zero_authorization 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 950cc7e7cd5bfbc2957da19480b4cbeba39c6978
+  data.tar.gz: 2e5b43a11b77759a3544f430c95199e909731a9c
+SHA512:
+  metadata.gz: b803db0659e93cc599c6c0b6a8a45c728e8a6677568ddcc0dcef277dae2dac24d5197f362312be7f1db05dc8eb8edd45f88823592866ba0c44823a3d1246ab50
+  data.tar.gz: f83f3552b4456fdd7444087bdc3598b1e9b4557b826085139d8cfad3820efd0b9af8d788ee11dff79136cc324b97dacb51d171b09cfa37ee0e5e5c90bc4360fe

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in zero_authorization.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Rajeev Kannav Sharma
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1 @@
+This file was created by JetBrains RubyMine 5.4.3.2.1 for binding GitHub repository

data/README.md

@@ -0,0 +1,29 @@
+# ZeroAuthorization
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'zero_authorization'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install zero_authorization
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/lib/zero_authorization.rb

@@ -0,0 +1,189 @@
+require "zero_authorization/version"
+
+module ZeroAuthorization
+
+  class Role
+    cattr_writer :role
+    # Initializing role
+    def initialize(role_name)
+      @role_name = role_name
+    end
+
+    def to_s
+      @role_name.to_s
+    end
+
+    # Getting rule_set(s) for the role
+    def rule_set
+      self.class.roles_n_privileges_hash["role_#{@role_name}".to_sym]
+    end
+
+    #Returns role if role can be formed/included in parsed hash's keys of parse_roles_n_privileges_yml
+    def self.role
+      roles_n_privileges_hash.keys.collect { |key| key.to_s.gsub(/^role_/, '') }.include?(@@role) ? new(@@role) : nil
+    end
+
+    # role_privileges_hash in place of yml
+    #TODO: Read it from YML and also provide functionality to reload it after caching
+    def self.roles_n_privileges_hash
+      @roles_n_privileges_hash ||= YAML::load_file(File.join(Rails.root, 'config', 'roles_n_privileges.yml'))
+      @roles_n_privileges_hash
+    end
+
+    def self.roles_n_privileges_hash_reload
+      @roles_n_privileges_hash = YAML::load_file(File.join(Rails.root, 'config', 'roles_n_privileges.yml'))
+    end
+
+  end
+
+  module Engine
+    def self.included(base)
+      puts "Initializing ZeroAuthorization for #{base.name}"
+
+      base.extend(ClassMethods)
+
+      # Initializing authentication mode. Options are
+      # :strict =>'raise exception and deny operation if not authorized' ,
+      # :warning => 'display only warning without exception',
+      # :superficial =>'allow operation without authorization'
+      base.send(:initialize_authorization_mode)
+
+      # Applying restriction on methods
+      base.send(:initialize_methods_restriction)
+
+      # Applying restriction on crud write operations
+      base.send(:before_save, :is_zero_authorized_4_save)
+      base.send(:before_create, :is_zero_authorized_4_create)
+      base.send(:before_update, :is_zero_authorized_4_update)
+      base.send(:before_destroy, :is_zero_authorized_4_destroy)
+
+
+      private
+
+      # Authorization for authorization mode :strict
+      def authorize_strictly(action)
+        role = ZeroAuthorization::Role.role
+        raise 'ZeroAuthorizationRoleNotAvailable' if role.nil?
+
+        if zero_authorized_core(role, action)
+          return true
+        else
+          logger.info 'ZeroAuthorization: Not authorized to perform activity.'
+          raise 'NotAuthorized'
+        end
+
+        false
+      end
+
+      # Authorization for authorization mode :warning
+      def authorize_with_warning(action)
+        role = ZeroAuthorization::Role.role
+        raise 'ZeroAuthorizationRoleNotAvailable' if role.nil?
+
+        if zero_authorized_core(role, action)
+          return true
+        else
+          logger.info 'ERROR: ZeroAuthorization: Not authorized to perform activity.'
+        end
+
+        false
+      end
+
+      # Authorization for authorization mode :superficial
+      def authorize_superficially(action)
+        logger.info 'ZeroAuthorizationMode: superficial. By passing authorization.'
+        return true
+      end
+
+      # Return authorization mode
+      def zero_authorized_checker(action)
+        if self.class.authorization_mode == :strict
+          return authorize_strictly(action)
+        elsif self.class.authorization_mode == :warning
+          return authorize_with_warning(action)
+        elsif self.class.authorization_mode == :superficial
+          return authorize_superficially(action)
+        else
+          raise 'InvalidAuthorizationMode'
+        end
+      end
+
+      # Core of authorization after reading/parsing rule set for current role
+      def zero_authorized_core(role, action)
+        _auth_flag = false
+        unless role.rule_set[:can_do].nil?
+          if role.rule_set[:can_do] == :anything
+            _auth_flag = true
+          elsif role.rule_set[:can_do].is_a?(Hash)
+            _auth_flag = true if (role.rule_set[:can_do][self.class.name.to_sym] || []).include?(action)
+          end
+        end
+        unless role.rule_set[:cant_do].nil?
+          if role.rule_set[:cant_do] == :anything
+            _auth_flag = false
+          elsif role.rule_set[:cant_do].is_a?(Hash)
+            _auth_flag = false if (role.rule_set[:cant_do][self.class.name.to_sym] || []).include?(action)
+          end
+        end
+        _auth_flag
+      end
+
+      def is_zero_authorized_4_save
+        zero_authorized_checker(:save)
+      end
+
+      def is_zero_authorized_4_create
+        zero_authorized_checker(:create)
+      end
+
+      def is_zero_authorized_4_update
+        zero_authorized_checker(:update)
+      end
+
+      def is_zero_authorized_4_destroy
+        zero_authorized_checker(:destroy)
+      end
+    end
+
+    module ClassMethods
+      attr_accessor :authorization_mode
+
+      def list_of_methods_to_guard
+        _model_methods_set = {}
+        Role.roles_n_privileges_hash.each do |role_key, permission_value|
+          unless permission_value[:can_do].nil?
+            _model_methods_set = _model_methods_set.merge(permission_value[:can_do]) { |key, oval, nval| ([oval] << [nval]).flatten.compact.uniq } if permission_value[:can_do].is_a?(Hash)
+          end
+          unless permission_value[:cant_do].nil?
+            _model_methods_set = _model_methods_set.merge(permission_value[:cant_do]) { |key, oval, nval| ([oval] << [nval]).flatten.compact.uniq } if permission_value[:cant_do].is_a?(Hash)
+          end
+        end
+
+        (_model_methods_set[self.name.to_sym] || []).clone.delete_if { |x| [:create, :save, :update, :destroy].include?(x) }
+      end
+
+      private
+      def initialize_authorization_mode
+        @authorization_mode = :strict # :strict, :warning and :superficial
+      end
+
+      # applying restriction on methods TODO 'it will be done by yml'
+      def initialize_methods_restriction
+        list_of_methods_to_guard.each do |method_name|
+          send(:alias_method, "za_#{method_name}", method_name)
+          define_method "#{method_name}" do |*args|
+            puts 'Restricted method call..'
+            send("za_#{method_name}", *args) if zero_authorized_checker(method_name)
+          end
+        end
+      end
+    end
+  end
+
+end
+
+
+Rails.application.eager_load!
+ActiveRecord::Base.descendants.each do |descendant|
+  descendant.send(:include, ZeroAuthorization::Engine)
+end

data/lib/zero_authorization/exceptions.rb

@@ -0,0 +1,6 @@
+module Exceptions
+
+  #class ActivatedAlreadyError < StandardError;
+  #end
+
+end

data/lib/zero_authorization/version.rb

@@ -0,0 +1,3 @@
+module ZeroAuthorization
+  VERSION = "0.0.1"
+end

data/zero_authorization.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'zero_authorization/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "zero_authorization"
+  spec.version       = ZeroAuthorization::VERSION
+  spec.authors       = ["Rajeev Kannav Sharma"]
+  spec.email         = ["rajeevsharma86@gmail.com"]
+  spec.description   = %q{Write a gem description}
+  spec.summary       = %q{Write a gem summary}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: zero_authorization
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Rajeev Kannav Sharma
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-09-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Write a gem description
+email:
+- rajeevsharma86@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README
+- README.md
+- Rakefile
+- lib/zero_authorization.rb
+- lib/zero_authorization/exceptions.rb
+- lib/zero_authorization/version.rb
+- zero_authorization.gemspec
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Write a gem summary
+test_files: []