simple_acl 1.0.0

data/README.md

@@ -0,0 +1,95 @@
+# SimpleAcl
+
+[![Build Status](https://travis-ci.org/ifeelgoods/simple_acl.png?branch=master)](https://travis-ci.org/ifeelgoods/simple_acl)
+
+This gem eases the implementation of ACL in Ruby (especially Rails).
+
+All access are refused is only rule by default.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'simple_acl'
+
+And then execute:
+
+    $ bundle install
+
+## Usage
+
+You need to include the main module:
+
+`include SimpleAcl`
+
+SimpleAcl need 3 variables:
+- the action : by default use `params[:action]` if available, nil otherwise
+- the role : by default use method `current_role` if available, nil otherwise
+- optional values for custom assertion : by default use `params` if available, nil otherwise
+
+You can manually define these by using following methods in the controller:
+`acl_current_role=` `acl_action=` `acl_values=`
+
+Use the following before_filter to check ACL before the
+execution of the code in the action.
+
+```ruby
+  before_filter :do_acl
+```
+
+## Configuration
+
+To configure the ability of a role you can use:
+
+`acl_user, acl_admin, acl_guest`
+
+or the basic method `acl_role` with which you need to specify the role.
+
+The key `privileges` must be a hash of assertions.
+The key `inherit` must be the symbol of previous defined role.
+
+Example:
+
+```ruby
+  acl_user privileges: {
+      index: true,
+      show: true,
+      show_from_adserver_affiliate_id: true
+  }
+
+  acl_admin inherit: :user
+```
+
+```ruby
+    acl_role(:guest, show: true)
+```
+
+If the role trying to access to the resource is not allowed a ExceptionUnauthorized
+exception will be raised.
+Catch it to render/do whatever you want in this case:
+
+```ruby
+rescue_from ExceptionUnauthorized do
+  # render 403
+end
+```
+
+In an initializers, you can specify the role you want to use.
+(defaults are :admin, :user, :guest)
+
+```
+SimpleAcl::Configuration.authorized_roles = [:admin, :user]
+
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+Inspired from `racl-rails` and `racl`.
+https://github.com/ifeelgoods/racl/
+https://github.com/ifeelgoods/racl-rails/

data/lib/simple_acl.rb

@@ -0,0 +1,76 @@
+require 'simple_acl/acl'
+require 'simple_acl/exceptions'
+
+module SimpleAcl
+  def self.included(base)
+    base.extend ClassMethods
+  end
+
+  module ClassMethods
+
+    def acl
+      @acl ||= Acl.new
+    end
+
+    def acl_user(privileges)
+      role_acl(:user, privileges)
+    end
+
+    def acl_admin(privileges)
+      role_acl(:admin, privileges)
+    end
+
+    def acl_guest(privileges)
+      role_acl(:guest, privileges)
+    end
+
+    def role_acl(role, privileges)
+      acl.configuration.add_role(role, privileges)
+    end
+
+    def acl_to_json
+      acl.configuration.acl_privileges.to_json
+    end
+  end
+
+  # @param values used for custom lambda assertion
+  def acl_values=(values)
+    Thread.current[:acl_values] = values
+  end
+
+  def acl_values
+    Thread.current[:acl_values] ||= defined?(params) ? params : nil
+  end
+
+  # @param current_role used for the assertion
+  def acl_current_role=(current_role)
+    Thread.current[:acl_current_role] = current_role
+  end
+
+  def acl_current_role
+    Thread.current[:acl_current_role] ||= defined?(current_role) ? current_role : nil
+  end
+
+  # @param action used for the assertion
+  def acl_action=(action)
+    Thread.current[:acl_action] = action
+  end
+
+  def acl_action
+    Thread.current[:acl_action] ||= (defined?(params) && params.is_a?(Hash)) ? params[:action] : nil
+  end
+
+  # @return True is success, raise ExceptionUnauthorized otherwise
+  def do_acl
+    return Acl.unauthorized unless self.class.acl
+
+    begin
+      self.class.acl.check_acl(acl_current_role, params[:action], acl_values)
+    ensure
+      # in case of Thread,current is not cleaned
+      Thread.current[:acl_action] = nil
+      Thread.current[:acl_current_role] = nil
+      Thread.current[:acl_values] = nil
+    end
+  end
+end

data/lib/simple_acl/acl.rb

@@ -0,0 +1,46 @@
+require 'simple_acl/configuration'
+
+module SimpleAcl
+  class Acl
+
+    attr_reader :configuration
+
+    def initialize
+      @configuration = Configuration.new
+    end
+
+    def check_acl(current_role, action, values)
+
+      return self.class.unauthorized unless configuration && current_role
+
+      role_privileges = configuration.acl_privileges[current_role.to_sym]
+
+      return self.class.unauthorized unless role_privileges
+
+      assertion = role_privileges[action.to_sym]
+
+      self.class.assert(assertion, current_role, values)
+    end
+
+    def self.assert(assertion, current_role, values)
+
+      return authorized if assertion.class == TrueClass
+
+      if assertion.class == Proc && assertion.lambda?
+        assertion_result = assertion.call(current_role, values)
+        return assert(assertion_result, current_role, values)
+      end
+
+      unauthorized
+    end
+
+    def self.unauthorized
+      raise ExceptionUnauthorized
+    end
+
+    def self.authorized
+      true
+    end
+
+  end
+end

data/lib/simple_acl/configuration.rb

@@ -0,0 +1,58 @@
+module SimpleAcl
+  class Configuration
+
+    class << self
+      attr_writer :authorized_roles
+
+      def authorized_roles
+        @authorized_roles ||= [:admin, :user, :guest]
+      end
+    end
+
+    attr_reader :acl_privileges
+
+    def initialize
+      @acl_privileges = {}
+    end
+
+    def add_role(role, privileges)
+      raise ExceptionConfiguration, ExceptionConfiguration, "Unauthorized role #{role}" unless self.class.authorized_roles.include?(role)
+      privileges.keys.each do |configuration_key|
+        raise ExceptionConfiguration, "Unknow configuration key #{configuration_key}" unless [:privileges, :inherit].include?(configuration_key)
+      end
+      raise ExceptionConfiguration, 'Inherit specified is not defined previously' if privileges[:inherit] && !@acl_privileges[privileges[:inherit]]
+
+      @acl_privileges[role] = (@acl_privileges[privileges[:inherit]] || {}).merge(privileges[:privileges] || {})
+
+      check_set_up(@acl_privileges[role])
+
+      deep_freeze!(@acl_privileges[role])
+    end
+
+    private
+
+    # check of the set up
+    def check_set_up(privileges)
+      privileges.keys.each{|action| check_assertion(privileges[action]) }
+    end
+
+    def check_assertion(assertion)
+      return if assertion.class == Proc && assertion.lambda?
+      raise ExceptionConfiguration, "Not usable assertion type : #{assertion.class}" unless [TrueClass, FalseClass].include?(assertion.class)
+    end
+
+    # do a recursive freeze on Array and Hash
+    def deep_freeze!(option)
+      option.freeze
+
+      case option.class
+        when Hash
+          option.each{|k, v| deep_freeze(option[k]) }
+        when Array
+          option.each{|v| deep_freeze(v) }
+        else
+      end
+    end
+
+  end
+end

data/lib/simple_acl/exceptions.rb

@@ -0,0 +1,6 @@
+module SimpleAcl
+  class ExceptionUnauthorized < Exception
+  end
+  class ExceptionConfiguration < Exception
+  end
+end

data/lib/simple_acl/version.rb

@@ -0,0 +1,3 @@
+module SimpleAcl
+  VERSION = '1.0.0'
+end

metadata

@@ -0,0 +1,67 @@
+--- !ruby/object:Gem::Specification
+name: simple_acl
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+  prerelease: 
+platform: ruby
+authors:
+- mtparet
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-10-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+description: Simple Gem to use ACL in ruby (and especially in Rails) based on a role
+  given. Great use with Devise.
+email: tech@ifeelgoods.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/simple_acl/acl.rb
+- lib/simple_acl/version.rb
+- lib/simple_acl/configuration.rb
+- lib/simple_acl/exceptions.rb
+- lib/simple_acl.rb
+homepage: https://github.com/ifeelgoods/simple_acl
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Simple Gem to implement ACL in Rails based on a role given.
+test_files: []