restricted_access 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 57423d579e160bde70cb930f1afec19fd06254d0
+  data.tar.gz: af663d4ad4acf2af0484898788688e426bc1b76e
+SHA512:
+  metadata.gz: 3f05f7df578367cfeed90cff6f96be561a2547a6ab43ff283e7624239b9bdbb7c0b3697e2a1cfa854c6aa33b05b1ecf079bf00de24215671d000a6bef8e62172
+  data.tar.gz: 1d8e02118ae4acf5f2f431f431fbadc402e852547982d739777ab823eabc012b77cfa86deeb3cfb94d5754b42a62b57432ea16c90ba495e24c304f0be65c192f

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in restricted_access.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 4nt1
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,178 @@
+# RestrictedAccess
+
+An access rights management tool.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'restricted_access', git: 'https://github.com/4nt1/restricted_access'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install restricted_access
+
+## Usage
+
+The gem is currently working only with Mongoid.
+
+It depends on [Devise](https://github.com/plataformatec/devise) & [mongoid-enum](https://github.com/thetron/mongoid-enum).
+
+
+Generate this initializer with
+```
+rails g restricted_access:install admin --levels=mini normal super --controller_scope=backoffice
+```
+
+model_name is the name of the model concerned with the access restriction.
+
+Give the available levels of access to the --levels options
+
+Give your controllers scope name to the --controller_scope options (default: nil)
+
+This will generate the restricted_access.rb initializer
+
+```ruby
+RestrictedAccess.configure do |config|
+
+  config.accesses  = [ {  level:  :mini,
+                          label:  'Some description for this access level',
+                          power:  0 },
+                        { level: :normal,
+                          label: 'Some description for this access level',
+                          power: 1 },
+                        { level: :super,
+                          label: 'Some description for this access level',
+                          power:  2}
+                      ]
+  config.resource = :admin
+  config.controller_scope = :backoffice
+
+end
+```
+
+You can customize the accesses with a label (optional) and define different power (the higher has more rights).
+
+The `config.resource` and `config.controller_scope` are useful only in Rails, defining some methods in controllers and helpers (see below).
+
+### RestrictedAccess::Model
+
+Include the RestrictedAccess::Model module in your related model
+
+```ruby
+class Admin
+  include Mongoid::Document
+  include RestrictedAccess::Model
+
+end
+```
+
+The module enhances the model with some methods and attributes.
+
+Every model has now a :level attribute (Symbol type), by default the first defined in your initializer. You can set it like any attributes.
+
+```ruby
+admin = Admin.first
+admin.update(level: :super)
+
+admin2 = Admin.last
+admin.update(level: :mini)
+```
+
+The level defines its access rights.
+
+Each instance has a `:access` method, returning a `RestrictedAccess::Access` instance.
+
+```ruby
+admin.access
+=> #<RestrictedAccess::Access:0x007fc255d36098 @level=:super, @label="", @power=2>
+
+```
+
+The `RestrictedAccess::Access` class include comparable, so you can do such things :
+
+```ruby
+admin.access > admin2.access
+=> true
+
+RestrictedAccess.accesses.max
+=> #<RestrictedAccess::Access:0x007fc255d36098 @level=:super, @label="", @power=2>
+
+```
+
+Thanks to the [mongoid-enum](https://github.com/thetron/mongoid-enum) gem, some methods to check rights.
+
+```ruby
+admin.mini?
+=> false
+
+admin.super?
+=> true
+
+Admin::LEVEL
+=> [:mini, :normal, :super]
+
+# scopes
+Admin.mini # => Mongoid::Criteria
+Admin.super # => Mongoid::Criteria
+```
+
+### RestrictedAccess::Controller
+
+If you provided a `config.resource` and `config.controller_scope` in the initializer you can include the `RestrictedAccess::Controller` in your controller.
+
+```ruby
+class Backoffice::BaseController < ApplicationController
+  include RestrictedAccess::Controller
+end
+```
+
+Every inherited controller has now a few more methods:
+
+* `:restrict_access`, which redirect to the `#{controller_scope}_root_path`. Set controller_scope to nil if you just want to redirect to root_path.
+
+* `:prevent_#{level}_access`, which calls `:restrict_access` if the `:current_#{resource_name}` doesn't have enough access right. If you use Devise, you already have a `:current_#{resource_name}` method, if you don't use Devise, just implement it.
+
+```ruby
+class Backoffice::AdminsController < Backoffice::BaseController
+  before_action :prevent_normal_access,  except: [:index]
+  # mini & normal admins will only be able to access index view
+end
+```
+
+### RestrictedAccess::Helper
+
+```ruby
+module Backoffice::AdminHelper
+  include RestrictedAccess::Helper
+end
+```
+
+
+If you provided a `config.resource` option, you can include the `RestrictedAccess::Helper` in one of your helpers.
+
+It provides a `:available_for` method in the views, allowing you to hide some part of the view.
+
+```html
+<!-- this div won't be seen be admins lower than super -->
+<%= available_for :super do %>
+  <div>
+    I have something to hide here.
+  </div>
+<%- end %>
+```
+
+
+
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/restricted_access/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/generators/restricted_access/USAGE

@@ -0,0 +1,9 @@
+
+Description:
+    Generate the initializer.
+
+Example:
+    rails g restricted_access:install admin --levels=mini super mega --controller_scope=backoffice
+
+    This will create:
+        app/config/initializers/restricted_access.rb

data/lib/generators/restricted_access/install_generator.rb

@@ -0,0 +1,24 @@
+module RestrictedAccess
+  module Generators
+    class InstallGenerator < Rails::Generators::NamedBase
+      include Rails::Generators::ResourceHelpers
+      source_root File.expand_path('../templates', __FILE__)
+      argument      :resource_name,     type: :string,  default: 'user'
+      class_option  :levels,            type: :array,   default: ['normal', 'super'],   desc: "List of the differents access levels"
+      class_option  :controller_scope,  type: :string,                                  desc: "Scope of the concerned controllers"
+
+      desc "Creates a RestrictedAccess initializer."
+
+      def set_variable
+        @levels           = options.levels
+        @resource_name    = resource_name
+        @controller_scope = options.controller_scope
+      end
+
+      def copy_initializer
+        template "restricted_access.erb", "config/initializers/restricted_access.rb"
+      end
+
+    end
+  end
+end

data/lib/generators/restricted_access/templates/restricted_access.erb

@@ -0,0 +1,18 @@
+RestrictedAccess.configure do |config|
+
+  config.accesses = [<% @levels.each_with_index do |level, index| %>
+                    { level:  :<%= level %>,
+                      label:  '',
+                      power:  <%= index %> }<% if index + 1 < @levels.count %>,<%- end %>
+                  <%- end %>
+                  ]
+
+  config.resource = :<%= @resource_name %>
+
+<% if @controller_scope %>
+  config.controller_scope = :<%= @controller_scope %>
+<% else %>
+config.controller_scope = nil
+<%- end %>
+
+end

data/lib/restricted_access.rb

@@ -0,0 +1,55 @@
+require "mongoid/enum"
+require "restricted_access/version"
+require 'restricted_access/configuration'
+require 'restricted_access/access'
+require 'restricted_access/model'
+require 'restricted_access/controller'
+require 'restricted_access/helper'
+
+module RestrictedAccess
+
+  class << self
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+      define_dynamic_methods
+    end
+
+    def accesses
+      @accesses ||= configuration.accesses.map do |a|
+        Access.new(a[:level], a[:label], a[:power])
+      end
+    end
+
+    def resource
+      @resource ||= configuration.resource
+    end
+
+    def controller_scope
+      @controller_scope ||= configuration.controller_scope
+    end
+
+    def define_dynamic_methods
+      # on Access class
+      accesses.map(&:level).each do |level|
+        Access.define_singleton_method level do
+          RestrictedAccess.accesses.find {|a| a.level == level}
+        end
+
+        RestrictedAccess::Controller.class_eval do
+          define_method "prevent_#{level}_access" do
+            restrict_access if send("current_#{RestrictedAccess.resource}").access <= RestrictedAccess::Access.send(level)
+          end
+
+          define_method :restrict_access do
+            _scope = RestrictedAccess.controller_scope.present? ? "#{RestrictedAccess.controller_scope}_" : nil
+            redirect_to send("#{_scope}root_path"), notice: 'You do not have access to this page' and return
+          end
+        end
+      end
+    end
+  end
+end

data/lib/restricted_access/access.rb

@@ -0,0 +1,17 @@
+module RestrictedAccess
+  class Access
+    include Comparable
+    attr_accessor :level, :label, :power
+
+    def <=>(access)
+      power <=> access.power
+    end
+
+    def initialize(level, label, power)
+      @level = level
+      @label = label
+      @power = power
+    end
+
+  end
+end

data/lib/restricted_access/configuration.rb

@@ -0,0 +1,7 @@
+module RestrictedAccess
+  class Configuration
+    attr_accessor :accesses
+    attr_accessor :resource
+    attr_accessor :controller_scope
+  end
+end

data/lib/restricted_access/controller.rb

@@ -0,0 +1,6 @@
+module RestrictedAccess
+  module Controller
+
+  end
+
+end

data/lib/restricted_access/helper.rb

@@ -0,0 +1,8 @@
+module RestrictedAccess
+  module Helper
+    def available_for(level, &block)
+      access = RestrictedAccess::Access.send(level)
+      capture(&block) if access && send("current_#{RestrictedAccess.resource}") && send("current_#{RestrictedAccess.resource}").access >= access
+    end
+  end
+end

data/lib/restricted_access/model.rb

@@ -0,0 +1,19 @@
+module RestrictedAccess
+  module Model
+    extend ActiveSupport::Concern
+
+    included do |base|
+      include Mongoid::Enum
+      enum :level,                    RestrictedAccess.accesses.map(&:level)
+    end
+
+    def access
+      RestrictedAccess.accesses.find {|a| a.level == level}
+    end
+
+    def authorized_accesses
+      RestrictedAccess.accesses.select {|a| a <= access}
+    end
+
+  end
+end

data/lib/restricted_access/version.rb

@@ -0,0 +1,3 @@
+module RestrictedAccess
+  VERSION = "0.0.2"
+end

data/restricted_access.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'restricted_access/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "restricted_access"
+  spec.version       = RestrictedAccess::VERSION
+  spec.authors       = ["4nt1"]
+  spec.email         = ["antoinemary@hotmail.fr"]
+  spec.summary       = %q{An access rights management tool intended to work with Devise}
+  spec.description   = %q{An access rights management tool intended to work with Devise}
+  spec.homepage      = "https://github.com/4nt1/restricted_access"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+  spec.add_dependency "mongoid"
+  spec.add_dependency "mongoid-enum"
+end

metadata

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification
+name: restricted_access
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- 4nt1
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-10-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mongoid-enum
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: An access rights management tool intended to work with Devise
+email:
+- antoinemary@hotmail.fr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/generators/restricted_access/USAGE
+- lib/generators/restricted_access/install_generator.rb
+- lib/generators/restricted_access/templates/restricted_access.erb
+- lib/restricted_access.rb
+- lib/restricted_access/access.rb
+- lib/restricted_access/configuration.rb
+- lib/restricted_access/controller.rb
+- lib/restricted_access/helper.rb
+- lib/restricted_access/model.rb
+- lib/restricted_access/version.rb
+- restricted_access.gemspec
+homepage: https://github.com/4nt1/restricted_access
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: An access rights management tool intended to work with Devise
+test_files: []