secure_link 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 9ccb11332e893ef9744aa978aa652b6f1df2f075
4
+ data.tar.gz: c332ff6e31dad982d50eada5d6dadaa729829556
5
+ SHA512:
6
+ metadata.gz: 9cb440713564127462e200c1c264db8d4c2f416950f9136de7284676878563d8e299ecf2f6a6991bad1d3d93ed52cd61308dd690a8a2cdbb7141d6bec93522e7
7
+ data.tar.gz: de10c098d0e6a158a396f1f650807579594f30c75de72792bf1405caa055c3c6bb4bee495bd0d273ae86d644a28ed14f19041dc416e1bab452b135b2d13cbe44
data/.gitignore ADDED
@@ -0,0 +1,14 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ *.bundle
11
+ *.so
12
+ *.o
13
+ *.a
14
+ mkmf.log
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in secure_link.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2015 Nikita Singh
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,68 @@
1
+ # SecureLink
2
+
3
+ This gem will help in securing your links by not showing them in the web page if user is not authorized for it.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'secure_link'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install secure_link
20
+
21
+ ## Usage
22
+
23
+ SecureLink expects a +current_user+ method to exist in the controller. First, set up some authentication (such as Authlogic[https://github.com/binarylogic/authlogic] or Devise[https://github.com/plataformatec/devise]).
24
+ Also Add a migration to add +role+ column in your +users+ table
25
+
26
+
27
+ ## 1. Define Permissions
28
+
29
+ Permissions are defined in an +Permission+ class. The gem includes a generator for creating this class.
30
+
31
+ rails g secure_link:permission
32
+
33
+ ## 2. Adding Permissions
34
+
35
+ Once the permission file is created, add permissions in the following format -
36
+
37
+ [
38
+ ['__URL__','__ROLE__']
39
+ ]
40
+
41
+ Example -
42
+ [
43
+ ['/admin', 'admin'],
44
+ ['/users/new', 'super admin']
45
+ ]
46
+
47
+ ## 3. Using Links
48
+
49
+ Like a normal link -
50
+
51
+ <%= link_to "Admin Section", admin_index_path %>
52
+
53
+
54
+
55
+ ## Contributing
56
+
57
+ 1. Fork it ( https://github.com/[my-github-username]/secure_link/fork )
58
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
59
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
60
+ 4. Push to the branch (`git push origin my-new-feature`)
61
+ 5. Create a new Pull Request
62
+
63
+ ## Next steps:-
64
+
65
+ 1. Adding before filter to check the permission.
66
+ 2. Use of path and url helpers for URL generation in permission.rb file.
67
+ 3. Ability to have different column name instead of role.
68
+
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ require "bundler/gem_tasks"
2
+
@@ -0,0 +1,11 @@
1
+ module SecureLink
2
+ module Generators
3
+ class PermissionGenerator < Rails::Generators::Base
4
+ source_root File.expand_path('../templates', __FILE__)
5
+
6
+ def generate_permission
7
+ copy_file "permission.rb", "app/controllers/permission.rb"
8
+ end
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,23 @@
1
+ class Permission
2
+
3
+ #You will need to add the permission based on following format -
4
+ # [
5
+ # ['__URL__','__ROLE__']
6
+ # ]
7
+ # Example -
8
+ # [
9
+ # ['/login', 'normal'],
10
+ # ['/users/new', 'admin']
11
+ # ]
12
+ # TODO:-
13
+ # * Allowing multiple user to be added for single url
14
+ # * Use of paths or url instead of exact URL
15
+ #
16
+
17
+ def self.get_permissions
18
+ [
19
+ ['','']
20
+ ]
21
+ end
22
+ end
23
+
@@ -0,0 +1,25 @@
1
+ module SecureLink extend ActiveSupport::Concern
2
+ def authorized?(url, method = nil)
3
+ return false unless url
4
+
5
+ # Mailto link
6
+ return true if url =~ /^mailto:/
7
+
8
+ method ||= (params[:method] || request.method)
9
+ url_parts = URI::split(url.strip)
10
+ path = url_parts[5]
11
+ return true if current_user && is_authorized?(path)
12
+
13
+ begin
14
+ hash = Rails.application.routes.recognize_path(path, :method => method)
15
+ return is_authorized?(path_from_hash(hash)) if hash
16
+ rescue Exception => e
17
+
18
+ end
19
+ end
20
+
21
+ def is_authorized?(resource)
22
+ all_permissions = Permission.get_permissions
23
+ all_permissions.include?([resource, current_user.role])
24
+ end
25
+ end
@@ -0,0 +1,18 @@
1
+ module SecureLink
2
+ def button_to_secured(name, options = {}, html_options = nil)
3
+ url = url_for(options)
4
+ check_url = url
5
+
6
+ unless ENV["RAILS_RELATIVE_URL_ROOT"].blank?
7
+ check_url = check_url.gsub(ENV["RAILS_RELATIVE_URL_ROOT"], "")
8
+ end
9
+
10
+ method = html_options ? html_options[:method] : nil
11
+
12
+ if authorized?(check_url, method)
13
+ return button_to_open(name, url, html_options)
14
+ end
15
+
16
+ return ""
17
+ end
18
+ end
@@ -0,0 +1,18 @@
1
+ module SecureLink
2
+ def link_to_secured(name, options = {}, html_options = nil)
3
+ url = url_for(options)
4
+ check_url = url
5
+
6
+ unless ENV["RAILS_RELATIVE_URL_ROOT"].blank?
7
+ check_url = check_url.gsub(ENV["RAILS_RELATIVE_URL_ROOT"], "")
8
+ end
9
+
10
+ method = html_options ? html_options[:method] : nil
11
+
12
+ if authorized?(check_url, method)
13
+ return link_to_open(name, url, html_options)
14
+ end
15
+
16
+ return ""
17
+ end
18
+ end
@@ -0,0 +1,3 @@
1
+ module SecureLink
2
+ VERSION = "0.0.1"
3
+ end
@@ -0,0 +1,17 @@
1
+ require "secure_link/version"
2
+ require "secure_link/link"
3
+ require "secure_link/button"
4
+ require "secure_link/authorize"
5
+
6
+
7
+ module SecureLink
8
+ end
9
+
10
+ ActionView::Base.class_eval {
11
+ include SecureLink
12
+
13
+ alias_method :link_to, :link_to_secured
14
+ alias_method :button_to, :button_to_secured
15
+ }
16
+
17
+
@@ -0,0 +1,24 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'secure_link/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "secure_link"
8
+ spec.version = SecureLink::VERSION
9
+ spec.authors = ["Nikita Singh"]
10
+ spec.email = ["nikitaa_singh@yahoo.co.in"]
11
+ spec.summary = "This gem helps you authorize your Rails link with the help of cancan and devise"
12
+ spec.description = "This gem helps you authorize your Rails link with the help of cancan and devise"
13
+ spec.homepage = ""
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files -z`.split("\x0")
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.7"
22
+ spec.add_development_dependency "rake", "~> 10.0"
23
+ spec.add_development_dependency 'rspec-rails'
24
+ end
@@ -0,0 +1,9 @@
1
+ # require 'rails_helper'
2
+
3
+ describe Authorize do
4
+ describe "authorized?" do
5
+ it "should return false" do
6
+ expect(authorized?).to be_falsey
7
+ end
8
+ end
9
+ end
File without changes
File without changes
metadata ADDED
@@ -0,0 +1,107 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: secure_link
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Nikita Singh
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-07-14 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ~>
18
+ - !ruby/object:Gem::Version
19
+ version: '1.7'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ~>
25
+ - !ruby/object:Gem::Version
26
+ version: '1.7'
27
+ - !ruby/object:Gem::Dependency
28
+ name: rake
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ~>
32
+ - !ruby/object:Gem::Version
33
+ version: '10.0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ~>
39
+ - !ruby/object:Gem::Version
40
+ version: '10.0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec-rails
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - '>='
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - '>='
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ description: This gem helps you authorize your Rails link with the help of cancan
56
+ and devise
57
+ email:
58
+ - nikitaa_singh@yahoo.co.in
59
+ executables: []
60
+ extensions: []
61
+ extra_rdoc_files: []
62
+ files:
63
+ - .gitignore
64
+ - Gemfile
65
+ - LICENSE.txt
66
+ - README.md
67
+ - Rakefile
68
+ - lib/generators/secure_link/permission_generator.rb
69
+ - lib/generators/secure_link/templates/permission.rb
70
+ - lib/secure_link.rb
71
+ - lib/secure_link/authorize.rb
72
+ - lib/secure_link/button.rb
73
+ - lib/secure_link/link.rb
74
+ - lib/secure_link/version.rb
75
+ - secure_link.gemspec
76
+ - spec/secure_link/authorize_spec.rb
77
+ - spec/secure_link/button_spec.rb
78
+ - spec/secure_link/link_spec.rb
79
+ homepage: ''
80
+ licenses:
81
+ - MIT
82
+ metadata: {}
83
+ post_install_message:
84
+ rdoc_options: []
85
+ require_paths:
86
+ - lib
87
+ required_ruby_version: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - '>='
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ required_rubygems_version: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - '>='
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ requirements: []
98
+ rubyforge_project:
99
+ rubygems_version: 2.0.14
100
+ signing_key:
101
+ specification_version: 4
102
+ summary: This gem helps you authorize your Rails link with the help of cancan and
103
+ devise
104
+ test_files:
105
+ - spec/secure_link/authorize_spec.rb
106
+ - spec/secure_link/button_spec.rb
107
+ - spec/secure_link/link_spec.rb