role-authz 0.0.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Jorge Villatoro
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,77 @@
+RoleAuthz - Simple role-based authorization
+===========================================
+
+Roles
+------
+
+    class Application < Merb::Controller
+      role :name do |operator, target|
+        # return true or false, depending on
+        # whether or not this operator/target 
+        # combination can have this role
+      end
+      # Examples:
+      role :admin do |operator, target|
+        operator.respond_to?(:admin) && operator.admin
+      end
+      role :owner do |operator, target|
+        target.respond_to?(:owner) && target.owner == operator
+      end
+      role :guest do |operator, target|
+        operator.nil?
+      end
+    end
+
+Permissions
+-----------
+
+#### For resources:
+
+    class Posts < Application
+      authorize Post do
+        for_role(:admin).allow(:all)
+        for_role(:owner).allow(:all)
+        for_role(:guest).allow(:index, :show)
+      end
+    end
+
+#### For controllers:
+
+    class NotAResourceController < Application
+      authorize self do
+        for_role(:guest).allow(:foo)
+      end
+      # foo is just an action
+    end
+
+#### Global:
+
+    class Application < Merb::Controller
+      # your role definitions
+      authorize self do
+        for_role(:admin).allow(:all)
+      end
+    end
+
+Operators (user classes)
+------------------------
+
+Operator classes must call authorizable! somewhere. 
+
+#### Example:
+    class User
+      include DataMapper::Resource
+      authorizable!
+  
+      property :id, Serial
+      property :login, String
+    end
+
+Operators may use the authorized? method to check authorization.
+
+#### Examples:
+
+    user = User.get(n)
+    user.authorized?(:target => @post, :action => :edit)
+    user.authorized?(:target => Posts, :action => :new)
+    user.authorized?(:role => :admin)

data/Rakefile

@@ -0,0 +1,82 @@
+begin
+  # Just in case the bundle was locked
+  # This shouldn't happen in a dev environment but lets be safe
+  require '.bundle/environment'
+rescue LoadError
+  require 'rubygems'
+  require 'bundler'
+  Bundler.setup
+end
+require 'rake/gempackagetask'
+
+require 'merb-core'
+require 'merb-core/tasks/merb'
+
+GEM_NAME = "role-authz"
+GEM_VERSION = "0.0.1"
+AUTHOR = "Jorge Villatoro"
+EMAIL = "jorge@tomatocannon.com"
+HOMEPAGE = "http://www.github.com/thelazyfox/role-authz"
+SUMMARY = "A merb plugin that provides simple role based authorization"
+
+spec = Gem::Specification.new do |s|
+  s.rubyforge_project = 'merb'
+  s.name = GEM_NAME
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE", "TODO"]
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency('merb-core', '>= 1.1.3')
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+  
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the plugin as a gem"
+task :install do
+  Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Uninstall the gem"
+task :uninstall do
+  Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Create a gemspec file"
+task :gemspec do
+  File.open("#{GEM_NAME}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end
+
+begin
+  require 'spec'
+  require 'spec/rake/spectask'
+
+  task :default => [ :spec ]
+
+  desc 'Run specifications'
+  Spec::Rake::SpecTask.new(:spec) do |t|
+    t.spec_opts << '--options' << 'spec/spec.opts' if File.exists?('spec/spec.opts')
+    t.spec_opts << '--color' << '--format' << 'specdoc'
+    begin
+      require 'rcov'
+      t.rcov_opts << '--exclude' << 'spec'
+      t.rcov_opts << '--text-summary'
+      t.rcov_opts << '--sort' << 'coverage' << '--sort-reverse'
+    rescue LoadError
+      # rcov not installed
+    end
+  end
+rescue LoadError
+  # rspec not installed
+end

data/TODO

@@ -0,0 +1,2 @@
+TODO:
+- Make it moar better

data/lib/role-authz.rb

@@ -0,0 +1,22 @@
+# make sure we're running inside Merb
+if defined?(Merb::Plugins)
+  
+  require 'merb-auth-core'
+  # Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
+  Merb::Plugins.config[:role_authz] = {}
+  
+  path = File.dirname(__FILE__)
+  Dir[path / "role-authz" / "authorization" / "**/*.rb"].each do |f|
+    require f
+  end
+  
+  Merb::BootLoader.before_app_loads do
+    # require code that must be loaded before the application
+  end
+  
+  Merb::BootLoader.after_app_loads do
+    # code that can be required after the application loads
+  end
+  
+  Merb::Plugins.add_rakefiles "role-authz/merbtasks"
+end

data/lib/role-authz/authorization/authorization.rb

@@ -0,0 +1,17 @@
+module Authorization
+  @roles = {}
+  
+  def self.roles_for(operator, target)
+    list = []
+    @roles.each do |name, proc|
+      if proc.call(operator, target)
+        list += [name]
+      end
+    end
+    list
+  end
+  
+  def self.add_role(name, &block)
+    @roles[name] = block
+  end
+end

data/lib/role-authz/authorization/controller_helper.rb

@@ -0,0 +1,34 @@
+module Authorization
+  class OpenForRoleStatement < Exception; end
+  class NoCurrentForRoleStatement < Exception; end
+  
+  class ControllerHelper
+    def initialize
+      @working_roles = []
+      @permissions_list = {}
+    end
+  
+    def for_roles(*the_roles)
+      raise OpenForRoleStatement unless @working_roles.empty?
+      @working_roles += the_roles
+      self
+    end
+    alias_method :for_role, :for_roles
+    
+    def allow(*the_actions)
+      raise NoCurrentForRoleStatement unless !@working_roles.empty?
+      @working_roles.each do |current_role|
+        if !@permissions_list.include?(current_role)
+          @permissions_list[current_role] = []
+        end
+        @permissions_list[current_role] += the_actions
+      end
+      @working_roles.clear
+      self
+    end
+    
+    def actions_for(role)
+      @permissions_list[role] || []
+    end
+  end
+end

data/lib/role-authz/authorization/controller_mixin.rb

@@ -0,0 +1,41 @@
+class Merb::Controller
+  class Unauthorized < Merb::Controller::Forbidden; end
+  class_inheritable_accessor :_authorization
+  class_inheritable_accessor :_authorization_target
+  
+  def self.role(name, &block)
+    Authorization.add_role(name, &block)
+  end
+  
+  def self.authorize(klass, &block)
+    klass._authorization_proxy = self
+    self._authorization_target = klass
+    self._authorization ||= Authorization::ControllerHelper.new
+    self._authorization.instance_eval(&block) if block_given?
+    before :ensure_authorized
+    self._authorization
+  end
+  
+  def authorization_target
+    if _authorization_target.respond_to?(:get)
+      _authorization_target.get(params[:id])
+    else
+      nil
+    end
+  end
+  
+  def ensure_authorized
+    operator = nil
+    operator = session.user if session.authenticated?
+    roles = Authorization.roles_for(operator, authorization_target)
+    roles.each do |role|
+      actions = self.class._authorization.actions_for(role)
+      return true if actions.include?(params[:action].to_sym) || actions.include?(:all)
+    end
+    if session.authenticated?
+      raise Unauthorized
+    else
+      raise Unauthenticated
+    end
+  end
+end

data/lib/role-authz/authorization/object_mixin.rb

@@ -0,0 +1,8 @@
+class Object
+  class_inheritable_accessor :_authorization_proxy
+  
+  def self.authorizable!
+    include Authorization::OperatorMixin
+  end
+
+end

data/lib/role-authz/authorization/operator_mixin.rb

@@ -0,0 +1,18 @@
+module Authorization::OperatorMixin
+
+  def authorized?(args = {})
+    @roles ||= Authorization.roles_for(self, args[:target])
+    if args[:action].nil?
+      @roles.include?(args[:role])
+    else
+      target = args[:target]._authorization_proxy unless args[:target]._authorization_proxy.nil?
+      
+      @roles.each do |role|
+        actions = target._authorization.actions_for(role)
+        return true if actions.include?(args[:action]) || actions.include?(:all)
+      end
+      false
+    end
+  end
+  
+end

data/spec/role-authz_spec.rb

@@ -0,0 +1,7 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe "role-authz" do
+  it "should do nothing" do
+    true.should == true
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')

metadata

@@ -0,0 +1,93 @@
+--- !ruby/object:Gem::Specification 
+name: role-authz
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Jorge Villatoro
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-08-12 00:00:00 -05:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: merb-core
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 1
+        - 3
+        version: 1.1.3
+  type: :runtime
+  prerelease: false
+  version_requirements: *id001
+description: A merb plugin that provides simple role based authorization
+email: jorge@tomatocannon.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- LICENSE
+- TODO
+files: 
+- LICENSE
+- README
+- Rakefile
+- TODO
+- lib/role-authz/authorization/authorization.rb
+- lib/role-authz/authorization/controller_helper.rb
+- lib/role-authz/authorization/controller_mixin.rb
+- lib/role-authz/authorization/object_mixin.rb
+- lib/role-authz/authorization/operator_mixin.rb
+- lib/role-authz.rb
+- spec/role-authz_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://www.github.com/thelazyfox/role-authz
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 2034184392538483349
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 2034184392538483349
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: merb
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: A merb plugin that provides simple role based authorization
+test_files: []
+