access_schema 0.3.5 → 0.4.0

data/README.md

@@ -5,8 +5,6 @@ to define ACL schemas with realy simple DSL.
 
 Inspired by [ya_acl](https://github.com/kaize/ya_acl)
 
-With a couple of aliases in DSL it enables you to deal with tariff plans. Plan and role, feature and privilege are synonyms.
-
 ```
   gem install access_schema
 ```
@@ -24,9 +22,9 @@ add some default options in helpers:
 
   class AccessSchemaHelper
 
-    def plan
+    def role
       AccessSchema.schema(:plans).with_options({
-        :plan => Rails.development? && params[:debug_plan] || current_user.try(:plan) || :none
+        :role => Rails.development? && params[:debug_role] || current_user.try(:role) || :none
       })
     end
 
@@ -45,14 +43,14 @@ So at may be used in controllers:
 
 ```ruby
   acl.require! review, :edit
-  plan.require! review, :mark_featured
+  role.require! review, :mark_privileged
 
 ```
 
 Or views:
 
 ```ruby
-  - if plan.allow? review, :add_photo
+  - if role.allow? review, :add_photo
     = render :partial => "add_photo"
 ```
 
@@ -66,17 +64,17 @@ example. So we have to pass extra options:
 
   class ReviewService < BaseSevice
 
-    def mark_featured(review_id, options)
+    def mark_privileged(review_id, options)
 
       review = Review.find(review_id)
 
-      acl = AccessSchema.schema(:acl).with_options(:role => options[:actor].roles)
-      acl.require! review, :mark_featured
+      acl = AccessSchema.schema(:acl).with_options(:roles => options[:actor].roles)
+      acl.require! review, :mark_privileged
 
-      plans = AccessSchema.schema(:plans).with_options(:plan => options[:actor].plan)
-      plans.require! review, :mark_featured
+      plans = AccessSchema.schema(:plans).with_options(:plans => options[:actor].plans)
+      plans.require! review, :mark_privileged
 
-      review.featured = true
+      review.privileged = true
       review.save!
 
     end
@@ -85,10 +83,10 @@ example. So we have to pass extra options:
 
       review = Review.find(review_id)
 
-      acl = AccessSchema.schema(:acl).with_options(:role => options[:actor].roles)
+      acl = AccessSchema.schema(:acl).with_options(:roles => options[:actor].roles)
       acl.require! review, :edit
 
-      plans = AccessSchema.schema(:plans).with_options(:plan => options[:actor].plan)
+      plans = AccessSchema.schema(:plan).with_options(:plan => options[:actor].plan)
       plans.require! review, :edit, :new_attrs => attrs
 
       review.update_attributes(attrs)
@@ -102,13 +100,13 @@ example. So we have to pass extra options:
 ### Definition
 
 ```ruby
-  # config/plans.rb
+  # config/roles.rb
 
-  plans do
-    plan :none
-    plan :bulb
-    plan :flower
-    plan :bouquet
+  roles do
+    role :none
+    role :bulb
+    role :flower
+    role :bouquet
   end
 
   asserts do
@@ -123,22 +121,17 @@ example. So we have to pass extra options:
 
   end
 
-  namespace "Review" do
+  resource "Review" do
 
-    feature :mark_featured, [:flower, :bouquet]
+    privilege :mark_privileged, [:flower, :bouquet]
 
-    feature :add_photo, [:bouquet] do
+    privilege :add_photo, [:bouquet] do
       assert :photo_limit, [:none], :limit => 1
       assert :photo_limit, [:bulb], :limit => 5
       assert :photo_limit, [:flower], :limit => 10
     end
 
-    # Important fields from plans aspect:
-    #   greeting
-    #   logo
-    #   site_url
-    #
-    feature :edit, [:bouquet] do
+    privilege :edit, [:bouquet] do
       assert :attrs, [:bulb], :disallow => [:greeting, :logo, :site_url]
       assert :attrs, [:flower], :disallow => [:site_url]
     end
@@ -161,7 +154,7 @@ example. So we have to pass extra options:
 
   end
 
-  namespace "Review" do
+  resource "Review" do
 
     privilege :edit, [:admin] do
       assert :owner, [:none]

data/lib/access_schema.rb

@@ -4,8 +4,8 @@ require 'access_schema/exceptions'
 require 'access_schema/config'
 require 'access_schema/schema'
 require 'access_schema/assert'
-require 'access_schema/namespace'
-require 'access_schema/element'
+require 'access_schema/resource'
+require 'access_schema/privilege'
 require 'access_schema/expectation'
 
 require 'access_schema/loggers/proxy_logger'
@@ -16,8 +16,8 @@ require 'access_schema/builders/config_builder'
 require 'access_schema/builders/basic_builder'
 require 'access_schema/builders/roles_builder'
 require 'access_schema/builders/asserts_builder'
-require 'access_schema/builders/namespace_builder'
-require 'access_schema/builders/element_builder'
+require 'access_schema/builders/resource_builder'
+require 'access_schema/builders/privilege_builder'
 require 'access_schema/builders/schema_builder'
 
 require 'access_schema/proxy'

data/lib/access_schema/builders/{element_builder.rb → privilege_builder.rb}

@@ -1,5 +1,5 @@
 module AccessSchema
-  class ElementBuilder < BasicBuilder
+  class PrivilegeBuilder < BasicBuilder
 
     def assert(name, roles = [], options = {})
       expectation = Expectation.new(name.to_sym, roles.map(&:to_sym), options)

data/lib/access_schema/builders/resource_builder.rb

@@ -0,0 +1,14 @@
+module AccessSchema
+  class ResourceBuilder < BasicBuilder
+
+    def privilege(name, roles = [], &block)
+      privilege = Privilege.new(name.to_sym, roles.map(&:to_sym))
+      if block_given?
+        builder = PrivilegeBuilder.new(privilege)
+        builder.instance_eval(&block)
+      end
+      schema.add_privilege(privilege)
+    end
+
+  end
+end

data/lib/access_schema/builders/roles_builder.rb

@@ -5,7 +5,5 @@ module AccessSchema
       schema.add_role(role.to_sym)
     end
 
-    alias :plan :role
-
   end
 end

data/lib/access_schema/builders/schema_builder.rb

@@ -18,21 +18,17 @@ module AccessSchema
       builder.instance_eval(&block)
     end
 
-    alias :plans :roles
-
     def asserts(&block)
       builder = AssertsBuilder.new(schema)
       builder.instance_eval(&block)
     end
 
-    def namespace(name, &block)
-      namespace = Namespace.new(name.to_sym)
-      builder = NamespaceBuilder.new(namespace)
+    def resource(name, &block)
+      resource = Resource.new(name.to_sym)
+      builder = ResourceBuilder.new(resource)
       builder.instance_eval(&block)
-      schema.add_namespace(namespace)
+      schema.add_resource(resource)
     end
 
-    alias :resource :namespace
-
   end
 end

data/lib/access_schema/{element.rb → privilege.rb}

@@ -1,5 +1,5 @@
 module AccessSchema
-  class Element
+  class Privilege
     attr_reader :name
 
     def initialize(name, roles, &block)

data/lib/access_schema/proxy.rb

@@ -29,8 +29,8 @@ module AccessSchema
     private
 
     def normalize_args(args)
-      namespace = args[0]
-      feature = args[1]
+      resource = args[0]
+      privilege = args[1]
 
       roles, options = case args[2]
       when Hash, nil
@@ -43,7 +43,7 @@ module AccessSchema
       options_to_pass.delete :plan
       options_to_pass.delete :role
 
-      [namespace, feature, roles, options_to_pass.merge(options)]
+      [resource, privilege, roles, options_to_pass.merge(options)]
     end
 
   end

data/lib/access_schema/resource.rb

@@ -0,0 +1,23 @@
+module AccessSchema
+  class Resource
+    attr_reader :name
+
+    def initialize(name)
+      @name = name
+      @privileges = {}
+    end
+
+    def privileges
+      @privileges.values
+    end
+
+    def add_privilege(privilege)
+      @privileges[privilege.name] = privilege
+    end
+
+    def get_privilege(name)
+      @privileges[name]
+    end
+
+  end
+end

data/lib/access_schema/schema.rb

@@ -7,7 +7,7 @@ module AccessSchema
     def initialize
       @roles = []
       @asserts = {}
-      @namespaces = {}
+      @resources = {}
     end
 
     def add_role(role)
@@ -18,8 +18,8 @@ module AccessSchema
       @asserts[assert.name] = assert
     end
 
-    def add_namespace(namespace)
-      @namespaces[namespace.name] = namespace
+    def add_resource(resource)
+      @resources[resource.name] = resource
     end
 
     def allow?(*args)
@@ -46,43 +46,61 @@ module AccessSchema
 
       raise NoRoleError.new if (self.roles & roles).empty?
 
+      roles = normalize_roles_order(roles)
 
       case args[0]
       when String, Symbol
-        namespace = args[0].to_sym
-        [namespace, privilege, roles, options]
+        resource = args[0].to_sym
+        [resource, privilege, roles, options]
       else
-        namespace = args[0].class.name.to_sym
-        [namespace, privilege, roles, options.merge(:subject => args[0])]
+        resource = args[0].class.name.to_sym
+        [resource, privilege, roles, options.merge(:subject => args[0])]
       end
 
     end
 
-    def check!(namespace_name, element_name, roles, options)
+    def normalize_roles_order(roles)
+      @roles.select do |role|
+        roles.include? role
+      end
+    end
+
+    def check!(resource_name, privilege_name, roles, options)
+
+      resouce_name = resource_name.to_sym
+      privilege_name = privilege_name.to_sym
+
+      resource = @resources[resource_name]
+
+      if resource.nil?
+        raise NoResourceError.new(:resource => resource_name)
+      end
+
+      privilege = resource.get_privilege(privilege_name)
+
+      if privilege.nil?
+        raise NoPrivilegeError.new(:resource => resource_name, :privilege => privilege_name)
+      end
 
-      existent_element = false
-      failed_asserts = []
+      failed_asserts = Hash.new{|h, k| h[k] = []}
 
-      allowed = for_element(namespace_name, element_name) do |element|
-        existent_element = true
-        element.allow?(roles) do |expectation|
-          check_assert(expectation, options).tap do |result|
-            failed_asserts << expectation unless result
+      roles_checks = roles.map do |role|
+        privilege.allow?([role]) do |expectation|
+          @asserts[expectation.name].check?(expectation.options.merge(options)).tap do |result|
+            failed_asserts[role] << expectation.name unless result
           end
         end
       end
 
-      raise NoPrivilegeError.new(:privilege => element_name.to_sym) unless existent_element
-
       log_payload = {
-        :resource => namespace_name,
-        :privilege => element_name,
+        :resource => resource_name,
+        :privilege => privilege_name,
         :roles => roles,
         :options => options
       }
 
-      unless allowed
-        log_payload[:failed_asserts] = failed_asserts.map(&:name)
+      unless roles_checks.any?
+        log_payload[:failed_asserts] = failed_asserts
         logger.info{ "check FAILED: #{log_payload.inspect}" }
         raise NotAllowedError.new(log_payload)
       else
@@ -92,30 +110,6 @@ module AccessSchema
 
     end
 
-    def check_assert(expectation, options)
-      @asserts[expectation.name].check?(expectation.options.merge(options))
-    end
-
-    def for_element(namespace, element)
-      ns = namespace.to_sym
-      en = element.to_sym
-
-      elements_for(ns).any? do |element|
-        if element.name == en
-          yield(element)
-        end
-      end
-
-    end
-
-    def elements_for(namespace)
-      if @namespaces.has_key?(namespace)
-        @namespaces[namespace].elements
-      else
-        raise NoResourceError.new(:resource => namespace)
-      end
-    end
-
     private
 
     def logger

data/lib/access_schema/version.rb

@@ -1,3 +1,3 @@
 module AccessSchema
-  VERSION = "0.3.5"
+  VERSION = "0.4.0"
 end

data/spec/access_schema/config_builder_spec.rb

@@ -9,7 +9,7 @@ describe AccessSchema::ConfigBuilder do
       schema :acl, :file => 'spec/schema_example.rb'
     end
 
-    config.schema(:acl).plans.should_not be_nil
+    config.schema(:acl).roles.should_not be_nil
   end
 
   it "can specify logger" do

data/spec/access_schema/schema_builder_spec.rb

@@ -7,8 +7,8 @@ describe AccessSchema::SchemaBuilder do
 
   it "builds schema from block" do
     @schema = AccessSchema::SchemaBuilder.build do
-      plans do
-        plan :none
+      roles do
+        role :none
       end
     end
     @schema.should be
@@ -36,8 +36,8 @@ describe AccessSchema::SchemaBuilder, "produced schema example" do
     @schema = AccessSchema::SchemaBuilder.build_file('spec/schema_example.rb')
   end
 
-  it "creates plans" do
-    @schema.plans.should == [:none, :bulb, :flower, :bouquet]
+  it "creates roles" do
+    @schema.roles.should == [:none, :bulb, :flower, :bouquet, :admin, :user]
   end
 
   context "when checking against plan 'none'"  do

data/spec/access_schema/schema_spec.rb

@@ -28,7 +28,7 @@ describe AccessSchema::Schema, "errors rising" do
 
   describe "#allow?" do
 
-    it "raises exception on invalid namespace" do
+    it "raises exception on invalid resource" do
       lambda {
         @schema.allow? "Invalid", :mark_featured, :none
       }.should raise_error(AccessSchema::NoResourceError)
@@ -48,6 +48,26 @@ describe AccessSchema::Schema, "errors rising" do
 
   end
 
+  describe "privilege union for multiple roles" do
+
+    context "when checking privilege :update for Review in example schema" do
+
+      it "passes for admin" do
+        @schema.should be_allow("Review", :update, [:admin])
+      end
+
+      it "fails for user" do
+        @schema.should_not be_allow("Review", :update, [:user])
+      end
+
+      it "passes for admin and user" do
+        @schema.should be_allow("Review", :update, [:admin, :user])
+      end
+
+    end
+
+  end
+
   describe "#require!" do
 
     it "raises en error is feature is nt allowed"
@@ -70,7 +90,7 @@ describe AccessSchema::Schema, "errors rising" do
     it "logs check fail with info level" do
       @logger.log_only_level = "info"
       @schema.allow? "Review", :mark_featured, :none
-      @logger.output.should == "AccessSchema: check FAILED: {:resource=>:Review, :privilege=>:mark_featured, :roles=>[:none], :options=>{}, :failed_asserts=>[]}"
+      @logger.output.should == "AccessSchema: check FAILED: {:resource=>:Review, :privilege=>:mark_featured, :roles=>[:none], :options=>{}, :failed_asserts=>{}}"
     end
   end
 

data/spec/schema_example.rb

@@ -1,9 +1,12 @@
 
-plans do
-  plan :none
-  plan :bulb
-  plan :flower
-  plan :bouquet
+roles do
+  role :none
+  role :bulb
+  role :flower
+  role :bouquet
+
+  role :admin
+  role :user
 end
 
 asserts do
@@ -12,16 +15,24 @@ asserts do
     subject.photos_count < limit
   end
 
+  assert :false do
+    false
+  end
+
 end
 
-namespace "Review" do
+resource "Review" do
 
-  feature :mark_featured, [:flower, :bouquet]
+  privilege :mark_featured, [:flower, :bouquet]
 
-  feature :add_photo, [:bouquet] do
+  privilege :add_photo, [:bouquet] do
     assert :photo_limit, [:none], :limit => 1
     assert :photo_limit, [:bulb], :limit => 5
     assert :photo_limit, [:flower], :limit => 10
   end
 
+  privilege :update, [:admin] do
+    assert :false, [:user]
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: access_schema
 version: !ruby/object:Gem::Version
-  version: 0.3.5
+  version: 0.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-03-23 00:00:00.000000000 Z
+date: 2012-03-26 00:00:00.000000000 Z
 dependencies: []
 description: AccessSchema is a tool for ACL or tariff plans schema definition and
   checks
@@ -32,19 +32,19 @@ files:
 - lib/access_schema/builders/asserts_builder.rb
 - lib/access_schema/builders/basic_builder.rb
 - lib/access_schema/builders/config_builder.rb
-- lib/access_schema/builders/element_builder.rb
-- lib/access_schema/builders/namespace_builder.rb
+- lib/access_schema/builders/privilege_builder.rb
+- lib/access_schema/builders/resource_builder.rb
 - lib/access_schema/builders/roles_builder.rb
 - lib/access_schema/builders/schema_builder.rb
 - lib/access_schema/config.rb
-- lib/access_schema/element.rb
 - lib/access_schema/exceptions.rb
 - lib/access_schema/expectation.rb
 - lib/access_schema/loggers/proxy_logger.rb
 - lib/access_schema/loggers/stub_logger.rb
 - lib/access_schema/loggers/test_logger.rb
-- lib/access_schema/namespace.rb
+- lib/access_schema/privilege.rb
 - lib/access_schema/proxy.rb
+- lib/access_schema/resource.rb
 - lib/access_schema/schema.rb
 - lib/access_schema/version.rb
 - spec/access_schema/config_builder_spec.rb
@@ -69,7 +69,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1329279297250315893
+      hash: -3729396007705609250
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -78,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -1329279297250315893
+      hash: -3729396007705609250
 requirements: []
 rubyforge_project: access_schema
 rubygems_version: 1.8.16

data/lib/access_schema/builders/namespace_builder.rb

@@ -1,16 +0,0 @@
-module AccessSchema
-  class NamespaceBuilder < BasicBuilder
-
-    def privilege(name, roles = [], &block)
-      element = Element.new(name.to_sym, roles.map(&:to_sym))
-      if block_given?
-        builder = ElementBuilder.new(element)
-        builder.instance_eval(&block)
-      end
-      schema.add_element(element)
-    end
-
-    alias :feature :privilege
-
-  end
-end

data/lib/access_schema/namespace.rb

@@ -1,16 +0,0 @@
-module AccessSchema
-  class Namespace
-    attr_reader :name
-    attr_reader :elements
-
-    def initialize(name)
-      @name = name
-      @elements = []
-    end
-
-    def add_element(element)
-      @elements << element
-    end
-
-  end
-end