u-authorization 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1a8a0a045b9fdd6b4f30c7c6b376635b2665b2609450226a329a2f4ad93e8747
+  data.tar.gz: 3f52e3df4e835319ca288750b7cedc85cd83189d4ec91054f1559a9f30ceb1cd
+SHA512:
+  metadata.gz: a8a2e6243af66478cf723b9df7662eeeaa8c31bc53b487a90e7ba8b501c4546b55b1fcfec416bb917f7bf05a6fb1291216475fec952590c88ec11515a6cc7125
+  data.tar.gz: 104a3e02d545745efdfd0ed189725a04caaf2dd1c0c9a2abff44ef0cd8f1c11ad76e02f3886b6fa3f24c970616f24da187da3185794b495c5287d096c45baf03

data/authorization.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+
+module Authorization
+  VERSION = '1.0.0'
+
+  MapValuesAsDowncasedStrings = -> (values) do
+    Array(values).map { |value| String(value).downcase }
+  end
+
+  module CheckRolePermission
+    extend self
+
+    def call(context, role_permissions, required_features)
+      required_features
+        .all? { |feature| has_permission?(context, role_permissions[feature]) }
+    end
+
+    private
+
+    def has_permission?(context, role_permission)
+      return false if role_permission.nil?
+
+      if !(any = role_permission['any']).nil?
+        any
+      elsif only = role_permission['only']
+        check_feature_permission(only) { |perm| context.include?(perm) }
+      elsif except = role_permission['except']
+        check_feature_permission(except) { |perm| !context.include?(perm) }
+      else
+        raise NotImplementedError
+      end
+    end
+
+    def check_feature_permission(context_values)
+      MapValuesAsDowncasedStrings.(context_values).any? do |context_value|
+        Array(context_value.split('.')).all? { |permission| yield(permission) }
+      end
+    end
+  end
+
+  class Permissions
+    attr_reader :role, :context
+
+    def self.[](instance)
+      return instance if instance.is_a?(Permissions)
+
+      raise ArgumentError, "#{instance.inspect} must be a #{self.name}"
+    end
+
+    def initialize(role_permissions, context: [])
+      @role = role_permissions.dup.freeze
+      @context = MapValuesAsDowncasedStrings.(context).freeze
+
+      @cache = {}
+    end
+
+    def to?(features = nil)
+      required_features = MapValuesAsDowncasedStrings.(features)
+
+      cache_key = required_features.inspect
+
+      return @cache[cache_key] unless @cache[cache_key].nil?
+
+      @cache[cache_key] = CheckRolePermission.call(
+        @context, @role, required_features
+      )
+    end
+
+    def to_not?(features = nil)
+      !to?(features)
+    end
+  end
+
+  class Policy
+    def self.type(klass)
+      return klass if klass < self
+
+      raise ArgumentError, "policy must be a #{self.name}"
+    end
+
+    def initialize(user, subject = nil, permissions: nil)
+      @user = user
+      @subject = subject
+      @permissions = permissions
+    end
+
+    def method_missing(method, *args, **keyargs, &block)
+      return false if method =~ /\?\z/
+      super(method)
+    end
+
+    private
+
+    def user; @user; end
+    def subject; @subject; end
+    def permissions; @permissions; end
+  end
+
+  class Model
+    attr_reader :user, :permissions
+
+    def self.build(user, role, context: [], policies: {})
+      permissions = Permissions.new(role, context: context)
+
+      self.new(user, permissions: permissions, policies: policies)
+    end
+
+    def initialize(user, permissions:, policies: {})
+      @user = user
+      @policies = {}
+      @policies_cache = {}
+      @permissions = Permissions[permissions]
+
+      add_policies(policies)
+    end
+
+    def map(context: nil, policies: nil)
+      if context.nil? && policies.nil?
+        raise ArgumentError, 'context or policies keywords args must be defined'
+      end
+
+      new_permissions =
+        Permissions.new(permissions.role, context: context || @context)
+
+      self.class.new(
+        user, permissions: new_permissions, policies: policies || @policies
+      )
+    end
+
+    def add_policy(key, policy_klass)
+      raise ArgumentError, 'key must be a Symbol' unless key.is_a?(Symbol)
+
+      @policies[key] ||= Policy.type(policy_klass)
+
+      self
+    end
+
+    def add_policies(new_policies)
+      unless new_policies.is_a?(Hash)
+        raise ArgumentError, "policies must be a Hash (key => #{Policy.name})"
+      end
+
+      new_policies.each &method(:add_policy)
+
+      self
+    end
+
+    def to(policy_key, subject: nil)
+      policy_klass = @policies.fetch(policy_key, Policy)
+
+      return policy_klass.new(user, subject, permissions: permissions) if subject
+
+      return @policies_cache[policy_key] if @policies_cache[policy_key]
+
+      policy_klass.new(user, permissions: permissions).tap do |instance|
+        @policies_cache[policy_key] = instance if policy_klass != Policy
+      end
+    end
+
+    def policy(key = :default, subject: nil)
+      to(key, subject: subject)
+    end
+  end
+end

data/u-authorization.rb

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+require 'authorization'

metadata

@@ -0,0 +1,45 @@
+--- !ruby/object:Gem::Specification
+name: u-authorization
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Rodrigo Serradura
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-10-18 00:00:00.000000000 Z
+dependencies: []
+description: Simple authorization library and role managment for Ruby.
+email: rodrigo.serradura@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- authorization.rb
+- u-authorization.rb
+homepage: https://gist.github.com/serradura/7d51b979b90609d8601d0f416a9aa373
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- "."
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.2.2
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.7
+signing_key: 
+specification_version: 4
+summary: Authorization library and role managment
+test_files: []