sinatra-bouncer 0.9 → 1.0.1

data/README.md

@@ -1,24 +1,78 @@
-#Bouncer
-Simple authorization permissions plug for Sinatra. 
-
-## Prerequisites
-Bouncer requires [Sinatra](http://www.sinatrarb.com/), and [ruby 1.9.3](https://www.ruby-lang.org/en/documentation/installation/).  
+#Sinatra::Bouncer
+Simple authorization permissions extension for Sinatra. 
 
 ## Installation
 
-###Gemfile
-```
+**Prerequisites**
+
+Bouncer requires [Sinatra](http://www.sinatrarb.com/), and [ruby 1.9.3](https://www.ruby-lang.org/en/documentation/installation/).  
+
+**Gemfile**
+```ruby
 gem 'sinatra-bouncer'
 ```
 
-### Command Line
-```
+**Command Line**
+```sh
 gem install sinatra-bouncer
 ```
 
 ##Usage
+###Step 1: Require/Register Bouncer
+
+**Sinatra Classic**
+```ruby
+require 'sinatra'
+require 'sinatra/bouncer'
+
+# ... routes and other config
 ```
+
+**Modular**
+```ruby
+require 'sinatra/base'
 require 'sinatra/bouncer'
 
-register Sinatra::bouncer
-```
+class MyApp < Sinatra::Base
+  register Sinatra::Bouncer
+  
+  # ... routes and other config
+end
+```
+
+###Step 2: Declare Bouncer Rules
+
+#### allow
+Bouncer is stored in Sinatra's `settings` object, under `settings.bouncer`.
+
+By default, Bouncer will reject any request that either:
+* has no rule associated with it, or
+* has no associated rule that returns `true`
+
+Declare rules by calling `bouncer.allow` and providing a rule block. Rule blocks **must return an explicit boolean** (ie. `true` or `false`) to avoid any accidental truthy values creating unwanted access. 
+
+```ruby
+bouncer.allow('/user_posts_blog') do
+    # calculate and return some boolean result
+end
+```
+
+####allow(:all)
+`allow(:all)` will match any path. 
+
+```ruby
+allow(:all) do
+    # assuming a current_user helper to load the user object (like with warden)
+    current_user.admin?
+end
+```
+
+####always_allow
+`always_allow(...)` is shorthand for `allow(..) { true }`. 
+
+```ruby
+  always_allow('/login') # Anyone can access this path
+```
+
+###Customization
+The default bounce acion is to `halt 401`. Call `bounce_with` with a block to change that behaviour. 

data/lib/sinatra/bouncer.rb

@@ -0,0 +1,107 @@
+#--
+# Copyright (c) 2014 Tenjin Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+module Sinatra
+  module Bouncer
+    def self.registered(base_class)
+      base_class.extend ExtensionMethods
+
+      base_class.set :bouncer, BasicBouncer.new
+
+      base_class.before do
+        unless settings.bouncer.allows? request.path
+          settings.bouncer.bounce(self)
+        end
+      end
+    end
+
+    module ExtensionMethods
+      def bounce_with(&block)
+        bouncer.bounce_with = block
+      end
+    end
+
+    class BasicBouncer
+      attr_accessor :bounce_with
+
+      def initialize
+        @rules = Hash.new do |rules_hash, key|
+          rules_hash[key] = []
+        end
+      end
+
+      def always_allow(paths)
+        self.allow(paths) do
+          true
+        end
+      end
+
+      def allow(paths, &block)
+        unless block
+          raise Sinatra::Bouncer::BouncerError.new('You must provide a block to #allow. If you wish to always allow, either return true or use #always_allow instead')
+        end
+
+        paths = [paths] unless paths.is_a? Array
+
+        paths.each do |path|
+          @rules[path] << block
+        end
+      end
+
+      def allows?(path)
+        rules = @rules[:all] + @rules[path]
+
+        # rules = @rules[path]
+
+        rules.any? do |rule_block|
+          ruling = rule_block.call
+
+          if ruling == true || ruling == false
+            ruling
+          else
+            source = rule_block.source_location.join(':')
+            raise BouncerError.new("Rule block at does not return explicit true/false.\n\n"+
+                                       "Rules must return explicit true or false to prevent accidental truthy values.\n\n"+
+                                       "Source: #{source}\n")
+          end
+        end
+      end
+
+      def bounce(instance)
+        if bounce_with
+          bounce_with.call(instance)
+        else
+          instance.halt 401
+        end
+      end
+    end
+
+    class BouncerError < StandardError
+
+    end
+  end
+
+  if defined? register
+    register Bouncer
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sinatra-bouncer
 version: !ruby/object:Gem::Version
-  version: '0.9'
+  version: 1.0.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,8 +10,24 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-19 00:00:00.000000000 Z
+date: 2015-05-20 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -49,17 +65,17 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.19
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.3.19
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement
@@ -92,22 +108,6 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: factory_girl
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '4.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: parallel_tests
   requirement: !ruby/object:Gem::Requirement
@@ -134,9 +134,7 @@ files:
 - Gemfile
 - MIT-LICENSE
 - README.md
-- lib/bouncer.rb
-- lib/contexts/roles/.gitkeep
-- lib/models/.gitkeep
+- lib/sinatra/bouncer.rb
 homepage: http://www.tenjin.ca
 licenses: []
 post_install_message: 

data/lib/bouncer.rb

@@ -1,37 +0,0 @@
-#--
-# Copyright (c) 2014 Tenjin Inc.
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-#++
-
-require 'pathname'
-# require 'dirt/core'
-# require 'active_support'
-
-app_dir = Pathname.new(__FILE__).dirname
-
-# require ALL the files!
-Dir["#{app_dir}/**/*.rb"].reject { |f| f.include?('/faces/') || f.include?('/tests/') }.each do |file|
-  require file
-end
-
-# module Dirt
-#   PROJECT_ROOT = Pathname.new(File.dirname(__FILE__) + '/..').realpath
-# end