permission_policy 0.0.4 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4270c4a66af6696696e86232baff593192682436
-  data.tar.gz: 99588e8150ce43785cbf0424047ab3ac5a3cbae5
+  metadata.gz: cadbc4ee32c7e36250e69cd96ed2bce398e78576
+  data.tar.gz: de595ace7d5f9b59a673f7f321cc30c170c32fbe
 SHA512:
-  metadata.gz: 9077834201652396ca2655c76b217f902610389fcbd7d9c792d0296da3ca6c00a5355d6a29aa9117e43da817e3f1bb7980aa78ac2d52414ad98bad2336dae35f
-  data.tar.gz: 409a76941ebc28ed6c455c19c8135f223fff3480ef7516546089d44748df85ab51d0cf54cbb633d2a6817c45a16ed37887461aed52136aaf293e4b94fc5d2dcf
+  metadata.gz: a008f46a93ce18c0e4362ab3bc1df6c333ef5f15cf54203e7fbcd366a4e7a2038b8a060b544fc9dbba8df3a7a1866c34d715bab826c8d66022681c7fa567b124
+  data.tar.gz: 4141460cc62059eadc6f25b4fdc3f20c2de89e74e950bcbf313e543a2d2159aaa1e0190059a9f274ff65549779a81d5ea21fc245ff723c3da82a64304a5cbf03

data/CHANGELOG.md

@@ -1,4 +1,10 @@
 
+# 0.0.5
+
+  * [REVERT] the logger was a good idea, but I'm not happy with the implementation
+  * [ENHANCEMENT] ensure authorization verification to lock all not permitted actions
+
+
 # 0.0.4
 
   * [BUGFIX] the debug logger was always enabled

data/README.md

@@ -29,7 +29,6 @@ In a Rails App you can configure the gem with simple initializer file under `con
 ```
   PermissionPolicy.configure do |c|
     # c.precondition_attributes = [:current_user] # => default
-    c.debug_logger = true # => useful for debugging which strategy matched
     c.strategy_order = [
       :SuperAdminStrategy,
       :FeatureStrategy,
@@ -39,6 +38,19 @@ In a Rails App you can configure the gem with simple initializer file under `con
   end
 ```
 
+You can also configure this inside your Application Controller
+
+```
+
+  class ApplicationController < ActionController::Base
+    # ...
+    authorize_with :current_user
+    verify_authorization! => which will raise an NotVerified Exception if authorized! wasn't called
+    # ...
+  end
+
+```
+
 The main idea is that strategies decide if they are responsible for authorization.
 A "base strategy" defines the object API for all strategies which can be
 used for permission checks. Each strategy should inherit from it and

data/lib/permission_policy/authorization.rb

@@ -1,6 +1,6 @@
 module PermissionPolicy
   class Authorization
-    attr_reader :preconditions
+    attr_reader :preconditions, :verified
 
     def initialize(context)
       @preconditions = []
@@ -32,6 +32,7 @@ module PermissionPolicy
     #   end
     #
     def authorize!(action, options = {})
+      @verified = true
       !!allowed?(action, options) or raise PermissionPolicy::NotAllowed
     end
 
@@ -39,11 +40,7 @@ module PermissionPolicy
 
     # Finds the matching strategy which can decide if the action is allowed by lazy checking
     def strategy_for(*args)
-      PermissionPolicy.strategies.lazy.map { |klass| Strategies.const_get(klass).new(self, *args) }.find do |s|
-        s.match?.tap do |match|
-          PermissionPolicy.log "#{s.class.name} #{match ? 'matched' : 'not matched'}"
-        end
-      end
+      PermissionPolicy.strategies.lazy.map { |klass| Strategies.const_get(klass).new(self, *args) }.find(&:match?)
     end
 
     def set!(var, value)

data/lib/permission_policy/configuration.rb

@@ -8,12 +8,8 @@ module PermissionPolicy
       strategy_order || [:UnknownStrategy]
     end
 
-    def log(message)
-      logging.debug(message) if debug_logger
-    end
-
-    def logging
-      logger || Logger.new(STDOUT)
+    def verification
+      verify_authorization || false
     end
   end
 
@@ -21,7 +17,7 @@ module PermissionPolicy
     attr_accessor :configuration
 
     extend Forwardable
-    delegate [:preconditions, :strategies, :log] => :config
+    delegate [:preconditions, :strategies, :verification] => :config
 
     def configure
       yield(config)
@@ -34,5 +30,9 @@ module PermissionPolicy
     def authorize_with(*args)
       configure { |c| c.precondition_attributes = *args }
     end
+
+    def verify_authorization!(setting)
+      configure { |c| c.verify_authorization = setting }
+    end
   end
 end

data/lib/permission_policy/controller_additions.rb

@@ -6,6 +6,10 @@ module PermissionPolicy
       def authorize_with(*args)
         PermissionPolicy.authorize_with(*args)
       end
+
+      def verify_authorization!(setting = true)
+        PermissionPolicy.verify_authorization!(setting)
+      end
     end
 
     module InstanceMethods
@@ -15,11 +19,16 @@ module PermissionPolicy
         helper_method :allowed?
         delegate :allowed?, to: :permission_policy
         delegate :authorize!, to: :permission_policy
+        after_action -> { verify_authorization if PermissionPolicy.verification }
       end
 
       def permission_policy
         @permission_policy ||= PermissionPolicy::Authorization.new(self)
       end
+
+      def verify_authorization
+        raise PermissionPolicy::NotVerified unless @permission_policy.verified
+      end
     end
   end
 end

data/lib/permission_policy/errors/not_verified.rb

@@ -0,0 +1,7 @@
+module PermissionPolicy
+  class NotVerified < StandardError
+    def message
+      'authorization not verified'
+    end
+  end
+end

data/lib/permission_policy/version.rb

@@ -1,3 +1,3 @@
 module PermissionPolicy
-  VERSION = '0.0.4'
+  VERSION = '0.0.5'
 end

data/lib/permission_policy.rb

@@ -8,6 +8,7 @@ module PermissionPolicy
   autoload :Authorization, 'permission_policy/authorization'
   autoload :MissingPrecondition, 'permission_policy/errors/missing_precondition'
   autoload :NotAllowed, 'permission_policy/errors/not_allowed'
+  autoload :NotVerified, 'permission_policy/errors/not_verified'
 
   module Strategies
     autoload :BaseStrategy, 'permission_policy/strategies/base_strategy'

data/spec/permission_policy/controller_additions_spec.rb

@@ -2,6 +2,7 @@ require 'action_controller'
 
 class MetalTestController < ActionController::Metal
   include AbstractController::Helpers
+  include AbstractController::Callbacks
   include PermissionPolicy::ControllerAdditions::InstanceMethods
   extend PermissionPolicy::ControllerAdditions::ClassMethods
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: permission_policy
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors:
 - Marco Schaden
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-23 00:00:00.000000000 Z
+date: 2015-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -146,6 +146,7 @@ files:
 - lib/permission_policy/controller_additions.rb
 - lib/permission_policy/errors/missing_precondition.rb
 - lib/permission_policy/errors/not_allowed.rb
+- lib/permission_policy/errors/not_verified.rb
 - lib/permission_policy/railtie.rb
 - lib/permission_policy/strategies/base_strategy.rb
 - lib/permission_policy/strategies/unknown_strategy.rb