ingress 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 06ab79a2f02f52156f88da841da4a010386ad71f
+  data.tar.gz: 47c37172ee0415e0046c3998aae2f4cbdcc4828f
+SHA512:
+  metadata.gz: 8286f4993ee6bfd2aeb60434c781bb271c7b56988ef4010171de7ae1b2b007240ece07b6ccaf068ffaf788099a03743bc4735b12dd30128e8096b3424b1d7d67
+  data.tar.gz: b7875313e10cbe3a91a7593c0d942a0bb16dd44158c827659eabf4120d147eefcb3534f44b212c759431fb481028ae252976abd543d1b14d454b09da7bc2da91

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.ruby-version

@@ -0,0 +1 @@
+2.3.1

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.2.3
+before_install: gem install bundler -v 1.10.6

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in ingress.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Alan Skorkin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,298 @@
+# Ingress
+
+A simple role based authorization framework inspired by CanCan (similar syntax) with a nicer interface for defining the permissions for the roles in your system.
+
+The biggest problem I had with CanCan was the fact that it mostly forced you define the permissions for all the roles in one class (really one method). And when the set of permissions in your system grew very large, you had to bend over backwards to allow you to break things down.
+
+In the OO world we're used to being able to break down functionality into multiple smaller classes which we can them compose into a greater whole. This is the main idea behind this gem, keep the nice syntax that CanCan had, but allow composing the main permission object in your system from many smaller classes.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ingress'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install ingress
+
+## Usage
+
+Let's say you have a user object in your system and the user can have multiple roles. Our set of roles will be `guest`, `member`, `admin`.
+
+First we create the main permission object in our system, let's call it `UserPermissions`:
+
+```ruby
+class UserPermissions < Ingress::Permissions
+  def user_role_identifiers
+    user.roles.map do |role|
+      role.name.to_sym
+    end
+  end
+end
+```
+
+A couple of things of note is that it inherits from `Ingress::Permissions`, from which it inherits the initializer:
+
+```ruby
+attr_reader :user
+
+def initialize(user)
+  @user = user
+end
+```
+
+So this object is always instantiated with a user. The second thing to note is that we have to provide a method called
+`user_role_identifiers` which needs to return a list of role identifier that this particular user has. Above we make the
+assumptions that a user has many roles and that a role has a name. So we iterate over the roles collect the symbolized names
+and return them. This is essentially what ties everything together. We haven't defined any permissions just yet, but we
+can already do the following:
+
+```ruby
+user_permissions = UserPermissions.new(user)
+user_permissions.can?(:do, :stuff) # returns false
+```
+
+So now we have an object that we can instantiate anywhere, and ask it if our user has a particular permission.
+Let us now define some permissions for a role. We'll start with the guest role. First, let's update our `UserPermissions`
+object:
+
+```ruby
+class UserPermissions < Ingress::Permissions
+  define_role_permissions :guest, GuestPermissions
+
+  def user_role_identifiers
+    user.roles.map do |role|
+      role.name.to_sym
+    end
+  end
+end
+```
+
+We've now said that the permission for the role with the `guest` identifier live in the `GuestPermissions` class. Let's create
+it:
+
+```ruby
+class GuestPermissions < Ingress::Permissions
+  define_role_permissions do
+    can :view, :non_sensitive_info
+    can [:create], :session
+  end
+end
+```
+
+It's pretty self explanatory, the class again inherits from `Ingress::Permissions` as that's where the simple DSL for defining
+permissions lives. The thing to note is that we called the class `GuestPermissions`, but it could be called anything, the permissions
+we define here are not attached to any role. They only get attached to the role via the `define_role_permissions :guest, GuestPermissions`
+line in the `UserPermissions` class. The syntax for defining permissions is:
+
+```
+can 'action', 'subject'
+or
+cannot 'action', 'subject'
+```
+
+Similar to CanCan, the `action` can be any string, symbol or array of strings or symbols. The `subject` can also be a string or symbol, or
+it can be a class constant. Let's define permissions for the next role in our system, `member` which is more complex. Firstly, update our `UserPermissions`.
+
+```ruby
+class UserPermissions < Ingress::Permissions
+  define_role_permissions :guest, GuestPermissions
+  define_role_permissions :member, MemberPermissions
+
+  def user_role_identifiers
+    user.roles.map do |role|
+      role.name.to_sym
+    end
+  end
+end
+```
+
+Simple, next `MemberPermissions` class:
+
+```ruby
+class MemberPermissions < Ingress::Permissions
+  define_role_permissions do
+    can [:show, :update, :destroy], :session
+    can :accept, :terms
+    can [:view, :create], Post
+    can [:update, :destroy], Post, if: ->(user, post) do
+      user.id == post.user_id
+    end
+  end
+end
+```
+
+It's a little bit more complex, but still fairly self explanatory. As you can see, we have a `Post` object in our system. So we allow
+user with a `member` role to view and create posts, and they can update and destroy posts that they own. So we could do:
+
+```ruby
+user_permissions = UserPermissions.new(user)
+user_permissions.can?(:create, Post) # returns true
+post = user.posts.first # assume we can get the list of posts form the user object
+user_permissions.can?(:update, post) # returns true
+```
+
+The condition lambda always takes two parameters, the `user` and an `object`, the object is whatever we supply to the `can?` method,
+when we check permissions.
+
+Let's add our admin role:
+
+```ruby
+class UserPermissions < Ingress::Permissions
+  define_role_permissions :guest, GuestPermissions
+  define_role_permissions :member, MemberPermissions
+  define_role_permissions :admin, AdminPermissions
+
+  def user_role_identifiers
+    user.roles.map do |role|
+      role.name.to_sym
+    end
+  end
+end
+```
+
+And the class:
+
+```ruby
+class AdminPermissions < Ingress::Permissions
+  define_role_permissions do
+    can "*", "*" # you can also use can_do_anything
+  end
+end
+```
+
+As you can see both `action` and `subject` can be wildcards, so in this case an admin would be able to do anything in the system, i.e.
+any call to `can?` will always return `true`.
+
+So what else can we do? Well let's say we wanted another role called `limited_admin` which would be similar to admin, but can't destroy
+comments:
+
+```ruby
+class UserPermissions < Ingress::Permissions
+  define_role_permissions :guest, GuestPermissions
+  define_role_permissions :member, MemberPermissions
+  define_role_permissions :admin, AdminPermissions
+  define_role_permissions :limited_admin, LimitedAdminPermissions
+
+  def user_role_identifiers
+    user.roles.map do |role|
+      role.name.to_sym
+    end
+  end
+end
+```
+
+And the class:
+
+```ruby
+class LimitedAdminPermissions < Ingress::Permissions
+  inherits AdminPermissions
+
+  define_role_permissions do
+    cannot :destroy, Comment
+  end
+end
+```
+
+So basically, we can inherit permissions that are defined in other classes, and either switch off some or add others. Let's create
+some sort of `super_member` role, which can do everything a member can do, but can also update anything in the system:
+
+```ruby
+class UserPermissions < Ingress::Permissions
+  define_role_permissions :guest, GuestPermissions
+  define_role_permissions :member, MemberPermissions
+  define_role_permissions :admin, AdminPermissions
+  define_role_permissions :limited_admin, LimitedAdminPermissions
+  define_role_permissions :super_member, SuperMemberPermissions
+
+  def user_role_identifiers
+    user.roles.map do |role|
+      role.name.to_sym
+    end
+  end
+end
+```
+
+And the class:
+
+```ruby
+class SuperMemberPermissions < Ingress::Permissions
+  inherits MemberPermissions
+
+  define_role_permissions do
+    can :update, "*"
+  end
+end
+```
+
+We can inherit permissions, and we use a wildcard subject, to allow a user with the `super_member` role to be able to update anything. We
+can even define a common set of permissions which we want multiple roles to share and have the permission class for each of those roles
+inherit from the common set. Let's say we want a `financial_officer` role and a `reporting_officer` role both of which should have the ability to do anything with a `Transaction` object in our system (for whatever reason):
+
+```ruby
+class UserPermissions < Ingress::Permissions
+  define_role_permissions :guest, GuestPermissions
+  define_role_permissions :member, MemberPermissions
+  define_role_permissions :admin, AdminPermissions
+  define_role_permissions :limited_admin, LimitedAdminPermissions
+  define_role_permissions :super_member, SuperMemberPermissions
+  define_role_permissions :financial_officer, FinancialOfficerPermissions
+  define_role_permissions :reporting_officer, ReportingOfficerPermissions
+
+  def user_role_identifiers
+    user.roles.map do |role|
+      role.name.to_sym
+    end
+  end
+end
+```
+
+And the classes:
+
+```ruby
+class CommonPermissions < Ingress::Permissions
+  define_role_permissions do
+    can "*", Transaction
+  end
+end
+
+class FinancialOfficerPermissions < Ingress::Permissions
+  inherits CommonPermissions
+end
+
+class ReportingOfficerPermissions < Ingress::Permissions
+  inherits CommonPermissions
+end
+```
+
+Now we wildcard the action, so we can do anything to `Transaction` objects. And we have to other sets of permission inherit from
+the `CommonPermissions` class.
+
+I hope it's relatively clear that it's pretty flexible, you can almost endlessly decompose the permission definitions into smaller classes
+then combine via `inherits` and assign the final permission set to a role identifier via `define_role_permissions` on the main
+`UserPermissions` class.
+
+So now the authorization in your system can be defined in a much more OO way, without nasty and complex tricks. And you can still enjoy a nice syntax very similar to CanCan.
+
+This framework has no hooks into Rails (these would be trivial to write if necessary, e.g. you can instantiate the `user_permissions` object on your `ApplicationController` and then do the `can?` checks anywhere you want) and can therefore be used with any web framework, or even outside of the context of a web framework (if such a use case makes sense).
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/ingress.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "ingress"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/ingress.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ingress/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "ingress"
+  spec.version       = Ingress::VERSION
+  spec.authors       = ["Alan Skorkin"]
+  spec.email         = ["alan@skorks.com"]
+
+  spec.summary       = %q{Simple role based authorization for Ruby applications}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^script/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+end

data/lib/ingress/build_permissions_repository_for_role.rb

@@ -0,0 +1,15 @@
+require "ingress/permissions_dsl"
+
+module Ingress
+  module Services
+    class BuildPermissionsRepositoryForRole
+      class << self
+        def perform(role_identifier, &block)
+          permissions_dsl = PermissionsDsl.new(role_identifier)
+          permissions_dsl.instance_eval(&block)
+          permissions_dsl.permission_repository
+        end
+      end
+    end
+  end
+end

data/lib/ingress/copy_permissions_repository_into_role.rb

@@ -0,0 +1,15 @@
+require "ingress/permissions_repository"
+
+module Ingress
+  module Services
+    class CopyPermissionsRepositoryIntoRole
+      class << self
+        def perform(role_identifier, template_permission_repository)
+          permission_repository = PermissionsRepository.new
+          permission_repository.copy_to_role(role_identifier, template_permission_repository)
+          permission_repository
+        end
+      end
+    end
+  end
+end

data/lib/ingress/permission_rule.rb

@@ -0,0 +1,57 @@
+module Ingress
+  class PermissionRule
+    attr_reader :action, :subject, :conditions
+
+    def initialize(allows:, action:, subject:, conditions: nil)
+      @allows = allows
+      @action = action
+      @subject = subject
+      @conditions = [conditions].compact.flatten
+    end
+
+    def allows?
+      @allows
+    end
+
+    def match?(given_action, given_subject, user)
+      return false unless action_matches?(given_action)
+      return false unless subject_matches?(given_subject)
+
+      conditions_match?(user, given_subject)
+    end
+
+    private
+
+    def action_matches?(given_action)
+      given_action == action ||
+        given_action == "*" ||
+        "*" == action
+    end
+
+    def subject_matches?(given_subject)
+      given_subject == subject ||
+        given_subject.class == subject ||
+        given_subject == "*" ||
+        "*" == subject
+    end
+
+    def conditions_match?(user, given_subject)
+      conditions.all? do |condition|
+        condition.call(user, given_subject)
+      end
+    rescue => e
+      log_error(e)
+      false
+    end
+
+    def log_error(error)
+      if defined?(Rails)
+        Rails.logger.error error.message
+        Rails.logger.error error.backtrace.join("\n")
+      else
+        $stderr.puts error.message
+        $stderr.puts error.backtrace.join("\n")
+      end
+    end
+  end
+end

data/lib/ingress/permissions.rb

@@ -0,0 +1,64 @@
+require "ingress/permissions_repository"
+require "ingress/copy_permissions_repository_into_role"
+require "ingress/build_permissions_repository_for_role"
+
+module Ingress
+  class Permissions
+    class << self
+      def permissions_repository
+        @permissions_repository ||= PermissionsRepository.new
+      end
+
+      def inherits(permissions_class)
+        role_identifier = :dummy
+
+        if permissions_class
+          @permissions_repository = permissions_repository.merge(
+            Services::CopyPermissionsRepositoryIntoRole.perform(role_identifier, permissions_class.permissions_repository),
+          )
+        end
+      end
+
+      def define_role_permissions(role_identifier = nil, permissions_class = nil, &block)
+        if role_identifier.nil?
+          role_identifier = :dummy
+        end
+
+        if permissions_class
+          @permissions_repository = permissions_repository.merge(
+            Services::CopyPermissionsRepositoryIntoRole.perform(role_identifier, permissions_class.permissions_repository),
+          )
+        end
+
+        if block_given?
+          @permissions_repository = permissions_repository.merge(Services::BuildPermissionsRepositoryForRole.perform(role_identifier, &block))
+        end
+      end
+    end
+
+    attr_reader :user
+
+    def initialize(user)
+      @user = user
+    end
+
+    def can?(action, subject)
+      find_matching_rules(action, subject).any? do |rule|
+        rule.match?(action, subject, user)
+      end
+    end
+
+    def user_role_identifiers
+      []
+    end
+
+    private
+
+    def find_matching_rules(action, subject)
+      user_role_identifiers.reduce([]) do |rules, role_identifier|
+        rules += self.class.permissions_repository.rules_for(role_identifier, action, subject)
+        rules
+      end
+    end
+  end
+end

data/lib/ingress/permissions_dsl.rb

@@ -0,0 +1,49 @@
+require "ingress/permissions_repository"
+
+module Ingress
+  class PermissionsDsl
+    attr_reader :role_identifier, :permission_repository
+
+    def initialize(role_identifier)
+      @role_identifier = role_identifier
+      @permission_repository = PermissionsRepository.new
+    end
+
+    def can_do_anything
+      permission_repository.add_permission(role_identifier, true, "*", "*")
+    end
+
+    def can(actions, subjects, options = {}, &block)
+      for_each_action_and_subject(actions, subjects) do |action, subject|
+        condition = condition_from_options(options, block)
+        permission_repository.add_permission(role_identifier, true, action, subject, condition)
+      end
+    end
+
+    def cannot(actions, subjects, options = {}, &block)
+      for_each_action_and_subject(actions, subjects) do |action, subject|
+        condition = condition_from_options(options, block)
+        permission_repository.add_permission(role_identifier, false, action, subject, condition)
+      end
+    end
+
+    private
+
+    def for_each_action_and_subject(actions, subjects)
+      return unless block_given?
+      actions = [actions].flatten
+      subjects = [subjects].flatten
+
+      actions.each do |action|
+        subjects.each do |subject|
+          yield(action, subject)
+        end
+      end
+    end
+
+    def condition_from_options(options, block)
+      if_condition = options[:if] || block
+      if_condition.respond_to?(:call) ? if_condition : nil
+    end
+  end
+end

data/lib/ingress/permissions_repository.rb

@@ -0,0 +1,97 @@
+require "ingress/permission_rule"
+
+module Ingress
+  class PermissionsRepository
+    attr_reader :role_rules
+
+    def initialize
+      @role_rules = Hashes.role_rules
+      @role_subject_action_rule = Hashes.role_subject_action_rule
+    end
+
+    def add_permission(role_identifier, allow, action, subject, conditions = nil)
+      rule = PermissionRule.new(allows: allow, action: action, subject: subject, conditions: conditions)
+      add_rule(role_identifier, rule)
+    end
+
+    def rules_for(role_identifier, action, subject)
+      rules = []
+
+      rules += find_rules(role_identifier, action, subject)
+      rules += find_rules(role_identifier, "*", "*")
+      rules += find_rules(role_identifier, action, "*")
+      rules += find_rules(role_identifier, "*", subject)
+      rules = apply_negative_rules(rules)
+
+      rules
+    end
+
+    def merge(permission_repository)
+      permission_repository.role_rules.each_pair do |role_identifier, rules|
+        rules.each do |rule|
+          add_rule(role_identifier, rule)
+        end
+      end
+      self
+    end
+
+    def copy_to_role(role_identifier, permission_repository)
+      permission_repository.role_rules.each_pair do |_, rules|
+        rules.each do |rule|
+          add_rule(role_identifier, rule)
+        end
+      end
+      self
+    end
+
+    private
+
+    def apply_negative_rules(rules)
+      # remove rules that cancel each other out since we're within the
+      # context of 1 role, i.e. if any rule is a negation it will
+      # cancel all other ones
+      if rules.any? { |rule| !rule.allows? }
+        []
+      else
+        rules
+      end
+    end
+
+    def find_rules(role_identifier, action, subject)
+      rules = []
+      rules += @role_subject_action_rule[role_identifier][subject][action]
+      unless subject == "*"
+        rules += @role_subject_action_rule[role_identifier][subject.class][action]
+      end
+
+      rules
+    end
+
+    def add_rule(role_identifier, rule)
+      @role_rules[role_identifier] << rule
+      @role_subject_action_rule[role_identifier][rule.subject][rule.action] << rule
+    end
+
+    # creates hashes with the default values required in
+    # PermissionsRepository's constructor
+    module Hashes
+      module_function
+
+      # Three level deep hash returning an array
+      def role_subject_action_rule
+        Hash.new do |hash1, key1|
+          hash1[key1] = Hash.new do |hash2, key2|
+            hash2[key2] = Hash.new do |hash3, key3|
+              hash3[key3] = []
+            end
+          end
+        end
+      end
+
+      # One level deep hash returning an array
+      def role_rules
+        Hash.new { |hash, key| hash[key] = [] }
+      end
+    end
+  end
+end

data/lib/ingress/version.rb

@@ -0,0 +1,3 @@
+module Ingress
+  VERSION = "0.1.0"
+end

data/lib/ingress.rb

@@ -0,0 +1,2 @@
+require "ingress/version"
+require "ingress/permissions"

data/script/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "ingress"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/script/setup

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+
+bundle install
+
+# Do any other automated setup that you need to do here

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: ingress
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Alan Skorkin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-04-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- alan@skorks.com
+executables:
+- console
+- setup
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- ingress.gemspec
+- lib/ingress.rb
+- lib/ingress/build_permissions_repository_for_role.rb
+- lib/ingress/copy_permissions_repository_into_role.rb
+- lib/ingress/permission_rule.rb
+- lib/ingress/permissions.rb
+- lib/ingress/permissions_dsl.rb
+- lib/ingress/permissions_repository.rb
+- lib/ingress/version.rb
+- script/console
+- script/setup
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Simple role based authorization for Ruby applications
+test_files: []