miau 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 260b09e92525eeb312da62c0ef28cb31277f36e120f96915de57a3928498a93d
+  data.tar.gz: 55f3f87be42ebd0ef9faf6e3e1c233da129c4fb6daf958290ceebb129de1a597
+SHA512:
+  metadata.gz: d559ecd15d75b465f041fc559b288bf92a0f396c6d50d362ed18d1c96b53a8632e977f7c5ed1f719e2728fc391e46615320212277b6de08cd73ad5c711a4b4e8
+  data.tar.gz: 0ad1bbf9d9db96321a4e2f131b1c929fba9458afbec43b4577078df8c027cb749e1c35e2ecdcb0e8d7d1a53d6edc256fc7f721de2ce9a196e95a57dac27e3c10

data/.github/workflows/rake.yml

@@ -0,0 +1,30 @@
+# see also https://github.com/whitequark/parser/blob/master/.github/workflows/test.yml
+name: Rake
+
+#on: [push, pull_request]
+on: [push]
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+#        os: [ubuntu-latest, macos-latest]
+        os: [ubuntu-latest]
+        # Due to https://github.com/actions/runner/issues/849, we have to use quotes for '3.0'
+#        ruby: [2.5, 2.6, 2.7, '3.0', head, jruby, jruby-head, truffleruby, truffleruby-head]
+        ruby: ["2.7.2", "2.7.3", "3.0.2"]
+        test_command: ["bundle exec rake test"]
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v2
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Bundle install
+      run: |
+        bundle config path /home/runner/bundle
+        bundle install
+        bundle update
+    - run: ${{ matrix.test_command }}

data/.gitignore

@@ -0,0 +1,6 @@
+/.bundle/
+/Gemfile.lock
+/coverage/
+/doc/
+/pkg/
+/tmp/

data/.ruby-gemset

@@ -0,0 +1 @@
+rails-6.1

data/.ruby-version

@@ -0,0 +1 @@
+ruby-3.0.2

data/.watchr

@@ -0,0 +1,59 @@
+TESTING = %w[test]
+HH = "#" * 22 unless defined?(HH)
+H = "#" * 5 unless defined?(H)
+
+def usage
+  puts <<-EOS
+  Ctrl-\\ or ctrl-4   Running all tests
+  Ctrl-C             Exit
+  EOS
+end
+
+def run(cmd)
+  puts "#{HH} #{Time.now} #{HH}"
+  puts "#{H} #{cmd}"
+  system "/usr/bin/time --format '#{HH} Elapsed time %E' #{cmd}"
+end
+
+def run_it(type, file)
+  case type
+  when "test" then run %(bundle exec ruby -I test #{file})
+  #  when 'spec';  run %(rspec -X #{file})
+  else; puts "#{H} unknown type: #{type}, file: #{file}"
+  end
+end
+
+def run_all_tests
+  puts "\n#{HH} Running all tests #{HH}\n"
+  TESTING.each { |dir| run "bundle exec rake #{dir}" if File.exist?(dir) }
+end
+
+def run_matching_files(base)
+  base = base.split("_").first
+  TESTING.each { |type|
+    files = Dir["#{type}/**/*.rb"].select { |file| file =~ /#{base}_.*\.rb/ }
+    run_it type, files.join(" ") unless files.empty?
+  }
+end
+
+TESTING.each { |type|
+  watch("#{type}/#{type}_helper\.rb") { run_all_tests }
+  watch('lib/.*\.rb') { run_all_tests }
+  watch("#{type}/.*/*_#{type}\.rb") { |match| run_it type, match[0] }
+  watch("#{type}/data/(.*)\.rb") { |match|
+    m1 = match[1]
+    run_matching_files("#{type}/#{m1}/#{m1}_#{type}.rb")
+  }
+}
+
+%w[rb erb haml slim].each { |type|
+  watch(".*/(.*)\.#{type}") { |match|
+    run_matching_files(match[1])
+  }
+}
+
+# Ctrl-\ or ctrl-4
+Signal.trap("QUIT") { run_all_tests }
+# Ctrl-C
+Signal.trap("INT") { abort("Interrupted\n") }
+usage

data/Gemfile

@@ -0,0 +1,10 @@
+source "https://rubygems.org"
+
+gemspec
+
+group :test do
+  gem "observr"
+  gem "standard", require: false
+  gem "simplecov", require: false
+  gem "benchmark-ips"
+end

data/Gemfile.lock

@@ -0,0 +1,110 @@
+PATH
+  remote: .
+  specs:
+    miau (0.1.0)
+      activesupport
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionpack (6.1.4.1)
+      actionview (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      rack (~> 2.0, >= 2.0.9)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actionview (6.1.4.1)
+      activesupport (= 6.1.4.1)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activemodel (6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activesupport (6.1.4.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    ast (2.4.2)
+    benchmark-ips (2.9.1)
+    builder (3.2.4)
+    concurrent-ruby (1.1.9)
+    crass (1.0.6)
+    docile (1.4.0)
+    erubi (1.10.0)
+    i18n (1.8.10)
+      concurrent-ruby (~> 1.0)
+    loofah (2.12.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    minitest (5.14.4)
+    nokogiri (1.12.4-x86_64-linux)
+      racc (~> 1.4)
+    observr (1.0.5)
+    parallel (1.20.1)
+    parser (3.0.2.0)
+      ast (~> 2.4.1)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.4.2)
+      loofah (~> 2.3)
+    rainbow (3.0.0)
+    rake (13.0.6)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    ricecream (0.2.0)
+    rubocop (1.20.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.9.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.11.0)
+      parser (>= 3.0.1.1)
+    rubocop-performance (1.11.5)
+      rubocop (>= 1.7.0, < 2.0)
+      rubocop-ast (>= 0.4.0)
+    ruby-progressbar (1.11.0)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.3)
+    standard (1.3.0)
+      rubocop (= 1.20.0)
+      rubocop-performance (= 1.11.5)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.0.0)
+    zeitwerk (2.4.2)
+
+PLATFORMS
+  x86_64-linux
+
+DEPENDENCIES
+  actionpack
+  activemodel
+  benchmark-ips
+  bundler
+  miau!
+  minitest
+  observr
+  rake
+  ricecream
+  simplecov
+  standard
+
+BUNDLED WITH
+   2.2.22

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Dittmar Krall
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,143 @@
+Miau
+====
+[![Gem Version](https://badge.fury.io/rb/miau.png)](http://badge.fury.io/rb/miau)
+
+Miau (MIcro AUthorization) is a simple authorization library for Rails
+inspired by Pundit and Banken.
+Miau provides a set of helpers which restricts what resources
+a given user is allowed to access.
+
+Installation
+------------
+
+~~~ ruby
+# Gemfile
+gem "miau"
+~~~
+
+and run "bundle install".
+
+Usage (as intended)
+-------------------
+
+~~~ ruby
+# app/models/application_controller.rb
+class ApplicationController < ActionController::Base
+...
+  include Miau
+...
+end
+~~~
+
+~~~ ruby
+# app/controllers/posts_controller.rb            # app/views/posts/update.rb
+  class PostsController < ApplicationController    <% if authorized? %>
+    ...                                              ...
+    def update                                     <% else %>
+      ...                                            ...
+      authorize!                                   <% end %>
+      ...
+    end
+    ...
+  end
+~~~
+
+~~~ ruby
+# app/policies/application_policy.rb             # app/policies/posts_policy.rb
+  class ApplicationPolicy                          class PostsPolicy < ApplicationPolicy
+    attr_reader :user, :resource                     ...
+                                                     def update
+    def initalize(user, resource)                      user.admin? && resource.published?
+      @user = user                                   end
+      @resource = resource                           ...
+    end                                            end
+    ...
+    def update
+      false
+    end
+    ...
+  end
+~~~
+
+"authorize!" will raise an exception (which can be handled by "rescue")
+in case a policy returns "false" or isn't available.
+
+"authorized?" will return the value of the policy.
+
+
+Internals
+---------
+
+At the bottom line based on a "policy" and an "action"
+a corresponding policy method is called.
+
+The policy method has access to the "user" and the "resource".
+
+"user" is set by the default method "miau_user" (can be overwritten) as:
+
+~~~
+# app/models/application_controller.rb
+  ...
+  def miau_user
+    current_user
+  end
+  ...
+~~~
+
+The default value for "policy" is inferred from "params[:controller]".
+i.e. "authorize!" called from "PostsController" will
+set the "policy" to "PostsPolicy".
+
+The default value for "action" is set by "params[:action]".
+
+"resource" may be set as a parameter.
+
+A full blown sample :
+
+~~~
+  authorize! article, policy: :Comments, action: :extract
+~~~
+
+Usage (more elaborated)
+-----------------------
+
+~~~ ruby
+# app/models/application_controller.rb
+class ApplicationController
+...
+  include Miau
+...
+
+  after_action { verify_authorized }
+
+  def miau_user
+    current_user
+  end
+
+  rescue Miau::NotDefinedError
+    # do some logging or whatever
+
+  rescue Miau::NotAuthorizedError
+    # do some logging or whatever
+
+  rescue Miau::AuthorizationNotPerformedError
+    # do some logging or whatever
+
+...
+end
+~~~
+
+Policies remain as before.
+Rescue's may be inserted previously in the exception chain.
+
+"verify_authorized" checks that an "authorize!" has been called.
+
+
+PORO
+----
+Miau is a very small library, it just provides a few helpers.
+All of the policy classes are just plain Ruby classes,
+allowing DRY, encapsulation, aliasing and inheritance.
+
+There is no magic behind the scenes.
+Just the embedding in Rails required some specific knowledge.

data/Rakefile

@@ -0,0 +1,12 @@
+require "rubygems"
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+desc "Run all tests"
+Rake::TestTask.new do |t|
+  t.libs.push "test"
+  t.pattern = "test/*_test.rb"
+end
+
+desc "Default: run unit tests."
+task default: :test

data/lib/miau/error.rb

@@ -0,0 +1,27 @@
+module Miau
+  class Error < StandardError; end
+
+  class NotAuthorizedError < Error
+    attr_reader :controller, :query, :policy
+
+    def initialize(options = {})
+      if options.is_a? String
+        message = options
+      else
+        @controller = options[:controller]
+        @query = options[:query]
+        @policy = options[:policy]
+
+        message = options.fetch(:message) { "not allowed to #{query} of #{controller} by #{policy.inspect}" }
+      end
+
+      super(message)
+    end
+  end
+
+  class NotDefinedError < Error
+  end
+
+  class AuthorizationNotPerformedError < Error
+  end
+end

data/lib/miau/storage.rb

@@ -0,0 +1,38 @@
+require "singleton"
+
+module Miau
+  class PolicyStorage
+    include Singleton
+
+    attr_reader :policies
+
+    def initialize
+      @policies = {}
+    end
+
+    def run(klass, action, user, resource)
+      policy = policy(klass, user, resource)
+      raise Miau::NotDefinedError unless policy.respond_to?(action)
+      policy.send(action)
+    end
+
+    private
+
+    def policy(klass, user, resource)
+      result = @policies[klass]
+      if result
+        result.user = user
+        result.resource = resource
+        return result
+      end
+
+      create_policy(klass, user, resource)
+    end
+
+    def create_policy(klass, user, resource)
+      str = "#{klass}Policy"
+      result = str.constantize.new(user, resource)
+      @policies[klass] = result
+    end
+  end
+end

data/lib/miau/version.rb

@@ -0,0 +1,5 @@
+module Miau
+  VERSION = "0.1.0" #  2021-09-13
+  # VERSION = "0.0.2" # 2021-09-11
+  # VERSION = "0.0.1"
+end

data/lib/miau.rb

@@ -0,0 +1,45 @@
+require "active_support/concern"
+require "miau/version"
+require "miau/error"
+require "miau/storage"
+
+module Miau
+  extend ActiveSupport::Concern
+
+  included do
+    if respond_to?(:helper_method)
+      helper_method :authorized?
+      helper_method :miau_user
+    end
+  end
+
+  def authorize!(resource = nil, hsh = {})
+    @_miau_authorization_performed = true
+    result = authorized?(resource, hsh)
+    raise Miau::NotAuthorizedError unless result == true
+  end
+
+  def authorized?(resource = nil, hsh = {})
+    klass = hsh[:class]
+    klass ||= params[:controller].camelize
+    action = hsh[:action]
+    action ||= params[:action]
+    Miau::PolicyStorage.instance.run(klass, action, miau_user, resource)
+  end
+
+  def miau_user
+    current_user
+  end
+
+  def skip_authorization
+    @_miau_authorization_performed = true
+  end
+
+  def verify_authorized
+    raise AuthorizationNotPerformedError unless miau_authorization_performed?
+  end
+
+  def miau_authorization_performed?
+    !!@_miau_authorization_performed
+  end
+end

data/miau.gemspec

@@ -0,0 +1,34 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "miau/version"
+
+Gem::Specification.new do |s|
+  s.name = "miau"
+  s.version = Miau::VERSION
+  s.authors = ["Dittmar Krall"]
+  s.email = ["dittmar.krall@matique.com"]
+
+  s.summary = %(Simple and lightweight authorization solution for Rails.)
+  s.description = <<~EOS
+    Miau provides a set of helpers which restricts what
+    resources a given user is allowed to access.
+  EOS
+  s.homepage = "https://github.com/matique/miau"
+  s.license = "MIT"
+
+  s.metadata["source_code_uri"] = "https://github.com/matique/miau"
+
+  s.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|features)/}) }
+  s.executables = s.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_runtime_dependency "activesupport"
+
+  s.add_development_dependency "activemodel"
+  s.add_development_dependency "actionpack"
+  s.add_development_dependency "bundler"
+  s.add_development_dependency "rake"
+
+  s.add_development_dependency "minitest"
+  s.add_development_dependency "ricecream"
+end

metadata

@@ -0,0 +1,159 @@
+--- !ruby/object:Gem::Specification
+name: miau
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Dittmar Krall
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-09-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ricecream
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |
+  Miau provides a set of helpers which restricts what
+  resources a given user is allowed to access.
+email:
+- dittmar.krall@matique.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".github/workflows/rake.yml"
+- ".gitignore"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".watchr"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- lib/miau.rb
+- lib/miau/error.rb
+- lib/miau/storage.rb
+- lib/miau/version.rb
+- miau.gemspec
+homepage: https://github.com/matique/miau
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/matique/miau
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.22
+signing_key: 
+specification_version: 4
+summary: Simple and lightweight authorization solution for Rails.
+test_files: []