activeaclplus 0.3.1 → 0.4.0

data/lib/active_acl/handler/object_handler.rb

@@ -0,0 +1,250 @@
+module ActiveAcl #:nodoc:
+  module Acts #:nodoc:
+    module AccessObject #:nodoc:
+      
+      # handels grouped objects
+      # the group is a nested_set
+      class ObjectHandler #:nodoc:
+        attr_reader :klass,:group_class_name,:join_table,:group_table_name,
+        :foreign_key,:association_foreign_key
+        def initialize(klass,options={})
+          @klass = klass
+          if options[:grouped_by]
+            @group_class_name = options[:grouped_by].to_s.classify
+            @group_table_name=@group_class_name.constantize.table_name
+            @join_table = options[:join_table] || [klass.name.pluralize.underscore.gsub(/\//,'_'), group_class_name.pluralize.underscore.gsub(/\//,'_')].sort.join('_')  
+            @foreign_key = options[:foreign_key] || "#{klass.name.demodulize.underscore}_id" 
+            @association_foreign_key = options[:association_foreign_key] || "#{group_class_name.demodulize.underscore}_id"
+            @habtm = options[:habtm] || (options[:grouped_by].to_s.demodulize.singularize != options[:grouped_by].to_s.demodulize)
+          end
+          
+          #set the SQL fragments
+          requester_query
+          target_query
+        end
+        def habtm?
+          @habtm
+        end
+        def grouped?
+          !!@group_class_name
+        end
+        
+        def klass_name 
+          klass.base_class.name
+        end
+        def group_handler
+          ActiveAcl::GROUP_CLASSES[@group_class_name]
+        end
+        
+        #checks the privilege of a requester on a target (optional)
+        def has_privilege?(requester,privilege,target=nil)
+          value = get_cached(requester,privilege,target)
+          
+          return value unless value.nil? #got the cached and return
+          #todo check cash l2
+          
+          vars={'requester_id' => requester.id}
+          sql = ''
+          sql << query_r_select
+          if target
+            t_handler=target.active_acl_handler
+            
+            sql << t_handler.query_t_select
+            sql << "\n WHERE "
+            sql << query_r_where_3d
+            sql << t_handler.query_t_where
+            sql << "\n ORDER BY "
+            
+            #TODO: ordering is a mess (use an array?)
+            order = (grouped? ? order_by_3d : [])
+            if t_handler.grouped? 
+              order << "(CASE WHEN t_g_links.acl_id IS NULL THEN 0 ELSE 1 END) ASC"
+              order << t_handler.group_handler.order_by(target,true)
+            end
+            order << 'acls.updated_at DESC'
+            sql << order.join(',')
+            
+            sql << " LIMIT 1"
+            vars['privilege_id'] = privilege.id
+            vars['target_id'] = target.id
+            vars['target_type'] = target.class.base_class.name
+          else
+            sql << " WHERE "
+            sql << query_r_where_2d
+            sql << "\n ORDER BY "
+            sql << order_by_2d
+          end
+          
+          #replacing the vars in the SQL
+          sql=sql.gsub(/%{[^}]+}/) do |var|
+            vars[var[2..-2]] || var
+          end
+          
+          results = ActiveAcl::OPTIONS[:db].query(sql) #get the query from the db
+          value=set_cached(requester,privilege,target,results)
+          return value
+        end
+        #gets the instance cache from the background store or a hash
+        def get_instance_cache(requester)
+          cache.get(requester_cache_id(requester)) || {}
+        end
+        #destroy the 2nd level cache
+        def delete_cached(requester)
+          cache.delete(requester_cache_id(requester))
+        end
+        
+        attr_reader :query_t_select,:query_t_where
+        
+        #Things go private from here ----------------
+        private
+        def cache
+          ActiveAcl::OPTIONS[:cache]
+        end
+        
+        #builds a instance_cache key for a query
+        def query_id(requester,privilege,target)
+          privilege_id = (privilege.kind_of?(ActiveAcl::Privilege) ? privilege.id : privilege)  
+          [privilege_id, klass.base_class.name, requester.id, (target ? target.class.base_class.name : ''), (target ? target.id.to_s : '')].join('-')
+        end
+        
+        #builds the cache key for a requester for beackground cache
+        def requester_cache_id(requester)
+          'active_acl_instance-' + klass.base_class.name + '-' + requester.id.to_s
+        end
+        
+        # Caching is done on different levels:
+        # Requesting a 2d privilege should fill the instance cache with all 2d privileges
+        # Requesting a 3d should be stored in the instance cache
+        # changing the instance cache stores it to the backstore (if any exists) 
+        def get_cached(requester,privilege,target)
+          
+          instance_cache=requester.active_acl_instance_cache          
+          q_id=query_id(requester,privilege,target)
+          # try to get from instance cache
+          if (value=instance_cache[q_id]).nil? #cache miss?
+            if target.nil? && requester.active_acl_cached_2d?
+              Rails.logger.debug 'ACTIVE_ACL::INSTANCE_CACHE::DENY ' + q_id
+              return false #it should be cached but it's not there: DENY
+            else
+              return nil #we don't cache all 3d acl: DB LOOKUP
+            end
+          else #found in cache: return the results
+            Rails.logger.debug 'ACTIVE_ACL::INSTANCE_CACHE::' + (value ? 'GRANT ' : 'DENY ') + q_id 
+            return value 
+          end
+          nil
+        end
+        
+        def set_cached(requester,privilege,target,results)
+          
+          this_query_id=query_id(requester,privilege,target)
+          instance_cache=requester.active_acl_instance_cache
+          
+          if target.nil? #no target? then results are all 2d privileges of the requester
+            last_privilege_value = nil
+            results.each do |row|
+              if row['privilege_id'] != last_privilege_value
+                last_privilege_value = row['privilege_id']
+                q_id=query_id(requester,privilege,target)
+                #TODO: put the into the db handler
+                v=((row['allow'] == '1') or (row['allow'] == 't'))
+                instance_cache[q_id] = v
+              end
+            end
+            requester.active_acl_cached_2d! #mark the cache as cached (at least 2d)
+            # the result should be in the cache now or we return false 
+            value=instance_cache[this_query_id] || false
+          else #3d request?
+            if results.empty?
+              value=false
+              instance_cache[this_query_id] = value
+            else #3d and a hit
+              value = ((results[0]['allow'].to_s == '1') or (results[0]['allow'].to_s == 't'))
+              instance_cache[this_query_id] = value
+            end
+          end
+          raise "something went realy wrong!" if value.nil?
+          
+          #cache the whole instance cache
+          cache.set(requester_cache_id(requester),instance_cache,ActiveAcl::OPTIONS[:cache_privilege_timeout])
+          
+          value
+        end
+        
+        # build ACL query strings once, 
+        # so we don't need to do this on every request
+        # SQL: 
+        # we always need acl,and privileges, and requester_links
+        # we need the target_links if its a 3d query
+        # we need the target_groups if the it's a 3d query and the target is grouped
+        # we need the requester_groups if the requester is grouped
+        # the ordering depens on 2d/3d
+        # We'll build the SQL on demand and cache it so it'll 
+        # be a function of: requester,target,privilege 
+        attr_reader :query_r_select, :query_r_where_2d, :query_r_where_3d, :order_by_3d,:order_by_2d
+        def requester_query
+          @query_r_select = <<-QUERY
+            SELECT acls.id, acls.allow, privileges.id AS privilege_id FROM #{ActiveAcl::OPTIONS[:acls_table]} acls 
+            LEFT JOIN #{ActiveAcl::OPTIONS[:acls_privileges_table]} acls_privileges ON acls_privileges.acl_id=acls.id 
+            LEFT JOIN #{ActiveAcl::OPTIONS[:privileges_table]} privileges ON privileges.id = acls_privileges.privilege_id
+            LEFT JOIN #{ActiveAcl::OPTIONS[:requester_links_table]} r_links ON r_links.acl_id=acls.id
+            QUERY
+          if grouped?
+            requester_groups_table = group_class_name.constantize.table_name
+            requester_group_type = group_class_name.constantize.name
+            
+            @query_r_select << "
+            LEFT JOIN #{ActiveAcl::OPTIONS[:requester_group_links_table]} r_g_links ON acls.id = r_g_links.acl_id AND r_g_links.requester_group_type = '#{requester_group_type}'
+            LEFT JOIN #{requester_groups_table} r_groups ON r_g_links.requester_group_id = r_groups.id
+            "
+          end
+          
+          @query_r_where_3d = "acls.enabled = #{klass.connection.quote(true)} AND (privileges.id = %{privilege_id}) "
+          @query_r_where_2d = "acls.enabled = #{klass.connection.quote(true)}"
+          query = " AND ((r_links.requester_id=%{requester_id}  
+          AND r_links.requester_type='#{klass.base_class.name}')"
+          if grouped?
+            
+            query << " OR (r_g_links.requester_group_id IN #{group_handler.group_sql(self)})) "
+          else
+            query << ")" 
+          end
+          @query_r_where_3d << query
+          @query_r_where_2d << query
+          
+          
+          #@query_r_where_2d << '(t_g_links.acl_id IS NULL)) '
+          @order_by_3d = []
+          @order_by_3d << "(CASE WHEN r_g_links.acl_id IS NULL THEN 0 ELSE 1 END) ASC"
+          @order_by_3d << group_handler.order_by(self) if grouped?
+          
+           
+          
+          #TODO ordering of groups
+          @order_by_2d = 'privileges.id,'
+          @order_by_2d << "(CASE WHEN r_g_links.acl_id IS NULL THEN 0 ELSE 1 END) ASC," if grouped?
+          @order_by_2d << "acls.updated_at DESC"
+        end
+        
+        def target_query
+          @query_t_select = " LEFT JOIN #{ActiveAcl::OPTIONS[:target_links_table]} t_links ON t_links.acl_id=acls.id"
+          if grouped?
+            target_groups_table = @group_class_name.constantize.table_name
+            target_group_type = @group_class_name.constantize.name
+            
+            @query_t_select << " LEFT JOIN #{ActiveAcl::OPTIONS[:target_group_links_table]} t_g_links ON t_g_links.acl_id=acls.id
+                                AND t_g_links.target_group_type = '#{target_group_type}'
+                                LEFT JOIN #{target_groups_table} t_groups ON t_groups.id=t_g_links.target_group_id"
+          end 
+          @query_t_where = " AND ((t_links.target_id=%{target_id}
+                             AND t_links.target_type = '%{target_type}' )"
+          if grouped?
+            @query_t_where << " OR t_g_links.target_group_id IN #{group_handler.group_sql(self,true)})"
+          else
+            @query_t_where << ")"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/active_acl/load_controller_actions.rb

@@ -1,5 +1,3 @@
-#require 'active_support'
-#require 'action_view'
 
 class ActionController::Base
   # Get the access object for the current action.
@@ -14,7 +12,7 @@ class ActionController::Base
   
   # Overrides method_added, so the needed ActiveAcl::ControllerAction is loaded/created 
   # when the action gets added to the controller. 
-  def self.method_added(action)
+  def self.method_added(action) #:nodoc:
     method_added_before_active_acl_controller_action_loading(action)
     ActiveAcl::CONTROLLERS[self.name] ||= {}
 

data/lib/active_acl/privilege_const_set.rb

@@ -9,10 +9,10 @@ class ::Module
     result = []
     constant.is_a?(Hash) ? constant_hash = constant : constant_hash = {constant.to_s => nil}      
     constant_hash.each_pair do |constant_name, description|
-      if !const_defined?(constant_name.to_s) or force_reload
+      if !const_defined?(constant_name.to_s) || force_reload
         remove_const(constant_name.to_s) if const_defined?(constant_name.to_s)
         privilege = ActiveAcl::Privilege.find_by_section_and_value(self.name, constant_name.to_s)
-        privilege = ActiveAcl::Privilege.create(:section => self.name, :value => constant_name.to_s, :description => description) unless privilege
+        privilege = ActiveAcl::Privilege.create!(:section => self.name, :value => constant_name.to_s, :description => description) unless privilege
         const_set(constant_name.to_s, privilege)
         result << privilege
       end

data/lib/active_acl.rb

@@ -1,26 +1,32 @@
 module ActiveAcl
+  
+  
 end
 
 # plugin dependency
 require 'has_many_polymorphs'
 
-ActiveAcl::CONTROLLERS = {}
-
 require 'active_acl/options'
+require 'active_acl/base'
+
 require 'active_acl/privilege_const_set'
+require 'active_acl/grant'
+
+require 'active_acl/handler/object_handler'
+require 'active_acl/handler/nested_set'
 require 'active_acl/db/active_record_adapter'
 require 'active_acl/cache/no_cache_adapter'
 require 'active_acl/load_controller_actions'
 require 'active_acl/acts_as_access_object'
 require 'active_acl/acts_as_access_group'
-
 require 'active_acl/load_files_from'
 
+
 # call class so its loaded and registered as access object
 # wrap in rescue block so migrations don't fail
 begin
   ActiveAcl::ControllerAction
   ActiveAcl::ControllerGroup
-rescue
-  nil
+rescue StandardError => e
+  puts "Error #{e.message} #{e.backtrace.join("\n")}(need migrations?)"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: activeaclplus
 version: !ruby/object:Gem::Version 
-  version: 0.3.1
+  version: 0.4.0
 platform: ruby
 authors: 
 - Peter Schrammel
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-12-07 00:00:00 +01:00
+date: 2009-03-04 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -30,8 +30,10 @@ executables: []
 
 extensions: []
 
-extra_rdoc_files: []
-
+extra_rdoc_files: 
+- README.rdoc
+- LICENSE
+- CHANGELOG
 files: 
 - lib/active_acl
 - lib/active_acl/db
@@ -40,45 +42,51 @@ files:
 - lib/active_acl/cache
 - lib/active_acl/cache/no_cache_adapter.rb
 - lib/active_acl/cache/memcache_adapter.rb
-- lib/active_acl/target_group_link.rb
-- lib/active_acl/controller_action.rb
-- lib/active_acl/acl_section.rb
+- lib/active_acl/handler
+- lib/active_acl/handler/object_handler.rb
+- lib/active_acl/handler/nested_set.rb
 - lib/active_acl/load_files_from.rb
-- lib/active_acl/acts_as_access_object.rb
-- lib/active_acl/privilege.rb
 - lib/active_acl/options.rb
-- lib/active_acl/requester_link.rb
-- lib/active_acl/controller_group.rb
-- lib/active_acl/acl.rb
 - lib/active_acl/load_controller_actions.rb
-- lib/active_acl/target_link.rb
 - lib/active_acl/privilege_const_set.rb
-- lib/active_acl/requester_group_link.rb
 - lib/active_acl/acts_as_access_group.rb
+- lib/active_acl/acts_as_access_object.rb
+- lib/active_acl/grant.rb
+- lib/active_acl/base.rb
 - lib/active_acl.rb
 - tasks/active_acl_base_tasks.rake
-- generators/active_acl
-- generators/active_acl/templates
-- generators/active_acl/templates/controllers
-- generators/active_acl/templates/controllers/privileges_controller.rb
-- generators/active_acl/templates/views
-- generators/active_acl/templates/views/privileges
-- generators/active_acl/templates/views/privileges/list.rhtml
-- generators/active_acl/templates/views/privileges/edit.rhtml
-- generators/active_acl/templates/views/privileges/_privilege_form.rhtml
-- generators/active_acl/active_acl_generator.rb
 - db/migrate
 - db/migrate/001_base_table_setup.rb
+- app/models
+- app/models/active_acl
+- app/models/active_acl/acl_section.rb
+- app/models/active_acl/controller_group.rb
+- app/models/active_acl/privilege.rb
+- app/models/active_acl/requester_group_link.rb
+- app/models/active_acl/requester_link.rb
+- app/models/active_acl/target_group_link.rb
+- app/models/active_acl/target_link.rb
+- app/models/active_acl/controller_action.rb
+- app/models/active_acl/acl.rb
+- app/controllers
+- app/controllers/privileges_controller.rb
+- app/view
+- app/view/privileges
+- app/view/privileges/list.rhtml
+- app/view/privileges/edit.rhtml
+- app/view/privileges/_privilege_form.rhtml
 - init.rb
 - install.rb
-- LICENSE
 - Rakefile
 - README.rdoc
+- LICENSE
 - CHANGELOG
 has_rdoc: true
 homepage: http://activeaclplus.rubyforge.org/
 post_install_message: 
 rdoc_options: 
+- --title
+- Active Acl Plus
 - --main
 - README.rdoc
 require_paths: 
@@ -98,9 +106,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: activeaclplus
-rubygems_version: 1.2.0
+rubygems_version: 1.3.1
 signing_key: 
 specification_version: 2
-summary: activeaclplus 0.3.0
+summary: A new Version (0.4.0) of ActiveAclPlus is available.
 test_files: []
 

data/generators/active_acl/active_acl_generator.rb

@@ -1,29 +0,0 @@
-class ActiveAclGenerator < Rails::Generator::Base
-  attr_accessor :privileges_class_name, :privileges_file_name, :privileges_view_dir
-  
-  def initialize(*runtime_args)
-    super(*runtime_args)
-    @privileges_class_name = (args[0] || 'PrivilegesController')
-    @privileges_file_name = @privileges_class_name.underscore
-    @privileges_view_dir = File.join('app', 'views', @privileges_file_name.gsub('_controller', ''))
-  end
-
-  def manifest
-    record do |m|
-      # Stylesheet, controllers and public directories.
-      m.directory File.join('public', 'stylesheets')
-      m.directory File.join('app', 'controllers')
-      m.directory File.join('app', 'views')
-      m.directory privileges_view_dir
-
-      m.template 'controllers/privileges_controller.rb', File.join('app', 'controllers', "#{privileges_file_name}.rb")
-      m.file 'views/privileges/_privilege_form.rhtml', File.join(privileges_view_dir, '_privilege_form.rhtml')      
-      m.file 'views/privileges/edit.rhtml', File.join(privileges_view_dir, 'edit.rhtml')      
-      m.file 'views/privileges/list.rhtml', File.join(privileges_view_dir, 'list.rhtml')      
-      m.migration_template('../../../db/migrate/001_base_table_setup.rb',
-        'db/migrate',
-        :assigns => {:migration_name => "BaseTableSetup"},
-        :migration_file_name => "base_table_setup")
-    end
-  end
-end