sinatra-authorize 0.0.1 → 0.0.2

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    sinatra-authorize (0.0.0)
+    sinatra-authorize (0.0.1)
       sinatra (>= 1.2)
 
 GEM

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Ole Petter Bang <olepbang@gmail.com>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/{readme.md → README.md}

@@ -68,7 +68,7 @@ routes:
     end
 
     # Only run for authorized user requests, because of override rule 
-    get '/content/:id' :allow => :user do
+    get '/content/:id', :allow => :user do
     end
 
     # Only run for authorized admin requests, because of override rule 
@@ -84,25 +84,5 @@ is evaluated using the default `:allow` rule, whereas the `/content/:id` and
 
 ### License 
 
-(The MIT License)
-
-Copyright (c) 2011 Ole Petter Bang <olepbang@gmail.com>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+sinatra-authorize is licensed under the MIT license. See LICENCE for further 
+details.

data/history.md

@@ -0,0 +1,10 @@
+### 0.0.2
+
+ * Setting `authorize` block is mandatory.
+ * Rules are evaluated in order of precedence.
+ * Access is determined by first determinate evaluation result,
+   or by default rule verb.
+
+### 0.0.1
+
+Initial version.

data/lib/sinatra-authorize/version.rb

@@ -1,5 +1,5 @@
 module Sinatra
   module Authorize
-    VERSION = "0.0.1"
+    VERSION = "0.0.2"
   end
 end

data/lib/sinatra/authorize.rb

@@ -2,29 +2,31 @@ require 'sinatra/base'
 
 module Sinatra
   module Authorize
-    class Condition < Proc; end
+    class Condition < Proc
+      attr_reader :rule
+      def initialize(rule, &block)
+        @rule = rule
+        super(&block)
+      end
+    end
 
     def authorize(opts = {}, &block)
       opts = {opts => []} if opts.is_a?(Symbol)
 
       if opts[:deny]
         args = *(opts[:deny])
-        set(:authorize_default, Proc.new {
-          authorize_condition(:deny, args)
-        })
+        set :authorize_default, Proc.new { authorize_condition(:deny, args) }
       else
         args = *(opts[:allow] || [])
-        set(:authorize_default, Proc.new {
-          authorize_condition(:allow, args)
-        })
+        set :authorize_default, Proc.new { authorize_condition(:allow, args) }
       end
 
       if block_given?
-        define_method(:authorize_do_block, block)
-        authorize_do = instance_method(:authorize_do_block)
-        remove_method(:authorize_do_block)
+        define_method(:authorize_block, block)
+        authorize_block = instance_method(:authorize_block)
+        remove_method(:authorize_block)
 
-        set :authorize_do, Proc.new { authorize_do }
+        set :authorize_block, Proc.new { authorize_block }
       end
     end
 
@@ -37,15 +39,13 @@ module Sinatra
     end
 
     def authorize_condition(rule, args)
-      Condition.new { settings.authorize_do.bind(self).call(rule, args) }
+      Condition.new rule do
+        settings.authorize_block.bind(self).call(rule, args) 
+      end
     end
 
     class << self
       def registered(app)
-        app.authorize do |rule, args|
-          raise "No authorize block is specified."
-        end
-
         app.class_eval do
           alias :old_process_route :process_route
 
@@ -63,10 +63,16 @@ module Sinatra
           end
 
           def authorize_route(conditions)
-            conditions = conditions.dup
-            conditions.unshift(settings.authorize_default)
-            conditions = conditions.collect { |cond| instance_eval(&cond) }
-            conditions.select { |allow| allow == true || allow == false }.last
+            unless settings.respond_to? :authorize_block
+              raise "No authorize block is defined."
+            end
+
+            [settings.authorize_default, *conditions].reverse.each do |cond|
+              value = instance_eval(&cond)
+              return value if value == true || value == false
+            end
+
+            settings.authorize_default.rule == :allow
           end
         end
       end

data/spec/sinatra/authorize_spec.rb

@@ -1,148 +1,90 @@
 require File.join(File.dirname(__FILE__), '..', 'spec_helper')
 
-shared_examples_for "when no default authorization is set" do
-  it 'should allow route with allow all rule' do
-    app.get('/', :allow => :all) {}
-    get '/'
-    last_response.status.should == 200
-  end
-
-  it 'should allow route with deny none rule' do
-    app.get('/', :deny => :none) {}
-    get '/'
-    last_response.status.should == 200
-  end
-
-  it 'should deny route with deny all rule' do
-    app.get('/', :deny => :all) {}
-    get '/'
-    last_response.status.should == 403
-  end
-
-  it 'should deny route with allow none rule' do
-    app.get('/', :allow => :none) {}
-    get '/'
-    last_response.status.should == 403
-  end
+def set_and_get(route = '/', rules = {})
+  app.get(route, rules) {}
+  get route
 end
 
 describe Sinatra::Authorize do
-  
-  before :all do
-    app.authorize  do |rule, args|
-      allow_default = lambda do |args|
-        if args == [] || args == [:all]
-          true
-        elsif args == [:none]
-          false
-        else
-          raise "Unknown authorization rule argument: #{args}."
-        end
-      end
-
-      if rule == :allow
-        allow_default.call(args)
-      elsif rule == :deny
-        !allow_default.call(args)
-      else
-        raise "Unknown authorization rule: #{rule}."
-      end
-    end
-  end
-
-  before do
+  before :each do
     app.reset!
+    if app.respond_to? :authorize_default
+      class << app; undef_method(:authorize_default); end
+    end
+    if app.respond_to? :authorize_block
+      class << app; undef_method(:authorize_block); end
+    end
   end
 
-  it 'should allow routes by default' do
-    app.get('/') {}
-    get '/'
-    last_response.status.should == 200
-  end  
-
-  it_behaves_like "when no default authorization is set"
-
-  context "#authorize :allow" do
-    before do
-      app.authorize :allow
+  context 'defining route' do
+    it 'should be possible to set allow rule' do
+      app.get '/', :allow => :all do end
     end
 
-    it 'should allow routes by default' do
-      app.get('/') {}
-      get '/'
-      last_response.status.should == 200
+    it 'should be possible to set deny rule' do
+      app.get '/', :deny => :all do end
     end
+  end
 
-    it_behaves_like "when no default authorization is set"
-
-    context ' => :all' do
-      before do
-        app.authorize :allow => :all
-      end
-
-      it 'should allow routes by default' do
-        app.get('/') {}
-        get '/'
-        last_response.status.should == 200
-      end
-
-      it_behaves_like "when no default authorization is set"
+  context 'defining authorize block' do
+    it 'should be possible to define' do
+      app.authorize do |rule, args| end
     end
 
-    context ' => :none' do
-      before do
-        app.authorize :allow => :none
-      end
-
-      it 'should deny routes by default' do
-        app.get('/') {}
-        get '/'
-        last_response.status.should == 403
-      end
+    it 'should be possible to set default rule' do
+      app.authorize :allow => :all do |rule, args| end
+    end
 
-      it_behaves_like "when no default authorization is set"
+    it 'should use default rule :allow => [] when no rule is set' do
+      app.authorize do |rule, args| end
+      block = mock('authorize_block')
+      block.should_receive(:call).with(:allow, [])
+      app.authorize_block.should_receive(:bind).and_return(block)
+      set_and_get
     end
   end
 
-  context '#authorize :deny' do
-    before do
-      app.authorize :deny
+  context 'authorize block not defined' do
+    it 'should raise exception when default rule is set' do
+      app.authorize :allow => :all
+      expect { set_and_get }.to raise_error(
+        RuntimeError, 'No authorize block is defined.')
     end
 
-    it 'should deny routes by default' do
-      app.get('/') {}
-      get '/'
-      last_response.status.should == 403
+    it 'should raise exception when route rule is set' do
+      expect { set_and_get '/', :allow => :all }.to raise_error(
+        RuntimeError, 'No authorize block is defined.')
     end
+  end
 
-    it_behaves_like "when no default authorization is set"
-
-    context ' => :all' do
-      before do
-        app.authorize :deny => :all
-      end
-
-      it 'should deny routes by default' do
-        app.get('/') {}
-        get '/'
-        last_response.status.should == 403
-      end
-
-      it_behaves_like "when no default authorization is set"
+  context 'no determinate rule evaluation for route' do
+    it 'should allow access when default rule is allow rule' do
+      app.authorize :allow => :all do |rule, args| nil end
+      set_and_get.status.should == 200
     end
 
-    context ' => :none' do
-      before do
-        app.authorize :deny => :none
-      end
+    it 'should deny access when default rule is deny rule' do
+      app.authorize :deny => :all do |rule, args| nil end
+      set_and_get.status.should == 403
+    end
+  end
 
-      it 'should allow routes by default' do
-        app.get('/') {}
-        get '/'
-        last_response.status.should == 200
-      end
+  context 'multiple rules defined' do
+    it 'should evaluate rules in order of precedence' do
+      app.authorize :allow => :all do |rule, args| end
+      block = mock('authorize_block')
+      block.should_receive(:call).with(:deny, [:all]).ordered
+      block.should_receive(:call).with(:allow, [:all]).ordered
+      app.authorize_block.should_receive(:bind).twice.and_return(block)
+      set_and_get '/', :deny => :all
+    end
 
-      it_behaves_like "when no default authorization is set"
+    it 'should use first determinate evaluation result' do
+      app.authorize :allow => :all do |rule, args| end
+      block = mock('authorize_block')
+      block.should_receive(:call).with(:deny, [:all]).and_return(false)
+      app.authorize_block.should_receive(:bind).and_return(block)
+      set_and_get '/', :deny => :all
     end
   end
 end

data/spec/spec_helper.rb

@@ -11,6 +11,10 @@ module SpecHelper
   def app
     @app ||= Sinatra::Application
   end
+
+  def reset!
+    @app = nil
+  end
 end
 
 RSpec.configure do |config|

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 0
-  - 1
-  version: 0.0.1
+  - 2
+  version: 0.0.2
 platform: ruby
 authors: 
 - Ole Petter Bang
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-04-16 00:00:00 +02:00
+date: 2011-05-21 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -105,10 +105,12 @@ files:
 - .rspec
 - Gemfile
 - Gemfile.lock
+- LICENSE
+- README.md
 - Rakefile
+- history.md
 - lib/sinatra-authorize/version.rb
 - lib/sinatra/authorize.rb
-- readme.md
 - sinatra-authorize.gemspec
 - spec/sinatra/authorize_spec.rb
 - spec/spec_helper.rb