u-authorization 1.4.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2d0d221c7afbf5307e6de989945f359e72432ecdff115f4da85a6d51df147f5
-  data.tar.gz: 595029aef79e60b483373a3b7ad4eef586bc90944bc8533a1640575bccbe42c7
+  metadata.gz: 49ee3c29a92d117c33706e12939a2ced02597514586ae7cf06fe73622d15897f
+  data.tar.gz: b1991fa714603aa32a6288447796460287adcd6220a8485d6e82d6040c4e48cf
 SHA512:
-  metadata.gz: b8c8d6e819e296f085c045af9c476941c9d3b2faf9269eb7ee7394321908257a1586b267c75dccb6a4b8d75c112ec35b31c3af26722c48dec2a6e99f77e74f05
-  data.tar.gz: ef58ac9c0ff6b4aa1ed2ccf75fb67af13b9891e886f33a65a44bd64715ccbd49586adf2f9e12553fb17ec70374af5433aef69dccbcea1788a405a9c8ff41b080
+  metadata.gz: d480100a329ab41e4707cb124f46d85af1750fc35ee08e615b1cc488714cb8e817394b8b91acf6c965710faf7235a90c13827cf7369c920e974e39d77ad6446b
+  data.tar.gz: d427583d3e8c633138e018d2f2d5c339a615976622a6b224d1e0e370634cc09f08bc5ceb158caff480b9fabaa588aed85340282c58a44ca8bf509d857e181860

data/.gitignore

@@ -0,0 +1,8 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+gem 'simplecov', require: false, group: :test
+
+gem 'minitest', '~> 5.11', '>= 5.11.3'
+
+# Specify your gem's dependencies in u-authorization.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,29 @@
+PATH
+  remote: .
+  specs:
+    u-authorization (1.4.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    docile (1.3.2)
+    json (2.2.0)
+    minitest (5.11.3)
+    rake (10.5.0)
+    simplecov (0.17.0)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  minitest (~> 5.11, >= 5.11.3)
+  rake (~> 10.0)
+  simplecov
+  u-authorization!
+
+BUNDLED WITH
+   1.17.2

data/README.md

@@ -0,0 +1,94 @@
+# µ-authorization
+
+Simple authorization library and role managment for Ruby.
+
+## Prerequisites
+
+> Ruby >= 2.2.0
+
+## Installation
+
+Add this line to your application's Gemfile:
+```
+gem 'u-authorization'
+```
+
+And then execute:
+```
+$ bundle
+```
+
+Or install it yourself as:
+```
+$ gem install u-authorization
+```
+
+## Usage
+
+```ruby
+  require 'ostruct'
+  require 'authorization'
+
+  role = OpenStruct.new(
+    name: 'user',
+    permissions: {
+      'visit' => { 'except' => ['billings'] },
+      'edit_users' => false, # Same as: 'edit_users' => { 'any' => false },
+      'export_as_csv' => { 'except' => ['sales'] }
+    }
+  )
+
+  user = OpenStruct.new(id: 1, role: role)
+
+  class SalesPolicy < Micro::Authorization::Policy
+    def edit?(record)
+      user.id == record.user_id
+    end
+  end
+
+  authorization = Micro::Authorization::Model.build(
+    permissions: user.role.permissions,
+    policies: { default: :sales, sales: SalesPolicy }
+    context: {
+      user: user,
+      permissions: ['dashboard', 'controllers', 'sales', 'index']
+    }
+  )
+
+  # Verifying the permissions for the given context
+  authorization.permissions.to?('visit')         #=> true
+  authorization.permissions.to?('export_as_csv') #=> false
+
+  # Verifying permission for a given feature in different contexts
+  has_permission_to = authorization.permissions.to('export_as_csv')
+  has_permission_to.context?('billings') #=> true
+  has_permission_to.context?('sales')    #=> false
+
+  charge = OpenStruct.new(id: 2, user_id: user.id)
+
+  # The #to() method fetch and build a policy.
+  authorization.to(:sales).edit?(charge)   #=> true
+
+  # :default is the only permitted key to receive
+  # another symbol as value (a policy reference).
+  authorization.to(:default).edit?(charge) #=> true
+
+  # #policy() method has a similar behavior of #to(),
+  # but if there is a policy named as ":default", it will be fetched and instantiated by default.
+  authorization.policy.edit?(charge)         #=> true
+  authorization.policy(:sales).edit?(charge) #=> true
+
+
+  # Cloning the authorization changing only its context.
+  new_authorization = authorization.map(context: [
+    'dashboard', 'controllers', 'billings', 'index'
+  ])
+
+  new_authorization.permissions.to?('visit') #=> false
+
+  authorization == new_authorization #=> false
+```
+
+## Original implementation
+
+https://gist.github.com/serradura/7d51b979b90609d8601d0f416a9aa373

data/Rakefile

@@ -0,0 +1,10 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.libs << 'lib'
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :test

data/lib/micro/authorization/model.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module Micro
+  module Authorization
+    class Model
+      attr_reader :context, :permissions
+
+      def self.build(permissions:, context:, policies: {})
+        permissions_model =
+          Permissions.new(permissions, context: context.delete(:permissions))
+
+        self.new(context, permissions: permissions_model, policies: policies)
+      end
+
+      def initialize(context, permissions:, policies: {})
+        @context = context
+        @policies = {}
+        @policies_cache = {}
+        @permissions = Permissions[permissions]
+
+        add_policies(policies)
+      end
+
+      def map(context: nil, policies: nil)
+        if context.nil? && policies.nil?
+          raise ArgumentError, 'context or policies keywords args must be defined'
+        end
+
+        permissions_context = context || permissions.context
+
+        new_permissions =
+          Permissions.new(permissions.role, context: permissions_context)
+
+        self.class.new(context, permissions: new_permissions,
+                                policies: policies || @policies)
+      end
+
+      def add_policy(key, policy_klass)
+        raise ArgumentError, 'key must be a Symbol' unless key.is_a?(Symbol)
+
+        default_ref = key == :default && policy_klass.is_a?(Symbol)
+
+        @policies[key] ||= default_ref ? policy_klass : Policy.type(policy_klass)
+
+        self
+      end
+
+      def add_policies(new_policies)
+        unless new_policies.is_a?(Hash)
+          raise ArgumentError, "policies must be a Hash (key => #{Policy.name})"
+        end
+
+        new_policies.each(&method(:add_policy))
+
+        self
+      end
+
+      def to(policy_key, subject: nil)
+        policy_klass = fetch_policy(policy_key)
+
+        return policy_klass.new(context, subject, permissions: permissions) if subject
+
+        return @policies_cache[policy_key] if @policies_cache[policy_key]
+
+        policy_klass.new(context, permissions: permissions).tap do |instance|
+          @policies_cache[policy_key] = instance if policy_klass != Policy
+        end
+      end
+
+      def policy(key = :default, subject: nil)
+        to(key, subject: subject)
+      end
+
+      private
+
+      def fetch_policy(policy_key)
+        data = @policies[policy_key]
+        value = data || @policies.fetch(:default, Policy)
+        value.is_a?(Symbol) ? fetch_policy(value) : value
+      end
+    end
+  end
+end

data/lib/micro/authorization/permissions/checker.rb

@@ -0,0 +1,53 @@
+module Micro
+  module Authorization
+    module Permissions
+      module CheckRole
+        extend self
+
+        def call(context, role_permissions, required_features)
+          required_features
+            .all? { |feature| has_permission?(context, role_permissions[feature]) }
+        end
+
+        private
+
+        def has_permission?(context, role_permission)
+          return false if role_permission.nil?
+
+          if role_permission == false || role_permission == true
+            role_permission
+          elsif !(any = role_permission['any']).nil?
+            any
+          elsif only = role_permission['only']
+            check_feature_permission(only, context)
+          elsif except = role_permission['except']
+            !check_feature_permission(except, context)
+          else
+            raise NotImplementedError
+          end
+        end
+
+        def check_feature_permission(context_values, context)
+          Utils.values_as_downcased_strings(context_values).any? do |context_value|
+            Array(context_value.split('.')).all? { |permission| context.include?(permission) }
+          end
+        end
+      end
+
+      private_constant :CheckRole
+
+      class Checker
+        attr_reader :required_features
+
+        def initialize(role, features)
+          @role = role
+          @required_features = Utils.values_as_downcased_strings(features)
+        end
+
+        def context?(context)
+          CheckRole.call(context, @role, @required_features)
+        end
+      end
+    end
+  end
+end

data/lib/micro/authorization/permissions/model.rb

@@ -0,0 +1,33 @@
+module Micro
+  module Authorization
+    module Permissions
+      class Model
+        attr_reader :role, :context
+
+        def initialize(role_permissions, context:)
+          @role = role_permissions.dup.freeze
+          @cache = {}
+          @context = Utils.values_as_downcased_strings(context).freeze
+        end
+
+        def to(features)
+          Permissions::Checker.new(@role, features)
+        end
+
+        def to?(features = nil)
+          has_permission_to = to(features)
+
+          cache_key = has_permission_to.required_features.inspect
+
+          return @cache[cache_key] unless @cache[cache_key].nil?
+
+          @cache[cache_key] = has_permission_to.context?(@context)
+        end
+
+        def to_not?(features = nil)
+          !to?(features)
+        end
+      end
+    end
+  end
+end

data/lib/micro/authorization/permissions.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'micro/authorization/permissions/checker'
+require 'micro/authorization/permissions/model'
+
+module Micro
+  module Authorization
+    module Permissions
+      def self.[](instance)
+        return instance if instance.is_a?(Permissions::Model)
+
+        raise ArgumentError, "#{instance.inspect} must be a #{self.name}"
+      end
+
+      def self.new(role_permissions, context: [])
+        Permissions::Model.new(role_permissions, context: context)
+      end
+    end
+  end
+end

data/lib/micro/authorization/policy.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module Micro
+  module Authorization
+    class Policy
+      def self.type(klass)
+        return klass if klass < self
+
+        raise ArgumentError, "policy must be a #{self.name}"
+      end
+
+      def initialize(context, subject = nil, permissions: nil)
+        @context = context
+        @subject = subject
+        @permissions = permissions
+      end
+
+      def method_missing(method, *args, **keyargs, &block)
+        return false if method =~ /\?\z/
+        super(method)
+      end
+
+      private
+
+      def permissions; @permissions; end
+      def context; @context; end
+      def subject; @subject; end
+      def user
+        @user ||=
+          context.is_a?(Hash) ? context[:user] || context[:current_user] : context
+      end
+      alias_method :current_user, :user
+    end
+  end
+end

data/lib/micro/authorization/utils.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Micro
+  module Authorization
+    module Utils
+      def self.values_as_downcased_strings(values)
+        Array(values).map { |value| String(value).downcase }
+      end
+    end
+  end
+end

data/lib/micro/authorization/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Micro
+  module Authorization
+    VERSION = '2.0.0'
+  end
+end

data/lib/micro/authorization.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'micro/authorization/version'
+require 'micro/authorization/utils'
+require 'micro/authorization/permissions'
+require 'micro/authorization/policy'
+require 'micro/authorization/model'

data/{u-authorization.rb → lib/u-authorization.rb}

@@ -1,3 +1,3 @@
 # frozen_string_literal: true
 
-require 'authorization'
+require 'micro/authorization'

data/u-authorization.gemspec

@@ -0,0 +1,27 @@
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'micro/authorization/version'
+
+Gem::Specification.new do |spec|
+  spec.name         = 'u-authorization'
+  spec.version      = Micro::Authorization::VERSION
+  spec.authors      = ['Rodrigo Serradura']
+  spec.email        = ['rodrigo.serradura@gmail.com']
+
+  spec.summary      = 'Authorization library and role managment'
+  spec.description  = 'Simple authorization library and role managment for Ruby.'
+  spec.homepage     = 'https://github.com/serradura/u-authorization'
+  spec.license      = 'MIT'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.required_ruby_version = '>= 2.2.0'
+  spec.add_development_dependency 'rake', '~> 10.0'
+end

metadata

@@ -1,44 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: u-authorization
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Rodrigo Serradura
 autorequire: 
-bindir: bin
+bindir: exe
 cert_chain: []
-date: 2018-12-07 00:00:00.000000000 Z
-dependencies: []
+date: 2019-07-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
 description: Simple authorization library and role managment for Ruby.
-email: rodrigo.serradura@gmail.com
+email:
+- rodrigo.serradura@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- authorization.rb
-- u-authorization.rb
-homepage: https://gist.github.com/serradura/7d51b979b90609d8601d0f416a9aa373
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/micro/authorization.rb
+- lib/micro/authorization/model.rb
+- lib/micro/authorization/permissions.rb
+- lib/micro/authorization/permissions/checker.rb
+- lib/micro/authorization/permissions/model.rb
+- lib/micro/authorization/policy.rb
+- lib/micro/authorization/utils.rb
+- lib/micro/authorization/version.rb
+- lib/u-authorization.rb
+- u-authorization.gemspec
+homepage: https://github.com/serradura/u-authorization
 licenses:
 - MIT
 metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
-- "."
+- lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.2
+      version: 2.2.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
 summary: Authorization library and role managment

data/authorization.rb

@@ -1,195 +0,0 @@
-# frozen_string_literal: true
-
-module Authorization
-  VERSION = '1.4.0'
-
-  MapValuesAsDowncasedStrings = -> (values) do
-    Array(values).map { |value| String(value).downcase }
-  end
-
-  module CheckRolePermission
-    extend self
-
-    def call(context, role_permissions, required_features)
-      required_features
-        .all? { |feature| has_permission?(context, role_permissions[feature]) }
-    end
-
-    private
-
-    def has_permission?(context, role_permission)
-      return false if role_permission.nil?
-
-      if role_permission == false || role_permission == true
-        role_permission
-      elsif !(any = role_permission['any']).nil?
-        any
-      elsif only = role_permission['only']
-        check_feature_permission(only, context)
-      elsif except = role_permission['except']
-        !check_feature_permission(except, context)
-      else
-        raise NotImplementedError
-      end
-    end
-
-    def check_feature_permission(context_values, context)
-      MapValuesAsDowncasedStrings.(context_values).any? do |context_value|
-          Array(context_value.split('.')).all? { |permission| context.include?(permission) }
-      end
-    end
-  end
-
-  class FeaturesPermissionChecker
-    attr_reader :required_features
-
-    def initialize(role, features)
-      @role = role
-      @required_features = MapValuesAsDowncasedStrings.(features)
-    end
-
-    def context?(context)
-      CheckRolePermission.call(context, @role, @required_features)
-    end
-  end
-
-  class Permissions
-    attr_reader :role, :context
-
-    def self.[](instance)
-      return instance if instance.is_a?(Permissions)
-
-      raise ArgumentError, "#{instance.inspect} must be a #{self.name}"
-    end
-
-    def initialize(role_permissions, context: [])
-      @role = role_permissions.dup.freeze
-      @cache = {}
-      @context = MapValuesAsDowncasedStrings.(context).freeze
-    end
-
-    def to(features)
-      FeaturesPermissionChecker.new(@role, features)
-    end
-
-    def to?(features = nil)
-      has_permission_to = to(features)
-
-      cache_key = has_permission_to.required_features.inspect
-
-      return @cache[cache_key] unless @cache[cache_key].nil?
-
-      @cache[cache_key] = has_permission_to.context?(@context)
-    end
-
-    def to_not?(features = nil)
-      !to?(features)
-    end
-  end
-
-  class Policy
-    def self.type(klass)
-      return klass if klass < self
-
-      raise ArgumentError, "policy must be a #{self.name}"
-    end
-
-    def initialize(context, subject = nil, permissions: nil)
-      @context = context
-      @subject = subject
-      @permissions = permissions
-    end
-
-    def method_missing(method, *args, **keyargs, &block)
-      return false if method =~ /\?\z/
-      super(method)
-    end
-
-    private
-
-    def permissions; @permissions; end
-    def context; @context; end
-    def subject; @subject; end
-    def user
-      @user ||=
-        context.is_a?(Hash) ? context[:user] || context[:current_user] : context
-    end
-    alias_method :current_user, :user
-  end
-
-  class Model
-    attr_reader :user, :permissions
-
-    def self.build(user, role, context: [], policies: {})
-      permissions = Permissions.new(role, context: context)
-
-      self.new(user, permissions: permissions, policies: policies)
-    end
-
-    def initialize(user, permissions:, policies: {})
-      @user = user
-      @policies = {}
-      @policies_cache = {}
-      @permissions = Permissions[permissions]
-
-      add_policies(policies)
-    end
-
-    def map(context: nil, policies: nil)
-      if context.nil? && policies.nil?
-        raise ArgumentError, 'context or policies keywords args must be defined'
-      end
-
-      new_permissions =
-        Permissions.new(permissions.role, context: context || @context)
-
-      self.class.new(
-        user, permissions: new_permissions, policies: policies || @policies
-      )
-    end
-
-    def add_policy(key, policy_klass)
-      raise ArgumentError, 'key must be a Symbol' unless key.is_a?(Symbol)
-
-      default_ref = key == :default && policy_klass.is_a?(Symbol)
-
-      @policies[key] ||= default_ref ? policy_klass : Policy.type(policy_klass)
-
-      self
-    end
-
-    def add_policies(new_policies)
-      unless new_policies.is_a?(Hash)
-        raise ArgumentError, "policies must be a Hash (key => #{Policy.name})"
-      end
-
-      new_policies.each(&method(:add_policy))
-
-      self
-    end
-
-    def to(policy_key, subject: nil)
-      policy_klass = fetch_policy(policy_key)
-
-      return policy_klass.new(user, subject, permissions: permissions) if subject
-
-      return @policies_cache[policy_key] if @policies_cache[policy_key]
-
-      policy_klass.new(user, permissions: permissions).tap do |instance|
-        @policies_cache[policy_key] = instance if policy_klass != Policy
-      end
-    end
-
-    def policy(key = :default, subject: nil)
-      to(key, subject: subject)
-    end
-
-    private
-
-    def fetch_policy(policy_key)
-      data = @policies[policy_key]
-      value = data || @policies.fetch(:default, Policy)
-      value.is_a?(Symbol) ? fetch_policy(value) : value
-    end
-  end
-end