non_grata 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 96f4abaeeaf2b4b03922aa83795854d111e1c8bb
+  data.tar.gz: 7f411cbd69c7be20bf02abc06c6aef8df227af03
+SHA512:
+  metadata.gz: 7c18e5c609c28a9d805cf38ebbaf2859c3822cf6d37e043a83cee9c13c1e933f2da21d769ade7e783874b14f8a917929ab975d6f8fc2fe4420000b7ad89f51a1
+  data.tar.gz: abe959735ff5d66fab77385a0f2ec483905a4144f75e0c5a14dc72b4dabb005f52cb9269c80a004aeed4ec5f1bd1e6b30d865f336f9b42336c8a4bf0c67d5540

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2014 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,26 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'NonGrata'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+Bundler::GemHelper.install_tasks
+require 'rake'
+require 'rspec/core/rake_task'
+ 
+RSpec::Core::RakeTask.new(:spec) 
+ 
+task :default  => :spec

data/lib/generators/non_grata/install/install_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators/migration'
+
+module NonGrata
+    module Generators
+        class InstallGenerator < ::Rails::Generators::Base
+            include Rails::Generators::Migration
+            source_root File.expand_path('../templates', __FILE__)
+            desc "add the migrations"
+
+            def self.next_migration_number(path)
+                unless @prev_migration_nr
+                    @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+                else
+                    @prev_migration_nr += 1
+                end
+                @prev_migration_nr.to_s
+            end
+
+            def copy_migrations
+                migration_template "non_grata_migration.rb", "db/migrate/create_non_grata_tables.rb"
+            end
+        end
+    end
+end

data/lib/generators/non_grata/install/templates/non_grata_migration.rb

@@ -0,0 +1,23 @@
+class CreateAbilities < ActiveRecord::Migration
+    def self.up
+
+        create_table :role do |t|
+            t.string :name
+            t.integer :tenent_type
+            t.integer :tenent_id
+            t.string :scheme
+        end
+
+        create_table :role_privileges do |t|
+            t.belongs_to :role
+            t.string :resource
+            t.string :action
+        end
+
+    end
+
+    def self.down
+        drop_table :role
+        drop_table :role_privileges
+    end
+end

data/lib/generators/non_grata/roles/roles_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators/migration'
+
+module NonGrata
+    module Generators
+        class RolesGenerator < ::Rails::Generators::Base
+            include Rails::Generators::Migration
+            source_root File.expand_path('../templates', __FILE__)
+            desc "Generates roles and roles_privileges tables that are used for databased backed authorization."
+
+            def self.next_migration_number(path)
+                unless @prev_migration_nr
+                    @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+                else
+                    @prev_migration_nr += 1
+                end
+                @prev_migration_nr.to_s
+            end
+
+            def copy_migrations
+                migration_template "non_grata_create_roles_migration.rb", "db/migrate/create_non_grata_authorization_roles_table.rb"
+            end
+        end
+    end
+end

data/lib/generators/non_grata/roles/templates/non_grata_create_roles_migration.rb

@@ -0,0 +1,17 @@
+class CreateNonGrataAuthorizationRolesTable < ActiveRecord::Migration
+    def change
+        create_table :non_grata_authorization_roles do |t| 
+            t.string :name
+            t.string :scheme_name
+            t.integer :tenant_id
+            t.string :tenant_type
+
+        end
+        create_table :non_grata_authorization_role_privileges do |t| 
+            t.belongs_to :non_grata_authorization_roles
+            t.string :privilege_name
+            t.string :resource_name
+        end
+    end
+end
+        

data/lib/generators/non_grata/user/templates/non_grata_user_migration.rb

@@ -0,0 +1,11 @@
+class AddRolesTo<%= class_name.pluralize %> < ActiveRecord::Migration
+    def self.up
+        add_column :<%= plural_table_name %>, :authorization_role, :string
+        add_column :<%= plural_table_name %>, :authorization_scheme, :string
+    end
+    def self.down
+        remove_column :<%= plural_table_name %>, :authorization_role
+        remove_column :<%= plural_table_name %>, :authorization_scheme
+    end
+end
+        

data/lib/generators/non_grata/user/user_generator.rb

@@ -0,0 +1,24 @@
+require 'rails/generators/migration'
+
+module NonGrata
+    module Generators
+        class UserGenerator < ::Rails::Generators::NamedBase 
+            include Rails::Generators::Migration
+            source_root File.expand_path('../templates', __FILE__)
+            desc "generate migration for roles to user record"
+
+            def self.next_migration_number(path)
+                unless @prev_migration_nr
+                    @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+                else
+                    @prev_migration_nr += 1
+                end
+                @prev_migration_nr.to_s
+            end
+
+            def copy_migrations
+                migration_template "non_grata_user_migration.rb", "db/migrate/add_roles_to_#{name.pluralize}.rb"
+            end
+        end
+    end
+end

data/lib/non_grata.rb

@@ -0,0 +1,11 @@
+require 'non_grata/privilege'
+require 'non_grata/scheme'
+require 'non_grata/authorization'
+require 'non_grata/role'
+require 'non_grata/persona'
+require 'non_grata/controller'
+require 'non_grata/authorization_role'
+require 'non_grata/authorization_privilege'
+require 'non_grata/tenant'
+module NonGrata
+end

data/lib/non_grata/authorization.rb

@@ -0,0 +1,52 @@
+module NonGrata
+    class Authorization
+        def self.create(&block) 
+            @schemes = [Scheme.new(:main)] 
+            instance_eval(&block)
+        end
+
+        def self.privilege(resource, action) 
+            schemes.first.privileges << Privilege.new(resource, action)
+        end
+
+        def self.role(name,&block)
+            main_scheme.role(name, &block)
+        end
+
+        def self.privileges
+            main_scheme.privileges
+        end
+
+        ###
+        # returns either an array of all schemes or returns 
+        # a specific scheme by name
+        # Ex:
+        # Authorization.schemes   <- returns array of all schemes
+        # Authorization.schemes(:main) <- returns the scheme named 'main'
+        def self.schemes(name = nil)
+            name = name if name.is_a? Symbol
+            name = name.to_sym if name.is_a? String
+
+            @schemes ||= [Scheme.new(:main, options)]
+            return @schemes if name.nil?
+            return schemes.find{|i| i.name == name}
+        end
+
+        def self.roles(role_name=nil)
+            main_scheme.roles(role_name)
+        end
+
+        def self.scheme(name, options=nil, &block)
+            scheme = Scheme.new(name, options)
+            if block_given?
+                scheme.config(&block)
+            end
+            schemes << scheme
+        end
+        
+        def self.method_missing(sym, *args, &block) 
+            return schemes.find{|i| i.name = sym.to_s.sub('_scheme','')} if sym.to_s =~ /[a-z]+_scheme/
+            # raise Error  "#{sym} #{args.inspect}"
+        end
+    end
+end

data/lib/non_grata/authorization_privilege.rb

@@ -0,0 +1,7 @@
+module NonGrata
+    class AuthorizationPrivilege < ActiveRecord::Base
+        self.table_name = 'non_grata_authorization_role_privileges'
+        
+        belongs_to :authorization_role, foreign_key: 'non_grata_authorization_role_id'
+    end
+end

data/lib/non_grata/authorization_role.rb

@@ -0,0 +1,39 @@
+module NonGrata
+    class AuthorizationRole < ActiveRecord::Base
+
+        self.table_name = 'non_grata_authorization_roles'
+
+        scope :for_tenant, ->(tenant){ where(tenant_id: tenant.id).where(tenant_type: tenant.class.name.underscore) } 
+
+        validates :name, presence: true
+        
+        has_many :privileges, 
+            class_name: 'AuthorizationPrivilege', 
+            foreign_key: 'non_grata_authorization_roles_id',
+            :dependent => :destroy
+        
+        def can?(privilege, resource) 
+            privileges.exists?(privilege_name: privilege)
+        end
+
+        def grant(privilege_name, resource_name)
+            privilege = privileges.find_by(privilege_name: privilege_name, resource_name: resource_name)
+            return privilege if privilege
+            privileges.create(privilege_name: privilege_name, resource_name: resource_name)
+        end
+        
+        def forbid(privilege_name, resource_name)
+            privilege = privileges.find_by(privilege_name: privilege_name, resource_name: resource_name)
+            privilege.destroy if privilege
+        end 
+
+        def forbid_all
+            privileges.each(&:destroy)
+        end
+        def scheme 
+            NonGrata::Authorization.schemes(self.scheme_name)
+        end
+
+    end
+end
+

data/lib/non_grata/controller.rb

@@ -0,0 +1,9 @@
+module NonGrata
+    module Controller
+
+        def can?(action)
+            current_user.can? action, controller_name.classify
+        end
+
+    end
+end

data/lib/non_grata/persona.rb

@@ -0,0 +1,43 @@
+module NonGrata
+    module Persona
+
+        def can?(privilege, resource)
+            user_role = get_role
+            return false unless user_role
+            user_role.can?(privilege, resource)
+        end
+
+        def get_role
+            if get_scheme.is_declaritive?
+                user_role = authorization_role
+                return user_role if user_role.is_a? Role
+                return get_scheme.roles(user_role) if user_role.is_a? Symbol
+                return get_scheme.roles(user_role.to_sym) if user_role.is_a? String
+            end
+            if get_scheme.is_dynamic?
+                NonGrata::AuthorizationRole.find_by(name: authorization_role.to_s, scheme_name: authorization_scheme.to_s)
+            end
+        end
+
+        def get_scheme 
+            user_scheme = authorization_scheme
+            return user_scheme if user_scheme.is_a? NonGrata::Scheme
+            return  NonGrata::Authorization.schemes(user_scheme) if user_scheme.is_a? Symbol
+            return  NonGrata::Authorization.schemes(user_scheme.to_sym) if user_scheme.is_a? String
+        end
+
+        def authorization_scheme
+            :main
+        end
+
+        def grant_role(role_p)
+            role = role_p if role_p.is_a? NonGrata::AuthorizationRole
+             
+            if role.scheme.is_declaritive? 
+                raise "Can not grant a role from a declaritive scheme."
+            end
+            self.authorization_role = role.name
+            self.authorization_scheme = role.scheme
+        end
+    end
+end

data/lib/non_grata/privilege.rb

@@ -0,0 +1,62 @@
+module NonGrata
+    class Privilege
+
+        attr_reader :resource
+        attr_reader :action
+
+        def initialize(action, resource)
+            self.resource = resource
+            self.action = action
+        end
+
+
+        ###
+        # OBJECT SETTER
+        # accepts various types of values and retains them in string form
+        # this value can be set as a class type, a class instance, a symbol 
+        # or a string. The value is internally stored as a string so if 
+        # a class is passed the name of the class is stored. 
+        # this allows privileges to be set on a class itself and checked 
+        # using an instance of that class.
+        #
+        # for example
+        # privlege.resource = User
+        # privilege.applies_to?(@user)
+        #
+        def resource=(value)
+            return @resource = value.name.underscore.to_sym if value.is_a? Class
+            return @resource = value if value.is_a? Symbol
+            return @resource = value.underscore.to_sym if value.is_a? String
+            return @resource = value.class.name.underscore.to_sym if value.is_a? Object
+        end
+
+        def action=(value)
+            @action = value.to_sym
+        end
+        ###
+        # APPLIES_TO?
+        # @params:
+        #   resource - an resource to test if the privilege applies to
+        # Will determen if the privilege applies to the given passed
+        # resource. This resourceect can be a class type, class instance, or 
+        # a string.
+        #
+        def applies_to?(resource_obj)
+            resource_sym = nil
+            case resource_obj
+            when String
+                resource_sym = resource_obj.underscore.to_sym
+            when Symbol
+                resource_sym = resource_obj
+            when Class
+                resource_sym = resource_obj.name.underscore.to_sym 
+            else 
+                resource_sym = resource_obj.class.name.underscore.to_sym
+            end
+
+            return (resource_sym == @resource)
+        end
+
+    end
+end
+

data/lib/non_grata/role.rb

@@ -0,0 +1,32 @@
+module NonGrata
+    class Role
+        attr_accessor :name
+        # initialize 
+        # params:
+        #   - name: role name 
+        def initialize(name)
+            @name = name end
+
+        def privileges 
+            @privileges ||= []
+        end
+
+        def privilege(action, resource) 
+            privileges << Privilege.new(action, resource)
+        end
+
+        def config(&block)
+            instance_eval(&block) if block_given?
+        end        
+        
+        def self.privilege(action, resource)
+            privileges << Privilege.new(action, resource)
+        end
+        
+       def can?(action, resource)
+            priv = privileges.find{|i| i.applies_to?(resource) && i.action == action} 
+           return priv.nil? ? false : true
+       end 
+
+    end
+end

data/lib/non_grata/scheme.rb

@@ -0,0 +1,85 @@
+module NonGrata
+    class Scheme
+        attr_accessor :style, :tenantable
+        def  initialize(scheme_name='main', options={})
+            @name = scheme_name 
+            self.style  = :declaritive
+
+            options.each do |k,v| 
+                send("#{k.to_s}=",v) if self.respond_to?("#{k}=")
+            end
+        end
+        def is_declaritive?
+            self.style == :declaritive
+        end
+        def is_dynamic?
+            self.style == :db
+        end
+        ###
+        # returns a list of privileges for this scheme
+        # 
+        def privileges
+            @privileges ||= []
+        end
+
+        def name
+            @name
+        end
+
+        def name=(value)
+            @name = value.to_sym
+        end
+        
+        ###
+        # returns a list of roles for this scheme or returns a 
+        # specific role by name
+        # Ex:
+        #   scheme.roles  <- returns an array of all roles
+        #   scheme.roles(:user)  <- returns the user role 
+        #
+        def roles(role_name = nil)
+            @roles ||= []
+            return @roles if role_name.nil?
+            return @roles.find{|i| i.name == role_name} 
+        end
+        
+        ### 
+        # this function is used by the configuration DSL
+        # and should not be called directly. 
+        # adds a new privilege to the scheme
+        #
+        def privilege(resource, name)
+            if self.style == :declaritive 
+                raise "Can not set privileges on a declaritive scheme. Privileges must be inside a role."
+            end
+            privileges << Privilege.new(resource, name)
+        end 
+
+        ###
+        # this function is used by the configuration DSL
+        # and should not be called directly. It is used
+        # to add a new role to the scheme
+        #
+        def role(name, &block)
+            r = Role.new(name)
+            r.config(&block)
+            roles << r
+        end
+
+        ###
+        # called by the configuration DSL in order to parse
+        # a scheme block.
+        #
+        # example: 
+        #   scheme.config do 
+        #       role :user do 
+        #           privilege :site, :login
+        #       end
+        #   end
+        def config(&block)
+            instance_eval(&block)
+        end
+
+    end
+end
+

data/lib/non_grata/tenant.rb

@@ -0,0 +1,32 @@
+module NonGrata
+    module Tenant
+
+        def create_role(attributes) 
+            attributes[:tenant_id] ||= self.id
+            attributes[:tenant_type] ||= self.class.name
+            attributes[:scheme_name] ||= self.authorization_scheme
+            role = NonGrata::AuthorizationRole.create(attributes)
+        end    
+
+        def roles
+            NonGrata::AuthorizationRole.where(tenant_id: self.id, tenant_type: self.class.name)
+        end
+
+        def destroy_role(name)
+            role = NonGrata::AuthorizationRole.find_by(
+                name: name, 
+                scheme_name: authorization_scheme.to_s, 
+                tenant_id: self.id, tenant_type: self.class.name)
+            role.destroy if role
+        end
+
+        def authorization_roles
+            NonGrata:AuthorizationRole.where(tenant_id: self.id, tenant_type: self.class.name)
+        end
+
+        def authorization_scheme 
+            :main
+        end
+
+    end
+end

data/lib/non_grata/version.rb

@@ -0,0 +1,3 @@
+module NonGrata
+  VERSION = "0.0.1"
+end

data/lib/tasks/non_grata_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :non_grata do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,141 @@
+--- !ruby/object:Gem::Specification
+name: non_grata
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Joe Bellus
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-06-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '4.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 4.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '4.1'
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 4.1.1
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+description: NonGrata is a highly configurable authorization system for rails applications.
+  Supporting simple declarite authorziation and multitenant configurable roles.
+email:
+- joe@confluentlight.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- Rakefile
+- lib/generators/non_grata/install/install_generator.rb
+- lib/generators/non_grata/install/templates/non_grata_migration.rb
+- lib/generators/non_grata/roles/roles_generator.rb
+- lib/generators/non_grata/roles/templates/non_grata_create_roles_migration.rb
+- lib/generators/non_grata/user/templates/non_grata_user_migration.rb
+- lib/generators/non_grata/user/user_generator.rb
+- lib/non_grata.rb
+- lib/non_grata/authorization.rb
+- lib/non_grata/authorization_privilege.rb
+- lib/non_grata/authorization_role.rb
+- lib/non_grata/controller.rb
+- lib/non_grata/persona.rb
+- lib/non_grata/privilege.rb
+- lib/non_grata/role.rb
+- lib/non_grata/scheme.rb
+- lib/non_grata/tenant.rb
+- lib/non_grata/version.rb
+- lib/tasks/non_grata_tasks.rake
+homepage: https://github.com/viaov/non_grata
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Highly configurable authorization system for rails applications.
+test_files: []