adeia 0.0.1 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d503d070daefd2536b8e3a74ec468c47c85b45c6
-  data.tar.gz: 8d2a6441982294cc3f7eaf2a978dc29bf964f7a6
+  metadata.gz: 4532656038bf240c25749082f7be357f05f7e355
+  data.tar.gz: f0df2615b74907c8fa22038531358c040726a0a2
 SHA512:
-  metadata.gz: 939b3b1926065df7ac32492a2e6dd14299ef0e80af7feed5a0fc745a9e221fac4e6d731fe2bc266125a7ebec5d1992650d88b212b9c7bdb60fbe6c0c6ea20248
-  data.tar.gz: b3cd32b31f5e51274366799d2bf4220c7fa09afb1d276fe5870ed7eef15e95d6ef17d2f461166920071f6fa0f99b2e9dbedef851dfed47f24bf43691fe2821e6
+  metadata.gz: 3d14df596215915a2101d4cdeb2d8ef7138a76aa3ce9371cb44ff3e09ba1f2521e4a028c9abea9550f3bcdeea9799e07bef822790f543bfbfc383c634fdcfb4d
+  data.tar.gz: a90b37a268eaf2eba9c7bcd22deda19378450d7bbfc292ca7d2999bd106b4313c11d43cfafeef8bfbfc00afee53fe41a421982d7a771691d70f772eba9afda79

data/Rakefile

@@ -4,15 +4,6 @@ rescue LoadError
   puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
 end
 
-require 'rdoc/task'
-
-RDoc::Task.new(:rdoc) do |rdoc|
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title    = 'Adeia'
-  rdoc.options << '--line-numbers'
-  rdoc.rdoc_files.include('README.rdoc')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
 
 APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
 load 'rails/tasks/engine.rake'
@@ -21,17 +12,4 @@ load 'rails/tasks/engine.rake'
 load 'rails/tasks/statistics.rake'
 
 
-
-Bundler::GemHelper.install_tasks
-
-require 'rake/testtask'
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
-  t.pattern = 'test/**/*_test.rb'
-  t.verbose = false
-end
-
-
-task default: :test
+Bundler::GemHelper.install_tasks

data/app/assets/javascripts/adeia/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/adeia/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/adeia/application_controller.rb

@@ -0,0 +1,4 @@
+module Adeia
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/helpers/adeia/application_helper.rb

@@ -0,0 +1,4 @@
+module Adeia
+  module ApplicationHelper
+  end
+end

data/app/models/adeia/action.rb

@@ -0,0 +1,5 @@
+module Adeia
+  class Action < ActiveRecord::Base
+    has_many :action_permissions
+  end
+end

data/app/models/adeia/action_permission.rb

@@ -0,0 +1,6 @@
+module Adeia
+  class ActionPermission < ActiveRecord::Base
+    belongs_to :action
+    belongs_to :permission
+  end
+end

data/app/models/adeia/element.rb

@@ -0,0 +1,3 @@
+class Adeia::Element < ActiveRecord::Base
+  has_many :permissions
+end

data/app/models/adeia/group.rb

@@ -0,0 +1,3 @@
+class Adeia::Group < ActiveRecord::Base
+  has_many :group_users
+end

data/app/models/adeia/group_user.rb

@@ -0,0 +1,4 @@
+class Adeia::GroupUser < ActiveRecord::Base
+  belongs_to :group
+  belongs_to :user
+end

data/app/models/adeia/permission.rb

@@ -0,0 +1,4 @@
+class Adeia::Permission < ActiveRecord::Base
+  belongs_to :owner
+  belongs_to :element
+end

data/app/models/adeia/token.rb

@@ -0,0 +1,5 @@
+module Adeia
+  class Token < ActiveRecord::Base
+    belongs_to :permission
+  end
+end

data/config/locales/en.yml

@@ -0,0 +1,6 @@
+en:
+  exceptions:
+    messages:
+      login_required: "Please login before visiting this page !"
+      access_denied: "You don't have access to this page !"
+      missing_params: "params %{params} is missing !"

data/config/locales/fr.yml

@@ -0,0 +1,6 @@
+fr:
+  exceptions:
+    messages:
+      login_required: "Veuillez vous connecter pour accéder à cette page !"
+      access_denied: "Vous n'êtes pas autorisé à accéder à cette page !"
+      missing_params: "Le paramètre %{params} est manquant !"

data/config/routes.rb

@@ -1,2 +1,2 @@
-Rails.application.routes.draw do
-end
+Adeia::Engine.routes.draw do
+end

data/db/migrate/20151003144041_create_adeia_elements.rb

@@ -0,0 +1,9 @@
+class CreateAdeiaElements < ActiveRecord::Migration
+  def change
+    create_table :adeia_elements do |t|
+      t.string :name
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151003144208_create_adeia_permissions.rb

@@ -0,0 +1,16 @@
+class CreateAdeiaPermissions < ActiveRecord::Migration
+  def change
+    create_table :adeia_permissions do |t|
+      t.references :owner, polymorphic: true, index: true
+      t.references :element, index: true, foreign_key: true
+      t.integer :permission_type
+      t.boolean :read_right
+      t.boolean :create_right
+      t.boolean :update_right
+      t.boolean :destroy_right
+      t.integer :resource_id
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151003144650_create_adeia_groups.rb

@@ -0,0 +1,9 @@
+class CreateAdeiaGroups < ActiveRecord::Migration
+  def change
+    create_table :adeia_groups do |t|
+      t.string :name
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151003144706_create_adeia_group_users.rb

@@ -0,0 +1,10 @@
+class CreateAdeiaGroupUsers < ActiveRecord::Migration
+  def change
+    create_table :adeia_group_users do |t|
+      t.references :group, index: true, foreign_key: true
+      t.references :user, index: true, foreign_key: true
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151003150524_create_adeia_tokens.rb

@@ -0,0 +1,12 @@
+class CreateAdeiaTokens < ActiveRecord::Migration
+  def change
+    create_table :adeia_tokens do |t|
+      t.string :token
+      t.boolean :valid
+      t.references :permission, index: true, foreign_key: true
+      t.date :exp_at
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151003150747_create_adeia_actions.rb

@@ -0,0 +1,9 @@
+class CreateAdeiaActions < ActiveRecord::Migration
+  def change
+    create_table :adeia_actions do |t|
+      t.string :name
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151003150806_create_adeia_action_permissions.rb

@@ -0,0 +1,10 @@
+class CreateAdeiaActionPermissions < ActiveRecord::Migration
+  def change
+    create_table :adeia_action_permissions do |t|
+      t.references :action, index: true, foreign_key: true
+      t.references :permission, index: true, foreign_key: true
+
+      t.timestamps null: false
+    end
+  end
+end

data/lib/adeia/authorization.rb

@@ -0,0 +1,48 @@
+require 'adeia/database'
+require 'adeia/exceptions'
+
+module Adeia
+
+  class Authorization < Database
+
+    def authorize!
+      @rights = token_rights(right_name)
+      raise LoginRequired if @rights.empty? && @user.nil?
+      @rights.push(send("#{right_name}_rights")) if @user
+      raise AccessDenied unless authorize?
+    end
+
+    def can?
+      @rights = token_rights.push(send("#{right_name}_rights"))
+      authorize?
+    end
+
+    private
+
+    def authorize?
+      all_entries? || on_ownerships? || on_entry?
+    end
+
+    def all_entries?
+      @rights.any? { |r| r.permission_type == "all_entries" }
+    end
+
+    def on_ownerships?
+      @rights.any? { |r| r.permission_type == "on_ownerships" } && @user && @resource.try(:user) == @user
+    end
+
+    def on_entry?
+      @rights.pluck(:resource_id).compact.include? @resource.try(:id)
+    end
+
+    def right_names
+      {read: [:index, :show], create: [:new, :create], update: [:edit, :update], destroy: [:destroy]} 
+    end
+
+    def right_name
+      right_names.select { |k, v| v.include? @action.to_sym }.keys[0] || :action
+    end
+
+  end
+
+end

data/lib/adeia/controller_methods.rb

@@ -0,0 +1,43 @@
+require 'adeia/controller_resource'
+
+module Adeia
+
+  module ControllerMethods
+
+    module ClassMethods
+
+      def load_and_authorize(**args)
+        ControllerResource.add_before_filter(self, :load_resoure_or_records_and_authorize, **args)
+      end
+
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+      base.helper_method :can?
+    end
+
+    def load_and_authorize!(**args)
+      controller_resource = ControllerResource.new(self, **args)
+      resource = controller_resource.load_resource
+      controller_resource.authorize!
+      return resource
+    end
+
+    def authorize_and_load_records!(**args)
+      controller_resource = ControllerResource.new(self, **args)
+      controller_resource.authorize!
+      return controller_resource.load_records
+    end
+
+    def authorize!(**args)
+      ControllerResource.new(self, **args).authorize!
+    end
+
+    def can?(action, controller=nil, resource=nil)
+      args = { action: action, controller: controller, resource: resource }
+      ControllerResource.new(self, **args).can?
+    end
+  end
+
+end

data/lib/adeia/controller_resource.rb

@@ -0,0 +1,84 @@
+require 'adeia/authorization'
+require 'adeia/exceptions'
+
+module Adeia
+
+  class ControllerResource
+
+    def self.add_before_filter(controller_class, method, **args)
+      controller_class.send(:before_action, args.slice(:only, :except, :if, :unless)) do |controller|
+        ControllerResource.send(method, controller)
+      end
+    end
+
+    def self.load_resoure_or_records_and_authorize(controller)
+      if controller.action_name == "index"
+        controller.authorize_and_load_records!
+      else
+        controller.load_and_authorize!
+      end
+    end
+
+    def initialize(controller, **args)
+      @controller = controller
+      @action_name = args.fetch(:action, @controller.action_name)
+      @controller_name = args.fetch(:controller, @controller.controller_path)
+      @token = args.fetch(:token, @controller.params[:token])
+      @resource = args[:resource]
+      @user = @controller.current_user
+    end
+
+    def load_resource
+      begin
+        @resource = resource_class.find(@controller.params.fetch(:id))
+        @controller.instance_variable_set("@#{resource_name}", @resource)
+      rescue KeyError
+        raise MissingParams.new(:id)
+      end
+    end
+
+    def load_records
+      rights = authorization.read_rights + authorization.token_rights
+      resource_ids = rights.pluck(:resource_id).compact
+      @records ||= if rights.any? { |r| r.permission_type == "all_entries" }
+        resource_class.all
+      elsif rights.any? { |r| r.permission_type == "on_ownerships" }
+        resource_class.where(user_id: @user.id, id: resource_ids)
+      elsif rights.any? { |r| r.permission_type == "on_entry" }
+        resource_class.where(id: resource_ids)
+      else
+        resource_class.none
+      end
+      @controller.instance_variable_set("@#{resource_name.pluralize}", @records)
+    end
+
+    def authorization
+      @authorization ||= Authorization.new(@controller_name, @action_name, @token, @resource, @user)
+    end
+
+
+    def authorize!
+      authorization.authorize!
+    end
+
+    def can?
+      authorization.can?
+    end
+
+    private
+
+    def resource_class
+      begin
+        @controller.controller_path.classify.constantize
+      rescue NameError
+        @controller.controller_name.classify.constantize
+      end
+    end
+
+    def resource_name
+      resource_class.model_name.element
+    end
+
+  end
+
+end

data/lib/adeia/database.rb

@@ -0,0 +1,52 @@
+module Adeia
+
+  class Database
+
+    def initialize(controller, action, token, resource, user)
+      @controller = controller
+      @action = action
+      @token = token
+      @resource = resource
+      @user = user
+    end
+
+    def read_rights
+      @read_rights ||= Adeia::Permission.joins(:element).where(owner: owners, read_right: true, elements: {name: @controller})
+    end
+
+    def create_rights
+      @create_rights ||= Adeia::Permission.joins(:element).where(owner: owners, create_right: true, elements: {name: @controller})
+    end
+
+    def update_rights
+      @update_rights ||= Adeia::Permission.joins(:element).where(owner: owners, update_right: true, elements: {name: @controller})
+    end
+
+    def destroy_rights
+      @destroy_rights ||= Adeia::Permission.joins(:element).where(owner: owners, destroy_right: true, elements: {name: @controller})
+    end
+
+    def action_rights
+      @action_rights ||= Adeia::Permission.joins(:actions, :element).where(owner: owners, elements: {name: @controller}, actions: {name: @action})
+    end
+
+    def token_rights(right_name)
+      @permission_token ||= Adeia::Token.find_by_token(@token)
+      if @permission_token && @permission_token.valid
+        @token_rights ||= Adeia::Permission.joins(:element).where("ownerships.id = ? AND elements.name = ? AND #{right_name}_right = ?", @permission_token.permission_id, @controller, true)
+      else
+        @token_rights ||= Adeia::Permission.none
+      end
+    end
+
+    def user_groups
+      @user_groups ||= Adeia::Group.joins(:group_users).where(adeia_group_users: { user_id: @user.id })
+    end
+
+    def owners
+      @owners ||= user_groups.push @user
+    end
+
+  end
+
+end

data/lib/adeia/engine.rb

@@ -1,4 +1,12 @@
+require "adeia/controller_methods"
+
 module Adeia
   class Engine < ::Rails::Engine
+    isolate_namespace Adeia
+
+    initializer 'Adeia.controller' do |app|
+      ActionController::Base.send :include, Adeia::ControllerMethods
+    end
+
   end
 end

data/lib/adeia/exceptions.rb

@@ -0,0 +1,33 @@
+module Adeia
+
+  class Error < StandardError; end
+
+  class LoginRequired < Error
+
+    def to_s
+      I18n.t("exceptions.messages.login_required")
+    end
+
+  end
+
+  class AccessDenied < Error
+
+    def to_s
+      I18n.t("exceptions.messages.access_denied")
+    end
+
+  end
+
+  class MissingParams < Error
+
+    def initialize(params)
+      @params = params
+    end
+
+    def to_s
+      I18n.t("exceptions.messages.missing_params", params: @params)
+    end
+
+  end
+
+end

data/lib/adeia/version.rb

@@ -1,3 +1,3 @@
 module Adeia
-  VERSION = "0.0.1"
+  VERSION = "0.1.0"
 end

data/test/dummy/app/assets/javascripts/sessions.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/test/dummy/app/assets/stylesheets/scaffold.css

@@ -0,0 +1,56 @@
+body { background-color: #fff; color: #333; }
+
+body, p, ol, ul, td {
+  font-family: verdana, arial, helvetica, sans-serif;
+  font-size:   13px;
+  line-height: 18px;
+}
+
+pre {
+  background-color: #eee;
+  padding: 10px;
+  font-size: 11px;
+}
+
+a { color: #000; }
+a:visited { color: #666; }
+a:hover { color: #fff; background-color:#000; }
+
+div.field, div.actions {
+  margin-bottom: 10px;
+}
+
+#notice {
+  color: green;
+}
+
+.field_with_errors {
+  padding: 2px;
+  background-color: red;
+  display: table;
+}
+
+#error_explanation {
+  width: 450px;
+  border: 2px solid red;
+  padding: 7px;
+  padding-bottom: 0;
+  margin-bottom: 20px;
+  background-color: #f0f0f0;
+}
+
+#error_explanation h2 {
+  text-align: left;
+  font-weight: bold;
+  padding: 5px 5px 5px 15px;
+  font-size: 12px;
+  margin: -7px;
+  margin-bottom: 0px;
+  background-color: #c00;
+  color: #fff;
+}
+
+#error_explanation ul li {
+  font-size: 12px;
+  list-style: square;
+}

data/test/dummy/app/assets/stylesheets/sessions.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/test/dummy/app/controllers/application_controller.rb

@@ -2,4 +2,6 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
+
+  include SessionsHelper
 end

data/test/dummy/app/controllers/articles_controller.rb

@@ -0,0 +1,55 @@
+class ArticlesController < ApplicationController
+  before_action :set_article, only: [:show, :edit, :update, :destroy]
+  load_and_authorize
+
+  def index
+    #@articles = Article.all
+    #authorize_and_load_records!
+  end
+
+  def show
+    #load_and_authorize!
+  end
+
+  def new
+    #authorize!
+    @article = Article.new
+  end
+
+  def edit
+    #load_and_authorize!
+  end
+
+  def create
+    @article = Article.new(article_params)
+    @article.user = current_user
+    if @article.save
+      redirect_to @article, notice: 'Article was successfully created.'
+    else
+      render :new
+    end
+  end
+
+  def update
+    if @article.update(article_params)
+      redirect_to @article, notice: 'Article was successfully updated.'
+    else
+      render :edit
+    end
+  end
+
+  def destroy
+    @article.destroy
+    redirect_to articles_url, notice: 'Article was successfully destroyed.'
+  end
+
+  private
+
+    def set_article
+      @article = Article.find(params[:id])
+    end
+
+    def article_params
+      params.require(:article).permit(:title, :content)
+    end
+end