permission_policy 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c8ea6d2e2a7840711423115ac405faa69f1f4e1f
-  data.tar.gz: 1537caf4e3d92a1a32710e9e6bc895f68a7becce
+  metadata.gz: e282b311b9a97875e9918d7fe57f6c1c19150d81
+  data.tar.gz: 24241e62b1a2355be883b2d3edec11f141c2d250
 SHA512:
-  metadata.gz: dc15add153228915f7260aaf366db7363a8aeb033b1e4df5ed6bf6717b074e533f127988e5f08098502364ae3846dcf79c433c68a5e29489b0a772058dbd5e7c
-  data.tar.gz: d00d2c74aa4effd92e9b9851af5f616ea6996b216f975693f01d0a8673317f248cd65cbae7398a140e78662f5419dab7b5146d19e54a564605dbdefa23ab5766
+  metadata.gz: 7049c534d01ebaa7e4472c57e6a12dd56973d9eb4d22d3e2c18da977adde0472ce1a09c9d0516b353b0d7b50ef6e9ba9e6cd1c1ab97485880609cc5cb358b4aa
+  data.tar.gz: b7b4be9758970112f4c462aee6328ddecc667e7d7d99430976c5f4bdedf9fe1a510bddb415e25620b6ac636a293d17899c5fdb43cf9f3f00e9464a04fefb0b80

data/.rubocop.yml

@@ -0,0 +1,56 @@
+AllCops:
+  Exclude:
+    - '**/Rakefile'
+    - '**/Gemfile'
+    - '**/Guardfile'
+    - 'spec/**/*'
+
+Metrics/LineLength:
+  Max: 120 # this is already a lot
+
+Lint/AssignmentInCondition:
+  Enabled: false # it can be a nice shortcut
+
+Style/Documentation:
+  Enabled: false # atm we don't need this
+
+Style/DoubleNegation:
+  Enabled: false # the double !! are great for explicitly return true or false
+
+Style/SignalException:
+  Enabled: false # prefer raise over fail
+
+Style/AndOr:
+  Enabled: false # for controlflow 'and' & 'or' are great
+  # but yes they can be tricky because of their operational precendence:
+  # http://ruby-doc.org/core-2.0/doc/syntax/precedence_rdoc.html
+
+Metrics/CyclomaticComplexity:
+  # count of the number of linearly independent paths
+  Max: 4 # don't go ever higher than 5, because then it makes no sense at all.
+  # for a tradeoff you can disable it locally in a section of a file with:
+  # rubocop:disable Metrics/CyclomaticComplexity
+
+Metrics/PerceivedComplexity:
+  # the perceived complexity is often higher than the cyclomatic complexity
+  Max: 5 # the optimal value can be different for each developer depending on the experience
+  # for a tradeoff you can disable it locally in a section of a file with:
+  # rubocop:disable Metrics/PerceivedComplexity
+
+Metrics/MethodLength:
+  Max: 10 # this is already a lot, but for some controller actions a big if/else is more readable
+
+Style/GuardClause:
+  Enabled: false # usually this blows up the line over the maximum line length
+
+Style/WordArray:
+  Enabled: false # sometimes not as readable as plain string array
+
+Style/TrailingComma:
+  Enabled: false # we think it's good practice, because of cleaner git diffs
+
+Style/RegexpLiteral:
+  Enabled: false # we like %r{} a lot
+
+Style/RaiseArgs:
+  Enabled: false # don't agree

data/Guardfile

@@ -0,0 +1,5 @@
+guard :rspec, cmd: 'bundle exec rspec' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { 'spec' }
+  watch('spec/spec_helper.rb')  { 'spec' }
+end

data/Rakefile

@@ -1,6 +1,8 @@
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
+require 'rubocop/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
+RuboCop::RakeTask.new
 
-task default: :spec
+task default: [:spec, :rubocop]

data/lib/permission_policy/authorization.rb

@@ -0,0 +1,50 @@
+module PermissionPolicy
+  class Authorization
+    attr_reader :preconditions
+
+    def initialize(context)
+      @preconditions = []
+
+      PermissionPolicy.preconditions.each do |precondition|
+        set! precondition, context.public_send(precondition)
+        @preconditions << precondition
+      end
+    end
+
+    # Decides if the action is allowed based on the matching strategy.
+    # You may want to use this method for controlflow inside views.
+    #
+    # Example:
+    #
+    #  do_something if allowed?(:manage, subject: my_subject)
+    #
+    def allowed?(action, options = {})
+      strategy_for(action, options).allowed?
+    end
+
+    # Delegates to #allowed? but raises a NotAllowed exception when false.
+    # You may want to use this method for halting the execution of a controller method.
+    #
+    # Example:
+    #
+    #   def edit
+    #     allow!(:manage, subject: my_subject)
+    #   end
+    #
+    def authorize!(action, options = {})
+      !!allowed?(action, options) or raise PermissionPolicy::NotAllowed
+    end
+
+    private
+
+    # Finds the matching strategy which can decide if the action is allowed by lazy checking
+    def strategy_for(*args)
+      PermissionPolicy.strategies.lazy.map { |klass| Strategies.const_get(klass).new(self, *args) }.find(&:match?)
+    end
+
+    def set!(var, value)
+      self.class.send(:attr_reader, var)
+      instance_variable_set(:"@#{var}", value) or raise PermissionPolicy::MissingPrecondition.new(var)
+    end
+  end
+end

data/lib/permission_policy/configuration.rb

@@ -0,0 +1,30 @@
+module PermissionPolicy
+  class Configuration < OpenStruct
+    def preconditions
+      precondition_attributes || [:current_user]
+    end
+
+    def strategies
+      strategy_order || [:UnknownStrategy]
+    end
+  end
+
+  class << self
+    attr_accessor :configuration
+
+    extend Forwardable
+    delegate [:preconditions, :strategies] => :config
+
+    def configure
+      yield(config)
+    end
+
+    def config
+      self.configuration ||= Configuration.new
+    end
+
+    def authorize_with(*args)
+      configure { |c| c.precondition_attributes = *args }
+    end
+  end
+end

data/lib/permission_policy/controller_additions.rb

@@ -0,0 +1,25 @@
+require 'active_support/concern'
+
+module PermissionPolicy
+  module ControllerAdditions
+    module ClassMethods
+      def authorize_with(*args)
+        PermissionPolicy.authorize_with(*args)
+      end
+    end
+
+    module InstanceMethods
+      extend ActiveSupport::Concern
+
+      included do
+        helper_method :allowed?
+        delegate :allowed?, to: :permission_policy
+        delegate :authorize!, to: :permission_policy
+      end
+
+      def permission_policy
+        @permission_policy ||= PermissionPolicy::Authorization.new(self)
+      end
+    end
+  end
+end

data/lib/permission_policy/errors/missing_precondition.rb

@@ -0,0 +1,13 @@
+module PermissionPolicy
+  class MissingPrecondition < StandardError
+    attr_reader :precondition
+
+    def initialize(precondition)
+      @precondition = precondition
+    end
+
+    def message
+      "missing precondition: #{precondition}"
+    end
+  end
+end

data/lib/permission_policy/errors/not_allowed.rb

@@ -0,0 +1,4 @@
+module PermissionPolicy
+  class NotAllowed < StandardError
+  end
+end

data/lib/permission_policy/railtie.rb

@@ -0,0 +1,10 @@
+module PermissionPolicy
+  class Railtie < ::Rails::Railtie
+    initializer 'permission_policy.configure_controller' do
+      ActiveSupport.on_load :action_controller do
+        include PermissionPolicy::ControllerAdditions::InstanceMethods
+        extend PermissionPolicy::ControllerAdditions::ClassMethods
+      end
+    end
+  end
+end

data/lib/permission_policy/strategies/base_strategy.rb

@@ -0,0 +1,44 @@
+module PermissionPolicy
+  module Strategies
+    #
+    # The base strategy defines the object API for all strategies which can be
+    # used for permission checks. Each strategy should inherit from it and
+    # implement #match? and #allowed?
+    #
+    class BaseStrategy
+      # attributes which are available for #match? and #allowed?
+      # are passed from the authorization class.
+      #
+      # precondition_attributes:: for example [:current_user]
+      # action:: This will be :view or :manage
+      # options:: A hash having :subject or :feature as keys
+      attr_accessor :action, :options
+
+      def initialize(authorization, action = nil, options = {})
+        authorization.preconditions.each do |attribute|
+          self.class.send(:attr_accessor, attribute)
+          instance_variable_set(:"@#{attribute}", authorization.public_send(attribute))
+        end
+
+        self.action = action
+        self.options = options
+      end
+
+      # Check if the strategy is responsible for handling the permission check
+      # Has to return true or false
+      def match?
+        raise NotImplementedError, 'please implement #match? '\
+          "for #{self.class.name} which should return true or false, "\
+          'depending on if it can decide #allowed?'
+      end
+
+      # Check if user has necessary permission
+      # Has to return true or false
+      def allowed?
+        raise NotImplementedError, 'please implement #allowed? '\
+          "for #{self.class.name} which should decide if the action is allowed, "\
+          'based on the given attributes'
+      end
+    end
+  end
+end

data/lib/permission_policy/strategies/unknown_strategy.rb

@@ -0,0 +1,15 @@
+module PermissionPolicy
+  module Strategies
+    # Fallback strategy if no other matches. It allways matches and always
+    # denies access no matter what.
+    class UnknownStrategy < BaseStrategy
+      def match?
+        true
+      end
+
+      def allowed?
+        false
+      end
+    end
+  end
+end

data/lib/permission_policy/version.rb

@@ -1,3 +1,3 @@
 module PermissionPolicy
-  VERSION = '0.0.1'
+  VERSION = '0.0.2'
 end

data/lib/permission_policy.rb

@@ -1,4 +1,16 @@
-require "permission_policy/version"
+require 'ostruct'
+require 'permission_policy/version'
+require 'permission_policy/configuration'
+require 'permission_policy/railtie' if defined?(Rails)
+require 'permission_policy/controller_additions'
 
 module PermissionPolicy
+  autoload :Authorization, 'permission_policy/authorization'
+  autoload :MissingPrecondition, 'permission_policy/errors/missing_precondition'
+  autoload :NotAllowed, 'permission_policy/errors/not_allowed'
+
+  module Strategies
+    autoload :BaseStrategy, 'permission_policy/strategies/base_strategy'
+    autoload :UnknownStrategy, 'permission_policy/strategies/unknown_strategy'
+  end
 end

data/permission_policy.gemspec

@@ -8,8 +8,8 @@ Gem::Specification.new do |spec|
   spec.version       = PermissionPolicy::VERSION
   spec.authors       = ['Marco Schaden', 'Maximilian Schulz']
   spec.email         = ['marco@railslove.com', 'max@railslove.com']
-  spec.summary       = %q{Without order, there is chaos}
-  spec.description   = %q{Expandable object oriented authorization solution for Ruby/Rails applications}
+  spec.summary       = 'Without order, there is chaos'
+  spec.description   = 'Expandable object oriented authorization solution for Ruby/Rails applications'
   spec.homepage      = ''
   spec.license       = 'MIT'
 
@@ -18,10 +18,13 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'activesupport', '>= 3.0.0'
+  spec.add_dependency 'activesupport', '>= 4.0.0'
 
   spec.add_development_dependency 'bundler', '~> 1.6'
   spec.add_development_dependency 'rspec', '~> 3.0.0'
+  spec.add_development_dependency 'guard-rspec'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'actionpack', '>= 4.0.0'
 end

data/spec/permission_policy/authorization_spec.rb

@@ -0,0 +1,30 @@
+module PermissionPolicy
+  RSpec.describe 'Authorization' do
+    before do
+      PermissionPolicy.authorize_with :my_user, :my_account
+    end
+
+    subject { PermissionPolicy::Authorization.new(context) }
+
+    context 'valid' do
+      let(:context) { double('context', my_user: 'foo', my_account: 'bar') }
+
+      it 'sets attribute readers for each precondition' do
+        expect(subject.my_user).to eq('foo')
+        expect(subject.my_account).to eq('bar')
+      end
+
+      it 'remembers precondition attributes' do
+        expect(subject.preconditions).to eq([:my_user, :my_account])
+      end
+    end
+
+    context 'invalid' do
+      let(:context) { double('context', my_user: nil, my_account: nil) }
+
+      it 'raises missing precondition error' do
+        expect { subject }.to raise_error('missing precondition: my_user')
+      end
+    end
+  end
+end

data/spec/permission_policy/configuration_spec.rb

@@ -0,0 +1,13 @@
+module PermissionPolicy
+  RSpec.describe Configuration do
+    before { PermissionPolicy.configuration = nil }
+
+    it 'has a default precondition' do
+      expect(subject.preconditions).to eq([:current_user])
+    end
+
+    it 'has a default strategy' do
+      expect(subject.strategies).to eq([:UnknownStrategy])
+    end
+  end
+end

data/spec/permission_policy/controller_additions_spec.rb

@@ -0,0 +1,42 @@
+require 'action_controller'
+
+class MetalTestController < ActionController::Metal
+  include AbstractController::Helpers
+  include PermissionPolicy::ControllerAdditions::InstanceMethods
+  extend PermissionPolicy::ControllerAdditions::ClassMethods
+
+  def foo
+  end
+
+  def bar
+  end
+end
+
+
+module PermissionPolicy
+  RSpec.describe 'ControllerAdditions' do
+    subject { MetalTestController.new }
+
+    context 'authorization' do
+      before do
+        MetalTestController.authorize_with :foo, :bar
+        is_expected.to receive(:foo) { 'foo' }
+        is_expected.to receive(:bar) { 'bar' }
+      end
+
+      it 'is available throuth #permission_policy' do
+        expect(subject.permission_policy).to be_kind_of(PermissionPolicy::Authorization)
+      end
+
+      it 'is initialized with preconditions' do
+        expect(subject.permission_policy.foo).to eq('foo')
+        expect(subject.permission_policy.bar).to eq('bar')
+      end
+    end
+
+    context 'helpers' do
+      it { is_expected.to respond_to :authorize! }
+      it { is_expected.to respond_to :allowed? }
+    end
+  end
+end

data/spec/permission_policy/strategies/base_strategy_spec.rb

@@ -0,0 +1,27 @@
+module PermissionPolicy
+  module Strategies
+    RSpec.describe BaseStrategy do
+
+      context 'valid' do
+        let(:authorization) { double('authorization', preconditions: [:current_user], current_user: 'me') }
+        let(:action) { :foo }
+        let(:options) { { something: 'nice' } }
+
+        subject { described_class.new(authorization, action, options) }
+
+        it 'sets dynamic attributes' do
+          expect(subject.current_user).to eq('me')
+        end
+
+        it 'sets action' do
+          expect(subject.action).to eq(:foo)
+        end
+
+        it 'sets options' do
+          expect(subject.options[:something]).to eq('nice')
+        end
+      end
+
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -1,3 +1,8 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'permission_policy'
+
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
 
 RSpec.configure do |config|
 # The settings below are suggested to provide a good initial experience

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: permission_policy
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Marco Schaden
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-08 00:00:00.000000000 Z
+date: 2015-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -17,14 +17,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -53,6 +53,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 3.0.0
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -81,6 +95,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 4.0.0
 description: Expandable object oriented authorization solution for Ruby/Rails applications
 email:
 - marco@railslove.com
@@ -91,13 +133,27 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".rubocop.yml"
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - lib/permission_policy.rb
+- lib/permission_policy/authorization.rb
+- lib/permission_policy/configuration.rb
+- lib/permission_policy/controller_additions.rb
+- lib/permission_policy/errors/missing_precondition.rb
+- lib/permission_policy/errors/not_allowed.rb
+- lib/permission_policy/railtie.rb
+- lib/permission_policy/strategies/base_strategy.rb
+- lib/permission_policy/strategies/unknown_strategy.rb
 - lib/permission_policy/version.rb
 - permission_policy.gemspec
+- spec/permission_policy/authorization_spec.rb
+- spec/permission_policy/configuration_spec.rb
+- spec/permission_policy/controller_additions_spec.rb
+- spec/permission_policy/strategies/base_strategy_spec.rb
 - spec/spec_helper.rb
 homepage: ''
 licenses:
@@ -124,4 +180,8 @@ signing_key:
 specification_version: 4
 summary: Without order, there is chaos
 test_files:
+- spec/permission_policy/authorization_spec.rb
+- spec/permission_policy/configuration_spec.rb
+- spec/permission_policy/controller_additions_spec.rb
+- spec/permission_policy/strategies/base_strategy_spec.rb
 - spec/spec_helper.rb