monty 0.1.0 → 0.2.0

data/.gitignore

@@ -3,3 +3,4 @@
 coverage
 doc
 pkg
+monty.gemspec

data/README.md

@@ -1,8 +1,82 @@
-= monty
+monty
+=============
 
-Description goes here.
+Rack based authorization system.
 
-== Note on Patches/Pull Requests
+[Yard docs](http://yardoc.org/docs/stonean-monty)
+
+[RSpec Rails Helpers](http://github.com/stonean/monty-rspec-rails)
+
+More to come, but here's the gist for rails 2.3.5:
+
+In your environment.rb add:
+
+    require 'monty'
+    config.middleware.insert_after ActionController::ParamsParser, Monty::Watch
+
+There may be other positions in the middleware stack that will work, I've tested this one.
+
+Then you'll need to define your access rules.  Create a file called authorization.rb in app/models. 
+
+Here's an example:
+
+    class Authorization
+      extend Monty::Access
+  
+      # This creates the following regex matching: \/posts(\/.*)?
+      # Allows: /posts, /posts/, /posts/<any method>
+      permission 'posts'
+
+      # This creates the following regex matching: \/posts(?!\/(destroy))(\/.*)?
+      # Not allowed: /posts/destroy
+      # Allows: /posts, /posts/, /posts/<any method but destroy>
+      permission 'posts' do
+        resource 'posts' do
+          except 'destroy'
+        end
+      end
+
+      # This creates the following regex matching: \/posts\/(show|edit|update)
+      # Only allows: /posts/show, /posts/edit and /posts/update
+      permission 'posts' do
+        resource 'posts' do
+          only 'show', 'edit', 'update'
+        end
+      end
+    
+      # Permissions can have more than one resource
+      permission 'public' do
+        resource 'posts'
+        resource 'welcome'
+        resource 'feeds'
+      end
+
+      permission 'my_account' do
+        resource 'users' do
+          only 'show', 'edit', 'update'
+        end
+      end
+
+      # To make one of the above permissions public
+      public_access 'public'
+
+      # To make one of the above permissions protected
+      protected_access 'my_account'
+    end
+
+
+Monty only has the concept of public and protected right now.  After you have authenticated your user, you'll need to have some code in your resource that looks like:
+
+    session[:access_rights] = Monty.authenticated_access
+
+Don't forget to reset your session when the user logs out.
+
+Ummm, I think that's it for now.  Let me know if you have any questions.  
+
+This project is the replacement for Lockdown.
+
+Note on Patches/Pull Requests
+=============
  
 * Fork the project.
 * Make your feature addition or bug fix.
@@ -12,6 +86,7 @@ Description goes here.
   (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
 * Send me a pull request. Bonus points for topic branches.
 
-== Copyright
+Copyright
+=============
 
 Copyright (c) 2010 Andrew Stone. See LICENSE for details.

data/Rakefile

@@ -1,7 +1,8 @@
 require 'rubygems'
 require 'rake'
 
-require 'lib/monty.rb'
+require 'lib/monty'
+
 begin
   require 'jeweler'
   Jeweler::Tasks.new do |gem|

data/lib/monty.rb

@@ -3,17 +3,27 @@
 $:.unshift(File.dirname(__FILE__))
 
 module Monty
-  def self.version
-    '0.1.0'
-  end
+  class << self
+    # App version
+    def version
+      '0.2.0'
+    end
 
-  def self.authenticated_access
-    Monty::Configuration.public_access + "|" + Monty::Configuration.protected_access
-  end
-end
+    # @return [Regexp] with \A \z boundaries
+    def regex(string)
+      Regexp.new(/\A#{string}\z/)
+    end
+
+    # @return [String] concatentation of public_access + "|" + protected_access
+    def authenticated_access
+      Monty::Configuration.public_access + "|" + Monty::Configuration.protected_access
+    end
+  end # class block
+end # Monty
 
 require 'monty/configuration'
 require 'monty/watch'
-require 'monty/controller'
+require 'monty/delivery'
+require 'monty/resource'
 require 'monty/permission'
 require 'monty/access'

data/lib/monty/access.rb

@@ -3,30 +3,30 @@
 module Monty
   module Access
     # Define permision that defines how your application is accessed. 
-    #     # All methods on the site controller will be open to users who have
+    #     # All methods on the site resource will be open to users who have
     #     # this permission.
     #     permission :public_pages do
-    #       controller :site
+    #       resource :site
     #     end
     #
-    #     # Can use multiple controller statements
+    #     # Can use multiple resource statements
     #     permission :public_pages do
-    #       controller :site
-    #       controller :posts
+    #       resource :site
+    #       resource :posts
     #     end
     #
-    #     # Only methods show, edit and update on the users controller will 
+    #     # Only methods show, edit and update on the users resource will 
     #     # be open to users who have this permission.
     #     permission :my_account_pages do
-    #       controller :users  do
+    #       resource :users  do
     #         only :show, :edit, :update
     #       end
     #     end
     #
-    #     # All methods except destroy on the users controller will be 
+    #     # All methods except destroy on the users resource will be 
     #     # open to users who have this permission.
     #     permission :manage_users do
-    #       controller :users  do
+    #       resource :users  do
     #         except :destroy
     #       end
     #     end
@@ -38,7 +38,7 @@ module Monty
       if block_given?
         permission.instance_eval(&block) 
       else
-        permission.controller(permission.name)
+        permission.resource(permission.name)
       end
 
       unless Monty::Configuration.has_permission?(permission)

data/lib/monty/delivery.rb

@@ -0,0 +1,80 @@
+# encoding: utf-8
+
+$:.unshift(File.dirname(__FILE__))
+
+module Monty
+  class Delivery
+    # env['REQUEST_PATH'] || env['PATH_INFO']
+    attr_accessor :path
+    # env['REQUEST_METHOD']
+    attr_accessor :method
+    # session[:access_rights]
+    attr_accessor :access_rights
+
+    def initialize(env)
+      @path = env['REQUEST_PATH'] || env['PATH_INFO']
+      @method = (env['REQUEST_METHOD'] || 'GET').to_s.downcase.to_sym 
+      @post_body = env['rack.input']
+      session = env['rack.session'] || {}
+      @access_rights = session[:access_rights] || Monty::Configuration.public_access
+    end
+
+    # @return [true|false] if the given path and method are allowed  
+    def allowed?
+      return true if @path == '/'
+
+      begin
+        ::Authorization.configure
+      rescue NameError
+      end
+
+      @access_rights_regex = Monty.regex(@access_rights)
+
+      @access_rights_regex.match(@path) || verb_match?
+    end
+
+    private
+
+    # Methods like create and update are determined by the HTTP verb.
+    # If the request is against the root resource path and the REQUEST_METHOD
+    # is POST, determine if the user has access rights to /create or 
+    # /update (if _method=put)
+    #
+    # @return [true|false] if request is allowed when considering the HTTP verb
+    def verb_match?
+
+      return false if @method == :get || !Monty::Resource.regex.match(@path)
+
+      @path += "/" unless @path =~ /\/$/
+
+      if @method == :post
+        if put?
+          @access_rights_regex.match("#{@path}update")
+        else
+          @access_rights_regex.match("#{@path}create")
+        end
+      end
+    end
+
+    # In Rails, :put method is determined by _method parameter
+    def put?
+      request_query_params.include?('_method=put')
+    end
+
+    # Set request_query_params instance variable if not set
+    def request_query_params
+      @request_query_params ||= parse_request_query_params
+    end
+
+    # Parse out the query params
+    def parse_request_query_params
+      query_params = []
+      if @post_body
+        post_body_string = @post_body.read 
+        query_params = post_body_string.split('&')
+        @post_body.rewind if @post_body.respond_to?(:rewind)
+      end
+      query_params
+    end
+  end # Delivery
+end # Monty

data/lib/monty/permission.rb

@@ -4,27 +4,27 @@ module Monty
   class Permission
     # Name of permission
     attr_accessor :name
-    # Array of controller objects that define the access rights for this permission
-    attr_accessor :controllers
+    # Array of resource objects that define the access rights for this permission
+    attr_accessor :resources
 
     # @param [String,Symbol] name permission reference. 
     def initialize(name)
       @name = name.to_s
-      @controllers = []
+      @resources = []
     end
 
-    # @param [String,Symbol] name controller reference. 
-    # @return new controller 
-    def controller(name, &block)
-      controller =  Monty::Controller.new(name)
-      controller.instance_eval(&block) if block_given?
-      @controllers << controller
-      controller
+    # @param [String,Symbol] name resource reference. 
+    # @return new resource 
+    def resource(name, &block)
+      resource =  Monty::Resource.new(name)
+      resource.instance_eval(&block) if block_given?
+      @resources << resource
+      resource
     end
 
-    # @return String representing all controllers defining this permission
+    # @return String representing all resources defining this permission
     def regex_pattern
-      controllers.collect{|c| "(#{c.regex_pattern})"}.join("|")
+      resources.collect{|r| "(#{r.regex_pattern})"}.join("|")
     end
   end # Permission
 end # Monty

data/lib/monty/resource.rb

@@ -0,0 +1,54 @@
+# encoding: utf-8
+
+module Monty
+  class Resource
+    class << self
+      attr_accessor :resources, :resources_regex
+
+      # When a new resource is created, this method is called to register the root
+      def register_regex(resource)
+        resource = "(#{resource})"
+        @resources << resource unless @resources.include?(resource)
+      end
+
+      # @return [Regexp] created from resources' base regex
+      def regex
+        @resources_regex ||= Monty.regex(@resources.join("|"))
+      end
+    end # class block
+
+    # Initialize resources to empty array
+    @resources = []
+
+    # Name of the resource
+    attr_accessor :name
+    # Regular expression pattern
+    attr_accessor :regex_pattern
+    # The only methods restricted on the resource
+    attr_accessor :exceptions
+    # The only methods allowed on the resource
+    attr_accessor :inclusions
+
+
+    # @param [String,Symbol] name resource reference. 
+    def initialize(name)
+      @name = name.to_s
+      @regex_pattern = "\/#{@name}(\/.*)?"
+      self.class.register_regex(@regex_pattern)
+    end
+
+    # @param *[String,Symbol] only methods restricted on the resource
+    def except(*methods)
+      return if methods.empty?
+      @exceptions = methods.collect{|m| m.to_s}
+      @regex_pattern = "\/#{@name}(?!\/(#{@exceptions.join('|')}))(\/.*)?"
+    end
+
+    # @param *[String,Symbol] only methods allowed on the resource
+    def only(*methods)
+      return if methods.empty?
+      @inclusions = methods.collect{|m| m.to_s}
+      @regex_pattern = "\/#{@name}\/(#{@inclusions.join('|')})(\/)?"
+    end
+  end # Resource
+end # Monty

data/lib/monty/watch.rb

@@ -15,8 +15,9 @@ module Monty
 
     # Authorize request. Redirect if access is denied.
     def _call(env)
+      delivery = Monty::Delivery.new(env)
 
-      unless allowed?(env) 
+      unless delivery.allowed?
         return [302, redirect_headers, []]
       end
 
@@ -25,28 +26,6 @@ module Monty
 
     private
 
-    # @return [True,False] created from value of rack.session[:access_rights]
-    def allowed?(env)
-      path = env['PATH_INFO']
-
-      return true if path == '/'
-
-      access_rights(env).match(path) 
-    end
-
-    # @return [Regexp] created from value of rack.session[:access_rights]
-    def access_rights(env)
-      begin
-        ::Authorization.configure 
-      rescue NameError
-      end
-      
-      session = env['rack.session'] || {}
-      regex_string = session[:access_rights] || Monty::Configuration.public_access
-      
-      Regexp.new(/\A#{regex_string}\z/)
-    end
-
     def redirect_headers
       {'Location' => Monty::Configuration.access_denied_path, 'Content-Type' => 'text/html'}
     end

data/test/monty/test_access.rb

@@ -11,22 +11,22 @@ class TestMontyAccess < Test::Unit::TestCase
     assert_respond_to self, :permission
   end
 
-  def test_permission_with_single_controller
+  def test_permission_with_single_resource
     perm = permission(:my_perm) do 
-              controller :my_controller
+              resource :my_resource
            end
 
-    controller = perm.controllers.first
-    assert_equal 'my_controller', controller.name
-    assert_equal "\/my_controller(\/.*)?", controller.regex_pattern
+    resource = perm.resources.first
+    assert_equal 'my_resource', resource.name
+    assert_equal "\/my_resource(\/.*)?", resource.regex_pattern
   end
 
   def test_permission_without_block
     perm = permission(:users) 
 
-    controller = perm.controllers.first
-    assert_equal 'users', controller.name
-    assert_equal "\/users(\/.*)?", controller.regex_pattern
+    resource = perm.resources.first
+    assert_equal 'users', resource.name
+    assert_equal "\/users(\/.*)?", resource.regex_pattern
   end
 
   def test_public_access

data/test/monty/test_permission.rb

@@ -8,35 +8,35 @@ class TestMontyPermission < Test::Unit::TestCase
 
   def test_initializer_sets_correct_state
     assert_equal @permission.name, 'my_account'
-    assert_equal @permission.controllers, []
+    assert_equal @permission.resources, []
   end
 
-  def test_controller
-    @permission.controller(:users)
+  def test_resource
+    @permission.resource(:users)
 
-    controller = @permission.controllers.first
-    assert_equal controller.name, 'users'
+    resource = @permission.resources.first
+    assert_equal resource.name, 'users'
   end
 
-  def test_controller_with_block
-    @permission.controller(:users) do
+  def test_resource_with_block
+    @permission.resource(:users) do
       except :destroy
     end
 
-    controller = @permission.controllers.first
-    assert_equal controller.exceptions, ['destroy']
+    resource = @permission.resources.first
+    assert_equal resource.exceptions, ['destroy']
   end
 
 
   def test_regex_pattern
-    @permission.controller(:users)
+    @permission.resource(:users)
 
     assert_equal @permission.regex_pattern, "(\/users(\/.*)?)"
   end
 
-  def test_regex_pattern_with_multiple_controllers
-    @permission.controller(:users)
-    @permission.controller(:posts)
+  def test_regex_pattern_with_multiple_resources
+    @permission.resource(:users)
+    @permission.resource(:posts)
 
     assert_equal @permission.regex_pattern, "(\/users(\/.*)?)|(\/posts(\/.*)?)"
   end

data/test/monty/test_resource.rb

@@ -0,0 +1,47 @@
+require 'helper'
+
+class TestMontyResource < Test::Unit::TestCase
+
+  def setup
+    @resource = Monty::Resource.new(:users)
+  end
+
+  def test_initializer_sets_correct_state
+    assert_equal @resource.name, 'users'
+    assert_equal @resource.regex_pattern, "\/users(\/.*)?"
+  end
+
+  def test_except_sets_correct_regex_pattern
+    @resource.except(:destroy)
+    assert_equal @resource.regex_pattern, "\/users(?!\/(destroy))(\/.*)?"
+  end
+
+  def test_except_with_multiple_params_sets_correct_regex_pattern
+    @resource.except(:index, :destroy)
+    assert_equal @resource.regex_pattern, "\/users(?!\/(index|destroy))(\/.*)?"
+  end
+
+  def test_except_with_no_params_preserves_regex_pattern
+    resource = Monty::Resource.new(:users)
+    resource.except()
+    assert_equal resource.regex_pattern, "\/users(\/.*)?"
+  end
+
+  def test_only_sets_correct_regex_pattern
+    @resource.only(:index)
+    assert_equal @resource.regex_pattern, "\/users\/(index)(\/)?"
+  end
+
+  def test_only_with_multiple_params_sets_correct_regex_pattern
+    @resource.only(:show, :edit)
+    assert_equal @resource.regex_pattern, "\/users\/(show|edit)(\/)?"
+  end
+
+  def test_only_with_no_params_preserves_regex_pattern
+    resource = Monty::Resource.new(:users)
+    resource.only()
+    assert_equal resource.regex_pattern, "\/users(\/.*)?"
+  end
+
+end
+

data/test/monty/test_watch.rb

@@ -56,7 +56,7 @@ class TestMonty < Test::Unit::TestCase
 
   def test_it_allows_uri_access_to_only_show
     Authorization.permission :posts do
-      controller :posts do
+      resource :posts do
         only :show
       end
     end
@@ -80,7 +80,7 @@ class TestMonty < Test::Unit::TestCase
 
   def test_it_allows_uri_access_to_all_except_show
     Authorization.permission :posts do
-      controller :posts do
+      resource :posts do
         except :show
       end
     end
@@ -100,6 +100,51 @@ class TestMonty < Test::Unit::TestCase
 
     get '/posts/edit', {}
     assert last_response.ok?
+
+    get '/posts/edit/', {}
+    assert last_response.ok?
+  end
+
+  def test_it_allows_uri_access_to_create_as_post
+    Authorization.permission :posts do
+      resource :posts do
+        only :new, :create
+      end
+    end
+    Authorization.public_access :posts
+
+    post '/posts', {}
+    assert last_response.ok?
+
+    post '/posts/', {}
+    assert last_response.ok?
+
+    get '/posts/new', {}
+    assert last_response.ok?
+
+    get '/posts/new/', {}
+    assert last_response.ok?
+  end
+
+  def test_it_allows_uri_access_to_update_as_put
+    Authorization.permission :posts do
+      resource :posts do
+        only :show, :edit, :update
+      end
+    end
+    Authorization.public_access :posts
+
+    post '/posts', {:_method => "put"}
+    assert last_response.ok?
+
+    post '/posts/', {:_method => "put"}
+    assert last_response.ok?
+
+    get '/posts/show', {}
+    assert last_response.ok?
+
+    get '/posts/show/', {}
+    assert last_response.ok?
   end
 end
 

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
-  - 1
+  - 2
   - 0
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors: 
 - stonean
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-05-05 00:00:00 -04:00
+date: 2010-05-19 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -48,15 +48,15 @@ files:
 - lib/monty.rb
 - lib/monty/access.rb
 - lib/monty/configuration.rb
-- lib/monty/controller.rb
+- lib/monty/delivery.rb
 - lib/monty/permission.rb
+- lib/monty/resource.rb
 - lib/monty/watch.rb
-- monty.gemspec
 - test/helper.rb
 - test/monty/test_access.rb
 - test/monty/test_configuration.rb
-- test/monty/test_controller.rb
 - test/monty/test_permission.rb
+- test/monty/test_resource.rb
 - test/monty/test_watch.rb
 - test/rcov.opts
 - test/test_monty.rb
@@ -93,8 +93,8 @@ summary: Rack based authorization system
 test_files: 
 - test/helper.rb
 - test/monty/test_configuration.rb
-- test/monty/test_controller.rb
 - test/monty/test_access.rb
 - test/monty/test_watch.rb
 - test/monty/test_permission.rb
+- test/monty/test_resource.rb
 - test/test_monty.rb

data/lib/monty/controller.rb

@@ -1,35 +0,0 @@
-# encoding: utf-8
-
-module Monty
-  class Controller
-    # Name of the controller
-    attr_accessor :name
-    # Regular expression pattern
-    attr_accessor :regex_pattern
-    # The only methods restricted on the controller
-    attr_accessor :exceptions
-    # The only methods allowed on the controller
-    attr_accessor :inclusions
-
-
-    # @param [String,Symbol] name controller reference. 
-    def initialize(name)
-      @name = name.to_s
-      @regex_pattern = "\/#{@name}(\/.*)?"
-    end
-
-    # @param *[String,Symbol] only methods restricted on the controller
-    def except(*methods)
-      return if methods.empty?
-      @exceptions = methods.collect{|m| m.to_s}
-      @regex_pattern = "\/#{@name}(?!\/(#{@exceptions.join('|')}))(\/.*)?"
-    end
-
-    # @param *[String,Symbol] only methods allowed on the controller
-    def only(*methods)
-      return if methods.empty?
-      @inclusions = methods.collect{|m| m.to_s}
-      @regex_pattern = "\/#{@name}\/(#{@inclusions.join('|')})"
-    end
-  end # Controller
-end # Monty

data/monty.gemspec

@@ -1,68 +0,0 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
-# -*- encoding: utf-8 -*-
-
-Gem::Specification.new do |s|
-  s.name = %q{monty}
-  s.version = "0.1.0"
-
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["stonean"]
-  s.date = %q{2010-05-05}
-  s.description = %q{Rack based authoriztion system.}
-  s.email = %q{andy@stonean.com}
-  s.extra_rdoc_files = [
-    "LICENSE",
-     "README.md"
-  ]
-  s.files = [
-    ".gitignore",
-     "LICENSE",
-     "README.md",
-     "Rakefile",
-     "lib/monty.rb",
-     "lib/monty/access.rb",
-     "lib/monty/configuration.rb",
-     "lib/monty/controller.rb",
-     "lib/monty/permission.rb",
-     "lib/monty/watch.rb",
-     "monty.gemspec",
-     "test/helper.rb",
-     "test/monty/test_access.rb",
-     "test/monty/test_configuration.rb",
-     "test/monty/test_controller.rb",
-     "test/monty/test_permission.rb",
-     "test/monty/test_watch.rb",
-     "test/rcov.opts",
-     "test/test_monty.rb"
-  ]
-  s.homepage = %q{http://github.com/stonean/monty}
-  s.rdoc_options = ["--charset=UTF-8"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.6}
-  s.summary = %q{Rack based authorization system}
-  s.test_files = [
-    "test/helper.rb",
-     "test/monty/test_configuration.rb",
-     "test/monty/test_controller.rb",
-     "test/monty/test_access.rb",
-     "test/monty/test_watch.rb",
-     "test/monty/test_permission.rb",
-     "test/test_monty.rb"
-  ]
-
-  if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
-
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<mocha>, [">= 0.9.8"])
-    else
-      s.add_dependency(%q<mocha>, [">= 0.9.8"])
-    end
-  else
-    s.add_dependency(%q<mocha>, [">= 0.9.8"])
-  end
-end
-

data/test/monty/test_controller.rb

@@ -1,47 +0,0 @@
-require 'helper'
-
-class TestMontyController < Test::Unit::TestCase
-
-  def setup
-    @controller = Monty::Controller.new(:users)
-  end
-
-  def test_initializer_sets_correct_state
-    assert_equal @controller.name, 'users'
-    assert_equal @controller.regex_pattern, "\/users(\/.*)?"
-  end
-
-  def test_except_sets_correct_regex_pattern
-    @controller.except(:destroy)
-    assert_equal @controller.regex_pattern, "\/users(?!\/(destroy))(\/.*)?"
-  end
-
-  def test_except_with_multiple_params_sets_correct_regex_pattern
-    @controller.except(:index, :destroy)
-    assert_equal @controller.regex_pattern, "\/users(?!\/(index|destroy))(\/.*)?"
-  end
-
-  def test_except_with_no_params_preserves_regex_pattern
-    controller = Monty::Controller.new(:users)
-    controller.except()
-    assert_equal controller.regex_pattern, "\/users(\/.*)?"
-  end
-
-  def test_only_sets_correct_regex_pattern
-    @controller.only(:index)
-    assert_equal @controller.regex_pattern, "\/users\/(index)"
-  end
-
-  def test_only_with_multiple_params_sets_correct_regex_pattern
-    @controller.only(:show, :edit)
-    assert_equal @controller.regex_pattern, "\/users\/(show|edit)"
-  end
-
-  def test_only_with_no_params_preserves_regex_pattern
-    controller = Monty::Controller.new(:users)
-    controller.only()
-    assert_equal controller.regex_pattern, "\/users(\/.*)?"
-  end
-
-end
-