rddd 0.1.5 → 0.1.6

data/README.md

@@ -1,3 +1,5 @@
+[rDDD@sniffer](https://sniffer.io/info/public-project-135230969156499600) - see the code quality on Sniffer.io
+
 rddd
 ====
 

data/lib/rddd/authorization/authorize.rb

@@ -0,0 +1,42 @@
+module Rddd
+  #
+  # Authorize plugin stores all the authorization rules
+  # and answers the question if specific user is or is
+  # not authorized to perform the action considering the
+  # parameters as well.
+  #
+  module Authorization
+    class Authorize
+      #
+      # Initialize.
+      #
+      # @param {Array} List of Rddd::Authorization::Rule.
+      # @param {Object} User we are gonna authorize.
+      #
+      def initialize(rules, user)
+        @rules = rules
+        @user = user
+      end
+
+      #
+      # Authorize given action.
+      #
+      # @param {Symbol} Action to be authorized.
+      # @param {Hash} Auxiliary attributes to decide authorization.
+      #
+      def can?(action, params = {})
+        rule = find_rule(action)
+
+        return true unless rule
+        
+        rule.can?(@user, params)
+      end
+
+      private
+
+      def find_rule(action)
+        @rules.find { |rule| rule.is_for?(action) }
+      end
+    end
+  end
+end

data/lib/rddd/authorization/rule.rb

@@ -0,0 +1,45 @@
+module Rddd
+  module Authorization
+    #
+    # Representation of single authorization rule. It applies
+    # to a specific action and evaluates the given block to
+    # decide the outcome.
+    #
+    class Rule
+      InvalidEvaluationBlock = Class.new(RuntimeError)
+
+      #
+      # Initialize.
+      #
+      # @param {Symbol} Action to apply rule to.
+      # @param {Block} Block to be evaluated during authorization.
+      #
+      def initialize(action, &block)
+        # Block should take two arguments - user and params.
+        raise InvalidEvaluationBlock unless block.arity == 2
+
+        @action = action
+        @block = block
+      end
+
+      #
+      # Is the Rule for given action?
+      #
+      # @param {Symbol} Action to be matched.
+      #
+      def is_for?(action)
+        @action == action
+      end
+
+      #
+      # Evalute the rule for a given user and params.
+      #
+      # @param {Object} User we are gonna authorize.
+      # @param {Hash} Auxiliary attributes to decide authorization.
+      #
+      def can?(user, params)
+        @block.call(user, params)
+      end
+    end
+  end
+end

data/lib/rddd/authorization/rules_builder.rb

@@ -0,0 +1,44 @@
+require 'rddd/authorization/rule'
+
+module Rddd
+  module Authorization
+    #
+    # Helper module for building list of authorization rules.
+    #
+    # Usage:
+    #
+    #   builder = Object.new
+    #   builder.extends Rddd::Authorization::RulesBuilder
+    #
+    #   builder.can :create_project do |user, params|
+    #     user.owner? && params[:account_id] == user.account_id
+    #   end
+    #
+    #
+    #   # This part happens inside framework
+    #   authorizer = Rddd::Authorization::Authorize.new(builder.rules, user)
+    #   authorizer.can?(:create_project, {:account_id => 123})
+    #
+    #
+    # Call to can method define the rule for a given action. The block
+    # always takes the user instance and additional parameters which
+    # specify details for the performed action.
+    #
+    module RulesBuilder
+      attr_reader :rules
+
+      #
+      # Create new rule applied to specified action and perform the given
+      # block.
+      #
+      # @param {Symbol} Action the rule applies to.
+      # @param {Block} Block to be executed to evaluate authorization.
+      #
+      def can(action, &block)
+        @rules ||= []
+
+        @rules << Rule.new(action, &block)
+      end
+    end
+  end
+end

data/lib/rddd/version.rb

@@ -1,3 +1,3 @@
 module Rddd
-  VERSION = "0.1.5"
+  VERSION = "0.1.6"
 end

data/spec/lib/authorization/authorize_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+require 'rddd/authorization/authorize'
+
+describe Rddd::Authorization::Authorize do
+  let(:authorize) do
+    Rddd::Authorization::Authorize.new(
+      rules, user
+    )
+  end
+
+  describe '#can?' do
+    subject { authorize.can?(action, params) }
+
+    let(:rule) { stub('rule') }
+    let(:rules) { [rule] }
+
+    let(:user) { stub('user') }
+
+    let(:params) { {:foo => 'bar'} }
+
+    let(:action) { :foo }
+
+    context 'has no rule' do
+      let(:rules) { [] }
+
+      it { should be_true }
+    end
+
+    context 'has aplicable rule which is positive' do
+      before do
+        rule.expects(:is_for?).with(:foo).returns(true)
+        rule.expects(:can?).with(user, params).returns(true)
+      end
+
+      it { should be_true }
+    end
+
+    context 'has applicable rule which is negative' do
+      before do
+        rule.expects(:is_for?).with(:foo).returns(true)
+        rule.expects(:can?).with(user, params).returns(false)
+      end
+
+      it { should be_false }
+    end
+
+    context 'has no applicable rule' do
+      before do
+        rule.expects(:is_for?).with(:foo).returns(false)
+      end
+
+      it { should be_true }    
+    end
+  end
+end

data/spec/lib/authorization/integration_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+require 'rddd/authorization/authorize'
+require 'rddd/authorization/rules_builder'
+
+describe Rddd::Authorization::Authorize do
+  let(:builder) do
+    Object.new.tap do |object|
+      object.extend Rddd::Authorization::RulesBuilder
+
+      object.can :create_project do |user, params|
+        user.owner? && user.account_id == params[:account_id]
+      end
+    end
+  end
+
+  describe 'create_project' do
+    subject do 
+      Rddd::Authorization::Authorize.new(builder.rules, user) \
+      .can?(:create_project, {:account_id => '1'})
+    end
+
+    context 'user is owner' do
+      let(:user) do
+        stub('user',
+          :owner? => true,
+          :account_id => '1'
+        )
+      end
+
+      it { should be_true }
+    end
+
+    context 'user is not owner' do
+      let(:user) do
+        stub('user',
+          :owner? => false,
+          :account_id => '1'
+        )
+      end
+
+      it { should be_false }
+    end
+
+    context 'user is not on same account' do
+      let(:user) do
+        stub('user',
+          :owner? => true,
+          :account_id => '2'
+        )
+      end
+
+      it { should be_false }
+    end
+  end
+end

data/spec/lib/authorization/rule_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+require 'rddd/authorization/rule'
+
+describe Rddd::Authorization::Rule do
+
+  let(:action) { :foo }
+
+  let(:block) { lambda { |user, params| true } }
+
+  let(:authorize) do
+    Rddd::Authorization::Rule.new(
+      action, &block
+    )
+  end
+
+  describe 'should raise if rule block is invalid' do
+    let(:block) { lambda { |user| true } }
+
+    it { expect { authorize }.to raise_exception Rddd::Authorization::Rule::InvalidEvaluationBlock }
+  end
+
+  describe '#is_for?' do
+    subject { authorize.is_for?(questioned_action) }
+
+    context 'matching action' do
+      let(:questioned_action) { :foo }
+
+      it { should be_true }
+    end
+
+    context 'not matching action' do
+      let(:questioned_action) { :bar }
+      
+      it { should be_false }
+    end
+  end
+
+  describe '#can?' do
+    let(:user) { stub('user, params') }
+
+    let(:params) { stub('user, params') }
+
+    subject { authorize.can?(user, params) }
+
+    describe 'passing right params to block' do
+      before do
+        block.expects(:call).with(user, params).returns(false)
+      end
+
+      it { should be_false }
+    end
+
+    it 'should return true as lambda does' do
+      should be_true
+    end
+  end
+end

data/spec/lib/authorization/rules_builder_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+require 'rddd/authorization/rules_builder'
+
+describe Rddd::Authorization::RulesBuilder do
+  let(:builder) do
+    Object.new.tap do |object|
+      object.extend Rddd::Authorization::RulesBuilder
+    end
+  end
+
+  describe '#rules' do
+    subject { builder.rules }
+
+    let(:rule) { stub('rule') }
+
+    let(:action) { :foo }
+
+    let(:block) { lambda{|user, params| } }
+
+    before do
+      Rddd::Authorization::Rule.expects(:new).returns(rule)
+
+      builder.can(:foo, &block)
+    end
+
+    its(:first) { should be rule }
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rddd
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
   prerelease: 
 platform: ruby
 authors:
@@ -31,6 +31,9 @@ files:
 - lib/rddd.rb
 - lib/rddd/aggregate_root.rb
 - lib/rddd/aggregate_root_finders.rb
+- lib/rddd/authorization/authorize.rb
+- lib/rddd/authorization/rule.rb
+- lib/rddd/authorization/rules_builder.rb
 - lib/rddd/configuration.rb
 - lib/rddd/entity.rb
 - lib/rddd/repository.rb
@@ -42,6 +45,10 @@ files:
 - rddd.gemspec
 - spec/integration_spec.rb
 - spec/lib/aggregate_root_spec.rb
+- spec/lib/authorization/authorize_spec.rb
+- spec/lib/authorization/integration_spec.rb
+- spec/lib/authorization/rule_spec.rb
+- spec/lib/authorization/rules_builder_spec.rb
 - spec/lib/entity_spec.rb
 - spec/lib/repository_factory_spec.rb
 - spec/lib/repository_spec.rb
@@ -78,6 +85,10 @@ summary: Intention of rddd is to provide basic skeleton for DDD ruby application
 test_files:
 - spec/integration_spec.rb
 - spec/lib/aggregate_root_spec.rb
+- spec/lib/authorization/authorize_spec.rb
+- spec/lib/authorization/integration_spec.rb
+- spec/lib/authorization/rule_spec.rb
+- spec/lib/authorization/rules_builder_spec.rb
 - spec/lib/entity_spec.rb
 - spec/lib/repository_factory_spec.rb
 - spec/lib/repository_spec.rb