activeaclplus 0.3.1 → 0.4.0

data/lib/active_acl/acts_as_access_object.rb

@@ -1,3 +1,5 @@
+#require 'direct_handler'
+
 module ActiveAcl #:nodoc:
   module Acts #:nodoc:
     module AccessObject #:nodoc:
@@ -6,7 +8,7 @@ module ActiveAcl #:nodoc:
         base.extend(ClassMethods)
       end
       
-      module ClassMethods
+      module ClassMethods 
         
         # Extend self with access object capabilites. See README for details
         # on usage. Accepts the following options as a hash:
@@ -15,133 +17,49 @@ module ActiveAcl #:nodoc:
         # join_table:: name of the join table
         # foreign_key:: foreign key of self in the join table
         # association_foreign_key:: foreign_key of the group class
-        # habtm:: set to <code>true</code> if the grup is joined with a habtm association. If not specified, the plugin tries to guess if the association is has_and_belongs_to_many or belongs_to by creating the singular form of the :grouped_by option and comparing it to itself: If it matches, it assumes a belongs_to association. 
+        # habtm:: set to <code>true</code> if the grup is joined with a habtm association. 
+        # If not specified, the plugin tries to guess if the association is 
+        # has_and_belongs_to_many or belongs_to by creating the singular form of the 
+        # :grouped_by option and comparing it to itself: If it matches, it assumes a belongs_to association. 
         def acts_as_access_object(options = {})
-          configuration = {
-            :controller => ActiveAcl::OPTIONS[:default_selector_controller],
-            :action => ActiveAcl::OPTIONS[:default_selector_action]
-          } 
-          if options[:grouped_by]
-            configuration[:group_class_name] = options[:grouped_by].to_s.classify
-            configuration[:join_table] = [name.pluralize.underscore, configuration[:group_class_name].pluralize.underscore].sort.join('_')
-            configuration[:foreign_key] = "#{name.underscore}_id"
-            configuration[:association_foreign_key] = "#{configuration[:group_class_name].underscore}_id"
-            configuration[:habtm] = (options[:grouped_by].to_s.demodulize.singularize != options[:grouped_by].to_s.demodulize)
-          end
           
-          configuration.update(options) if options.is_a?(Hash)
+          handler=ObjectHandler.new(self,options) 
           
-          ActiveAcl::ACCESS_CLASSES[self.name] = configuration
+          ActiveAcl::ACCESS_CLASSES[self.name] = handler
           
           has_many :requester_links, :as => :requester, :dependent => :delete_all, :class_name => 'ActiveAcl::RequesterLink'
           has_many :requester_acls, :through => :requester_links, :source => :acl, :class_name => 'ActiveAcl::Acl'
-                            
+          
           has_many :target_links, :as => :target, :dependent => :delete_all, :class_name => 'ActiveAcl::TargetLink'
           has_many :target_acls, :through => :target_links, :source => :acl, :class_name => 'ActiveAcl::Acl'
           
           include InstanceMethods
           extend SingletonMethods
-          
-          from_classes = ActiveAcl::ACCESS_CLASSES.keys.collect do |x| 
-            x.split('::').join('/').underscore.pluralize.to_sym
-          end
-                                  
+          include ActiveAcl::Acts::Grant
+
           ActiveAcl::Acl.instance_eval do
-            has_many_polymorphs :requesters, {:from => from_classes, 
+            has_many_polymorphs :requesters, {:from => ActiveAcl.from_classes, 
               :through => :"active_acl/requester_links", 
               :rename_individual_collections => true}
-              
-            has_many_polymorphs :targets, {:from => from_classes, 
+            
+            has_many_polymorphs :targets, {:from => ActiveAcl.from_classes, 
               :through => :"active_acl/target_links", 
-              :rename_individual_collections => true}              
+              :rename_individual_collections => true}
           end
-        
+          
           self.module_eval do
             # checks if method is defined to not break tests
             unless instance_methods.include? "reload_before_gacl"
               alias :reload_before_gacl :reload
               
               # Redefines reload, making shure privilege caches are cleared on reload
-              def reload
+              def reload #:nodoc:
                 clear_cached_permissions
                 reload_before_gacl
               end
             end
           end
-
-          # build ACL query strings once, so we don't need to do this on every request
-          requester_groups_table = configuration[:group_class_name].constantize.table_name
-          requester_group_type = configuration[:group_class_name].constantize.name
-          requester_join_table = configuration[:join_table]
-          requester_assoc_fk = configuration[:association_foreign_key]
-          requester_fk = configuration[:foreign_key]
-          requester_group_left = ActiveAcl::GROUP_CLASSES[configuration[:group_class_name]][:left_column].to_s
-          requester_group_right = ActiveAcl::GROUP_CLASSES[configuration[:group_class_name]][:right_column].to_s
-          requester_type = self.base_class.name
-
-          # last join is necessary to weed out rules associated with targets groups
-          query = <<-QUERY
-            SELECT acls.id, acls.allow, privileges.id AS privilege_id FROM #{ActiveAcl::OPTIONS[:acls_table]} acls 
-            LEFT JOIN #{ActiveAcl::OPTIONS[:acls_privileges_table]} acls_privileges ON acls_privileges.acl_id=acls.id 
-            LEFT JOIN #{ActiveAcl::OPTIONS[:privileges_table]} privileges ON privileges.id = acls_privileges.privilege_id 
-            LEFT JOIN #{ActiveAcl::OPTIONS[:requester_links_table]} r_links ON r_links.acl_id=acls.id
-            LEFT JOIN #{ActiveAcl::OPTIONS[:requester_group_links_table]} r_g_links ON acls.id = r_g_links.acl_id AND r_g_links.requester_group_type = '#{requester_group_type}'
-            LEFT JOIN #{requester_groups_table} r_groups ON r_g_links.requester_group_id = r_groups.id
-            LEFT JOIN #{ActiveAcl::OPTIONS[:target_group_links_table]} t_g_links ON t_g_links.acl_id=acls.id
-          QUERY
-          
-          acl_query_on_target = '' << query
-          acl_query_prefetch = '' << query
-                    
-          # if there are no target groups, don't bother doing the join
-          # else append type condition
-          acl_query_on_target << " AND t_g_links.target_group_type = '%{target_group_type}' "
-          acl_query_on_target << " LEFT JOIN #{ActiveAcl::OPTIONS[:target_links_table]} t_links ON t_links.acl_id=acls.id"
-          acl_query_on_target << " LEFT JOIN %{target_groups_table} t_groups ON t_groups.id=t_g_links.target_group_id"
           
-          acl_query_on_target << " WHERE acls.enabled = #{connection.quote(true)} AND (privileges.id = %{privilege_id}) "
-          acl_query_prefetch << " WHERE acls.enabled = #{connection.quote(true)} "
-            
-          query = " AND (((r_links.requester_id=%{requester_id} ) AND (r_links.requester_type='#{requester_type}')) OR (r_g_links.requester_group_id IN "
-          
-          if configuration[:habtm]
-            configuration[:query_group] = <<-QUERY
-              (SELECT DISTINCT g2.id FROM #{requester_join_table} ml 
-               LEFT JOIN #{requester_groups_table} g1 ON ml.#{requester_assoc_fk} = g1.id CROSS JOIN #{requester_groups_table} g2
-               WHERE ml.#{requester_fk} = %{requester_id} AND (g2.#{requester_group_left} <= g1.#{requester_group_left} AND g2.#{requester_group_right} >= g1.#{requester_group_right})))
-            QUERY
-          else
-            configuration[:query_group] = <<-QUERY
-              (SELECT DISTINCT g2.id FROM #{requester_groups_table} g1 CROSS JOIN #{requester_groups_table} g2
-               WHERE g1.id = %{requester_group_id} AND (g2.#{requester_group_left} <= g1.#{requester_group_left} AND g2.#{requester_group_right} >= g1.#{requester_group_right})))
-            QUERY
-          end
-          
-          query << configuration[:query_group]   
-          query << " ) AND ( "
-                	
-          acl_query_on_target << query
-          acl_query_prefetch << query
-                             
-          query = "(t_links.target_id=%{target_id} AND t_links.target_type = '%{target_type}' ) OR t_g_links.target_group_id IN %{target_group_query} "
-                         
-          acl_query_on_target << query
-          acl_query_prefetch << '(t_g_links.acl_id IS NULL)) '
-          
-          # The ordering is always very tricky and makes all the difference in the world.
-          # Order (CASE WHEN r_links.requester_type = \'Group\' THEN 1 ELSE 0 END) ASC
-          # should put ACLs given to specific AROs ahead of any ACLs given to groups. 
-          # This works well for exceptions to groups.     
-          order_by_on_target = ['(CASE WHEN r_g_links.acl_id IS NULL THEN 0 ELSE 1 END) ASC ', "r_groups.#{requester_group_left} - r_groups.#{requester_group_right} ASC", 
-                                  '(CASE WHEN t_g_links.acl_id IS NULL THEN 0 ELSE 1 END) ASC', 't_groups.%{target_group_left} - t_groups.%{target_group_right} ASC', 'acls.updated_at DESC']
-          order_by_prefetch = ['privileges.id', '(CASE WHEN r_g_links.acl_id IS NULL THEN 0 ELSE 1 END) ASC ', "r_groups.#{requester_group_left} - r_groups.#{requester_group_right} ASC", 'acls.updated_at DESC']
-          
-          acl_query_on_target << 'ORDER BY ' + order_by_on_target.join(',') + ' LIMIT 1'
-          acl_query_prefetch << 'ORDER BY ' + order_by_prefetch.join(',')
-          
-          # save query string to configuration
-          configuration[:query_target] = acl_query_on_target.gsub(/\n+/, "\n")
-          configuration[:query_simple] = acl_query_prefetch.gsub(/\n+/, "\n")                                           
         end 
       end
       
@@ -158,121 +76,36 @@ module ActiveAcl #:nodoc:
         # Option :on defines the target object.  
         def has_privilege?(privilege, options = {})
           target = options[:on] #TODO: add error handling if not a hash
-
-          unless (privilege and (privilege.is_a?(Privilege)))
-            # no need to check anything if privilege is not a Privilege
-            return false
-          end
-          
-          unless (target.nil? or (target.class.respond_to?(:base_class) and ActiveAcl::ACCESS_CLASSES.has_key?(target.class.base_class.name)))
-            # no need to check anything if target is no Access Object
-            return false
-          end          
+          # no need to check anything if privilege is not a Privilege
+          raise "first Argument has to be a Privilege" unless privilege.is_a?(Privilege)
+          # no need to check anything if target is no Access Object
+          raise "target hast to be an AccessObject" if target and !(target.class.respond_to?(:base_class) and ActiveAcl::ACCESS_CLASSES.has_key?(target.class.base_class.name))
           
-          query_id = [privilege.id, self.class.base_class.name, id, (target ? target.class.base_class.name : ''), (target ? target.id.to_s : '')].join('-')
-          cache_id = 'gacl_instance-' + self.class.base_class.name + '-' + id.to_s
-          cache = ActiveAcl::OPTIONS[:cache]
-          
-          # try to load instance cache from second level cache if not present
-          @gacl_instance_cache = cache.get(cache_id) if @gacl_instance_cache.nil?
-                    
-          # try to get from instance cache
-          if @gacl_instance_cache
-            if not (value = @gacl_instance_cache[query_id]).nil?
-              logger.debug 'GACL::INSTANCE_CACHE::' + (value ? 'GRANT ' : 'DENY ') + query_id if logger.debug?
-              return value 
-            elsif target.nil? and @gacl_instance_cache[:prefetch_done]
-              # we didn't get a simple query from prefetched cache => cache miss
-              logger.debug 'GACL::INSTANCE_CACHE::DENY ' + query_id if logger.debug?
-              return false
-            end
-          end
-
-          if value.nil? # still a cache miss?
-
-            value = false
-            
-            r_config = ActiveAcl::ACCESS_CLASSES[self.class.base_class.name]
-                                  
-            if target
-              qry = r_config[:query_target].clone
-              
-              t_config = ActiveAcl::ACCESS_CLASSES[target.class.base_class.name]
-              
-              qry.gsub!('%{target_group_type}', t_config[:group_class_name])
-              qry.gsub!('%{target_groups_table}', t_config[:group_class_name].constantize.table_name)
-              qry.gsub!('%{target_group_left}', ActiveAcl::GROUP_CLASSES[t_config[:group_class_name]][:left_column].to_s)
-              qry.gsub!('%{target_group_right}', ActiveAcl::GROUP_CLASSES[t_config[:group_class_name]][:right_column].to_s)
-              qry.gsub!('%{target_type}', target.class.base_class.name)
-              qry.gsub!('%{target_id}', target.id.to_s)
-              
-              group_query = t_config[:query_group].clone
-              group_query.gsub!('%{requester_id}', target.id.to_s)
-              group_query.gsub!('%{requester_group_id}', target.send(t_config[:association_foreign_key]).to_s) unless t_config[:habtm]
-              
-              qry.gsub!('%{target_group_query}', group_query)
-            else
-              qry = r_config[:query_simple].clone
-            end
-                        
-            # substitute variables
-            qry.gsub!('%{requester_id}', self.id.to_s)
-            qry.gsub!('%{privilege_id}', privilege.id.to_s)
-            qry.gsub!('%{requester_group_id}', self.send(r_config[:association_foreign_key]).to_s) unless r_config[:habtm]        
-            results = ActiveAcl::OPTIONS[:db].query(qry)
-            
-            if target.nil?
-              # prefetch privileges
-              privilegevalue = nil
-              @gacl_instance_cache = {}
-              
-              results.each do |row|
-                  if row['privilege_id'] != privilegevalue
-                    privilegevalue = row['privilege_id']
-                    c_id = [privilegevalue, self.class.base_class.name, id, '', ''].join('-')
-                    @gacl_instance_cache[c_id] = ((row['allow'] == '1') or (row['allow'] == 't'))
-                  end
-              end
-              
-              value = @gacl_instance_cache[query_id]
-              @gacl_instance_cache[:prefetch_done] = true
-              
-            elsif not results.empty?
-              # normal gacl query without prefetching
-              value = ((results[0]['allow'].to_s == '1') or (results[0]['allow'].to_s == 't'))
-              @gacl_instance_cache ||= {} # create if not exists
-
-              @gacl_instance_cache[query_id] = value
-            end
- 
-            # nothing found, deny access
-            @gacl_instance_cache[query_id] = value = false if value.nil?
- 
-            # save to second level cache
-            cache.set(cache_id, @gacl_instance_cache, ActiveAcl::OPTIONS[:cache_privilege_timeout])
-                                   
-            logger.debug 'GACL::INSTANCE_CACHE::' + (value ? 'GRANT ' : 'DENY ') + query_id if logger.debug?
-
-          end # cache miss
-          return value
+          active_acl_handler.has_privilege?(self,privilege,target)
+        end
+        def active_acl_handler
+          ActiveAcl::ACCESS_CLASSES[self.class.name]
+        end
+        #returns a key value store
+        def active_acl_instance_cache
+          @active_acl_instance_cache ||= active_acl_handler.get_instance_cache(self)
+        end
+        #returns if the 2d acls are already cached
+        def active_acl_cached_2d?
+          !!active_acl_instance_cache[:prefetched_2d]
+        end
+        def active_acl_cached_2d!
+          active_acl_instance_cache[:prefetched_2d]=true
         end
         
+        def active_acl_clear_cache!
+          @active_acl_instance_cache ={}         #clear the lokal cache
+          active_acl_handler.delete_cached(self) #clear the 2 level cache
+        end
         # override this to customize the description in the interface
         def active_acl_description
           to_s
         end
-        
-        # link to model selector
-        def self.model_selector_link params
-          AclsController.url_for(:action => :show_group_members, :clazz => self.class, *params)
-        end
-        
-        # clears the permission caches (instance and memory cache)
-        def clear_cached_permissions
-          @gacl_instance_cache = nil
-          ActiveAcl::OPTIONS[:cache].delete('gacl_instance-' + self.class.name + '-' + id.to_s)
-        end
-
       end
     end
   end

data/lib/active_acl/base.rb

@@ -0,0 +1,17 @@
+module ActiveAcl
+  CONTROLLERS={}
+  GROUP_CLASSES={}
+  ACCESS_CLASSES={}
+  
+  def self.is_access_group?(klass)
+    !!ActiveAcl::GROUP_CLASSES[klass.name]
+  end
+  def self.is_access_object?(klass)
+    !!ActiveAcl::ACCESS_CLASSES[klass.name]
+  end
+  def self.from_classes 
+    ActiveAcl::ACCESS_CLASSES.keys.collect do |x| 
+      x.split('::').join('/').underscore.pluralize.to_sym
+    end
+  end
+end

data/lib/active_acl/cache/memcache_adapter.rb

@@ -1,43 +1,45 @@
 # This is a cache adapter for the second level cache
 # using the memcache daemon (http://www.danga.com/memcached).
 # Sets itself as the cache adapter if the source file is loaded so a simple
-# require is enough to activate the memcache. Before using the memcache, make shure to set MemcacheAdapter.cache.
+# require is enough to activate the memcache. Before using the memcache, make sure to set MemcacheAdapter.cache.
 # 
 # In environment.rb:
 #   require 'active_acl/cache/memcache_adapter'
 #   ActiveAcl::Cache::MemcacheAdapter.cache = MemCache.new('localhost:11211', :namespace => 'my_namespace')
-#   
+# you can also set the time to leave:
+#   ActiveAcl::OPTIONS[:cache_privilege_timeout]= time_in_seconds
+#
 # Detailed instructions on how to set up the server can be found at http://dev.robotcoop.com/Libraries/memcache-client.
 class ActiveAcl::Cache::MemcacheAdapter
 
   # returns the memcache server
-  def self.cache
+  def self.cache #:nodoc:
     @@cache
   end
   
   # sets the memcache server
-  def self.cache= cache
+  def self.cache=(cache) #:nodoc:
     @@cache = cache
   end
   
   # get a value from the cache
-  def self.get(key)
+  def self.get(key) #:nodoc:
     value = @@cache.get(key)
-    RAILS_DEFAULT_LOGGER.debug 'GACL::SECOND_LEVEL_CACHE::' + (value.nil? ? 'MISS ' : 'HIT ')+ key.to_s if RAILS_DEFAULT_LOGGER.debug?
+    Rails.logger.debug 'GACL::SECOND_LEVEL_CACHE::' + (value.nil? ? 'MISS ' : 'HIT ')+ key.to_s
     value
   end
   
   # set a value to the cache, specifying the time to live (ttl). 
   # Set ttl to 0 for unlimited.
-  def self.set(key, value, ttl)
+  def self.set(key, value, ttl) #:nodoc:
     @@cache.set(key, value, ttl)
-    RAILS_DEFAULT_LOGGER.debug 'GACL::SECOND_LEVEL_CACHE::SET ' + key.to_s + ' TO ' + value.to_s + ' TTL ' + ttl.to_s if RAILS_DEFAULT_LOGGER.debug?    
+    Rails.logger.debug 'GACL::SECOND_LEVEL_CACHE::SET ' + key.to_s + ' TO ' + value.inspect.to_s + ' TTL ' + ttl.to_s    
   end
   
   # purge data from cache.
-  def self.delete(key)
+  def self.delete(key) #:nodoc:
     @@cache.delete(key)
-    RAILS_DEFAULT_LOGGER.debug 'GACL::SECOND_LEVEL_CACHE::DELETE ' + key.to_s if RAILS_DEFAULT_LOGGER.debug?    
+    Rails.logger.debug 'GACL::SECOND_LEVEL_CACHE::DELETE ' + key.to_s    
   end
 end
 

data/lib/active_acl/cache/no_cache_adapter.rb

@@ -1,22 +1,22 @@
 # This module contains different second level cache implementations. The second
 # level cache caches the instance cache of an access object between requests. 
 # Cache adapter can be set with ActiveAcl::OPTIONS[:cache].
-module ActiveAcl::Cache
+module ActiveAcl::Cache #:nodoc:
  
   # The default second level cache dummy implementation, not implementing any 
   # caching functionality at all.
-  class NoCacheAdapter
+  class NoCacheAdapter #:nodoc:
     def self.get(key)
-      RAILS_DEFAULT_LOGGER.debug 'GACL::SECOND_LEVEL_CACHE::DISABLED::MISS ' + key.to_s if RAILS_DEFAULT_LOGGER.debug?
+      Rails.logger.debug 'ACTIVE_ACL::SECOND_LEVEL_CACHE::DISABLED::MISS ' + key.to_s
       nil
     end
       
     def self.set(key, value, ttl)
-      RAILS_DEFAULT_LOGGER.debug 'GACL::SECOND_LEVEL_CACHE::DISABLED::SET ' + key.to_s + ' TO ' + value.to_s + ' TTL ' + ttl.to_s if RAILS_DEFAULT_LOGGER.debug?    
+      Rails.logger.debug 'ACTIVE_ACL::SECOND_LEVEL_CACHE::DISABLED::SET ' + key.to_s + ' TO ' + value.inspect + ' TTL ' + ttl.to_s    
     end
     
     def self.delete(key)
-      RAILS_DEFAULT_LOGGER.debug 'GACL::SECOND_LEVEL_CACHE::DISABLED::DELETE ' + key.to_s if RAILS_DEFAULT_LOGGER.debug?    
+      Rails.logger.debug 'ACTIVE_ACL::SECOND_LEVEL_CACHE::DISABLED::DELETE ' + key.to_s    
     end
   end
 end

data/lib/active_acl/db/active_record_adapter.rb

@@ -1,12 +1,12 @@
 # Includes different DBMS adapters, some of them using C extensions to speed up DB access.
 # DB adapter can be set with ActiveAcl::OPTIONS[:db].
-module ActiveAcl::DB
+module ActiveAcl::DB #:nodoc:
   
   # Uses ActiveRecord for privilege queries. Should be compatible to all
   # db types.
-  class ActiveRecordAdapter
+  class ActiveRecordAdapter #:nodoc:
     # Execute sql query against the DB, returning an array of results.
-    def self.query(sql)
+    def self.query(sql) 
       ActiveRecord::Base.connection.select_all(sql)
     end
   end

data/lib/active_acl/db/mysql_adapter.rb

@@ -8,11 +8,11 @@ end
 # Uses the native MySQL connection to do privilege selects. Should be around 20 % faster than
 # ActiveRecord adapter. Sets itself as the DB adapter if the source file is loaded, so requiring it
 # is enough to get it activated.
-class ActiveAcl::DB::MySQLAdapter
+class ActiveAcl::DB::MySQLAdapter #:nodoc:
 
   # Execute sql query against the DB, returning an array of results.
   def self.query(sql)
-    RAILS_DEFAULT_LOGGER.debug 'GACL::DB::EXECUTING QUERY ' + sql if RAILS_DEFAULT_LOGGER.debug?
+    Rails.logger.debug 'GACL::DB::EXECUTING QUERY ' + sql if Rails.logger.debug?
     connection = ActiveRecord::Base.connection.connection
     connection.query_with_result = true
     

data/lib/active_acl/grant.rb

@@ -0,0 +1,38 @@
+module ActiveAcl
+  module Acts 
+    module Grant 
+      # grant_permission!(Blog::DELETE,
+      # :on => blog,
+      # :section_name => 'blogging'
+      # :acl_name => 'blogging_of_admins'  
+      def grant_permission!(privilege,options={})
+        section_name = options[:section_name] || 'generic'
+        target = options[:on]
+        iname = options[:acl_name] || "#{privilege.active_acl_description}"
+        acl=nil
+        ActiveAcl::Acl.transaction do
+          section = ActiveAcl::AclSection.find_or_create_by_iname(section_name)
+          section.save! if section.new_record?
+          acl = ActiveAcl::Acl.create :section => section,:iname => iname
+          acl.save!
+          
+          acl.privileges << privilege
+          if ActiveAcl.is_access_group?(self.class) 
+            acl.requester_groups << self
+          else
+            acl.requesters << self
+          end
+          if target
+            if ActiveAcl.is_access_group?(target.class) 
+              acl.target_groups << target
+            else
+              acl.targets << target
+            end 
+          end
+          active_acl_clear_cache! if ActiveAcl.is_access_object?(self.class)
+        end
+        acl
+      end
+    end #module
+  end
+end

data/lib/active_acl/handler/nested_set.rb

@@ -0,0 +1,33 @@
+module ActiveAcl
+  module Acts #:nodoc:
+    module AccessGroup #:nodoc:
+      class NestedSet #:nodoc:
+        attr_reader :left_column,:right_column
+        def initialize(options)
+          
+          @left_column = options[:left_column] || :lft 
+          @right_column = options[:right_column] || :rgt
+          #          :controller => ActiveAcl::OPTIONS[:default_group_selector_controller],
+          #          :action => ActiveAcl::OPTIONS[:default_group_selector_action]}
+          
+        end
+        def group_sql(object_handler,target = false)
+          target_requester = (target ? 'target' : 'requester')
+          if object_handler.habtm?
+            "(SELECT DISTINCT g2.id FROM #{object_handler.join_table} ml 
+               LEFT JOIN #{object_handler.group_table_name} g1 ON ml.#{object_handler.association_foreign_key} = g1.id CROSS JOIN #{object_handler.group_table_name} g2
+               WHERE ml.#{object_handler.foreign_key} = %{#{target_requester}_id} AND (g2.#{left_column} <= g1.#{left_column} AND g2.#{right_column} >= g1.#{right_column}))"
+          else
+            "(SELECT DISTINCT g2.id FROM #{object_handler.group_table_name} g1 CROSS JOIN #{object_handler.group_table_name} g2
+               WHERE g1.id = %{#{target_requester}_group_id} AND (g2.#{left_column} <= g1.#{left_column} AND g2.#{right_column} >= g1.#{right_column}))"
+          end
+          #"r_groups.#{left_column} - r_groups.#{right_column} ASC" 
+        end
+        def order_by(object_handler,target=false)
+          target_requester = (target ? 't' : 'r')
+          "#{target_requester}_groups.#{left_column} - #{target_requester}_groups.#{right_column} ASC"
+        end
+      end #class
+    end
+  end
+end