thelazyfox-role-authz 0.0.1

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Jorge Villatoro
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,4 @@
+role-authz
+==========
+
+A plugin for the Merb framework that provides ...

data/Rakefile

@@ -0,0 +1,51 @@
+require 'rubygems'
+require 'rake/gempackagetask'
+
+require 'merb-core'
+require 'merb-core/tasks/merb'
+
+GEM_NAME = "role-authz"
+GEM_VERSION = "0.0.1"
+AUTHOR = "Jorge Villatoro"
+EMAIL = "programmerjorge@gmail.com"
+HOMEPAGE = ""
+SUMMARY = "Merb plugin that provides a very simple role-based authorization system"
+
+spec = Gem::Specification.new do |s|
+  s.rubyforge_project = 'merb'
+  s.name = GEM_NAME
+  s.version = GEM_VERSION
+  s.platform = Gem::Platform::RUBY
+  s.has_rdoc = true
+  s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
+  s.summary = SUMMARY
+  s.description = s.summary
+  s.author = AUTHOR
+  s.email = EMAIL
+  s.homepage = HOMEPAGE
+  s.add_dependency('merb', '>= 1.0.9')
+  s.require_path = 'lib'
+  s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,spec}/**/*")
+  
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.gem_spec = spec
+end
+
+desc "install the plugin as a gem"
+task :install do
+  Merb::RakeHelper.install(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Uninstall the gem"
+task :uninstall do
+  Merb::RakeHelper.uninstall(GEM_NAME, :version => GEM_VERSION)
+end
+
+desc "Create a gemspec file"
+task :gemspec do
+  File.open("#{GEM_NAME}.gemspec", "w") do |file|
+    file.puts spec.to_ruby
+  end
+end

data/TODO

@@ -0,0 +1,5 @@
+TODO:
+Fix LICENSE with your name
+Fix Rakefile with your name and contact info
+Add your code to lib/role-authz.rb
+Add your Merb rake tasks to lib/role-authz/merbtasks.rb

data/lib/role-authz.rb

@@ -0,0 +1,17 @@
+# make sure we're running inside Merb
+if defined?(Merb::Plugins)
+
+  require 'merb-auth-core'
+  path = File.dirname(__FILE__)
+  Dir[path / "role-authz" / "authorization" / "**/*.rb"].each do |f|
+    require f
+  end
+  
+  Merb::BootLoader.before_app_loads do
+    # require code that must be loaded before the application
+  end
+  
+  Merb::BootLoader.after_app_loads do
+    # code that can be required after the application loads
+  end
+end

data/lib/role-authz/authorization/authorization.rb

@@ -0,0 +1,17 @@
+module Authorization
+  @roles = {}
+  
+  def self.roles_for(operator, target)
+    list = []
+    @roles.each do |name, proc|
+      if proc.call(operator, target)
+        list += [name]
+      end
+    end
+    list
+  end
+  
+  def self.add_role(name, &block)
+    @roles[name] = block
+  end
+end

data/lib/role-authz/authorization/controller_helper.rb

@@ -0,0 +1,34 @@
+module Authorization
+  class OpenForRoleStatement < Exception; end
+  class NoCurrentForRoleStatement < Exception; end
+  
+  class ControllerHelper
+    def initialize
+      @working_roles = []
+      @permissions_list = {}
+    end
+  
+    def for_roles(*the_roles)
+      raise OpenForRoleStatement unless @working_roles.empty?
+      @working_roles += the_roles
+      self
+    end
+    alias_method :for_role, :for_roles
+    
+    def allow(*the_actions)
+      raise NoCurrentForRoleStatement unless !@working_roles.empty?
+      @working_roles.each do |current_role|
+        if !@permissions_list.include?(current_role)
+          @permissions_list[current_role] = []
+        end
+        @permissions_list[current_role] += the_actions
+      end
+      @working_roles.clear
+      self
+    end
+    
+    def actions_for(role)
+      @permissions_list[role] || []
+    end
+  end
+end

data/lib/role-authz/authorization/controller_mixin.rb

@@ -0,0 +1,41 @@
+class Merb::Controller
+  class Unauthorized < Merb::Controller::Forbidden; end
+  class_inheritable_accessor :_authorization
+  class_inheritable_accessor :_authorization_target
+  
+  def self.role(name, &block)
+    Authorization.add_role(name, &block)
+  end
+  
+  def self.authorize(klass, &block)
+    klass._authorization_proxy = self
+    self._authorization_target = klass
+    self._authorization ||= Authorization::ControllerHelper.new
+    self._authorization.instance_eval(&block) if block_given?
+    before :ensure_authorized
+    self._authorization
+  end
+  
+  def authorization_target
+    if _authorization_target.respond_to?(:get)
+      _authorization_target.get(params[:id])
+    else
+      nil
+    end
+  end
+  
+  def ensure_authorized
+    operator = nil
+    operator = session.user if session.authenticated?
+    roles = Authorization.roles_for(operator, authorization_target)
+    roles.each do |role|
+      actions = self.class._authorization.actions_for(role)
+      return true if actions.include?(params[:action].to_sym) || actions.include?(:all)
+    end
+    if session.authenticated?
+      raise Unauthorized
+    else
+      raise Unauthenticated
+    end
+  end
+end

data/lib/role-authz/authorization/object_mixin.rb

@@ -0,0 +1,8 @@
+class Object
+  class_inheritable_accessor :_authorization_proxy
+  
+  def self.authorizable!
+    include Authorization::OperatorMixin
+  end
+
+end

data/lib/role-authz/authorization/operator_mixin.rb

@@ -0,0 +1,18 @@
+module Authorization::OperatorMixin
+
+  def authorized?(args = {})
+    @roles ||= Authorization.roles_for(self, args[:target])
+    if args[:action].nil?
+      @roles.include?(args[:role])
+    else
+      target = args[:target]._authorization_proxy unless args[:target]._authorization_proxy.nil?
+      
+      @roles.each do |role|
+        actions = target._authorization.actions_for(role)
+        return true if actions.include?(args[:action]) || actions.include?(:all)
+      end
+      false
+    end
+  end
+  
+end

data/spec/role-authz_spec.rb

@@ -0,0 +1,7 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe "role-authz" do
+  it "should do nothing" do
+    true.should == true
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+$:.push File.join(File.dirname(__FILE__), '..', 'lib')

metadata

@@ -0,0 +1,77 @@
+--- !ruby/object:Gem::Specification 
+name: thelazyfox-role-authz
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Jorge Villatoro
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-02-18 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: merb
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: 1.0.9
+    version: 
+description: Merb plugin that provides a very simple role-based authorization system
+email: programmerjorge@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README
+- LICENSE
+- TODO
+files: 
+- LICENSE
+- README
+- Rakefile
+- TODO
+- lib/role-authz
+- lib/role-authz/authorization
+- lib/role-authz/authorization/authorization.rb
+- lib/role-authz/authorization/controller_helper.rb
+- lib/role-authz/authorization/controller_mixin.rb
+- lib/role-authz/authorization/object_mixin.rb
+- lib/role-authz/authorization/operator_mixin.rb
+- lib/role-authz.rb
+- spec/role-authz_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: ""
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: merb
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 2
+summary: Merb plugin that provides a very simple role-based authorization system
+test_files: []
+