isomorfeus-policy 1.0.0.zeta10 → 1.0.0.zeta11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dde2839e7e6082294bd1ec7a15d223f4e6e4f028ebfcb389770c7d3577d3ca02
-  data.tar.gz: 22478dbe44ffdf8e4adc64d98eac458ac219d3abe2006db154d81edde18fa8a3
+  metadata.gz: 7bedcdf8ad204326ee51b54af14b3d58db6f79b6b41d924dcb983f11591e6a16
+  data.tar.gz: b21ce828d2c87062e1ddb532e597a37bbb89f9e2f2ad773db76c0c977ba5d2ae
 SHA512:
-  metadata.gz: 671d97f51ceb6fc06f0c3bc9ba1f772edcc0579c1fcc0bb17aeda7b738f8677aa8d113a710332117166615ae0aaa12663c84deb7436e2d9b79ed18d04edba7aa
-  data.tar.gz: 730493a585556eb655a10caa77e0c609d0a12725b32674e69c07c11fa1b397e8467ba1dcceb804716b3084af3e7f07aebbf45a3a5f2c4f75f09fbc17e40bddbf
+  metadata.gz: db1ddf450cfd0c6d2473566f6034f27cc0d9040c0e523f1de8a92f4404303cc9da0132d71fd51397a880da86c1dea07f9a381822b1e960c1d0bba3a60808bc06
+  data.tar.gz: 1dccbbb984918beeaac23e607b8c28766f1f8105273c24e2cb0d187d38bcc5b445ec40cc53d10a95c97c111086bbd44fa54674a857a4ea9f7b405540b8e04b6a

data/README.md

@@ -14,11 +14,26 @@ Everything that is not explicitly allowed somewhere is denied.
 
 Place the policy file in your projects `isomorfeus/policies`.
 
-Example Policy:
+Any class that would like to authorize for accessing a resource needs to include the `LucidAuthorization::Mixin` 
+or inherit from `LucidAuthorization::Base`. Example:
+
 ```ruby
-  class MySimplePolicy < LucidPolicy::Base
+class MyUser
+  include LucdiAuthorization::Mixin
+end
+```
+Any instance of that class then has the following methods available:
+- `authorized?(target_class, method_name, props)` - returning true or false
+- `authorized!(target_class, method_name, props)` - raising a exception if access is denied, otherwise returning true
+
+These methods, when called, look for a Policy class. The Policy classs must be named after the user class plus the word 'Policy'.
+Example:
 
-    policy_for UserOrRoleClass
+For a class `MyUser` the policy class must be `MyUserPolicy`.
+
+Example Policy:
+```ruby
+  class MyUserPolicy < LucidPolicy::Base
 
     allow BlaBlaGraph, :load
 
@@ -30,26 +45,26 @@ Example Policy:
     # allow all
     # deny all
 
-    with_condition do |user_or_role_instance, target_class, target_method, *props|
-       role.class == AdminRole
+    with_condition do |user_instance, target_class, target_method, *props|
+       user_instance.class == AdminRole
     end
 
-    refine BlaGraph, :load, :count do |user_or_role_instance, target_class, target_method, *props|
-      allow if user_or_role_instance.verified?
+    refine BlaGraph, :load, :count do |user_instance, target_class, target_method, *props|
+      allow if user_instance.verified?
       deny
     end
   end
 ```
 and then any of:
 ```ruby
-user_or_role_instance.authorized?(target_class)
-user_or_role_instance.authorized?(target_class, target_method)
-user_or_role_instance.authorized?(target_class, target_method, *props)
+user.authorized?(target_class)
+user.authorized?(target_class, target_method)
+user.authorized?(target_class, target_method, *props)
 ```
 or:
 ```ruby
-user_or_role_instance.authorized!(target_class)
-user_or_role_instance.authorized!(target_class, target_method)
-user_or_role_instance.authorized!(target_class, target_method, *props)
+user.authorized!(target_class)
+user.authorized!(target_class, target_method)
+user.authorized!(target_class, target_method, *props)
 ```
 which will raise a LucidPolicy::Exception unless authorized

data/lib/isomorfeus/policy/config.rb

@@ -4,13 +4,20 @@ module Isomorfeus
       @cached_array_classes ||= {}
     end
 
-    def cached_policy_class(class_name)
-      return "::#{class_name}".constantize if Isomorfeus.development?
-      return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
-      cached_policy_classes[class_name] = "::#{class_name}".constantize
-    end
+    if RUBY_ENGINE == 'opal'
+      def cached_policy_class(class_name)
+        return "::#{class_name}".constantize if Isomorfeus.development?
+        return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
+        cached_policy_classes[class_name] = "::#{class_name}".constantize
+      end
+    else
+      def cached_policy_class(class_name)
+        return nil unless valid_policy_class_name?(class_name)
+        return "::#{class_name}".constantize if Isomorfeus.development?
+        return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
+        cached_policy_classes[class_name] = "::#{class_name}".constantize
+      end
 
-    if RUBY_ENGINE != 'opal'
       def valid_policy_class_names
         @valid_policy_class_names ||= Set.new
       end

data/lib/isomorfeus/policy/version.rb

@@ -1,5 +1,5 @@
 module Isomorfeus
   module Policy
-    VERSION = '1.0.0.zeta10'
+    VERSION = '1.0.0.zeta11'
   end
 end

data/lib/isomorfeus-policy.rb

@@ -1,17 +1,20 @@
 require 'isomorfeus-react'
 require 'isomorfeus/policy/config'
-require 'lucid_policy/exception'
-require 'isomorfeus/policy/helper'
-require 'lucid_policy/mixin'
-require 'lucid_policy/base'
-require 'anonymous'
-require 'isomorfeus/policy/anonymous_policy'
 
 if RUBY_ENGINE == 'opal'
+  Isomorfeus.zeitwerk.push_dir('isomorfeus_policy')
+  require_tree 'isomorfeus_policy', :autoload
   Isomorfeus.zeitwerk.push_dir('policies')
 else
-  Opal.append_path(__dir__.untaint) unless Opal.paths.include?(__dir__.untaint)
+  require 'isomorfeus_policy/lucid_policy/exception'
+  require 'isomorfeus_policy/lucid_policy/helper'
+  require 'isomorfeus_policy/lucid_policy/mixin'
+  require 'isomorfeus_policy/lucid_policy/base'
+  require 'isomorfeus_policy/lucid_authorization/mixin'
+  require 'isomorfeus_policy/lucid_authorization/base'
+  require 'isomorfeus_policy/anonymous'
 
+  Opal.append_path(__dir__.untaint) unless Opal.paths.include?(__dir__.untaint)
   path = File.expand_path(File.join('isomorfeus', 'policies'))
   Isomorfeus.zeitwerk.push_dir(path)
 end

data/lib/isomorfeus_policy/anonymous.rb

@@ -0,0 +1,7 @@
+class Anonymous
+  include LucidAuthorization::Mixin
+
+  def key
+    'anonymous'
+  end
+end

data/lib/isomorfeus_policy/lucid_authorization/base.rb

@@ -0,0 +1,5 @@
+module LucidAuthorization
+  class Base
+    include LucidAuthorization::Mixin
+  end
+end

data/lib/isomorfeus_policy/lucid_authorization/mixin.rb

@@ -0,0 +1,23 @@
+module LucidAuthorization
+  module Mixin
+    def authorized?(target_class, target_method = nil, *props)
+      begin
+        class_name = self.class.name
+        class_name = class_name.split('>::').last if class_name.start_with?('#<')
+        policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
+      rescue ::NameError
+        policy_class = nil
+      end
+      return false unless policy_class
+      policy_class.new(self).authorized?(target_class, target_method, *props)
+    end
+
+    def authorized!(target_class, target_method = nil, *props)
+      class_name = self.class.name
+      class_name = class_name.split('>::').last if class_name.start_with?('#<')
+      policy_class = Isomorfeus.cached_policy_class("#{class_name}Policy")
+      raise LucidPolicy::Exception, "#{self}: policy class #{class_name}Policy not found!" unless policy_class
+      policy_class.new(self).authorized!(target_class, target_method, *props)
+    end
+  end
+end

data/lib/isomorfeus_policy/lucid_policy/base.rb

@@ -0,0 +1,11 @@
+module LucidPolicy
+  class Base
+    include LucidPolicy::Mixin
+
+    if RUBY_ENGINE != 'opal'
+      def self.inherited(base)
+        Isomorfeus.add_valid_policy_class(base)
+      end
+    end
+  end
+end

data/lib/isomorfeus_policy/lucid_policy/helper.rb

@@ -0,0 +1,19 @@
+module LucidPolicy
+  class Helper < BasicObject
+    attr_reader :result
+
+    def initialize
+      @result= nil
+    end
+
+    def allow
+      @result = :allow if @result.nil?
+      nil
+    end
+
+    def deny
+      @result = :deny if @result.nil?
+      nil
+    end
+  end
+end

data/lib/isomorfeus_policy/lucid_policy/mixin.rb

@@ -0,0 +1,128 @@
+module LucidPolicy
+  module Mixin
+    def self.included(base)
+      base.instance_exec do
+        if RUBY_ENGINE != 'opal'
+          Isomorfeus.add_valid_policy_class(base) unless base == LucidPolicy::Base
+        end
+
+        def authorization_rules
+          @authorization_rules ||= { classes: {}, conditions: [], others: :deny }
+        end
+
+        def all
+          :others
+        end
+
+        def allow(*classes_and_methods)
+          _raise_allow_deny_first if @refine_used
+          @allow_deny_used = true
+          _allow_or_deny(:allow, *classes_and_methods)
+        end
+
+        def deny(*classes_and_methods)
+          _raise_allow_deny_first if @refine_used
+          @allow_deny_used = true
+          _allow_or_deny(:deny, *classes_and_methods)
+        end
+
+        def others
+          :others
+        end
+
+        def refine(*classes_and_methods, &block)
+          _raise_allow_deny_first unless @allow_deny_used
+          @refine_used = true
+          _allow_or_deny(nil, *classes_and_methods, &block)
+        end
+
+        def with_condition(&block)
+          authorization_rules[:conditions] << block
+        end
+
+        private
+
+        def _raise_allow_deny_first
+          raise LucidPolicy::Exception, "#{self}: 'allow' or 'deny' must appear before 'refine'"
+        end
+
+        def _allow_or_deny(allow_or_deny, *classes_and_methods, &block)
+          rules              = authorization_rules
+          allow_or_deny_or_block = block_given? ? block : allow_or_deny.to_sym
+
+          target_classes = []
+          target_methods = []
+
+          if classes_and_methods.first == :others
+            rules[:others] = allow_or_deny_or_block
+            return
+          end
+
+          classes_and_methods.each do |class_or_method|
+            if (class_or_method.class == String || class_or_method.class == Symbol) && class_or_method.to_s[0].downcase == class_or_method.to_s[0]
+              target_methods << class_or_method.to_sym
+            else
+              target_classes << class_or_method
+            end
+          end
+
+          target_classes.each do |target_class|
+            rules[:classes][target_class] = {} unless rules[:classes].key?(target_class)
+            if allow_or_deny && target_methods.empty?
+              rules[:classes][target_class][:default] = allow_or_deny_or_block
+            else
+              rules[:classes][target_class][:default] = :deny unless rules[:classes][target_class].key?(:default)
+              rules[:classes][target_class][:methods] = {} unless rules[:classes][target_class].key?(:methods)
+              target_methods.each do |target_method|
+                rules[:classes][target_class][:methods][target_method] = allow_or_deny_or_block
+              end
+            end
+          end
+        end
+      end
+
+      def initialize(object)
+        @object = object
+      end
+
+      def authorized?(target_class, target_method = nil, *props)
+        raise LucidPolicy::Exception, "#{self}: At least the class must be given!" unless target_class
+        result = :deny
+
+        rules = self.class.authorization_rules
+
+        condition_result = true
+        rules[:conditions].each do |condition|
+          condition_result = condition.call(@object, target_class, target_method, *props, &condition)
+          break unless condition_result == true
+        end
+
+        if condition_result == true
+          result = if rules[:classes].key?(target_class)
+                     if target_method && rules[:classes][target_class].key?(:methods) &&
+                       rules[:classes][target_class][:methods].key?(target_method)
+                       rules[:classes][target_class][:methods][target_method]
+                     else
+                       rules[:classes][target_class][:default]
+                     end
+                   else
+                     rules[:others]
+                   end
+
+          if result.class == Proc
+            policy_helper = LucidPolicy::Helper.new
+            policy_helper.instance_exec(@object, target_class, target_method, *props, &result)
+            result = policy_helper.result
+          end
+        end
+
+        result == :allow ? true : false
+      end
+
+      def authorized!(target_class, target_method = nil, *props)
+        return true if authorized?(target_class, target_method, *props)
+        raise LucidPolicy::Exception, "#{@object}: not authorized to call #{target_class}.#{target_method}(#{props})!"
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: isomorfeus-policy
 version: !ruby/object:Gem::Version
-  version: 1.0.0.zeta10
+  version: 1.0.0.zeta11
 platform: ruby
 authors:
 - Jan Biedermann
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-19 00:00:00.000000000 Z
+date: 2019-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: opal
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 16.12.4
+        version: 16.12.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 16.12.4
+        version: 16.12.6
 - !ruby/object:Gem::Dependency
   name: isomorfeus-redux
   requirement: !ruby/object:Gem::Requirement
@@ -58,28 +58,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta10
+        version: 1.0.0.zeta11
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.zeta10
+        version: 1.0.0.zeta11
 - !ruby/object:Gem::Dependency
   name: opal-webpack-loader
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.9
+        version: 0.9.10
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.9.9
+        version: 0.9.10
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -116,15 +116,16 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
-- lib/anonymous.rb
 - lib/isomorfeus-policy.rb
-- lib/isomorfeus/policy/anonymous_policy.rb
 - lib/isomorfeus/policy/config.rb
-- lib/isomorfeus/policy/helper.rb
 - lib/isomorfeus/policy/version.rb
-- lib/lucid_policy/base.rb
-- lib/lucid_policy/exception.rb
-- lib/lucid_policy/mixin.rb
+- lib/isomorfeus_policy/anonymous.rb
+- lib/isomorfeus_policy/lucid_authorization/base.rb
+- lib/isomorfeus_policy/lucid_authorization/mixin.rb
+- lib/isomorfeus_policy/lucid_policy/base.rb
+- lib/isomorfeus_policy/lucid_policy/exception.rb
+- lib/isomorfeus_policy/lucid_policy/helper.rb
+- lib/isomorfeus_policy/lucid_policy/mixin.rb
 homepage: http://isomorfeus.com
 licenses:
 - MIT

data/lib/anonymous.rb

@@ -1,6 +0,0 @@
-class Anonymous
-  # policy methods get added by Isomorfeus::Transport::AnonymousPolicy
-  def id
-    'anonymous'
-  end
-end

data/lib/isomorfeus/policy/anonymous_policy.rb

@@ -1,8 +0,0 @@
-module Isomorfeus
-  module Policy
-    class AnonymousPolicy < LucidPolicy::Base
-      policy_for Anonymous
-      deny all
-    end
-  end
-end

data/lib/isomorfeus/policy/helper.rb

@@ -1,21 +0,0 @@
-module Isomorfeus
-  module Policy
-    class Helper < BasicObject
-      attr_reader :result
-
-      def initialize
-        @result= nil
-      end
-
-      def allow
-        @result = :allow if @result.nil?
-        nil
-      end
-
-      def deny
-        @result = :deny if @result.nil?
-        nil
-      end
-    end
-  end
-end

data/lib/lucid_policy/base.rb

@@ -1,5 +0,0 @@
-module LucidPolicy
-  class Base
-    include LucidPolicy::Mixin
-  end
-end

data/lib/lucid_policy/mixin.rb

@@ -1,135 +0,0 @@
-module LucidPolicy
-  module Mixin
-    def self.included(base)
-      base.instance_exec do
-        def policy_for(a_class)
-          raise LucidPolicy::Exception, "policy_for #{a_class} can only be used once within #{self}!" if @the_class
-          @the_class = a_class
-          unless a_class.methods.include?(:authorization_rules)
-            a_class.define_singleton_method(:authorization_rules) do
-              @authorization_rules ||= {}
-            end
-          end
-          unless a_class.method_defined?(:authorized?)
-            a_class.define_method(:authorized?) do |*class_method_props|
-              target_class = class_method_props[0]
-              raise "At least the class must be given!" unless target_class
-              target_method = class_method_props[1]
-              props = class_method_props[2..-1]
-
-              result = :deny
-              self.class.authorization_rules.each_value do |rules|
-                condition_result = true
-                rules[:conditions].each do |condition|
-                  condition_result = condition.call(self, target_class, target_method, *props, &condition)
-                  break unless condition_result == true
-                end
-
-                if condition_result == true
-                  result = if rules[:classes].key?(target_class)
-                             if target_method && rules[:classes][target_class].key?(:methods) &&
-                                rules[:classes][target_class][:methods].key?(target_method)
-                               rules[:classes][target_class][:methods][target_method]
-                             else
-                               rules[:classes][target_class][:default]
-                             end
-                           else
-                             rules[:others]
-                           end
-
-                  if result.class == Proc
-                    policy_helper = Isomorfeus::Policy::Helper.new
-                    policy_helper.instance_exec(self, target_class, target_method, *props, &result)
-                    result = policy_helper.result
-                  end
-                end
-                break if result == :allow
-              end
-              result == :allow ? true : false
-            end
-          end
-          unless a_class.method_defined?(:authorized!)
-            a_class.define_method(:authorized!) do |*class_method_props|
-              return true if authorized?(*class_method_props)
-              raise LucidPolicy::Exception, "#{self} not authorized to call #{class_method_props}"
-            end
-          end
-          @the_class.authorization_rules[self.to_s] = { classes: {}, conditions: [], others: :deny }
-        end
-
-        def all
-          :others
-        end
-
-        def allow(*classes_and_methods)
-          _raise_allow_deny_first if @refine_used
-          _allow_or_deny(:allow, *classes_and_methods)
-        end
-
-        def deny(*classes_and_methods)
-          _raise_allow_deny_first if @refine_used
-          _allow_or_deny(:deny, *classes_and_methods)
-        end
-
-        def others
-          :others
-        end
-
-        def refine(*classes_and_methods, &block)
-          @refine_used = true
-          _allow_or_deny(nil, *classes_and_methods, &block)
-        end
-
-        def with_condition(&block)
-          _raise_policy_first unless @the_class
-          @the_class.authorization_rules[self.to_s][:conditions] << block
-        end
-
-        private
-
-        def _raise_policy_first
-          raise LucidPolicy::Exception, "'allow' or 'deny' must appear before 'refine'"
-        end
-
-        def _raise_policy_first
-          raise LucidPolicy::Exception, "policy_for Class must be specified first"
-        end
-
-        def _allow_or_deny(allow_or_deny, *classes_and_methods, &block)
-          _raise_policy_first unless @the_class
-          rule_hash = @the_class.authorization_rules[self.to_s]
-          allow_or_deny_or_block = block_given? ? block : allow_or_deny.to_sym
-
-          target_classes = []
-          target_methods = []
-
-          if classes_and_methods.first == :others
-            rule_hash[:others] = allow_or_deny_or_block
-            return
-          end
-
-          classes_and_methods.each do |class_or_method|
-            if (class_or_method.class == String || class_or_method.class == Symbol) && class_or_method.to_s[0].downcase == class_or_method.to_s[0]
-              target_methods << class_or_method.to_sym
-            else
-              target_classes << class_or_method
-            end
-          end
-
-          target_classes.each do |target_class|
-            rule_hash[:classes][target_class] = {} unless rule_hash[:classes].key?(target_class)
-            if allow_or_deny && target_methods.empty?
-              rule_hash[:classes][target_class][:default] = allow_or_deny_or_block
-            else
-              rule_hash[:classes][target_class][:default] = :deny unless rule_hash[:classes][target_class].key?(:default)
-              rule_hash[:classes][target_class][:methods] = {} unless rule_hash[:classes][target_class].key?(:methods)
-              target_methods.each do |target_method|
-                rule_hash[:classes][target_class][:methods][target_method] = allow_or_deny_or_block
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end