three 1.0.0 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 67be0ba30ea3e93a427626a755b1b7d68c91237f
-  data.tar.gz: c596b7c49d054654ca1fca1601b4de14d7b791b9
+  metadata.gz: db0908414cedec93c7f8f5cae166fad7b1b1ef9b
+  data.tar.gz: 7cd6687d38c7ccc4d9ffef7daaf1d719f7b26aed
 SHA512:
-  metadata.gz: 13ec53cbf10eb8da40fbd537951a4978989bed0e899bc27f83a8d5f5efccecac9236b515e2442be805d1cb2da8b9ceb3100f9dc050457d2e0a24be3255619969
-  data.tar.gz: c2432f75e309ca8fc2a1095e24da1667458d7e083107eff9635b9eadb55e4f4b7bc605db2fc2ca9845b9b0155eac7d9bf5f4107e9e607ce21abfc490d8efab09
+  metadata.gz: aa8cbc2fc7e2289a322eadefa7dca02afe0e2cf8d16edeef25087693d0f7e6ea0a793b6ea1d4085d6ac24c08b21010525a357dcacdc532d1cdca3067f50888bf
+  data.tar.gz: 3a55795d388bf63dedb2403708a07dcc60ca1d0b4b16f1b4846fb80425b51ae0e59bee59d4797614571b29d8bf5f34d6e101cdc7a3db560361a4a65e1dcee1d1

data/.gitignore

@@ -0,0 +1,2 @@
+.rvmrc
+.Gemfile.lock

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -0,0 +1,5 @@
+rvm:
+  - "1.9.3"
+  - "2.0.0"
+  - "2.1.0"
+  - jruby-19mode

data/Gemfile

@@ -0,0 +1,3 @@
+source "http://rubygems.org"
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,20 @@
+PATH
+  remote: .
+  specs:
+    three (1.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    metaclass (0.0.4)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    rake (10.3.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  mocha
+  rake
+  three!

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2014 Darren Cauthon
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/ORIGINAL_LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2011 Dmitriy Zaporozhets
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,153 @@
+## Three - an even smaller, tinier simple authorization gem for ruby
+
+[![Build Status](https://travis-ci.org/darrencauthon/three.png)](https://travis-ci.org/darrencauthon/three)
+[![Code Climate](https://codeclimate.com/github/darrencauthon/three.png)](https://codeclimate.com/github/darrencauthon/three)
+
+This gem started as a minor fork of [six](https://github.com/randx/six), a neat, tiny authorization gem.  I used six and liked it, but as small was it was I found that I needed maybe half of its code and features. So here is *three*.
+
+**three** is a small authentication library, focused on only a few needs:
+
+1. Provide an open/closed method of constructing rules,
+2. Provide a way to remove permissions, and
+3. Do it as simply as possible.
+
+### Installation
+
+```ruby
+  gem install three
+```
+
+### Usage
+
+Here's the simplest working example... a set of rules that apply for all
+
+```ruby
+# make an object with an "allowed" method that returns an array of permissions
+module Rules
+  def self.allowed _, _
+    [:edit, :delete]
+  end
+end
+
+# create an evaluator that can be used to evaluate rules
+evaluator = Three.evaluator_for Rules
+
+# use the evaluator to determine what's allowed or not
+
+evaluator.allowed? nil, :edit   # true
+evaluator.allowed? nil, :close  # false
+evaluator.allowed? nil, :delete # true
+```
+
+Unfortunately, that's not a very realistic example. We'll almost always want to evaluate the rules based on some sort of subject:
+
+```ruby
+module AdminRules
+  def self.allowed user, _
+    return [] unless user.admin?
+    [:edit, :delete]
+  end
+end
+
+evaluator = Three.evaluator_for AdminRules
+
+admin_user   = User.new(admin: true)
+not_an_admin = User.new(admin: false)
+
+evaluator.allowed? admin_user, :edit        # true
+evaluator.allowed? not_an_admin_user, :edit # false
+```
+
+See?  The array of permissions returned by the "allowed" method are used to determine if a user can do something.
+
+The rules can be compounded, like so:
+
+
+```ruby
+module AdminRules
+  def self.allowed user, _
+    return [] unless user.admin?
+    [:edit, :delete]
+  end
+end
+
+module UserRules
+  def self.allowed user, _
+    return [] if user.admin?
+    [:view_my_account]
+  end
+end
+
+evaluator = Three.evaluator_for(AdminRules, UserRules)
+
+admin_user   = User.new(admin: true)
+not_an_admin = User.new(admin: false)
+
+evaluator.allowed? admin_user, :edit        # true
+evaluator.allowed? not_an_admin_user, :edit # false
+
+evaluator.allowed? admin_user, :view_my_account        # false
+evaluator.allowed? not_an_admin_user, :view_my_account # true
+```
+
+But what about that trailing "_" variable?  That's used as an optional target, which you can use to return permissions based on the relationship between the two arguments:
+
+```ruby
+module MovieRules
+  def self.allowed user, movie
+    if user.is_a_minor? and movie.is_rated_r
+      []
+    else
+      [:can_buy_the_ticket]
+    end
+  end
+end
+
+evaluator = Three.evaluator_for MovieRules
+
+minor       = User.new(minor: true)
+not_a_minor = User.new(minor: false)
+
+scary_movie = Movie.new(rating: 'R')
+kids_movie  = Movie.new(rating: 'PG')
+
+evaluator.allowed? minor, :can_buy_the_ticket, scary_movie        # false
+evaluator.allowed? not_a_minor, :can_buy_the_ticket, scary_movie  # true
+
+evaluator.allowed? minor, :can_buy_the_ticket, kids_movie        # true
+evaluator.allowed? not_a_minor, :can_buy_the_ticket, kids_movie  # true
+```
+
+Only one more special thing... what if we want to right a rule that prevents something?
+
+```ruby
+module DefaultLibraryRules
+  def self.allowed user, book
+    [:reserve_the_book]
+  end
+end
+
+module FinesOwedRules
+  def self.prevented user, _
+    if user.owes_fines?
+      [:reserve_the_book]
+    else
+      []
+    end
+  end
+end
+
+evaluator = Three.evaluator_for(DefaultLibraryRules, FinesOwedRules)
+
+deadbeat            = User.new(fines: 3.0)
+responsible_citizen = User.new(fines: 0)
+
+evaluator.allowed? deadbeat, :reserve_the_book             # false
+evaluator.allowed? responsible_citizen, :reserve_the_book  # true
+
+```
+
+The "prevented" method works just like "allowed," except that it will remove the permission from any other rule's "allowed" method.
+
+The "prevented" method is the only only feature added with six. 
+

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+task :default => [:test]
+
+Rake::TestTask.new do |t|
+  t.libs.push "lib"
+  t.test_files = FileList['spec/three/*_spec.rb', 'spec/*_spec.rb']
+  t.verbose = true
+end

data/lib/three/evaluator.rb

@@ -0,0 +1,71 @@
+module Three
+
+  class Evaluator
+
+    def initialize(rules)
+      @rules = a_single_array_was_provided?(rules) ? rules[0] : rules
+    end
+
+    def allowed? subject, permissions_to_check, target = nil
+      permissions = convert_to_an_array_if_its_not permissions_to_check
+      these_permissions_are_allowed_for? permissions, subject, target
+    end
+
+    private
+
+    def rules
+      @rules
+    end
+
+    def convert_to_an_array_if_its_not potential_array
+      this_is_an_array?(potential_array) ? potential_array : [potential_array]
+    end
+
+    def these_permissions_are_allowed_for? permissions, subject, target
+      permissions.all? { |p| permission_included_between? p, subject, target }
+    end
+
+    def a_single_array_was_provided? rules
+      rules.count == 1 && this_is_an_array?(rules[0])
+    end
+
+    def this_is_an_array? thing
+      thing.respond_to? :each
+    end
+
+    def permission_included_between? permission_to_check, subject, target
+      allowed_permissions_for(subject, target).include? permission_to_check.to_s
+    end
+
+    def allowed_permissions_for subject, target
+      all_permissions       = all_permissions_for subject, target
+      permissions_to_reject = permissions_to_reject_for subject, target
+
+      all_permissions - permissions_to_reject
+    end
+
+    def all_permissions_for subject, target
+      permissions = rules.map { |r| execute_rule r, :allowed, subject, target }
+      flatten_permissions permissions
+    end
+
+    def permissions_to_reject_for subject, target
+      permissions = rules.map { |r| execute_rule r, :prevented, subject, target }
+      flatten_permissions permissions
+    end
+
+    def execute_rule rule, method, subject, target
+      begin
+        rule.send(method, subject, target)
+      rescue
+        []
+      end
+    end
+
+    def flatten_permissions permissions
+      permissions.flatten.map { |a| a.to_s }
+    end
+
+  end
+
+end

data/lib/three/version.rb

@@ -0,0 +1,3 @@
+module Three
+  VERSION = "1.0.1"
+end

data/spec/spec_helper.rb

@@ -0,0 +1,4 @@
+require_relative '../lib/three.rb'
+require 'minitest/autorun'
+require 'minitest/spec'
+require 'mocha/setup'

data/spec/three_spec.rb

@@ -0,0 +1,237 @@
+require_relative 'spec_helper'
+
+describe Three do
+
+  describe "allowed?" do
+
+    describe "there are no rules" do
+
+      let(:abilities) { Three::Evaluator.new([]) }
+
+      it "should return false" do
+        abilities.allowed?(nil, :does_not_matter).must_equal false
+        abilities.allowed?(Object.new, :something_else).must_equal false
+      end
+
+    end
+
+    [:one, :two].each do |permission|
+
+      describe "one rule that returns one permission" do
+
+        let(:abilities) { Three.evaluator_for([rule]) }
+
+        let(:subject) { Object.new }
+
+        let(:rule) do
+          o = Object.new
+          o.stubs(:allowed).with(subject, nil).returns [permission]
+          o
+        end
+
+        it "should return true for the allowed permission" do
+          abilities.allowed?(subject, permission).must_equal true
+        end
+
+        it "should return false for other permissions" do
+          abilities.allowed?(subject, :something_else).must_equal false
+          abilities.allowed?(subject, :another_thing).must_equal false
+        end
+
+        describe "with a target" do
+
+          let(:target) { Object.new }
+
+          before do
+            rule.stubs(:allowed).with(subject, target).returns [permission]
+          end
+
+          it "should return true for the allowed permission" do
+            abilities.allowed?(subject, permission).must_equal true
+          end
+
+          it "should return true if asked for the permission in an array" do
+            abilities.allowed?(subject, [permission]).must_equal true
+          end
+
+          it "should return false for other permissions" do
+            abilities.allowed?(subject, :something).must_equal false
+            abilities.allowed?(subject, :another).must_equal false
+          end
+
+        end
+
+      end
+
+    end
+
+    describe "one rule that returns two permissions" do
+
+      let(:abilities) { Three.evaluator_for([rule]) }
+
+      let(:subject) { Object.new }
+
+      let(:rule) do
+        o = Object.new
+        o.stubs(:allowed).with(subject, nil).returns [:orange, :banana]
+        o
+      end
+
+      it "should return true if asked for either, alone" do
+        abilities.allowed?(subject, :orange).must_equal true
+        abilities.allowed?(subject, :banana).must_equal true
+      end
+
+      it "should return true if asked for both at the same time" do
+        abilities.allowed?(subject, [:orange, :banana]).must_equal true
+      end
+
+      it "should return true if asked for one and another that does not match" do
+        abilities.allowed?(subject, [:orange, :apple]).must_equal false
+        abilities.allowed?(subject, [:pear, :banana]).must_equal false
+      end
+
+      it "should return false for other permissions" do
+        abilities.allowed?(subject, :apple).must_equal false
+        abilities.allowed?(subject, :pear).must_equal false
+      end
+
+    end
+
+    describe "two rules that return one permission each" do
+
+      let(:abilities) { Three.evaluator_for([rule1, rule2]) }
+
+      let(:subject) { Object.new }
+
+      let(:rule1) do
+        o = Object.new
+        o.stubs(:allowed).with(subject, nil).returns [:orange]
+        o
+      end
+
+      let(:rule2) do
+        o = Object.new
+        o.stubs(:allowed).with(subject, nil).returns [:banana]
+        o
+      end
+
+      it "should return true if asked for either, alone" do
+        abilities.allowed?(subject, :orange).must_equal true
+        abilities.allowed?(subject, :banana).must_equal true
+      end
+
+      it "should return true if asked for both at the same time" do
+        abilities.allowed?(subject, [:orange, :banana]).must_equal true
+      end
+
+      it "should return true if asked for one and another that does not match" do
+        abilities.allowed?(subject, [:orange, :apple]).must_equal false
+        abilities.allowed?(subject, [:pear, :banana]).must_equal false
+      end
+
+      it "should return false for other permissions" do
+        abilities.allowed?(subject, :apple).must_equal false
+        abilities.allowed?(subject, :pear).must_equal false
+      end
+
+    end
+
+    describe "rejecting permissions" do
+
+      let(:abilities) { Three.evaluator_for([rule1, rule2]) }
+
+      let(:subject) { Object.new }
+
+      let(:rule1) do
+        o = Object.new
+        o.stubs(:allowed).with(subject, nil).returns [:orange, :banana]
+        o.stubs(:prevented).with(subject, nil).returns [:apple]
+        o
+      end
+
+      let(:rule2) do
+        o = Object.new
+        o.stubs(:allowed).with(subject, nil).returns [:apple, :pear]
+        o.stubs(:prevented).with(subject, nil).returns [:banana]
+        o
+      end
+
+      it "should return false for the permissions that are prevented" do
+        abilities.allowed?(subject, :banana).must_equal false
+        abilities.allowed?(subject, :apple).must_equal false
+      end
+
+      it "should return true for the permissions that are not prevented" do
+        abilities.allowed?(subject, :pear).must_equal true
+        abilities.allowed?(subject, :orange).must_equal true
+      end
+
+      describe "with a target" do
+
+        let(:target) { Object.new }
+
+        before do
+          rule1.stubs(:allowed).with(subject, target).returns [:orange, :banana]
+          rule1.stubs(:prevented).with(subject, target).returns [:apple]
+
+          rule2.stubs(:allowed).with(subject, target).returns [:apple, :pear]
+          rule2.stubs(:prevented).with(subject, target).returns [:banana]
+        end
+
+        it "should return false for the permissions that are prevented" do
+          abilities.allowed?(subject, :banana, target).must_equal false
+          abilities.allowed?(subject, :apple, target).must_equal false
+        end
+
+        it "should return true for the permissions that are not prevented" do
+          abilities.allowed?(subject, :pear, target).must_equal true
+          abilities.allowed?(subject, :orange, target).must_equal true
+        end
+      end
+
+    end
+
+    describe "alternate constructor" do
+
+      let(:abilities) { Three.evaluator_for(rule1, rule2) }
+
+      let(:subject) { Object.new }
+
+      let(:rule1) do
+        o = Object.new
+        o.stubs(:allowed).with(subject, nil).returns [:orange, :banana]
+        o.stubs(:prevented).with(subject, nil).returns [:apple]
+        o
+      end
+
+      let(:rule2) do
+        o = Object.new
+        o.stubs(:allowed).with(subject, nil).returns [:apple, :pear]
+        o.stubs(:prevented).with(subject, nil).returns [:banana]
+        o
+      end
+
+      it "should return false for the permissions that are prevented" do
+        abilities.allowed?(subject, :banana).must_equal false
+        abilities.allowed?(subject, :apple).must_equal false
+      end
+
+      it "should return true for the permissions that are not prevented" do
+        abilities.allowed?(subject, :pear).must_equal true
+        abilities.allowed?(subject, :orange).must_equal true
+      end
+
+    end
+
+    describe "no rules provided" do
+      it "should return false for everything" do
+        abilities = Three::Evaluator.new([])
+        abilities.allowed?(Object.new, :anything).must_equal false
+        abilities.allowed?(Object.new, :anything, Object.new).must_equal false
+      end
+    end
+
+  end
+
+end

data/three.gemspec

@@ -0,0 +1,17 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/three/version', __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = 'three'
+  s.version     = Three::VERSION
+  s.date        = '2014-06-16'
+  s.summary     = "three"
+  s.description = "Even simpler authorization gem"
+  s.authors     = ["Darren Cauthon"]
+  s.email       = 'darren@cauthon.com'
+  s.files       = `git ls-files`.split($/)
+  s.homepage    = 'https://github.com/darrencauthon/three'
+
+  s.add_development_dependency 'mocha'
+  s.add_development_dependency 'rake'
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: three
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Darren Cauthon
@@ -44,7 +44,21 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- ORIGINAL_LICENSE
+- README.markdown
+- Rakefile
 - lib/three.rb
+- lib/three/evaluator.rb
+- lib/three/version.rb
+- spec/spec_helper.rb
+- spec/three_spec.rb
+- three.gemspec
 homepage: https://github.com/darrencauthon/three
 licenses: []
 metadata: {}
@@ -64,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.0.14
 signing_key: 
 specification_version: 4
 summary: three