access-granted 1.1.2 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b6d400982e35b05842762be3929a3bfb9d1a9de6
-  data.tar.gz: 3825d04d00c581e55b21339c92e6b8b3b5e90672
+  metadata.gz: 99c759ed2b314ec49877c1ba6b0673650b9c3fba
+  data.tar.gz: b77fa0ed9b87a7fd2bb3aa853a767f6e43cfe014
 SHA512:
-  metadata.gz: f1fa9bad01415dc1642a0d7d4c6396f4db625f88f87c81f59649fb230547da4f32cbbcb01bb3362a4716cdfba702ed97719afc2eecee688a8383c05901e2f9b6
-  data.tar.gz: bc6346e03d9d8502f4e42fce4ec0eba1939fd5e3c01846380f480c1e0feb4936af16840d2caf507f8b75e4b66f9e7b9b03841e42cac2c34200d512d409d2e738
+  metadata.gz: 270c16d0e319ac997679178287cbfb323b69c210b6f57ce8dbb1b34b42d566ec1c415936df32004d2a0f65f8622a777cb02c58b8c4514d14563412dd153e35c5
+  data.tar.gz: 112f93450a81eac894aeb55fb007fc6b1dabec4626e5b561c62a9ceb52e31c29254b0c2a3aae693bb20786e74d77d4376badfaa497e33e0b29a1b3103b1c67d6

data/CHANGELOG.md

@@ -1,3 +1,24 @@
+# 1.2.0
+
+- Cache whole blocks of identical permissions when one of them is checked.
+  For example, assuming we have a given permissions set:
+
+  ```
+  can [:update, :destroy, :archive], Post do |post, user|
+     post.user_id == user.id
+  end
+  ```
+
+  When resolving one of them like this:
+
+  ```
+  can? :update, @post
+  ```
+
+  Access Granted will cache the result for each of the remaining actions, too.
+  So next time when checking permissions `:destroy` or `:archive`, AG will serve the result from cache instead of running the block again.
+
+
 # 1.1.2
 
 - Expose internal `block` instance variable in Permission class

data/access-granted.gemspec

@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "access-granted"
-  spec.version       = "1.1.2"
+  spec.version       = "1.2.0"
   spec.authors       = ["Piotrek Okoński"]
   spec.email         = ["piotrek@okonski.org"]
   spec.description   = %q{Role based authorization gem}

data/lib/access-granted/permission.rb

@@ -1,13 +1,14 @@
 module AccessGranted
   class Permission
-    attr_reader :action, :subject, :granted, :conditions, :block
+    attr_reader :action, :subject, :granted, :conditions, :actions, :block
 
-    def initialize(granted, action, subject, user = nil, conditions = {}, block = nil)
+    def initialize(granted, action, subject, user = nil, conditions = {}, actions = [], block = nil)
       @action     = action
       @user       = user
       @granted    = granted
       @subject    = subject
       @conditions = conditions
+      @actions    = actions
       @block      = block
     end
 
@@ -20,10 +21,12 @@ module AccessGranted
     end
 
     def matches_conditions?(subject)
-      if @block && !subject.is_a?(Class)
+      if @block
         @block.call(subject, @user)
-      else
+      elsif !@conditions.empty?
         matches_hash_conditions?(subject)
+      else
+        true
       end
     end
 

data/lib/access-granted/policy.rb

@@ -29,16 +29,27 @@ module AccessGranted
 
     def can?(action, subject = nil)
       cache[action] ||= {}
-      cache[action][subject] ||= check_permission(action, subject)
+
+      if cache[action][subject]
+        cache[action][subject]
+      else
+        granted, actions = check_permission(action, subject)
+        actions.each do |a|
+          cache[a] ||= {}
+          cache[a][subject] ||= granted
+        end
+
+        granted
+      end
     end
 
     def check_permission(action, subject)
       applicable_roles.each do |role|
         permission = role.find_permission(action, subject)
-        return permission.granted if permission
+        return [permission.granted, permission.actions] if permission
       end
 
-      false
+      [false, []]
     end
 
     def cannot?(*args)

data/lib/access-granted/role.rb

@@ -53,9 +53,10 @@ module AccessGranted
     end
 
     def add_permission(granted, action, subject, conditions, block)
-      prepare_actions(action).each do |a|
+      prepared_actions = prepare_actions(action)
+      prepared_actions.each do |a|
         raise DuplicatePermission, "Permission `#{a}` is already defined for #{subject} in role `#{name}`" if find_permission(a, subject)
-        permissions << Permission.new(granted, a, subject, @user, conditions, block)
+        permissions << Permission.new(granted, a, subject, @user, conditions, prepared_actions, block)
       end
     end
 

data/spec/permission_spec.rb

@@ -3,30 +3,23 @@ require 'spec_helper'
 describe AccessGranted::Permission do
   subject { AccessGranted::Permission }
 
-  describe "#matches_conditions?" do
-    it "matches when no conditions given" do
-      perm = subject.new(true, :read, String)
-      expect(perm.matches_conditions?(String)).to eq(true)
-    end
+  describe "#matches_proc_conditions?" do
 
-    it "matches proc conditions" do
+    it "matches proc conditions when true" do
       sub = double("Element", published?: true)
-      perm = subject.new(true, :read, sub.class, nil, {}, proc {|el| el.published? })
+      perm = subject.new(true, :read, sub, nil, {}, proc {true})
       expect(perm.matches_conditions?(sub)).to eq(true)
     end
 
-    it "does not match proc conditions when given a class instead of an instance" do
+    it "does not match proc conditions false" do
       sub = double("Element", published?: true)
-      perm = subject.new(true, :read, sub.class, nil, {}, proc {|el| el.published? })
-      expect(perm.matches_conditions?(sub.class)).to eq(true)
+      perm = subject.new(true, :read, sub, nil, {}, proc {false})
+      expect(perm.matches_conditions?(sub)).to eq(false)
     end
+
   end
 
   describe "#matches_hash_conditions?" do
-    it "matches condition hash is empty" do
-      perm = subject.new(true, :read, String)
-      expect(perm.matches_hash_conditions?(String)).to eq(true)
-    end
 
     it "matches when conditions given" do
       sub = double("Element", published: true)
@@ -39,6 +32,7 @@ describe AccessGranted::Permission do
       perm = subject.new(true, :read, sub, nil, { published: true, readable: true })
       expect(perm.matches_hash_conditions?(sub)).to eq(false)
     end
+
   end
 
   describe "#matches_action?" do
@@ -46,6 +40,7 @@ describe AccessGranted::Permission do
       perm = subject.new(true, :read, String)
       expect(perm.matches_action?(:read)).to_not be_nil
     end
+
   end
 
   describe "#matches_subject?" do
@@ -73,5 +68,15 @@ describe AccessGranted::Permission do
       perm = subject.new(true, :read, String)
       expect(perm.matches_subject? Object.new).to eq(false)
     end
+
   end
+
+  describe "#matches_empty_conditions?" do
+    it "matches when no conditions given" do
+      perm = subject.new(true, :read, String)
+      expect(perm.matches_conditions?(String)).to eq(true)
+    end
+
+  end
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: access-granted
 version: !ruby/object:Gem::Version
-  version: 1.1.2
+  version: 1.2.0
 platform: ruby
 authors:
 - Piotrek Okoński
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-02 00:00:00.000000000 Z
+date: 2017-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -90,7 +90,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.5.2
 signing_key: 
 specification_version: 4
 summary: Elegant whitelist and role based authorization with ability to prioritize
@@ -101,4 +101,3 @@ test_files:
 - spec/policy_spec.rb
 - spec/role_spec.rb
 - spec/spec_helper.rb
-has_rdoc: