sinatra-bouncer 1.1.1 → 1.1.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 8c2cecc7324f61545be2136b73b66a0e3965ac64
+  data.tar.gz: e83e24a0f44fedf13b0caab14378007f80a16d8a
+SHA512:
+  metadata.gz: 2a9cf4365f81e73630bc845767d29bad3ed3e08f1c033c961eb28d5f52e10235b1611a1634626ffc1e581a833504ddd4987678677e157d28a1b110931aa756b5
+  data.tar.gz: 7eb46c0a4567a20d9c20952bb6da6eba78fb18fd45637b444c64c1a2e5cf61866b835b1e5952be7ddd08d4e9424db266b598715121c03767456205924ac71224

data/README.md

@@ -1,25 +1,23 @@
-#Sinatra::Bouncer
-Simple authorization permissions extension for Sinatra. 
-
-## Installation
-
-**Prerequisites**
-
-Bouncer requires [Sinatra](http://www.sinatrarb.com/), and [ruby 1.9.3](https://www.ruby-lang.org/en/documentation/installation/).  
+#Sinatra-Bouncer
+Simple authorization permissions extension for [Sinatra](http://www.sinatrarb.com/). Require the gem, then declare which routes are permitted based on your own logic. 
 
 **Gemfile**
 ```ruby
 gem 'sinatra-bouncer'
 ```
 
-**Command Line**
+**Terminal**
 ```sh
 gem install sinatra-bouncer
 ```
 
-##Usage
+##Quickstart
 ###Step 1: Require/Register Bouncer
 
+After registration, Bouncer will reject any request that either:
+* has no rule associated with it, or
+* has no associated rule that returns `true`
+
 **Sinatra Classic**
 ```ruby
 require 'sinatra'
@@ -40,24 +38,19 @@ class MyApp < Sinatra::Base
 end
 ```
 
-After registration, Bouncer will reject any request that either:
-* has no rule associated with it, or
-* has no associated rule that returns `true`
-
 ###Step 2: Declare Bouncer Rules
-Call `rules` with a block that uses `can` and `can_sometimes` to declare which paths legal. 
-The rules block is run in the context of the request, which means you will have access to sinatra helpers, 
+Call `rules` with a block that uses `can` and `can_sometimes` to declare which paths are legalduring this request.  The rules block is run in the context of the request, which means you will have access to sinatra helpers, 
 the `request` object, and `params`.
 
-**Example**
 ```ruby
 require 'sinatra'
 require 'sinatra/bouncer'
 
 rules do
+  # example: allow any GET request
   can(:get, :all)
   
-  # logged in users can edit their account
+  # example: logged in users can edit their account
   if(current_user)
     can(:post, '/user_edits_account')
   end
@@ -66,8 +59,9 @@ end
 # ... route declarations as normal below
 ```
 
+## API
 #### can
-Any route declared with #can will be accepted this request without further challenge. 
+Any route declared with #can will be accepted without further challenge. 
 
 ```ruby
 rules do
@@ -80,7 +74,6 @@ end
 `can_sometimes` takes a block that will be run once the path is attempted. This block **must return an explicit boolean** 
 (ie. `true` or `false`) to avoid any accidental truthy values creating unwanted access.
 
-**Example**
 ```ruby
 rules do
     can_sometimes('/login') # Anyone can access this path
@@ -92,7 +85,6 @@ Passing `can` or `can_sometimes`:
  * `:any` to the first parameter will match any HTTP method. 
  * `:all` to the second parameter will match any path. 
 
-**Examples**
 ```ruby
 # this allows get on all paths
 can(:get, :all)
@@ -101,12 +93,16 @@ can(:get, :all)
 can(:any, '/login')
 ```
 
-###Bounce Customization
-The default bounce action is to `halt 401`. Call `bounce_with` with a block that takes the sinatra application to change that behaviour. 
+### Custom Bounce Behaviour
+The default bounce action is to `halt 403`. Call `bounce_with` with a block to specify your own behaviour. The block is also run in a sinatra request context, so you can use helpers here as well. 
 
-**Example**
 ```ruby
-bounce_with do |application|
-  application.redirect '/login'
+require 'sinatra'
+require 'sinatra/bouncer'
+
+bounce_with do 
+  redirect '/login'
 end
+
+# bouncer rules, routes, etc...
 ```

data/lib/sinatra/basic_bouncer.rb

@@ -0,0 +1,69 @@
+require_relative 'rule'
+
+module Sinatra
+   module Bouncer
+      class BasicBouncer
+         attr_accessor :bounce_with
+         attr_accessor :rules_initializer
+
+         def initialize
+            # @rules = Hash.new do |method_to_paths, method|
+            #    method_to_paths[method] = Hash.new do |path_to_rules, path|
+            #       path_to_rules[path] = []
+            #    end
+            # end
+
+            @ruleset           = Hash.new do
+               []
+            end
+            @rules_initializer = Proc.new {}
+         end
+
+         def reset!
+            @ruleset.clear
+         end
+
+         def can(method, *paths)
+            if block_given?
+               raise BouncerError.new('You cannot provide a block to #can. If you wish to conditionally allow, use #can_sometimes instead.')
+            end
+
+            can_sometimes(method, *paths) do
+               true
+            end
+         end
+
+         def can_sometimes(method, *paths, &block)
+            unless block_given?
+               raise BouncerError.new('You must provide a block to #can_sometimes. If you wish to always allow, use #can instead.')
+            end
+
+            paths.each do |path|
+               @ruleset[method] += [Rule.new(path, &block)]
+            end
+         end
+
+         def can?(method, path)
+            rules = (@ruleset[:any_method] + @ruleset[method]).select { |rule| rule.match_path?(path) }
+
+            rules.any? do |rule_block|
+               ruling = rule_block.rule_passes?
+
+               ruling
+            end
+         end
+
+         def bounce(instance)
+            if bounce_with
+               instance.instance_exec &bounce_with
+            else
+               instance.halt 403
+            end
+         end
+      end
+
+      class BouncerError < StandardError
+
+      end
+   end
+end

data/lib/sinatra/bouncer.rb

@@ -21,122 +21,55 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #++
 
+require_relative 'basic_bouncer'
+
 module Sinatra
-  module Bouncer
-    def self.registered(base_class)
-      base_class.helpers HelperMethods
+   module Bouncer
+      def self.registered(base_class)
+         base_class.helpers HelperMethods
 
-      bouncer = BasicBouncer.new
+         bouncer = BasicBouncer.new
 
-      # TODO: can we instead store it somehow on the actual temp request object?
-      base_class.set :bouncer, bouncer
+         # TODO: can we instead store it somehow on the actual temp request object?
+         base_class.set :bouncer, bouncer
 
-      base_class.before do
-        bouncer.reset! # must clear all rules otherwise will leave doors open
+         base_class.before do
+            bouncer.reset! # must clear all rules otherwise will leave doors open
 
-        self.instance_exec &bouncer.rules_initializer
+            self.instance_exec &bouncer.rules_initializer
 
-        http_method = request.request_method.downcase.to_sym
-        path = request.path.downcase
+            http_method = request.request_method.downcase.to_sym
+            path        = request.path.downcase
 
-        unless bouncer.can?(http_method, path)
-          bouncer.bounce(self)
-        end
+            unless bouncer.can?(http_method, path)
+               bouncer.bounce(self)
+            end
+         end
       end
-    end
-
-    # Start ExtensionMethods
-    def bounce_with(&block)
-      bouncer.bounce_with = block
-    end
-
-    def rules(&block)
-      bouncer.rules_initializer = block
-    end
 
-    # End ExtensionMethods
-
-    module HelperMethods
-      def can(*args)
-        settings.bouncer.can(*args)
+      # Start ExtensionMethods
+      def bounce_with(&block)
+         bouncer.bounce_with = block
       end
 
-      def can_sometimes(*args, &block)
-        settings.bouncer.can_sometimes(*args, &block)
+      def rules(&block)
+         bouncer.rules_initializer = block
       end
-    end
-
-    # Data class
-    class BasicBouncer
-      attr_accessor :bounce_with
-      attr_accessor :rules_initializer
 
-      def initialize
-        @rules = Hash.new do |method_to_paths, method|
-          method_to_paths[method] = Hash.new do |path_to_rules, path|
-            path_to_rules[path] = []
-          end
-        end
+      # End ExtensionMethods
 
-        @rules_initializer = Proc.new {}
-      end
+      module HelperMethods
+         def can(*args)
+            settings.bouncer.can(*args)
+         end
 
-      def reset!
-        @rules.clear
+         def can_sometimes(*args, &block)
+            settings.bouncer.can_sometimes(*args, &block)
+         end
       end
+   end
 
-      def can(method, *paths)
-        if block_given?
-          raise BouncerError.new('You cannot provide a block to #can. If you wish to conditionally allow, use #can_sometimes instead.')
-        end
-
-        can_sometimes(method, *paths) do
-          true
-        end
-      end
-
-      def can_sometimes(method, *paths, &block)
-        unless block_given?
-          raise BouncerError.new('You must provide a block to #can_sometimes. If you wish to always allow, use #can instead.')
-        end
-
-        paths.each do |path|
-          @rules[method][path] << block
-        end
-      end
-
-      def can?(method, path)
-        rules = @rules[:any_method][path] + @rules[method][:all] + @rules[method][path] #@rules[:all] + @rules[method]
-
-        rules.any? do |rule_block|
-          ruling = rule_block.call #(app)
-
-          if ruling != true && ruling != false
-            source = rule_block.source_location.join(':')
-            raise BouncerError.new("Rule block at does not return explicit true/false.\n\n"+
-                                       "Rules must return explicit true or false to prevent accidental truthy values.\n\n"+
-                                       "Source: #{source}\n")
-          end
-
-          ruling
-        end
-      end
-
-      def bounce(instance)
-        if bounce_with
-          instance.instance_exec &bounce_with
-        else
-          instance.halt 403
-        end
-      end
-    end
-
-    class BouncerError < StandardError
-
-    end
-  end
-
-  if defined? register
-    register Bouncer
-  end
+   if defined? register
+      register Bouncer
+   end
 end

data/lib/sinatra/rule.rb

@@ -0,0 +1,48 @@
+module Sinatra
+   module Bouncer
+      class Rule
+         def initialize(path, &ruleblock)
+            if path == :all
+               @path = :all
+            else
+               path = '/' + path unless path.start_with?('/')
+
+               @path = path.split('/')
+            end
+
+            @rule = ruleblock
+         end
+
+         def match_path?(path)
+            return true if @path == :all
+
+            path = '/' + path unless path.start_with?('/')
+
+            split_path = path.split('/')
+            matches    = @path.length == split_path.length
+
+            @path.each_index do |i|
+               allowed_segment = @path[i]
+               given_segment   = split_path[i]
+
+               matches &= given_segment == allowed_segment || allowed_segment == '*'
+            end
+
+            matches
+         end
+
+         def rule_passes?
+            ruling = @rule.call
+
+            unless ruling.is_a?(TrueClass)|| ruling.is_a?(FalseClass)
+               source = @rule.source_location.join(':')
+               raise BouncerError.new("Rule block at does not return explicit true/false.\n\n"+
+                                            "Rules must return explicit true or false to prevent accidental truthy values.\n\n"+
+                                            "Source: #{source}\n")
+            end
+
+            ruling
+         end
+      end
+   end
+end

metadata

@@ -1,8 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sinatra-bouncer
 version: !ruby/object:Gem::Version
-  version: 1.1.1
-  prerelease: 
+  version: 1.1.2
 platform: ruby
 authors:
 - Tenjin
@@ -10,118 +9,104 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-06-01 00:00:00.000000000 Z
+date: 2016-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sinatra
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.14.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 2.14.1
 - !ruby/object:Gem::Dependency
   name: cucumber
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.19
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.3.19
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: launchy
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: parallel_tests
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Bouncer brings simple authorization to Sinatra.
@@ -133,29 +118,30 @@ files:
 - Gemfile
 - MIT-LICENSE
 - README.md
+- lib/sinatra/basic_bouncer.rb
 - lib/sinatra/bouncer.rb
+- lib/sinatra/rule.rb
 homepage: http://www.tenjin.ca
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 2.4.8
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: Sinatra permissions plugin
 test_files: []