roadblock 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/Gemfile +5 -0
- data/LICENSE.txt +22 -0
- data/README.md +68 -0
- data/Rakefile +1 -0
- data/lib/roadblock.rb +12 -0
- data/lib/roadblock/authorizer.rb +19 -0
- data/lib/roadblock/version.rb +3 -0
- data/roadblock.gemspec +29 -0
- data/spec/roadblock_spec.rb +52 -0
- data/spec/spec_helper.rb +6 -0
- metadata +103 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 25323c08d6361c7df9cb6a2a0c07b7e805e30aad
|
|
4
|
+
data.tar.gz: ab5ad7a071020810f11a5073a5f58186fc983502
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: cf74d0bf321e337b64fbb510ca89e5d3e3e8a1be7cd32a57d48098d3f702291cdd5df91d4ab23fd283fe3fdec5c5b256e82171b228ee39f468d1dd5778c71f0f
|
|
7
|
+
data.tar.gz: 92d8951045847ba6e55d309380361334df9c65ff29d6f01fe0cb283a9943a603f0f8618ba3f1ba6821bfd7224d309eb0482de72d9877bdabec968acc6b05a671
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
Copyright (c) 2013 TeamSnap
|
|
2
|
+
|
|
3
|
+
MIT License
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
|
6
|
+
a copy of this software and associated documentation files (the
|
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
|
11
|
+
the following conditions:
|
|
12
|
+
|
|
13
|
+
The above copyright notice and this permission notice shall be
|
|
14
|
+
included in all copies or substantial portions of the Software.
|
|
15
|
+
|
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
# Roadblock
|
|
2
|
+
|
|
3
|
+
[](https://semaphoreapp.com/minter/roadblock)
|
|
4
|
+
[](https://codeclimate.com/github/teamsnap/roadblock)
|
|
5
|
+
[](https://coveralls.io/r/teamsnap/roadblock?branch=master)
|
|
6
|
+
[](https://gemnasium.com/teamsnap/roadblock)
|
|
7
|
+
[](http://opensource.org/licenses/MIT)
|
|
8
|
+
|
|
9
|
+
A simple authorization library.
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
Roadblock provides a simple interface for checking if a ruby object has the authority to interact with another object. The most obvious example being if the current user in your rails controller can read/write the object they're attempting to access.
|
|
14
|
+
|
|
15
|
+
Nearly all authorization libraries require heavy weight configuration and tight integration with Rails. This library was created to provide the simplest solution to the problem without requiring any external dependencies. It doesn't require Rails or any of it's subcomponents and weighs in at less than 10 LOC for the actual implementation. The library also optionally understands OAUTH scopes, something other authorization libraries do not.
|
|
16
|
+
|
|
17
|
+
## Installation
|
|
18
|
+
|
|
19
|
+
Add this line to your application's Gemfile:
|
|
20
|
+
|
|
21
|
+
gem 'roadblock'
|
|
22
|
+
|
|
23
|
+
And then execute:
|
|
24
|
+
|
|
25
|
+
$ bundle
|
|
26
|
+
|
|
27
|
+
Or install it yourself as:
|
|
28
|
+
|
|
29
|
+
$ gem install roadblock
|
|
30
|
+
|
|
31
|
+
## Usage
|
|
32
|
+
|
|
33
|
+
require "roadblock"
|
|
34
|
+
|
|
35
|
+
class TeamAuthorizer
|
|
36
|
+
include Roadblock.authorizer
|
|
37
|
+
|
|
38
|
+
def can_read?(team)
|
|
39
|
+
scopes.include?("read") &&
|
|
40
|
+
user.teams.include?(team)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def can_write?(team)
|
|
44
|
+
scopes.include?("write_teams") && (
|
|
45
|
+
user.managed_teams.include?(team) ||
|
|
46
|
+
user.owned_teams.include?(team)
|
|
47
|
+
)
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
scopes = ["read", "write_teams"] # Optional oauth scopes
|
|
52
|
+
auth = TeamAuthorizer.new(current_user, :scopes => scopes)
|
|
53
|
+
team = Team.find(params[:id])
|
|
54
|
+
|
|
55
|
+
auth.can?(:read, team)
|
|
56
|
+
auth.can?(:write, team)
|
|
57
|
+
|
|
58
|
+
## Roadmap
|
|
59
|
+
|
|
60
|
+
- Add optional faliure messages
|
|
61
|
+
|
|
62
|
+
## Contributing
|
|
63
|
+
|
|
64
|
+
1. Fork it
|
|
65
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
|
66
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
|
67
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
|
68
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require "bundler/gem_tasks"
|
data/lib/roadblock.rb
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module Roadblock
|
|
2
|
+
module Authorizer
|
|
3
|
+
def initialize(user, scopes: [])
|
|
4
|
+
self.user = user
|
|
5
|
+
self.scopes = scopes
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def can?(action, objects)
|
|
9
|
+
objects = [*objects]
|
|
10
|
+
objects
|
|
11
|
+
.map { |object| send("can_#{action}?", object) }
|
|
12
|
+
.all?
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
private
|
|
16
|
+
|
|
17
|
+
attr_accessor :user, :scopes
|
|
18
|
+
end
|
|
19
|
+
end
|
data/roadblock.gemspec
ADDED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# coding: utf-8
|
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
|
+
require 'roadblock/version'
|
|
5
|
+
|
|
6
|
+
Gem::Specification.new do |spec|
|
|
7
|
+
spec.name = "roadblock"
|
|
8
|
+
spec.version = Roadblock::VERSION
|
|
9
|
+
spec.authors = ["Shane Emmons"]
|
|
10
|
+
spec.email = ["oss@teamsnap.com"]
|
|
11
|
+
spec.description = <<DESC
|
|
12
|
+
Roadblock provides a simple interface for checking if a ruby object has the
|
|
13
|
+
authority to interact with another object. The most obvious example being if
|
|
14
|
+
the current user in your rails controller can read/write the object they're
|
|
15
|
+
attempting to access.
|
|
16
|
+
DESC
|
|
17
|
+
spec.summary = "A simple authorization library."
|
|
18
|
+
spec.homepage = "https://github.com/teamsnap/roadblock"
|
|
19
|
+
spec.license = "MIT"
|
|
20
|
+
|
|
21
|
+
spec.files = `git ls-files`.split($/)
|
|
22
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
|
23
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
|
24
|
+
spec.require_paths = ["lib"]
|
|
25
|
+
|
|
26
|
+
spec.add_development_dependency "bundler", "~> 1.3"
|
|
27
|
+
spec.add_development_dependency "rake"
|
|
28
|
+
spec.add_development_dependency "rspec", "~> 3.0.0.beta1"
|
|
29
|
+
end
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
require_relative "spec_helper"
|
|
2
|
+
require_relative "../lib/roadblock"
|
|
3
|
+
|
|
4
|
+
class TestAuthorizer
|
|
5
|
+
include Roadblock.authorizer
|
|
6
|
+
|
|
7
|
+
def can_peek?(object)
|
|
8
|
+
scopes.include?("peekable") &&
|
|
9
|
+
user == object
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def can_wink?(object)
|
|
13
|
+
user == object
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
describe Roadblock do
|
|
18
|
+
subject { TestAuthorizer }
|
|
19
|
+
|
|
20
|
+
describe "#can?" do
|
|
21
|
+
it "correctly forwards call" do
|
|
22
|
+
user = double
|
|
23
|
+
scopes = ["peekable"]
|
|
24
|
+
auth = subject.new(user, :scopes => scopes)
|
|
25
|
+
|
|
26
|
+
expect(auth.can?(:peek, user)).to eq(true)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
it "accepts multiple objects" do
|
|
30
|
+
user = double
|
|
31
|
+
scopes = ["peekable"]
|
|
32
|
+
auth = subject.new(user, :scopes => scopes)
|
|
33
|
+
|
|
34
|
+
expect(auth.can?(:peek, [user, user])).to eq(true)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it "requires all objects to pass authorization" do
|
|
38
|
+
user = double
|
|
39
|
+
scopes = ["peekable"]
|
|
40
|
+
auth = subject.new(user, :scopes => scopes)
|
|
41
|
+
|
|
42
|
+
expect(auth.can?(:peek, [user, nil])).to eq(false)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
it "doesn't require scopes to be used" do
|
|
46
|
+
user = double
|
|
47
|
+
auth = subject.new(user)
|
|
48
|
+
|
|
49
|
+
expect(auth.can?(:wink, user)).to be(true)
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
ADDED
|
@@ -0,0 +1,103 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: roadblock
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.1
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Shane Emmons
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2013-12-22 00:00:00.000000000 Z
|
|
12
|
+
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: bundler
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ~>
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '1.3'
|
|
20
|
+
type: :development
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ~>
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '1.3'
|
|
27
|
+
- !ruby/object:Gem::Dependency
|
|
28
|
+
name: rake
|
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - '>='
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0'
|
|
34
|
+
type: :development
|
|
35
|
+
prerelease: false
|
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
37
|
+
requirements:
|
|
38
|
+
- - '>='
|
|
39
|
+
- !ruby/object:Gem::Version
|
|
40
|
+
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: rspec
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ~>
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 3.0.0.beta1
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ~>
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 3.0.0.beta1
|
|
55
|
+
description: |
|
|
56
|
+
Roadblock provides a simple interface for checking if a ruby object has the
|
|
57
|
+
authority to interact with another object. The most obvious example being if
|
|
58
|
+
the current user in your rails controller can read/write the object they're
|
|
59
|
+
attempting to access.
|
|
60
|
+
email:
|
|
61
|
+
- oss@teamsnap.com
|
|
62
|
+
executables: []
|
|
63
|
+
extensions: []
|
|
64
|
+
extra_rdoc_files: []
|
|
65
|
+
files:
|
|
66
|
+
- .gitignore
|
|
67
|
+
- Gemfile
|
|
68
|
+
- LICENSE.txt
|
|
69
|
+
- README.md
|
|
70
|
+
- Rakefile
|
|
71
|
+
- lib/roadblock.rb
|
|
72
|
+
- lib/roadblock/authorizer.rb
|
|
73
|
+
- lib/roadblock/version.rb
|
|
74
|
+
- roadblock.gemspec
|
|
75
|
+
- spec/roadblock_spec.rb
|
|
76
|
+
- spec/spec_helper.rb
|
|
77
|
+
homepage: https://github.com/teamsnap/roadblock
|
|
78
|
+
licenses:
|
|
79
|
+
- MIT
|
|
80
|
+
metadata: {}
|
|
81
|
+
post_install_message:
|
|
82
|
+
rdoc_options: []
|
|
83
|
+
require_paths:
|
|
84
|
+
- lib
|
|
85
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
86
|
+
requirements:
|
|
87
|
+
- - '>='
|
|
88
|
+
- !ruby/object:Gem::Version
|
|
89
|
+
version: '0'
|
|
90
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
|
+
requirements:
|
|
92
|
+
- - '>='
|
|
93
|
+
- !ruby/object:Gem::Version
|
|
94
|
+
version: '0'
|
|
95
|
+
requirements: []
|
|
96
|
+
rubyforge_project:
|
|
97
|
+
rubygems_version: 2.0.14
|
|
98
|
+
signing_key:
|
|
99
|
+
specification_version: 4
|
|
100
|
+
summary: A simple authorization library.
|
|
101
|
+
test_files:
|
|
102
|
+
- spec/roadblock_spec.rb
|
|
103
|
+
- spec/spec_helper.rb
|