RubyGems - secure_link - Versions diffs - 0.0.1 - Mend

Files changed (18) hide show

checksums.yaml +7 -0
data/.gitignore +14 -0
data/Gemfile +4 -0
data/LICENSE.txt +22 -0
data/README.md +68 -0
data/Rakefile +2 -0
data/lib/generators/secure_link/permission_generator.rb +11 -0
data/lib/generators/secure_link/templates/permission.rb +23 -0
data/lib/secure_link/authorize.rb +25 -0
data/lib/secure_link/button.rb +18 -0
data/lib/secure_link/link.rb +18 -0
data/lib/secure_link/version.rb +3 -0
data/lib/secure_link.rb +17 -0
data/secure_link.gemspec +24 -0
data/spec/secure_link/authorize_spec.rb +9 -0
data/spec/secure_link/button_spec.rb +0 -0
data/spec/secure_link/link_spec.rb +0 -0
metadata +107 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9ccb11332e893ef9744aa978aa652b6f1df2f075
+  data.tar.gz: c332ff6e31dad982d50eada5d6dadaa729829556
+SHA512:
+  metadata.gz: 9cb440713564127462e200c1c264db8d4c2f416950f9136de7284676878563d8e299ecf2f6a6991bad1d3d93ed52cd61308dd690a8a2cdbb7141d6bec93522e7
+  data.tar.gz: de10c098d0e6a158a396f1f650807579594f30c75de72792bf1405caa055c3c6bb4bee495bd0d273ae86d644a28ed14f19041dc416e1bab452b135b2d13cbe44

data/.gitignore ADDED Viewed

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile ADDED Viewed

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in secure_link.gemspec
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Nikita Singh
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,68 @@
+# SecureLink
+This gem will help in securing your links by not showing them in the web page if user is not authorized for it.
+## Installation
+Add this line to your application's Gemfile:
+```ruby
+gem 'secure_link'
+```
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install secure_link
+## Usage
+SecureLink expects a +current_user+ method to exist in the controller. First, set up some authentication (such as Authlogic[https://github.com/binarylogic/authlogic] or Devise[https://github.com/plataformatec/devise]).
+Also Add a migration to add +role+ column in your +users+ table
+## 1. Define Permissions
+Permissions are defined in an +Permission+ class. The gem includes a generator for creating this class.
+    rails g secure_link:permission
+## 2. Adding Permissions
+Once the permission file is created, add permissions in the following format -
+    [
+      ['__URL__','__ROLE__']
+    ]
+Example -
+    [
+      ['/admin', 'admin'],
+      ['/users/new', 'super admin']
+    ]
+## 3. Using Links
+Like a normal link -
+    <%= link_to "Admin Section", admin_index_path %>
+## Contributing
+1. Fork it ( https://github.com/[my-github-username]/secure_link/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+## Next steps:-
+1. Adding before filter to check the permission.
+2. Use of path and url helpers for URL generation in permission.rb file.
+3. Ability to have different column name instead of role.

data/Rakefile ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ require "bundler/gem_tasks"
2	+

data/lib/generators/secure_link/permission_generator.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module SecureLink
+  module Generators
+    class PermissionGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+      def generate_permission
+        copy_file "permission.rb", "app/controllers/permission.rb"
+      end
+    end
+  end
+end

data/lib/generators/secure_link/templates/permission.rb ADDED Viewed

@@ -0,0 +1,23 @@
+class Permission
+  #You will need to add the permission based on following format -
+  # [
+  #    ['__URL__','__ROLE__']
+  #  ]
+  # Example -
+  # [
+  #  ['/login', 'normal'],
+  #  ['/users/new', 'admin']
+  # ]
+  # TODO:-
+  #     * Allowing multiple user to be added for single url
+  #     * Use of paths or url instead of exact URL
+  #
+  def self.get_permissions
+    [
+      ['','']
+    ]
+  end
+end

data/lib/secure_link/authorize.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module SecureLink extend ActiveSupport::Concern
+  def authorized?(url, method = nil)
+    return false unless url
+    # Mailto link
+    return true if url =~ /^mailto:/
+    method ||= (params[:method] || request.method)
+    url_parts = URI::split(url.strip)
+    path = url_parts[5]
+    return true if current_user && is_authorized?(path)
+    begin
+      hash = Rails.application.routes.recognize_path(path, :method => method)
+      return is_authorized?(path_from_hash(hash)) if hash
+    rescue Exception => e
+    end
+  end
+  def is_authorized?(resource)
+    all_permissions = Permission.get_permissions
+    all_permissions.include?([resource, current_user.role])
+  end
+end

data/lib/secure_link/button.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module SecureLink
+  def button_to_secured(name, options = {}, html_options = nil)
+    url = url_for(options)
+    check_url = url
+    unless ENV["RAILS_RELATIVE_URL_ROOT"].blank?
+      check_url = check_url.gsub(ENV["RAILS_RELATIVE_URL_ROOT"], "")
+    end
+    method = html_options ? html_options[:method] : nil
+    if authorized?(check_url, method)
+      return button_to_open(name, url, html_options)
+    end
+    return ""
+  end
+end

data/lib/secure_link/link.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module SecureLink
+  def link_to_secured(name, options = {}, html_options = nil)
+    url = url_for(options)
+    check_url = url
+    unless ENV["RAILS_RELATIVE_URL_ROOT"].blank?
+      check_url = check_url.gsub(ENV["RAILS_RELATIVE_URL_ROOT"], "")
+    end
+    method = html_options ? html_options[:method] : nil
+    if authorized?(check_url, method)
+      return link_to_open(name, url, html_options)
+    end
+    return ""
+  end
+end

data/lib/secure_link/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module SecureLink
+  VERSION = "0.0.1"
+end

data/lib/secure_link.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require "secure_link/version"
+require "secure_link/link"
+require "secure_link/button"
+require "secure_link/authorize"
+module SecureLink
+end
+ActionView::Base.class_eval {
+  include SecureLink
+  alias_method :link_to, :link_to_secured
+  alias_method :button_to, :button_to_secured
+}

data/secure_link.gemspec ADDED Viewed

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'secure_link/version'
+Gem::Specification.new do |spec|
+  spec.name          = "secure_link"
+  spec.version       = SecureLink::VERSION
+  spec.authors       = ["Nikita Singh"]
+  spec.email         = ["nikitaa_singh@yahoo.co.in"]
+  spec.summary       = "This gem helps you authorize your Rails link with the help of cancan and devise"
+  spec.description   = "This gem helps you authorize your Rails link with the help of cancan and devise"
+  spec.homepage      = ""
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency 'rspec-rails'
+end

data/spec/secure_link/authorize_spec.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# require 'rails_helper'
+describe Authorize do
+  describe "authorized?" do
+    it "should return false" do
+      expect(authorized?).to be_falsey
+    end
+  end
+end

data/spec/secure_link/button_spec.rb ADDED Viewed

File without changes

data/spec/secure_link/link_spec.rb ADDED Viewed

File without changes

metadata ADDED Viewed

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: secure_link
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Nikita Singh
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2015-07-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem helps you authorize your Rails link with the help of cancan
+  and devise
+email:
+- nikitaa_singh@yahoo.co.in
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/generators/secure_link/permission_generator.rb
+- lib/generators/secure_link/templates/permission.rb
+- lib/secure_link.rb
+- lib/secure_link/authorize.rb
+- lib/secure_link/button.rb
+- lib/secure_link/link.rb
+- lib/secure_link/version.rb
+- secure_link.gemspec
+- spec/secure_link/authorize_spec.rb
+- spec/secure_link/button_spec.rb
+- spec/secure_link/link_spec.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.0.14
+signing_key:
+specification_version: 4
+summary: This gem helps you authorize your Rails link with the help of cancan and
+  devise
+test_files:
+- spec/secure_link/authorize_spec.rb
+- spec/secure_link/button_spec.rb
+- spec/secure_link/link_spec.rb

secure_link 0.0.1