isomorfeus-policy 1.0.0.delta12

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2a2fe7052bf8d2dde88e40dbaf7e84b4a346a2d76d50f388dcd921ec6c7e04f2
+  data.tar.gz: 5b548ae9f03dd1fa28cabc0d239e7b9c5aacb9c73282e1928767d28f18dacf13
+SHA512:
+  metadata.gz: 23e95150876608e3da88a67cd2f25292d178f17379e033ba523b0ee3c1e146d86e11398eae9073d97abf09adc81cf07f592de7183be48fbb2efa59ccc7f625eb
+  data.tar.gz: 9b58c54270a731b88549cff14e4217290f64125b5ce2d623578c2a9c3a5358cc910373320830f413c625e708d106d506c5fa4990dc4e0b938bc6601871f2b655

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Jan Biedermann
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,45 @@
+# isomorfeus-policy
+Policy for Isomorfeus
+
+Policy is enforced on the server, however, the same policy rules are also available on the client to allow for making consistent decisions everywhere.
+
+## Usage
+Everything that is not explicitly allowed somewhere is denied.
+
+Place the policy file in your projects `isomorfeus/policies`.
+
+Example Policy:
+```ruby
+  class MySimplePolicy < LucidPolicy::Base
+
+    policy_for UserOrRoleClass
+
+    allow BlaBlaGraph, :load
+
+    deny BlaGraph, SuperOperation
+
+    deny others # or: allow others
+
+    with_condition do |user_or_role_instance, target_class, target_method, *props|
+       role.class == AdminRole
+    end
+
+    refine BlaGraph, :load, :count do |user_or_role_instance, target_class, target_method, *props|
+      allow if user_or_role_instance.verified?
+      deny
+    end
+  end
+```
+and then any of:
+```ruby
+user_or_role_instance.authorized?(target_class)
+user_or_role_instance.authorized?(target_class, target_method)
+user_or_role_instance.authorized?(target_class, target_method, *props)
+```
+or:
+```ruby
+user_or_role_instance.authorized!(target_class)
+user_or_role_instance.authorized!(target_class, target_method)
+user_or_role_instance.authorized!(target_class, target_method, *props)
+```
+which will raise a LucidPolicy::Exception unless authorized

data/lib/isomorfeus/policy/config.rb

@@ -0,0 +1,28 @@
+module Isomorfeus
+  class << self
+    def cached_policy_classes
+      @cached_array_classes ||= {}
+    end
+
+    def cached_policy_class(class_name)
+      return cached_policy_classes[class_name] if cached_policy_classes.key?(class_name)
+      cached_policy_classes[class_name] = "::#{class_name}".constantize
+    end
+
+    if RUBY_ENGINE != 'opal'
+      def valid_policy_class_names
+        @valid_policy_class_names ||= Set.new
+      end
+
+      def valid_policy_class_name?(class_name)
+        valid_policy_class_names.include?(class_name)
+      end
+
+      def add_valid_policy_class(klass)
+        class_name = klass.name
+        class_name = class_name.split('>::').last if class_name.start_with?('#<')
+        valid_policy_class_names << class_name
+      end
+    end
+  end
+end

data/lib/isomorfeus/policy/helper.rb

@@ -0,0 +1,21 @@
+module Isomorfeus
+  module Policy
+    class Helper < BasicObject
+      attr_reader :result
+
+      def initialize
+        @result= nil
+      end
+
+      def allow
+        @result = :allow if @result.nil?
+        nil
+      end
+
+      def deny
+        @result = :deny if @result.nil?
+        nil
+      end
+    end
+  end
+end

data/lib/isomorfeus/policy/version.rb

@@ -0,0 +1,5 @@
+module Isomorfeus
+  module Policy
+    VERSION = '1.0.0.delta12'
+  end
+end

data/lib/isomorfeus-policy.rb

@@ -0,0 +1,24 @@
+require 'opal'
+require 'isomorfeus-redux'
+require 'isomorfeus-react'
+require 'isomorfeus/policy/config'
+require 'lucid_policy/exception'
+require 'isomorfeus/policy/helper'
+require 'lucid_policy/mixin'
+require 'lucid_policy/base'
+
+if RUBY_ENGINE == 'opal'
+  Opal::Autoloader.add_load_path('policies')
+else
+  Opal.append_path(__dir__.untaint) unless Opal.paths.include?(__dir__.untaint)
+
+  require 'active_support/dependencies'
+
+  path = File.expand_path(File.join('isomorfeus', 'policies'))
+
+  ActiveSupport::Dependencies.autoload_paths << path
+  # we also need to require them all, so classes are registered accordingly
+  Dir.glob("#{path}/**/*.rb").each do |file|
+    require file
+  end
+end

data/lib/lucid_policy/base.rb

@@ -0,0 +1,11 @@
+module LucidPolicy
+  class Base
+    include LucidPolicy::Mixin
+
+    if RUBY_ENGINE != 'opal'
+      def self.inherited(base)
+        Isomorfeus.add_valid_policy_class(base)
+      end
+    end
+  end
+end

data/lib/lucid_policy/exception.rb

@@ -0,0 +1,4 @@
+module LucidPolicy
+  class Exception < Exception
+  end
+end

data/lib/lucid_policy/mixin.rb

@@ -0,0 +1,156 @@
+module LucidPolicy
+  module Mixin
+    def self.included(base)
+      if RUBY_ENGINE != 'opal'
+        Isomorfeus.add_valid_policy_class(base) unless base == LucidPolicy::Base
+      end
+
+      # DSL
+      # class MySimplePolicy < LucidPolicy::Base
+      #
+      #   policy_for UserOrRoleClass
+      #
+      #   allow BlaBlaGraph, :load
+      #
+      #   deny BlaGraph, SuperOperation
+      #
+      #   deny others # or: allow others
+      #
+      #   with_condition do |user_or_role_instance, target_class, target_method, *props|
+      #      role.class == AdminRole
+      #   end
+      #
+      #   refine BlaGraph, :load, :count do |user_or_role_instance, target_class, target_method, *props|
+      #     allow if role.verified?
+      #     deny
+      #   end
+      # end
+      #
+      base.instance_exec do
+        def policy_for(a_class)
+          raise LucidPolicy::Exception, "policy_for #{a_class} can only be used once within #{self}!" if @the_class
+          @the_class = a_class
+          unless a_class.methods.include?(:authorization_rules)
+            a_class.define_singleton_method(:authorization_rules) do
+              @authorization_rules ||= { classes: {}, conditions: [], others: nil, policy_classes: [] }
+            end
+          end
+          unless a_class.method_defined?(:authorized?)
+            a_class.define_method(:authorized?) do |*class_method_props|
+              target_class = class_method_props[0]
+              raise "At least the class must be given!" unless target_class
+              target_method = class_method_props[1]
+              props = class_method_props[2..-1]
+
+              condition_result = true
+              self.class.authorization_rules[:conditions].each do |condition|
+                condition_result = condition.call(self, target_class, target_method, *props, &condition)
+                break unless condition_result == true
+              end
+
+              if condition_result
+                result = if self.class.authorization_rules[:classes].key?(target_class)
+                           if target_method &&
+                              self.class.authorization_rules[:classes][target_class].key?(:methods) &&
+                              self.class.authorization_rules[:classes][target_class][:methods].key?(target_method)
+                             self.class.authorization_rules[:classes][target_class][:methods][target_method]
+                           else
+                             self.class.authorization_rules[:classes][target_class][:default]
+                           end
+                         else
+                           self.class.authorization_rules[:others]
+                         end
+
+                if result.class == Proc
+                  policy_helper = Isomorfeus::Policy::Helper.new
+                  policy_helper.instance_exec(self, target_class, target_method, *props, &result)
+                  result = policy_helper.result
+                end
+
+                result == :allow ? true : false
+              else
+                false
+              end
+            end
+          end
+          unless a_class.method_defined?(:authorized!)
+            a_class.define_method(:authorized!) do |*class_method_props|
+              return true if authorized?(*class_method_props)
+              raise LucidPolicy::Exception, "#{self} not authorized to call #{class_method_props}"
+            end
+          end
+          @the_class.authorization_rules[:policy_classes] << self
+        end
+
+        def allow(*classes_and_methods)
+          _raise_allow_deny_first if @refine_used
+          _allow_or_deny(:allow, *classes_and_methods)
+        end
+
+        def deny(*classes_and_methods)
+          _raise_allow_deny_first if @refine_used
+          _allow_or_deny(:deny, *classes_and_methods)
+        end
+
+        def others
+          :others
+        end
+
+        def refine(*classes_and_methods, &block)
+          @refine_used = true
+          _allow_or_deny(nil, *classes_and_methods, &block)
+        end
+
+        def with_condition(&block)
+          _raise_policy_first unless @the_class
+          @the_class.authorization_rules[:conditions] << block
+        end
+
+        private
+
+        def _raise_policy_first
+          raise LucidPolicy::Exception, "'allow' or 'deny' must appear before 'refine'"
+        end
+
+        def _raise_policy_first
+          raise LucidPolicy::Exception, "policy_for Class must be specified first"
+        end
+
+        def _allow_or_deny(allow_or_deny, *classes_and_methods, &block)
+          _raise_policy_first unless @the_class
+
+          allow_or_deny_or_block = block_given? ? block : allow_or_deny.to_sym
+
+          target_classes = []
+          target_methods = []
+
+          if classes_and_methods.first == :others
+            @the_class.authorization_rules[:others] = allow_or_deny_or_block
+            return
+          end
+
+          classes_and_methods.each do |class_or_method|
+            if (class_or_method.class == String || class_or_method.class == Symbol) && class_or_method.to_s[0].downcase == class_or_method.to_s[0]
+              target_methods << class_or_method.to_sym
+            else
+              target_classes << class_or_method
+            end
+          end
+
+          target_classes.each do |target_class|
+            @the_class.authorization_rules[:classes][target_class] = {} unless @the_class.authorization_rules[:classes].key?(target_class)
+            if allow_or_deny && target_methods.empty?
+              @the_class.authorization_rules[:classes][target_class][:default] = allow_or_deny_or_block
+            else
+              @the_class.authorization_rules[:classes][target_class][:default] = :deny unless @the_class.authorization_rules[:classes][target_class].key?(:default)
+              @the_class.authorization_rules[:classes][target_class][:methods] = {} unless @the_class.authorization_rules[:classes][target_class].key?(:methods)
+              target_methods.each do |target_method|
+                @the_class.authorization_rules[:classes][target_class][:methods][target_method] = allow_or_deny_or_block
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: isomorfeus-policy
+version: !ruby/object:Gem::Version
+  version: 1.0.0.delta12
+platform: ruby
+authors:
+- Jan Biedermann
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-08-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: opal
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.11.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.11.0
+- !ruby/object:Gem::Dependency
+  name: opal-autoloader
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: isomorfeus-react
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 16.9.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 16.9.2
+- !ruby/object:Gem::Dependency
+  name: isomorfeus-redux
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.11
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.11
+description: Policies for Isomorfeus.
+email: jan@kursator.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/isomorfeus-policy.rb
+- lib/isomorfeus/policy/config.rb
+- lib/isomorfeus/policy/helper.rb
+- lib/isomorfeus/policy/version.rb
+- lib/lucid_policy/base.rb
+- lib/lucid_policy/exception.rb
+- lib/lucid_policy/mixin.rb
+homepage: http://isomorfeus.com
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Policies for Isomorfeus.
+test_files: []