heimdallr-resource 1.0.0.RC1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in heimdallr-resource.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,19 @@
+    Copyright (C) 2012  Peter Zotov <whitequark@whitequark.org>
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of
+    this software and associated documentation files (the "Software"), to deal in
+    the Software without restriction, including without limitation the rights to
+    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+    of the Software, and to permit persons to whom the Software is furnished to do
+    so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.

data/README.md

@@ -0,0 +1,69 @@
+Heimdallr Resource
+==================
+
+Heimdallr Resource is a gem which provides CanCan-like interface for writing secure
+controllers on top of [Heimdallr](http://github.com/roundlake/heimdallr)-protected
+models.
+
+``` ruby
+class CricketController < ApplicationController
+  include Heimdallr::Resource
+
+  load_and_authorize_resource
+
+  # or set the name explicitly:
+  #
+  # load_and_authorize_resource :resource => :cricket
+
+  # if nested:
+  #
+  # routes.rb:
+  #   resources :categories do
+  #     resources :crickets
+  #   end
+  #
+  # load_and_authorize_resource :through => :category
+
+  def index
+    # @crickets is loaded and secured here
+  end
+end
+```
+
+Overview
+--------
+
+API of Heimdallr Resource basically consists of two methods, `load_resource` and `authorize_resource`.
+Both work by adding a filter in standard Rails filter chain and obey the `:only` and `:except` options.
+
+`load_resource` loads a record or scope and wraps it in a Heimadllr proxy. For `index` action, a scope is
+loaded. For `show`, `new`, `create`, `edit`, `update` and `destroy` a record is loaded. No further action
+is performed by Heimdallr Resource.
+
+`authorize_resource` verifies if the current security context allows for creating or updating the records.
+The checks are performed for `new`, `create`, `edit` and `update` actions.
+
+License
+-------
+
+    Copyright (C) 2012  Peter Zotov <whitequark@whitequark.org>
+  
+    Funded by Round Lake.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy of
+    this software and associated documentation files (the "Software"), to deal in
+    the Software without restriction, including without limitation the rights to
+    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+    of the Software, and to permit persons to whom the Software is furnished to do
+    so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/heimdallr-resource.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "heimdallr-resource"
+  s.version     = "1.0.0.RC1"
+  s.authors     = ["Peter Zotov", "Boris Staal"]
+  s.email       = ["whitequark@whitequark.org", "boris@roundlake.ru"]
+  s.homepage    = "http://github.com/roundlake/heimdallr-resource"
+  s.summary     = %q{Heimdallr-Resource provides CanCan-like interface for Heimdallr-secured objects.}
+  s.description = s.summary
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies here; for example:
+  s.add_development_dependency "rspec"
+  s.add_runtime_dependency "heimdallr"
+end

data/lib/heimdallr/resource.rb

@@ -0,0 +1,102 @@
+module Heimdallr
+  # {AccessDenied} exception is to be raised when access is denied to an action.
+  class AccessDenied < StandardError; end
+
+  module ResourceImplementation
+    class << self
+      def prepare_options(klass, resource, options)
+        options.merge! :resource => (resource || klass.name.to_s.underscore)
+
+        filter_options = {}
+        filter_options[:only]   = options.delete(:only)   if options.has_key?(:only)
+        filter_options[:except] = options.delete(:except) if options.has_key?(:except)
+
+        [ options, filter_options ]
+      end
+
+      def load(controller, options)
+        unless controller.instance_variable_defined?(ivar_name(controller, options))
+          if options.has_key? :through
+            if options[:singleton]
+              scope = controller.instance_variable_get(:"@#{options[:through]}").
+                          send(:"#{options[:resource]}")
+            else
+              scope = controller.instance_variable_get(:"@#{options[:through]}").
+                          send(:"#{options[:resource].pluralize}")
+            end
+          else
+            scope = options[:resource].constantize.scoped
+          end
+
+          case controller.params[:action]
+          when 'index'
+            controller.instance_variable_set(ivar_name(controller, options), scope)
+          when 'new', 'create'
+            controller.instance_variable_set(ivar_name(controller, options,
+                scope.new(controller.params[options[:resource]])))
+          when 'show', 'edit', 'update', 'destroy'
+            controller.instance_variable_set(ivar_name(controller, options,
+                scope.find(controller.params[:"#{options[:resource]}_id"] ||
+                           controller.params[:id])))
+          end
+        end
+      end
+
+      def authorize(controller, options)
+        controller.instance_variable_set(ivar_name(controller, options.merge(:insecure => true)),
+            controller.instance_variable_get(ivar_name(controller, options)))
+
+        value = controller.instance_variable_get(ivar_name(controller, options)).
+              restrict(controller.security_context)
+        controller.instance_variable_set(ivar_name(controller, options), value)
+
+        case controller.params[:action]
+        when 'new', 'create'
+          unless value.reflect_on_security[:operations].include? :create
+            raise Heimdallr::AccessDenied, "Cannot create model"
+          end
+        when 'edit', 'update'
+          unless value.reflect_on_security[:operations].include? :update
+            raise Heimdallr::AccessDenied, "Cannot update model"
+          end
+        end
+      end
+
+      def ivar_name(controller, options)
+        if controller.params[:action] == 'index'
+          :"@#{options[:resource].pluralize}"
+        else
+          :"@#{options[:resource]}"
+        end
+      end
+    end
+  end
+
+  # {Resource} is a mixin providing CanCan-like interface for Rails controllers.
+  module Resource
+    extend ActiveSupport::Concern
+
+    module ClassMethods
+      def load_and_authorize_resource(resource, options={})
+        load_resource(resource, options)
+        authorize_resource(resource, options)
+      end
+
+      def load_resource(resource=nil, options={})
+        options, filter_options = Heimdallr::ResourceImplementation.prepare_options(self, resource, options)
+
+        before_filter filter_options do |controller|
+          Heimdallr::ResourceImplementation.load(controller, options)
+        end
+      end
+
+      def authorize_resource(resource=nil, options={})
+        options, filter_options = Heimdallr::ResourceImplementation.prepare_options(self, resource, options)
+
+        before_filter filter_options do |controller|
+          Heimdallr::ResourceImplementation.authorize(controller, options)
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper.rb"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+end

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: heimdallr-resource
+version: !ruby/object:Gem::Version
+  version: 1.0.0.RC1
+  prerelease: 6
+platform: ruby
+authors:
+- Peter Zotov
+- Boris Staal
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-04-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70147248384600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70147248384600
+- !ruby/object:Gem::Dependency
+  name: heimdallr
+  requirement: &70147248383900 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *70147248383900
+description: Heimdallr-Resource provides CanCan-like interface for Heimdallr-secured
+  objects.
+email:
+- whitequark@whitequark.org
+- boris@roundlake.ru
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- heimdallr-resource.gemspec
+- lib/heimdallr/resource.rb
+- spec/spec_helper.rb
+homepage: http://github.com/roundlake/heimdallr-resource
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: Heimdallr-Resource provides CanCan-like interface for Heimdallr-secured objects.
+test_files:
+- spec/spec_helper.rb