permify 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 490f5fb31ff867f2325a630790d2b45b9432f4d8
+  data.tar.gz: 25f219fb4cd5c68f88fb6bc06d4c90d5da689439
+SHA512:
+  metadata.gz: aacb25ffb1f6592ca5feaa81ff927863fc73c8a8620f531e90a9ec40e5eaa4d5e654223bc291d3a675c6003f48f862286585d11c2c3eafada4880843154d6b6d
+  data.tar.gz: a5293ea18930c766c16091b43829988706401c11c8a472573122a523741599dd542182fbfa2ea697bdeea8b1e85bb2ccfa5b861e333951d509ff3bb3b50f4940

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in permify.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Maarten Claes
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Permify
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'permify'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install permify
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/permify/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+
+task :mutant do
+  system "bundle exec mutant --include lib -r permify --use rspec \"Permify*\""
+end

data/lib/permify.rb

@@ -0,0 +1,18 @@
+require 'active_support/all'
+
+module Permify
+end
+
+require "permify/version"
+require "permify/authorization"
+require "permify/clearance"
+require "permify/permission"
+require "permify/permission_map"
+require "permify/permission/dynamic"
+require "permify/permission/null"
+require "permify/permission/static"
+require "permify/permission/combination"
+require "permify/permission/combination_map"
+require "permify/permission/combination/any"
+require "permify/repository"
+

data/lib/permify/authorization.rb

@@ -0,0 +1,17 @@
+class Permify::Authorization
+  attr_reader :candidate
+  def initialize(candidate)
+    @candidate = candidate
+  end
+
+  def can?(action, resource)
+    permission = find_permission(resource, action)
+    permission.granted?(candidate, resource)
+  end
+
+  protected
+
+  def find_permission(resource, action)
+    candidate.permissions.find(resource, action)
+  end
+end

data/lib/permify/clearance.rb

@@ -0,0 +1,29 @@
+# Clearance: Official authorization for something to proceed or take place
+#
+class Permify::Clearance
+  def initialize(repo)
+    @repo = repo
+    @permissions = Permify::PermissionMap.new
+  end
+
+  def add(resource, action)
+    permission = resolve_to_permission(resource, action)
+    permissions.store(resource, action, permission)
+  end
+
+  def find(resource, action)
+    if !repo.permission_combination?(resource, action)
+      permissions.find(resource, action) || Permify::Permission::Null.new
+    else
+      combination = repo.find_permission_combination(resource, action)
+      combination.resolve(self)
+    end
+  end
+
+  private
+  attr_reader :permissions, :repo
+
+  def resolve_to_permission(resource, action_name)
+    repo.find_permission(resource, action_name)
+  end
+end

data/lib/permify/permission.rb

@@ -0,0 +1,10 @@
+module Permify
+  class Permission
+    def initialize(*args)
+    end
+
+    def granted?(candidate, context)
+      false
+    end
+  end
+end

data/lib/permify/permission/combination.rb

@@ -0,0 +1,4 @@
+class Permify::Permission
+  class Combination < self
+  end
+end

data/lib/permify/permission/combination/any.rb

@@ -0,0 +1,13 @@
+class Permify::Permission::Combination
+  class Any < self
+    def initialize(permissions)
+      @permissions = permissions
+    end
+
+    def granted?(candidate, resource)
+      @permissions.any? { |perm|
+        perm.granted?(candidate, resource)
+      }
+    end
+  end
+end

data/lib/permify/permission/combination_map.rb

@@ -0,0 +1,23 @@
+class Permify::Permission::CombinationMap
+  def initialize(combinations)
+    @combinations = combinations
+  end
+
+  def resolve(clearance)
+    permissions = list_permissions(clearance)
+    Permify::Permission::Combination::Any.new(permissions)
+  end
+
+  private
+  attr_reader :combinations
+
+  def list_permissions(clearance)
+    permissions = []
+    combinations.each do |resource, actions|
+      [actions].flatten.each do |action|
+        permissions << clearance.find(resource, action)
+      end
+    end
+    permissions
+  end
+end

data/lib/permify/permission/dynamic.rb

@@ -0,0 +1,13 @@
+class Permify::Permission
+  class Dynamic < self
+    def initialize(checks)
+      @checks = checks
+    end
+
+    def granted?(candidate, resource)
+      @checks.all? { |check|
+        check.new(candidate, resource).success?
+      }
+    end
+  end
+end

data/lib/permify/permission/null.rb

@@ -0,0 +1,7 @@
+class Permify::Permission
+  class Null < self
+    def granted?(candidate, resource)
+      false
+    end
+  end
+end

data/lib/permify/permission/static.rb

@@ -0,0 +1,7 @@
+class Permify::Permission
+  class Static < self
+    def granted?(candidate, resource)
+      true
+    end
+  end
+end

data/lib/permify/permission_map.rb

@@ -0,0 +1,32 @@
+# Provides a convenient way to store and retrieve permission data
+class Permify::PermissionMap
+  def initialize
+    @data = {}
+  end
+
+  def store(resource, action, info)
+    resource_key, action_key = to_keys(resource, action)
+    data[resource_key] ||= {}
+    data[resource_key][action_key] = info
+  end
+
+  def find(resource, action)
+    resource_key, action_key = to_keys(resource, action)
+    data.fetch(resource_key, {})[action_key]
+  end
+
+  private
+  attr_reader :data
+
+  # Transforms resource and action into keys for use in internal hashes
+  #
+  # @param resource [Class, Object] resource object or its class
+  # @param action [String, #to_sym]
+  #
+  # @return keys [Array<Symbol>] array with resource and action key
+  #
+  def to_keys(resource, action)
+    resource_class = resource.is_a?(Class) ? resource : resource.class
+    [resource_class.name, action].map(&:to_sym)
+  end
+end

data/lib/permify/repository.rb

@@ -0,0 +1,68 @@
+class Permify::Repository
+
+  # Define a static permission
+  #
+  # @param resource_class [Class]
+  # @param action [Symbol, String]
+  #
+  # @return [undefined]
+  #
+  def static(resource_class, action)
+    permission = Permify::Permission::Static.new
+    permissions.store(resource_class, action, permission)
+  end
+
+  # Define a dynamic permission
+  #
+  # @param resource_class [Class]
+  # @param action [Symbol, String]
+  #
+  # @return [undefined]
+  #
+  def dynamic(resource_class, action, *args)
+    permission = Permify::Permission::Dynamic.new args.flatten
+    permissions.store(resource_class, action, permission)
+  end
+
+  # Creates a permission that's granted whenever any of the combined
+  # permissions is granted
+  #
+  # @param resource_class [Class]
+  # @param action [String, #to_sym]
+  #
+  # @return [undefined]
+  #
+  def any(resource_class, action, combinations)
+    combination_map = Permify::Permission::CombinationMap.new(combinations)
+    permission_combinations.store(resource_class, action, combination_map)
+  end
+
+  # Finds permission in this repository
+  #
+  # @param resource [Class]
+  # @param action [String, #to_sym]
+  #
+  # @return permission [Permify::Permission, nil]
+  #
+  def find_permission(resource, action)
+    permissions.find(resource, action)
+  end
+
+  def permission_combination?(resource_class, action)
+    !!find_permission_combination(resource_class, action)
+  end
+
+  def find_permission_combination(resource, action)
+    permission_combinations.find(resource, action)
+  end
+
+  protected
+
+  def permissions
+    @permissions ||= Permify::PermissionMap.new
+  end
+
+  def permission_combinations
+    @permission_combinations ||= Permify::PermissionMap.new
+  end
+end

data/lib/permify/version.rb

@@ -0,0 +1,3 @@
+module Permify
+  VERSION = "0.0.1"
+end

data/permify.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'permify/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "permify"
+  spec.version       = Permify::VERSION
+  spec.authors       = ["Maarten Claes"]
+  spec.email         = ["maartencls@gmail.com"]
+  spec.summary       = %q{Manageable permissions}
+  spec.description   = %q{Manageable permissions}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "mutant", "~> 0.5.6"
+  spec.add_development_dependency "mutant-rspec"
+
+  spec.add_dependency "activesupport"
+end

data/spec/integration_spec.rb

@@ -0,0 +1,114 @@
+require "spec_helper"
+
+class Post
+  def initialize(owner)
+    @owner = owner
+  end
+
+  def owner?(user)
+    @owner == user
+  end
+end
+
+class OwnerCheck
+  attr_reader :candidate, :resource
+
+  def initialize(candidate, resource)
+    @candidate = candidate
+    @resource = resource
+  end
+
+  def success?
+    resource.owner?(candidate)
+  end
+end
+
+REPO = Permify::Repository.new
+
+REPO.static(Post, :show)
+REPO.static(Post, :create)
+
+# :edit permission granted if either of its dependencies (:edit_all or
+# :edit_own) is granted
+REPO.any(Post, :edit, { Post => [:edit_all, :edit_own] })
+
+REPO.static(Post, :edit_all)
+REPO.dynamic(Post, :edit_own, [OwnerCheck])
+
+class Admin
+  def permissions
+    Permify::Clearance.new(REPO).tap do |c|
+      c.add Post, :show
+      c.add Post, :create
+      c.add Post, :edit_all
+    end
+  end
+end
+
+class User
+  def permissions
+    Permify::Clearance.new(REPO).tap do |c|
+      c.add Post, :show
+      c.add Post, :create
+      c.add Post, :edit_own
+    end
+  end
+end
+
+describe Permify::Authorization, "integration" do
+  let(:post) { Post.new(post_owner) }
+  let(:post_owner) { user }
+  let(:admin) { Admin.new }
+  let(:user) { User.new }
+
+  describe "admin" do
+    let(:auth) { Permify::Authorization.new(admin) }
+
+    describe "static create" do
+      subject { auth.can?(:create, post)}
+      it { should be_true }
+    end
+
+    describe "static show" do
+      subject { auth.can?(:show, post)}
+      it { should be_true }
+    end
+
+    describe "static edit" do
+      subject { auth.can?(:edit, post)}
+      it { should be_true }
+    end
+  end
+
+  describe "user" do
+    let(:auth) { Permify::Authorization.new(user) }
+
+    describe "Post :edit_own" do
+      subject { auth.can?(:edit_own, post)}
+
+      context "when owner" do
+        let(:post_owner) { user }
+        it { should be_true }
+      end
+
+      context "when not owner" do
+        let(:post_owner) { admin }
+        it { should_not be_true }
+      end
+    end
+
+    describe "Post :edit" do
+      subject { auth.can?(:edit, post)}
+
+      context "when owner" do
+        let(:post_owner) { user }
+        it { should be_true }
+      end
+
+      context "when not owner" do
+        let(:post_owner) { admin }
+        it { should_not be_true }
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,13 @@
+require 'permify'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

metadata

@@ -0,0 +1,153 @@
+--- !ruby/object:Gem::Specification
+name: permify
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Maarten Claes
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mutant
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.6
+- !ruby/object:Gem::Dependency
+  name: mutant-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Manageable permissions
+email:
+- maartencls@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/permify.rb
+- lib/permify/authorization.rb
+- lib/permify/clearance.rb
+- lib/permify/permission.rb
+- lib/permify/permission/combination.rb
+- lib/permify/permission/combination/any.rb
+- lib/permify/permission/combination_map.rb
+- lib/permify/permission/dynamic.rb
+- lib/permify/permission/null.rb
+- lib/permify/permission/static.rb
+- lib/permify/permission_map.rb
+- lib/permify/repository.rb
+- lib/permify/version.rb
+- permify.gemspec
+- spec/integration_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: Manageable permissions
+test_files:
+- spec/integration_spec.rb
+- spec/spec_helper.rb
+has_rdoc: