spine-authorisation 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ae25a7bd20391dbdb59d8a28b5833f9659c9c0bb
+  data.tar.gz: dad7806d35f9ed583ec583e089157cb3bc6d8b52
+SHA512:
+  metadata.gz: 8663d77144f2ee9d7a8cf466a08d1fb0457ee24801d461d3d239c9233865ed094292641c21d51e3101f4a852563cb6158bf558469c0867c752b1c3a697ba20bc
+  data.tar.gz: af6df7e32d6b800b334c0ff8f49209aa2fc50ba393c4f9ae9dd5eeda14f9110877ef29be8003b870e2d4c43f17bd41532b2d2d3573c02296ee005d435fb19fa6

data/.gitignore

@@ -0,0 +1,36 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/bin/
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--format documentation
+--require config/default

data/CHANGELOG.md

@@ -0,0 +1,6 @@
+Changelog
+=========
+
+0.1.0
+-----
+-   First public release

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in spine-authorisation.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,51 @@
+PATH
+  remote: .
+  specs:
+    spine-authorisation (0.1.0)
+      spine-hub (~> 0.1)
+      spine-permissions (~> 0.1)
+      spine-restrictions (~> 0.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    codeclimate-test-reporter (0.4.7)
+      simplecov (>= 0.7.1, < 1.0.0)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    json (1.8.3)
+    rake (10.4.2)
+    rspec (3.2.0)
+      rspec-core (~> 3.2.0)
+      rspec-expectations (~> 3.2.0)
+      rspec-mocks (~> 3.2.0)
+    rspec-core (3.2.3)
+      rspec-support (~> 3.2.0)
+    rspec-expectations (3.2.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.2.0)
+    rspec-mocks (3.2.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.2.0)
+    rspec-support (3.2.2)
+    simplecov (0.10.0)
+      docile (~> 1.1.0)
+      json (~> 1.8)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.0)
+    spine-hub (0.1.0)
+    spine-permissions (0.1.0)
+    spine-restrictions (0.1.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.7)
+  codeclimate-test-reporter (~> 0.4)
+  rake (~> 10.0)
+  rspec (~> 3.2)
+  spine-authorisation!
+
+BUNDLED WITH
+   1.10.2

data/LICENSE

@@ -0,0 +1,12 @@
+Copyright (c) 2015, TOGGL LLC
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the TOGGL LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/README.md

@@ -0,0 +1,93 @@
+# Spine::Authorisation
+
+[![Gem Version](https://badge.fury.io/rb/spine-authorisation.svg)](http://badge.fury.io/rb/spine-authorisation)
+[![Dependency Status](https://gemnasium.com/rspine/authorisation.svg)](https://gemnasium.com/rspine/authorisation)
+[![Test Coverage](https://codeclimate.com/github/rspine/authorisation/badges/coverage.svg)](https://codeclimate.com/github/rspine/authorisation/coverage)
+[![Code Climate](https://codeclimate.com/github/rspine/authorisation/badges/gpa.svg)](https://codeclimate.com/github/rspine/authorisation)
+[![Codeship Status for rspine/authorisation](https://codeship.com/projects/f6de77f0-edaf-0132-b6b1-1efd3f886df2/status?branch=master)](https://codeship.com/projects/84059)
+
+Authorisation context for Ruby applications.
+
+## Installation
+
+To install it, add the gem to your Gemfile:
+
+```ruby
+gem 'spine-authorisation'
+```
+
+Then run `bundle`. If you're not using Bundler, just `gem install spine-authorisation`.
+
+## Usage
+
+Authorisation uses [Spine::Permissions](https://github.com/rspine/permissions)
+and [Spine::Restrictions](https://github.com/rspine/restrictions) to define
+rules.
+
+```ruby
+Spine::Authorisation.permissions do
+  define(:user).grant(:read, :all)
+end
+
+Spine::Authorisation.restrictions do
+  register(MyRestriction).restrict(:write, :all)
+end
+```
+
+You can call `permissions` and `restrictions` directly or define yourself a
+context. It requires you to override `role` and `subject` methods.
+
+```ruby
+class UserContext
+  include Spine::Authorisation::Context
+
+  # Required to override
+  def role
+    user.role
+  end
+
+  # Required to override
+  def subject
+    user
+  end
+
+  def user
+   # find by identity
+  end
+end
+
+context = UserContext.new
+context.authorize(:read, :tasks)
+# => true
+```
+
+Context authorize method also publishes events `:granted` and `:denied` with
+`context, action, resource` arguments and `:restricted` with
+`context, restriction, action, resource` arguments (see more
+[Spine::Hub](https://github.com/rspine/hub) to see how to subscribe these).
+
+### Using with Spine::Engines
+
+```ruby
+# application.rb
+
+module MyApp
+  module Application
+    extension Spine::Authorisation::Engine
+  end
+end
+```
+
+Then you need to define your permissions and restrictions in
+`config/authorisation.rb`.
+
+```ruby
+module MyApp
+  module Application
+    permissions.define(:user).grant(:read, :all)
+    permissions.define(:admin).grant(:all, :all)
+
+    restrictions.register(MyRestriction).restrict(:write, :all)
+  end
+end
+```

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/spine/authorisation.rb

@@ -0,0 +1,9 @@
+module Spine
+  module Authorisation
+    autoload :Context, 'spine/authorisation/context'
+    autoload :Registrations, 'spine/authorisation/registrations'
+    autoload :Engine, 'spine/authorisation/engine'
+
+    extend Registrations
+  end
+end

data/lib/spine/authorisation/context.rb

@@ -0,0 +1,43 @@
+require 'spine/hub'
+
+module Spine
+  module Authorisation
+    module Context
+      include Hub::Publisher
+
+      def subject
+        raise NotImplementedError, 'Context requires subject'
+      end
+
+      def role
+        raise NotImplementedError, 'Context requires role'
+      end
+
+      def authorize(action, resource)
+        return false unless subject
+
+        restriction = restricted?(action, resource)
+        if restriction
+          publish(:restricted, self, restriction, action, resource)
+          false
+        elsif !granted?(action, resource)
+          publish(:denied, self, action, resource)
+          false
+        else
+          publish(:granted, self, action, resource)
+          true
+        end
+      end
+
+      private
+
+      def granted?(action, resource)
+        Authorisation.permissions.granted?(role, action, resource)
+      end
+
+      def restricted?(action, resource)
+        Authorisation.restrictions.restricted?(self, action, resource)
+      end
+    end
+  end
+end

data/lib/spine/authorisation/engine.rb

@@ -0,0 +1,30 @@
+module Spine
+  module Authorisation
+    module Engine
+      module Configuration
+        def authorisation
+          ::Spine::Authorisation
+        end
+      end
+
+      module Loader
+        extend self
+
+        def call(app)
+          require app.root.join('config', 'authorisation')
+        end
+      end
+
+      extend self
+
+      def configuration
+        Configuration
+      end
+
+      def loader
+        Loader
+      end
+    end
+  end
+end
+

data/lib/spine/authorisation/registrations.rb

@@ -0,0 +1,20 @@
+require 'spine/permissions'
+require 'spine/restrictions'
+
+module Spine
+  module Authorisation
+    module Registrations
+      def permissions(&block)
+        @permissions ||= ::Spine::Permissions::Roles.new
+        @permissions.instance_eval(&block) if block_given?
+        @permissions
+      end
+
+      def restrictions(&block)
+        @restrictions ||= ::Spine::Restrictions::Collection.new
+        @restrictions.instance_eval(&block) if block_given?
+        @restrictions
+      end
+    end
+  end
+end

data/lib/spine/authorisation/version.rb

@@ -0,0 +1,5 @@
+module Spine
+  module Authorisation
+    VERSION = '0.1.0'
+  end
+end

data/spec/config/coverage.rb

@@ -0,0 +1,4 @@
+require './spec/config/default'
+
+require 'codeclimate-test-reporter'
+CodeClimate::TestReporter.start

data/spec/config/default.rb

@@ -0,0 +1,20 @@
+RSpec.configure do |config|
+  config.filter_run :focus
+  config.run_all_when_everything_filtered = true
+
+  if config.files_to_run.one?
+    config.default_formatter = 'doc'
+  end
+
+  config.order = :random
+
+  Kernel.srand config.seed
+
+  config.expect_with :rspec do |expectations|
+    expectations.syntax = :expect
+  end
+
+  config.mock_with :rspec do |mocks|
+    mocks.syntax = :expect
+  end
+end

data/spec/spine/authorisation/context_spec.rb

@@ -0,0 +1,48 @@
+require 'spine/authorisation'
+
+module Spine
+  module Authorisation
+    module Restriction
+      extend self
+
+      def restricted?(context)
+        true
+      end
+    end
+
+    permissions do
+      define(:user).grant(:read, :all).grant(:write, :data)
+    end
+
+    restrictions do
+      register(Restriction).restrict(:write, :all)
+    end
+
+    describe Context do
+      subject { double(subject: user, role: role).extend(Context) }
+      let(:user) { double }
+      let(:role) { :user }
+      let(:listener) { double }
+
+      before(:each) do
+        subject.subscribe(listener)
+      end
+
+      it 'grants authorization' do
+        expect(listener).to receive(:notify).with(:granted, subject, :read, :data)
+        expect(subject.authorize(:read, :data)).to be true
+      end
+
+      it 'denies authorisation' do
+        expect(listener).to receive(:notify).with(:denied, subject, :delete, :data)
+        expect(subject.authorize(:delete, :data)).to be false
+      end
+
+      it 'restricts authorization' do
+        expect(listener).to receive(:notify)
+          .with(:restricted, subject, Restriction, :write, :data)
+        expect(subject.authorize(:write, :data)).to be false
+      end
+    end
+  end
+end

data/spine-authorisation.gemspec

@@ -0,0 +1,28 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'spine/authorisation/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "spine-authorisation"
+  spec.version       = Spine::Authorisation::VERSION
+  spec.authors       = ["TOGGL LLC"]
+  spec.email         = ["support@toggl.com"]
+  spec.summary       = 'Authorisation context for Ruby applications'
+  spec.description   = ''
+  spec.homepage      = 'https://github.com/rspine/authorisation'
+  spec.license       = 'BSD-3-Clause'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'spine-hub', '~> 0.1'
+  spec.add_dependency 'spine-permissions', '~> 0.1'
+  spec.add_dependency 'spine-restrictions', '~> 0.1'
+
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.2'
+  spec.add_development_dependency 'codeclimate-test-reporter', '~> 0.4'
+end

metadata

@@ -0,0 +1,162 @@
+--- !ruby/object:Gem::Specification
+name: spine-authorisation
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- TOGGL LLC
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-06-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: spine-hub
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: spine-permissions
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: spine-restrictions
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+description: ''
+email:
+- support@toggl.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- lib/spine/authorisation.rb
+- lib/spine/authorisation/context.rb
+- lib/spine/authorisation/engine.rb
+- lib/spine/authorisation/registrations.rb
+- lib/spine/authorisation/version.rb
+- spec/config/coverage.rb
+- spec/config/default.rb
+- spec/spine/authorisation/context_spec.rb
+- spine-authorisation.gemspec
+homepage: https://github.com/rspine/authorisation
+licenses:
+- BSD-3-Clause
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Authorisation context for Ruby applications
+test_files:
+- spec/config/coverage.rb
+- spec/config/default.rb
+- spec/spine/authorisation/context_spec.rb