ostiary 0.8.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0f22bf44568c51e44e5421f8071c82e1e2762902
+  data.tar.gz: d24340aae92bf7c098a9f36b6e4bb7b303c61c20
+SHA512:
+  metadata.gz: f3c5b9fbb513a981eb2ad5d564861198a25c31217896e3aa838b5d06f80228945b92ad05d33b2faee871772a6dc2940c23993c8658df77ec04914edbd821b11d
+  data.tar.gz: 22a550c52fd77060cf3f837d4340d3ede44dd5fb987b05e344f48dec5957201a18fd4bb0d177724776f9338fd451c4dd5c4e01a1fed18dd273240f8643fddc1c

data/.ruby-gemset

@@ -0,0 +1 @@
+ostiary

data/.ruby-version

@@ -0,0 +1 @@
+ruby-2.2.5

data/.travis.yml

@@ -0,0 +1 @@
+language: ruby

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in bouncer.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,35 @@
+PATH
+  remote: .
+  specs:
+    ostiary (0.6.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.2.5)
+    rake (10.5.0)
+    rspec (3.5.0)
+      rspec-core (~> 3.5.0)
+      rspec-expectations (~> 3.5.0)
+      rspec-mocks (~> 3.5.0)
+    rspec-core (3.5.4)
+      rspec-support (~> 3.5.0)
+    rspec-expectations (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-mocks (3.5.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.5.0)
+    rspec-support (3.5.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.13)
+  ostiary!
+  rake (~> 10.0)
+  rspec (~> 3.0)
+
+BUNDLED WITH
+   1.13.7

data/README.md

@@ -0,0 +1,91 @@
+# Ostiary
+
+An ostiarius, a Latin word sometimes anglicized as ostiary but often literally translated as porter or doorman, originally was a servant or guard posted at the entrance of a building. See also gatekeeper.
+
+## Functionality
+
+[![Build Status](https://travis-ci.com/nedap/ostiary.svg?token=4BotuBJP2R9yGGT125VA&branch=master)](https://travis-ci.com/nedap/ostiary)
+
+This gem will help you enforce 'policies' when viewing controllers/actions.
+This is done by requiring certain roles for controllers, where you can
+optionally include or exclude certain actions.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ostiary'
+```
+
+And then execute:
+
+  $ bundle
+
+Or install it yourself as:
+
+  $ gem install ostiary
+
+## Usage
+
+### Primary setup
+
+In your base Controller class do the following for Rails:
+
+```ruby
+# This class creates a class accessor called :ostiary on each (inherited) controller.
+#  With each controller created, it will stack the policies you add
+include Ostiary::ControllerHelper
+
+before_filter :ensure_authorized!
+
+# Because each ostiary is unique for a controller, you only have to supply the current action.
+#  With this, it can check if there are certain policies that will be broken.
+def ensure_authorized!
+  self.class.ostiary.authorize!(action) do |name|
+    # Your authorization method using name.
+    #  e.g. `current_user.has_right?(name)`
+  end
+rescue Ostiary::PolicyBroken => error
+  # We re-raise the Error as a RoutingError in Rails
+  #  You can also do `return head :forbidden` if that's more in line with your needs.
+  raise ActionController::RoutingError.new(error.message)
+end
+```
+
+### Securing controllers
+
+In each controller you wish to secure, you can call `ostiary_policy`, just like `before_filter` & `after_filter` of Rails.
+
+```ruby
+# Require the :list role on the entire controller
+ostiary_policy :list
+
+# Require the :view role only on the index & show actions
+ostiary_policy :view, only: [:index, :show]
+
+# Require the :edit role except on the index & show actions
+ostiary_policy :edit, except: [:index, :show]
+```
+
+These policies will be added to the ostiary instance created for each Controller Class. It will also include each policy inherited from parent classes.
+
+### Checking for a right
+
+You can also ask if a user is authorized to access to a certain path (url).
+
+in your Controller:
+
+```ruby
+def authorized?(path)
+  # recognize_path is a Rails Routing helper that will return a hash with the controller
+  #  and action of the path you supplied. We'll have to transform that String of the
+  #  controller into an actual Class.
+  return false unless route = Rails.application.routes.recognize_path(path)
+  requested_controller = "#{route[:controller]}_controller".camelize.constantize
+  requested_controller.ostiary.authorized?(route[:action]) do |role|
+    # Your authorization method using name.
+  end
+end
+```
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/ostiary.rb

@@ -0,0 +1,10 @@
+require "ostiary/version"
+require "ostiary/ostiary"
+require "ostiary/policy"
+require "ostiary/policy_limited"
+require "ostiary/policy_exempted"
+require "ostiary/controller_helper"
+
+module Ostiary
+  class PolicyBroken < StandardError; end
+end

data/lib/ostiary/controller_helper.rb

@@ -0,0 +1,46 @@
+module Ostiary
+  module ControllerHelper
+
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+
+      def inherited(subclass)
+        subclass.ostiary.policies += self.ostiary.policies
+        super
+      end
+
+      def ostiary
+        @ostiary ||= Ostiary.new
+      end
+
+      def required_application_role(role, actions = {})
+        warn "[DEPRECATION] `required_application_role` is deprecated.  Please use `ostiary_policy` instead."
+        ostiary_policy(role, actions)
+      end
+
+      # We want to give the option of setting a policy for one action, based on ::Role
+      # So we'll copy the way the filters in controllers work.
+      # Only apply the role to certain action(s)
+      #  only: [*actions]
+      # Exclude action(s) from requiring a role
+      #  except: [*actions]
+      # By default a given role will be required for every action
+      #
+      # One line creates one policy, which are immediately created with the proper class
+      def ostiary_policy(role, actions = {})
+        if actions.empty?
+          self.ostiary.policies << Policy.new(role)
+        elsif actions.has_key?(:only)
+          self.ostiary.policies << PolicyLimited.new(role, actions[:only])
+        elsif actions.has_key?(:except)
+          self.ostiary.policies << PolicyExempted.new(role, actions[:except])
+        end
+      end
+
+    end
+
+  end
+end

data/lib/ostiary/ostiary.rb

@@ -0,0 +1,29 @@
+module Ostiary
+  class Ostiary
+    attr_accessor :policies
+
+    def initialize
+      @policies = []
+    end
+
+    def authorize!(action)
+      policies.each do |policy|
+        next if policy_met?(policy, action, &Proc.new)
+        raise PolicyBroken, policy.error_message(action)
+      end
+    end
+
+    def authorized?(action)
+      policies.all? do |policy|
+        policy_met?(policy, action, &Proc.new)
+      end
+    end
+
+    private
+
+    def policy_met?(policy, action)
+      policy.met?(action) { yield(policy.name) }
+    end
+
+  end
+end

data/lib/ostiary/policy.rb

@@ -0,0 +1,23 @@
+module Ostiary
+  class Policy
+    attr_accessor :name, :rules
+
+    def initialize(name, rules = [])
+      @name   = name
+      @rules  = rules || []
+    end
+
+    def inspect
+      "#{name}"
+    end
+
+    def met?(*)
+      yield
+    end
+
+    def error_message(action)
+      "#{action} requires #{name}"
+    end
+
+  end
+end

data/lib/ostiary/policy_exempted.rb

@@ -0,0 +1,18 @@
+module Ostiary
+  class PolicyExempted < Policy
+
+    def inspect
+      "#{name} except for #{rules.to_sentence}"
+    end
+
+    def met?(action)
+      return true if rules.include?(action)
+      yield
+    end
+
+    def error_message(action)
+      "#{action} not exempted for #{name}"
+    end
+
+  end
+end

data/lib/ostiary/policy_limited.rb

@@ -0,0 +1,18 @@
+module Ostiary
+  class PolicyLimited < Policy
+
+    def inspect
+      "#{name} only for #{rules.to_sentence}"
+    end
+
+    def met?(action)
+      return true if !rules.include?(action)
+      yield
+    end
+
+    def error_message(action)
+      "#{action} limited by #{name}"
+    end
+
+  end
+end

data/lib/ostiary/version.rb

@@ -0,0 +1,3 @@
+module Ostiary
+  VERSION = "0.8.0"
+end

data/ostiary.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ostiary/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "ostiary"
+  spec.version       = Ostiary::VERSION
+  spec.author        = "Jacques Hakvoort"
+  spec.authors       = ["Jacques Hakvoort"]
+  spec.email         = ["jacques.hakvoort@nedap.com"]
+
+  spec.homepage      = "https://github.com/nedap/ostiary"
+  spec.summary       = "Limit access to controllers/actions with policies"
+  spec.description   = <<-TXT;
+    from wikipedia: "An ostiarius, a Latin word sometimes anglicized as ostiary
+    but often literally translated as porter or doorman, originally was a
+    servant or guard posted at the entrance of a building. See also gatekeeper."
+    Ostiary is a security gem for your controllers & actions.
+    It employs a before_filter-like call to set policies per controller/action.
+    You can pass your own security call in block and handle the PolicyBroken
+    yourself.
+    Policies are also inherited from parent classes.
+  TXT
+  spec.license = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.13"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: ostiary
+version: !ruby/object:Gem::Version
+  version: 0.8.0
+platform: ruby
+authors:
+- Jacques Hakvoort
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-01-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.13'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: |2
+      from wikipedia: "An ostiarius, a Latin word sometimes anglicized as ostiary
+      but often literally translated as porter or doorman, originally was a
+      servant or guard posted at the entrance of a building. See also gatekeeper."
+      Ostiary is a security gem for your controllers & actions.
+      It employs a before_filter-like call to set policies per controller/action.
+      You can pass your own security call in block and handle the PolicyBroken
+      yourself.
+      Policies are also inherited from parent classes.
+email:
+- jacques.hakvoort@nedap.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".ruby-gemset"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/ostiary.rb
+- lib/ostiary/controller_helper.rb
+- lib/ostiary/ostiary.rb
+- lib/ostiary/policy.rb
+- lib/ostiary/policy_exempted.rb
+- lib/ostiary/policy_limited.rb
+- lib/ostiary/version.rb
+- ostiary.gemspec
+homepage: https://github.com/nedap/ostiary
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: Limit access to controllers/actions with policies
+test_files: []