omniperm 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 04bdb832b5cfc5b526a541dad64aa588f44c71342a94940d9bdc9620c7589429
-  data.tar.gz: a574b750fa0d74c9c654e6d10af2a755be2f4dbde911286a5cfa744b3a3db7f8
+  metadata.gz: 9a95c6e48a800f14e564fc1739f3de6c7523f6da0df3a74a7551cf1bfb1112ae
+  data.tar.gz: d0cfb2fa102d4364af689f12aa261f03400c340d0f03579463da58625221c252
 SHA512:
-  metadata.gz: ac9b1b1dae8f9c57f869dcc85f7bd61b019303615c07aec0bee8ccbfd46e13435dfd18857eabe4b596d5b810df563c1087b6a8b67977882afa66384671e0f6db
-  data.tar.gz: 2194424c41ef5f61797145cb4c34f55db07050c636c45d7ce79eaa1430f0cc399ef9fc5c95e6814dcb7ae7ec1316d706e5c77ba81c96a8724e7a529db22a69b5
+  metadata.gz: fc51b8f2f0f9e59d60d74dfa8955f5a26017eff84ded89abd0e39498a731bea21a4c1eb692baec1e89c6fc9e215dc81e33d3a3dfd9adc7b60d84efe8dead6acd
+  data.tar.gz: 4a9b02818fd4a898918c67ff1c423290bcbbf60bbbbdf8fedc5eed741a53760314fc815aa36ce27fd27ecb1cc0555040b031b14f527a13e907edbbcff9e5244f

data/.circleci/config.yml

@@ -0,0 +1,21 @@
+version: 2.1
+orbs:
+  ruby: circleci/ruby@0.1.2 
+
+jobs:
+  build:
+    docker:
+      - image: circleci/ruby:2.6.3-stretch-node
+    executor: ruby/default
+    steps:
+      - checkout
+      - run:
+          name: Install bundler
+          command: gem install bundler:2.1.4
+      - run:
+          name: Which bundler?
+          command: bundle -v
+      - ruby/bundle-install
+      - run:
+          name: Run tests
+          command: rake

data/.gitignore

@@ -0,0 +1,32 @@
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+.ruby-gemset
+.ruby-version
+
+tmp/
+*.gem

data/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in context_authorization.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,146 @@
+PATH
+  remote: .
+  specs:
+    omniperm (0.0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      mail (>= 2.7.1)
+    actionmailer (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      actionview (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.0.3.2)
+      actionview (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      rack (~> 2.0, >= 2.0.8)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      nokogiri (>= 1.8.5)
+    actionview (6.0.3.2)
+      activesupport (= 6.0.3.2)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.0.3.2)
+      activesupport (= 6.0.3.2)
+      globalid (>= 0.3.6)
+    activemodel (6.0.3.2)
+      activesupport (= 6.0.3.2)
+    activerecord (6.0.3.2)
+      activemodel (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+    activestorage (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      marcel (~> 0.3.1)
+    activesupport (6.0.3.2)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+      zeitwerk (~> 2.2, >= 2.2.2)
+    builder (3.2.4)
+    concurrent-ruby (1.1.6)
+    crass (1.0.6)
+    erubi (1.9.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    i18n (1.8.5)
+      concurrent-ruby (~> 1.0)
+    loofah (2.6.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
+    method_source (1.0.0)
+    mimemagic (0.3.5)
+    mini_mime (1.0.2)
+    mini_portile2 (2.4.0)
+    minitest (5.11.3)
+    minitest-sprint (1.2.1)
+      path_expander (~> 1.1)
+    nio4r (2.5.2)
+    nokogiri (1.10.10)
+      mini_portile2 (~> 2.4.0)
+    path_expander (1.1.0)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (6.0.3.2)
+      actioncable (= 6.0.3.2)
+      actionmailbox (= 6.0.3.2)
+      actionmailer (= 6.0.3.2)
+      actionpack (= 6.0.3.2)
+      actiontext (= 6.0.3.2)
+      actionview (= 6.0.3.2)
+      activejob (= 6.0.3.2)
+      activemodel (= 6.0.3.2)
+      activerecord (= 6.0.3.2)
+      activestorage (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      bundler (>= 1.3.0)
+      railties (= 6.0.3.2)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.0.3.2)
+      actionpack (= 6.0.3.2)
+      activesupport (= 6.0.3.2)
+      method_source
+      rake (>= 0.8.7)
+      thor (>= 0.20.3, < 2.0)
+    rake (13.0.1)
+    sprockets (4.0.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.1)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    thor (1.0.1)
+    thread_safe (0.3.6)
+    tzinfo (1.2.7)
+      thread_safe (~> 0.1)
+    websocket-driver (0.7.3)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.4.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  minitest (~> 5.0)
+  minitest-sprint
+  omniperm!
+  rails
+
+BUNDLED WITH
+   2.1.4

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2020 Samuel BOHN
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,47 @@
+[![Circle CI](https://circleci.com/gh/3pns/omniperm.svg?style=svg)](https://circleci.com/gh/3pns/omniperm) 
+
+# OmniPerm
+
+## About
+
+With Omniperm you can centralize your authorization strategies in a YAML file against a configurable context
+
+## Install
+
+Install for Ruby on Rails applications
+
+```
+rails g omniperm:install
+```
+
+## How to use
+
+Manually authorize a method
+
+```
+def my_method
+  service_authorized?
+end
+```
+
+Authorize all methods of a class and its children
+
+```
+class MyService < Omniperm::AuthorizationRequired
+
+  def do_something
+  end
+
+  def do_another_thing
+  end
+end
+
+class MySubService < MyService
+
+  def do_something
+  end
+
+  def do_another_thing
+  end
+end
+```

data/Rakefile

@@ -0,0 +1,19 @@
+# encoding: UTF-8
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+desc "Run all the tests"
+task default: :test
+
+desc 'Run unit tests.'
+Rake::TestTask.new(:test) do |t|
+  puts "running tests"
+  #t.libs << 'lib'
+  t.libs << 'test'
+  # t.pattern = 'test/**/*_test.rb'
+  t.test_files = FileList["test/**/*_test.rb", "test/**/spec_*.rb", "test/gemloader.rb"]
+  t.verbose = true
+  t.warning = false
+end

data/lib/generators/omniperm/install_generator.rb

@@ -0,0 +1,19 @@
+require 'rails/generators'
+
+module Omniperm
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('templates', __dir__)
+
+      desc "Creates Omniperm initializer and copy a template authorizations.yml to your application."
+
+      def copy_initializer
+        copy_file "omniperm.rb", "config/initializers/omniperm.rb"
+      end
+
+      def copy_authorizations
+        copy_file "omniperm.yml", "config/omniperm.yml"
+      end
+    end
+  end
+end

data/lib/generators/omniperm/templates/omniperm.rb

@@ -0,0 +1,18 @@
+# Configure Omniperm to tailor fit your application
+Omniperm.configure do |config|
+  config.config_file = 'config/omniperm.yml'
+
+  # Strategies not allowed will be unauthorized
+  # Example of common types of strategies :
+  # Use roles : admin/staff/user/superuser
+  # Third party services : nanosoft/pears/amazonia
+  config.whitelisted_strategies = ["nanosoft", "pears", "amazonia"]
+
+  # determine_strategy shall return the strategy of a given object
+  config.determine_strategy = -> (obj, instance_variables){
+    return obj if obj.class == String
+    return @role unless @role.nil?
+    return obj.role if obj.respond_to?("role")
+    return obj.owner.role if obj.respond_to?("item")
+  }
+end

data/lib/generators/omniperm/templates/omniperm.yml

@@ -0,0 +1,18 @@
+#############################
+######### Omniperm ##########
+#############################
+# Describe your authorization strategy in this file
+
+# ExampleClass: 
+#   default: false
+#   pear: true
+#   amazonia: false
+# ExampleModule:
+#   pear: true
+#   nanosoft: false
+#   NestedClass: true 
+# TestClass: true
+#   default: true
+#   Nested:
+#     nested_method: false
+#     another_nested_method: true

data/lib/omniperm/config.rb

@@ -0,0 +1,52 @@
+require 'yaml' if not Object.const_defined?("YAML")
+
+module Omniperm
+  # Configures global settings for Omniperm
+  #   Omniperm.configure do |config|
+  #     config.config_file = 'config/service_authorizations.yml'
+  #   end
+  class << self
+    def configure
+      yield config
+    end
+
+    def config
+      @_config ||= Config.new
+    end
+  end
+
+  class Config
+    attr_accessor :config_file, :whitelisted_strategies, :rules, :determine_strategy 
+    attr_reader :rules
+
+    def initialize
+      @authorizable_name = 'service'
+      # @config_file = "config/#{@authorizable_name}_authorizations.yml" # for multi contexts
+      @config_file = 'config/omniperm.yml'
+      @whitelisted_strategies = []
+      begin
+        @rules = YAML.load_file(@config_file)
+      rescue
+        @rules = {}
+      end
+      @determine_strategy = -> (obj){
+        return "default"
+      }
+    end
+
+    def config_file=(config_file)
+      @config_file = config_file
+      @rules = YAML.load_file(@config_file)
+    end
+
+    def determine_strategy=(new_strategy)
+      @determine_strategy = new_strategy
+      Object.class_eval do
+        def __omniperm_determine_strategy(obj)
+          self.instance_exec(obj, &Omniperm.config.determine_strategy)
+        end
+      end
+    end
+  end
+end
+

data/lib/omniperm/core.rb

@@ -0,0 +1,30 @@
+module Omniperm
+  module Core
+    def self.authorize(returnable, authorization)
+      return authorization if returnable.to_s == "boolean"
+      raise Exception.new "Omniperm: Unauthorized" if returnable.to_s == "raise" and authorization == false
+    end
+
+    def self.authorize_service(context, returnable: "boolean", hierarchy: "", strategy: "default")
+      method_name = caller_locations(2,1)[0].label
+      whitelisted_strategies = Omniperm.config.whitelisted_strategies
+      rules = Omniperm.config.rules
+
+      return self.authorize(returnable, false) unless whitelisted_strategies.include?(strategy)
+      stack = [] + hierarchy.split("::") + [method_name] + [""]
+      while stack.slice!(-1) != nil do
+        rule = rules
+        stack.each do |key|
+          next if key.nil?
+          rule = rule[key] unless rule.nil?
+          return self.authorize(returnable, rule) if [true, false].include?(rule)
+        end
+        next if rule.nil?
+        return  self.authorize(returnable, rule[strategy]) if rule.is_a? Hash and rule.keys.include?(strategy)
+        return self.authorize(returnable, rule["default"]) if rule.is_a? Hash and rule.keys.include?("default")
+        return self.authorize(returnable, rule) if [true, false].include?(rule)
+      end
+      return self.authorize(returnable, false)
+    end
+  end
+end

data/lib/omniperm/decorators.rb

@@ -0,0 +1,112 @@
+module Omniperm
+  module CallbackDecorators
+
+    module MethodsDecorator
+
+      def __before_method
+      end
+
+      def __after_method
+      end
+
+      def decorate_methods_with_before_and_after
+        target_methods = singleton_methods(false) + instance_methods(false)
+        target_methods.reject{|value| [:inject_before_to_methods, :__before_method, :__after_method].include?(value) }.each { |m|
+          # Rename original method
+          target = nil
+          target = self if instance_methods(false).include?(m.to_sym)
+          target = self.singleton_class if singleton_methods(false).include?(m.to_sym)
+          if target
+            target.send(:alias_method, "__#{m}_original", m)
+            target.define_method m do |*args, **kwargs|
+              before_method = Proc.new { 
+                if respond_to?("__before_method")
+                  return_value = __before_method
+                else
+                  return_value = target.__before_method
+                end
+                
+                return return_value unless return_value.nil? 
+              };
+              before_method.call
+
+              if kwargs.empty?
+                return self.send "__#{m}_original", *args 
+              else
+                return self.send "__#{m}_original", *args, **kwargs
+              end
+              # after_method = Proc.new { 
+              #   return_value = __after_method
+              #   return return_value unless return_value.nil? 
+              # };
+              # after_method.call
+            end
+          end
+        }
+      end
+    end
+
+    class ClassDecorator
+      extend CallbackDecorators::MethodsDecorator
+
+      def self.inherited(subclass)
+        TracePoint.trace(:end) do |t|
+          if subclass == t.self
+            subclass.decorate_methods_with_before_and_after
+            t.disable
+          end
+        end
+        super
+      end
+    end
+
+    module MixinDecorator
+      def self.included base
+        base.extend CallbackDecorators::MethodsDecorator
+        TracePoint.trace(:end) do |t|
+          if base == t.self
+            base.decorate_methods_with_before_and_after
+            t.disable
+          end
+        end
+      end
+    end
+  end
+
+  # is working
+  class AuthorizationRequired < CallbackDecorators::ClassDecorator
+
+    def self.__before_method
+      # Warning: method name will be dected as __before_method
+      unless service_authorized?
+        return false # stop execution
+      end
+      return # allow execution to continue
+    end
+
+    def __before_method
+      # Warning: method name will be dected as __before_method
+      unless service_authorized?
+        return false # stop execution
+      end
+      return # allow execution to continue
+    end
+
+  end
+
+  # is broken / dont work anymore
+  module Authorizable
+    include CallbackDecorators::MixinDecorator
+
+    def __before_method
+      unless service_authorized?
+        return false # stop execution
+      end
+      return
+    end
+
+    def __after_method
+    end
+
+  end
+end

data/lib/omniperm/helpers.rb

@@ -0,0 +1,24 @@
+require_relative 'core.rb'
+
+module Omniperm
+  module Helpers
+    private
+      def hierarchy
+        if [Class, Module].include?(self.class)
+          name
+        else
+          self.class.to_s
+        end
+      end
+
+      def service_authorized?(obj = nil)
+        strategy = __omniperm_determine_strategy(obj)
+        Core.authorize_service(obj, returnable: "boolean", hierarchy: hierarchy, strategy: strategy)
+      end
+
+      def service_authorized!(obj = nil)
+        strategy = __omniperm_determine_strategy(obj)
+        Core.authorize_service(obj, returnable: "raise", hierarchy: hierarchy, strategy: strategy)
+      end
+  end
+end

data/lib/omniperm/version.rb

@@ -0,0 +1,3 @@
+module Omniperm
+  VERSION = '0.0.3'
+end

data/omniperm.gemspec

@@ -0,0 +1,22 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'omniperm/version'
+
+Gem::Specification.new do |s|
+  s.name = %q{omniperm}
+  s.version = Omniperm::VERSION
+  s.authors = ['Samuel Bohn']
+  s.email         = %w(samuel@hydrodigit.com)
+  s.date = %q{2020-07-21}
+  s.description = %q{With Omniperm you can centralize your authorization strategies in a YAML file against a configurable context }
+  s.summary = 'Flexible Authorization for Ruby or Rails'
+  s.homepage = 'https://github.com/3pns/omniperm'
+  s.license = 'MIT'
+  s.files = `git ls-files`.split($/)
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency 'minitest', "~> 5.0"
+  s.add_development_dependency 'minitest-sprint'
+  s.add_development_dependency 'rails'
+end

data/test/decorators_test.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative 'helper'
+
+describe Omniperm::Core do
+  before do
+    @user = User.new(:pear)
+    @user_googol = User.new(:googol)
+    @service_class_decorated_allowed = Services::ExternalServiceClassDecorated.new(@user)
+    @service_class_decorated_nanosoft_allowed = Services::ExternalServiceClassDecorated.new(@user_googol)
+  end
+
+  it 'should perform authorization' do
+    skip("todo: fix method name not properly detected using inheritance")
+    assert_equal 42, @service_class_decorated_allowed.load_data
+  end
+
+  it 'should perform authorization' do
+    skip("todo: fix method name not properly detected using inheritance")
+    assert_equal 42, @service_class_decorated_allowed.buy
+  end
+
+  it 'should perform authorization' do
+    assert_equal false, @service_class_decorated_allowed.bucket
+  end
+
+  it 'should perform authorization' do
+    assert_equal false, @service_class_decorated_allowed.n42
+  end
+
+  it 'should perform authorization' do
+    assert_equal 42, @service_class_decorated_nanosoft_allowed.load_data
+  end
+
+  it 'should perform authorization' do
+    assert_equal 42, @service_class_decorated_nanosoft_allowed.buy
+  end
+
+  it 'should perform authorization' do
+    assert_equal 42, @service_class_decorated_nanosoft_allowed.bucket
+  end
+
+  it 'should perform authorization' do
+    assert_equal 42, @service_class_decorated_nanosoft_allowed.n42
+  end
+end

data/test/gemloader.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'rubygems'
+project = 'omniperm'
+gemspec = File.expand_path("#{project}.gemspec", Dir.pwd)
+Gem::Specification.load(gemspec).dependencies.each do |dep|
+  begin
+    gem dep.name, *dep.requirement.as_list
+  rescue Gem::LoadError
+    warn "Cannot load #{dep.name} #{dep.requirement.to_s}"
+  end
+end

data/test/helper.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+ENV["RAILS_ENV"] = "test"
+require_relative '../lib/omniperm'
+require_relative 'models/user'
+require_relative 'services/class_service'
+require_relative 'services/module_service'
+require_relative 'services/external_service'
+require_relative 'services/internal_service'
+require_relative 'services/external_service_class_decorated'
+require 'minitest/spec'
+require 'minitest/autorun'
+Dir["models/services/*.rb"].each {|file| require file }
+
+# configure Omniperm
+Omniperm.configure do |config|
+  config.config_file = 'test/test_config.yml'
+  config.whitelisted_strategies = ["nanosoft", "pear", "googol"]
+  config.determine_strategy = -> (obj){
+    return obj if obj.class == String
+    return @user.adaptor_type if @user
+    return obj.adaptor_type if obj.class == User
+    return "default"
+  }
+end

data/test/models/user.rb

@@ -0,0 +1,7 @@
+class User
+  attr_reader :adaptor_type
+  
+  def initialize(adaptor_type)  
+    @adaptor_type = adaptor_type.to_s
+  end
+end

data/test/omniperm_test.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+require_relative 'helper'
+
+describe Omniperm::Core do
+  before do
+    @user = User.new(:pear)
+    @service = Services::ExternalService.new(@user)
+    @internal_service = Services::InternalService.new(@user)
+    @secret_service = Services::InternalService::SecretService.new(@user)
+  end
+
+  it 'should properly detect hierarchy and method_name from a module method' do
+    assert_equal 42, Services::ModuleService.compute(@user)
+  end
+
+  it 'should properly detect hierarchy and method_name from a class method' do
+    assert_equal 42, Services::ClassService.compute(@user)
+  end
+
+  it 'should deny if element has default to true' do
+    assert_equal false, @internal_service.save_data
+  end
+
+  it 'should priorize elements higher in the hierarchy' do    
+    assert_equal 42, @secret_service.save_data
+  end
+
+  it 'should find element without passing any arg' do
+    assert_equal false, @internal_service.authorize_with_no_args
+    assert_equal 42, @secret_service.authorize_with_no_args
+  end
+
+  it 'should authorize if element in hierarchy is true' do
+    assert_equal 42, @service.load_data
+  end
+
+  it 'should authorize if method is true' do
+    assert_equal 42, @service.buy
+  end
+
+  it 'should deny if method exist but has no rule for strategy' do
+    assert_equal false, @service.bucket
+  end
+
+  it 'should not authorize if no rule in the hierarchy' do
+    assert_equal false, @service.n42
+  end
+
+end

data/test/services/class_service.rb

@@ -0,0 +1,8 @@
+module Services
+  class ClassService
+    def self.compute(user)
+      return false unless service_authorized?(user)
+      return 42
+    end
+  end
+end

data/test/services/external_service.rb

@@ -0,0 +1,28 @@
+module Services
+  class ExternalService
+
+    def initialize(user)
+      @user = user
+    end
+
+    def load_data
+      return false unless service_authorized?(@user)
+      return 42
+    end
+
+    def buy
+      return false unless service_authorized?(@user)
+      return 42
+    end
+
+    def bucket
+      return false unless service_authorized?(@user)
+      return 42
+    end
+
+    def n42
+      return false unless service_authorized?(@user)
+      return 42
+    end
+  end
+end

data/test/services/external_service_class_decorated.rb

@@ -0,0 +1,24 @@
+module Services
+  class ExternalServiceClassDecorated < Omniperm::AuthorizationRequired
+
+    def initialize(user)
+      @user = user
+    end
+
+    def load_data
+      return 42
+    end
+
+    def buy
+      return 42
+    end
+
+    def bucket
+      return 42
+    end
+
+    def n42
+      return 42
+    end
+  end
+end

data/test/services/internal_service.rb

@@ -0,0 +1,34 @@
+module Services
+  class InternalService
+
+    def initialize(user)
+      @user = user
+    end
+
+    def authorize_with_no_args
+      return false unless service_authorized?
+      return 42
+    end
+
+    def save_data
+      return false unless service_authorized?(@user)
+      return 42
+    end
+
+    class SecretService
+      def initialize(user)
+        @user = user
+      end
+
+      def authorize_with_no_args
+        return false unless service_authorized?
+        return 42
+      end
+
+      def save_data
+        return false unless service_authorized?(@user)
+        return 42
+      end
+    end
+  end
+end

data/test/services/module_service.rb

@@ -0,0 +1,8 @@
+module Services
+  module ModuleService
+    def self.compute(user)
+      return false unless service_authorized?(user)
+      return 42
+    end
+  end
+end

data/test/test_config.yml

@@ -0,0 +1,27 @@
+Services:
+  InternalService:
+    default: false
+    SecretService: true
+  ExternalService:
+    load_data: true
+    buy:
+      nanosoft: true
+      pear: true
+    bucket:
+      googol: true
+      nanosoft: true
+  ModuleService:
+    compute:
+      pear: true
+  ClassService:
+    compute:
+      pear: true
+  ExternalServiceClassDecorated:
+    googol: true # all true for googol
+    load_data: true
+    buy:
+      nanosoft: true
+      pear: true
+    bucket:
+      googol: true
+      nanosoft: true

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: omniperm
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Samuel Bohn
@@ -60,7 +60,34 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".circleci/config.yml"
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- MIT-LICENSE
+- README.md
+- Rakefile
+- lib/generators/omniperm/install_generator.rb
+- lib/generators/omniperm/templates/omniperm.rb
+- lib/generators/omniperm/templates/omniperm.yml
 - lib/omniperm.rb
+- lib/omniperm/config.rb
+- lib/omniperm/core.rb
+- lib/omniperm/decorators.rb
+- lib/omniperm/helpers.rb
+- lib/omniperm/version.rb
+- omniperm.gemspec
+- test/decorators_test.rb
+- test/gemloader.rb
+- test/helper.rb
+- test/models/user.rb
+- test/omniperm_test.rb
+- test/services/class_service.rb
+- test/services/external_service.rb
+- test/services/external_service_class_decorated.rb
+- test/services/internal_service.rb
+- test/services/module_service.rb
+- test/test_config.yml
 homepage: https://github.com/3pns/omniperm
 licenses:
 - MIT