identity_toolbox 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: aa431f92f09944ba1dbcd6447b88bffefabf667e8de9a8edd8c66033e31efebb
+  data.tar.gz: 3d63c5240c824ddade56157d6fc1537a9defe5ed97a7a1a7f1f638d7560083af
+SHA512:
+  metadata.gz: 7d8ebea90398d0c57e49f2f94bfae2cbce2e3bead8298468d91c02739294af051936517f8d03c5bc9227475e52f8c4c6e0caa68649df668a3cd8aee2dc5d1a7b
+  data.tar.gz: 11240ffdc42e984d36a7e3a12ab897ec490578c9a366a46ff396c547cc15016fcda17a84d456f2638ee5f13da905081b1f0088b4f6da59d6035b6a728c28c6e9

data/.env.pipelines

@@ -0,0 +1,2 @@
+identity_service_url=http://wso2-apim-qa.guideinvestimentos.com.br/org_unit_user_identity/1.0.0
+identity_cache_url=redis://localhost:6379/0

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+.rubocop.yml
+.env

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.ruby-gemset

@@ -0,0 +1 @@
+identity_toolbox

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.5.1

data/.simplecov

@@ -0,0 +1,8 @@
+SimpleCov.minimum_coverage_by_file 95
+SimpleCov.minimum_coverage 95
+
+SimpleCov.start do
+  add_filter "/features/"
+  add_filter "/lib/identity_toolbox/spec_support/"
+  add_filter "/spec/"
+end

data/CHANGELOG.md

@@ -0,0 +1,10 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+## [0.1.0] - 2018-08-14
+### Fixed
+- First release

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in identity_toolbox.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,159 @@
+PATH
+  remote: .
+  specs:
+    identity_toolbox (0.1.0)
+      json_api_toolbox (~> 0.16)
+      pundit (~> 2.0)
+      request_store (~> 1.3)
+      rspec
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (5.2.1)
+      actionview (= 5.2.1)
+      activesupport (= 5.2.1)
+      rack (~> 2.0)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    actionview (5.2.1)
+      activesupport (= 5.2.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+    activemodel (5.2.1)
+      activesupport (= 5.2.1)
+    activerecord (5.2.1)
+      activemodel (= 5.2.1)
+      activesupport (= 5.2.1)
+      arel (>= 9.0)
+    activesupport (5.2.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    arel (9.0.0)
+    builder (3.2.3)
+    byebug (10.0.2)
+    coderay (1.1.2)
+    concurrent-ruby (1.0.5)
+    crack (0.4.3)
+      safe_yaml (~> 1.0.0)
+    crass (1.0.4)
+    diff-lcs (1.3)
+    docile (1.3.1)
+    domain_name (0.5.20180417)
+      unf (>= 0.0.5, < 1.0.0)
+    dotenv (2.5.0)
+    erubi (1.7.1)
+    hashdiff (0.3.7)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    i18n (1.1.0)
+      concurrent-ruby (~> 1.0)
+    json (2.1.0)
+    json-api-vanilla (1.0.1)
+    json_api_toolbox (0.16.2)
+      actionpack (>= 4.0.0)
+      activerecord (>= 4.0.0)
+      activesupport (>= 4.0.0)
+      json-api-vanilla (~> 1.0.1)
+      jsonapi-serializable (>= 0.3.0)
+      request_store (~> 1.3.2)
+      rest-client (>= 2.0.1)
+      rspec (>= 3.0.0)
+      will_paginate (>= 3.1.0)
+    jsonapi-renderer (0.2.0)
+    jsonapi-serializable (0.3.0)
+      jsonapi-renderer (~> 0.2.0)
+    loofah (2.2.2)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    method_source (0.9.0)
+    mime-types (3.2.2)
+      mime-types-data (~> 3.2015)
+    mime-types-data (3.2018.0812)
+    mini_portile2 (2.3.0)
+    minitest (5.11.3)
+    netrc (0.11.0)
+    nokogiri (1.8.4)
+      mini_portile2 (~> 2.3.0)
+    pry (0.11.3)
+      coderay (~> 1.1.0)
+      method_source (~> 0.9.0)
+    pry-byebug (3.6.0)
+      byebug (~> 10.0)
+      pry (~> 0.10)
+    public_suffix (3.0.3)
+    pundit (2.0.0)
+      activesupport (>= 3.0.0)
+    rack (2.0.5)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.0.4)
+      loofah (~> 2.2, >= 2.2.2)
+    rake (10.5.0)
+    request_store (1.3.2)
+    rest-client (2.0.2)
+      http-cookie (>= 1.0.2, < 2.0)
+      mime-types (>= 1.16, < 4.0)
+      netrc (~> 0.8)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    safe_yaml (1.0.4)
+    shoulda-matchers (3.1.2)
+      activesupport (>= 4.0.0)
+    simplecov (0.16.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    thread_safe (0.3.6)
+    tzinfo (1.2.5)
+      thread_safe (~> 0.1)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.5)
+    vcr (4.0.0)
+    webmock (3.4.2)
+      addressable (>= 2.3.6)
+      crack (>= 0.3.2)
+      hashdiff
+    will_paginate (3.1.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  actionpack (~> 5)
+  bundler (~> 1.16)
+  dotenv
+  identity_toolbox!
+  pry-byebug
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  shoulda-matchers (~> 3.1)
+  simplecov
+  vcr
+  webmock
+
+BUNDLED WITH
+   1.16.4

data/README.md

@@ -0,0 +1,220 @@
+# IdentityToolbox
+
+A IdentityToolBox é uma gem para realizar filtros nos dados de acordo com a permissão que o usuário possuí.
+
+
+## Instalação
+
+Adicione essa linha em seu gem file:
+
+```ruby
+gem 'identity_toolbox'
+```
+
+Execute:
+
+    $ bundle
+
+Ou instale você mesmo.
+
+    $ gem install identity_toolbox
+----
+## Configuração
+
+  Adicione no `config/initializers/` o file `identity_toolbox.rb` para configurar as variáveis de ambiente.
+
+```ruby
+IdentityToolbox.configure do |config|
+  config.identity_service_url = ENV['identity_service_url']
+  config.identity_cache_url = ENV['identity_cache_url']
+end
+```
+----
+## Como Usuar
+
+### Policies
+
+  Crie a policy na pasta `app/policies`, com o nome baseado no modelo.
+
+```ruby
+class ModelPolicy
+  include IdentityToolbox::DefaultPolicy
+end
+```
+
+#### Atributos de permissionamento
+
+  A gem possui os seguintes atributos que realizam a validação:
+
+  - account_id
+  - sinacor_advisor_id
+  - client_id
+  - identification_document
+
+  São atributos retornados do serviço de permissão do usuário.
+
+  Para adiciona-los basta incluir o metodo como o exemplo a seguir
+
+  Exemplo:
+
+```ruby
+class ModelPolicy
+  include IdentityToolbox::DefaultPolicy
+
+  account_id :sinacor_account_id
+  client_id :client_id
+end
+```
+
+#### Rotas fora dos padrões *REST*
+
+  A gem ja traz as rotas padrões como `create`, `update`, `index`, `delete`, `show`, com aplicação do filtro, não sendo necesário a criação desse métodos.
+
+  Se for necessário realizar os filtros em uma rota diferente do *REST* padrão, basta criar um alias por exemplo `alias cancel? allowed?` no caso para uma collection basta sobrescrever a class scope com o metodo resolve.
+
+  Exemplo
+```ruby
+class ModelPolicy
+  include IdentityToolbox::DefaultPolicy
+
+  account_id :sinacor_account
+
+  alias cancel? allowed?
+
+  class Scope
+    def resolve
+      scope.where(sinacor_account: account_ids)
+    end
+  end
+end
+```
+
+A Gem disponibiliza os seguintes metodos que retornas o valores permitidos do usuário
+
+  - account_ids
+  - sinacor_advisor_ids
+  - client_ids
+  - identification_documents
+
+Basta chama-los dentro da policy customizada que ela retornará os valores
+
+#### Testes Policies
+  Para realizar teste nas policies, basta adicionar o shared example na pasta `app/policies`.
+
+```ruby
+require 'rails_helper'
+
+RSpec.describe ModelPolicy::Scope do
+  it_behaves_like 'a default policy'
+  it_behaves_like 'a default policy scope'
+end
+```
+----
+### Controllers
+  Inclua em seu controller
+```ruby
+include IdentityToolbox::Authorizable
+```
+  Para realizar a autorização nos controllers apenas seguir o exemplo abaixo.
+
+   - **policy_scope**
+```ruby
+search = Model.ransack(params[:q])
+result = policy_scope(search.result)
+```
+  - **authorize**
+```ruby
+model = Model.find(params.require(:id))
+authorize(model)
+```
+
+Exemplo inclusão em uma rota collection.
+```ruby
+class ExampleController < ApplicationController
+  include IdentityToolbox::Authorizable
+
+  def index
+    search = Example.ransack(params[:q])
+    result = policy_scope(search.result)
+    render_object(result)
+  end
+end
+```
+
+#### Testes
+  Para realizar os testes em suas policies, basta adicionar os shareds examples nas rotas na qual foi adicionado o authorize.
+
+- **policy_scope**
+
+```ruby
+it_behaves_like 'an authorizable collection action' do
+  after { get :index }
+end
+```
+- **authorize**
+
+```ruby
+it_behaves_like 'an authorizable record action' do
+  after { get :show, params: { id: id } }
+end
+```
+
+Exemplo de um teste em uma collection.
+
+Adicione a tag `authorizable: true`
+
+```ruby
+ require 'rails_helper'
+
+RSpec.describe ExampleController, type: :controller, authorizable: true do
+ describe 'GET' do
+    describe '#index' do
+      it_behaves_like 'an authorizable collection action' do
+        after { get :index }
+      end
+    end
+  end
+end
+```
+----
+
+### Entities
+  Caso possua alguma rota que retorne um Entity, ao invés do ActiveRecord, basta seguir o mesmo padrão anterior para modelos.
+
+```ruby
+class EntityPolicy
+  include IdentityToolbox::DefaultPolicy
+
+  account_id :sinacor_account
+
+  alias index? allowed?
+
+  class Scope
+    def resolve
+      scope.select { |record| account_ids.include?(record.sinacor_account)
+    end
+  end
+end
+```
+----
+
+### Teste de Aceitação com Turnip
+  A gem já vem implementado o step para adicionar caso o serviço esteja utilizando o turnip.
+
+#### Configuração
+  No arquivo `turnip_helper` adicionar o seguinte include
+```ruby
+RSpec.configure do |config|
+  config.include IdentityToolbox::SpecSupport::AuthorizationSteps
+end
+```
+
+#### Feature
+  Para isso basta adicionar o step com o nome do controller no background da feature
+```ruby
+  And user is authorized on "Controller"
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "identity_toolbox"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/bitbucket-pipelines.yml

@@ -0,0 +1,22 @@
+image: ruby:2.5.1
+
+pipelines:
+  default:
+    - step:
+        script:
+          - git archive --remote=git@bitbucket.org:guideinvestimentos/rails_defaults.git HEAD .rubocop.yml | tar -x
+          - bundle install
+          - mv .env.pipelines .env
+          - gem install rubocop
+          - rspec -fdoc
+          - rubocop .
+
+  branches:
+    master:
+      - step:
+          script:
+            - mkdir -p ~/.gem
+            - gem build identity_toolbox.gemspec
+            - curl -u $RUBYGEMS_USERNAME:$RUBYGEMS_PASSWORD https://rubygems.org/api/v1/api_key.yaml > ~/.gem/credentials
+            - chmod 0600 ~/.gem/credentials
+            - gem push $(ls *.gem)

data/identity_toolbox.gemspec

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'identity_toolbox/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'identity_toolbox'
+  spec.version       = IdentityToolbox::VERSION
+  spec.authors       = ['Codeminer 42']
+  spec.email         = ['contato@codeminer42.com.br']
+  spec.summary       = 'Tools to provide user authorization and data scoping.'
+
+  spec.files = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'json_api_toolbox', '~> 0.16'
+  spec.add_dependency 'pundit', '~> 2.0'
+  spec.add_dependency 'request_store', '~> 1.3'
+  spec.add_dependency 'rspec'
+
+  spec.add_development_dependency 'actionpack', '~> 5'
+  spec.add_development_dependency 'bundler', '~> 1.16'
+  spec.add_development_dependency 'dotenv'
+  spec.add_development_dependency 'pry-byebug'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
+  spec.add_development_dependency 'shoulda-matchers', '~> 3.1'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'vcr'
+  spec.add_development_dependency 'webmock'
+end

data/lib/identity_toolbox.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+require 'dotenv/load'
+require 'pundit'
+require 'json_api_toolbox'
+require 'request_store'
+require 'identity_toolbox/configuration'
+require 'identity_toolbox/version'
+require 'identity_toolbox/identity_service'
+require 'identity_toolbox/policy_methods'
+require 'identity_toolbox/default_policy'
+require 'identity_toolbox/authorizable'
+require 'identity_toolbox/spec_support/authorization_steps' if defined?(Turnip)
+require 'identity_toolbox/spec_support/shared_examples_for_controllers'
+require 'identity_toolbox/spec_support/shared_examples_for_policies'
+require 'identity_toolbox/spec_support/shared_examples_for_policy_scopes'
+require 'identity_toolbox/spec_support/tags'
+
+module IdentityToolbox
+  class << self
+    def reset
+      @configuration = Configuration.new
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+  end
+end

data/lib/identity_toolbox/authorizable.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module Authorizable
+    def self.included(klass)
+      klass.class_eval do
+        include Pundit
+        rescue_from Pundit::NotAuthorizedError, with: :render_forbidden
+      end
+    end
+
+    def current_user
+      RequestStore.store[:token]
+    end
+
+    def render_forbidden(_exception)
+      render(errors)
+    end
+
+    private
+
+    def errors
+      { jsonapi_errors: { title: 'Forbidden',
+                          detail: 'Not allowed to perform this action.',
+                          status: 403,
+                          source: {} },
+        jsonapi_class:
+          { class:
+            { Hash: JsonApiToolbox::Serializables::SerializableException } },
+        status: :forbidden }
+    end
+  end
+end

data/lib/identity_toolbox/configuration.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  class Configuration
+    attr_accessor :identity_service_url, :identity_cache_url
+  end
+end

data/lib/identity_toolbox/default_policy.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module DefaultPolicy
+    include PolicyMethods
+
+    IDENTITY_ATTRIBUTES = %i[account_id client_id identification_document
+                             sinacor_advisor_id].freeze
+
+    # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    def self.policy_class(klass)
+      Class.new do
+        include PolicyMethods
+
+        attr_reader :scope
+
+        delegate :attributes, to: klass.name.to_sym
+
+        def initialize(_user, scope)
+          @scope = scope
+        end
+
+        def resolve
+          return scope if queries.blank?
+
+          queries.reduce(nil) do |new_scope, query|
+            if new_scope.nil?
+              scope.where(query)
+            else
+              new_scope.or(scope.where(query))
+            end
+          end
+        end
+
+        private
+
+        def queries
+          IDENTITY_ATTRIBUTES.map(&method(:to_query)).compact
+        end
+
+        def to_query(attribute)
+          return if attributes.nil? || attributes[attribute].nil?
+
+          { attributes[attribute] => send("#{attribute}s") }
+        end
+      end
+    end
+    # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
+
+    def self.included(klass)
+      klass.class_eval do
+        extend ClassMethods
+        klass.const_set('Scope', DefaultPolicy.policy_class(klass))
+      end
+    end
+
+    module ClassMethods
+      def attributes
+        @attributes ||= {}
+        @attributes
+      end
+
+      IDENTITY_ATTRIBUTES.each do |attribute|
+        define_method(attribute) do |value|
+          @attributes ||= {}
+          @attributes[attribute] = value
+        end
+      end
+    end
+
+    delegate :attributes, to: :class
+
+    attr_reader :record
+
+    def initialize(_user, record)
+      @record = record
+    end
+
+    def allowed?
+      IDENTITY_ATTRIBUTES.map(&method(:include_attribute?)).
+        compact.reduce(:|)
+    end
+
+    alias show? allowed?
+    alias create? allowed?
+    alias update? allowed?
+    alias destroy? allowed?
+
+    private
+
+    def include_attribute?(attribute)
+      return if attributes.nil? || attributes[attribute].nil?
+
+      send("#{attribute}s").include?(record.send(attributes[attribute]).to_s)
+    end
+  end
+end

data/lib/identity_toolbox/identity_service.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  class IdentityService < ::JsonApiToolbox::Service
+    def self.find_view_models
+      get(url: "#{config.identity_service_url}/users/accounts")
+    end
+
+    def self.config
+      @config ||= IdentityToolbox.configuration
+    end
+  end
+end

data/lib/identity_toolbox/policy_methods.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module PolicyMethods
+    def identification_documents
+      view_models.map(&:document).map(&:to_s).uniq
+    end
+
+    def client_ids
+      view_models.map(&:client_id).map(&:to_s).uniq
+    end
+
+    def account_ids
+      view_models.map(&:account_id).map(&:to_s).uniq
+    end
+
+    def sinacor_advisor_ids
+      view_models.map(&:sinacor_advisor_id).map(&:to_s).uniq
+    end
+
+    private
+
+    def view_models
+      @view_models ||= IdentityService.find_view_models
+    end
+  end
+end

data/lib/identity_toolbox/spec_support/authorization_steps.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module SpecSupport
+    module AuthorizationSteps
+      step 'user is authorized on :controller' do |controller|
+        allow_any_instance_of(controller.constantize).to receive(:authorize)
+        allow_any_instance_of(controller.constantize).
+          to receive(:policy_scope) do |_receiver, scope|
+          scope
+        end
+      end
+    end
+  end
+end

data/lib/identity_toolbox/spec_support/shared_examples_for_controllers.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module SpecSupport
+    module SharedExamplesForControllers
+      RSpec.shared_examples 'an authorizable record action' do
+        it { expect_any_instance_of(described_class).to receive(:authorize) }
+      end
+
+      RSpec.shared_examples 'an authorizable collection action' do
+        it do
+          expect_any_instance_of(described_class).
+            to receive(:policy_scope) do |scope|
+            scope
+          end
+        end
+      end
+    end
+  end
+end

data/lib/identity_toolbox/spec_support/shared_examples_for_policies.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module SpecSupport
+    module SharedExamplesForPolicies
+      RSpec.shared_context 'default policy records' do |attributes|
+        let(:model_name) do
+          described_class.name.match(/\A(.*)Policy\z/).captures.first
+        end
+        let(:model_sym) { model_name.underscore.to_sym }
+        let!(:matched_record) do
+          build(model_sym, { attributes[:account_id] => 1,
+                             attributes[:client_id] => 2,
+                             attributes[:identification_document] => '3',
+                             attributes[:sinacor_advisor_id] => '4' }.
+                             except(nil))
+        end
+        let!(:unmatched_record) do
+          build(model_sym, { attributes[:account_id] => 11,
+                             attributes[:client_id] => 22,
+                             attributes[:identification_document] => '33',
+                             attributes[:sinacor_advisor_id] => 44 }.
+                             except(nil))
+        end
+        let(:scope) { model_name.constantize.all }
+      end
+
+      RSpec.shared_examples 'a default policy for' do |attributes|
+        include_context 'default policy records', attributes
+
+        before do
+          allow(IdentityToolbox::IdentityService).
+            to receive(:find_view_models).and_return(view_models)
+        end
+
+        subject { described_class.new(nil, record).allowed? }
+
+        def self.join(attributes)
+          attributes.values.join(', ')
+        end
+
+        context "when #{join(attributes)} matches the view models" do
+          let(:view_models) do
+            [double(account_id: 1, client_id: 2,
+                    document: 3, sinacor_advisor_id: 4)]
+          end
+          let(:record) { matched_record }
+
+          it { is_expected.to be_truthy }
+        end
+
+        context "when #{join(attributes)} doesn't match the view models" do
+          let(:view_models) do
+            [double(account_id: 111, client_id: 222,
+                    document: 333, sinacor_advisor_id: 444)]
+          end
+          let(:record) { unmatched_record }
+
+          it { is_expected.to be_falsey }
+        end
+      end
+
+      RSpec.shared_examples 'a default policy' do
+        def self.combinations
+          (1..4).flat_map do |quantity|
+            described_class.attributes.keys.combination(quantity).to_a
+          end
+        end
+
+        def self.slice(combination)
+          described_class.attributes.slice(*combination)
+        end
+
+        describe '#allowed?' do
+          combinations.each do |combination|
+            include_examples 'a default policy for', slice(combination)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/identity_toolbox/spec_support/shared_examples_for_policy_scopes.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module SpecSupport
+    module SharedExamplesForPolicyScopes
+      RSpec.shared_context 'default policy scope records' do |attributes|
+        let(:model_name) do
+          described_class.parent.name.match(/\A(.*)Policy\z/).captures.first
+        end
+        let(:model_sym) { model_name.underscore.to_sym }
+        let!(:matched_record) do
+          create(model_sym, { attributes[:account_id] => 1,
+                              attributes[:client_id] => 2,
+                              attributes[:identification_document] => '3',
+                              attributes[:sinacor_advisor_id] => '4' }.
+                              except(nil))
+        end
+        let!(:unmatched_record) do
+          create(model_sym, { attributes[:account_id] => 11,
+                              attributes[:client_id] => 22,
+                              attributes[:identification_document] => '33',
+                              attributes[:sinacor_advisor_id] => 44 }.
+                              except(nil))
+        end
+        let(:scope) { model_name.constantize.all }
+      end
+
+      RSpec.shared_examples 'resolve method' do |attributes|
+        def self.join(attributes)
+          attributes.values.join(', ')
+        end
+
+        context "when #{join(attributes)} matches the view models" do
+          let(:view_models) do
+            [double(account_id: 1, client_id: 2,
+                    document: '3', sinacor_advisor_id: 4)]
+          end
+
+          it 'includes the matched record' do
+            is_expected.to contain_exactly(matched_record)
+          end
+
+          it 'does not include the unmatched record' do
+            is_expected.not_to include(unmatched_record)
+          end
+        end
+
+        context "when #{join(attributes)} doesn't match the view models" do
+          let(:view_models) do
+            [double(account_id: 111, client_id: 222,
+                    document: '333', sinacor_advisor_id: 444)]
+          end
+
+          it { is_expected.to be_empty }
+        end
+      end
+
+      RSpec.shared_examples 'a default policy scope' do
+        describe described_class::Scope do
+          shared_examples 'a default policy scope for' do |attributes|
+            include_context 'default policy scope records', attributes
+
+            before do
+              allow(IdentityToolbox::IdentityService).
+                to receive(:find_view_models).and_return(view_models)
+            end
+
+            subject { described_class.new(nil, scope).resolve }
+
+            include_examples 'resolve method', attributes
+          end
+
+          def self.combinations
+            (1..4).flat_map do |quantity|
+              described_class.parent.attributes.keys.combination(quantity).to_a
+            end
+          end
+
+          def self.slice(combination)
+            described_class.parent.attributes.slice(*combination)
+          end
+
+          describe '#resolve' do
+            combinations.each do |combination|
+              include_examples 'a default policy scope for', slice(combination)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/identity_toolbox/spec_support/tags.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  module SpecSupport
+    module Tags
+      RSpec.configure do |config|
+        config.before(authorizable: true) do
+          allow_any_instance_of(described_class).to receive(:authorize)
+          allow_any_instance_of(described_class).
+            to receive(:policy_scope) do |_receiver, scope|
+            scope
+          end
+        end
+      end
+    end
+  end
+end

data/lib/identity_toolbox/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module IdentityToolbox
+  VERSION = '0.1.0'
+end

metadata

@@ -0,0 +1,266 @@
+--- !ruby/object:Gem::Specification
+name: identity_toolbox
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Codeminer 42
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-10-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json_api_toolbox
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.16'
+- !ruby/object:Gem::Dependency
+  name: pundit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: request_store
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: shoulda-matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- contato@codeminer42.com.br
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".env.pipelines"
+- ".gitignore"
+- ".rspec"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".simplecov"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- bitbucket-pipelines.yml
+- identity_toolbox.gemspec
+- lib/identity_toolbox.rb
+- lib/identity_toolbox/authorizable.rb
+- lib/identity_toolbox/configuration.rb
+- lib/identity_toolbox/default_policy.rb
+- lib/identity_toolbox/identity_service.rb
+- lib/identity_toolbox/policy_methods.rb
+- lib/identity_toolbox/spec_support/authorization_steps.rb
+- lib/identity_toolbox/spec_support/shared_examples_for_controllers.rb
+- lib/identity_toolbox/spec_support/shared_examples_for_policies.rb
+- lib/identity_toolbox/spec_support/shared_examples_for_policy_scopes.rb
+- lib/identity_toolbox/spec_support/tags.rb
+- lib/identity_toolbox/version.rb
+homepage: 
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Tools to provide user authorization and data scoping.
+test_files: []