rbac 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ec393998b95d9b00fb71159f190f84b57fab9646
+  data.tar.gz: 7e8bb1a6437c6a49c5b23832695127c5c3b1cb71
+SHA512:
+  metadata.gz: 0db6944f1484a4e0d1333b929bc0e1455dacdde2c6830a4af897ff0715d5819dd962819f36314eeca1fc7040dd59e94730e567352aa031d64bdc739d891704f7
+  data.tar.gz: da238ba74a480a87f0c9c1475d0b739e5f79833a466a6970903b9c11dc2ab02ee8474c3dc972362b1c6533ccb9b327c45193928164241edb6769223532194a7b

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,49 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of
+fostering an open and welcoming community, we pledge to respect all people who
+contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic
+  addresses, without explicit permission
+* Other unethical or unprofessional conduct
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+By adopting this Code of Conduct, project maintainers commit themselves to
+fairly and consistently applying these principles to every aspect of managing
+this project. Project maintainers who do not follow or enforce the Code of
+Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting a project maintainer at sandip.karanjekar@globallogic.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. Maintainers are
+obligated to maintain confidentiality with regard to the reporter of an
+incident.
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.3.0, available at
+[http://contributor-covenant.org/version/1/3/0/][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/3/0/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rbac.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Sandip Karanjekar
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,85 @@
+# Rbac
+
+RBAC (Role Based Access Control) gem useful to enable your Rails application with the power of RBAC.
+This gem is helpful to maintain roles, groups and privileges at database table level. You have user interface to manage the roles, groups and privileges.This gem is applicable in the area where you need a multiple roles and privileges. It will fulfil all your needs.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rbac'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install rbac
+    
+As this gem is database based access control system, so need to run:
+
+    $ rails g rbac:migration
+
+after this -
+
+    $ rake db:migrate
+
+To setup user interface and backend for RBAC you need to run following generator. It will create necessary controllers, views, models, routes, helper method and associations.
+
+*Note - Before this your Rails application have User model*
+
+	$ rails g rbac:create
+
+## Pre-requisites
+This gem work with User model only. Generator of this gem add association for User model. In further development we will integrate this with any authentication gem.
+
+## Concept
+In this there is strong relationship between user, role, group and privilege. 
+* User and Role model have many-to-many association
+	User can have multiple roles and Role can have multiple users associated. It's as per your requirements, for this you need to associate roles with user in your add/update users controller/view.
+	
+	For example -
+	
+  	![alt text](https://raw.githubusercontent.com/sandipkaranjekar/rbac/master/images/user_form.png "User new/edit form")
+  
+* Role and Group model have many-to-many association
+	Here group is set of privileges group together while creating role, user need to assign groups to the role. So automatically privileges associated with this group get assigned to role (indirectly to user).
+  You can access Role and Group UI -
+  * http://{host_url}/rbac/roles
+  * http://{host_url}/rbac/groups
+  
+* Group and Privilege model have many-to-many association
+  Here Group can have multiple privileges and privilege belongs to many groups. You need to first set privileges with controller and action. If you select privilege under group it will be accessable to role.
+  All privileges are controller and action based.You should have controller and action to set privilege.
+  You can access Privilege UI -
+  * http://{host_url}/rbac/privileges
+
+## Usage
+Here you will have one helper method to check role have access to that resource.
+```ruby
+has_permission(user, controller, action)
+```
+user = Logged in user active record object
+controller = For which controller that resource belong
+action = Action of controller which we need to check for having permission
+
+This method return *true* and *false*. Accordingly you can make a decision.
+
+For example - 
+```ruby
+# In view
+<% if has_permission(user, "users", "show") %>
+  <%= link_to 'Show', user %>
+<% end %>
+```
+## TODO
+* Support API application means has_permission should work with api permission granting.
+* Integrate with authentication gem.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/app/helpers/rbac/application_helper.rb

@@ -0,0 +1,20 @@
+module Rbac
+	module ApplicationHelper
+		def has_permission(user, controller, action)
+      role_ids_arr = user.role_ids
+      role_ids_arr.each do |role_id|
+        group = Rbac::Role.find(role_id).group_ids
+        group.each do |group_id|
+          privilage_data = Rbac::Group.find(group_id).privileges
+          if privilage_data.detect{|privilage|
+                privilage.controller == controller && privilage.action == action
+             }
+             return true
+          else
+             return false 
+          end
+        end #end of group id loop
+      end #end of role id loop
+	  end
+	end
+end

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "rbac"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config/routes.rb

@@ -0,0 +1,7 @@
+Rails.application.routes.draw do
+  namespace :rbac do
+	  resources :privileges
+	  resources :groups
+	  resources :roles
+	end
+end

data/lib/generators/rbac/create/create_generator.rb

@@ -0,0 +1,33 @@
+require 'rails/generators'
+
+module Rbac
+  module Generators
+    class CreateGenerator < Rails::Generators::Base
+
+      def self.source_root
+        source_root ||= File.join(File.dirname(__FILE__), 'templates/')
+      end
+      
+      def create_controllers
+        directory "controllers/rbac", "app/controllers/rbac"
+      end
+
+      def create_models
+        directory "models/rbac", "app/models/rbac"
+      end
+
+      def create_views
+        directory "views/rbac", "app/views/rbac"
+      end
+
+      def add_association
+        line = "class User < ActiveRecord::Base"
+        gsub_file 'app/models/user.rb', /(#{Regexp.escape(line)})/mi do |match|
+          "#{match}\n # User - Role many-to-many relationship\n 
+                      has_many :roles, :through => :role_user, class_name: 'Rbac::Role'\n
+                      has_many :role_user, dependent: :delete_all, class_name: 'Rbac::RoleUser'\n"
+        end 
+      end
+    end
+  end
+end

data/lib/generators/rbac/create/templates/controllers/rbac/groups_controller.rb

@@ -0,0 +1,81 @@
+module Rbac
+  class GroupsController < ApplicationController
+    before_action :set_group, only: [:show, :edit, :update, :destroy]
+
+    # GET /groups
+    # GET /groups.json
+    def index
+      @groups = Rbac::Group.all
+    end
+
+    # GET /groups/1
+    # GET /groups/1.json
+    def show
+    end
+
+    # GET /groups/new
+    def new
+      @group = Rbac::Group.new
+      @privileges = Rbac::Privilege.all
+    end
+
+    # GET /groups/1/edit
+    def edit
+      @group_privileges = @group.privileges
+      @privileges = Rbac::Privilege.all
+    end
+
+    # POST /groups
+    # POST /groups.json
+    def create
+      @group = Rbac::Group.new(group_params)
+
+      respond_to do |format|
+        if @group.save
+          @group.privileges = Rbac::Privilege.where(id: params[:privilege_ids])
+          format.html { redirect_to rbac_groups_path, notice: 'Group was successfully created.' }
+          format.json { render :show, status: :created, location: @group }
+        else
+          format.html { redirect_to new_rbac_group_path }
+          format.json { render json: @group.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # PATCH/PUT /groups/1
+    # PATCH/PUT /groups/1.json
+    def update
+      respond_to do |format|
+        if @group.update(group_params)
+          @group.privileges = Rbac::Privilege.where(id: params[:privilege_ids])
+          format.html { redirect_to rbac_groups_path, notice: 'Group was successfully updated.' }
+          format.json { render :show, status: :ok, location: @group }
+        else
+          format.html { redirect_to edit_rbac_group_path }
+          format.json { render json: @group.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /groups/1
+    # DELETE /groups/1.json
+    def destroy
+      @group.destroy
+      respond_to do |format|
+        format.html { redirect_to rbac_groups_url, notice: 'Group was successfully destroyed.' }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_group
+        @group = Rbac::Group.find(params[:id])
+      end
+
+      # Never trust parameters from the scary internet, only allow the white list through.
+      def group_params
+        params.require(:rbac_group).permit(:name, :description, :privilege_ids, :is_active)
+      end
+  end
+end

data/lib/generators/rbac/create/templates/controllers/rbac/privileges_controller.rb

@@ -0,0 +1,76 @@
+module Rbac
+  class PrivilegesController < ApplicationController
+    before_action :set_privilege, only: [:show, :edit, :update, :destroy]
+
+    # GET /privileges
+    # GET /privileges.json
+    def index
+      @privileges = Rbac::Privilege.all
+    end
+
+    # GET /privileges/1
+    # GET /privileges/1.json
+    def show
+    end
+
+    # GET /privileges/new
+    def new
+      @privilege = Rbac::Privilege.new
+    end
+
+    # GET /privileges/1/edit
+    def edit
+    end
+
+    # POST /privileges
+    # POST /privileges.json
+    def create
+      @privilege = Rbac::Privilege.new(privilege_params)
+
+      respond_to do |format|
+        if @privilege.save
+          format.html { redirect_to rbac_privileges_path, notice: 'Privilege was successfully created.' }
+          format.json { render :show, status: :created, location: @privilege }
+        else
+          format.html { redirect_to new_rbac_privilege_path }
+          format.json { render json: @privilege.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # PATCH/PUT /privileges/1
+    # PATCH/PUT /privileges/1.json
+    def update
+      respond_to do |format|
+        if @privilege.update(privilege_params)
+          format.html { redirect_to rbac_privileges_path, notice: 'Privilege was successfully updated.' }
+          format.json { render :show, status: :ok, location: @privilege }
+        else
+          format.html { redirect_to edit_rbac_privilege_path }
+          format.json { render json: @privilege.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /privileges/1
+    # DELETE /privileges/1.json
+    def destroy
+      @privilege.destroy
+      respond_to do |format|
+        format.html { redirect_to rbac_privileges_url, notice: 'Privilege was successfully destroyed.' }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_privilege
+        @privilege = Rbac::Privilege.find(params[:id])
+      end
+
+      # Never trust parameters from the scary internet, only allow the white list through.
+      def privilege_params
+        params.require(:rbac_privilege).permit(:name, :description, :controller, :action, :is_active)
+      end
+  end
+end

data/lib/generators/rbac/create/templates/controllers/rbac/roles_controller.rb

@@ -0,0 +1,81 @@
+module Rbac
+  class RolesController < ApplicationController
+    before_action :set_role, only: [:show, :edit, :update, :destroy]
+
+    # GET /roles
+    # GET /roles.json
+    def index
+      @roles = Rbac::Role.all
+    end
+
+    # GET /roles/1
+    # GET /roles/1.json
+    def show
+    end
+
+    # GET /roles/new
+    def new
+      @role = Rbac::Role.new
+      @groups = Rbac::Group.where("is_active = ?", true)
+    end
+
+    # GET /roles/1/edit
+    def edit
+      @groups = Rbac::Group.where("is_active = ?", true)
+      @role_groups = @role.groups
+    end
+
+    # POST /roles
+    # POST /roles.json
+    def create
+      @role = Rbac::Role.new(role_params)
+
+      respond_to do |format|
+        if @role.save
+          @role.groups = Rbac::Group.where(id: params[:group_ids])
+          format.html { redirect_to rbac_roles_path, notice: 'Role was successfully created.' }
+          format.json { render :show, status: :created, location: @role }
+        else
+          format.html { redirect_to new_rbac_role_path }
+          format.json { render json: @role.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # PATCH/PUT /roles/1
+    # PATCH/PUT /roles/1.json
+    def update
+      respond_to do |format|
+        if @role.update(role_params)
+          @role.groups = Rbac::Group.where(id: params[:group_ids])
+          format.html { redirect_to rbac_roles_path, notice: 'Role was successfully updated.' }
+          format.json { render :show, status: :ok, location: @role }
+        else
+          format.html { redirect_to edit_rbac_role_path }
+          format.json { render json: @role.errors, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    # DELETE /roles/1
+    # DELETE /roles/1.json
+    def destroy
+      @role.destroy
+      respond_to do |format|
+        format.html { redirect_to rbac_roles_url, notice: 'Role was successfully destroyed.' }
+        format.json { head :no_content }
+      end
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_role
+        @role = Rbac::Role.find(params[:id])
+      end
+
+      # Never trust parameters from the scary internet, only allow the white list through.
+      def role_params
+        params.require(:rbac_role).permit(:role_name, :role_description, :is_active, :group_ids)
+      end
+  end
+end