permission_policy 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cf58d8db5cb145457f2477e95784d7083d1ae3a9
-  data.tar.gz: 6186f34bf9b8171db1b061123e37d78c975c25b2
+  metadata.gz: 6d2d704aebcb898411f640cda58737c5388bfb22
+  data.tar.gz: 26e0e5ac6d4651a91cf53e24595e60d2aa6c5bed
 SHA512:
-  metadata.gz: a01d8c7b01188ab26ad30d5ee23ea8e7c7f4c25c71f88a2bd5310849d09c6a3c2da8f30b12d091cd6fd0ca62f0133c435ad019c30dc58df931314ae339f481fe
-  data.tar.gz: 14fdc5e33244dd581c6f48cf940b24e1bec4f1297e526246c7a81457570c1b2b5625098256d3d2c58d76b24ee8b9ad0810313485f5921beb0debaff7d8d59f9d
+  metadata.gz: 826d4dabf7338132e1c8ffbdeebe22ec5c44538664f851e8f78278d726fae1efb2dffcbc618d176aacf4e7b79d9aba98c751d87a8b2d40c5e823dccdfb6948e1
+  data.tar.gz: a88607bf6a5ca746102a6d892d329d83b2ceb25081ce106721aa5a5719e8b7434d5fdfeaf0e177aaad029b6de2a614c3c21e29742415353aae6cc7cfeb430cad

data/CHANGELOG.md

@@ -1,4 +1,9 @@
 
+# 0.1.1
+
+  * [EXPERIMENT] possibility to read yml permission file
+
+
 # 0.1.0
 
   * [REFACTORING] change the way *configuration* is handled (breaking changes)

data/README.md

@@ -35,25 +35,13 @@ Or install it yourself as:
 
     $ gem install permission_policy
 
-## Usage
-
-You might want to configure which objects are needed for your permission handling.
+# API
 
-In a Rails App you can configure the gem with simple initializer file under `config/initializers/permission_policy.rb`.
+todo: describe each public method
 
-```
-  PermissionPolicy.configure do |c|
-    # c.precondition_attributes = [:current_user] # => default
-    c.strategy_order = [
-      :SuperAdminStrategy,
-      :FeatureStrategy,
-      :RuleStrategy,
-      :UnknownStrategy
-    ]
-  end
-```
+## Usage
 
-You can also configure this inside your Application Controller
+You might want to configure which objects are needed for your permission handling.
 
 ```
 
@@ -61,6 +49,7 @@ You can also configure this inside your Application Controller
     # ...
     authorize_with :current_user
     verify_authorization! => which will raise an NotVerified Exception if authorized! wasn't called
+    authorization_strategies :SuperAdminStrategy, :FeatureStrategy, :UnknownStrategy
     # ...
   end
 

data/lib/permission_policy/errors/reader_error.rb

@@ -0,0 +1,13 @@
+module PermissionPolicy
+  class ReaderError < StandardError
+    attr_reader :definition
+
+    def initialize(definition)
+      @definition = definition
+    end
+
+    def message
+      "#{definition} not defined"
+    end
+  end
+end

data/lib/permission_policy/permission_reader.rb

@@ -0,0 +1,46 @@
+require 'yaml'
+require 'active_support/core_ext/hash'
+
+module PermissionPolicy
+  class PermissionReader
+    attr_reader :file_path
+
+    def initialize(file_path)
+      @file_path = file_path
+    end
+
+    def permissions
+      @permissions = to_hash[:permissions]
+    end
+
+    def roles
+      @roles = to_hash[:roles]
+    end
+
+    def to_hash
+      @raw ||= read_file.with_indifferent_access
+    end
+
+    def features
+      permissions.keys
+    end
+
+    def permitted?(feature, action, role)
+      ensure_definition!(feature, action, role)
+
+      permissions[feature][action].include? role
+    end
+
+    private
+
+    def ensure_definition!(feature, action, role)
+      raise PermissionPolicy::ReaderError, feature unless features.include? feature
+      raise PermissionPolicy::ReaderError, action  unless permissions[feature].keys.include? action
+      raise PermissionPolicy::ReaderError, role    unless roles.include? role
+    end
+
+    def read_file
+      YAML.load_file(file_path)
+    end
+  end
+end

data/lib/permission_policy/version.rb

@@ -1,3 +1,3 @@
 module PermissionPolicy
-  VERSION = '0.1.0'
+  VERSION = '0.1.1'
 end

data/lib/permission_policy.rb

@@ -9,6 +9,8 @@ module PermissionPolicy
   autoload :MissingPrecondition, 'permission_policy/errors/missing_precondition'
   autoload :NotAllowed, 'permission_policy/errors/not_allowed'
   autoload :NotVerified, 'permission_policy/errors/not_verified'
+  autoload :ReaderError, 'permission_policy/errors/reader_error'
+  autoload :PermissionReader, 'permission_policy/permission_reader'
 
   module Strategies
     autoload :BaseStrategy, 'permission_policy/strategies/base_strategy'

data/spec/permission_policy/fixtures/permissions.yml

@@ -0,0 +1,27 @@
+---
+roles: &roles
+  - super_admin
+  - foo
+  - bar
+  - baz
+
+permissions:
+  fancy_feature:
+    index:
+      - super_admin
+      - foo
+    show: *roles
+    create: *roles
+    update: *roles
+    delete:
+      - super_admin
+  user_management:
+    index:
+      - super_admin
+    show:
+      - baz
+    create:
+    update: *roles
+    delete:
+      - super_admin
+

data/spec/permission_policy/permission_integration_spec.rb

@@ -0,0 +1,52 @@
+require 'action_controller'
+
+User = Struct.new(:role)
+
+class PermissionTestController < ActionController::Metal
+  include AbstractController::Helpers
+  include AbstractController::Callbacks
+  include PermissionPolicy::ControllerAdditions::InstanceMethods
+  extend PermissionPolicy::ControllerAdditions::ClassMethods
+
+  authorize_with :user
+  verify_authorization!
+  authorization_strategies :FeatureStrategy, :UnknownStrategy
+
+  def user
+    User.new('foo')
+  end
+
+  def index
+    authorize! :index, feature: :fancy_feature
+    'see me because allowed'
+  end
+
+  def delete
+    authorize! :delete, feature: :fancy_feature
+    'you wont see me'
+  end
+end
+
+
+class FeatureStrategy < PermissionPolicy::Strategies::BaseStrategy
+  def match?
+    options[:feature]
+  end
+
+  def allowed?
+    permissions.permitted? options[:feature].to_s, action.to_s, user.role
+  end
+
+  def permissions
+    PermissionPolicy::PermissionReader.new(File.expand_path('../fixtures/permissions.yml', __FILE__))
+  end
+end
+
+module PermissionPolicy
+  RSpec.describe 'Integration' do
+    subject { PermissionTestController.new }
+
+    it { expect(subject.process_action :index).to eq("see me because allowed") }
+    it { expect { subject.process_action :delete }.to raise_error PermissionPolicy::NotAllowed }
+  end
+end

data/spec/permission_policy/permission_reader_spec.rb

@@ -0,0 +1,27 @@
+module PermissionPolicy
+  RSpec.describe PermissionReader do
+    let(:test_file) { File.expand_path('../fixtures/permissions.yml', __FILE__) }
+    subject { described_class.new(test_file) }
+
+    it { expect(subject.features).to eq(['fancy_feature', 'user_management']) }
+    it { expect(subject.roles).to eq(['super_admin', 'foo', 'bar', 'baz']) }
+    it { expect(subject.permitted?('fancy_feature', 'create', 'foo')).to eq(true)}
+    it { expect(subject.permitted?('fancy_feature', 'index', 'bar')).to eq(false)}
+    it { expect(subject.permitted?('fancy_feature', 'delete', 'foo')).to eq(false)}
+
+    it 'no such Feature' do
+      expect { subject.permitted?(:yay, 'nay', 'hey') }
+        .to raise_error(PermissionPolicy::ReaderError, 'yay not defined')
+    end
+
+    it 'no such Action' do
+      expect { subject.permitted?('fancy_feature', :nay, 'hey') }
+        .to raise_error(PermissionPolicy::ReaderError, 'nay not defined')
+    end
+
+    it 'no such Role' do
+      expect { subject.permitted?('fancy_feature', 'index', 'hey')
+         }.to raise_error(PermissionPolicy::ReaderError, 'hey not defined')
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: permission_policy
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Marco Schaden
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-04 00:00:00.000000000 Z
+date: 2015-02-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -147,6 +147,8 @@ files:
 - lib/permission_policy/errors/missing_precondition.rb
 - lib/permission_policy/errors/not_allowed.rb
 - lib/permission_policy/errors/not_verified.rb
+- lib/permission_policy/errors/reader_error.rb
+- lib/permission_policy/permission_reader.rb
 - lib/permission_policy/railtie.rb
 - lib/permission_policy/strategies/base_strategy.rb
 - lib/permission_policy/strategies/unknown_strategy.rb
@@ -155,6 +157,9 @@ files:
 - spec/permission_policy/authorization_spec.rb
 - spec/permission_policy/configuration_spec.rb
 - spec/permission_policy/controller_additions_spec.rb
+- spec/permission_policy/fixtures/permissions.yml
+- spec/permission_policy/permission_integration_spec.rb
+- spec/permission_policy/permission_reader_spec.rb
 - spec/permission_policy/strategies/base_strategy_spec.rb
 - spec/spec_helper.rb
 homepage: ''
@@ -185,5 +190,8 @@ test_files:
 - spec/permission_policy/authorization_spec.rb
 - spec/permission_policy/configuration_spec.rb
 - spec/permission_policy/controller_additions_spec.rb
+- spec/permission_policy/fixtures/permissions.yml
+- spec/permission_policy/permission_integration_spec.rb
+- spec/permission_policy/permission_reader_spec.rb
 - spec/permission_policy/strategies/base_strategy_spec.rb
 - spec/spec_helper.rb