slack_ruby_bot_authorization 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: cda3bcf95b6ed548330977fcd75d1f0700c3345f
+  data.tar.gz: ef911e017f94f8ea0cd4de2317def95ed1831418
+SHA512:
+  metadata.gz: 992d41ff6a2f4fe8629262989e2a991b2fbe68018d057b31de543622d58700774f327f0abe2984549a3a1c78a587732a0aab377fb43cbce87c58f485aa5f2049
+  data.tar.gz: 5bffc40043108f6e21dfab9ad0664c2dc55525cbcfe6b55d8912cbb5bff193dbdf546021b951fec2e6336ac4e7b20c52a2d7b943e4f8141ee547da28b30cceb3

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Stax Logistics
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,105 @@
+# slack-ruby-bot-authorization
+An authorization framework for slack-ruby-bot
+
+# How to Use It
+Many bots are created by subclassing `SlackRubyBot::Bot` or `SlackRubyBot::Commands::Base` and adding commands (or using the cool new MVC features in `slack-ruby-bot`). This framework works similarly by allowing inclusion of a module into the subclass to add some authorization features.
+
+```ruby
+class MyBot < SlackRubyBot::Bot
+  extend SlackRubyBotAuthorization
+
+end
+```
+
+Including the module adds several important methods to the subclass that can be used to register roles, users, and commands. Additionally, we can customize the "denial" behavior when a user runs a command for which they are not authorized.
+
+```ruby
+class MyBot < SlackRubyBot::Bot
+  extend SlackRubyBotAuthorization
+
+  add_default_denial_handler(Proc.new do |client, data, match|
+    # Called when a command is not permitted to user/role and a specific
+    # denial Proc hasn't already been registered
+    client.say(channel: data.channel, text: "Sorry, but you have been denied!")
+  end
+  )
+  
+  add_users_to_role('admin','abc', 'def', 'ghi', 'jkl')
+  
+  role = add_commands_to_role('admin','update inventory', 'remove user', 'add user', 'run report')
+  
+  role.add_denial_handler(
+    Proc.new do |client, data, match|
+        client.say(...)
+        # returning true means the default_denial should also run
+        # return false would indicate only this proc should run and skip
+        # the default
+        true
+      end
+  )
+  
+  remove_users_from_role('admin', 'abc')
+  remove_commands_from_role('admin', 'run report')
+  remove_denial_handler_from_command('update inventory') # default, if set, will still run
+  
+  admin_role = new_role('admin') do |role|
+    role.enable_slack_builtin_commands('hi') # defaults to all unless specifically listed
+    role.add_users('user1', 'user2', 'user3')
+    role.add_commands('cmd1', 'cmd2', 'cmd3', 'cmd4')
+    role.add_default_denial_handler(proc { |a, b, c| nil } )
+  end
+  
+  admin_role.remove_users('user1', 'user2')
+  admin_role.remove_commands('cmd1')
+  command = admin_role.find_command('cmd1')
+  command.add_denial_handler(
+    proc { |a, b, c| p a, b, c; return false }
+  )
+end
+
+# Generate an array of commands that are in a 
+# `SlackRubyBot::Commands::Base` subclass but
+# that have not been authorized via the auth framework
+missing = MyBot.unauthorized_commands
+unless missing.empty?
+  raise 'Some commands have not been added to any role! ' + missing.inspect
+end
+
+# Generate an array of commands that were authorized
+# in the framework but do NOT exist in the
+# bot subclasses.
+missing = MyBot.missing_commands
+unless missing.empty?
+  raise 'Some authorized commands do not exist in the bot! ' + missing.inspect
+end
+```
+In situations where multiple strings can trigger a command, each string should be added to the role. For example, a command may respond to three different strings such as 'add', 'create new', and 'append to collection'. While they all execute the same business logic, from the perspective of the authorization framework they are different commands. Permission to run all 3 should be granted to the roles that need to execute any of them.
+
+Adding a `denial` proc via `add_denial_handler_to_command` multiple times results in the last operation overwriting any previous operations. The `default_denial` proc can still be scheduled to run if the command-specific proc returns true. If it returns false, the default denial proc is skipped.
+
+
+# Defaults
+The system works off the assumption that "everything is prohibited unless expressly allowed." That is, it's a whitelist. Only those users (and roles) that are specifically registered to run commands may run them. All others attempting to run those commands will be denied. This is the most secure approach and is highly recommended.
+
+Note that this behavior extends to builtin commands such as 'about', 'help', and 'hi.' If not explicitly allowed, these commands will be denied.
+
+# How to Subvert the Whitelist Behavior
+Programmers who are writing their own code can obviously overrule the defaults. The included module contains a method named `permitted?` which overrides the default method of the same name in `SlackRubyBot::Commands::Base`. This method may also be overridden by the subclass which would wipe out the whitelist behavior.
+
+This is not recommended.
+
+```ruby
+class MyBot < SlackRubyBot::Bot
+  include SlackRubyBotAuthorization
+
+  # Permit any user to run any command
+  def permitted?(*args)
+    return true
+  end
+end
+```
+
+# Warning
+The API is subject to change without warning until version 1.0 is released. This project will follow semantic versioning.
+
+(c) Copyright 2017 Stax Logistics LLC

data/lib/slack_ruby_bot_authorization.rb

@@ -0,0 +1,24 @@
+require 'forwardable'
+require 'ostruct'
+require 'set'
+
+require_relative 'slack_ruby_bot_authorization/version'
+require_relative 'slack_ruby_bot_authorization/exceptions'
+require_relative 'slack_ruby_bot_authorization/utils'
+require_relative 'slack_ruby_bot_authorization/command_audit'
+require_relative 'slack_ruby_bot_authorization/command'
+require_relative 'slack_ruby_bot_authorization/commands'
+require_relative 'slack_ruby_bot_authorization/role'
+require_relative 'slack_ruby_bot_authorization/roles'
+require_relative 'slack_ruby_bot_authorization/authorization'
+
+# The main entry point for users of his library. This module
+# should be included into any Bot class that requires
+# authorization for running commands.
+module SlackRubyBotAuthorization
+  include Authorization
+
+  def self.extended(othermod)
+    othermod.reset!
+  end
+end

data/lib/slack_ruby_bot_authorization/authorization.rb

@@ -0,0 +1,76 @@
+module SlackRubyBotAuthorization
+  # All of the real logic lives in the Roles class. This module
+  # exists to make it easy to +include+ the functionality in a
+  # class.
+  module Authorization
+    include Utils
+    extend Forwardable
+
+    def_delegators  :@roles,
+                    :new_role,
+                    :role_names,
+                    :user_names,
+                    :command_names,
+                    :find_role,
+                    :add_users_to_role,
+                    :add_commands_to_role,
+                    :remove_users_from_role,
+                    :remove_commands_from_role,
+                    :add_default_denial_handler,
+                    :default_denial_handler,
+                    :find_command,
+                    :call_default_denial_handler,
+                    :unauthorized_commands,
+                    :missing_bot_commands
+
+    def reset!
+      @roles = Roles.new
+    end
+
+    # Override the default method from the slack-ruby-bot
+    # gem and hook in our standard logic.
+    def permitted?(client, data, match)
+      user, command = extract_details(data, match)
+      return true if command.nil? || user.nil?
+      final_permission?(client, data, match, user, command)
+    end
+
+    # If we get to here, then we know the SlackRubyBot::Bot
+    # has executed a command for a user. We run through the
+    # following logic:
+    #
+    # * Try to match the +user+ and +command+ to an existing
+    #   role
+    # * If a role is found, then the user has permission to
+    #   execute the given command
+    # * If a role is not found, find the associated Command
+    #   and run its denial handler.
+    # * If Command denial handler returns true, run the global
+    #   denial handler.
+    # * Return false
+    def final_permission?(client, data, match, user, command_string)
+      command = @roles.find_command(command_string)
+      role = @roles.find_for(user, command_string)
+
+      # found a user/command match, so this should be permitted
+      if role
+        command.record_allowance(user)
+        return true
+      end
+
+      process_denial(client, data, match, user, command)
+      false
+    end
+
+    def process_denial(client, data, match, user, command)
+      # If we made it here, then we didn't find a role that
+      # allows a user to execute the given command. Lookup
+      # the command and execute its denial handler if one
+      # exists. If that handler returns true, also run the
+      # default denial handler.
+      command.record_denial(user)
+      return unless command.call_denial_handler(client, data, match)
+      @roles.call_default_denial_handler(client, data, match)
+    end
+  end
+end

data/lib/slack_ruby_bot_authorization/command.rb

@@ -0,0 +1,49 @@
+module SlackRubyBotAuthorization
+  # Store the command name and keep track of any
+  # denial handlers for this command.
+  class Command
+    include Utils
+
+    attr_reader :name, :denial_handler
+
+    def initialize(name)
+      @name = normalize_string(name)
+      @denial_handler = EmptyDenialProc
+      @audit = CommandAudit.new(@name)
+    end
+
+    def add_denial_handler(aproc)
+      unless aproc.arity == 3
+        raise(DenialProcArityException, 'Must accept 3 arguments')
+      end
+
+      @denial_handler = aproc
+    end
+
+    def remove_denial_handler
+      @denial_handler = Utils::EmptyDenialProc
+    end
+
+    def call_denial_handler(client, data, match)
+      @denial_handler.call(client, data, match)
+    end
+
+    def record_allowance(user)
+      @audit.allow(user)
+    end
+
+    def record_denial(user)
+      @audit.deny(user)
+    end
+
+    def stats_for(user)
+      @audit.stats_for(user)
+    end
+
+    def print_stats
+      @audit.inspect
+    end
+  end
+
+  DefaultCommand = Command.new('default-not-a-command')
+end

data/lib/slack_ruby_bot_authorization/command_audit.rb

@@ -0,0 +1,39 @@
+module SlackRubyBotAuthorization
+  # Tracks the number of times per user that a command
+  # has been allowed to run or denied to run.
+  #
+  # Pretty prints the structures so it's easy to read.
+  class CommandAudit
+    include Utils
+    attr_reader :name
+
+    def initialize(command_name)
+      @name = command_name
+      @map = Hash.new { |h, k| h[k] = OpenStruct.new(allowed: 0, denied: 0) }
+    end
+
+    def allow(user)
+      stats_for(user).allowed += 1
+    end
+
+    def deny(user)
+      stats_for(user).denied += 1
+    end
+
+    def stats_for(user)
+      @map[normalize_string(user)]
+    end
+
+    def inspect
+      len = 15
+      string = "#{name}\n"
+      @map.keys.each do |user|
+        string << user.to_s.ljust(len)
+        string << ":allowed => #{stats_for(user).allowed}\n"
+        string << ' ' * len
+        string << ":denied  => #{stats_for(user).denied}\n"
+      end
+      string
+    end
+  end
+end

data/lib/slack_ruby_bot_authorization/commands.rb

@@ -0,0 +1,85 @@
+# Commands stores a list of all commands along with
+# 1. A defaut denial handler if no command can be
+#    matched.
+# 2. Each command tracks its own denial handler so we can
+#    allow for specific behavior when a command request is
+#    denied.
+#
+module SlackRubyBotAuthorization
+  # Tracks all Command instances and maintains the global
+  # default denial handler.
+  class Commands
+    include Utils
+
+    attr_accessor :default_denial_handler
+
+    def initialize
+      reset!
+    end
+
+    def reset!
+      @commands = {}
+      @default_denial_handler = EmptyDenialProc
+    end
+
+    def new_command(command_name)
+      command_name = normalize_string(command_name)
+      @commands[command_name] = Command.new(command_name)
+    end
+
+    def find_or_make(*command_strings)
+      set = Set.new
+      command_strings.each do |command_string|
+        command = find(command_string, false)
+
+        # when not found, make a new Command instance
+        set << (command || new_command(command_string))
+      end
+      set.to_a
+    end
+
+    def find(command_string, default = true)
+      command = @commands[normalize_string(command_string)]
+      default ? (command || DefaultCommand) : command
+    end
+
+    # Returns list of all commands that were ever registered. This
+    # will even return commands that are no longer associated with
+    # a role, so the output from this command will be a superset
+    # of the Roles#command_names method.
+    def command_names
+      @commands.values.map(&:name).sort
+    end
+
+    # Default denial proc called when a Command doesn't have a specific
+    # denial handler set.
+    #
+    # When the specific Command has its own handler, that handler may
+    # return true to allow the default handler to also run. To prevent
+    # the default handler from running, the Command-specific denial
+    # handler should return false.
+    def add_default_denial_handler(aproc)
+      unless aproc.arity == 3
+        raise(DenialProcArityException, 'Must accept 3 arguments')
+      end
+
+      @default_denial_handler = aproc
+    end
+
+    def remove_denial_handler_from_command(command_string)
+      command = find(command_string)
+      unless command
+        raise(
+          UnknownCommandException,
+          "No command named '#{command_string}'"
+        )
+      end
+
+      command.remove_denial_handler
+    end
+
+    def call_denial_handler(client, data, match)
+      @default_denial_handler.call(client, data, match)
+    end
+  end
+end

data/lib/slack_ruby_bot_authorization/exceptions.rb

@@ -0,0 +1,9 @@
+module SlackRubyBotAuthorization
+  class DenialProcArityException < StandardError; end
+
+  class UnknownBuiltinCommandException < StandardError; end
+
+  class UnknownRoleException < StandardError; end
+
+  class ArrayArgumentException < StandardError; end
+end

data/lib/slack_ruby_bot_authorization/role.rb

@@ -0,0 +1,149 @@
+module SlackRubyBotAuthorization
+  BUILTIN_COMMANDS = %w[about help hi].freeze
+
+  # Implement the Null Pattern for the Role class. Other code
+  # will search for a matching Role instance. When not found,
+  # we want to return an instance of NullRole so that all
+  # method calls succeed (unless someone passes a proc with
+  # the wrong arity) and we can avoid checking for nil elsewhere.
+  class NullRole
+    attr_reader :name, :denial_handler
+
+    def initialize(_name, &_blk)
+      @name = :default
+    end
+
+    def add_users(*_users)
+      nil
+    end
+
+    def add_commands(*_commands)
+      nil
+    end
+
+    def add_denial_handler(aproc)
+      return if aproc.arity == 3
+      raise(DenialProcArityException, 'Must accept 3 arguments')
+    end
+
+    def enable_slack_builtin_commands(*commands)
+      missing = commands.none? do |command|
+        BUILTIN_COMMANDS.include?(command.downcase)
+      end
+
+      return unless missing
+
+      message = "Unknown command '#{command}'; \
+      must be one of #{BUILTIN_COMMANDS.inspect}"
+
+      raise(UnknownBuiltinCommandException, message)
+    end
+
+    def remove_users(*_users)
+      nil
+    end
+
+    def remove_commands(*_commands)
+      nil
+    end
+
+    def remove_denial_handler
+      nil
+    end
+
+    def user?(_user)
+      false
+    end
+
+    def command?(_command)
+      false
+    end
+
+    def users
+      []
+    end
+
+    def commands
+      []
+    end
+  end
+
+  # Maps roles to users and commands.
+  class Role < NullRole
+    include Utils
+
+    attr_reader :name, :denial_handler
+
+    def initialize(name, &blk)
+      @name = normalize_string(name)
+      @users = Set.new
+      @commands = Set.new
+
+      return unless block_given?
+
+      # Execute the block depending on how many args were passed
+      # http://graysoftinc.com/ruby-voodoo/dsl-block-styles
+      blk.arity == 1 ? yield(self) : instance_eval(&blk)
+    end
+
+    def add_users(*users)
+      users.each { |user| @users << normalize_string(user) }
+    end
+
+    def add_commands(*commands)
+      commands.each { |command| @commands << command }
+    end
+
+    def add_denial_handler(aproc)
+      unless aproc.arity == 3
+        raise(DenialProcArityException, 'Must accept 3 arguments')
+      end
+
+      @denial_handler = aproc
+    end
+
+    def enable_slack_builtin_commands(*commands)
+      commands = BUILTIN_COMMANDS if commands.empty?
+      commands.each do |command|
+        raise(UnknownBuiltinCommandException, "Unknown command '#{command}'") \
+        unless BUILTIN_COMMANDS.include?(command.downcase)
+
+        add_commands(command)
+      end
+    end
+
+    def remove_users(*users)
+      users.each { |user| @users.delete(normalize_string(user)) }
+    end
+
+    def remove_commands(*commands)
+      commands.each { |command| @commands.delete(command) }
+    end
+
+    def remove_denial_handler
+      @denial_handler = Utils::EmptyDenialProc
+    end
+
+    def user?(user)
+      @users.include?(normalize_string(user))
+    end
+
+    def command?(command)
+      @commands.include?(command)
+    end
+
+    def users
+      @users.to_a.sort
+    end
+
+    def commands
+      @commands.to_a
+    end
+
+    def command_names
+      commands.map(&:name).sort
+    end
+  end
+
+  DefaultRole = NullRole.new('default')
+end

data/lib/slack_ruby_bot_authorization/roles.rb

@@ -0,0 +1,183 @@
+module SlackRubyBotAuthorization
+  # The main API for handling authorization. See documentation
+  # for SlackRubyBotAuthorization top-level module.
+  class Roles
+    include Utils
+
+    attr_reader :commands
+
+    def initialize
+      reset!
+    end
+
+    def reset!
+      @roles = {}
+      @commands = Commands.new
+    end
+
+    def new_role(role_name, &blk)
+      role_name = normalize_string(role_name)
+      @roles[role_name] = Role.new(role_name, &blk)
+    end
+
+    def find_for(user_string, command_string)
+      command = find_command(command_string)
+      _, found_role = @roles.find do |_name, role|
+        role.user?(user_string) && role.command?(command)
+      end
+
+      found_role
+    end
+
+    def find_role(role_name)
+      @roles[normalize_string(role_name)]
+    end
+
+    def find_command(command_string)
+      @commands.find(command_string)
+    end
+
+    def role_names
+      @roles.values.map(&:name).uniq.sort
+    end
+
+    def user_names
+      @roles.values.inject([]) { |a, e| a + e.users }.uniq.sort
+    end
+
+    def command_names
+      @roles.values.inject([]) { |a, e| a + e.command_names }.uniq.sort
+    end
+
+    # Default denial proc called when a role doesn't have a specific denial
+    # handler set.
+    #
+    # When the specific role has its own handler, that handler may return true
+    # to allow the default handler to also run. To prevent the default handler
+    # from running, the role-specific denial handler should return false.
+    def add_default_denial_handler(aproc)
+      @commands.add_default_denial_handler(aproc)
+    end
+
+    def default_denial_handler
+      @commands.default_denial_handler
+    end
+
+    def call_default_denial_handler(client, data, match)
+      default_denial_handler.call(client, data, match)
+    end
+
+    def add_users_to_role(role_name, *users)
+      if users.any? { |user| user.is_a?(Array) }
+        raise(ArrayArgumentException, '+users+ argument should not be an array!\
+        Try prepending argument with splat \'*\'')
+      end
+
+      role = find_role(role_name) || new_role(role_name)
+      role.add_users(*users)
+      role
+    end
+
+    def add_commands_to_role(role_name, *commands)
+      if commands.any? { |command| command.is_a?(Array) }
+        raise(ArrayArgumentException, '+commands+ argument should not\
+        be an array! Try prepending argument with splat \'*\'')
+      end
+
+      role = find_role(role_name) || new_role(role_name)
+      commands = @commands.find_or_make(*commands)
+      role.add_commands(*commands)
+      role
+    end
+
+    def remove_users_from_role(role_name, *users)
+      role = find_role(role_name)
+      raise(UnknownRoleException, "No role named '#{role_name}'") unless role
+
+      role.remove_users(*users)
+      @roles.delete(role.name) if role.users.empty?
+      role
+    end
+
+    def remove_commands_from_role(role_name, *commands)
+      role = find_role(role_name)
+      raise(UnknownRoleException, "No role named '#{role_name}'") unless role
+
+      commands = @commands.find_or_make(*commands)
+      role.remove_commands(*commands)
+      @roles.delete(role.name) if role.commands.empty?
+      role
+    end
+
+    # Compares all of the commands registered to a role to a list
+    # of all custom commands. Any custom command that has not been
+    # added to a role is listed.
+    #
+    # Use this for detecting possible mispellings between the
+    # Command classes and the authorization setup. Useful for cases
+    # where there are dozens of commands and many roles where a
+    # manual audit would be difficult.
+    def unauthorized_commands
+      missing_commands = []
+
+      command_subclass_routes.each do |route|
+        next if route_matches_any_command?(route, command_names)
+
+        # command did NOT match a route, therefore the command has not
+        # been authorized and is orphaned
+        missing_commands += commands_from_route(route)
+      end
+      missing_commands
+    end
+
+    # The complement to #unauthorized_commands. This returns an array
+    # of command names that have been authorized to a role but do NOT
+    # exist in any bot Command class.
+    def missing_bot_commands
+      missing_commands = []
+
+      command_names.each do |command_symbol|
+        next if command_matches_any_route?(command_subclass_routes, command_symbol)
+
+        # No route found for this command!
+        missing_commands << command_symbol.to_s
+      end
+      missing_commands
+    end
+
+    private
+
+    # SlackRubyBot tracks all Command subclasses and their routes. Take
+    # advantage of this to collect an array of all routes.
+    # Only accept routes from child classes by filtering out any classes
+    # from the SlackRubyBot::Commands namespace.
+    def command_subclass_routes
+      klasses = SlackRubyBot::Commands::Base.command_classes.reject do |k|
+        k.name && k.name.start_with?('SlackRubyBot::Commands::')
+      end
+
+      klasses.map do |klass|
+        klass.routes ? klass.routes.keys : []
+      end.flatten
+    end
+
+    def route_matches_any_command?(route, command_strings)
+      command_strings.any? do |string|
+        expression = "botname #{string}"
+        route.match(expression)
+      end
+    end
+
+    def command_matches_any_route?(routes, command_string)
+      routes.any? do |route|
+        expression = "botname #{command_string}"
+        route.match(expression)
+      end
+    end
+
+    def commands_from_route(route)
+      catted_commands = route.to_s.split('<command>')[1].split(')').first
+      catted_commands.split('|')
+    end
+  end
+end

data/lib/slack_ruby_bot_authorization/utils.rb

@@ -0,0 +1,38 @@
+module SlackRubyBotAuthorization
+  # Methods that don't fit in any other class and also may
+  # be needed by multiple classes/modules.
+  module Utils
+    # Used as the default denial handler for Command instances.
+    # When the proc returns true, it allows the global default
+    # handler to also run. We want the empty handler to return
+    # true so that the default (if it exists) will run.
+    EmptyDenialProc = proc do |_client, _data, _match|
+      true
+    end
+
+    # Takes a String or Symbol, manipulates it, and returns a Symbol.
+    def normalize_string(obj)
+      obj.to_s.downcase.to_sym
+    end
+
+    # Authorization only works when we've been passed a +data+
+    # object with a +user+ field *and* a +match+ object that
+    # contains a +command+ field.
+    #
+    # Extract those items and return them in an array. If those
+    # items don't exist in the form we expect, return nil in
+    # place of those objects.
+    def extract_details(data, match)
+      [extract_user(data), extract_command(match)]
+    end
+
+    def extract_user(data)
+      data.respond_to?(:user) ? data.user : nil
+    end
+
+    def extract_command(match)
+      return unless match.is_a?(MatchData) && match.names.include?('command')
+      match[:command].downcase
+    end
+  end
+end

data/lib/slack_ruby_bot_authorization/version.rb

@@ -0,0 +1,3 @@
+module SlackRubyBotAuthorization
+  VERSION = '0.9.0'.freeze
+end

metadata

@@ -0,0 +1,116 @@
+--- !ruby/object:Gem::Specification
+name: slack_ruby_bot_authorization
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Chuck Remes
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-07-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: slack-ruby-bot
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.4
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: |2
+    Easy way to build a whitelist authorization mechanism for slack ruby bot
+    commands. Define roles and add slack users and slack commands to those
+    roles. When the bot receives the command, the framework verifies that
+    the given user has permission to execute the command. If denied, a
+    custom handler can be setup to run instead.
+email: git@chuckremes.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/slack_ruby_bot_authorization.rb
+- lib/slack_ruby_bot_authorization/authorization.rb
+- lib/slack_ruby_bot_authorization/command.rb
+- lib/slack_ruby_bot_authorization/command_audit.rb
+- lib/slack_ruby_bot_authorization/commands.rb
+- lib/slack_ruby_bot_authorization/exceptions.rb
+- lib/slack_ruby_bot_authorization/role.rb
+- lib/slack_ruby_bot_authorization/roles.rb
+- lib/slack_ruby_bot_authorization/utils.rb
+- lib/slack_ruby_bot_authorization/version.rb
+homepage: http://github.com/stax-dog/slack_ruby_bot_authorization
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.8
+signing_key: 
+specification_version: 4
+summary: Simple authorization framework for slack ruby bots
+test_files: []