permiso 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +6 -0
- data/.rspec +3 -0
- data/Gemfile +10 -0
- data/README.md +76 -0
- data/Rakefile +3 -0
- data/lib/permiso/version.rb +3 -0
- data/lib/permiso.rb +49 -0
- data/permiso.gemspec +20 -0
- data/spec/lib/permiso_spec.rb +38 -0
- data/spec/spec.rake +22 -0
- data/spec/spec_helper.rb +12 -0
- metadata +69 -0
data/.gitignore
ADDED
data/.rspec
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,76 @@
|
|
1
|
+
CSS: http://hotx.resfinity.com/css/readme.css
|
2
|
+
|
3
|
+
# Permiso
|
4
|
+
is a lightweight gem for defining and veryfying permissions, or in other words checking authorization.
|
5
|
+
|
6
|
+
|
7
|
+
Define a class with your abilities, you can name it whatever you want, but Ability is a nice name I borrowed from [cancan](https://github.com/ryanb/cancan).
|
8
|
+
|
9
|
+
## Permiso helper methods
|
10
|
+
|
11
|
+
* **role**: defines what a named role can do
|
12
|
+
* **rule**: defines additional checks which must be met in order
|
13
|
+
|
14
|
+
## The easy example
|
15
|
+
|
16
|
+
class Ability
|
17
|
+
include Permiso::Ability
|
18
|
+
|
19
|
+
def initialize
|
20
|
+
role :admin do
|
21
|
+
can :delete
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
Checking now is easy:
|
27
|
+
|
28
|
+
ability = Ability.new
|
29
|
+
ability.can? :admin, :delete
|
30
|
+
|
31
|
+
## Example with rules
|
32
|
+
A more complex example with rules and a domain object injected
|
33
|
+
|
34
|
+
class Ability
|
35
|
+
include Permiso::Ability
|
36
|
+
|
37
|
+
def initialize(booking)
|
38
|
+
@booking = booking
|
39
|
+
|
40
|
+
role :admin do
|
41
|
+
can :cancel
|
42
|
+
can :create
|
43
|
+
end
|
44
|
+
|
45
|
+
rule :cancel do
|
46
|
+
@booking.status == 'book_confirmed'
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
end
|
51
|
+
|
52
|
+
Checking is (almost) the same as in the prior example:
|
53
|
+
|
54
|
+
ability = Ability.new(booking)
|
55
|
+
ability.can? :admin, :cancel
|
56
|
+
|
57
|
+
In this case, only the admin can cancel the booking, if the status is book_confirmed.
|
58
|
+
|
59
|
+
I use dependency injection, to bring in an object on which I conduct test, in this case the booking.
|
60
|
+
|
61
|
+
## Using in Padrino
|
62
|
+
For that I define a helper
|
63
|
+
|
64
|
+
MyWebApp.helpers do
|
65
|
+
def can(action)
|
66
|
+
ability = Ability.new(@booking)
|
67
|
+
ability.can? current_user.role, action
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
which then allows me to use this in my `haml` file:
|
72
|
+
|
73
|
+
- if can :cancel
|
74
|
+
%a{ :href => '/cancel' }
|
75
|
+
|
76
|
+
|
data/Rakefile
ADDED
data/lib/permiso.rb
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
require "permiso/version"
|
2
|
+
|
3
|
+
module Permiso
|
4
|
+
module Ability
|
5
|
+
|
6
|
+
def roles
|
7
|
+
@roles ||= {}
|
8
|
+
end
|
9
|
+
|
10
|
+
def rules
|
11
|
+
@ruls ||= {}
|
12
|
+
end
|
13
|
+
|
14
|
+
def can(ability, subject=nil)
|
15
|
+
r = roles[@current_role] ||= []
|
16
|
+
r << ability
|
17
|
+
end
|
18
|
+
|
19
|
+
def role(name, &block)
|
20
|
+
@current_role = name
|
21
|
+
block.call
|
22
|
+
end
|
23
|
+
|
24
|
+
def rule(name, &block)
|
25
|
+
rules[name] = block
|
26
|
+
end
|
27
|
+
|
28
|
+
def can?(role, action, args={})
|
29
|
+
return false unless role_can?(role, action)
|
30
|
+
rule_allows?(action)
|
31
|
+
end
|
32
|
+
|
33
|
+
def rule_allows?(action)
|
34
|
+
rule = rules[action]
|
35
|
+
return true if rule.nil?
|
36
|
+
rule.call
|
37
|
+
end
|
38
|
+
|
39
|
+
def role_can?(role, action)
|
40
|
+
allowed_actions = roles[role]
|
41
|
+
allowed_actions && allowed_actions.include?(action)
|
42
|
+
end
|
43
|
+
|
44
|
+
def inspect
|
45
|
+
roles.each {|role, abilities| puts "#{role} can #{abilities.inspect}"}
|
46
|
+
rules.each {|rule| puts "rule #{rule}" }
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
data/permiso.gemspec
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "permiso/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "permiso"
|
7
|
+
s.version = Permiso::VERSION
|
8
|
+
s.authors = ["Piotr Zolnierek"]
|
9
|
+
s.email = ["pzolnierek@gmail.com"]
|
10
|
+
s.homepage = "https://github.com/pzol/permiso"
|
11
|
+
s.summary = %q{A lightweight gem for checking permissions}
|
12
|
+
s.description = %q{see README.md}
|
13
|
+
|
14
|
+
s.rubyforge_project = "permiso"
|
15
|
+
|
16
|
+
s.files = `git ls-files`.split("\n")
|
17
|
+
s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
|
18
|
+
s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
|
+
s.require_paths = ["lib"]
|
20
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Permiso do
|
4
|
+
before(:all) do
|
5
|
+
@user = {:role => 'admin'}
|
6
|
+
@booking = { 'ref_anixe' => '6666', 'status' => 'book_confirmed' }
|
7
|
+
end
|
8
|
+
|
9
|
+
class AbilityTest
|
10
|
+
include Permiso::Ability
|
11
|
+
|
12
|
+
def initialize(booking)
|
13
|
+
@booking = booking
|
14
|
+
|
15
|
+
role :admin do
|
16
|
+
can :cancel
|
17
|
+
can :create
|
18
|
+
end
|
19
|
+
|
20
|
+
rule :cancel do
|
21
|
+
@booking['status'] == 'book_confirmed'
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'should allow, when role is defined' do
|
28
|
+
ability = AbilityTest.new(@booking)
|
29
|
+
ability.can?(:admin, :cancel).should be_true
|
30
|
+
ability.can?(:admin, :create).should be_true
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should NOT allow, when role is NOT defined' do
|
34
|
+
ability = AbilityTest.new(@booking)
|
35
|
+
ability.can?(:anybody, :cancel).should be_false
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
data/spec/spec.rake
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'rspec/core/rake_task'
|
2
|
+
|
3
|
+
RSpec::Core::RakeTask.new(:spec) do |t|
|
4
|
+
t.pattern = "./spec/**/*_spec.rb"
|
5
|
+
# Put spec opts in a file named .rspec in root
|
6
|
+
end
|
7
|
+
|
8
|
+
namespace :spork do
|
9
|
+
desc "start spork in background"
|
10
|
+
task :start do
|
11
|
+
sh %{spork &}
|
12
|
+
end
|
13
|
+
|
14
|
+
desc "stop spork"
|
15
|
+
task :stop do
|
16
|
+
Process.kill(:TERM, `ps -ef | grep spork | grep -v grep | awk '{ print $2 }'`.to_i)
|
17
|
+
end
|
18
|
+
|
19
|
+
desc "restart spork"
|
20
|
+
task :restart => [:stop, :start]
|
21
|
+
end
|
22
|
+
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
Spork.prefork do
|
2
|
+
require 'bundler'
|
3
|
+
Bundler.setup
|
4
|
+
Bundler.require(:default, :test)
|
5
|
+
end
|
6
|
+
|
7
|
+
Spork.each_run do
|
8
|
+
# This code will be run each time you run your specs.
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
Dir[File.expand_path("../factories/*.rb", __FILE__)].each { |f| require f }
|
metadata
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: permiso
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease:
|
5
|
+
version: 0.1.1
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Piotr Zolnierek
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
|
13
|
+
date: 2011-07-12 00:00:00 +02:00
|
14
|
+
default_executable:
|
15
|
+
dependencies: []
|
16
|
+
|
17
|
+
description: see README.md
|
18
|
+
email:
|
19
|
+
- pzolnierek@gmail.com
|
20
|
+
executables: []
|
21
|
+
|
22
|
+
extensions: []
|
23
|
+
|
24
|
+
extra_rdoc_files: []
|
25
|
+
|
26
|
+
files:
|
27
|
+
- .gitignore
|
28
|
+
- .rspec
|
29
|
+
- Gemfile
|
30
|
+
- README.md
|
31
|
+
- Rakefile
|
32
|
+
- lib/permiso.rb
|
33
|
+
- lib/permiso/version.rb
|
34
|
+
- permiso.gemspec
|
35
|
+
- spec/lib/permiso_spec.rb
|
36
|
+
- spec/spec.rake
|
37
|
+
- spec/spec_helper.rb
|
38
|
+
has_rdoc: true
|
39
|
+
homepage: https://github.com/pzol/permiso
|
40
|
+
licenses: []
|
41
|
+
|
42
|
+
post_install_message:
|
43
|
+
rdoc_options: []
|
44
|
+
|
45
|
+
require_paths:
|
46
|
+
- lib
|
47
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
48
|
+
none: false
|
49
|
+
requirements:
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: "0"
|
53
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
54
|
+
none: false
|
55
|
+
requirements:
|
56
|
+
- - ">="
|
57
|
+
- !ruby/object:Gem::Version
|
58
|
+
version: "0"
|
59
|
+
requirements: []
|
60
|
+
|
61
|
+
rubyforge_project: permiso
|
62
|
+
rubygems_version: 1.6.2
|
63
|
+
signing_key:
|
64
|
+
specification_version: 3
|
65
|
+
summary: A lightweight gem for checking permissions
|
66
|
+
test_files:
|
67
|
+
- spec/lib/permiso_spec.rb
|
68
|
+
- spec/spec.rake
|
69
|
+
- spec/spec_helper.rb
|