roadblock 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 25323c08d6361c7df9cb6a2a0c07b7e805e30aad
-  data.tar.gz: ab5ad7a071020810f11a5073a5f58186fc983502
+  metadata.gz: af1f328bbe876f53f82f57c5b51f6b432fa0bb5e
+  data.tar.gz: d649ced8b0f46d0ca810fe558c8ce508252f4474
 SHA512:
-  metadata.gz: cf74d0bf321e337b64fbb510ca89e5d3e3e8a1be7cd32a57d48098d3f702291cdd5df91d4ab23fd283fe3fdec5c5b256e82171b228ee39f468d1dd5778c71f0f
-  data.tar.gz: 92d8951045847ba6e55d309380361334df9c65ff29d6f01fe0cb283a9943a603f0f8618ba3f1ba6821bfd7224d309eb0482de72d9877bdabec968acc6b05a671
+  metadata.gz: bda6816c0d10e740b186e6358b7fd080ec520aa17e6b82a15a2d46f524a98ca79659c1da98ac9a624945e978dd6cd89be5cfb510736c5b4ed13f9b56d85b8319
+  data.tar.gz: 1e614fe8b7d11bdf763a36919f95edfaca225d61fab8cb4e4698b6ac9b06a337aae26b4b2cde04fd5f0b045732a88f6c9a9b3f08bd2ddda3853916327e46364c

data/.gitignore

@@ -15,3 +15,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+.ruby-version

data/README.md

@@ -1,5 +1,6 @@
 # Roadblock
 
+[![Gem Version](https://badge.fury.io/rb/roadblock.png)](http://badge.fury.io/rb/roadblock)
 [![Semaphore](https://semaphoreapp.com/api/v1/projects/f1ccf0c3ff7565f975caef0fdfcf649f24f033fb/118939/shields_badge.png)](https://semaphoreapp.com/minter/roadblock)
 [![Code Climate](https://codeclimate.com/github/teamsnap/roadblock.png)](https://codeclimate.com/github/teamsnap/roadblock)
 [![Coverage Status](https://coveralls.io/repos/teamsnap/roadblock/badge.png?branch=master)](https://coveralls.io/r/teamsnap/roadblock?branch=master)
@@ -12,7 +13,7 @@ A simple authorization library.
 
 Roadblock provides a simple interface for checking if a ruby object has the authority to interact with another object. The most obvious example being if the current user in your rails controller can read/write the object they're attempting to access.
 
-Nearly all authorization libraries require heavy weight configuration and tight integration with Rails. This library was created to provide the simplest solution to the problem without requiring any external dependencies. It doesn't require Rails or any of it's subcomponents and weighs in at less than 10 LOC for the actual implementation. The library also optionally understands OAUTH scopes, something other authorization libraries do not.
+Nearly all authorization libraries require heavy weight configuration and tight integration with Rails. This library was created to provide the simplest solution to the problem without requiring any external dependencies. It doesn't require Rails or any of it's subcomponents and weighs in at less than 100 LOC for the actual implementation (less than 25 LOC if you don't care about authorizer stacks).
 
 ## Installation
 
@@ -30,38 +31,86 @@ Or install it yourself as:
 
 ## Usage
 
-    require "roadblock"
+```ruby
+require "roadblock"
 
-    class TeamAuthorizer
-      include Roadblock.authorizer
+class TeamAuthorizer
+  include Roadblock.authorizer
 
-      def can_read?(team)
-        scopes.include?("read") &&
-          user.teams.include?(team)
-      end
+  def can_read?(team)
+    scopes.include?("read") &&
+      user.teams.include?(team)
+  end
 
-      def can_write?(team)
-        scopes.include?("write_teams") && (
-          user.managed_teams.include?(team) ||
-          user.owned_teams.include?(team)
-        )
-      end
+  def can_write?(team)
+    scopes.include?("write_teams") && (
+      user.managed_teams.include?(team) ||
+      user.owned_teams.include?(team)
+    )
+  end
+end
+
+scopes = ["read", "write_teams"] # Optional oauth scopes
+auth = TeamAuthorizer.new(current_user, :scopes => scopes)
+team = Team.find(params[:id])
+
+# Scopes are optional, just don't pass any in if you don't want them.
+
+auth.can?(:read, team) # or auth.can_read?(team)
+auth.can?(:write, team) # or auth.can_write?(team)
+
+# When using the #can? syntax, you can pass in an enumerable
+# #can? will then tell you if the user is able to perform the
+# action on all of the objects. `true` they can, `false` they
+# cannot.
+
+teams = Team.where(:sport => :hockey)
+
+auth.can?(:read, teams)
+auth.can?(:write, teams)
+```
+
+### Middleware
+
+```ruby
+require "roadblock"
+
+class TeamAuthorizer
+  include Roadblock.authorizer
+
+  def can_read?(team)
+    user.teams.include?(team)
+  end
+end
+
+class AdminAuthorizer
+  include Roadblock.authorizer
+
+  def can?(action, object)
+    if user.is_admin?
+      true
+    else
+      yield(object)
     end
+  end
+end
+
+stack = Roadblock::Stack.new(current_user, :scopes => scopes)
+stack.add(AdminAuthorizer, TeamAuthorizer)
+
+# Then use stack just as you would a standalone authorizer
 
-    scopes = ["read", "write_teams"] # Optional oauth scopes
-    auth = TeamAuthorizer.new(current_user, :scopes => scopes)
-    team = Team.find(params[:id])
+stack.can?(:read, team) # or stack.can_read?(team)
+stack.can?(:read, teams) # or stack.can_read?(teams)
+```
 
-    auth.can?(:read, team)
-    auth.can?(:write, team)
-    
 ## Roadmap
 
 - Add optional faliure messages
 
 ## Contributing
 
-1. Fork it
+1. Fork it ( http://github.com/teamsnap/roadblock/fork )
 2. Create your feature branch (`git checkout -b my-new-feature`)
 3. Commit your changes (`git commit -am 'Add some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)

data/lib/roadblock.rb

@@ -1,4 +1,5 @@
 require_relative "roadblock/authorizer"
+require_relative "roadblock/stack"
 require_relative "roadblock/version"
 
 module Roadblock

data/lib/roadblock/authorizer.rb

@@ -5,11 +5,15 @@ module Roadblock
       self.scopes = scopes
     end
 
-    def can?(action, objects)
-      objects = [*objects]
-      objects
-      .map { |object| send("can_#{action}?", object) }
-      .all?
+    def can?(action, object)
+      if block_given?
+        yield(object)
+      else
+        objects = [*object]
+        objects
+          .map { |obj| send("can_#{action}?", obj) }
+          .all?
+      end
     end
 
     private

data/lib/roadblock/stack.rb

@@ -0,0 +1,51 @@
+module Roadblock
+  class Stack
+    NULL_AUTHORIZER_PROC = lambda { |object| false }
+
+    def initialize(user, scopes: [])
+      self.user = user
+      self.scopes = scopes
+      self.authorizers = []
+    end
+
+    def add(*auths)
+      self.authorizers = authorizers + auths
+    end
+
+    def can?(action, objects)
+      objects = [*objects]
+
+      stack = authorizers.reverse.inject(NULL_AUTHORIZER_PROC) do |authorizer_proc, authorizer_klass|
+        lambda { |obj|
+          authorizer = authorizer_klass.new(user, scopes: scopes)
+
+          authorizer.can?(action, obj) do |inner_obj|
+            authorizer.send("can_#{action}?", inner_obj, &authorizer_proc)
+          end
+        }
+      end
+
+      objects
+        .map { |object| stack.call(object) }
+        .all?
+    end
+
+    def respond_to?(method)
+      /can_(.*?)\?/.match(method) ? true : false
+    end
+
+    def method_missing(method, *args)
+      match = /can_(.*?)\?/.match(method)
+
+      if match
+        can?(match[1], *args)
+      else
+        super
+      end
+    end
+
+    private
+
+    attr_accessor :user, :scopes, :authorizers
+  end
+end

data/lib/roadblock/version.rb

@@ -1,3 +1,3 @@
 module Roadblock
-  VERSION = "0.0.1"
+  VERSION = "0.1.0"
 end

data/roadblock.gemspec

@@ -6,7 +6,7 @@ require 'roadblock/version'
 Gem::Specification.new do |spec|
   spec.name          = "roadblock"
   spec.version       = Roadblock::VERSION
-  spec.authors       = ["Shane Emmons"]
+  spec.authors       = ["Shane Emmons", "Emily Dobervich"]
   spec.email         = ["oss@teamsnap.com"]
   spec.description   = <<DESC
 Roadblock provides a simple interface for checking if a ruby object has the

data/spec/roadblock_spec.rb

@@ -14,7 +14,23 @@ class TestAuthorizer
   end
 end
 
-describe Roadblock do
+class ForwardingAuthorizer
+  include Roadblock.authorizer
+
+  def can_peek?(object)
+    yield(object)
+  end
+end
+
+class ReturningMiddleware
+  include Roadblock.authorizer
+
+  def can_peek?(object)
+    false
+  end
+end
+
+describe Roadblock::Authorizer do
   subject { TestAuthorizer }
 
   describe "#can?" do
@@ -23,7 +39,7 @@ describe Roadblock do
       scopes = ["peekable"]
       auth = subject.new(user, :scopes => scopes)
 
-      expect(auth.can?(:peek, user)).to eq(true)
+      expect(auth.can?(:peek, user)).to be true
     end
 
     it "accepts multiple objects" do
@@ -31,7 +47,7 @@ describe Roadblock do
       scopes = ["peekable"]
       auth = subject.new(user, :scopes => scopes)
 
-      expect(auth.can?(:peek, [user, user])).to eq(true)
+      expect(auth.can?(:peek, [user, user])).to be true
     end
 
     it "requires all objects to pass authorization" do
@@ -50,3 +66,88 @@ describe Roadblock do
     end
   end
 end
+
+describe Roadblock::Stack do
+  describe "#can?" do
+    it "correctly forwards call" do
+      user = double
+      scopes = ["peekable"]
+
+      stack = Roadblock::Stack.new(user, :scopes => scopes)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can?(:peek, user)).to be(true)
+    end
+
+    it "correctly forwards call with alternate call style" do
+      user = double
+      scopes = ["peekable"]
+
+      stack = Roadblock::Stack.new(user, :scopes => scopes)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can_peek?(user)).to be(true)
+    end
+
+    it "correctly forwards call through middleware" do
+      user = double
+      scopes = ["peekable"]
+
+      stack = Roadblock::Stack.new(user, :scopes => scopes)
+      stack.add(ForwardingAuthorizer)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can?(:peek, user)).to be(true)
+    end
+
+    it "correctly handles middleware returning early" do
+      user = double
+      scopes = ["peekable"]
+
+      stack = Roadblock::Stack.new(user, :scopes => scopes)
+      stack.add(ReturningMiddleware)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can?(:peek, user)).to be(false)
+    end
+
+    it "accepts multiple objects" do
+      user = double
+      scopes = ["peekable"]
+
+      stack = Roadblock::Stack.new(user, :scopes => scopes)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can?(:peek, [user, user])).to be true
+    end
+
+    it "accepts multiple objects with alternate call style" do
+      user = double
+      scopes = ["peekable"]
+
+      stack = Roadblock::Stack.new(user, :scopes => scopes)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can_peek?([user, user])).to be true
+    end
+
+    it "requires all objects to pass authorization" do
+      user = double
+      scopes = ["peekable"]
+
+      stack = Roadblock::Stack.new(user, :scopes => scopes)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can?(:peek, [user, nil])).to eq(false)
+    end
+
+    it "doesn't require scopes to be used" do
+      user = double
+
+      stack = Roadblock::Stack.new(user)
+      stack.add(TestAuthorizer)
+
+      expect(stack.can?(:wink, user)).to be(true)
+    end
+  end
+end

metadata

@@ -1,55 +1,56 @@
 --- !ruby/object:Gem::Specification
 name: roadblock
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.1.0
 platform: ruby
 authors:
 - Shane Emmons
+- Emily Dobervich
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-22 00:00:00.000000000 Z
+date: 2014-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 3.0.0.beta1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 3.0.0.beta1
 description: |
@@ -63,13 +64,14 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - lib/roadblock.rb
 - lib/roadblock/authorizer.rb
+- lib/roadblock/stack.rb
 - lib/roadblock/version.rb
 - roadblock.gemspec
 - spec/roadblock_spec.rb
@@ -84,20 +86,21 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.14
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: A simple authorization library.
 test_files:
 - spec/roadblock_spec.rb
 - spec/spec_helper.rb
+has_rdoc: