ingress 0.4.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: edbb4efc674725b3fcb18ed2651773ecab7af973940f185cb93a94251858a4da
-  data.tar.gz: aadc4a71a1946a19227b1b1a09d37372d056d19020c721a55a1c6cb63a251d20
+  metadata.gz: e7edbf639d42a08538dc22f46ead3e66f1891ebe9bdaa0091fafb5e078b130ce
+  data.tar.gz: e4a79fc5458b4ea8010b2ad159f7fd6e680f33416fae9a4171cb3dc5fc714058
 SHA512:
-  metadata.gz: a63048555be635ef620c670e5f3fe39db3bc56bce272734141e391834b82cf42f3f8bce5e4ab9f7f752cc71b9b76e50307aa2d163bec8c901f5be9ad2fcacbdb
-  data.tar.gz: 555623681279ba944737bbbb77e2b7b5fd65b365dcd840b83581fdb04527839203669977b1d602fe94e720f91fb7e0ab120c889883109a1a89a65490ac357410
+  metadata.gz: e891d1ebccd414e2837390f7fa2cc65afb8657e5729e7ab7c0291bdccb0533952e790c1b8650e31d207e645becaab6ab8f49435f9463a4c95c53e197e5aa78fc
+  data.tar.gz: bd15606c39a1009d9c4b4e77e55f6e5034f30d72513fca120d8ae82cf26195fb87cd7cd71d1cb3e0ea750ebe03f3295fae913301ddeaafe3ee52241f2bc9ac2a

data/.gitignore

@@ -7,3 +7,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+tags

data/.ruby-version

@@ -1 +1 @@
-2.6.3
+3.4.1

data/README.md

@@ -283,6 +283,66 @@ So now the authorization in your system can be defined in a much more OO way, wi
 
 This framework has no hooks into Rails (these would be trivial to write if necessary, e.g. you can instantiate the `user_permissions` object on your `ApplicationController` and then do the `can?` checks anywhere you want) and can therefore be used with any web framework, or even outside of the context of a web framework (if such a use case makes sense).
 
+### Conditional Lambda
+
+Ingress by default does not know about the subject that is given in the conditional lambda. The given subject can be a Class or an Object and it depends on the user to define the correct lambda to handle the given subject.
+
+For example, given the following `UserPermissions`:
+
+```
+class UserPermissions < Ingress::Permissions
+  define_role_permissions do
+    can :read, Post, if: ->(user, given_subject) do
+      case [user, given_subject]
+      in [_, Post]
+        user.id == given_subject.user_id
+      in [_, Class]
+        true
+      else
+        false
+    end
+  end
+end
+```
+
+This is the result of the defined permissions:
+
+```
+user_permissions = UserPermissions.new(user)
+user_permissions.can?(:read, Post) # returns true
+post = user.posts.first # assume we can get the list of posts form the user object
+user_permissions.can?(:read, post) # returns true
+```
+
+Ingress provides 2 convenient interfaces to apply conditional lambda on a Class or an Instance:
+
+* if_subject_is_an_instance
+* if_subject_is_a_class
+
+These conditional lambdas always take 3 parameters: the `user`, the `subject` (this is either a Class or an Instance), and the `options` (this is additional attributes that may be needed to do the check).
+
+They can be chained together like following:
+
+```
+class UserPermissions < Ingress::Permissions
+  define_role_permissions do
+    can :read, Post,
+      if: ->(user, _post) { !user.id.nil? },
+      if_subject_is_an_instance: ->(user, post, _options) { user.id == post.user_id },
+      if_subject_is_a_class: ->(_user, klass, _options) { klass == Post }
+  end
+end
+```
+
+This is the result of the defined permissions:
+
+```
+user_permissions = UserPermissions.new(user)
+user_permissions.can?(:read, Post) # returns true
+post = user.posts.first # assume we can get the list of posts form the user object
+user_permissions.can?(:read, post) # returns true
+```
+
 ## Development
 
 After checking out the repo, run `script/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `script/console` for an interactive prompt that will allow you to experiment.

data/ingress.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", ">= 1.10", "< 3"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", ">= 2.6", "< 3"
+  spec.add_development_dependency "rake", ">= 13.1.0"
   spec.add_development_dependency "rspec"
 end

data/lib/ingress/permission_rule.rb

@@ -6,7 +6,7 @@ module Ingress
       @allows = allows
       @action = action
       @subject = subject
-      @conditions = [conditions].compact.flatten
+      @conditions = conditions
     end
 
     def allows?
@@ -16,7 +16,6 @@ module Ingress
     def match?(given_action, given_subject, user, options = {})
       return false unless action_matches?(given_action)
       return false unless subject_matches?(given_subject)
-      return true if ignore_conditions?(given_subject)
 
       conditions_match?(user, given_subject, options)
     end
@@ -31,19 +30,11 @@ module Ingress
 
     def subject_matches?(given_subject)
       given_subject == subject ||
-        given_subject.class == subject ||
+        (subject.is_a?(Class) || subject.is_a?(Module) ? given_subject.is_a?(subject) : false) ||
         given_subject == "*" ||
         "*" == subject
     end
 
-    def ignore_conditions?(given_subject)
-      subject_class?(given_subject) && subject_class?(@subject)
-    end
-
-    def subject_class?(subject)
-      [Class, Module].include? subject.class
-    end
-
     def conditions_match?(user, given_subject, options)
       conditions.all? do |condition|
         if condition.arity == 2

data/lib/ingress/permissions_dsl.rb

@@ -15,15 +15,17 @@ module Ingress
 
     def can(actions, subjects, options = {}, &block)
       for_each_action_and_subject(actions, subjects) do |action, subject|
-        condition = condition_from_options(options, block)
-        permission_repository.add_permission(role_identifier, true, action, subject, condition)
+        conditions = conditions_from(options, block)
+
+        permission_repository.add_permission(role_identifier, true, action, subject, conditions)
       end
     end
 
     def cannot(actions, subjects, options = {}, &block)
       for_each_action_and_subject(actions, subjects) do |action, subject|
-        condition = condition_from_options(options, block)
-        permission_repository.add_permission(role_identifier, false, action, subject, condition)
+        conditions = conditions_from(options, block)
+
+        permission_repository.add_permission(role_identifier, false, action, subject, conditions)
       end
     end
 
@@ -41,9 +43,40 @@ module Ingress
       end
     end
 
-    def condition_from_options(options, block)
-      if_condition = options[:if] || block
-      if_condition.respond_to?(:call) ? if_condition : nil
+    def conditions_from(options, block)
+      generic_condition = generic_condition_from(options[:if] || block)
+      instance_condition = if_subject_is_an_instance_condition_from(options[:if_subject_is_an_instance])
+      class_condition = if_subject_is_a_class_condition_from(options[:if_subject_is_a_class])
+
+      [generic_condition, instance_condition, class_condition].compact
+    end
+
+    def generic_condition_from(callback)
+      callback if callback&.respond_to?(:call)
+    end
+
+    def if_subject_is_an_instance_condition_from(callback)
+      if callback&.respond_to?(:call)
+        lambda do |user, given_subject, option|
+          if [Class, Module].include?(given_subject.class)
+            true
+          else
+            callback.call(user, given_subject, option)
+          end
+        end
+      end
+    end
+
+    def if_subject_is_a_class_condition_from(callback)
+      if callback&.respond_to?(:call)
+        lambda do |user, given_subject, option|
+          if [Class, Module].include?(given_subject.class)
+            callback.call(user, given_subject, option)
+          else
+            true
+          end
+        end
+      end
     end
   end
 end

data/lib/ingress/version.rb

@@ -1,3 +1,3 @@
 module Ingress
-  VERSION = "0.4.0"
+  VERSION = "0.5.1"
 end

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: ingress
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.1
 platform: ruby
 authors:
 - Alan Skorkin
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-01-16 00:00:00.000000000 Z
+date: 2025-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -16,7 +15,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '2.6'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -26,7 +25,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: '2.6'
     - - "<"
       - !ruby/object:Gem::Version
         version: '3'
@@ -34,16 +33,16 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 13.1.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 13.1.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -58,7 +57,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: 
 email:
 - alan@skorks.com
 executables: []
@@ -90,7 +88,6 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/skorks/ingress/issues
   source_code_uri: https://github.com/skorks/ingress
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -105,8 +102,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.6.2
 specification_version: 4
 summary: Simple role based authorization for Ruby applications
 test_files: []