aclatraz 0.1.3 → 0.1.4

data/.gitignore

@@ -1,22 +1,11 @@
-## MAC OS
 .DS_Store
-
-## TEXTMATE
 *.tmproj
 tmtags
-
-## EMACS
 *~
 \#*
 .\#*
-
-## VIM
 *.swp
-
-## PROJECT::GENERAL
 coverage
 rdoc
 pkg
-
-## PROJECT::SPECIFIC
 *.rdb

data/CHANGELOG.rdoc

@@ -1,3 +1,9 @@
+== Version 0.1.4
+
+* Added MongoDB store
+* Cleaner and more understandable specs
+* ACL bugfixes
+
 == Version 0.1.3
 
 * Added Cassandra store

data/Rakefile

@@ -1,69 +1,71 @@
-require 'rubygems'
-require 'rake'
-
-begin
-  require 'jeweler'
-  Jeweler::Tasks.new do |gem|
-    gem.name = "aclatraz"
-    gem.email = "kriss.kowalik@gmail.com"
-    gem.homepage = "http://github.com/nu7hatch/aclatraz"
-    gem.authors = ["Kriss 'nu7hatch' Kowalik"]
-    gem.summary = %Q{Flexible access control that doesn't sucks!}
-    gem.description = <<-DESCR
-      Extremaly fast, flexible and intuitive access control mechanism, 
-      powered by fast key value stores like Redis.
-    DESCR
-    gem.add_dependency "dictionary", "~> 1.0"
-    gem.add_development_dependency "rspec", "~> 2.0"
-    gem.add_development_dependency "mocha", "~> 0.9"
-    gem.add_development_dependency "redis", "~> 2.0"
-    gem.add_development_dependency "riak-client", "~> 0.8"
-    gem.add_development_dependency "cassandra", "~> 0.8"
-  end
-  Jeweler::GemcutterTasks.new
-rescue LoadError
-  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
-end
-
+# -*- ruby -*-
+$:.unshift(File.expand_path('../lib', __FILE__))
+require 'aclatraz/version'
 require 'rspec/core/rake_task'
+require 'rake/rdoctask'
+
 RSpec::Core::RakeTask.new(:spec) do |t|
   t.pattern = 'spec/**/*_spec.rb'
-  t.rspec_opts = %q[--colour --backtrace]
+  t.rspec_opts = %q[-c -b]
 end
 
 RSpec::Core::RakeTask.new(:rcov) do |t|
   t.rcov = true
-  t.rspec_opts = %q[--colour --backtrace]
-  t.rcov_opts = %q[--exclude "spec" --text-report]
+  t.rspec_opts = %q[-c -b]
+  t.rcov_opts = %q[-T -x "spec"]
 end
 
-task :spec => :check_dependencies
-task :default => :spec
-
-require 'rake/rdoctask'
 Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
   rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "ACLatraz #{version}"
+  rdoc.title = "ACLatraz #{Aclatraz.version}"
   rdoc.rdoc_files.include('README*')
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
 
+task :default => :spec
+
+desc "Build current version as a rubygem"
+task :build do
+  `gem build aclatraz.gemspec`
+  `mv aclatraz-*.gem pkg/`
+end
+
+desc "Relase current version to rubygems.org"
+task :release => :build do
+  `git tag -am "Version bump to #{Aclatraz.version}" v#{Aclatraz.version}`
+  `git push origin master`
+  `git push origin master --tags`
+  `gem push pkg/aclatraz-#{Aclatraz.version}.gem`
+end
+
 namespace :benchmark do 
-  $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), 'lib'))
+  require 'aclatraz'
   require 'benchmark'
-  require "aclatraz"
   
+  benchmarks = File.expand_path("../spec/alcatraz_bm.rb", __FILE__)
+  
+  desc "Redis store benchmarks"
   task :redis do 
     Aclatraz.init(:redis)
-    require File.dirname(__FILE__)+"/spec/alcatraz_bm"
+    load benchmarks
   end
+  
+  desc "Cassandra store benchmarks"
   task :cassandra do 
     Aclatraz.init(:cassandra, "Super1", "Keyspace1")
-    require File.dirname(__FILE__)+"/spec/alcatraz_bm"
+    load benchmarks
   end
+  
+  desc "Riak store benchmarks"
   task :riak do
     Aclatraz.init(:riak, "roles")
-    require File.dirname(__FILE__)+"/spec/alcatraz_bm"
+    load benchmarks
+  end
+  
+  desc "MongoDB store benchmarks"
+  task :mongo do
+    require 'mongo'
+    Aclatraz.init(:mongo, "roles", Mongo::Connection.new.db("aclatraz_test"))
+    load benchmarks
   end
 end

data/aclatraz.gemspec

@@ -1,95 +1,24 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
-# -*- encoding: utf-8 -*-
+# -*- ruby -*-
+$:.unshift(File.expand_path('../lib', __FILE__))
+require 'aclatraz/version'
 
 Gem::Specification.new do |s|
-  s.name = %q{aclatraz}
-  s.version = "0.1.3"
+  s.name             = 'aclatraz'
+  s.version          = Aclatraz.version
+  s.homepage         = 'http://github.com/nu7hatch/aclatraz'
+  s.email            = ['chris@nu7hat.ch']
+  s.authors          = ['Chris Kowalik']
+  s.summary          = %q{Flexible access control mechanism!}
+  s.description      = %q{Extremaly fast, flexible and intuitive access control mechanism, powered by fast key value stores like Redis.}
+  s.files            = `git ls-files`.split("\n")
+  s.test_files       = `git ls-files -- {spec}/*`.split("\n")
+  s.require_paths    = %w[lib]
+  s.extra_rdoc_files = %w[LICENSE README.rdoc CHANGELOG.rdoc TODO.rdoc]
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Kriss 'nu7hatch' Kowalik"]
-  s.date = %q{2010-10-16}
-  s.description = %q{      Extremaly fast, flexible and intuitive access control mechanism, 
-      powered by fast key value stores like Redis.
-}
-  s.email = %q{kriss.kowalik@gmail.com}
-  s.extra_rdoc_files = [
-    "LICENSE",
-     "README.rdoc"
-  ]
-  s.files = [
-    ".document",
-     ".gitignore",
-     "CHANGELOG.rdoc",
-     "LICENSE",
-     "README.rdoc",
-     "Rakefile",
-     "TODO.rdoc",
-     "VERSION",
-     "aclatraz.gemspec",
-     "examples/dinner.rb",
-     "lib/aclatraz.rb",
-     "lib/aclatraz/acl.rb",
-     "lib/aclatraz/guard.rb",
-     "lib/aclatraz/helpers.rb",
-     "lib/aclatraz/store.rb",
-     "lib/aclatraz/store/cassandra.rb",
-     "lib/aclatraz/store/redis.rb",
-     "lib/aclatraz/store/riak.rb",
-     "lib/aclatraz/suspect.rb",
-     "spec/aclatraz/acl_spec.rb",
-     "spec/aclatraz/guard_spec.rb",
-     "spec/aclatraz/helpers_spec.rb",
-     "spec/aclatraz/stores_spec.rb",
-     "spec/aclatraz/suspect_spec.rb",
-     "spec/aclatraz_spec.rb",
-     "spec/alcatraz_bm.rb",
-     "spec/spec_helper.rb"
-  ]
-  s.homepage = %q{http://github.com/nu7hatch/aclatraz}
-  s.rdoc_options = ["--charset=UTF-8"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.7}
-  s.summary = %q{Flexible access control that doesn't sucks!}
-  s.test_files = [
-    "spec/alcatraz_bm.rb",
-     "spec/spec_helper.rb",
-     "spec/aclatraz/guard_spec.rb",
-     "spec/aclatraz/helpers_spec.rb",
-     "spec/aclatraz/acl_spec.rb",
-     "spec/aclatraz/stores_spec.rb",
-     "spec/aclatraz/suspect_spec.rb",
-     "spec/aclatraz_spec.rb",
-     "examples/dinner.rb"
-  ]
-
-  if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
-    s.specification_version = 3
-
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<dictionary>, ["~> 1.0"])
-      s.add_development_dependency(%q<rspec>, ["~> 2.0"])
-      s.add_development_dependency(%q<mocha>, ["~> 0.9"])
-      s.add_development_dependency(%q<redis>, ["~> 2.0"])
-      s.add_development_dependency(%q<riak-client>, ["~> 0.8"])
-      s.add_development_dependency(%q<cassandra>, ["~> 0.8"])
-    else
-      s.add_dependency(%q<dictionary>, ["~> 1.0"])
-      s.add_dependency(%q<rspec>, ["~> 2.0"])
-      s.add_dependency(%q<mocha>, ["~> 0.9"])
-      s.add_dependency(%q<redis>, ["~> 2.0"])
-      s.add_dependency(%q<riak-client>, ["~> 0.8"])
-      s.add_dependency(%q<cassandra>, ["~> 0.8"])
-    end
-  else
-    s.add_dependency(%q<dictionary>, ["~> 1.0"])
-    s.add_dependency(%q<rspec>, ["~> 2.0"])
-    s.add_dependency(%q<mocha>, ["~> 0.9"])
-    s.add_dependency(%q<redis>, ["~> 2.0"])
-    s.add_dependency(%q<riak-client>, ["~> 0.8"])
-    s.add_dependency(%q<cassandra>, ["~> 0.8"])
-  end
+  s.add_runtime_dependency     'dictionary',  ['~> 1.0']
+  s.add_development_dependency 'rspec',       ["~> 2.0"]
+  s.add_development_dependency 'mocha',       [">= 0.9"]
+  s.add_development_dependency 'redis',       [">= 2.0"]
+  s.add_development_dependency 'riak-client', [">= 0.8"]
+  s.add_development_dependency 'cassandra',   [">= 0.8"]
 end
-

data/lib/aclatraz.rb

@@ -1,12 +1,13 @@
 require 'dictionary'
 
-require 'aclatraz/helpers'
-require 'aclatraz/store'
-require 'aclatraz/acl'
-require 'aclatraz/guard'
-require 'aclatraz/suspect'
-
 module Aclatraz
+  require 'aclatraz/helpers'
+  require 'aclatraz/store'
+  require 'aclatraz/acl'
+  require 'aclatraz/guard'
+  require 'aclatraz/suspect'
+  require 'aclatraz/version'
+  
   # Raised when suspect don't have permission to execute action
   class AccessDenied < Exception; end 
   

data/lib/aclatraz/acl.rb

@@ -4,9 +4,9 @@ module Aclatraz
       # All permissions defined in this action.  
       attr_reader :permissions
       
-      def initialize(parent, &block) # :nodoc:
+      def initialize(parent, &block) 
         @parent = parent
-        @permissions = Dictionary.new
+        @permissions = Dictionary.new {|h,k| h[k] = false}.merge(parent.permissions)
         instance_eval(&block) if block_given?
       end
 
@@ -54,9 +54,7 @@ module Aclatraz
       end
       
       def clone(parent) # :nodoc:
-        cloned = self.class.new(parent)
-        cloned.instance_variable_set("@permissions", Hash.new(permissions))
-        cloned
+        self.class.new(parent)
       end
     end # Action
     
@@ -66,7 +64,7 @@ module Aclatraz
     # Current suspected object. 
     attr_accessor :suspect
     
-    def initialize(suspect, &block) # :nodoc:
+    def initialize(suspect, &block)
       @actions = {}
       @suspect = suspect
       evaluate(&block) if block_given?
@@ -87,7 +85,7 @@ module Aclatraz
     
     # List of permissions defined in default action. 
     def permissions
-      @actions[:_] ? @actions[:_].permissions : Dictionary.new
+      @actions[:_] ? @actions[:_].permissions : Dictionary.new {|h,k| h[k] = false}
     end
     
     # Syntactic sugar for actions <tt>actions[action]</tt>.
@@ -109,7 +107,7 @@ module Aclatraz
     #     end
     #   end 
     def on(action, &block)
-      raise ArgumentError, "No block given" unless block_given?
+      raise ArgumentError, "No block given!" unless block_given?
       if @actions.key?(action)
         @actions[action].instance_eval(&block)
       else

data/lib/aclatraz/store.rb

@@ -3,6 +3,7 @@ module Aclatraz
     autoload :Redis,        'aclatraz/store/redis'
     autoload :Riak,         'aclatraz/store/riak'
     autoload :Cassandra,    'aclatraz/store/cassandra'
+    autoload :Mongo,        'aclatraz/store/mongo'
     #autoload :Memcached,    'aclatraz/store/memcached'
     #autoload :TokyoCabinet, 'aclatraz/store/tokyocabinet'
   end # Store

data/lib/aclatraz/store/cassandra.rb

@@ -1,3 +1,5 @@
+require 'cassandra'
+
 module Aclatraz
   module Store
     # List of global roles are stored in `roles => all` key. Each suspect has its 
@@ -16,9 +18,6 @@ module Aclatraz
       SUSPECT_ROLES_KEY = "suspect.%s"
       
       def initialize(*args)
-        require 'cassandra' rescue raise LoadError, \
-          "You must install the `casssandra` gem to use Cassandra store"
-        
         @family  = args.shift
         @backend = if args.first.respond_to?(:keyspace)
           args.first

data/lib/aclatraz/store/mongo.rb

@@ -0,0 +1,56 @@
+require 'mongo'
+
+module Aclatraz
+  module Store
+    # For MongoDB, each role is stored in separate row:
+    #
+    #   {"roles" => [
+    #     {"suspect" => 1, "role" => "admin" },
+    #     {"suspect" => 2, "role" => "manager/ClassName" },
+    #     {"suspect" => 3, "role" => "owner/ClassName/1" }
+    #   ]}
+    class Mongo
+      include Aclatraz::Helpers
+
+      ROLE_KEY    = "role"
+      SUSPECT_KEY = "suspect"
+
+      def initialize(collection, mongo)
+        @backend    = mongo
+        @collection = collection
+      end
+
+      def set(role, suspect, object=nil)
+        @backend[@collection].insert(make_doc(role, suspect, object))
+      end
+
+      def roles(suspect=nil)
+        if suspect
+          @backend[@collection].find(SUSPECT_KEY => suspect_id(suspect)).map {|row| row[ROLE_KEY] }
+        else
+          @backend[@collection].find.map {|row| row[ROLE_KEY] }
+        end.compact.uniq
+      end
+
+      def check(role, suspect, object=nil)
+        @backend[@collection].find(make_doc(role, suspect, object)).map.empty? == false or begin
+          object && !object.is_a?(Class) ? check(role, suspect, object.class) : false
+        end
+      end
+
+      def delete(role, suspect, object=nil)
+        @backend[@collection].remove(make_doc(role, suspect, object))
+      end
+
+      def clear
+        @backend[@collection].remove
+      end
+      
+      private
+      
+      def make_doc(role, suspect, object)
+        { SUSPECT_KEY => suspect_id(suspect), ROLE_KEY => pack(role.to_s, object) }
+      end
+    end # Mongo
+  end # Store
+end # Aclatraz

data/lib/aclatraz/store/redis.rb

@@ -1,3 +1,5 @@
+require 'redis'
+
 module Aclatraz
   module Store
     # List of global roles are stored in ROLES set. Each suspect has its 
@@ -15,9 +17,6 @@ module Aclatraz
       SUSPECT_ROLES_KEY = "suspect.%s.roles"
       
       def initialize(*args)
-        require 'redis' rescue raise LoadError, \
-          "You must install the `redis` gem to use Redis store"
-        
         @backend = if args.first.respond_to?(:sadd)
           args.first
         else

data/lib/aclatraz/store/riak.rb

@@ -1,3 +1,5 @@
+require 'riak'
+
 module Aclatraz
   module Store
     # The most optimal way to store roles in riak database is pack everything
@@ -10,9 +12,6 @@ module Aclatraz
       include Aclatraz::Helpers
 
       def initialize(bucket_name, *args)
-        require "riak" rescue raise LoadError, \
-          "You must install the `riak-client` gem to use Riak store"
-        
         @backend = if args.first.respond_to?(:bucket)
           args.first.bucket(bucket_name)
         else

data/spec/aclatraz/acl_spec.rb

@@ -1,45 +1,49 @@
 require 'spec_helper'
 
-describe "Aclatraz ACL" do 
+describe "Aclatraz ACL" do
+  subject { Aclatraz::ACL } 
   before(:all) { Aclatraz.init(:redis, "redis://localhost:6379/0") }
   
-  it "should properly store suspect" do 
-    acl = Aclatraz::ACL.new(:bar) {}
-    acl.suspect.should == :bar
+  it "should properly set suspect" do 
+    acl = subject.new(:suspect) {}
+    acl.suspect.should == :suspect
   end
   
   it "should properly store flat access control lists" do
-    acl = Aclatraz::ACL.new(:foo) {} 
-    acl.actions[:_].allow :foo
-    acl.permissions[:foo].should be_true
-    acl.actions[:_].deny :foo
-    acl.permissions[:foo].should be_false
-    acl.actions[:_].allow :foo => :bar
-    acl.permissions[{:foo=>:bar}].should be_true
+    acl = subject.new(:suspect) {} 
+    acl.actions[:_].allow :admin
+    acl.permissions[:admin].should be_true
+    acl.actions[:_].deny :admin
+    acl.permissions[:admin].should be_false
+    acl.actions[:_].allow :owner_of => :book
+    acl.permissions[{:owner_of => :book}].should be_true
   end
   
-  it "should allow for define seperated lists which are inherit from main block" do 
-    acl = Aclatraz::ACL.new(:foo) do 
-      allow :foo
-      on(:spam) { allow :spam }
-      on(:eggs) { allow :eggs }
-      on(:spam) { allow :boo }
+  it "should allow for grouping permissions in namespaces, which are inherit from main block" do 
+    acl = subject.new(:suspect) do 
+      allow :admin
+      on(:library) { allow :librarian }
+      on(:kitchen) { allow :cooker }
+      on(:kennel)  { allow :dog }
     end
     
-    acl.permissions[:foo].should be_true
-    acl.permissions[:spam].should_not be_true
-    acl.permissions[:eggs].should_not be_true
-    acl.permissions[:boo].should_not be_true
-    acl[:spam].permissions[:foo].should be_nil
-    acl[:spam].permissions[:spam].should be_true
-    acl[:spam].permissions[:eggs].should be_nil
-    acl[:spam].permissions[:boo].should be_true
-    acl[:eggs].permissions[:foo].should be_nil
-    acl[:eggs].permissions[:eggs].should be_true
-    acl[:eggs].permissions[:spam].should be_nil
+    acl.permissions[:admin].should be_true
+    acl.permissions[:librarian].should be_false
+    acl.permissions[:cooker].should be_false
+    acl.permissions[:dog].should be_false
+    
+    acl[:library].permissions[:librarian].should be_true
+    acl[:library].permissions[:cooker].should be_false
+    acl[:library].permissions[:dog].should be_false
+    acl[:library].permissions[:admin].should be_false
+    
+    acl[:kitchen].permissions[:cooker].should be_true
+    acl[:kitchen].permissions[:librarian].should be_false
+    acl[:kitchen].permissions[:dog].should be_false
+    acl[:kitchen].permissions[:admin].should be_false
   end
   
-  it "should raise ArgumentError when no block given" do 
-    lambda { Aclatraz::ACL.new }.should raise_error(ArgumentError)
+  it "should raise error when no block given" do 
+    lambda { subject.new }.should raise_error(ArgumentError)
   end
 end