_allowed_action(controller, action)
-      !!allowed && (allowed == true || resource && allowed.call(resource))
-    end
-    def allow_all!
-      @allow_all = true
-    end
-  private
-    def check_allowed_action controller, action
-      allowed_actions && allowed_actions[controller.to_sym] && allowed_actions[controller.to_sym][action.to_sym]
-    end
-  end
-end

data/lib/guachiman/rails/permissible.rb DELETED

@@ -1,49 +0,0 @@
-module Guachiman
-  module Permissible
-    extend ActiveSupport::Concern
-    included do
-      before_filter :authorize
-      helper_method :current_user
-      helper_method :current_permission
-      helper_method :current_resource
-    end
-    def current_user
-      raise 'This method must be implemented'
-    end
-    def current_permission
-      @current_permission ||= Permission.new current_user, request
-    end
-    def current_resource
-      nil
-    end
-    def authorize
-      if current_permission.allow? controller_name, action_name, current_resource
-        current_permission.permit_params! params
-      else
-        if request.get? && !request.xhr?
-          current_user ? not_authorized : not_signed_in
-        else
-          render_unauthorized
-        end
-      end
-    end
-    def not_authorized
-      redirect_to root_path, alert: t('flashes.not_authorized')
-    end
-    def not_signed_in
-      session[:next] = request.url
-      redirect_to sign_in_path, alert: t('flashes.please_sign_in')
-    end
-    def render_unauthorized
-      render text: "NO", status: :unauthorized
-    end
-  end
-end

data/lib/guachiman/rails/railtie.rb DELETED

@@ -1,8 +0,0 @@
-require 'rails'
-module Guachiman
-  module Rails
-    class Railtie < ::Rails::Railtie
-    end
-  end
-end

data/test/generators/install_generator_test.rb DELETED

@@ -1,30 +0,0 @@
-require 'test_helper'
-require 'rails/generators/test_case'
-require 'generators/guachiman/install/install_generator'
-class InstallGeneratorTest < Rails::Generators::TestCase
-  DESTINATION = File.expand_path File.join(File.dirname(__FILE__), '..', '..', 'tmp')
-  FileUtils.mkdir_p DESTINATION unless Dir.exist? DESTINATION
-  destination DESTINATION
-  tests Guachiman::Generators::InstallGenerator
-  setup :prepare_destination
-  def prepare_destination
-    FileUtils.rm_r    "#{DESTINATION}/app" if Dir.exists? "#{DESTINATION}/app"
-    FileUtils.mkdir_p "#{DESTINATION}/app"
-    FileUtils.mkdir_p "#{DESTINATION}/app/models"
-  end
-  test 'create permission' do
-    run_generator
-    assert_file 'app/models/permission.rb' do |f|
-      assert_match(/class Permission/, f)
-      assert_match(/include Guachiman::Permissions/, f)
-      assert_match(/include Guachiman::Params/, f)
-      assert_match(/initialize user, request/, f)
-    end
-  end
-end

data/test/test_helper.rb DELETED

@@ -1,4 +0,0 @@
-require 'bundler/setup'
-require 'minitest/autorun'
-require 'minitest/pride'
-require 'guachiman'