stasi 0.0.1.alpha

Sign up to get free protection for your applications and to get access to all the features.
Files changed (16) hide show
  1. data/CHANGELOG.md +3 -0
  2. data/Gemfile +3 -0
  3. data/Gemfile.lock +38 -0
  4. data/LICENSE.txt +22 -0
  5. data/README.md +46 -0
  6. data/Rakefile +7 -0
  7. data/init.rb +1 -0
  8. data/lib/stasi/authorization/law.rb +53 -0
  9. data/lib/stasi/authorization/status.rb +46 -0
  10. data/lib/stasi/authorization/watch.rb +11 -0
  11. data/lib/stasi.rb +7 -0
  12. data/test/law_test.rb +82 -0
  13. data/test/status_test.rb +60 -0
  14. data/test/test_helper.rb +9 -0
  15. data/test/watch_test.rb +21 -0
  16. metadata +161 -0
data/CHANGELOG.md ADDED
@@ -0,0 +1,3 @@
1
+ ## v0.0.1.alpha
2
+
3
+ * initial commit
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,38 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ stasi (0.0.1.alpha)
5
+ activesupport (>= 4.0.0)
6
+ dsl_eval (>= 0.0.2)
7
+
8
+ GEM
9
+ remote: https://rubygems.org/
10
+ specs:
11
+ activesupport (4.0.0)
12
+ i18n (~> 0.6, >= 0.6.4)
13
+ minitest (~> 4.2)
14
+ multi_json (~> 1.3)
15
+ thread_safe (~> 0.1)
16
+ tzinfo (~> 0.3.37)
17
+ ansi (1.4.3)
18
+ atomic (1.1.14-java)
19
+ dsl_eval (0.0.2)
20
+ i18n (0.6.5)
21
+ minitest (4.7.5)
22
+ multi_json (1.8.2)
23
+ rake (10.1.0)
24
+ thread_safe (0.1.3-java)
25
+ atomic
26
+ turn (0.9.6)
27
+ ansi
28
+ tzinfo (0.3.38)
29
+
30
+ PLATFORMS
31
+ java
32
+
33
+ DEPENDENCIES
34
+ bundler (~> 1.3)
35
+ minitest (~> 4.2)
36
+ rake
37
+ stasi!
38
+ turn
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Paul Vonderscher
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,46 @@
1
+ # Stasi
2
+
3
+ A small authorization library inspired by CanCan
4
+
5
+ ## Usage
6
+
7
+ ```ruby
8
+ gem 'stasi'
9
+ ```
10
+
11
+ In the model you wish to check permissions on, e.g. User :
12
+
13
+ ```ruby
14
+ include Robotnik::Authorization::Watch
15
+ ```
16
+
17
+ Then you can check permissions this way :
18
+
19
+ ```ruby
20
+ user.can? :read, :posts
21
+ ```
22
+
23
+ You define permissions in an initializer :
24
+
25
+ ```ruby
26
+ Robotnik::Authorization::Law.define do
27
+
28
+ status :admin do
29
+ can read, :posts
30
+ can :destroy, :posts
31
+ end
32
+
33
+ status :guest do
34
+ can :read, :post
35
+ end
36
+
37
+ end
38
+ ```
39
+
40
+ Undefined permissions default to `false`.
41
+ `:admin` and `:guest`, in this example, must be methods on the `user` object.
42
+
43
+ ## Milestones
44
+
45
+ * pass directly object, and not a symbol
46
+ * load specific permissions from db
data/Rakefile ADDED
@@ -0,0 +1,7 @@
1
+ require "bundler/gem_tasks"
2
+ require 'rake/testtask'
3
+
4
+ Rake::TestTask.new do |t|
5
+ t.libs << 'test'
6
+ t.pattern = "test/*_test.rb"
7
+ end
data/init.rb ADDED
@@ -0,0 +1 @@
1
+ require 'stasi'
data/lib/stasi/authorization/law.rb ADDED
@@ -0,0 +1,53 @@
1
+ module Robotnik
2
+ module Authorization
3
+ class Law
4
+
5
+ #--- Class methods ---#
6
+
7
+ include Robotnik::DslEval
8
+
9
+ cattr_reader :law
10
+
11
+ def self.define &block
12
+ @@law = self.new.evaluate(&block)
13
+ end
14
+
15
+ def self.reset!
16
+ @@law = nil
17
+ end
18
+
19
+ #--- Instance methods ---#
20
+
21
+ def status method, &block
22
+ init_role_for(method).evaluate &block
23
+ end
24
+
25
+ def statuses
26
+ rules.keys
27
+ end
28
+
29
+ def can? *args
30
+ subject, args = args.shift, args
31
+ verdict = false
32
+ statuses.each do |status|
33
+ if subject.send status
34
+ verdict = rules[status].can? *args
35
+ break
36
+ end
37
+ end
38
+ verdict
39
+ end
40
+
41
+ private
42
+
43
+ def rules
44
+ @rules ||= {}.with_indifferent_access
45
+ end
46
+
47
+ def init_role_for method
48
+ rules[method] ||= Robotnik::Authorization::Status.new
49
+ end
50
+
51
+ end
52
+ end
53
+ end
data/lib/stasi/authorization/status.rb ADDED
@@ -0,0 +1,46 @@
1
+ module Robotnik
2
+ module Authorization
3
+ class Status
4
+
5
+ include Robotnik::DslEval
6
+
7
+ def can action, resource, conditions=nil, &block
8
+ init_rule_for resource
9
+ rules[resource][action] = conditions || block || true
10
+ end
11
+
12
+ def cannot action, resource
13
+ init_rule_for resource
14
+ rules[resource][action] = false
15
+ end
16
+
17
+ def can? action, resource, subject
18
+ begin
19
+ condition = rules[resource][action]
20
+ case condition
21
+ when true, false then condition
22
+ else
23
+ return condition.call(subject) if condition.respond_to?(:call)
24
+ deliberation = true
25
+ deliberation = deliberation && condition[:if].call(subject) if condition.has_key?(:if)
26
+ deliberation = deliberation && (! condition[:unless].call(subject)) if deliberation && condition.has_key?(:unless)
27
+ deliberation
28
+ end
29
+ rescue NoMethodError
30
+ false
31
+ end
32
+ end
33
+
34
+ private
35
+
36
+ def rules
37
+ @rules ||= {}.with_indifferent_access
38
+ end
39
+
40
+ def init_rule_for resource
41
+ rules[resource] ||= {}.with_indifferent_access
42
+ end
43
+
44
+ end
45
+ end
46
+ end
data/lib/stasi/authorization/watch.rb ADDED
@@ -0,0 +1,11 @@
1
+ module Robotnik
2
+ module Authorization
3
+ module Watch
4
+
5
+ def can? *args
6
+ Robotnik::Authorization::Law.law.can? *(args.unshift(self))
7
+ end
8
+
9
+ end
10
+ end
11
+ end
data/lib/stasi.rb ADDED
@@ -0,0 +1,7 @@
1
+ require 'dsl_eval'
2
+ require 'active_support/core_ext/hash'
3
+ require 'active_support/core_ext/class/attribute_accessors'
4
+
5
+ require 'stasi/authorization/law'
6
+ require 'stasi/authorization/status'
7
+ require 'stasi/authorization/watch'
data/test/law_test.rb ADDED
@@ -0,0 +1,82 @@
1
+ require 'test_helper'
2
+
3
+ class LawTest < ActiveSupport::TestCase
4
+
5
+ def setup
6
+ @law = Robotnik::Authorization::Law.new
7
+ end
8
+
9
+ test "it has rules" do
10
+ rules = @law.send :rules
11
+ assert_instance_of ActiveSupport::HashWithIndifferentAccess, rules
12
+ end
13
+
14
+ test "it initiates rules for role" do
15
+ @law.send :init_role_for, :role
16
+ rules = @law.instance_variable_get('@rules')
17
+ assert rules.has_key? :role
18
+ assert_instance_of Robotnik::Authorization::Status, rules[:role]
19
+ end
20
+
21
+ test "it yields status for authorization definition" do
22
+ @law.status :admin do
23
+ can :read, :book
24
+ end
25
+ assert @law.instance_variable_get('@rules')[:admin].can? :read, :book, nil
26
+ end
27
+
28
+ test "it has statuses" do
29
+ @law.status :admin do
30
+ end
31
+ assert_equal ['admin'], @law.statuses
32
+ end
33
+
34
+ test "it tests status on given object" do
35
+ object = Object.new
36
+ class << object
37
+ def admin
38
+ true
39
+ end
40
+ def not_admin
41
+ false
42
+ end
43
+ end
44
+ @law.status :admin do
45
+ can :read, :book
46
+ end
47
+ @law.status :not_admin do
48
+ cannot :read, :book
49
+ end
50
+ assert @law.can? object, :read, :book, nil
51
+ class << object
52
+ def admin
53
+ false
54
+ end
55
+ def not_admin
56
+ true
57
+ end
58
+ end
59
+ refute @law.can? object, :read, :book, nil
60
+ end
61
+
62
+ test "it returns false if no status returns true" do
63
+ object = Object.new
64
+ class << object
65
+ def admin
66
+ false
67
+ end
68
+ end
69
+ @law.status :admin do
70
+ end
71
+ refute @law.can? object, :do, :something, nil
72
+ end
73
+
74
+ test "it defines a new law at class level" do
75
+ Robotnik::Authorization::Law.define do
76
+ status :admin do
77
+ end
78
+ end
79
+ assert_equal ['admin'], Robotnik::Authorization::Law.law.statuses
80
+ end
81
+
82
+ end
data/test/status_test.rb ADDED
@@ -0,0 +1,60 @@
1
+ require 'test_helper'
2
+
3
+ class StatusTest < ActiveSupport::TestCase
4
+
5
+ def setup
6
+ @status = Robotnik::Authorization::Status.new
7
+ end
8
+
9
+ test "it has rules" do
10
+ rules = @status.send :rules
11
+ assert_instance_of ActiveSupport::HashWithIndifferentAccess, rules
12
+ end
13
+
14
+ test "it initiates rules for resource" do
15
+ @status.send :init_rule_for, :resource
16
+ rules = @status.instance_variable_get('@rules')
17
+ assert rules.has_key? :resource
18
+ assert_instance_of ActiveSupport::HashWithIndifferentAccess, rules[:resource]
19
+ end
20
+
21
+ test "it defines prohibition" do
22
+ @status.cannot :read, :book
23
+ refute @status.can? :read, :book, nil
24
+ end
25
+
26
+ test "it defines strict authorization" do
27
+ @status.can :read, :book
28
+ assert @status.can? :read, :book, nil
29
+ end
30
+
31
+ test "it defines authorization with if and unless options" do
32
+ assertions = [true, false, false, true, false, true, false, false]
33
+ [[true, nil], [nil, true], [false, nil], [nil, false], [true, true], [true, false], [false, true], [false, false]].each_with_index do |conditions, i|
34
+ conditions_hash = {}
35
+ [:if, :unless].each_with_index do |operator, j|
36
+ unless conditions[j].nil?
37
+ if conditions[j]
38
+ conditions_hash[operator] = Proc.new{ |num| num == 1 }
39
+ else
40
+ conditions_hash[operator] = Proc.new{ |num| num != 1 }
41
+ end
42
+ end
43
+ end
44
+ @status.can :read, :book, conditions_hash
45
+ assert_equal assertions[i], @status.can?(:read, :book, 1)
46
+ end
47
+ end
48
+
49
+ test "it defines authorizations with a block" do
50
+ @status.can :read, :book do |num|
51
+ num * 2
52
+ end
53
+ assert_equal 6, @status.can?(:read, :book, 3)
54
+ end
55
+
56
+ test "it defaults to forbidden if permission is not defined" do
57
+ refute @status.can? :be, :free, :nil
58
+ end
59
+
60
+ end
data/test/test_helper.rb ADDED
@@ -0,0 +1,9 @@
1
+ gem 'minitest'
2
+
3
+ require 'stasi'
4
+ require 'minitest/unit'
5
+ require 'active_support/test_case'
6
+ require 'minitest/autorun'
7
+ require 'turn'
8
+ require 'turn/colorize'
9
+ require 'turn/autorun'
data/test/watch_test.rb ADDED
@@ -0,0 +1,21 @@
1
+ require 'test_helper'
2
+
3
+ class WatchTest < ActiveSupport::TestCase
4
+
5
+ test "calls the law class can? with self as first arg" do
6
+ object = Object.new
7
+ object.extend Robotnik::Authorization::Watch
8
+ class << object
9
+ def admin
10
+ true
11
+ end
12
+ end
13
+ Robotnik::Authorization::Law.define do
14
+ status :admin do
15
+ can :do, :something
16
+ end
17
+ end
18
+ assert object.can?(:do, :something, :stupid)
19
+ end
20
+
21
+ end
metadata ADDED
@@ -0,0 +1,161 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: stasi
3
+ version: !ruby/object:Gem::Version
4
+ prerelease: 6
5
+ version: 0.0.1.alpha
6
+ platform: ruby
7
+ authors:
8
+ - Paul Vonderscher
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-10-30 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: bundler
16
+ version_requirements: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ~>
19
+ - !ruby/object:Gem::Version
20
+ version: '1.3'
21
+ none: false
22
+ requirement: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ~>
25
+ - !ruby/object:Gem::Version
26
+ version: '1.3'
27
+ none: false
28
+ prerelease: false
29
+ type: :development
30
+ - !ruby/object:Gem::Dependency
31
+ name: rake
32
+ version_requirements: !ruby/object:Gem::Requirement
33
+ requirements:
34
+ - - '>='
35
+ - !ruby/object:Gem::Version
36
+ version: '0'
37
+ none: false
38
+ requirement: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - '>='
41
+ - !ruby/object:Gem::Version
42
+ version: '0'
43
+ none: false
44
+ prerelease: false
45
+ type: :development
46
+ - !ruby/object:Gem::Dependency
47
+ name: minitest
48
+ version_requirements: !ruby/object:Gem::Requirement
49
+ requirements:
50
+ - - ~>
51
+ - !ruby/object:Gem::Version
52
+ version: '4.2'
53
+ none: false
54
+ requirement: !ruby/object:Gem::Requirement
55
+ requirements:
56
+ - - ~>
57
+ - !ruby/object:Gem::Version
58
+ version: '4.2'
59
+ none: false
60
+ prerelease: false
61
+ type: :development
62
+ - !ruby/object:Gem::Dependency
63
+ name: turn
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - '>='
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ none: false
70
+ requirement: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - '>='
73
+ - !ruby/object:Gem::Version
74
+ version: '0'
75
+ none: false
76
+ prerelease: false
77
+ type: :development
78
+ - !ruby/object:Gem::Dependency
79
+ name: dsl_eval
80
+ version_requirements: !ruby/object:Gem::Requirement
81
+ requirements:
82
+ - - '>='
83
+ - !ruby/object:Gem::Version
84
+ version: 0.0.2
85
+ none: false
86
+ requirement: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - '>='
89
+ - !ruby/object:Gem::Version
90
+ version: 0.0.2
91
+ none: false
92
+ prerelease: false
93
+ type: :runtime
94
+ - !ruby/object:Gem::Dependency
95
+ name: activesupport
96
+ version_requirements: !ruby/object:Gem::Requirement
97
+ requirements:
98
+ - - '>='
99
+ - !ruby/object:Gem::Version
100
+ version: 4.0.0
101
+ none: false
102
+ requirement: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - '>='
105
+ - !ruby/object:Gem::Version
106
+ version: 4.0.0
107
+ none: false
108
+ prerelease: false
109
+ type: :runtime
110
+ description: a small authorization library
111
+ email:
112
+ - paul.vonderscher@gmail.com
113
+ executables: []
114
+ extensions: []
115
+ extra_rdoc_files: []
116
+ files:
117
+ - lib/stasi.rb
118
+ - lib/stasi/authorization/law.rb
119
+ - lib/stasi/authorization/status.rb
120
+ - lib/stasi/authorization/watch.rb
121
+ - test/law_test.rb
122
+ - test/status_test.rb
123
+ - test/test_helper.rb
124
+ - test/watch_test.rb
125
+ - CHANGELOG.md
126
+ - Gemfile
127
+ - Gemfile.lock
128
+ - LICENSE.txt
129
+ - Rakefile
130
+ - README.md
131
+ - init.rb
132
+ homepage: ''
133
+ licenses:
134
+ - MIT
135
+ post_install_message:
136
+ rdoc_options: []
137
+ require_paths:
138
+ - lib
139
+ required_ruby_version: !ruby/object:Gem::Requirement
140
+ requirements:
141
+ - - '>='
142
+ - !ruby/object:Gem::Version
143
+ version: '0'
144
+ none: false
145
+ required_rubygems_version: !ruby/object:Gem::Requirement
146
+ requirements:
147
+ - - '>'
148
+ - !ruby/object:Gem::Version
149
+ version: 1.3.1
150
+ none: false
151
+ requirements: []
152
+ rubyforge_project:
153
+ rubygems_version: 1.8.24
154
+ signing_key:
155
+ specification_version: 3
156
+ summary: Schild und Schwert der Partei
157
+ test_files:
158
+ - test/law_test.rb
159
+ - test/status_test.rb
160
+ - test/test_helper.rb
161
+ - test/watch_test.rb