accessly 0.0.1

data/lib/accessly/query.rb

@@ -0,0 +1,122 @@
+require "accessly/base"
+
+module Accessly
+  # Accessly::Query is the interface that hides the implementation
+  # of the data layer. Ask Accessly::Query whether an actor
+  # has permission on a record, ask it for a list of permitted records for the record
+  # type, and ask it whether an actor has a general permission not
+  # related to any certain record or record type.
+  class Query < Base
+
+    # Create an instance of Accessly::Query.
+    # Lookups are cached in inherited object(s) to prevent redundant calls to the database.
+    # Pass in a Hash or ActiveRecord::Base for actors if the actor(s)
+    # inherit some permissions from other actors in the system. This may happen
+    # when you have a user in one or more groups or organizations with their own
+    # access control permissions.
+    #
+    # @param actors [Hash, ActiveRecord::Base] The actor(s) we're checking permission(s)
+    #
+    # @example
+    #   # Create a new object with a single actor
+    #   Accessly::Query.new(user)
+    # @example
+    #   # Create a new object with multiple actors
+    #   Accessly::Query.new(User => user.id, Group => [1,2], Organization => Organization.where(user_id: user.id).pluck(:id))
+    def initialize(actors)
+      super(actors)
+    end
+
+    # Check whether an actor has a given permission.
+    # @return [Boolean]
+    # @overload can?(action_id, namespace)
+    #   Ask whether the actor has permission to perform action_id
+    #   in the given namespace. Multiple actions can have the same id
+    #   as long as their namespace is different. The namespace can be
+    #   any String. We recommend using namespace to group a class of
+    #   permissions, such as to group parts of a particular feature
+    #   in your application.
+    #
+    #   @param action_id [Integer, Array<Integer>] The action or actions we're checking whether the actor has. If this is an array, then the check is ORed.
+    #   @param namespace [String] The namespace of the given action_id.
+    #   @return [Boolean] Returns true if actor has been granted the permission, false otherwise.
+    #
+    #   @example
+    #     # Can the user perform the action with id 3 for posts?
+    #     Accessly.can?(user, 3, "posts")
+    #   @example
+    #     # Can the user perform the action with id 5 for Posts?
+    #     Accessly::Query.new(user).can?(5, Post)
+    #   @example
+    #     # Can the sets of actors perform the action with id 5 for Posts?
+    #     Accessly::Query.new(User => user.id, Group => [1,2]).can?(5, Post)
+    #   @example
+    #     # Can the user on segment 1 perform the action with id 5 for Posts
+    #     Accessly::Query.new(user).on_segment(1).can?(5, Post)
+    #   @example
+    #     # Can the sets of actors on segment 1 perform the action with id 5 for Posts
+    #     Accessly::Query.new(User => user.id, Group => [1,2]).on_segment(1).can?(5, Post)
+    #
+    # @overload can?(action_id, object_type, object_id)
+    #   Ask whether the actor has permission to perform action_id
+    #   on a given record.
+    #
+    #   @param action_id [Integer, Array<Integer>] The action or actions we're checking whether the actor has. If this is an array, then the check is ORed.
+    #   @param object_type [ActiveRecord::Base] The ActiveRecord model which we're checking for permission on.
+    #   @param object_id [Integer] The id of the ActiveRecord object which we're checking for permission on.
+    #   @return [Boolean] Returns true if actor has been granted the permission on the specified record, false otherwise.
+    #
+    #   @example
+    #     # Can the user perform the action with id 5 for the Post with id 7?
+    #     Accessly::Query.new(user).can?(5, Post, 7)
+    #   @example
+    #     # Can the sets of actors perform the action with id 5 for the Post with id 7?
+    #     Accessly::Query.new(User => user.id, Group => [1,2]).can?(5, Post, 7)
+    #   @example
+    #     # Can the user on segment 1 perform the action with id 5 for the Post with id 7?
+    #     Accessly::Query.new(user).on_segment(1).can?(5, Post, 7)
+    #   @example
+    #     # Can the sets of actors on segment 1 perform the action with id 5 for the Post with id 7?
+    #     Accessly::Query.new(User => user.id, Group => [1,2]).on_segment(1).can?(5, Post, 7)
+    def can?(action_id, object_type, object_id = nil)
+      if object_id.nil?
+        permitted_action_query.can?(action_id, object_type)
+      else
+        permitted_action_on_object_query.can?(action_id, object_type, object_id)
+      end
+    end
+
+    # Returns an ActiveRecord::Relation of ids in the namespace for
+    # which the actor has permission to perform action_id.
+    #
+    # @param action_id [Integer] The action we're checking on the actor in the namespace.
+    # @param namespace [String] The namespace to check actor permissions.
+    # @return [ActiveRecord::Relation]
+    #
+    # @example
+    #   # Give me the list of Post ids on which the user has permission to perform action_id 3
+    #   Accessly::Query.new(user).list(3, Post)
+    # @example
+    #   # Give me the list of Post ids on which the user has permission to perform action_id 3 on segment 1
+    #   Accessly::Query.new(user).on_segment(1).list(3, Post)
+    # @example
+    #   # Give me the list of Post ids on which the user and its groups has permission to perform action_id 3
+    #   Accessly::Query.new(User => user.id, Group => [1,2]).list(3, Post)
+    # @example
+    #   # Give me the list of Post ids on which the user and its groups has permission to perform action_id 3 on segment 1
+    #   Accessly::Query.new(User => user.id, Group => [1,2]).on_segment(1).list(3, Post)
+    def list(action_id, namespace)
+      permitted_action_on_object_query.list(action_id, namespace)
+    end
+
+    private
+
+    def permitted_action_query
+      @_permitted_action_query ||= Accessly::PermittedActions::Query.new(@actors, @segment_id)
+    end
+
+    def permitted_action_on_object_query
+      @_permitted_action_on_object_query ||= Accessly::PermittedActions::OnObjectQuery.new(@actors, @segment_id)
+    end
+  end
+end

data/lib/accessly/query_builder.rb

@@ -0,0 +1,24 @@
+module Accessly
+  class QueryBuilder
+
+    # Builds a query with a series of actors 'OR' together
+    #
+    # Use like this:
+    # `Accessly::QueryBuilder.with_actors(PermittedActionOnObject, {User => 1, Group => [2,3]})`
+    #
+    # @param query [ActiveRecord::Relation] The relation on which to append the where clause
+    # @param actors [Hash] A hash of actors where the key is the object/classname and the value is an Integer or array of Integers
+    # @return [ActiveRecord::Relation]
+    def self.with_actors(query, actors)
+      result_query = nil
+      actors.each do |key, value|
+        result_query = if result_query.nil?
+          query.where(actor_type: String(key), actor_id: value)
+        else
+          result_query.or(query.where(actor_type: String(key), actor_id: value))
+        end
+      end
+      result_query
+    end
+  end
+end

data/lib/accessly/version.rb

@@ -0,0 +1,3 @@
+module Accessly
+  VERSION = "0.0.1"
+end

data/lib/generators/accessly/install/USAGE

@@ -0,0 +1,5 @@
+Description:
+  Install Accessly components inside a rails project
+
+Example:
+    rails generate accessly:install

data/lib/generators/accessly/install/install_generator.rb

@@ -0,0 +1,51 @@
+require "rails/generators"
+require "rails/generators/active_record"
+
+module Accessly
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path("../templates", __FILE__)
+
+      def create_accessly_migration
+        copy_migration "create_permitted_actions.rb"
+        copy_migration "create_permitted_action_on_objects.rb"
+      end
+
+      private
+
+      def copy_migration(migration_name, config = {})
+        unless migration_exists?(migration_name)
+          migration_template(
+            "db/migrate/#{migration_name}",
+            "db/migrate/#{migration_name}",
+            config.merge(migration_version: migration_version),
+          )
+        end
+      end
+
+      def migration_exists?(name)
+        existing_migrations.include?(name)
+      end
+
+      def existing_migrations
+        @existing_migrations ||= Dir.glob("db/migrate/*.rb").map do |file|
+          migration_name_without_timestamp(file)
+        end
+      end
+
+      def migration_name_without_timestamp(file)
+        file.sub(%r{^.*(db/migrate/)(?:\d+_)?}, '')
+      end
+
+      # necessary to generate timestamps when using `create_migration`
+      def self.next_migration_number(dir)
+        ActiveRecord::Generators::Base.next_migration_number(dir)
+      end
+
+      def migration_version
+        "[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
+      end
+    end
+  end
+end

data/lib/generators/accessly/install/templates/db/migrate/create_permitted_action_on_objects.rb

@@ -0,0 +1,15 @@
+class CreatePermittedActionOnObjects < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :accessly_permitted_action_on_objects, force: true, id: :uuid do |t|
+      t.column :segment_id, :integer, default: -1
+      t.column :action, :integer, null: false
+      t.column :actor_id, :integer, null: false
+      t.column :actor_type, :string, null: false
+      t.column :object_type, :string, null: false
+      t.column :object_id, :integer, null: false
+    end
+
+    add_index(:accessly_permitted_action_on_objects, [:segment_id, :actor_type, :actor_id, :object_type, :object_id, :action], unique: true, name: "acessly_paoo_uniq_table_idx")
+    add_index(:accessly_permitted_action_on_objects, [:segment_id, :object_type, :object_id, :action], name: "acessly_paoo_on_object_idx")
+  end
+end

data/lib/generators/accessly/install/templates/db/migrate/create_permitted_actions.rb

@@ -0,0 +1,13 @@
+class CreatePermittedActions < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :accessly_permitted_actions, force: true, id: :uuid do |t|
+      t.column :segment_id, :integer, default: -1
+      t.column :action, :integer, null: false
+      t.column :actor_id, :integer, null: false
+      t.column :actor_type, :string, null: false
+      t.column :object_type, :string, null: false
+    end
+
+    add_index(:accessly_permitted_actions, [:segment_id, :actor_type, :actor_id, :object_type, :action], unique: true, name: "acessly_pa_uniq_table_idx")
+  end
+end

metadata

@@ -0,0 +1,176 @@
+--- !ruby/object:Gem::Specification
+name: accessly
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Aaron Milam
+- Eddie Hourigan
+- Ross Reinhardt
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-03-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: database_cleaner
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+description: Use the policy pattern to define access control mechanisms in Rails.
+  Store user-level, group-level, or org-level permission on any given record or concept
+  in the database with ultra-fast lookups.
+email:
+- devops@lessonly.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".editorconfig"
+- ".gitignore"
+- ".ruby-version"
+- ".tool-versions"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- LICENSE.txt
+- README.md
+- Rakefile
+- accessly.gemspec
+- bin/console
+- bin/setup
+- lib/accessly.rb
+- lib/accessly/base.rb
+- lib/accessly/models/permitted_action.rb
+- lib/accessly/models/permitted_action_on_object.rb
+- lib/accessly/permission/grant.rb
+- lib/accessly/permission/revoke.rb
+- lib/accessly/permitted_actions/base.rb
+- lib/accessly/permitted_actions/on_object_query.rb
+- lib/accessly/permitted_actions/query.rb
+- lib/accessly/policy/base.rb
+- lib/accessly/query.rb
+- lib/accessly/query_builder.rb
+- lib/accessly/version.rb
+- lib/generators/accessly/install/USAGE
+- lib/generators/accessly/install/install_generator.rb
+- lib/generators/accessly/install/templates/db/migrate/create_permitted_action_on_objects.rb
+- lib/generators/accessly/install/templates/db/migrate/create_permitted_actions.rb
+homepage: https://github.com/lessonly/accessly
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.13
+signing_key: 
+specification_version: 4
+summary: Simplified access control in Rails
+test_files: []