rabarber 1.0.5 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e54ea7ddbb816cbc279edf4cb5d8863086fb452528f1403da9c944e4d23b862a
-  data.tar.gz: a6cc1c88ced2c76561c368669e6413a476b7590fa105a9876a6dfcbd139c2b41
+  metadata.gz: bf7a31c94f695cb0edb8209562d07971f3fc712bd868bf589fd4b1ee4ffb2865
+  data.tar.gz: 2c5d939673b685beba64910dc4ee361f811d760cc8bb6982b502b3e0f4354c5b
 SHA512:
-  metadata.gz: ae10eca6248824b4dab6a7038b813933ee9ecaab1fd1cce67ef07ed95fdb0a77f5f70b3138574e9b42ea5d570da2a56186845978950b1fda03240e836cb07f8f
-  data.tar.gz: f8f4e00a8b76a8eb7a23e7ad7088ab38325e23ebd2ccab43b744def1d977b531f02866025c56f982578d3af8894582756bd980057159095a1bfe9eb3f6d261d5
+  metadata.gz: c513a7ea4140a12b37384b0bc91969eec5305f1d422a24d3a6117607d9b1b0dbdaa77398f4ce49fa2025b9fb1101439c09c274cded09acbb58a46b0bd54b9b3b
+  data.tar.gz: 93f18fe608254896b97e772e05d9c94e31f17f769fd4d4f5314460450d19408c7f3f41a1197a7834b43ab81e6bbf694446ed94b23df9af6b9e904040534afc1a

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 1.1.0
+
+- Add support for `unless` argument in `grant_access` method, allowing to define negated dynamic rules
+- Fix a bug where specifying a dynamic rule as a symbol without specifying an action would result in an error
+
 ## 1.0.5
 
 - Add co-author: [trafium](https://github.com/trafium)

data/README.md

@@ -3,13 +3,13 @@
 [![Gem Version](https://badge.fury.io/rb/rabarber.svg)](http://badge.fury.io/rb/rabarber)
 [![Github Actions badge](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml/badge.svg)](https://github.com/enjaku4/rabarber/actions/workflows/ci.yml)
 
-Rabarber is an authorization library for Ruby on Rails, primarily designed for use in the web layer of your application but not limited to that. It provides a set of useful tools for managing user roles and defining authorization rules.
+Rabarber is an authorization library for Ruby on Rails, primarily designed for use in the application layer but not limited to that. It offers a set of useful tools for managing user roles and defining authorization rules.
 
 ---
 
 **Example of Usage**:
 
-Consider a CRM where users with different roles have distinct access levels. For instance, the role 'accountant' can interact with invoices but cannot access marketing information, while the role 'marketer' has access to marketing-related data. Such authorization rules can be easily defined with Rabarber.
+Consider a CRM where users with different roles have distinct access levels. For instance, the role `accountant` can interact with invoices but cannot access marketing information, while the role `marketer` has access to marketing-related data. Such authorization rules can be easily defined with Rabarber.
 
 ---
 
@@ -145,7 +145,11 @@ Rabarber::Role.names
 
 `Rabarber::Role` is a model that represents roles within your application. It has a single attribute, `name`, which is validated for both uniqueness and presence. You can treat `Rabarber::Role` as a regular Rails model and use Active Record methods on it if necessary.
 
-Utilize the aforementioned methods to manipulate user roles. For example, create a custom UI for managing roles or assign necessary roles during migration or runtime (e.g., when the user is created). You can also write custom authorization policies based on `#has_role?` method (e.g., to scope the data that the user can access). Adapt these methods to fit the requirements of your application.
+*Utilize the aforementioned methods to manipulate user roles. For example, create a UI for managing roles or assign roles during migration or runtime (e.g. when the user is created).*
+
+*You are also encouraged to write your own authorization policies based on `#has_role?` method (e.g. to scope the data that the role can access).*
+
+*Adapt the tools Rabarber provides to fit the requirements of your application.*
 
 ## Authorization Rules
 
@@ -221,11 +225,12 @@ This allows everyone to access `OrdersController` and its children and `index` a
 
 If you've set `must_have_roles` setting to `true`, then, only the users with at least one role can have access. This setting can be useful if your requirements are such that users without roles are not allowed to see anything.
 
-For more complex rules, Rabarber provides the following:
+For more complex cases, Rabarber provides dynamic rules:
 
 ```rb
 class OrdersController < ApplicationController
   grant_access if: :user_has_access?
+  grant_access unless: :user_has_no_access?
   ...
 
   private
@@ -233,6 +238,10 @@ class OrdersController < ApplicationController
   def user_has_access?
     ...
   end
+
+  def user_has_no_access?
+    ...
+  end
 end
 
 class InvoicesController < ApplicationController
@@ -240,11 +249,16 @@ class InvoicesController < ApplicationController
   def index
     ...
   end
+
+  grant_access action: :show, roles: :client, unless: -> { current_user.banned? }
+  def show
+    ...
+  end
 end
 ```
-You can pass a custom rule as `if` argument. It can be a symbol (the method with the same name will be called) or a lambda.
+You can pass a dynamic rule as `if` or `unless` argument. It can be a symbol (the method with the same name will be called) or a lambda.
 
-Rules defined in children don't override parent rules but rather add to them:
+Rules defined in child classes don't override parent rules but rather add to them:
 ```rb
 class Crm::BaseController < ApplicationController
   grant_access roles: :admin

data/lib/rabarber/access.rb

@@ -2,25 +2,25 @@
 
 module Rabarber
   module Access
-    def access_granted?(roles, controller, action, custom_rule_receiver)
-      controller_accessible?(roles, controller, custom_rule_receiver) ||
-        action_accessible?(roles, controller, action, custom_rule_receiver)
+    def access_granted?(roles, controller, action, dynamic_rule_receiver)
+      controller_accessible?(roles, controller, dynamic_rule_receiver) ||
+        action_accessible?(roles, controller, action, dynamic_rule_receiver)
     end
 
-    def controller_accessible?(roles, controller, custom_rule_receiver)
-      accessible_controllers(roles, custom_rule_receiver).any? do |accessible_controller|
+    def controller_accessible?(roles, controller, dynamic_rule_receiver)
+      accessible_controllers(roles, dynamic_rule_receiver).any? do |accessible_controller|
         controller <= accessible_controller
       end
     end
 
-    def action_accessible?(roles, controller, action, custom_rule_receiver)
-      action_rules[controller].any? { |rule| rule.verify_access(roles, custom_rule_receiver, action) }
+    def action_accessible?(roles, controller, action, dynamic_rule_receiver)
+      action_rules[controller].any? { |rule| rule.verify_access(roles, dynamic_rule_receiver, action) }
     end
 
     private
 
-    def accessible_controllers(roles, custom_rule_receiver)
-      controller_rules.select { |_, rule| rule.verify_access(roles, custom_rule_receiver) }.keys
+    def accessible_controllers(roles, dynamic_rule_receiver)
+      controller_rules.select { |_, rule| rule.verify_access(roles, dynamic_rule_receiver) }.keys
     end
   end
 end

data/lib/rabarber/controllers/concerns/authorization.rb

@@ -9,8 +9,10 @@ module Rabarber
     end
 
     class_methods do
-      def grant_access(action: nil, roles: nil, if: nil)
-        Permissions.write(self, action, roles, binding.local_variable_get(:if))
+      def grant_access(action: nil, roles: nil, if: nil, unless: nil)
+        dynamic_rule, negated_dynamic_rule = binding.local_variable_get(:if), binding.local_variable_get(:unless)
+
+        Permissions.write(self, action, roles, dynamic_rule, negated_dynamic_rule)
       end
     end
 

data/lib/rabarber/permissions.rb

@@ -15,8 +15,8 @@ module Rabarber
       @storage = { controller_rules: Hash.new({}), action_rules: Hash.new([]) }
     end
 
-    def self.write(controller, action, roles, custom_rule)
-      rule = Rule.new(action, roles, custom_rule)
+    def self.write(controller, action, roles, dynamic_rule, negated_dynamic_rule)
+      rule = Rule.new(action, roles, dynamic_rule, negated_dynamic_rule)
 
       if action
         instance.storage[:action_rules][controller] += [rule]

data/lib/rabarber/rule.rb

@@ -2,16 +2,17 @@
 
 module Rabarber
   class Rule
-    attr_reader :action, :roles, :custom
+    attr_reader :action, :roles, :dynamic_rule, :negated_dynamic_rule
 
-    def initialize(action, roles, custom)
+    def initialize(action, roles, dynamic_rule, negated_dynamic_rule)
       @action = pre_process_action(action)
       @roles = RoleNames.pre_process(Array(roles))
-      @custom = pre_process_custom_rule(custom)
+      @dynamic_rule = pre_process_dynamic_rule(dynamic_rule)
+      @negated_dynamic_rule = pre_process_dynamic_rule(negated_dynamic_rule)
     end
 
-    def verify_access(user_roles, custom_rule_receiver, action_name = nil)
-      action_accessible?(action_name) && roles_permitted?(user_roles) && custom_rule_followed?(custom_rule_receiver)
+    def verify_access(user_roles, dynamic_rule_receiver, action_name = nil)
+      action_accessible?(action_name) && roles_permitted?(user_roles) && dynamic_rule_followed?(dynamic_rule_receiver)
     end
 
     def action_accessible?(action_name)
@@ -24,18 +25,24 @@ module Rabarber
       roles.empty? || (roles & user_roles).any?
     end
 
-    def custom_rule_followed?(custom_rule_receiver)
-      custom.nil? || execute_custom_rule(custom_rule_receiver)
+    def dynamic_rule_followed?(dynamic_rule_receiver)
+      !!(execute_dynamic_rule(dynamic_rule_receiver, false) && execute_dynamic_rule(dynamic_rule_receiver, true))
     end
 
     private
 
-    def execute_custom_rule(custom_rule_receiver)
-      if custom.is_a?(Proc)
-        custom_rule_receiver.instance_exec(&custom)
-      else
-        custom_rule_receiver.send(custom)
-      end
+    def execute_dynamic_rule(dynamic_rule_receiver, is_negated)
+      rule = is_negated ? negated_dynamic_rule : dynamic_rule
+
+      return true if rule.nil?
+
+      result = if rule.is_a?(Proc)
+                 dynamic_rule_receiver.instance_exec(&rule)
+               else
+                 dynamic_rule_receiver.send(rule)
+               end
+
+      is_negated ? !result : result
     end
 
     def pre_process_action(action)
@@ -45,11 +52,11 @@ module Rabarber
       raise InvalidArgumentError, "Action name must be a Symbol or a String"
     end
 
-    def pre_process_custom_rule(custom)
-      return custom.to_sym if (custom.is_a?(String) || custom.is_a?(Symbol)) && action.present?
-      return custom if custom.nil? || custom.is_a?(Proc)
+    def pre_process_dynamic_rule(rule)
+      return rule.to_sym if (rule.is_a?(String) || rule.is_a?(Symbol)) && rule.present?
+      return rule if rule.nil? || rule.is_a?(Proc)
 
-      raise InvalidArgumentError, "Custom rule must be a Symbol, a String, or a Proc"
+      raise InvalidArgumentError, "Dynamic rule must be a Symbol, a String, or a Proc"
     end
   end
 end

data/lib/rabarber/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rabarber
-  VERSION = "1.0.5"
+  VERSION = "1.1.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rabarber
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.1.0
 platform: ruby
 authors:
 - enjaku4
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-10 00:00:00.000000000 Z
+date: 2024-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails