punditry 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2e81287ab76fb1990f108538563b7b29f6b2a218
+  data.tar.gz: 708696dc885b6923d89e5bad137d64724642fbeb
+SHA512:
+  metadata.gz: fca8d0fe3a47075c8bb7934c94e31e457a5b59145687180ec376ab9f396bc042378be216fabec4b18a9480aeae62f76922e9bd1d4121232b090339b0c7123258
+  data.tar.gz: 2dc9ca0a8c4fdfe43c11adbf3346f39e6a3b343cdfe73698ecb4b95ac244e660aad531be0bf8ffb8106d48c7be2fd3d051abdaee2e231313226de6dbe484683d

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in punditry.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Jason Kriss
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,81 @@
+# Punditry
+
+A super-slim wrapper on top of [Pundit](https://github.com/elabs/pundit).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'punditry'
+
+And then execute:
+
+    $ bundle
+
+Include Punditry in your application controller:
+
+``` ruby
+class ApplicationController < ActionController::Base
+  include Punditry::Controller
+end
+```
+
+## Usage
+
+Punditry is essentially Pundit with a few minor additions. Instead of calling `authorize`, you call `authorize!`. This delegates to `authorize` underneath but will also return the passed in resource, allowing you to eliminate a line of code:
+
+``` ruby
+# with Pundit
+def update
+  @post = Post.find(params[:id])
+  authorize @post
+  if @post.update(post_params)
+    redirect_to @post
+  else
+    render :edit
+  end
+end
+```
+
+``` ruby
+# with Punditry
+def update
+  @post = authorize!(Post.find(params[:id]))
+  if @post.update(post_params)
+    redirect_to @post
+  else
+    render :edit
+  end
+end
+```
+
+Woohoo! Big win! I also prefer the bang method to indicate that it raises an error when it is not authorized, but that's a matter of taste.
+
+`authorize!` has one more addition. If you pass in a collection, it also calls `policy_scope` on the resource. This makes the assumption that you want to authorize `index` actions as well, instead of only scoping them. This is another matter of taste. Also, reflecting this assumption, Punditry verifies that every action calls `authorize!` including `index`. If you need to opt out of this, you can simply call `skip_authorization` in your controller:
+
+``` ruby
+class PostsController < ApplicationController
+  skip_authorization only: :check
+
+  def check
+  	# some action that does not require authorization
+  end
+end
+```
+
+`Punditry::Controller` gives you one other helper method. If you follow the recommendations [here](https://github.com/elabs/pundit#strong-parameters), then you can simply pass a resource to `whitelist` and get back the permitted attributes for that resource:
+
+``` ruby
+def update
+  @post = authorize!(Post.find(params[:id]))
+  if @post.update(whitelist(@post))
+    redirect_to @post
+  else
+    render :edit
+  end
+end
+```
+
+Punditry also provides you with a base policy `Punditry::Policy` that all of your polices should inherit from. This policy is very basic, but using it allows you to write tests like [this](http://thunderboltlabs.com/blog/2013/03/27/testing-pundit-policies-with-rspec/). Simply require `punditry/rspec` in your `spec_helper/rails_helper`.
+
+That's it. Punditry simply leverages the power and simplicity of Pundit while making things just slightly more convenient.

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/lib/punditry.rb

@@ -0,0 +1,7 @@
+require "punditry/controller"
+require "punditry/policy"
+require "punditry/version"
+
+module Punditry
+
+end

data/lib/punditry/controller.rb

@@ -0,0 +1,31 @@
+require "pundit"
+
+module Punditry
+  module Controller
+    extend ActiveSupport::Concern
+
+    include Pundit
+
+    included do
+      after_action :verify_authorized
+      after_action :verify_policy_scoped, only: :index
+    end
+
+    module ClassMethods
+      def skip_authorization(options = {})
+        skip_before_action(:verify_authorized, options)
+        skip_before_action(:verify_policy_scoped, options)
+      end
+    end
+
+    private
+    def authorize!(resource)
+      resource = policy_scope(resource) if resource.respond_to?(:to_a)
+      authorize(resource) && resource
+    end
+
+    def whitelist(resource)
+      params.permit(*policy(resource).permitted_attributes)
+    end
+  end
+end

data/lib/punditry/policy.rb

@@ -0,0 +1,60 @@
+module Punditry
+  class Policy
+    attr_reader :user, :resource
+
+    def initialize(user, resource)
+      @user = user
+      @resource = resource
+    end
+
+    def index?
+      false
+    end
+
+    def new?
+      false
+    end
+
+    def create?
+      false
+    end
+
+    def show?
+      false
+    end
+
+    def edit?
+      false
+    end
+
+    def update?
+      false
+    end
+
+    def destroy?
+      false
+    end
+
+    class Scope
+      attr_reader :user, :scope
+
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+
+      def resolve
+        scope
+      end
+    end
+
+    private
+    def parent
+      resource.instance_variable_get(:@association).owner if collection?
+    end
+
+    def collection?
+      resource.is_a?(ActiveRecord::Associations::CollectionProxy)
+    end
+  end
+end

data/lib/punditry/rspec.rb

@@ -0,0 +1,13 @@
+RSpec::Matchers.define :authorize do |action|
+  match do |policy|
+    policy.public_send("#{action}?")
+  end
+
+  failure_message do |policy|
+    "#{policy.class} does not authorize #{action} on #{policy.resource} for #{policy.user.inspect}."
+  end
+
+  failure_message_when_negated do |policy|
+    "#{policy.class} does not forbid #{action} on #{policy.resource} for #{policy.user.inspect}."
+  end
+end

data/lib/punditry/version.rb

@@ -0,0 +1,3 @@
+module Punditry
+  VERSION = "0.1.0"
+end

data/punditry.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'punditry/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "punditry"
+  spec.version       = Punditry::VERSION
+  spec.authors       = ["Jason Kriss"]
+  spec.email         = ["jasonkriss@gmail.com"]
+  spec.summary       = %q{A super-slim wrapper on top of Pundit.}
+  spec.homepage      = "https://github.com/jasonkriss/punditry"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "pundit"
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: punditry
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Jason Kriss
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: pundit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: 
+email:
+- jasonkriss@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/punditry.rb
+- lib/punditry/controller.rb
+- lib/punditry/policy.rb
+- lib/punditry/rspec.rb
+- lib/punditry/version.rb
+- punditry.gemspec
+homepage: https://github.com/jasonkriss/punditry
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.3
+signing_key: 
+specification_version: 4
+summary: A super-slim wrapper on top of Pundit.
+test_files: []