aki-operations 1.0.0

data/app/views/admin/operations/index.html.erb

@@ -0,0 +1,88 @@
+<div class="container">
+  <div class="padded">
+    <div class="justify-content-between d-flex w-100">
+      <h1>Operations Management</h1>
+      <h6>You are a: <%= user_role_badge(current_user) %></h6>
+    </div>
+    <div class="text-center">
+      <div class="small text-muted">
+        Operations count: <%= @operations.size %>
+      </div>
+      <div class="small text-muted">
+        User permissions count: <%= @permissions.size %>
+      </div>
+    </div>
+  </div>
+
+  <p class="very lighly padded">
+  	You view can find below a new way of managing your operations for this application! This
+    will be most useful for determining what types of users are allowed to do. Adding exceptions
+    is also be a possibility. Each section will features on how to use them.
+  </p>
+
+  <div class="row">
+    <div class="col-md-6">
+      <div class="list-group">
+        <a href="<%= admin_operations_users_path %>" class="list-group-item list-group-item-action flex-column align-items-start">
+          <div class="d-flex w-100 justify-content-between">
+            <h3 class="mb-1">
+              View User permissions
+            </h3>
+            <h1 class=""><span style="vertical-align: top;" class="material-icons md-36">supervised_user_circle</span> </h1>
+          </div>
+          <p>
+            View all users permissions types defined on the system.
+          </p>
+        </a>
+      </div>
+    </div>
+    <div class="col-md-6">
+      <div class="list-group">
+        <a href="<%= admin_operations_actions_path %>" class="list-group-item list-group-item-action flex-column align-items-start">
+          <div class="d-flex w-100 justify-content-between">
+            <h3 class="mb-1">
+              View Actions
+            </h3>
+            <h1 class=""><span style="vertical-align: top;" class="material-icons md-36">offline_bolt</span> </h1>
+          </div>
+          <p>
+            View all users permissions types defined on the system.
+          </p>
+        </a>
+      </div>
+    </div>
+  </div>
+  <!--
+  <div style="margin-top: 15px;" class="row">
+    <div class="col-md-6">
+      <div class="list-group">
+        <a href="<%= admin_operations_users_path(params: {edit: true}) %>" class="list-group-item list-group-item-action flex-column align-items-start">
+          <div class="d-flex w-100 justify-content-between">
+            <h3 class="mb-1">
+              Edit User permissions
+            </h3>
+            <h1 class=""><span style="vertical-align: top;" class="material-icons md-36">supervised_user_circle</span> </h1>
+          </div>
+          <p>
+            View all users permissions types defined on the system.
+          </p>
+        </a>
+      </div>
+    </div>
+    <div class="col-md-6">
+      <div class="list-group">
+        <a href="<%= admin_operations_actions_path(params: {edit: true}) %>" class="list-group-item list-group-item-action flex-column align-items-start">
+          <div class="d-flex w-100 justify-content-between">
+            <h3 class="mb-1">
+              Edit Actions
+            </h3>
+            <h1 class=""><span style="vertical-align: top;" class="material-icons md-36">offline_bolt</span> </h1>
+          </div>
+          <p>
+            View all users permissions types defined on the system.
+          </p>
+        </a>
+      </div>
+    </div>
+  </div> -->
+</div>

data/app/views/admin/operations/users/index.html.erb

@@ -0,0 +1,20 @@
+<div class="container">
+  <div class="padded">
+    <div class="justify-content-between d-flex w-100">
+      <h1><%= @editing_title %></h1>
+      <h6>You are a: <%= user_role_badge(current_user) %></h6>
+    </div>
+    <div class="text-center">
+      <div class="small text-muted">
+        User permissions count: <%= @permissions.size %>
+      </div>
+    </div>
+  </div>
+
+  <% if @editing %>
+    <%= render 'admin/operations/users/index/edit' %>
+  <% else %>
+    <%= render 'admin/operations/users/index/view' %>
+  <% end %>
+
+</div>

data/app/views/admin/operations/users/index/_edit.html.erb

@@ -0,0 +1,4 @@
+<p class="very lighly padded">
+  Manage here all user roles that are defined on the system. You can
+  add, remove or edit these roles on this page.
+</p>

data/app/views/admin/operations/users/index/_view.html.erb

@@ -0,0 +1,158 @@
+<p>
+  View here all user roles that are defined on the system. <!-- Should you need
+  adding, removing or editing these roles, please click
+  <%= link_to('here', admin_operations_users_path(params: {edit: true})) %>. -->
+</p>
+
+<div class="row">
+  <div class="col-md-6">
+    <div class="very lightly padded text-center">
+      <b class="text-muted">User roles</b>
+    </div>
+    <div class="list-group" style="overflow-y: auto; height: 62vh;">
+      <% @permissions.each do |permission| %>
+          <div permission="<%= permission[:name] %>" class="list-group-item list-group-item-action <%= permission[:value].nil? ? "disabled" : 'clickable' %>">
+            <% if permission[:description] && permission[:name] %>
+              <div class="d-flex w-100 justify-content-between">
+                <%= permission[:description] %>
+                <small class="text-muted"><%= permission[:name] %></small>
+              </div>
+            <% else %>
+              <%= permission[:description] || permission[:name] %>
+            <% end %>
+          </div>
+      <% end %>
+    </div>
+  </div>
+  <div class="col-md-6">
+    <div class="very lightly padded">
+      <div class="text-center">
+        <b class="text-muted">More details</b>
+      </div>
+      <div style="margin-top: 10px;">
+        <div class="cards">
+          <div class="text-center">
+            <div before-getting="description" class="card-body">
+              You can click on one of the roles on the right. Doing that
+              will display more details about the role right here.
+            </div>
+            <div before-getting="loading" class="card-body">
+              Please wait while we're fetching the latest information for
+              this operation...
+            </div>
+          </div>
+          <div after-getting="description" class="card-bodys">
+            <p class="very lightly padded">
+              <div class="d-flex w-100 justify-content-between">
+                <span><b>Name: </b> <span after-getting="field" data-field="name"></span></span>
+                <div id="operation-id">
+                  <b>Operation ID: </b> <span after-getting="field" data-field="operation_id"></span>
+                </div>
+              </div>
+            </p>
+            <div class="small">
+              <p class="very lightly padded">
+                Required category to execute this action: <b><span after-getting="field" data-field="scope"></span></b>
+              </p>
+              <div id="operations-list-cont">
+                <p class="very lightly padded">
+                  The following <b><span after-getting="field" data-field="operations_count"></span></b> are associated to execute this action:
+                </p>
+                <div id="operations-list" class="list-group"></div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script type="text/javascript">
+  $(document).ready(function() {
+    $('[before-getting]').hide();
+    $('[after-getting]').hide();
+    $('[before-getting="description"]').show();
+    $('#operations-list-cont').hide();
+
+    $('[permission]').on('click', function(e) {
+      $('[permission]').removeClass('active');
+      $('[after-getting]').show();
+      $('[before-getting]').hide();
+      $('[before-getting="loading"]').show();
+
+      let target = $(this);
+      $('[permission]').addClass('disabled');
+      let value = target.attr('permission');
+      if (value) {
+        $.ajax({
+          url: '/admin/operations/users/' + value + '/details',
+          success: function(response) {
+            $('[before-getting]').hide();
+            $('#before-getting').hide();
+            $('[permission]').removeClass('disabled');
+            if (response.success) {
+              target.addClass('active');
+              let operation = response.operation;
+              let operations = response.operations;
+
+              $('[after-getting="field"][data-field="name"]')
+                  .text(operation.name);
+              $('[after-getting="field"][data-field="scope"]')
+                  .text(operation.description);
+              if (operation.value >= 0) {
+                $('#operation-id').show();
+              } else {
+                $('#operation-id').hide();
+              }
+              $('[after-getting="field"][data-field="operation_id"]')
+                  .text(operation.value);
+
+              const operations_count = count => {
+                return operations.length == 1 ?
+                    'one operation' :
+                    operations.length + " operations";
+              }
+              $('#operations-list').text('');
+              if (operations.length > 0) {
+                $('#operations-list-cont').show();
+                $('[after-getting="field"][data-field="operations_count"]')
+                    .text(operations_count(operations.length));
+                let sousa_html = [];
+                const users_description = description => {
+                  if (!description || !description.trim()) {
+                    return "No description is available."
+                  }
+                  return description;
+                }
+
+                // sousa = 操作 (means "operation"). Didn't want to override the
+                // "operation" var already defined. And mostly to be original...かな〜
+                [].forEach.call(operations, function(sousa) {
+                  sousa_html += [
+                    '<div class="list-group">',
+                      '<div class="list-group-item">',
+                        '<div class="d-flex w-100 justify-content-between">',
+                          '<span class="bold">' + sousa.name + '</span>',
+                          '<small class="text-muted">' + sousa.scope + '</small>',
+                        '</div>',
+                        '<p class="mb-1">',
+                          users_description(sousa.description),
+                        '</p>',
+                      '</div>',
+                    '</div>'
+                  ].join('');
+                });
+                $('#operations-list').html(sousa_html);
+              } else {
+                operations_list_text = "No operations can have been associated."
+                $('#operations-list-cont').hide();
+                $('[after-getting="field"][data-field="operations_count"]').text('');
+              }
+            }
+          }
+        });
+      }
+    });
+  });
+</script>

data/config/routes.rb

@@ -0,0 +1,13 @@
+Rails.application.routes.draw do
+  namespace :admin do
+    resources :operations, only: [ :index ]
+    namespace :operations do
+      resources :users, param: :value, only: [ :index, :create, :update, :delete ] do
+        get :details, on: :member
+      end
+      resources :actions, param: :uuid, only: [ :index, :create, :update, :delete ] do
+        get :details, on: :member
+      end
+    end
+  end
+end

data/lib/generators/operations_generator.rb

@@ -0,0 +1,10 @@
+require 'rails/generators/base'
+
+class OperationsGenerator < Rails::Generators::Base
+  source_root File.expand_path("../templates", __FILE__)
+  desc "Creates a Operations initializer to your application."
+
+  def copy_initializer
+    template 'operations.rb', 'config/initializers/operations.rb'
+  end
+end

data/lib/generators/templates/operations.rb

@@ -0,0 +1,33 @@
+Operations::Config.setup do |config|
+
+  # Add here which operations to restrict on the app.
+  config.operations_list += []
+
+  # Add here what types of users will be able to execute anything
+  # on your app. A user type not defined won't even be able to load
+  # the application, so please be careful.
+  # config.user_roles += []
+
+  # Define what format should operations take.
+  config.operation_name_regex = %r{\w}
+
+  # Defines which hashing algorithm should be used for computing the
+  # operation's UUID. Must be a callable Class instance
+  config.operation_uuid_algorithm = OpenSSL::Digest::SHA256
+
+  # Enforcing the operations to your app can be done by extending the
+  # ApplicationController by Operations::EnforcedController. You also
+  # need to define which routes are associated with which operation.
+  #
+  # Caution: Any route that is not defined here will be ignored and thus
+  # allowed. To ensure you're not forgetting anything, you can use the "*"
+  # as a wildcard symbol.
+  #
+  # Example: associating all actions in the UsersController to the
+  # users_action operation can be done with:
+  # config.enforcements << {controller: :user, action: '*', operation: :users_action}
+  config.enforcements = [
+    # {controller: :application, action: '*', operation: :your_operation}
+  ]
+
+end

data/lib/operations.rb

@@ -0,0 +1,152 @@
+require "operations/railtie"
+require "operations/utils"
+require "operations/core_ext"
+require "operations/engine"
+require "operations/config"
+require "operations/enforcer"
+require "operations/act_as_operationable"
+require "operations/errors"
+require "operations/operation"
+require "operations/version"
+
+module Operations
+  class << self
+    def operations_list
+      Operations::Config.get_operations_list
+    end
+
+    def user_roles
+      Operations::Config.user_roles
+    end
+
+    def named_user_roles(all: false)
+      roles = Operations::Config.user_roles
+      roles = roles.reject{|role| role[:db_value].nil?} unless all
+      roles.map{|role| role[:name]}
+    end
+
+    def operations_list_by_uuid
+      operations_list.map{|op| {operation: op, uuid: op.uuid}}
+    end
+
+    # Returns the operation associated with the passed in UUID
+    def from_uuid(uuid)
+      operations_list.select{|operation| operation.uuid == uuid}[0]
+    end
+
+    # Returns the operation associated with the passed in name
+    def from_string(name)
+      operations_list.select{|operation| operation.name.to_s == name.to_s}[0]
+    end
+
+    # Returns the operations that have scope scope
+    def allowing(scope)
+      return nil if scope.blank?
+      operations_list.select{|operation| operation > scope}
+    end
+
+    def allowed_named_roles_for(scope)
+      current_value = user_role_value_from(scope)
+      user_roles
+          .select{|role| role[:name] == :all ||
+              !role[:value].nil? && role[:value] <= current_value}
+          .map{|role| role[:name]}
+    end
+
+    def from_user_type(scope)
+      value = allowed_named_roles_for(scope.to_sym)
+      scopes = value.reject{|role| role.nil?}
+    end
+
+    def allowed_int_roles_for(scope)
+      allowed_named_roles_for(scope)
+          .map{|named_scope| user_role_int_from(named_scope)}
+    end
+
+    def allowed_value_roles_for(scope)
+      allowed_named_roles_for(scope)
+          .map{|named_scope| user_role_value_from(named_scope)}
+    end
+
+    # Determines if the user is allowed to execute the operation name
+    def allows?(user, name)
+      operation = from_string(name)
+      return false if operation.nil?
+      operation.users.map{|u| u.id}.include?(user.id)
+    end
+
+    # Returns a list of user roles names straight from the config file
+    def user_roles_names
+      user_roles.map{|ur| ur[:name]}
+    end
+
+    # Returns a list of users roles that qualify as role_name
+    def user_roles_from(role_name, select_only: false)
+      value = user_role_value_from(role_name)
+      return [] if value.nil?
+      compare =-> (role, value) do
+        select_only ? role[:value] == value : role[:value] <= value
+      end
+      user_roles
+          .select{|role| role[:value] && compare.call(role, value)}
+          .map{|role| role[:db_value]}
+          .reject{|res| res.nil?}
+    end
+
+    # Returns a list of users roles that do not qualify as role_name
+    def user_roles_until(role_name)
+      value = user_role_value_from(role_name)
+      return [] if value.nil?
+      user_roles
+          .select{|role| role[:value] && role[:value] > value}
+          .map{|role| role[:db_value]}
+    end
+
+    def scopes_as(scope)
+      value = user_role_value_from(scope)
+      return [] if value.nil?
+      return [scope] if %w{all nobody}.include?(scope.to_s)
+      user_roles
+          .select{|role| role[:value] && role[:value] >= value}
+          .map{|role| role[:name]}
+    end
+
+    def operations_for(scope)
+      scopes = scopes_as(scope)
+      list = operations_list
+      if %w{all nobody}.include?(scope.to_s)
+        list.select{|op| op == scope}.uniq
+      else
+        list.select{|op| op >= scope}.uniq
+      end
+    end
+
+    # Returns a list of users that have roles user_roles_from
+    def users_acting_as(role_name, select_only: false)
+      User.where(role: user_roles_from(role_name, select_only: select_only))
+    end
+
+    # Returns a list of users that have roles user_roles_until
+    def users_denied_from(role_name)
+      User.where(role: user_roles_until(role_name))
+    end
+
+    def user_role_int_from(role_name)
+      result = user_roles.select{|role| role[:name] == role_name}[0]
+      return nil if result.nil?
+      result[:db_value]
+    end
+
+    def user_role_value_from(role_name)
+      result = user_roles.select{|role| role[:name] == role_name}[0]
+      return nil if result.nil?
+      result[:value]
+    end
+
+    def user_role_name_from(role_int)
+      result = user_roles.select{|role| role[:db_value] == role_int}[0]
+      return nil if result.nil?
+      result[:name]
+    end
+  end
+end