restrict 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 64c201583341d1cfab486ba72a9a35562a2e453b15586f25a5403177e8e6af48
-  data.tar.gz: c73bcd768f66647315925df95a003e236fd31b1a22384a6670cb94ac5ab8cc96
+  metadata.gz: f62175faf4d52862724714686cac041256b2310829585c3aca3727b134ce0055
+  data.tar.gz: f2417075e72d6fb292c0c0e96070c333736d9bad1ee42ccb8c9e5843f854971e
 SHA512:
-  metadata.gz: 7ff470658e364c155179b26ca04c6ba98c342ebc7c6a8bf3d1019f811c08c6ef9e726d06da5e8baa09f75dbbdba74c74553c4f664274f6db04741dbb7728a734
-  data.tar.gz: 66baa2c8609ba7cc6e2a47fc013e77db2dbb161c7329f6d0b41488d0ac718048ff8ba1a492b74a05363d26a371cf0feb28ffb700030e5356500d8e08b60e77f8
+  metadata.gz: 0c8c6c12db208e9ad82f0f2e6ee92fe6cb2224a89c7dbab817caf0e07f23290c9f217c724908bf6cdd96205fdb73129f21d17ed68414736b126f630624b83ab1
+  data.tar.gz: c067669909c1aa082fcee9241ddf8688dc9a03464ff19d66fb0686175cd1e222604c6ba0d7971fc0e379d11a9e388fc14e1f64cd66af87aefa6ccff65e226d53

data/.github/workflows/specs.yml

@@ -0,0 +1,34 @@
+name: Specs
+
+on:
+  pull_request:
+    branches:
+      - 'master'
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+
+    - name: Set up Ruby 2.7
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.7.x
+
+    - name: bundle
+      env:
+        RAILS_ENV: test
+      run: |
+        gem install bundler
+        bundle install --jobs 4 --retry 3
+
+    - name: Run Tests
+      env:
+        RAILS_ENV: test
+      run: |
+        bundle exec rspec

data/.ruby-version

@@ -1 +1 @@
-2.4.1
+2.7.1

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+[0.2.0] - 2020-05-18
+  * Implement `:on` parameter for `restrict` calls
+
 [0.1.1] - 2019-11-26
   * Bug fix release to actually work in rails ¯\_(ツ)_/¯
 

data/README.md

@@ -2,7 +2,7 @@
 
 A rails controller extension, that gives you the possibility to restrict access to your controller actions.
 
-[![Build Status](https://secure.travis-ci.org/xijo/restrict.png?branch=master)](https://travis-ci.org/xijo/restrict) [![Gem Version](https://badge.fury.io/rb/restrict.png)](http://badge.fury.io/rb/restrict) [![Code Climate](https://codeclimate.com/github/xijo/restrict.png)](https://codeclimate.com/github/xijo/restrict) [![Code Climate](https://codeclimate.com/github/xijo/restrict/coverage.png)](https://codeclimate.com/github/xijo/restrict)
+![Specs](https://github.com/xijo/restrict/workflows/Specs/badge.svg) [![Gem Version](https://badge.fury.io/rb/restrict.png)](http://badge.fury.io/rb/restrict) [![Code Climate](https://codeclimate.com/github/xijo/restrict.png)](https://codeclimate.com/github/xijo/restrict) [![Code Climate](https://codeclimate.com/github/xijo/restrict/coverage.png)](https://codeclimate.com/github/xijo/restrict)
 
 ## Installation
 
@@ -49,6 +49,38 @@ restrict
 
 This one will apply to all actions on this controller. It takes the `unless` option as well.
 
+### Restrict with specific object
+
+One may pass `on` to a `restrict` call in a controller.
+
+If `on` is set, it evaluates the given method.
+If it returns nil, it raises an error.
+If an object is returned, it will be send while evaluating the `unless`
+condition.
+
+Example
+
+```
+class ItemController
+  restrict :show, unless: :manager_of?, on: :load_item
+
+  def show
+  end
+
+  private
+
+  def manager_of?(item)
+    current_user == item.manager
+  end
+
+  def load_item
+    @item = Item.find(params[:id])
+  end
+end
+```
+
+Aliases for `on` are: `of`, `object`
+
 ### Configuration
 
 ```ruby

data/lib/restrict/gatekeeper.rb

@@ -15,12 +15,7 @@ module Restrict
 
     def handle_restriction(restriction, controller)
       validate_signed_in(controller)
-
-      if restriction.unless
-        unless controller.__send__(restriction.unless)
-          raise Restrict::AccessDenied, reason: restriction
-        end
-      end
+      restriction.validate(controller)
     end
 
     def concerning_restrictions(controller)

data/lib/restrict/restriction.rb

@@ -1,17 +1,32 @@
 module Restrict
   class Restriction
-    attr_accessor :actions, :unless
+    attr_accessor :actions, :options, :unless, :on
 
     def initialize(*args)
-      options  = args.extract_options!
-      @unless  = options[:unless]
-      @actions = args
+      @options  = args.extract_options!
+      @unless   = @options[:unless]
+      @on       = @options[:on] || options[:of] || options[:object]
+      @actions  = args
     end
 
     def applies_to?(action)
       applies_to_action?(action) || applies_to_all_actions?
     end
 
+    def validate(controller)
+      @unless or return
+
+      unless_args = []
+      if @on
+        object = controller.__send__(on)
+        unless_args << object or raise Restrict::AccessDenied, reason: 'object given was #{object.inspect}'
+      end
+
+      unless controller.__send__(@unless, *unless_args)
+        raise Restrict::AccessDenied, reason: self
+      end
+    end
+
     private
 
     def applies_to_all_actions?

data/lib/restrict/version.rb

@@ -1,3 +1,3 @@
 module Restrict
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/restrict.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'rails', '> 3.0'
 
-  spec.add_development_dependency 'bundler', '~> 1.5'
+  spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rspec'
   spec.add_development_dependency 'simplecov'
   spec.add_development_dependency 'rake'

data/spec/lib/restrict/restriction_spec.rb

@@ -28,4 +28,52 @@ describe Restrict::Restriction do
       expect(restriction).to be_applies_to(:bar)
     end
   end
+
+  describe '#validate' do
+    describe 'with :on option' do
+      let(:controller) { ObjectController.new }
+
+      it 'does not raise if no condition was given' do
+        restriction = Restrict::Restriction.new on: :managed_object
+        expect { restriction.validate(controller) }.not_to raise_error
+      end
+
+      it 'does not raise an error if `on` and `unless` match' do
+        restriction = Restrict::Restriction.new on: :managed_object, unless: :manager_of?
+        expect { restriction.validate(controller) }.not_to raise_error
+      end
+
+      it 'raises an error if `unless` does not work on `on`' do
+        restriction = Restrict::Restriction.new on: :rougue_object, unless: :manager_of?
+        expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
+      end
+
+      it 'raises an error if `on` is nil' do
+        restriction = Restrict::Restriction.new on: :nil_object, unless: :manager_of?
+        expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
+      end
+
+      it 'works with aliases' do
+        restriction = Restrict::Restriction.new of: :managed_object, unless: :manager_of?
+        expect { restriction.validate(controller) }.not_to raise_error
+
+        restriction = Restrict::Restriction.new object: :managed_object, unless: :manager_of?
+        expect { restriction.validate(controller) }.not_to raise_error
+      end
+    end
+
+    describe 'without :on option' do
+      let(:controller) { ExampleController.new }
+
+      it 'does not raise an error if `unless` works' do
+        restriction = Restrict::Restriction.new unless: :truthy
+        expect { restriction.validate(controller) }.not_to raise_error
+      end
+
+      it 'raises an error if `unless` does not work' do
+      restriction = Restrict::Restriction.new unless: :falsy
+        expect { restriction.validate(controller) }.to raise_error(Restrict::AccessDenied)
+      end
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -55,3 +55,22 @@ end
 class BottomLineController < InheritingController
   include Restrict::Rails::Controller
 end
+
+class ObjectController < ExampleController
+  def manager_of?(obj)
+    obj == :managed
+  end
+
+  private
+
+  def managed_object
+    :managed
+  end
+
+  def rougue_object
+    :other
+  end
+
+  def nil_object
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: restrict
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Johannes Opper
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-28 00:00:00.000000000 Z
+date: 2020-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -28,16 +28,16 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -101,10 +101,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/specs.yml"
 - ".gitignore"
 - ".rspec"
 - ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE.txt
@@ -151,7 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Simple access control dsl for controllers.

data/.travis.yml

@@ -1,9 +0,0 @@
-rvm:
-  - 2.3.1
-
-script: 'bundle exec rake spec'
-
-notifications:
-  disabled: false
-  recipients:
-    - johannes.opper@gmail.com