rolypoly 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/.ruby-gemset

@@ -0,0 +1 @@
+rolypoly

data/.ruby-version

@@ -0,0 +1 @@
+ruby-1.9.3-p448

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in rolypoly.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Jon Phenow
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,74 @@
+# Rolypoly
+
+Allow certain roles access to certain controller actions.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'rolypoly'
+```
+
+And then execute:
+
+```bash
+$> bundle
+```
+
+## Usage
+
+```ruby
+class ApplicationController < ActionController::Base
+  def current_roles
+    current_user.roles
+  end
+
+  rescue_from(Rolypoly::FailedRoleCheckError) do
+    render text: "Failed Authorization!", status: 401
+  end
+end
+
+class UsersController < ApplicationController
+  include Rolypoly::ControllerRoleDSL
+
+  def index
+    # ...
+  end
+  restrict(:index).to(:admin)
+  # OR
+  allow(:admin).to_access(:index)
+
+  # Do a bunch at once
+  allow(:scorekeeper, :official).to_access(:show, :score)
+  def show
+    # ...
+  end
+
+  def score
+    # ...
+  end
+
+  # Allow admin role to access all actions of this controller
+  allow(:admin).to_all
+
+  # Make action public
+  restrict(:landing).to_none
+  publicize :landing
+
+  def landing
+    # ...
+  end
+
+  # Give up and make all public
+  all_public
+end
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/rolypoly/controller_role_dsl.rb

@@ -0,0 +1,77 @@
+require 'rolypoly/role_gatekeeper'
+module Rolypoly
+  FailedRoleCheckError = Class.new StandardError
+  module ControllerRoleDSL
+    def self.included(sub)
+      sub.send :extend, ClassMethods
+      sub.before_filter(:rolypoly_check_role_access!) if sub.respond_to? :before_filter
+      if sub.respond_to? :rescue_from
+        sub.rescue_from(FailedRoleCheckError) do
+          respond_to do |f|
+            f.html { render text: "Not Authorized", status: 401 }
+            f.json { render json: { error: "Not Authorized" }, status: 401 }
+            f.xml { render xml: { error: "Not Authorized" }, status: 401 }
+          end
+        end
+      end
+    end
+
+    def rolypoly_check_role_access!
+      failed_role_check! unless rolypoly_role_access?
+    end
+
+    def current_roles # OVERRIDE
+      []
+    end
+
+    def failed_role_check!
+      raise Rolypoly::FailedRoleCheckError
+    end
+
+    def rolypoly_role_access?
+      rolypoly_gatekeepers.any? { |gatekeeper|
+        gatekeeper.allow? current_roles, action_name
+      }
+    end
+    private :rolypoly_role_access?
+
+    def rolypoly_gatekeepers
+      self.class.rolypoly_gatekeepers
+    end
+    private :rolypoly_gatekeepers
+
+    module ClassMethods
+      def all_public
+        build_gatekeeper(nil, nil).all_public
+      end
+
+      def restrict(*actions)
+        build_gatekeeper nil, actions
+      end
+
+      def allow(*roles)
+        build_gatekeeper roles, nil
+      end
+
+      def publicize(*actions)
+        restrict(*actions).to_none
+      end
+
+      def rolypoly_gatekeepers
+        @rolypoly_gatekeepers ||= []
+      end
+
+      def build_gatekeeper(roles, actions)
+        RoleGatekeeper.new(roles, actions).tap { |gatekeeper|
+          rolypoly_gatekeepers << gatekeeper
+        }
+      end
+      private :build_gatekeeper
+
+      def rolypoly_gatekeepers=(arry)
+        @rolypoly_gatekeepers = Array(arry)
+      end
+      private :rolypoly_gatekeepers=
+    end
+  end
+end

data/lib/rolypoly/role_gatekeeper.rb

@@ -0,0 +1,81 @@
+require 'set'
+module Rolypoly
+  class RoleGatekeeper
+    def initialize(roles, actions)
+      self.roles = Set.new Array(roles).map(&:to_s)
+      self.actions = Set.new Array(actions).map(&:to_s)
+      self.all_actions = false
+      self.public = false
+    end
+
+    # restrict(*actions).to *roles
+    def to(*roles)
+      self.roles = self.roles.merge roles.flatten.compact.map(&:to_s)
+    end
+
+    # make actions public basically
+    # restrict(:index).to_none
+    def to_none
+      self.public = true
+    end
+
+    # allow(*roles).to_access *actions
+    def to_access(*actions)
+      self.actions = self.actions.merge actions.flatten.compact.map(&:to_s)
+    end
+
+    # allow role access to all actions
+    # allow(*roles).to_all
+    def to_all
+      self.all_actions = true
+    end
+
+    def allow?(current_roles, action)
+      action?(action) &&
+        role?(current_roles)
+    end
+
+    def all_public
+      self.public = true
+      self.all_actions = true
+    end
+
+    protected # self.attr= gets mad
+    attr_accessor :roles
+    attr_accessor :actions
+    attr_accessor :all_actions
+    attr_accessor :public
+
+    def role?(check_roles)
+      check_roles = Set.new Array(check_roles).map(&:to_s)
+      public? || !(check_roles & roles).empty?
+    end
+    private :role?
+
+    def action?(check_actions)
+      check_actions = Set.new Array(check_actions).map(&:to_s)
+      all_actions? || !(check_actions & actions).empty?
+    end
+    private :action?
+
+    def can_set_with_to?
+      roles.empty?
+    end
+    private :can_set_with_to?
+
+    def can_set_with_access_to?
+      actions.empty?
+    end
+    private :can_set_with_access_to?
+
+    def public?
+      !!public
+    end
+    private :public?
+
+    def all_actions?
+      !!all_actions
+    end
+    private :all_actions?
+  end
+end

data/lib/rolypoly/version.rb

@@ -0,0 +1,3 @@
+module Rolypoly
+  VERSION = "0.0.1"
+end

data/lib/rolypoly.rb

@@ -0,0 +1,2 @@
+require "rolypoly/version"
+require 'rolypoly/controller_role_dsl'

data/rolypoly.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rolypoly/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "rolypoly"
+  spec.version       = Rolypoly::VERSION
+  spec.authors       = ["Jon Phenow"]
+  spec.email         = ["j.phenow@gmail.com"]
+  spec.description   = %q{Tools for handling per-action and per-app Role authorization}
+  spec.summary       = %q{Tools for handling per-action and per-app Role authorization}
+  spec.homepage      = "https://github.com/sportngin/rolypoly"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+end

data/spec/lib/rolypoly/controller_role_dsl_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+module Rolypoly
+  describe ControllerRoleDSL do
+    let(:example_controller) do
+      Class.new do
+        include Rolypoly::ControllerRoleDSL
+      end
+    end
+    after { example_controller.instance_variable_set("@rolypoly_gatekeepers", nil) }
+    subject { example_controller }
+    it { should respond_to :restrict }
+    it { should respond_to :allow }
+
+    describe "setting up with DSL" do
+      describe "from allow side" do
+        let(:controller_instance) { subject.new }
+        let(:current_roles) { [:admin] }
+        before do
+          subject.allow(:admin).to_access(:index)
+          subject.publicize(:landing)
+          controller_instance.stub current_roles: current_roles, action_name: action_name
+        end
+
+        describe "#index" do
+          let(:action_name) { "index" }
+          it "allows admin access" do
+            expect { controller_instance.rolypoly_check_role_access! }
+            .not_to raise_error
+          end
+        end
+
+        describe "#show" do
+          let(:action_name) { "show" }
+          it "disallows admin access" do
+            expect { controller_instance.rolypoly_check_role_access! }
+            .to raise_error(Rolypoly::FailedRoleCheckError)
+          end
+        end
+
+        describe "#landing" do
+          let(:action_name) { "landing" }
+          it "allows admin access" do
+            expect { controller_instance.rolypoly_check_role_access! }
+            .not_to raise_error
+          end
+
+          describe "with no role" do
+            let(:current_roles) { [] }
+            it "allows admin access" do
+              expect { controller_instance.rolypoly_check_role_access! }
+              .not_to raise_error
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/rolypoly/role_gatekeeper_spec.rb

@@ -0,0 +1,105 @@
+require 'spec_helper'
+require 'rolypoly/role_gatekeeper'
+module Rolypoly
+  describe RoleGatekeeper do
+    let(:roles) { %w[admin scorekeeper] }
+    let(:actions) { %w[index show] }
+
+    subject { described_class.new roles, actions }
+
+    shared_examples_for "allow should behave correctly" do
+      it "shouldn't auto-allow" do
+        subject.allow?(nil, nil).should be_false
+      end
+
+      it "should allow scorekeepr access to index" do
+        subject.allow?([:scorekeeper], "index").should be_true
+      end
+
+      it "should not allow scorekeepr access to edit" do
+        subject.allow?([:scorekeeper], "edit").should be_false
+      end
+
+      describe "all public" do
+        before do
+          subject.all_public
+        end
+
+        it "should allow whatever" do
+          subject.allow?(nil, nil).should be_true
+        end
+
+        it "should allow scorekeepr access to index" do
+          subject.allow?([:scorekeeper], "index").should be_true
+        end
+
+        it "should allow scorekeepr access to edit" do
+          subject.allow?([:scorekeeper], "edit").should be_true
+        end
+      end
+
+      describe "all roles" do
+        before do
+          subject.to_none
+        end
+
+        it "shouldn't auto-allow" do
+          subject.allow?(nil, nil).should be_false
+        end
+
+        it "should allow scorekeepr access to index" do
+          subject.allow?([:janitor], "index").should be_true
+          subject.allow?([:admin], "index").should be_true
+        end
+
+        it "should not allow scorekeepr access to edit" do
+          subject.allow?([:scorekeeper], "edit").should be_false
+          subject.allow?([:janitor], "edit").should be_false
+        end
+      end
+
+      describe "all actions" do
+        before do
+          subject.to_all
+        end
+
+        it "shouldn't auto-allow" do
+          subject.allow?(nil, nil).should be_false
+        end
+
+        it "should allow scorekeepr access to index" do
+          subject.allow?([:scorekeeper], "index").should be_true
+        end
+
+        it "shouldn't allow janitor access to any" do
+          subject.allow?([:janitor], "index").should be_false
+        end
+
+        it "should allow scorekeepr access to edit" do
+          subject.allow?([:scorekeeper], "edit").should be_true
+        end
+      end
+    end
+    it_should_behave_like "allow should behave correctly"
+
+    describe "with only roles set" do
+      let(:actions) { [] }
+
+      before do
+        subject.to_access(:index, :show)
+      end
+
+      it_should_behave_like "allow should behave correctly"
+    end
+
+    describe "with only actions set" do
+      let(:roles) { [] }
+
+      before do
+        subject.to(:admin, :scorekeeper)
+      end
+
+      it_should_behave_like "allow should behave correctly"
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+require 'rolypoly'
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specific random order with `--seed 1234`
+  config.order = 'random'
+  config.color = true
+end

metadata

@@ -0,0 +1,119 @@
+--- !ruby/object:Gem::Specification
+name: rolypoly
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Jon Phenow
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-09-03 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Tools for handling per-action and per-app Role authorization
+email:
+- j.phenow@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .ruby-gemset
+- .ruby-version
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/rolypoly.rb
+- lib/rolypoly/controller_role_dsl.rb
+- lib/rolypoly/role_gatekeeper.rb
+- lib/rolypoly/version.rb
+- rolypoly.gemspec
+- spec/lib/rolypoly/controller_role_dsl_spec.rb
+- spec/lib/rolypoly/role_gatekeeper_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/sportngin/rolypoly
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2134864263053242356
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -2134864263053242356
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Tools for handling per-action and per-app Role authorization
+test_files:
+- spec/lib/rolypoly/controller_role_dsl_spec.rb
+- spec/lib/rolypoly/role_gatekeeper_spec.rb
+- spec/spec_helper.rb