RubyGems - ingress - Versions diffs - 0.4.0 → 0.5.0 - Mend

ingress 0.4.0 → 0.5.0

Files changed (9) hide show

checksums.yaml +4 -4
data/.gitignore +1 -0
data/.ruby-version +1 -1
data/README.md +60 -0
data/ingress.gemspec +2 -2
data/lib/ingress/permission_rule.rb +1 -10
data/lib/ingress/permissions_dsl.rb +40 -7
data/lib/ingress/version.rb +1 -1
metadata +9 -9

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edbb4efc674725b3fcb18ed2651773ecab7af973940f185cb93a94251858a4da
-  data.tar.gz: aadc4a71a1946a19227b1b1a09d37372d056d19020c721a55a1c6cb63a251d20
+  metadata.gz: 3e36e293b713b0e3f9d61c612149d5436dae4ffaa64182965d1287712fcb4608
+  data.tar.gz: 2f04d772ae27844e77ed9d84e9a9213e9a112e58b4cf6636a627c2a04f9b9349
 SHA512:
-  metadata.gz: a63048555be635ef620c670e5f3fe39db3bc56bce272734141e391834b82cf42f3f8bce5e4ab9f7f752cc71b9b76e50307aa2d163bec8c901f5be9ad2fcacbdb
-  data.tar.gz: 555623681279ba944737bbbb77e2b7b5fd65b365dcd840b83581fdb04527839203669977b1d602fe94e720f91fb7e0ab120c889883109a1a89a65490ac357410
+  metadata.gz: 610c7363ed6ce0ec1b0b6a5f7c134631582ca76e269dcf97109d11964cf7e6f919bfff03948bef55b4d11a667d85b1df9b54811c65a80a7359cd2a836cae624e
+  data.tar.gz: 30234c3a466e62ecc4d50b76d38528add8195faf5a1bf722912d86bc34ab5efe2ad17f5af4a7c9ff303bf658ed7ec12bfd0ba67fb32c00ac76bbba89fae948f2

data/.gitignore CHANGED Viewed

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+tags

data/.ruby-version CHANGED Viewed

	@@ -1 +1 @@
1	- 2.6.3
1	+ 2.7.2

data/README.md CHANGED Viewed

@@ -283,6 +283,66 @@ So now the authorization in your system can be defined in a much more OO way, wi
 This framework has no hooks into Rails (these would be trivial to write if necessary, e.g. you can instantiate the `user_permissions` object on your `ApplicationController` and then do the `can?` checks anywhere you want) and can therefore be used with any web framework, or even outside of the context of a web framework (if such a use case makes sense).
+### Conditional Lambda
+Ingress by default does not know about the subject that is given in the conditional lambda. The given subject can be a Class or an Object and it depends on the user to define the correct lambda to handle the given subject.
+For example, given the following `UserPermissions`:
+```
+class UserPermissions < Ingress::Permissions
+  define_role_permissions do
+    can :read, Post, if: ->(user, given_subject) do
+      case [user, given_subject]
+      in [_, Post]
+        user.id == given_subject.user_id
+      in [_, Class]
+        true
+      else
+        false
+    end
+  end
+end
+```
+This is the result of the defined permissions:
+```
+user_permissions = UserPermissions.new(user)
+user_permissions.can?(:read, Post) # returns true
+post = user.posts.first # assume we can get the list of posts form the user object
+user_permissions.can?(:read, post) # returns true
+```
+Ingress provides 2 convenient interfaces to apply conditional lambda on a Class or an Instance:
+* if_subject_is_an_instance
+* if_subject_is_a_class
+These conditional lambdas always take 3 parameters: the `user`, the `subject` (this is either a Class or an Instance), and the `options` (this is additional attributes that may be needed to do the check).
+They can be chained together like following:
+```
+class UserPermissions < Ingress::Permissions
+  define_role_permissions do
+    can :read, Post,
+      if: ->(user, _post) { !user.id.nil? },
+      if_subject_is_an_instance: ->(user, post, _options) { user.id == post.user_id },
+      if_subject_is_a_class: ->(_user, klass, _options) { klass == Post }
+  end
+end
+```
+This is the result of the defined permissions:
+```
+user_permissions = UserPermissions.new(user)
+user_permissions.can?(:read, Post) # returns true
+post = user.posts.first # assume we can get the list of posts form the user object
+user_permissions.can?(:read, post) # returns true
+```
 ## Development
 After checking out the repo, run `script/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `script/console` for an interactive prompt that will allow you to experiment.

data/ingress.gemspec CHANGED Viewed

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
-  spec.add_development_dependency "bundler", ">= 1.10", "< 3"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", ">= 2.2", "< 3"
+  spec.add_development_dependency "rake", ">= 13.0.3"
   spec.add_development_dependency "rspec"
 end

data/lib/ingress/permission_rule.rb CHANGED Viewed

@@ -6,7 +6,7 @@ module Ingress
       @allows = allows
       @action = action
       @subject = subject
-      @conditions = [conditions].compact.flatten
+      @conditions = conditions
     end
     def allows?
@@ -16,7 +16,6 @@ module Ingress
     def match?(given_action, given_subject, user, options = {})
       return false unless action_matches?(given_action)
       return false unless subject_matches?(given_subject)
-      return true if ignore_conditions?(given_subject)
       conditions_match?(user, given_subject, options)
     end
@@ -36,14 +35,6 @@ module Ingress
         "*" == subject
     end
-    def ignore_conditions?(given_subject)
-      subject_class?(given_subject) && subject_class?(@subject)
-    end
-    def subject_class?(subject)
-      [Class, Module].include? subject.class
-    end
     def conditions_match?(user, given_subject, options)
       conditions.all? do |condition|
         if condition.arity == 2

data/lib/ingress/permissions_dsl.rb CHANGED Viewed

@@ -15,15 +15,17 @@ module Ingress
     def can(actions, subjects, options = {}, &block)
       for_each_action_and_subject(actions, subjects) do |action, subject|
-        condition = condition_from_options(options, block)
-        permission_repository.add_permission(role_identifier, true, action, subject, condition)
+        conditions = conditions_from(options, block)
+        permission_repository.add_permission(role_identifier, true, action, subject, conditions)
       end
     end
     def cannot(actions, subjects, options = {}, &block)
       for_each_action_and_subject(actions, subjects) do |action, subject|
-        condition = condition_from_options(options, block)
-        permission_repository.add_permission(role_identifier, false, action, subject, condition)
+        conditions = conditions_from(options, block)
+        permission_repository.add_permission(role_identifier, false, action, subject, conditions)
       end
     end
@@ -41,9 +43,40 @@ module Ingress
       end
     end
-    def condition_from_options(options, block)
-      if_condition = options[:if] || block
-      if_condition.respond_to?(:call) ? if_condition : nil
+    def conditions_from(options, block)
+      generic_condition = generic_condition_from(options[:if] || block)
+      instance_condition = if_subject_is_an_instance_condition_from(options[:if_subject_is_an_instance])
+      class_condition = if_subject_is_a_class_condition_from(options[:if_subject_is_a_class])
+      [generic_condition, instance_condition, class_condition].compact
+    end
+    def generic_condition_from(callback)
+      callback if callback&.respond_to?(:call)
+    end
+    def if_subject_is_an_instance_condition_from(callback)
+      if callback&.respond_to?(:call)
+        lambda do |user, given_subject, option|
+          if [Class, Module].include?(given_subject.class)
+            true
+          else
+            callback.call(user, given_subject, option)
+          end
+        end
+      end
+    end
+    def if_subject_is_a_class_condition_from(callback)
+      if callback&.respond_to?(:call)
+        lambda do |user, given_subject, option|
+          if [Class, Module].include?(given_subject.class)
+            callback.call(user, given_subject, option)
+          else
+            true
+          end
+        end
+      end
     end
   end
 end

data/lib/ingress/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Ingress
-  VERSION = "0.4.0"
+  VERSION = "0.5.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ingress
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Alan Skorkin
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-16 00:00:00.000000000 Z
+date: 2021-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,7 +16,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '2.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -26,7 +26,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '2.2'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -34,16 +34,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 13.0.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 13.0.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -105,7 +105,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.4
 signing_key:
 specification_version: 4
 summary: Simple role based authorization for Ruby applications