active_restrictors 0.1.0

data/CHANGELOG.rdoc

@@ -0,0 +1,2 @@
+== v0.1.0
+* Initial release

data/README.rdoc

@@ -0,0 +1,108 @@
+== ActiveRestrictors
+
+Chainable ActiveRecord restriction chaining.
+
+=== Overview
+
+Restrictions are made via join tables between two models and a User object. Imagine these models:
+
+  +-------+       +---------------+      +------------+    +--------------+       +------+
+  | Fubar |<*----- FubarPermission|<-----| Permission |--->|UserPermission|-----*>| User |
+  +-------+       +---------------+      +------------+    +--------------+       +------+
+
+Our model definitions would look something like:
+
+  class Permission < ActiveRecord::Base
+    has_many :fubar_permissions, :dependent => :destroy
+    has_many :fubars, :through => :fubar_permissions
+    has_many :user_permissions, :dependent => :destroy
+    has_many :users, :through => :user_permissions
+  end
+
+  class FubarPermission < ActiveRecord::Base
+    belongs_to :fubar
+    belongs_to :permission
+  end
+
+  class Fubar < ActiveRecord::Base
+    has_many :fubar_permissions, :dependent => :destroy
+    has_many :permissions, :through => :fubar_permissions
+  end
+
+  class UserPermission < ActiveRecord::Base
+    belongs_to :user
+    belongs_to :permission
+  end
+
+  class User < ActiveRecord::Base
+    has_many :user_permissions, :dependent => :destroy
+    has_many :users, :through => :user_permissions
+  end
+
+Now, suppose a User should only be allowed to to see a Fubar instance if the Fubar instance and the User both have the same permission assigned to them. We modify Fubar like so:
+
+  class Fubar < ActiveRecord::Base
+    ...
+    include ActiveRestrictor
+
+    add_restrictor(:permissions,
+      :enabled => lambda{ User.current_user.fubars_enabled? },
+      :value => :name,
+      :multiple => true,
+      :default_view_all => true,
+      :user_values_only => lambda{ User.current_user }
+    )
+  end
+
+A quick overview of what these options are doing. 
+
+* :enabled -> Restrictor is applied/not applied. This can be a static value or it can be a callable block to allow dynamic enabling
+* :value -> This is the attribute on the Permission model that is displayed to the user
+* :multiple -> Allows multiple Permissions to be applied on the restriction
+* :default_view_all -> If Fubar has no Permissions applied, it is viewable by all
+* :user_values_only -> Only Permissions assigned to the user will be viewable in edit mode
+
+With the inclusion of the restrictor, we now have two new methods available. The first is on User instances:
+
+  User.first.allowed_fubars -> Returns scoping of Fubars the given user instance has access to
+
+The second is on Fubar instances:
+
+  Fubar.first.allowed_users -> Returns scoping of the Users allowed to acces this instance
+
+== View Helpers
+
+=== Details
+
+  %table
+    %tr
+      %td= 'Name'
+      %td= @fubar.name
+    - display_full_restictors(@fubar).each do |pair|
+      %tr
+        %td= "#{pair.first}:"
+        %td= pair.last
+
+=== Edit
+
+  - form_for(@fubar) do |f|
+    %table
+      %tr
+        %td= 'Name:'
+        %td= f.text_field :name
+      - edit_full_restrictors(@fubar, f).each do |pair|
+        %tr
+          %td= "#{pair.first}:"
+          %td= pair.last
+
+== Advanced Restrictor
+
+=== User custom
+
+- TODO
+
+=== Model custom
+
+- TODO
+
+

data/active_restrictors.gemspec

@@ -0,0 +1,15 @@
+$LOAD_PATH.unshift File.expand_path(File.dirname(__FILE__)) + '/lib/'
+require 'active_restrictors/version'
+
+Gem::Specification.new do |s|
+  s.name = 'active_restrictors'
+  s.version = ActiveRestrictors::VERSION.to_s
+  s.summary = 'Restrictors for Models'
+  s.author = 'Chris Roberts'
+  s.email = 'chrisroberts.code@gmail.com'
+  s.homepage = 'http://bitbucket.org/chrisroberts/active_restrictors'
+  s.description = 'Restrictors for Models'
+  s.require_path = 'lib'
+  s.extra_rdoc_files = ['README.rdoc', 'CHANGELOG.rdoc']
+  s.files = %w(README.rdoc CHANGELOG.rdoc active_restrictors.gemspec) + Dir.glob("{lib}/**/*")
+end

data/lib/active_restrictors/active_restrictor.rb

@@ -0,0 +1,211 @@
+module ActiveRestrictor
+  module ClassMethods
+
+    # name:: Name of restrictor. For non-basic types this must be the name of the association.
+    # opts:: Options hash. Valid options:
+    #   :type:: Should be set to :basic when applying simple condition only
+    #   :condition:: Condition string applied to User
+    #   :class:: Class restriction is based on
+    #   :value:: Attribute name of value to display
+    #   :multiple:: Allow user to select multiple items for restriction
+    #   :include_blank:: Include blank option in restriction selection
+    #   :user_custom:: Block that returns User scope (passed: User scope, self instance)
+    #   :user_association:: Name of association on user
+    #   :model_custom:: Block that returns Model scope (passed: self instance, User instance)
+    #   :enabled:: If restrictor is enabled. Must be boolean value or a callable object that returns boolean value
+    #   :default_view_all:: If user has not been assigned a restrictor, they see all unless set to false
+    #   :user_values_only:: User instance. Set this if you only want values set against user to be selectable
+    # Adds restrictions to Model
+    # NOTE: Basic type signifies that condition is forced without
+    # user interaction. This means no select options will be used
+    # as basic restrictors are never seen by the user. Basic restrictors
+    # are applied directly against the user model.
+    def add_restrictor(name, opts={})
+      self.restrictors ||= []
+      new_opts = {:name => name, :id => :id, :enabled => true, :type => :full, :include => []}.merge(opts)
+      new_opts[:include] = [new_opts[:include]] unless new_opts[:include].is_a?(Array)
+      new_opts[:include].push(name) unless new_opts[:include].map(&:to_s).include?(name.to_s)
+      self.restrictors.push(new_opts)
+      if(new_opts[:type] == :full)
+        self.class_eval do
+          # This just creates a helper that will grab activerecord
+          # instance from passed in IDs for applied restriction
+          alias_method "original_#{name}=".to_sym, "#{name}=".to_sym
+          define_method("#{name}=") do |args|
+            args = (args.is_a?(Array) ? args : Array(args)).find_all{|arg|arg.present?}
+            new_args = []
+            ids = []
+            args.each do |item|
+              if(item.is_a?(ActiveRecord::Base) || (defined?(ActiveRecord::Relation) && item.is_a?(ActiveRecord::Relation)))
+                new_args << item
+              else
+                ids << item.to_i
+              end
+            end
+            new_args += new_opts[:class].find(ids) unless ids.empty?
+            self.send("original_#{name}=".to_sym, new_args)
+          end
+        end
+      end
+    end
+
+    # Returns restrictors not of type :basic
+    def full_restrictors
+      self.restrictors.find_all{|restrictor| restrictor[:type] != :basic && check_enabled(restrictor[:enabled]) == true}
+    end
+
+    # Returns restrictors of type :basic
+    def basic_restrictors
+      self.restrictors.find_all{|restrictor| restrictor[:type] == :basic && check_enabled(restrictor[:enabled]) == true}
+    end
+
+    # Returns all restrictors that are currently in enabled state
+    def enabled_restrictors
+      self.restrictors.find_all{|restrictor| check_enabled(restrictor[:enabled]) == true}
+    end
+
+    # hash:: Restrictor hash
+    # Provides class of restrictor
+    def restrictor_class(hash)
+      if(restrictor[:class].present?)
+        restrictor[:class]
+      else
+        self.relect_on_association(restrictor[:name]).klass
+      end
+    end
+
+    private
+
+    # arg:: Enabled argument (generally: restrictor[:enabled])
+    # Test if enabled is true via value or block evaluation
+    def check_enabled(arg)
+      if(arg)
+        if(arg.respond_to?(:call))
+          arg.call
+        else
+          arg
+        end
+      else
+        false
+      end
+    end
+  end
+
+  module InstanceMethods
+
+    # hash:: Restrictor hash
+    # Provides class of restrictor
+    def restrictor_class(hash)
+      self.class.restrictor_class(hash)
+    end
+
+    # Returns restrictors not of type :basic
+    def full_restrictors
+      self.class.full_restrictors
+    end
+
+    # Returns restrictors of type :basic
+    def basic_restrictors
+      self.class.basic_restrictors
+    end
+
+    # Returns all restrictors taht are currently in enabled status
+    def enabled_restrictors
+      self.class.enabled_restrictors
+    end
+
+    # Returns User scope with all restrictors applied
+    def allowed_users
+      user_scope = User.scoped
+      enabled_restrictors.each do |restrictor|
+        next if restrictor[:user_custom]
+        if(restrictor[:include].is_a?(ActiveRecord::Relation))
+          user_scope = user_scope.merge(restrictor[:include])
+        elsif(restrictor[:include].present?)
+          user_scope = user_scope.joins(restrictor[:include])
+        end
+        if(restrictor[:condition].is_a?(ActiveRecord::Relation))
+          user_scope = user_scope.merge(restrictor[:condition])
+        elsif(restrictor[:condition].respond_to?(:call))
+          user_scope = user_scope.merge(restrictor[:condition].call)
+        elsif(restrictor[:condition].present?)
+          user_scope = user_scope.where(restrictor[:condition])
+        end
+        unless(restrictor[:type] == :basic)
+          user_scope = user_scope.where("#{restrictor[:table_name] || restrictor_class(restrictor).table_name}.id IN (#{self.send(restrictor[:name]).scoped.select(:id).to_sql})")
+        end
+      end
+      if((methods = enabled_restrictors.find_all{|res| res[:user_custom]}).size > 0)
+        user_scope = methods.inject(user_scope){|result,func| func.call(result, self)}
+      end
+      user_scope
+    end
+  end
+
+  def self.included(klass)
+    # Patch up the model we have been called on
+    ([klass] + klass.descendants).compact.each do |base|
+      cattr_accessor :restrictors
+      
+      extend ClassMethods
+      include InstanceMethods
+
+      scope :allowed_for, lambda{|*args|
+        user = args.detect{|item|item.is_a?(User)}
+        where("#{table_name}.id IN (#{user.send("allowed_#{base.name.tableize}").select(:id).to_sql})")
+      }
+    end
+    # Patch up the user to provide restricted methods
+    ([User] + User.descendants).compact.each do
+      # This patches a method onto the User instance to
+      # provide access to the allowed instance of the model
+      # in use. For example, if the restrictor module is
+      # included into the Fubar model, it will
+      # provide User#allowed_fubars
+      define_method("allowed_#{klass.name.tableize}") do
+        # First we perform a basic check against the User to see
+        # if this user instance is even allowed by default
+        user_scope = User.scoped
+        klass.basic_restrictors.each do |restriction|
+          if(restriction[:condition].is_a?(ActiveRecord::Relation))
+            user_scope = user_scope.merge(restriction[:condition])
+          elsif(restriction[:condition].respond_to?(:call))
+            user_scope = user_scope.merge(restriction[:condition].call)
+          elsif(restriction[:condition].present?)
+            user_scope = user_scope.where(restriction[:condition])
+          end
+          if(restriction[:include].is_a?(ActiveRecord::Relation))
+            user_scope = user_scope.merge(restriction[:include])
+          elsif(restriction[:include].present?)
+            user_scope = user_scope.join(restriction[:include])
+          end
+        end
+        if(user_scope.count > 0)
+          scope = klass.scoped
+          klass.full_restrictors.each do |restrictor|
+            next if restrictor[:include].blank? || restrictor[:model_custom].present?
+            rtable_name = restrictor[:table_name] || restrictor_class(restrictor).table_name
+            r_scope = self.send(restrictor[:include]).scoped.select("#{rtable_name}.id")
+            r_scope.arel.ast.cores.first.projections.delete_at(0) # gets rid of the association_name.* rails insists upon
+            if(restrictor[:default_view_all])
+              scope = scope.includes(restrictor[:name]) if restrictor[:name].present?
+            else
+              scope = scope.joins(restrictor[:name]) if restrictor[:name].present?
+            end
+            scope = scope.where(
+              "#{rtable_name}.id IN (#{r_scope.to_sql})#{
+                " OR #{rtable_name}.id IS NULL" if restrictor[:default_view_all]
+              }"
+            )
+            if((methods = klass.restrictors.find_all{|res| res[:model_custom]}).size > 0)
+              scope = methods.inject(scope){|result,func| func.call(result, self)}
+            end
+          end
+          scope
+        else
+          klass.where('false')
+        end
+      end
+    end
+  end
+end

data/lib/active_restrictors/active_restrictor_views.rb

@@ -0,0 +1,70 @@
+module ActiveRestrictors
+  module View
+    # obj:: Instance with restrictors enabled
+    # val_join:: String to join restictor values together
+    # Provides array of enabled restrictors in the form of:
+    # [[restrictor_name_label, string_of_restriction_values]]
+    def display_full_restrictors(obj, val_join = '<br />')
+      if(obj.class.respond_to?(:full_restrictors))
+        obj.class.full_restrictors.map do |restrictor|
+          [
+            label(obj.class.name.camelize, restrictor[:name]),
+            obj.send(restrictor[:name]).map(&restrictor[:value].to_sym).join(val_join).html_safe
+          ]
+        end
+      else
+        []
+      end
+    end
+
+    def display_custom_restrictors(klass)
+      # Stub for now
+      []
+    end
+
+    # obj:: Instance with restrictors enabled
+    # form:: Form object to attach restrictor fields to
+    # Provides form items for restrictors in an array of format:
+    # [[restrictor_name_label, form_selection_string]]
+    def edit_full_restrictors(obj, form)
+      if(obj.class.respond_to?(:full_restrictors))
+        obj.class.full_restrictors.map do |restrictor|
+          if(restrictor[:user_values_only])
+            if(restrictor[:user_values_only].respond_to?(:call))
+              user = restrictor[:user_values_only].call
+              if(user)
+                values = user.send(restrictor[:name].to_sym).find(:all, :order => restrictor[:value])
+              else
+                values = restrictor[:user_values_only].send(restrictor[:name].to_sym).find(:all, :order => restrictor[:value])
+              end
+            end
+          end
+          values = restrictor[:class].find(:all, :order => restrictor[:value]) unless values
+          [
+            form.label(restrictor[:name]),
+            form.collection_select(
+              restrictor[:name],
+              values,
+              restrictor[:id],
+              restrictor[:value],
+              {
+                :include_blank => restrictor[:include_blank],
+                :selected => Array(obj.send(restrictor[:name])).map(&restrictor[:id].to_sym)
+              },
+              :multiple => restrictor[:multiple]
+            )
+          ]
+        end
+      else
+        []
+      end
+    end
+
+    def edit_custom_restrictors(klass)
+      # Stub for now
+      []
+    end
+  end
+end
+
+ActionView::Base.send :include, ActiveRestrictors::View

data/lib/active_restrictors/version.rb

@@ -0,0 +1,17 @@
+module ActiveRestrictors
+  class Version
+
+    attr_reader :major, :minor, :tiny
+
+    def initialize(version)
+      version = version.split('.')
+      @major, @minor, @tiny = [version[0].to_i, version[1].to_i, version[2].to_i]
+    end
+
+    def to_s
+      "#{@major}.#{@minor}.#{@tiny}"
+    end
+  end
+
+  VERSION = Version.new('0.1.0')
+end

data/lib/active_restrictors.rb

@@ -0,0 +1,8 @@
+require 'active_restrictors/version'
+
+if(defined?(ActiveRecord::Relation))
+  require 'active_restrictors/active_restrictor'
+end
+if(defined?(ActionView))
+  require 'active_restrictors/active_restrictor_views'
+end

metadata

@@ -0,0 +1,74 @@
+--- !ruby/object:Gem::Specification 
+name: active_restrictors
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: 
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Chris Roberts
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2012-01-02 00:00:00 -08:00
+default_executable: 
+dependencies: []
+
+description: Restrictors for Models
+email: chrisroberts.code@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+- CHANGELOG.rdoc
+files: 
+- README.rdoc
+- CHANGELOG.rdoc
+- active_restrictors.gemspec
+- lib/active_restrictors/active_restrictor_views.rb
+- lib/active_restrictors/version.rb
+- lib/active_restrictors/active_restrictor.rb
+- lib/active_restrictors.rb
+has_rdoc: true
+homepage: http://bitbucket.org/chrisroberts/active_restrictors
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.4.2
+signing_key: 
+specification_version: 3
+summary: Restrictors for Models
+test_files: []
+