simon_says 0.1.6 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eb74ffaa3fbf69fbab2c3534393df41d91f8fccd
-  data.tar.gz: 8c96349d0aa76b9617b095cb17a4e91d05bd3829
+  metadata.gz: 6c3b6bd7983eb136f044c2653430143493637871
+  data.tar.gz: a66d00fe12a96f48e8865a61aaf61f145feb5007
 SHA512:
-  metadata.gz: 71da79481390650b93d0045f379206ed05a1882de58afdb603a88f7996ce717e9fd46941ece13ac926d5901411e9435731760d0d3511194f90df0bf32efe6920
-  data.tar.gz: 0c8e4ff2fcc7a0932d0a794e48fb3382c3d083d65b0cf53a326adcbaf2e2e1d23a919354b3c81682b24ce5ca229580da29460dc25f51e26b09534059dd27d6c8
+  metadata.gz: 284e3a2a74a36d1ae52aa78849a347f38071b4c5838dc43b60cdba794fd9bed021054941b44b44d28744511a3af57eb6764108ae087b7bf1d17e96b03f1f1e8a
+  data.tar.gz: dea0bc94572281d6b505ef4a3eb2ed0fb502e916483e122cf19f34444dfaf12947e374065495f2b2edd3c8a0e370b45a5454a1075c56daec896f642a02ae451e

data/README.md

@@ -4,22 +4,12 @@
 Logo](https://raw.githubusercontent.com/SimplyBuilt/SimonSays/master/SimonSays.png)
 
 This gem is a simple, declarative, role-based access control system for
-Rails that works great with devise! Take a look at the
-[docs](http://www.rubydoc.info/github/SimplyBuilt/SimonSays/) for more
-details.
+Rails that works great with devise!
 
 [![Travis Build Status](https://travis-ci.org/SimplyBuilt/SimonSays.svg)](https://travis-ci.org/SimplyBuilt/SimonSays)
 [![Gem Version](https://badge.fury.io/rb/simon_says.svg)](https://badge.fury.io/rb/simon_says)
 [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](./LICENSE)
 
-## About
-
-A ruby gem for simple, declarative, role-based access control system for
-[Rails](https://github.com/rails/rails) that works great with
-[Devise](https://github.com/plataformatec/devise)! Take a look at the
-[docs](http://www.rubydoc.info/github/SimplyBuilt/SimonSays/) for more
-details!
-
 ### Installation
 
 SimonSays can be installed via your Gemfile or using Ruby gems directly.
@@ -32,23 +22,24 @@ gem 'simon_says'
 
 SimonSays consists of two parts:
 
-1. A [Roleable](#roleable) concern provides a way to define access roles
-   on a given resource, such as User or on join through model.
-2. An [Authorizer](#authorizer) concern which provides a lightweight,
-   declarative API to controllers for finding and authorizing these
-   resources in relation to an already authenticated resource, like a
-   User or Admin.
+1. A [Roleable](#roleable) concern which provides a way to define access roles
+   on User models or on join through models.
+2. An [Authorizer](#authorizer) concern which provides a declarative API
+   to controllers for finding and authorizing model resources.
 
 #### Roleable
 
-First, we need to define some roles. Generally speaking roles will exist
-on either "User" models or on relationship models (such as a through
-model linking a User to another resource). Roles are stored as an
+First, we need to define some roles on a model. Roles are stored as an
 integer and [bitmasking](https://en.wikipedia.org/wiki/Mask_(computing))
-is used to determine authorization logic. When using `Roleable` you need
-to add a `roles_mask` column to the model.
+is used to determine the roles assigned for that model. SimonSays
+provides a generator for creating a new migration for this required
+attribute:
+
+```bash
+rails g active_record:simon_says User
+```
 
-For example:
+Now we can define some roles in our User model. For example:
 
 ```ruby
 class User < ActiveRecord::Base
@@ -87,12 +78,19 @@ end
 # => [:support]
 ```
 
+Make sure to generate a migration using the correct attribute name if
+`:as` is used. For example:
+
+```bash
+rails g active_record:simon_says Admin access
+```
+
 We can also use `has_roles` to define roles on a join through model
 which is used to associate a User with a resource.
 
 ```ruby
 
-class Membership < ActiveRecord::Base
+class Permission < ActiveRecord::Base
   include SimonSays::Roleable
 
   belongs_to :user
@@ -101,20 +99,20 @@ class Membership < ActiveRecord::Base
   has_roles :download, :edit, :delete,
 end
 
-# > Membership.new(roles: Membership::ROLES).roles
+# > Permission.new(roles: Permission::ROLES).roles
 # => [:download, :edit, :delete]
 ```
 
 It is useful to note the dynamically generated `has_` methods as shown
 in the User model as well the `ROLES` constant which is used in the
-Membership example. Take a look at the [roleable source
-code](https://github.com/SimplyBuilt/SimonSays/blob/master/lib/simon_says/roleable.rb)
-to see how features are dynamically generated when using `has_roles`.
+Permission example. Take a look at the `Roleable`
+[source code](https://github.com/SimplyBuilt/SimonSays/blob/master/lib/simon_says/roleable.rb)
+to see how features are dynamically generated with `has_roles`.
 
 #### Authorizer
 
 The `Authorizer` concern provides several methods that can be used within
-your controllers in declarative manner.
+your controllers in a declarative manner.
 
 Please note, certain assumptions are made with `Authorizer`. Building
 upon the above User and Admin model examples, `Authorizer` would assume
@@ -138,7 +136,8 @@ to be used in controllers. All of these methods accept the `:only` and
 - `authorize_resource(resource, *roles)`: Authorize resource for given
   roles
 - `find_and_authorize(resource, *roles)`: Find a resource and then try
-  authorize it for the given roles
+  authorize it for the given roles. If successful, the resource is
+  assigned to an instance variable
 
 When find resources, the `default_authorization_scope` is used. It can
 be customized on a per-controller basis. For example:
@@ -154,22 +153,23 @@ end
 To authorize resources against a given role, we use either `authorize`
 or `find_and_authorize`. For example, consider this
 `DocumentsController` which uses an authenticated `User` resource and a
-`Membership` through model:
+`Permission` through model:
 
 ```ruby
 class DocumentsController < ApplicationController
   authenticate :user
 
-  find_and_authorize :documents, :edit, through: :memberships, only: [:edit, :update]
-  find_and_authorize :documents, :delete, through: :memberships, only: :destroy
+  find_and_authorize :document, :edit, through: :permissions, only: [:edit, :update]
+  find_and_authorize :document, :delete, through: :permissions, only: :destroy
 end
 ```
 
-This controller will find Document resources and assign them to the
+This controller will find a Document resource and assign it to the
 `@document` instance variable. For the `:edit` and `:update` actions,
-it'll require membership with an `:edit` role. For the `:destroy` method, a
-memberships with the `:delete` role is required. It is possible for a
-given User to have both, one, or neither of those roles.
+it'll require a permission with an `:edit` role. For the `:destroy`
+method, a permission with the `:delete` role is required. Since the
+`:through` option is used, a `@permission` instance variable will also
+be created.
 
 The `find_resource` method may raise an `ActiveRecord::RecordNotFound`
 exception. The `authorize` method may raise a
@@ -177,7 +177,7 @@ exception. The `authorize` method may raise a
 access. As a result, the `find_and_authorize` method may raise either
 exception.
 
-We can also use a different authorization scope by via the `:from`
+We can also use a different authorization scope with the `:from`
 option for `find_resource` and `find_and_authorize`. For example:
 
 ```ruby

data/lib/generators/active_record/simon_says_generator.rb

@@ -0,0 +1,23 @@
+require 'rails/generators/active_record'
+
+module ActiveRecord
+  module Generators
+    class SimonSaysGenerator < ActiveRecord::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+
+      def copy_simon_says_migration
+        migration_template "migration.rb", "db/migrate/simon_says_add_to_#{table_name}.rb"
+      end
+
+      private
+
+      def migration_version
+        "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]" if Rails.version >= '5.0.0'
+      end
+
+      def role_attribute_name
+        args.first || 'roles'
+      end
+    end
+  end
+end

data/lib/generators/active_record/templates/migration.rb

@@ -0,0 +1,5 @@
+class SimonSaysAddTo<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def change
+    add_column :<%= table_name %>, :<%= role_attribute_name %>_mask, :integer, default: 0, null: false
+  end
+end

data/lib/simon_says/authorizer.rb

@@ -151,11 +151,6 @@ module SimonSays
         name = options[:resource]
       end
 
-      attr = Roleable.registry[name]
-
-      required ||= options[attr.to_sym]
-      required = [required] unless Array === required
-
       record = instance_variable_get("@#{name}")
 
       if record.nil? # must be devise scope
@@ -163,12 +158,16 @@ module SimonSays
         send "authenticate_#{name}!"
       end
 
-      actual = record.send(attr)
+      role_attr = record.class.role_attribute_name
+      actual = record.send(role_attr)
+
+      required ||= options[role_attr]
+      required = [required] unless Array === required
 
       # actual roles must have at least
       # one required role (array intersection)
       ((required & actual).size > 0).tap do |res|
-        raise Denied.new(attr, required, actual) unless res
+        raise Denied.new(role_attr, required, actual) unless res
       end
     end
 
@@ -187,7 +186,6 @@ module SimonSays
 
       else
         klass = (options[:class_name] || resource).to_s
-        # TODO support array of namespaces?
         klass = "#{options[:namespace]}/#{klass}" if options[:namespace]
 
         scope = klass.classify.constantize

data/lib/simon_says/roleable.rb

@@ -2,11 +2,6 @@ module SimonSays
   module Roleable
     extend ActiveSupport::Concern
 
-    def self.registry # :nodoc:
-      # "global" registry we'll use when authorizing
-      @registry ||= {}
-    end
-
     module ClassMethods
       # Provides a declarative method to introduce role based
       # access controller through a give integer mask.
@@ -65,8 +60,6 @@ module SimonSays
         singular = name.singularize
         const = name.upcase
 
-        Roleable.registry[model_name.to_s.downcase.to_sym] ||= name
-
         roles.map!(&:to_sym)
 
         class_eval <<-RUBY_EVAL, __FILE__, __LINE__
@@ -88,6 +81,10 @@ module SimonSays
           def has_#{name}?(*args)
             (#{name} & args).size > 0
           end
+
+          def self.role_attribute_name
+            :#{name}
+          end
         RUBY_EVAL
 
         if name != singular

data/lib/simon_says/version.rb

@@ -1,3 +1,3 @@
 module SimonSays
-  VERSION = '0.1.6'
+  VERSION = '0.2.0'
 end

data/simon_says.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.9"
   spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rails", ">= 4.0", "< 5.1"
+  spec.add_development_dependency "rails", ">= 4.0", "< 5.2"
   spec.add_development_dependency "responders", "~> 2.0"
   spec.add_development_dependency "mocha", "~> 1.1"
 end

data/test/rails_app/app/controllers/documents_controller.rb

@@ -9,13 +9,13 @@ class DocumentsController < ApplicationController
   find_and_authorize :document, :download, through: :memberships, only: :send_file
 
   def index
-    @documents = Document.all
+    @documents = current_user.documents
 
     respond_with @documents
   end
 
   def create
-    @document = Document.create(document_params)
+    @document = current_user.documents.create(document_params)
 
     respond_with @document
   end

data/test/rails_app/db/schema.rb

@@ -13,35 +13,35 @@
 ActiveRecord::Schema.define(version: 20160823220959) do
 
   create_table "admin_reports", force: :cascade do |t|
-    t.string   "title"
+    t.string "title"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
   end
 
   create_table "admins", force: :cascade do |t|
-    t.integer  "access_mask"
-    t.datetime "created_at",  null: false
-    t.datetime "updated_at",  null: false
+    t.integer "access_mask"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
   end
 
   create_table "documents", force: :cascade do |t|
-    t.string   "title"
+    t.string "title"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
   end
 
   create_table "images", force: :cascade do |t|
-    t.string   "token"
+    t.string "token"
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
   end
 
   create_table "memberships", force: :cascade do |t|
-    t.integer  "user_id"
-    t.integer  "document_id"
-    t.integer  "roles_mask",  default: 0
-    t.datetime "created_at",              null: false
-    t.datetime "updated_at",              null: false
+    t.integer "user_id"
+    t.integer "document_id"
+    t.integer "roles_mask", default: 0
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
     t.index ["document_id"], name: "index_memberships_on_document_id"
     t.index ["user_id"], name: "index_memberships_on_user_id"
   end

data/test/simon_says/roleable_test.rb

@@ -144,11 +144,11 @@ class RoleableTest < ActiveSupport::TestCase
     ]
   end
 
-  test "Membership is added to registry" do
-    assert_includes SimonSays::Roleable.registry, :membership
+  test "Membership defines role_attribute_name" do
+    assert_equal :roles, Membership.role_attribute_name
   end
 
-  test "Admin is added to registry" do
-    assert_includes SimonSays::Roleable.registry, :admin
+  test "Admin defines role_attribute_name" do
+    assert_equal :access, Admin.role_attribute_name
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simon_says
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.2.0
 platform: ruby
 authors:
 - Michael Coyne
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-09-18 00:00:00.000000000 Z
+date: 2017-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -63,7 +63,7 @@ dependencies:
         version: '4.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '5.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -73,7 +73,7 @@ dependencies:
         version: '4.0'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '5.1'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: responders
   requirement: !ruby/object:Gem::Requirement
@@ -120,6 +120,8 @@ files:
 - README.md
 - Rakefile
 - SimonSays.png
+- lib/generators/active_record/simon_says_generator.rb
+- lib/generators/active_record/templates/migration.rb
 - lib/simon_says.rb
 - lib/simon_says/authorizer.rb
 - lib/simon_says/roleable.rb
@@ -234,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.12
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: Light-weight, declarative authorization and access control for Rails