rails-mongoid-gatekeeper 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 39a19fffe4acdc5dcb94739544c383afb5cee7105b57c5ab212e3002685f7f25
+  data.tar.gz: 841ac8420ce6f81cb6d9f841e87c0429963f8de3da42e41e0c0b6cf163913088
+SHA512:
+  metadata.gz: 29bc6c8b3580a431c36fd3d83a2af3e1d540c53bad63d39c2e0e41705c0a1a103b7fa8f03814a9d017704340a6fb650ceb1cdfd2028d3748b6dcf75c212aca74
+  data.tar.gz: cc812465b5effcc6fa6121df2620a72073d345cb30c6aaf906e28146212142eb5eef40e117f90e71e7c006b0b160b9e7d962f617067e0a67fab3d72cc1c557ed

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2019 Francesco Ballardin
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+# Gatekeeper
+Gatekeeper is a Rails engine for MongoDB which adds two simple functionalities:
+
+* Model methods to control which informations can be seen by a specific user.
+* Controller concern to handle HTML, JS and JSON responses.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'gatekeeper'
+```
+
+And then execute:
+```bash
+$ bundle install
+```
+
+## Usage
+
+### Models
+The first basic use is to define a model for your application and the information that can be accessed.
+
+```ruby
+# app/models/book.rb
+class Book
+
+  include Mongoid::Document
+
+  field   :name,          type: String
+  field   :internal_id,   type: Integer
+
+  allowed_info do |user|
+    case user.role
+    when :librarian
+      [ :name, :internal_id ]
+    when :customer
+      [ :name ]
+    end
+  end
+
+end
+```
+
+```ruby
+# app/models/user.rb
+class User
+
+  include Mongoid::Document
+
+  field   :name,          type: String
+  field   :role,          type: Symbol
+
+end
+```
+
+When accessing the model info:
+
+```ruby
+book = Book.new(name: 'Lord of the Rings', internal_id: 1234567)
+librarian = User.new(name: 'Tony', role: :librarian)
+customer = User.new(name: 'Bob', role: :customer)
+
+book.info               # { :name => "Lord of the Rings", :internal_id => 1234567 }
+book.info(librarian)    # { :name => "Lord of the Rings", :internal_id => 1234567 }
+book.info(customer)     # { :name => "Lord of the Rings" }
+```
+
+### Controllers
+On controllers, you can include `Gatekeeper::Respondable` to generate automatic responses for your HTML, JS, or JSON views. These responses contains information based on the `allowed_info` method specified in your models.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,29 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Gatekeeper'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/controllers/concerns/gatekeeper/respondable.rb

@@ -0,0 +1,107 @@
+module Gatekeeper
+  module Respondable
+
+    extend ActiveSupport::Concern
+
+      included do
+
+        respond_to    :html, :js, :json
+
+        before_action :set_current_user
+        after_action  :handle_response
+
+        ##
+        # Handles response based on request format.
+        def handle_response
+          fatto = performed?
+          unless performed?
+            if @error.present?
+              handle_error(@error)
+            else
+              respond_with do |format|
+                # Browser scope.
+                format.html do
+                  handle_response_html
+                end
+                # Rails remote form.
+                format.js do
+                  handle_response_js
+                end
+                # API / xhr scope.
+                format.json do
+                  handle_response_json
+                end
+              end
+            end
+          end
+        end
+
+        ##
+        # Handles any error case.
+        def handle_error(error)
+          # Can be overridden
+          render plain: error.inspect, status: 500
+        end
+
+        ##
+        # Sets current user.
+        def set_current_user
+          # Can be overridden
+          @current_user = Gatekeeper::User.new
+        end
+
+        protected
+
+          ##
+          # Handles HTML response.
+          def handle_response_html
+            if @errors.present? and action_name.in? [ 'create', 'update' ]
+              case action_name
+              when 'create' then render 'new.html'
+              when 'update' then render 'edit.html'
+              end
+            else
+              if @redirect_to.present?
+                redirect_to @redirect_to
+              else
+                case action_name
+                when 'create', 'update' then redirect_to(action: 'index')
+                when 'destroy' then redirect_to(action: 'index')
+                else render "#{action_name}.html" end
+              end
+            end
+          end
+
+          ##
+          # Handles JS response.
+          def handle_response_js
+            render "#{action_name}.js"
+          end
+
+          ##
+          # Gestisce il tipo di risposta JSON.
+          def handle_response_json
+            assigns = {}
+            if instance_variables.include? :@errors
+              assigned_variables = [ :@errors ]
+            else
+              assigned_variables = instance_variables.reject do |variable|
+                variable.to_s.starts_with?('@_') or variable.in? Gatekeeper.response_ignored_variables
+              end
+            end
+            assigned_variables.each do |variable|
+              variable_value = instance_variable_get(variable)
+              assigns[variable.to_s.gsub('@', '').camelize(:lower)] =
+                if variable_value.respond_to? :info
+                  variable_value.info(@current_user, keys: :camelized)
+                else
+                  variable_value.as_json
+                end
+            end
+            render json: assigns
+          end
+
+      end
+
+  end
+end

data/app/controllers/gatekeeper_controller.rb

@@ -0,0 +1,26 @@
+class GatekeeperController < ApplicationController
+
+  include Gatekeeper::Respondable
+
+  def index
+  end
+
+  def show
+  end
+
+  def new
+  end
+
+  def create
+  end
+
+  def edit
+  end
+
+  def update
+  end
+
+  def destroy
+  end
+
+end

data/app/models/gatekeeper/embedded_model.rb

@@ -0,0 +1,15 @@
+##
+# This is an example embedded model used for testing purposes.
+# It represents a real world model with various fields and methods.
+
+module Gatekeeper
+  class EmbeddedModel
+
+    include Mongoid::Document
+
+    field         :string_field,          type: String
+
+    embedded_in   :model,           class_name: 'Gatekeeper::Model'
+
+  end
+end

data/app/models/gatekeeper/model.rb

@@ -0,0 +1,28 @@
+##
+# This is an example model used for testing purposes.
+# It represents a real world model with various fields and methods.
+
+module Gatekeeper
+  class Model
+
+    include Mongoid::Document
+
+    field         :string_field,            type: String
+    field         :number_field,            type: Float
+    field         :date_field,              type: Date
+
+    embeds_many   :embedded_models,   class_name: 'Gatekeeper::EmbeddedModel'
+
+    has_many      :related_models,    class_name: 'Gatekeeper::RelatedModel'
+
+    ##
+    # Allowed info.
+    allowed_info do |user|
+      case user.role
+      when :editor
+        document_fields
+      end
+    end
+
+  end
+end

data/app/models/gatekeeper/related_model.rb

@@ -0,0 +1,15 @@
+##
+# This is an example related model used for testing purposes.
+# It represents a real world model with various fields and methods.
+
+module Gatekeeper
+  class RelatedModel
+
+    include Mongoid::Document
+
+    field         :string_field,          type: String
+
+    belongs_to    :model,           class_name: 'Gatekeeper::Model'
+
+  end
+end

data/app/models/gatekeeper/user.rb

@@ -0,0 +1,12 @@
+##
+# Example a of a user.
+module Gatekeeper
+  class User
+
+    include Mongoid::Document
+
+    field   :name,        type: String
+    field   :role,        type: Symbol
+
+  end
+end

data/config/initializers/disable_auto_render.rb

@@ -0,0 +1,8 @@
+module ActionController
+  module BasicImplicitRender # :nodoc:
+    def send_action(method, *args)
+      # super.tap { default_render unless performed? }
+      super
+    end
+  end
+end

data/config/initializers/mongoid/accessibility.rb

@@ -0,0 +1,95 @@
+module Mongoid
+  module Document
+
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+
+      ##
+      # Defines a user's accessible info.
+      def allowed_info(&block)
+        define_singleton_method :allowed_info_names do |user|
+          Gatekeeper.default_allowed_info_names(user, self, &block)
+        end
+      end
+
+    end
+
+    ##
+    # Returns fields, embeds and relations based on current user's allowed info.
+    def info(current_user = nil, options = {})
+      if current_user.present?
+        if self.class.respond_to? :allowed_info_names
+          exposed_info = self.class.allowed_info_names(current_user)
+        else
+          exposed_info = Gatekeeper.default_allowed_info_names(current_user, self.class)
+        end
+      else
+        exposed_info = document_fields | document_embeds
+      end
+
+      output = {}
+      # Maps id
+      output.store :id, self.id.to_s
+      # Maps all fields
+      (self.class.document_fields & exposed_info).each do |field_name|
+        output.store field_name, self.send(field_name)
+      end
+      # Maps embedded relations
+      (self.class.document_embeds & exposed_info).each do |embed_name|
+        embed = self.send(embed_name)
+        if embed.is_a? Array
+          output[embed_name] = embed.map do |embedded_document|
+            embedded_document.info(current_user)
+          end
+        else
+          output[embed_name] = embed.info(current_user)
+        end
+      end
+      # Maps standard relations (only if included in the options)
+      self.class.document_relations & ([ options[:include] ].compact.flatten).each do |relation_name|
+        relation = self.send(relation_name)
+        if relation.is_a? Mongoid::Association::Referenced::HasMany::Targets::Enumerable
+          output[relation_name] = relation.map do |related_document|
+            related_document.info(current_user)
+          end
+        else
+          output[relation_name] = relation.info(current_user)
+        end
+      end
+
+      # Transforms output keys
+      if options[:keys].present?
+        case options[:keys]
+        when :camelized
+          output.transform_keys! do |key|
+            key.to_s.camelize(:lower).to_sym
+          end
+        end
+      end
+
+      output
+    end
+
+  end
+
+  class Criteria
+
+    ##
+    # Returns allowed info for current user.
+    def info(current_user, options = {})
+      if @included_relations.present? and @included_relations.any?
+        self.map do |document|
+          document.info(current_user, options.merge(include: @included_relations))
+        end
+      else
+        self.map do |document|
+          document.info(current_user, options)
+        end
+      end
+    end
+
+  end
+end

data/config/initializers/mongoid/document.rb

@@ -0,0 +1,57 @@
+module Mongoid
+  module Document
+
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+
+      ##
+      # Returns all 'fields' of a document.
+      def document_fields
+        self.fields.keys
+          .reject { |field| field.ends_with?('_id') or field.ends_with?('_ids') }
+          .map(&:to_sym)
+      end
+
+      ##
+      # Returns all 'embedded' relation names of a document.
+      def document_embeds
+        self.relations.keys
+          .select { |relation_name| self.relations[relation_name].embedded? }
+          .reject { |relation_name| self.relations[relation_name].is_a? Mongoid::Association::Embedded::EmbeddedIn }
+          .map(&:to_sym)
+      end
+
+      ##
+      # Returns all 'standard' relation names of a document.
+      def document_relations
+        self.relations.keys
+          .reject { |relation_name| self.relations[relation_name].embedded? }
+          .map(&:to_sym)
+      end
+
+      ##
+      # Returns all document info.
+      def document_all_info
+        document_fields | document_embeds | document_relations
+      end
+
+    end
+
+  end
+
+  class Criteria
+
+    attr_accessor :included_relations
+
+    ##
+    # Stores included relations.
+    def includes(*relations)
+      @included_relations = relations
+      super
+    end
+
+  end
+end

data/config/initializers/rainbow.rb

@@ -0,0 +1,25 @@
+##
+# Crea un metodo per ogni colore da poter chiamare su un'istanza di una stringa.
+
+class String
+
+  %i( aliceblue antiquewhite aqua aquamarine azure beige bisque blanchedalmond blue blueviolet brown burlywood
+    cadetblue chartreuse chocolate coral cornflower cornsilk crimson cyan darkblue darkcyan darkgoldenrod
+    darkgray darkgreen darkkhaki darkmagenta darkolivegreen darkorange darkorchid darkred darksalmon
+    darkseagreen darkslateblue darkslategray darkturquoise darkviolet deeppink deepskyblue dimgray
+    dodgerblue firebrick floralwhite forestgreen fuchsia gainsboro ghostwhite gold goldenrod gray
+    green greenyellow honeydew hotpink indianred indigo ivory khaki lavender lavenderblush lawngreen
+    lemonchiffon lightblue lightcoral lightcyan lightgoldenrod lightgray lightgreen lightpink lightsalmon
+    lightseagreen lightskyblue lightslategray lightsteelblue lightyellow lime limegreen linen magenta maroon
+    mediumaquamarine mediumblue mediumorchid mediumpurple mediumseagreen mediumslateblue mediumspringgreen
+    mediumturquoise mediumvioletred midnightblue mintcream mistyrose moccasin navajowhite navyblue oldlace
+    olive olivedrab orange orangered orchid palegoldenrod palegreen paleturquoise palevioletred papayawhip
+    peachpuff peru pink plum powderblue purple rebeccapurple red rosybrown royalblue saddlebrown salmon sandybrown
+    seagreen seashell sienna silver skyblue slateblue slategray snow springgreen steelblue tan teal
+    thistle tomato turquoise violet webgray webgreen webmaroon webpurple wheat whitesmoke yellow yellowgreen ).each do |color|
+      self.define_method color do
+        Rainbow(self).send(:color, color)
+      end
+    end
+
+end

data/config/routes.rb

@@ -0,0 +1,2 @@
+Rails.application.routes.draw do
+end

data/lib/gatekeeper/configuration.rb

@@ -0,0 +1,15 @@
+module Gatekeeper
+  class Configuration
+
+    # @return [Proc] a block to return bypess all info allowances (ex. for an admin user).
+    attr_accessor :bypass_allowed_info
+    # @return [Array<Symbol>] a list of ignored variables in controller response.
+    attr_accessor :response_ignored_variables
+
+    def initialize
+      @bypass_allowed_info = nil
+      @response_ignored_variables = []
+    end
+
+  end
+end

data/lib/gatekeeper/engine.rb

@@ -0,0 +1,8 @@
+module Gatekeeper
+  class Engine < ::Rails::Engine
+
+    # Loading required gems
+    require 'mongoid'
+
+  end
+end

data/lib/gatekeeper/version.rb

@@ -0,0 +1,3 @@
+module Gatekeeper
+  VERSION = '0.1.0'
+end

data/lib/gatekeeper.rb

@@ -0,0 +1,66 @@
+require "gatekeeper/engine"
+require "gatekeeper/configuration"
+
+module Gatekeeper
+  
+  class << self
+
+    # @return [Gatekeeper::Configuration] the configuration class for Gatekeeper.
+    attr_accessor :configuration
+
+    ##
+    # Initializes configuration.
+    #
+    # @return [Gatekeeper::Configuration] the configuration class for Gatekeeper.
+    def configuration
+      @configuration || Gatekeeper::Configuration.new
+    end
+
+    ##
+    # Method to configure various Gatekeeper options.
+    #
+    # @return [nil]
+    def configure
+      @configuration ||= Gatekeeper::Configuration.new
+      yield @configuration
+    end
+
+    ##
+    # Returns default allowed info names for a user.
+    #
+    # @param [Object] the user.
+    # @param [Class] the model class.
+    #
+    # @return [Array<Symbol>] default allowed info names.
+    def default_allowed_info_names(user, model_class, &block)
+      if @configuration.bypass_allowed_info.respond_to? :call
+        bypassable = @configuration.bypass_allowed_info.call(user)
+      else
+        bypassable = false
+      end
+
+      if bypassable
+        # Sees everything!
+        model_class.document_all_info
+      else
+        if block_given?
+          block.call(user) || []
+        else
+          []
+        end
+      end
+    end
+
+    ##
+    # Variables to not include in controller response.
+    #
+    # @return [Array<Symbol>] ignored variables.
+    def response_ignored_variables
+      Gatekeeper.configuration.response_ignored_variables | [
+        :@marked_for_same_origin_verification, :@browser,
+        :@behavior, :@options, :@args, :@shell, :@destination_stack ]
+    end
+
+  end
+
+end

data/lib/generators/gatekeeper/config_generator.rb

@@ -0,0 +1,18 @@
+require 'rails/generators'
+
+module Gatekeeper
+  module Generators
+    
+    class ConfigGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+
+      desc "Creates a gatekeeper configuration file."
+
+      def copy_config
+        template "gatekeeper.rb", "config/initializers/gatekeeper.rb"
+      end
+
+    end
+
+  end
+end

data/lib/generators/templates/gatekeeper.rb

@@ -0,0 +1,26 @@
+##
+# Example configuration file for rails-gatekeeper gem.
+Gatekeeper.configure do |config|
+
+  ##
+  # Determines which user can bypass all allowed info, and
+  # see everything of a specified model. Usually this applies
+  # to admin users.
+  #
+  # Example:
+  #   config.bypass_allowed_info = proc do |user|
+  #     user.is_admin?
+  #   end
+  #
+  # Defaults to nil, which is equal to no bypassable users.
+  #
+  # config.bypass_allowed_info = nil
+
+  ##
+  # Sets which controller instance variables to not include in the response.
+  #
+  # Defaults to empty array.
+  #
+  # config.response_ignored_variables = []
+
+end

data/lib/tasks/gatekeeper_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :gatekeeper do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,134 @@
+--- !ruby/object:Gem::Specification
+name: rails-mongoid-gatekeeper
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Francesco Ballardin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-03-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.2.2
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+- !ruby/object:Gem::Dependency
+  name: bson_ext
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: responders
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Provides various access control methods to models and controllers. To
+  use with MongoDB.
+email:
+- francesco.ballardin@develonproject.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/controllers/concerns/gatekeeper/respondable.rb
+- app/controllers/gatekeeper_controller.rb
+- app/models/gatekeeper/embedded_model.rb
+- app/models/gatekeeper/model.rb
+- app/models/gatekeeper/related_model.rb
+- app/models/gatekeeper/user.rb
+- app/views/gatekeeper/create.js.erb
+- app/views/gatekeeper/destroy.js.erb
+- app/views/gatekeeper/edit.html.erb
+- app/views/gatekeeper/edit.js.erb
+- app/views/gatekeeper/index.html.erb
+- app/views/gatekeeper/index.js.erb
+- app/views/gatekeeper/new.html.erb
+- app/views/gatekeeper/new.js.erb
+- app/views/gatekeeper/show.html.erb
+- app/views/gatekeeper/show.js.erb
+- app/views/gatekeeper/update.js.erb
+- config/initializers/disable_auto_render.rb
+- config/initializers/mongoid/accessibility.rb
+- config/initializers/mongoid/document.rb
+- config/initializers/rainbow.rb
+- config/routes.rb
+- lib/gatekeeper.rb
+- lib/gatekeeper/configuration.rb
+- lib/gatekeeper/engine.rb
+- lib/gatekeeper/version.rb
+- lib/generators/gatekeeper/config_generator.rb
+- lib/generators/templates/gatekeeper.rb
+- lib/tasks/gatekeeper_tasks.rake
+homepage: https://github.com/Pluvie/rails-gatekeeper
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Provides various access control methods to models and controllers. To use
+  with MongoDB.
+test_files: []