access_schema 0.0.1

data/.gitignore

@@ -0,0 +1,7 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*
+*.swp
+*.swo
+.rvmrc

data/.rspec

@@ -0,0 +1,2 @@
+--colour
+--format documentation

data/Gemfile

@@ -0,0 +1,15 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in hydroplan.gemspec
+gemspec
+
+group :development, :test do
+  gem "rake"
+
+  gem "rspec"
+  gem "rack-test"
+  gem "guard"
+  gem "guard-rspec"
+  gem "rb-fsevent", :require => false
+end
+

data/Guardfile

@@ -0,0 +1,5 @@
+guard 'rspec', :version => 2, :cli => '--format documentation' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+end

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2012 Victor Gumayunov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,102 @@
+# AccessSchema gem - ACL/plans for your app
+
+AccessSchema provides a tool to define ACL schema with simple DSL.
+Inspired by [ya_acl](https://github.com/kaize/ya_acl)
+
+With a couple of aliases in DSL it enables you to deal with tariff plans. Plan and role, feature and privilege are synonyms.
+
+```
+  gem install access_schema
+```
+
+## An example of typical use
+
+```ruby
+  #somewhere.rb
+
+  acl.require! review, :edit
+
+  plan.allow? review, :add_photo
+
+  plan.require! review, :mark_featured
+
+```
+
+```ruby
+  # config/plans.rb
+  plans do
+    plan :none
+    plan :bulb
+    plan :flower
+    plan :bouquet
+  end
+
+  asserts do
+
+    assert :photo_limit, [:limit] do
+      subject.photos_count < limit
+    end
+
+  end
+
+  namespace "Review" do
+
+    feature :mark_featured, [:flower, :bouquet]
+
+    feature :add_photo, [:bouquet] do
+      assert :photo_limit, [:none], :limit => 1
+      assert :photo_limit, [:bulb], :limit => 5
+      assert :photo_limit, [:flower], :limit => 10
+    end
+
+  end
+```
+
+```ruby
+  # config/acl.rb
+  roles do
+    role :none
+    role :admin
+  end
+
+  asserts do
+
+    assert :owner, [:user_id] do
+      subject.author.id == user_id
+    end
+
+  end
+
+  namespace "Review" do
+
+    privilege :edit, [:admin] do
+      assert :owner, [:none]
+    end
+
+  end
+```
+
+
+```ruby
+  #access_schema_helper.rb
+
+  class AccessSchemaHelper
+
+    def plan
+      @plan ||= AccessSchema.build_file "config/plans.rb"
+      AccessSchema.with_options(@plan, {
+        :plan => Rails.development? && params[:debug_plan] || current_user.try(:plan) || :none
+      })
+    end
+
+    def acl
+      @acl ||= AccessSchema.build_file "config/acl.rb"
+      AccessSchema.with_options(@acl, {
+        :role => current_user.try(:role) || :none,
+        :user_id => current_user.try(:id)
+      })
+    end
+
+  end
+
+```

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/access_schema.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "access_schema/version"
+
+Gem::Specification.new do |s|
+  s.name        = "access_schema"
+  s.version     = AccessSchema::VERSION
+  s.authors     = ["Victor Gumayunov"]
+  s.email       = ["gumayunov@gmail.com"]
+  s.homepage    = ""
+  s.summary     = %q{AccessSchema is an ACL tool}
+  s.description = %q{AccessSchema is a tool for ACL or tariff plans schema definition and checks}
+
+  s.rubyforge_project = "access_schema"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies here; for example:
+  # s.add_development_dependency "rspec"
+  # s.add_runtime_dependency "rest-client"
+end

data/lib/access_schema/assert.rb

@@ -0,0 +1,24 @@
+module AccessSchema
+  class Assert
+    attr_reader :name
+
+    def initialize(name, vars, &block)
+      @name = name
+      @block = block
+      vars << :subject unless vars.include?(:subject)
+      (class << self; self; end).class_eval do
+        vars.each do |name|
+          define_method name do
+            @options[name]
+          end
+        end
+      end
+    end
+
+    def check?(options)
+      @options = options
+      self.instance_eval(&@block)
+    end
+
+  end
+end

data/lib/access_schema/builders/asserts_builder.rb

@@ -0,0 +1,12 @@
+module AccessSchema
+
+  class AssertsBuilder < BasicBuilder
+
+    def assert(name, vars, &block)
+      assert = Assert.new(name.to_sym, vars.map(&:to_sym), &block)
+      schema.add_assert(assert)
+    end
+
+  end
+
+end

data/lib/access_schema/builders/basic_builder.rb

@@ -0,0 +1,11 @@
+module AccessSchema
+  class BasicBuilder
+
+    attr_reader :schema
+
+    def initialize(schema)
+      @schema = schema
+    end
+
+  end
+end

data/lib/access_schema/builders/element_builder.rb

@@ -0,0 +1,10 @@
+module AccessSchema
+  class ElementBuilder < BasicBuilder
+
+    def assert(name, roles, options = {})
+      expectation = Expectation.new(name.to_sym, roles.map(&:to_sym), options)
+      schema.add_expectation(expectation)
+    end
+
+  end
+end

data/lib/access_schema/builders/namespace_builder.rb

@@ -0,0 +1,16 @@
+module AccessSchema
+  class NamespaceBuilder < BasicBuilder
+
+    def privilege(name, roles, &block)
+      element = Element.new(name.to_sym, roles.map(&:to_sym))
+      if block_given?
+        builder = ElementBuilder.new(element)
+        builder.instance_eval(&block)
+      end
+      schema.add_element(element)
+    end
+
+    alias :feature :privilege
+
+  end
+end

data/lib/access_schema/builders/roles_builder.rb

@@ -0,0 +1,11 @@
+module AccessSchema
+  class RolesBuilder < BasicBuilder
+
+    def role(role)
+      schema.add_role(role.to_sym)
+    end
+
+    alias :plan :role
+
+  end
+end

data/lib/access_schema/builders/schema_builder.rb

@@ -0,0 +1,36 @@
+module AccessSchema
+  class SchemaBuilder < BasicBuilder
+
+    def self.build(&block)
+      builder = new(Schema.new)
+      builder.instance_eval(&block)
+      builder.schema.freeze
+    end
+
+    def self.build_file(filename)
+      builder = new(Schema.new)
+      builder.instance_eval(File.read(filename))
+      builder.schema.freeze
+    end
+
+    def roles(&block)
+      builder = RolesBuilder.new(schema)
+      builder.instance_eval(&block)
+    end
+
+    alias :plans :roles
+
+    def asserts(&block)
+      builder = AssertsBuilder.new(schema)
+      builder.instance_eval(&block)
+    end
+
+    def namespace(name, &block)
+      namespace = Namespace.new(name.to_sym)
+      builder = NamespaceBuilder.new(namespace)
+      builder.instance_eval(&block)
+      schema.add_namespace(namespace)
+    end
+
+  end
+end

data/lib/access_schema/element.rb

@@ -0,0 +1,24 @@
+module AccessSchema
+  class Element
+    attr_reader :name
+
+    def initialize(name, roles, &block)
+      @name = name
+      @roles = roles
+      @block = block
+      @expectations = []
+    end
+
+    def add_expectation(expectation)
+      @expectations << expectation
+    end
+
+    def allow?(role)
+      @roles.include?(role) || begin
+        checklist = @expectations.select { |exp| exp.for?(role) }
+        checklist.length > 0 && checklist.all? { |exp| yield(exp) }
+      end
+    end
+
+  end
+end

data/lib/access_schema/exceptions.rb

@@ -0,0 +1,9 @@
+module AccessSchema
+
+  class Error < RuntimeError
+  end
+
+  class NotAlowedError < Error; end
+
+
+end

data/lib/access_schema/expectation.rb

@@ -0,0 +1,17 @@
+module AccessSchema
+  class Expectation
+    attr_reader :name
+    attr_reader :roles
+    attr_reader :options
+
+    def initialize(name, roles, options)
+      @name = name
+      @roles = roles
+      @options = options
+    end
+
+    def for?(role)
+      @roles.include?(role)
+    end
+  end
+end

data/lib/access_schema/namespace.rb

@@ -0,0 +1,16 @@
+module AccessSchema
+  class Namespace
+    attr_reader :name
+    attr_reader :elements
+
+    def initialize(name)
+      @name = name
+      @elements = []
+    end
+
+    def add_element(element)
+      @elements << element
+    end
+
+  end
+end

data/lib/access_schema/proxy.rb

@@ -0,0 +1,27 @@
+module AccessSchema
+  class Proxy
+
+    def initialize(schema, options)
+      @schema = schema
+      @options = options
+    end
+
+    def allow?(*args)
+      namespace = args[0]
+      feature = args[1]
+      role, options = case args[2]
+      when Symbol, String
+        [args[2], args[3]]
+      else
+        [@options[:role] || @options[:plan], args[2]]
+      end
+
+      @schema.allow?(namespace, feature, role, options)
+    end
+
+    def require!(*args)
+      @schema.require!(*args)
+    end
+
+  end
+end

data/lib/access_schema/schema.rb

@@ -0,0 +1,80 @@
+module AccessSchema
+  class Schema
+
+    attr_reader :roles
+    alias :plans :roles
+
+    def initialize
+      @roles = []
+      @asserts = {}
+      @namespaces = {}
+    end
+
+    def add_role(role)
+      @roles << role
+    end
+
+    def add_assert(assert)
+      @asserts[assert.name] = assert
+    end
+
+    def add_namespace(namespace)
+      @namespaces[namespace.name] = namespace
+    end
+
+    def allow?(*args)
+      require!(*args)
+    rescue NotAlowedError => e
+      false
+    else
+      true
+    end
+
+    def require!(*args)
+      options = args.last.is_a?(Hash) ? args.pop : {}
+      case args[0]
+      when String, Symbol
+        check!(args[0].to_sym, args[1].to_sym, args[2].to_sym, options)
+      else
+        check!(args[0].class.name.to_sym, args[1].to_sym, args[2].to_sym, options.merge(:subject => args[0]) )
+      end
+    end
+
+    private
+
+    def check!(namespace_name, element_name, role, options)
+
+      allowed = for_element(namespace_name, element_name) do |element|
+        element.allow?(role) do |expectation|
+          check_assert(expectation, options)
+        end
+      end
+
+      unless allowed
+        raise NotAlowedError.new
+      else
+        true
+      end
+
+    end
+
+    def check_assert(expectation, options)
+      @asserts[expectation.name].check?(expectation.options.merge(options))
+    end
+
+    def for_element(namespace, element)
+      ns = namespace.to_sym
+      fn = element.to_sym
+      allowed = elements_for(ns).any? do |element|
+        if element.name == fn
+          yield(element)
+        end
+      end
+    end
+
+    def elements_for(namespace)
+      @namespaces[namespace].elements
+    end
+
+  end
+end

data/lib/access_schema/version.rb

@@ -0,0 +1,3 @@
+module AccessSchema
+  VERSION = "0.0.1"
+end

data/lib/access_schema.rb

@@ -0,0 +1,33 @@
+require 'access_schema/version'
+require 'access_schema/exceptions'
+
+require 'access_schema/schema'
+require 'access_schema/assert'
+require 'access_schema/namespace'
+require 'access_schema/element'
+require 'access_schema/expectation'
+
+require 'access_schema/builders/basic_builder'
+require 'access_schema/builders/roles_builder'
+require 'access_schema/builders/asserts_builder'
+require 'access_schema/builders/namespace_builder'
+require 'access_schema/builders/element_builder'
+require 'access_schema/builders/schema_builder'
+
+require 'access_schema/proxy'
+
+module AccessSchema
+
+  def self.build(*args)
+    SchemaBuilder.build(*args)
+  end
+
+  def self.build_file(*args)
+    SchemaBuilder.build_file(*args)
+  end
+
+  def self.with_options(schema, options)
+    Proxy.new(schema, options)
+  end
+
+end

data/spec/access_schema_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe AccessSchema do
+
+  describe "#build" do
+    it "returns schema"
+  end
+
+  describe "#build_file" do
+    it "returns schema"
+  end
+
+  describe "#with_options" do
+
+    before do
+      @schema = AccessSchema.build_file('spec/schema_example.rb')
+    end
+
+    it "takes schema and options" do
+      lambda {
+        AccessSchema.with_options(@schema, {:plan => :none})
+      }.should_not raise_error
+    end
+
+    it "returns schema" do
+      result = AccessSchema.with_options(@schema, {:plan => :none})
+      %w{allow? require!}.should be_all{|m| result.respond_to?(m)}
+    end
+
+    it "allows to not specify plan for schema calls" do
+      schema = AccessSchema.with_options(@schema, {:plan => :flower})
+      schema.allow?("Review", :mark_featured).should be_true
+    end
+
+    it "but it accepts plan too" do
+      schema = AccessSchema.with_options(@schema, {})
+      schema.allow?("Review", :mark_featured, :flower).should be_true
+      schema.allow?("Review", :mark_featured, :none).should be_false
+    end
+
+  end
+
+end

data/spec/assess_schema/schema_builder_spec.rb

@@ -0,0 +1,110 @@
+require 'spec_helper'
+
+describe AccessSchema::SchemaBuilder do
+
+  before do
+  end
+
+  it "builds schema from block" do
+    @schema = AccessSchema::SchemaBuilder.build do
+      plans do
+        plan :none
+      end
+    end
+    @schema.should be
+  end
+
+  it "builds schema from file" do
+    @schema = AccessSchema::SchemaBuilder.build_file('spec/schema_example.rb')
+    @schema.should be
+  end
+
+  it "raises error if file dows not exists" do
+    lambda { @schema = AccessSchema::SchemaBuilder.build_file('abc') }.should raise_error
+  end
+
+end
+
+
+class Review; end
+
+describe AccessSchema::SchemaBuilder, "produced schema example" do
+
+  before do
+    @review = Review.new
+    @review.stub(:photos_count) { @photo_count }
+    @schema = AccessSchema::SchemaBuilder.build_file('spec/schema_example.rb')
+  end
+
+  it "creates plans" do
+    @schema.plans.should == [:none, :bulb, :flower, :bouquet]
+  end
+
+  context "when checking against plan 'none'"  do
+
+    it "does not allows to mark featured" do
+      @schema.allow?(@review, :mark_featured, :none).should be_false
+    end
+
+    it "allows to add first photo" do
+      @photo_count = 0
+      @schema.allow?(@review, :add_photo, :none).should be_true
+    end
+
+    it "does not allow to add second one" do
+      @photo_count = 1
+      @schema.allow?(@review, :add_photo, :none).should be_false
+    end
+
+  end
+
+  context "when checking against plan 'bulb'"  do
+
+    it "does not allow to mark featured" do
+      @schema.allow?(@review, :mark_featured, :bulb).should be_false
+    end
+
+    it "allows to add up to 5 photos" do
+      @photo_count = 4
+      @schema.allow?(@review, :add_photo, :bulb).should be_true
+    end
+
+    it "does not allow to add more then 5" do
+      @photo_count = 5
+      @schema.allow?(@review, :add_photo, :bulb).should be_false
+    end
+
+  end
+
+  context "when checking against plan 'flower'"  do
+
+    it "allows to mark featured" do
+      @schema.allow?(@review, :mark_featured, :flower).should be_true
+    end
+
+    it "allows to add up to 10 photos" do
+      @photo_count = 9
+      @schema.allow?(@review, :add_photo, :flower).should be_true
+    end
+
+    it "does not allow to add more then 10" do
+      @photo_count = 10
+      @schema.allow?(@review, :add_photo, :flower).should be_false
+    end
+
+  end
+
+  context "when checking against plan 'bouquet'"  do
+
+    it "allows to mark featured" do
+      @schema.allow?(@review, :mark_featured, :bouquet).should be_true
+    end
+
+    it "allows to add over 9000 photos" do
+      @photo_count = 9000
+      @schema.allow?(@review, :add_photo, :bouquet).should be_true
+    end
+
+  end
+
+end

data/spec/assess_schema/schema_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe AccessSchema::Schema, "errors rising" do
+
+  describe "#add_plan" do
+
+    it "raises error if duplicate"
+
+  end
+
+  describe "#add_assert" do
+
+    it "raises error if duplicate"
+
+  end
+
+  describe "#add_feature" do
+
+    it "raises error if duplicate"
+    it "raises error for invalid plan"
+    it "raises error for invalid assert"
+
+  end
+
+  describe "#allow?" do
+
+    it "raises exception on invalid namespace"
+    it "raises exception on invalid feature"
+
+  end
+
+  describe "#require!" do
+
+    it "raises en error is feature is nt allowed"
+
+  end
+
+end
+

data/spec/schema_example.rb

@@ -0,0 +1,27 @@
+
+plans do
+  plan :none
+  plan :bulb
+  plan :flower
+  plan :bouquet
+end
+
+asserts do
+
+  assert :photo_limit, [:limit] do
+    subject.photos_count < limit
+  end
+
+end
+
+namespace "Review" do
+
+  feature :mark_featured, [:flower, :bouquet]
+
+  feature :add_photo, [:bouquet] do
+    assert :photo_limit, [:none], :limit => 1
+    assert :photo_limit, [:bulb], :limit => 5
+    assert :photo_limit, [:flower], :limit => 10
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+require 'rspec'
+require 'access_schema'
+
+Dir[File.expand_path('../support/**/*', __FILE__)].each { |f| require f }
+
+RSpec.configure do |config|
+end
+

metadata

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification
+name: access_schema
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Victor Gumayunov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-02-27 00:00:00.000000000 Z
+dependencies: []
+description: AccessSchema is a tool for ACL or tariff plans schema definition and
+  checks
+email:
+- gumayunov@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- Guardfile
+- LICENSE
+- README.md
+- Rakefile
+- access_schema.gemspec
+- lib/access_schema.rb
+- lib/access_schema/assert.rb
+- lib/access_schema/builders/asserts_builder.rb
+- lib/access_schema/builders/basic_builder.rb
+- lib/access_schema/builders/element_builder.rb
+- lib/access_schema/builders/namespace_builder.rb
+- lib/access_schema/builders/roles_builder.rb
+- lib/access_schema/builders/schema_builder.rb
+- lib/access_schema/element.rb
+- lib/access_schema/exceptions.rb
+- lib/access_schema/expectation.rb
+- lib/access_schema/namespace.rb
+- lib/access_schema/proxy.rb
+- lib/access_schema/schema.rb
+- lib/access_schema/version.rb
+- spec/access_schema_spec.rb
+- spec/assess_schema/proxy_spec.rb
+- spec/assess_schema/schema_builder_spec.rb
+- spec/assess_schema/schema_spec.rb
+- spec/schema_example.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: access_schema
+rubygems_version: 1.8.16
+signing_key: 
+specification_version: 3
+summary: AccessSchema is an ACL tool
+test_files:
+- spec/access_schema_spec.rb
+- spec/assess_schema/proxy_spec.rb
+- spec/assess_schema/schema_builder_spec.rb
+- spec/assess_schema/schema_spec.rb
+- spec/schema_example.rb
+- spec/spec_helper.rb