active_admin_role 0.1.0

data/gemfiles/rails42.gemfile

@@ -0,0 +1,26 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 4.2.0"
+gem "activeadmin", "1.0.0.pre4"
+gem "devise", "~> 4.2.0"
+gem "pry"
+gem "appraisal"
+
+group :development do
+  gem "bundler", "~> 1.13.0"
+  gem "rake", "~> 10.0"
+  gem "rubocop", "~> 0.40.0"
+end
+
+group :test do
+  gem "capybara"
+  gem "rspec-rails"
+  gem "database_cleaner"
+  gem "shoulda-matchers"
+  gem "sqlite3", :platforms => :mri
+  gem "poltergeist"
+end
+
+gemspec :path => "../"

data/gemfiles/rails50.gemfile

@@ -0,0 +1,27 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 5.0.0"
+gem "activeadmin", :github => "activeadmin/activeadmin"
+gem "devise", "~> 4.2.0"
+gem "pry"
+gem "appraisal"
+gem "inherited_resources", :github => "activeadmin/inherited_resources"
+
+group :development do
+  gem "bundler", "~> 1.13.0"
+  gem "rake", "~> 10.0"
+  gem "rubocop", "~> 0.40.0"
+end
+
+group :test do
+  gem "capybara"
+  gem "rspec-rails"
+  gem "database_cleaner"
+  gem "shoulda-matchers"
+  gem "sqlite3", :platforms => :mri
+  gem "poltergeist"
+end
+
+gemspec :path => "../"

data/lib/active_admin_role/active_admin/dsl.rb

@@ -0,0 +1,24 @@
+module ActiveAdminRole
+  module ActiveAdmin
+    module DSL
+      def role_changeable
+        scope(:all, default: true)
+
+        controller.resource_class.roles.each_key(&method(:scope))
+
+        controller.resource_class.roles.each_key do |role|
+          batch_action "assign as #{role}" do |ids|
+            formatted_ids = ids - [current_admin_user.id.to_s]
+            resource_class.where(id: formatted_ids).update_all(role: resource_class.roles[role])
+
+            if Rails::VERSION::MAJOR >= 5
+              redirect_back fallback_location: admin_root_url, notice: t("views.admin_user.notice.assigned", role: role)
+            else
+              redirect_to :back, notice: t("views.admin_user.notice.assigned", role: role)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_admin_role/active_admin/resource_controller.rb

@@ -0,0 +1,21 @@
+module ActiveAdminRole
+  module ActiveAdmin
+    module ResourceController
+      def self.included(klass)
+        klass.class_eval do
+          if Rails::VERSION::MAJOR >= 4
+            before_action :authorize_access_resource!, except: %i(index new create show edit update destroy)
+          else
+            before_filter :authorize_access_resource!, except: %i(index new create show edit update destroy)
+          end
+        end
+      end
+
+      private
+
+      def authorize_access_resource!
+        authorize_resource!(active_admin_config.resource_class)
+      end
+    end
+  end
+end

data/lib/active_admin_role/can_can/ability.rb

@@ -0,0 +1,15 @@
+module ActiveAdminRole
+  module CanCan
+    module Ability
+      private
+
+      def register_role_based_abilities(user)
+        return if user.guest_user?
+
+        (::ActiveAdmin::Permission.indexed_cache[user.role] || []).select(&:active?).each do |permission|
+          send(*permission.to_condition)
+        end
+      end
+    end
+  end
+end

data/lib/active_admin_role/config.rb

@@ -0,0 +1,17 @@
+module ActiveAdminRole
+  class Config
+    attr_accessor :roles, :super_user_roles, :guest_user_roles, :user_class_name, :default_state
+
+    def initialize
+      @roles            = { guest: 0, support: 1, staff: 2, manager: 3, admin: 99 }
+      @guest_user_roles = [:guest]
+      @super_user_roles = [:admin]
+      @user_class_name  = "AdminUser"
+      @default_state    = :cannot
+    end
+
+    def default_state=(value)
+      @default_state = value.to_s == "can" ? :can : :cannot
+    end
+  end
+end

data/lib/active_admin_role/engine.rb

@@ -0,0 +1,15 @@
+require "rails/engine"
+
+module ActiveAdminRole
+  class Engine < ::Rails::Engine
+    initializer "active_admin_role" do
+      ActiveSupport.on_load :active_record do
+        ActiveRecord::Base.send :extend, ::ActiveAdminRole::Model
+      end
+
+      ActiveSupport.on_load :after_initialize do
+        ::ActiveAdmin::ResourceController.send :include, ::ActiveAdminRole::ActiveAdmin::ResourceController
+      end
+    end
+  end
+end

data/lib/active_admin_role/manageable_resource.rb

@@ -0,0 +1,44 @@
+require "set"
+
+module ActiveAdminRole
+  class ManageableResource
+    def call
+      ::ActiveAdmin.application.namespaces[:admin].resources.inject([]) do |result, resource|
+        class_name = resource.controller.resource_class.to_s
+        name       = resource.resource_name.name
+        actions    = collect_defined_actions(resource)
+
+        result += eval_actions(actions).map do |action|
+          { class_name: class_name, name: name, action: action }
+        end
+
+        result
+      end
+    end
+
+    private
+
+    def collect_defined_actions(resource)
+      if resource.respond_to?(:defined_actions)
+        defined_actions    = resource.defined_actions
+        member_actions     = resource.member_actions.map(&:name)
+        collection_actions = resource.collection_actions.map(&:name)
+        batch_actions      = resource.batch_actions_enabled? ? [:batch_action] : []
+
+        defined_actions | member_actions | member_actions | collection_actions | batch_actions
+      else
+        resource.page_actions.map(&:name) | [:index]
+      end
+    end
+
+    def eval_actions(actions)
+      actions.inject(Set.new) do |result, action|
+        result << (actions_dictionary[action] || action).to_s
+      end
+    end
+
+    def actions_dictionary
+      @_actions_dictionary ||= ::ActiveAdmin::BaseController::Authorization::ACTIONS_DICTIONARY.dup
+    end
+  end
+end

data/lib/active_admin_role/model.rb

@@ -0,0 +1,7 @@
+module ActiveAdminRole
+  module Model
+    def role_based_authorizable
+      send :include, ::ActiveAdminRole::RoleBasedAuthorizable
+    end
+  end
+end

data/lib/active_admin_role/role_based_authorizable.rb

@@ -0,0 +1,45 @@
+module ActiveAdminRole
+  module RoleBasedAuthorizable
+    def self.included(klass)
+      klass.class_eval do
+        extend ClassMethods
+
+        enum role: config.roles
+        delegate :super_user_roles, :guest_user_roles, to: :class
+        validates :role, presence: true
+      end
+    end
+
+    def super_user?
+      role.in?(super_user_roles)
+    end
+
+    def guest_user?
+      role.in?(guest_user_roles)
+    end
+
+    module ClassMethods
+      def manageable_roles
+        @_manageable_roles ||= roles.except(*manageless_roles)
+      end
+
+      def super_user_roles
+        @_super_user_roles ||= config.super_user_roles.try(:map, &:to_s) || []
+      end
+
+      def guest_user_roles
+        @_guest_users ||= config.guest_user_roles.try(:map, &:to_s) || []
+      end
+
+      private
+
+      def manageless_roles
+        (super_user_roles + guest_user_roles).flatten.compact
+      end
+
+      def config
+        ::ActiveAdminRole.config
+      end
+    end
+  end
+end

data/lib/active_admin_role/version.rb

@@ -0,0 +1,3 @@
+module ActiveAdminRole
+  VERSION = "0.1.0".freeze
+end

data/lib/active_admin_role.rb

@@ -0,0 +1,21 @@
+require "active_admin"
+require "active_admin_role/active_admin/dsl"
+require "active_admin_role/active_admin/resource_controller"
+require "active_admin_role/can_can/ability"
+require "active_admin_role/config"
+require "active_admin_role/engine"
+require "active_admin_role/manageable_resource"
+require "active_admin_role/model"
+require "active_admin_role/role_based_authorizable"
+
+module ActiveAdminRole
+  def self.configure
+    yield(config)
+  end
+
+  def self.config
+    @_config ||= Config.new
+  end
+end
+
+::ActiveAdmin::DSL.send :include, ActiveAdminRole::ActiveAdmin::DSL

data/lib/generators/active_admin_role/USAGE

@@ -0,0 +1,9 @@
+Description:
+  Generates the necessary files to get you up and running with ActiveAdminRole gem
+
+Examples:
+  rails generate active_admin_role:install
+
+    This will generate the core migration file, the initializer file and the 'AdminUser' model class.
+
+  rails generate active_admin_role:install --model User

data/lib/generators/active_admin_role/helper.rb

@@ -0,0 +1,64 @@
+module ActiveAdminRole
+  module Generators
+    module Helper
+      def self.included(klass)
+        klass.send :extend, ClassMethods
+      end
+
+      private
+
+      def model_class_name
+        options[:model] ? options[:model].classify : "AdminUser"
+      end
+
+      def model_file_path
+        model_name.underscore
+      end
+
+      def model_path
+        @model_path ||= File.join("app", "models", "#{model_file_path}.rb")
+      end
+
+      def namespace
+        Rails::Generators.namespace if Rails::Generators.respond_to?(:namespace)
+      end
+
+      def namespaced?
+        !!namespace
+      end
+
+      def model_name
+        if namespaced?
+          [namespace.to_s] + [model_class_name]
+        else
+          [model_class_name]
+        end.join("::")
+      end
+
+      def inject_into_model
+        indents = "  " * (namespaced? ? 2 : 1)
+        inject_into_class model_path, model_class_name, "#{indents}role_based_authorizable\n"
+      end
+
+      def migration_class_name
+        if Rails::VERSION::MAJOR >= 5
+          "ActiveRecord::Migration[#{Rails::VERSION::MAJOR}.#{Rails::VERSION::MINOR}]"
+        else
+          "ActiveRecord::Migration"
+        end
+      end
+
+      module ClassMethods
+        # Define the next_migration_number method (necessary for the migration_template method to work)
+        def next_migration_number(dirname)
+          if ActiveRecord::Base.timestamped_migrations
+            sleep 1 # make sure each time we get a different timestamp
+            Time.new.utc.strftime("%Y%m%d%H%M%S")
+          else
+            format("%.3d", (current_migration_number(dirname) + 1))
+          end
+        end
+      end
+    end
+  end
+end

data/lib/generators/active_admin_role/install_generator.rb

@@ -0,0 +1,54 @@
+require "rails/generators/migration"
+require "generators/active_admin_role/helper"
+
+module ActiveAdminRole
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      include Rails::Generators::Migration
+      include ActiveAdminRole::Generators::Helper
+
+      source_root File.expand_path("../templates", __FILE__)
+
+      class_option :model, optional: true,
+                           type:     :string,
+                           banner:   "model",
+                           desc:     "Specify the model class name if you will use anything other than `AdminUser`",
+                           default:  "AdminUser"
+
+      def copy_initializer_file
+        template "initializer.rb", "config/initializers/active_admin_role.rb"
+      end
+
+      def configure_model
+        generate :"active_admin:install #{model_class_name}" unless model_class_name.safe_constantize
+        inject_into_model
+      end
+
+      def copy_migration_files
+        migration_template "migration/add_role_to_admin_users.rb", "db/migrate/add_role_to_#{model_class_name.tableize}.rb", migration_class_name: migration_class_name
+        migration_template "migration/create_active_admin_managed_resources.rb", "db/migrate/create_active_admin_managed_resources.rb", migration_class_name: migration_class_name
+        migration_template "migration/create_active_admin_permissions.rb", "db/migrate/create_active_admin_permissions.rb", migration_class_name: migration_class_name
+      end
+
+      def copy_model_file
+        template "model/ability.rb", "app/models/ability.rb"
+      end
+
+      def configure_active_admin
+        gsub_file "config/initializers/active_admin.rb",
+                  "# config.authorization_adapter = ActiveAdmin::CanCanAdapter",
+                  "config.authorization_adapter = ActiveAdmin::CanCanAdapter"
+      end
+
+      def copy_admin_permission_file
+        template "admin/permission.rb", "app/admin/permission.rb"
+      end
+
+      def configure_admin_user_file
+        inject_into_file "app/admin/#{model_file_path}.rb",
+                         "  role_changeable\n",
+                         after: "ActiveAdmin.register #{model_class_name} do\n"
+      end
+    end
+  end
+end

data/lib/generators/active_admin_role/templates/admin/permission.rb

@@ -0,0 +1,71 @@
+ActiveAdmin.register ::ActiveAdmin::Permission, as: "Permission" do
+  actions :index
+
+  filter :state, as: :select, collection: controller.resource_class.states
+
+  filter :managed_resource_action_equals, as: :select,
+    label: ::ActiveAdmin::ManagedResource.human_attribute_name(:action),
+<%- if Rails::VERSION::MAJOR >= 5 -%>
+    collection: -> { ::ActiveAdmin::ManagedResource.distinct.order(:action).pluck(:action) }
+<%- else -%>
+    collection: -> { ::ActiveAdmin::ManagedResource.uniq.order(:action).pluck(:action) }
+<%- end -%>
+
+  filter :managed_resource_name_equals, as: :select,
+    label: ::ActiveAdmin::ManagedResource.human_attribute_name(:name),
+<%- if Rails::VERSION::MAJOR >= 5 -%>
+    collection: -> { ::ActiveAdmin::ManagedResource.distinct.pluck(:name).sort }
+<%- else -%>
+    collection: -> { ::ActiveAdmin::ManagedResource.uniq.pluck(:name).sort }
+<%- end -%>
+
+  filter :managed_resource_class_name_equals, as: :select,
+    label: ::ActiveAdmin::ManagedResource.human_attribute_name(:class_name),
+<%- if Rails::VERSION::MAJOR >= 5 -%>
+    collection: -> { ::ActiveAdmin::ManagedResource.distinct.order(:class_name).pluck(:class_name) }
+<%- else -%>
+    collection: -> { ::ActiveAdmin::ManagedResource.uniq.order(:class_name).pluck(:class_name) }
+<%- end -%>
+
+  scope :all, default: true
+
+  controller.resource_class.manageable_roles.each_key(&method(:scope))
+
+  controller.resource_class.states.each_key do |state|
+    batch_action state do |ids|
+      resource_class.clear_cache
+      resource_class.where(id: ids).update_all(state: resource_class.states[state])
+<%- if Rails::VERSION::MAJOR >= 5 -%>
+      redirect_back fallback_location: admin_root_url, notice: t("views.permission.notice.state_changed", state: state)
+<%- else -%>
+      redirect_to :back, notice: t("views.permission.notice.state_changed", state: state)
+<%- end -%>
+    end
+  end
+
+  collection_action :reload, method: :post do
+    ::ActiveAdmin::ManagedResource.reload
+<%- if Rails::VERSION::MAJOR >= 5 -%>
+    redirect_back(fallback_location: admin_root_url, notice: t("views.permission.notice.reloaded"))
+<%- else -%>
+    redirect_to :back, notice: t("views.permission.notice.reloaded")
+<%- end -%>
+  end
+
+  action_item :reload do
+    link_to t("views.permission.action_item.reload"), reload_admin_permissions_path, method: :post
+  end
+
+  includes :managed_resource
+
+  index do
+    selectable_column
+    column :role
+    column(:state) do |record|
+      status_tag(record.state, record.can? ? :ok : nil)
+    end
+    column :action
+    column :name
+    column :class_name
+  end
+end

data/lib/generators/active_admin_role/templates/initializer.rb

@@ -0,0 +1,18 @@
+ActiveAdminRole.configure do |config|
+  # [Required:Hash]
+  # == Role | default: { guest: 0, support: 1, staff: 2, manager: 3, admin: 99 }
+  config.roles = { guest: 0, support: 1, staff: 2, manager: 3, admin: 99 }
+
+  # [Optional:Array]
+  # == Special roles which don't need to manage on database
+  config.super_user_roles = [:admin]
+  config.guest_user_roles = [:guest]
+
+  # [Optional:String]
+  # == User class name | default: 'AdminUser'
+  config.user_class_name = "<%= model_class_name %>"
+
+  # [Optional:Symbol]
+  # == Default permission | default: :cannot
+  config.default_state = :cannot
+end

data/lib/generators/active_admin_role/templates/migration/add_role_to_admin_users.rb

@@ -0,0 +1,5 @@
+class AddRoleTo<%= model_class_name.tableize.camelize %> < <%= migration_class_name %>
+  def change
+    add_column :<%= model_class_name.tableize %>, :role, :integer, null: false, limit: 1, default: 0
+  end
+end

data/lib/generators/active_admin_role/templates/migration/create_active_admin_managed_resources.rb

@@ -0,0 +1,13 @@
+class CreateActiveAdminManagedResources < <%= migration_class_name %>
+  def change
+    create_table :active_admin_managed_resources do |t|
+      t.string :class_name, null: false
+      t.string :action,     null: false
+      t.string :name
+
+      t.timestamp null: false
+    end
+
+    add_index :active_admin_managed_resources, [:class_name, :action, :name], unique: true, name: "active_admin_managed_resources_index"
+  end
+end

data/lib/generators/active_admin_role/templates/migration/create_active_admin_permissions.rb

@@ -0,0 +1,13 @@
+class CreateActiveAdminPermissions < <%= migration_class_name %>
+  def change
+    create_table :active_admin_permissions do |t|
+      t.integer :managed_resource_id, null: false
+      t.integer :role,                null: false, limit: 1, default: 0
+      t.integer :state,               null: false, limit: 1, default: 0
+
+      t.timestamp null: false
+    end
+
+    add_index :active_admin_permissions, [:managed_resource_id, :role], unique: true, name: "active_admin_permissions_index"
+  end
+end

data/lib/generators/active_admin_role/templates/model/ability.rb

@@ -0,0 +1,17 @@
+class Ability
+  include CanCan::Ability
+  include ActiveAdminRole::CanCan::Ability
+
+  def initialize(user)
+    user ||= <%= model_class_name %>.new
+
+    if user.super_user?
+      can :manage, :all
+    else
+      register_role_based_abilities(user)
+    end
+
+    # NOTE: Everyone can read the page of Permission Deny
+    can :read, ActiveAdmin::Page, name: "Dashboard"
+  end
+end

data/tasks/test.rake

@@ -0,0 +1,10 @@
+desc "Creates a test rails app for the specs to run against"
+task :setup do
+  require "rails/version"
+  system("mkdir spec/rails") unless File.exist?("spec/rails")
+  system "bundle exec rails new spec/rails/rails-#{Rails::VERSION::STRING} -m spec/support/rails_template.rb --skip-spring  --skip-turbolinks"
+end
+
+require "rspec/core/rake_task"
+RSpec::Core::RakeTask.new(:spec)
+task default: :spec

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification
+name: active_admin_role
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Yoshiyuki Hirano
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-11-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activeadmin
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0.pre4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0.pre4
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.15.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.15.0
+description: Role based authorization with CanCanCan for Active Admin
+email:
+- yhirano@me.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".ruby-style.yml"
+- ".travis.yml"
+- Appraisals
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- active_admin_role.gemspec
+- app/models/active_admin/managed_resource.rb
+- app/models/active_admin/permission.rb
+- config/locales/en.yml
+- config/locales/ja.yml
+- gemfiles/.bundle/config
+- gemfiles/rails42.gemfile
+- gemfiles/rails50.gemfile
+- lib/active_admin_role.rb
+- lib/active_admin_role/active_admin/dsl.rb
+- lib/active_admin_role/active_admin/resource_controller.rb
+- lib/active_admin_role/can_can/ability.rb
+- lib/active_admin_role/config.rb
+- lib/active_admin_role/engine.rb
+- lib/active_admin_role/manageable_resource.rb
+- lib/active_admin_role/model.rb
+- lib/active_admin_role/role_based_authorizable.rb
+- lib/active_admin_role/version.rb
+- lib/generators/active_admin_role/USAGE
+- lib/generators/active_admin_role/helper.rb
+- lib/generators/active_admin_role/install_generator.rb
+- lib/generators/active_admin_role/templates/admin/permission.rb
+- lib/generators/active_admin_role/templates/initializer.rb
+- lib/generators/active_admin_role/templates/migration/add_role_to_admin_users.rb
+- lib/generators/active_admin_role/templates/migration/create_active_admin_managed_resources.rb
+- lib/generators/active_admin_role/templates/migration/create_active_admin_permissions.rb
+- lib/generators/active_admin_role/templates/model/ability.rb
+- tasks/test.rake
+homepage: https://github.com/yhirano55/active_admin_role
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.2
+signing_key: 
+specification_version: 4
+summary: Role based authorization with CanCanCan for Active Admin
+test_files: []