you_shall_not_pass 0.0.3 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c2a0082fe593f22ba8a1ccc446061ed132bb3248
-  data.tar.gz: f9be21782946d49cd83fe2b694d29ca6a153e07c
+  metadata.gz: 2f7b94fd90514299c816fa9f4f55a4f50fe7fadb
+  data.tar.gz: 2c20e0ded03fde67292cb5fbed5a11a7ffa959b3
 SHA512:
-  metadata.gz: 225b91dba9bc231f7ff0207523bb1f8d360506aa473e9f399de64b44a8482f9d6b50712066b1bd994a03e90e19b42c273594027430642aa63dc6804383fbd791
-  data.tar.gz: 19679f956b3282381acbca246d940be8cabf690f1e520f22d6cb0c7258ef52d8fd9d6ace5ead2bda13740af9ef723f0bc2b741717ca08aa3c70303d807a10dfe
+  metadata.gz: e7e767bf6c234ab62c6ad73c94d8ce37e90fc25bdf5c2948d6126bc715351a3367164f1fe490ed28c9ccd17e884a86629077f6d81c530b884ccf205c6d6c03d8
+  data.tar.gz: 8512dcc4f5df0b615619ebc360387d400a56ce7db016d1598defaedef9defe7902b1ccaff82a9f62f006e22182383929c3c9e0e01512a36d914ac73bfcdf7aac

data/.travis.yml

@@ -0,0 +1,5 @@
+rvm:
+  - 2.0.0
+  - 2.1.1
+  - 2.2.0
+  - ruby-head

data/README.md

@@ -1,13 +1,168 @@
 # YouShallNotPass
+[![Build Status](https://travis-ci.org/iachettifederico/you_shall_not_pass.png?branch=master)](https://travis-ci.org/iachettifederico/you_shall_not_pass)
+
+
+Simple framework-agnostic authorization library.
+
+## Usage
+
+You Shall Not Pass is a very minimalistic authorization framework. It doesn't really care about your system architecture.
+You don't really need to set up your authentication schema in any particular way (in fact, you don't even really need authentication to make You Shall Not Pass work).
+
+The first you need is to create an Authorizator. You can define one by extending `YouShallNotPass::Authorizator` and then define the authorization policies.
+
+Let's write a first example:
+
+```ruby
+class MyAuthorizator < YouShallNotPass::Authorizator
+  def time_policies
+    {
+      morning_shift: Time.now.hour <= 12,
+      afternoon_shift: Time.now.hour > 12 && Time.now.hour < 20,
+      night_shift: Time.now.hour >= 20,
+    }
+  end
+end
+```
+
+As you can see, there's no user, role, or any kind of authentication going on in this example.
+
+Now we can ask if we have permission to `<insert action here>` depending on the shift:
+
+```ruby
+Time.now
+# => 2015-02-09 20:17:26 -0300
+
+Time.now.hour
+# => 20
+
+auth = MyAuthorizator.new
+auth.can?(:morning_shift)
+# => false
+
+auth.can?(:afternoon_shift)
+# => false
+
+auth.can?(:night_shift)
+# => true
+```
+
+In this case, the code was run at 20:17, so it corresponds to the night shift.
+
+We can also perform an action depending on the shift. So let's get some output:
+
+```ruby
+auth.perform_for(:morning_shift) do
+  puts "Morning shift"
+end
+
+auth.perform_for(:afternoon_shift) do
+  puts "Afternoon shift"
+end
+
+auth.perform_for(:night_shift) do
+  puts "Night shift"
+end
+
+# >> Night shift
+```
+
+And as we are on the night shift, the only block that get's called is the one that performs for the night shift.
+
+## *_policies
+
+You Shall Not Pass allows you to group your permissions by providing instance methods suffixed with `_policies`.
+
+So, if we have:
+
+```ruby
+class MyAuthorizator < YouShallNotPass::Authorizator
+  def time_policies
+    {
+      morning_shift: Time.now.hour <= 12,
+      afternoon_shift: Time.now.hour > 12 && Time.now.hour < 20,
+      night_shift: Time.now.hour >= 20,
+    }
+  end
+  
+  def date_policies
+    {
+      jan: Time.now.month == 1,
+      feb: Time.now.month == 2,
+    }
+  end
+end
+```
+
+The available policy names are:
+
+```ruby
+auth = MyAuthorizator.new
+auth.policies.keys
+# => [:morning_shift, :afternoon_shift, :night_shift, :jan, :feb]
+```
+
+## Attributes
+
+If you have an authorization schema in place, you can make You Shall Not Pass aware of it by introducing attributes.
+
+Let's say we have a `User` object and we want our authenticator to use it. We can extend `MyAuthorizator` to accept a `user` attribute and use it on the policies.
+
+```ruby
+class User
+  def initialize(admin)
+    @admin = admin
+  end
+  
+  def admin?
+    @admin
+  end
+end
+
+class MyAuthorizator < YouShallNotPass::Authorizator
+  attribute :user
+
+  def user_policies
+    {
+      admin: user.admin? 
+    }
+  end
+end
+```
+
+Now we need to instantiate an authorizator passing the user as a (named) parameter:
+
+```ruby
+auth1 = MyAuthorizator.new(user: User.new(true))
+auth1.perform_for(:admin) do
+  puts "First user"
+end
+
+auth2 = MyAuthorizator.new(user: User.new(false))
+auth2.perform_for(:admin) do
+  puts "Second user"
+end
+
+# >> First user
+```
+
+And only the first one will print.
+
+You can add as many attributes as you want and you will get an instance method to use it at will.
+
+It's important to notice that the `user` in this case is just a Ruby object. You don't need to comply with any API in particular.
+
+In a web framework, is a good idea to create the authorizator after defining the current user and then pass the current user as a parameter.
+
+If you need to authenticate using other objects, you can keep adding attributes to the authorizator (for example pass a settings array, the environment your on - dev, prod-, etc).
 
-TODO: Write a gem description
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'you_shall_not_pass'
+  gem 'you_shall_not_pass'
 ```
 
 And then execute:
@@ -18,9 +173,6 @@ Or install it yourself as:
 
     $ gem install you_shall_not_pass
 
-## Usage
-
-TODO: Write usage instructions here
 
 ## Contributing
 

data/Rakefile

@@ -1,3 +1,5 @@
 require "bundler/gem_tasks"
 
 require "matest/spec_tasks"
+
+task default: :spec

data/lib/you_shall_not_pass/authorizator.rb

@@ -8,23 +8,27 @@ module YouShallNotPass
         send attr, value
       end
     end
-    
+
     def can?(permission, **args)
       Array(policies.fetch(permission)).all? do |policy|
         Callable(policy).call(**args) == true
       end
-    rescue KeyError => e
-      if permission =~ /_and_/
+    rescue KeyError => exception
+      break_down_can(permission, exception, **args)
+    end
+
+    def break_down_can(permission, exception, **args)
+      case permission
+      when /_and_/
         permission.to_s.split("_and_").all? { |policy| can?(policy.to_sym, **args)}
-      elsif permission =~ /_or_/
+      when /_or_/
         permission.to_s.split("_or_").any? { |policy| can?(policy.to_sym, **args)}
-      elsif permission =~ /\Anot_/
+      when /\Anot_/
         policy = permission.to_s.gsub(/\Anot_/, "")
         ! can?(policy.to_sym, **args)
       else
-        raise e
+        raise exception
       end
-
     end
 
     def perform_for(permission, **args)
@@ -32,15 +36,35 @@ module YouShallNotPass
     end
 
     def policies
-      @policies ||= methods.grep(/_policies\Z/).map {|name| send(name)}.each_with_object({}) do |curr, res|
+      @policies ||= __set_policies__
+    end
+
+    private
+
+    def __set_policies__
+      the_policies = methods.grep(/_policies\z/).map {|name| send(name)}.each_with_object({}) do |curr, res|
         res.merge!(curr)
       end
+
+      the_policies.merge!( self.class.__dsl_policies__.each_with_object({}) { |policy, h|
+                            block =  policy.last
+                            h[policy.first] = instance_eval(&block)
+                          })
+
+      the_policies
     end
 
-    private
+    def self.__dsl_policies__
+      @__dsl_policies__ ||= {}
+    end
+
+    def self.authorize(name, &block)
+      __dsl_policies__[name] = block
+    end
 
     def self.attribute(attr)
       fattr attr
     end
+    private_class_method :attribute
   end
 end

data/lib/you_shall_not_pass/policy.rb

@@ -1,11 +1,7 @@
 module YouShallNotPass
   class Policy
-    include Callable
-    attr_reader :user
-
     def initialize(authorizator)
       @authorizator = authorizator
-      @user         = authorizator.user
     end
 
     def call(**options)

data/lib/you_shall_not_pass/version.rb

@@ -1,3 +1,3 @@
 module YouShallNotPass
-  VERSION = "0.0.3"
+  VERSION = "0.1.0"
 end

data/spec/you_shall_not_pass/authorizator_spec.rb

@@ -24,28 +24,28 @@ scope YouShallNotPass::Authorizator do
         end
       end
 
-      class MyAuthenticator < YouShallNotPass::Authorizator
+      class MyAuthorizator < YouShallNotPass::Authorizator
         def policies
           {
-            can_lambda:  -> (*) { true },
-            cant_lambda: -> (*) { false },
+           can_lambda:  -> (*) { true },
+           cant_lambda: -> (*) { false },
 
-            can_proc:    proc { true },
-            cant_proc:   proc { false },
+           can_proc:    proc { true },
+           cant_proc:   proc { false },
 
-            can_action:  Action.new(true),
-            cant_action: Action.new(false),
+           can_action:  Action.new(true),
+           cant_action: Action.new(false),
 
-            can_true:    true,
-            cant_false:  false,
+           can_true:    true,
+           cant_false:  false,
 
-            can_array:   [ true, proc { true }, true ],
-            cant_array:  [ true, false,         true ],
+           can_array:   [ true, proc { true }, true ],
+           cant_array:  [ true, false,         true ],
           }
         end
       end
 
-      let(:authorizator) { MyAuthenticator.new }
+      let(:authorizator) { MyAuthorizator.new }
 
       spec "allow lambda" do
         authorizator.can?(:can_lambda)
@@ -90,18 +90,18 @@ scope YouShallNotPass::Authorizator do
   end
 
   scope "arguments" do
-    class MyAuthenticatorWithArgs < YouShallNotPass::Authorizator
+    class MyAuthorizatorWithArgs < YouShallNotPass::Authorizator
       def policies
         {
-          lambda: -> (a:, b:) { a == b },
-          proc:   proc { |a:, b:| a == b },
+         lambda: -> (a:, b:) { a == b },
+         proc:   proc { |a:, b:| a == b },
 
-          splat:  -> (**args) { args.all? { |k, v| k == v} },
+         splat:  -> (**args) { args.all? { |k, v| k == v} },
         }
       end
     end
 
-    let(:authorizator) { MyAuthenticatorWithArgs.new }
+    let(:authorizator) { MyAuthorizatorWithArgs.new }
 
     spec "allow lambda" do
       authorizator.can?(:lambda, a: 1, b: 1)
@@ -132,10 +132,10 @@ scope YouShallNotPass::Authorizator do
     class BasicAuthorizator < YouShallNotPass::Authorizator
       def policies
         {
-          can:  true,
-          cant: false,
+         can:  true,
+         cant: false,
 
-          use_args: -> (**args) { args.all? { |k, v| k == v }  }
+         use_args: -> (**args) { args.all? { |k, v| k == v }  }
         }
       end
     end
@@ -168,18 +168,18 @@ scope YouShallNotPass::Authorizator do
   end
 
   scope "conditional policies" do
-    class NumberAuthenticator < YouShallNotPass::Authorizator
+    class NumberAuthorizator < YouShallNotPass::Authorizator
       def policies
         {
-          one:   true,
-          two:   true,
-          three: false,
-          four:  false,
+         one:   true,
+         two:   true,
+         three: false,
+         four:  false,
         }
       end
     end
 
-    let(:authorizator) { NumberAuthenticator.new }
+    let(:authorizator) { NumberAuthorizator.new }
 
     spec "allow _and_" do
       authorizator.can?(:one_and_two)
@@ -217,10 +217,10 @@ scope YouShallNotPass::Authorizator do
       class ConditionalAuthorizator < YouShallNotPass::Authorizator
         def policies
           {
-            one: true,
-            two: true,
-            one_and_two: false,
-            one_or_two: false
+           one: true,
+           two: true,
+           one_and_two: false,
+           one_or_two: false
           }
         end
       end
@@ -241,22 +241,22 @@ scope YouShallNotPass::Authorizator do
     class MergePolicies < YouShallNotPass::Authorizator
       def action_policies
         {
-          create_user: true,
-          update_user: true,
+         create_user: true,
+         update_user: true,
         }
       end
 
       def role_policies
         {
-          admin: true,
-          editor: true,
+         admin: true,
+         editor: true,
         }
       end
 
       def feature_policies
         {
-          avatars: true,
-          random_player: true,
+         avatars: true,
+         random_player: true,
         }
       end
     end
@@ -269,13 +269,13 @@ scope YouShallNotPass::Authorizator do
 
     spec "merges all the policies" do
       @expected = {
-        create_user: true,
-        update_user: true,
-        admin: true,
-        editor: true,
-        avatars: true,
-        random_player: true,
-      }
+                   create_user: true,
+                   update_user: true,
+                   admin: true,
+                   editor: true,
+                   avatars: true,
+                   random_player: true,
+                  }
 
       authorizator.policies == @expected
     end
@@ -288,7 +288,7 @@ scope YouShallNotPass::Authorizator do
 
       def policies
         {
-          something: proc { user == "Me" && role == :admin }
+         something: proc { user == "Me" && role == :admin }
         }
       end
     end
@@ -305,4 +305,31 @@ scope YouShallNotPass::Authorizator do
       ! authorizator.can?(:something)
     end
   end
+
+  scope "dsl" do
+    class DslAuthorizator < YouShallNotPass::Authorizator
+      attribute :user
+      attribute :pass
+      
+      authorize(:true)  { true }
+      authorize(:false) { false }
+
+      authorize(:login) { user == pass}
+    end
+
+    let(:authorizator) { DslAuthorizator.new(user: "fede", pass: "fede") }
+
+    spec "authorizes true" do
+      authorizator.can?(:true)
+    end
+
+    spec "rejects false" do
+      authorizator.can?(:false) == false
+    end
+
+    spec do
+      authorizator.can?(:login)
+    end
+
+  end
 end

data/you_shall_not_pass.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["iachetti.federico@gmail.com"]
   spec.summary       = %q{Simple authorization library.}
   spec.description   = %q{Embrace authorization with this simple library.}
-  spec.homepage      = ""
+  spec.homepage      = "https://github.com/iachettifederico/you_shall_not_pass"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0")
@@ -20,8 +20,8 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "matest", "~> 1.5"
+  spec.add_development_dependency "matest", "~> 1.7.1"
   
-  spec.add_dependency "callable", "~> 0.0.3"
+  spec.add_dependency "callable", "~> 0.0.5"
   spec.add_dependency "fattr", "~> 2.2.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: you_shall_not_pass
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.1.0
 platform: ruby
 authors:
 - Federico Iachetti
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-03 00:00:00.000000000 Z
+date: 2015-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,28 +44,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 1.7.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.5'
+        version: 1.7.1
 - !ruby/object:Gem::Dependency
   name: callable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 0.0.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.0.3
+        version: 0.0.5
 - !ruby/object:Gem::Dependency
   name: fattr
   requirement: !ruby/object:Gem::Requirement
@@ -88,6 +88,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -99,7 +100,7 @@ files:
 - spec/spec_helper.rb
 - spec/you_shall_not_pass/authorizator_spec.rb
 - you_shall_not_pass.gemspec
-homepage: ''
+homepage: https://github.com/iachettifederico/you_shall_not_pass
 licenses:
 - MIT
 metadata: {}
@@ -119,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Simple authorization library.