aki-operations 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c2d08c48fb192fb73dc402a0f298bdf008f76c939484555bea9f3dd3618a9665
+  data.tar.gz: 6e2f64d2996ee38cd52906b28f09c8f072163a8c8d5eb9792e904c3150035877
+SHA512:
+  metadata.gz: ab840178692d2edd91fa90fdd4bc18264e4cb5e23468440cec7501b0d12e9fcef7c0bc5b6f4c2a3a2f94f42e1143f5245b1814fd364517056fafa107436f78d8
+  data.tar.gz: 00a32fa12deff08c781b0599242f82b7323a94ca3db00b69dc5713e53853deb0f58f7fab9e0818402b18954fc80b4f454ca07c79732176b30e8728fd35665d23

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2018 アキントラ・アキニエレ
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,87 @@
+# Rails Operations
+Manage your users' operations (permissions to execute some actions) in your
+Ruby on Rails application.
+
+## Requirements
+Prior to installing, please make sure these gems can be installed on your
+system:
+- rails (v5.2+)
+
+If you wish to run this gem locally, the following gems are also to consider:
+- bootstrap (v4.1+)
+- jquery-rails (v4.3+)
+- jquery-ui-rails (v6.0+)
+- bootstrap4-kaminari-views
+- sqlite3 (v1.3.6+)
+- sass-rails (v5.0+)
+- select2-rails
+- web-console
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'operations'
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install operations
+```
+
+## Usage
+Here are the most relevant API entries from this Gem:
+
+```ruby
+### From Operations module
+Operations.operations_list        # All valid Operations::Operation from Rails config
+Operations.from_string(name)      # Gets the Operations::Operation by string
+Operations.allows?(user, name)    # Checks if the user can execute the operation string
+Operations.user_roles             # All users roles defined in the Rails config
+
+### From Operations::Operation class
+operation = Operations::Operation.new do |operation|
+  # Your operation name
+  operation.name = 'my_operation'
+
+  # Allows :admin, :technician, :regular and :guest.
+  # These can be set in your config/application.rb with the
+  # variable config.user_roles. Example:
+  #
+  # module MyApp
+  #   class Application < Rails::Application
+  #     config.user_roles += {name: 'my_other_scope'}
+  #   end
+  # end
+  operation.scope = :admin
+end
+
+# Or
+operation = Operations::Operation.new{name: :my_operation, scope: :admin}
+
+# Instance variable
+allowed_users = operation.users     # Returns a list of users based on the scope
+is_valid = operation.is_valid?      # For validation purposes
+
+### Core extensions
+# Convert a string to a list of Operations::Operations
+"bf9[..]a248".to_operation         # From a UUID (example truncated)
+"{\"name\":\"my_operation\",\"scope\":\"admin\"}".to_operation # From a valid JSON string
+```
+
+## Contributing
+Do you wish to contribute? It's simple! All you need to do is:
+- Fork this project
+- Work your magic
+- **RUN TESTS**
+- _Don't forget to synchronize with the master branch!_
+- Push to your fork
+- Make a pull request!
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,27 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Operations'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+require 'bundler/gem_tasks'
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+task default: :test

data/app/controllers/admin/operations/actions_controller.rb

@@ -0,0 +1,28 @@
+class Admin::Operations::ActionsController < ApplicationController
+
+  def index
+    @actions = Operations.operations_list
+    respond_to do |format|
+      format.html {
+        @editing = params[:edit].to_s.downcase.strip == 'true'
+        @editing_title = @editing ? 'Manage actions' : 'View actions'
+      }
+      format.json { render json: @actions }
+    end
+  end
+
+  def details
+    operation = Operations.from_uuid(params[:uuid])
+    if operation
+      users = operation.users
+      if users
+        render json: {success: true, operation: operation, users: users}
+      else
+        render json: {success: false, message: "Operation with UUID `#{params[:uuid]}' is not valid."}
+      end
+    else
+      render json: {success: false, message: "Operation with UUID `#{params[:uuid]}' not found."}
+    end
+  end
+
+end

data/app/controllers/admin/operations/users_controller.rb

@@ -0,0 +1,28 @@
+class Admin::Operations::UsersController < ApplicationController
+
+  def index
+    @permissions = Operations.user_roles
+    respond_to do |format|
+      format.html {
+        @editing = params[:edit].to_s.downcase.strip == 'true'
+        @editing_title = @editing ? 'Manage user permissions' : 'View user permissions'
+      }
+      format.json { render json: @permissions }
+    end
+  end
+
+  def details
+    operation = Operations.user_roles.select{|o| o[:name].to_sym == params[:value].to_sym}.first
+    if operation
+      operations_list = Operations.operations_for(params[:value].to_sym)
+      if operations_list
+        render json: {success: true, operations: operations_list.as_json(methods: [:users]), operation: operation.as_json(methods: [:users])}
+      else
+        render json: {success: false, message: "Operation role `#{params[:value]}' is not valid."}
+      end
+    else
+      render json: {success: false, message: "Operation role `#{params[:value]}' not found."}
+    end
+  end
+
+end

data/app/controllers/admin/operations_controller.rb

@@ -0,0 +1,12 @@
+class Admin::OperationsController < ApplicationController
+
+  def index
+    @operations = Operations.operations_list
+    @permissions = []
+    respond_to do |format|
+      format.html
+      format.json { render json: @operations, except: [:uuid] }
+    end
+  end
+
+end

data/app/controllers/operations/enforced_controller.rb

@@ -0,0 +1,45 @@
+module Operations
+  class EnforcedController < ActionController::Base
+
+    include ApplicationHelper
+    include OperationsHelper
+
+    before_action :check_operations
+
+    rescue_from Operations::Errors::NotLoggedInError, with: :go_to_login
+    rescue_from Operations::Errors::NotAuthorizedError, with: :render_403_error
+
+    def render_403_error(err)
+      Rails.logger.info "### Operations::Error : #{err} (#{err.class}) ###"
+      respond_to do |format|
+        format.html {redirect_back(fallback_location: root_path, alert: "#{err}")}
+        format.xml {render xml: {message: "#{err}"}, status: 403}
+        format.json {render json: {message: "#{err}"}, status: 403}
+      end
+    end
+
+    def go_to_login(err)
+      respond_to do |format|
+        format.html {
+          if Operations::Config.sign_in_path
+            redirect_to(Operations::Config.sign_in_path, alert: 'Please login first.')
+          else
+            redirect_back(fallback_location: root_path, alert: "#{err}")
+          end
+        }
+        format.xml {render xml: {message: "#{err}"}, status: 403}
+        format.json {render json: {message: "#{err}"}, status: 403}
+      end
+    end
+
+    private
+    def check_operations
+      controller = params[:controller]; action = params[:action]
+      if respond_to?(:current_user)
+        warn "Enforcing #{controller}:#{action}..."
+        Operations::Enforcer.enforce(controller, action, current_user)
+      end
+    end
+
+  end
+end

data/app/helpers/operations_helper.rb

@@ -0,0 +1,15 @@
+module OperationsHelper
+
+  def enforce(operation, &block)
+    operation = Operations.from_string(operation)
+    return if operation.nil?
+    if block_given?
+      return capture(&block) if operation == :all
+      return '' if operation == :nobody
+      return capture(&block) if operation.accepts_scope?(current_user.named_scope)
+      ''
+    end
+    ''
+  end
+
+end

data/app/views/admin/operations/actions/index.html.erb

@@ -0,0 +1,20 @@
+<div class="container">
+  <div class="padded">
+    <div class="justify-content-between d-flex w-100">
+      <h1><%= @editing_title %></h1>
+      <h6>You are a: <%= user_role_badge(current_user) %></h6>
+    </div>
+    <div class="text-center">
+      <div class="small text-muted">
+        System actions count: <%= @actions.size %>
+      </div>
+    </div>
+  </div>
+
+  <% if @editing %>
+    <%= render 'admin/operations/actions/index/edit' %>
+  <% else %>
+    <%= render 'admin/operations/actions/index/view' %>
+  <% end %>
+
+</div>

data/app/views/admin/operations/actions/index/_view.html.erb

@@ -0,0 +1,156 @@
+<p>
+  View here all system actions that are defined on the system. <!-- Should you need
+  adding, removing or editing these actions, please click
+  <%= link_to('here', admin_operations_actions_path(params: {edit: true})) %>. -->
+</p>
+
+<div class="row">
+  <div class="col-md-6">
+    <div class="very lightly padded text-center">
+      <b class="text-muted">System actions</b>
+    </div>
+    <div class="list-group" style="overflow-y: auto; height: 62vh;">
+      <% @actions.each do |action| %>
+          <div sys_action="<%= action.uuid %>" class="list-group-item list-group-item-action <%= action.is_valid? ? "clickable" : 'disabled' %>">
+            <% if action.description && action.name %>
+              <div class="d-flex w-100 justify-content-between">
+                <%= action.description %>
+                <small class="text-muted"><%= action.name %></small>
+              </div>
+            <% else %>
+              <%= action.description || action.name %>
+            <% end %>
+          </div>
+      <% end %>
+    </div>
+  </div>
+  <div class="col-md-6">
+    <div class="very lightly padded">
+      <div class="text-center">
+        <b class="text-muted">More details</b>
+      </div>
+      <div style="margin-top: 10px;">
+        <div class="cards">
+          <div class="text-center">
+            <div before-getting="description" class="card-body">
+              You can click on one of the actions on the right. Doing that
+              will display more details about the role right here.
+            </div>
+            <div before-getting="loading" class="card-body">
+              Please wait while we're fetching the latest information for
+              this system action...
+            </div>
+          </div>
+          <div after-getting="description" class="card-bodys">
+            <p class="very lightly padded">
+              <div class="d-flex w-100 justify-content-between">
+                <span><b>Name: </b> <span after-getting="field" data-field="name"></span></span>
+                <div id="operation-scope">
+                  <b>Scope: </b> <span after-getting="field" data-field="operation_scope"></span>
+                </div>
+              </div>
+            </p>
+            <div class="small">
+              <p class="very lightly padded">
+                Required category to execute this action: <b><span after-getting="field" data-field="scope"></span></b>
+              </p>
+              <div id="users-list-cont">
+                <p class="very lightly padded">
+                  The following <b><span after-getting="field" data-field="users_count"></span></b> are allowed to execute this action:
+                </p>
+                <div id="users-list" class="list-group"></div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+  </div>
+</div>
+
+<script type="text/javascript">
+  $(document).ready(function() {
+    $('[before-getting]').hide();
+    $('[after-getting]').hide();
+    $('[before-getting="description"]').show();
+    $('#users-list-cont').hide();
+
+    $('[sys_action]').on('click', function(e) {
+      $('[sys_action]').removeClass('active');
+      $('[after-getting]').show();
+      $('[before-getting]').hide();
+      $('[before-getting="loading"]').show();
+
+      let target = $(this);
+      $('[sys_action]').addClass('disabled');
+      let value = target.attr('sys_action');
+      if (value) {
+        $.ajax({
+          url: '/admin/operations/actions/' + value + '/details',
+          success: function(response) {
+            $('[before-getting]').hide();
+            $('#before-getting').hide();
+            $('[sys_action]').removeClass('disabled');
+            if (response.success) {
+              target.addClass('active');
+              let operation = response.operation;
+              let users = response.users;
+
+              $('[after-getting="field"][data-field="name"]')
+                  .text(operation.name);
+              $('[after-getting="field"][data-field="scope"]')
+                  .text(operation.description);
+              if (operation.scope) {
+                $('#operation-scope').show();
+              } else {
+                $('#operation-scope').hide();
+              }
+              $('[after-getting="field"][data-field="operation_scope"]')
+                  .text(operation.scope);
+
+              const users_count = count => {
+                return users.length == 1 ?
+                    'one operation' :
+                    users.length + " users";
+              }
+              $('#users-list').text('');
+              if (users.length > 0) {
+                $('#users-list-cont').show();
+                $('[after-getting="field"][data-field="users_count"]')
+                    .text(users_count(users.length));
+                let user_html = [];
+                const operations_description = operations => {
+                  if (!operations || operations.length < 1) {
+                    return "No custom operations have been set."
+                  }
+                  return "Custom operations count: " + operations.length;
+                }
+
+                [].forEach.call(users, function(user) {
+                  user_html += [
+                    '<div class="list-group">',
+                      '<div class="list-group-item">',
+                        '<div class="d-flex w-100 justify-content-between">',
+                          '<span class="bold">' + user.email + '</span>',
+                          '<small class="text-muted">' + user.scope + '</small>',
+                        '</div>',
+                        '<p class="mb-1">',
+                          operations_description(user.operations),
+                        '</p>',
+                      '</div>',
+                    '</div>'
+                  ].join('');
+                });
+                $('#users-list').html(user_html);
+              } else {
+                users_list_text = "No users can have been associated."
+                $('#users-list-cont').hide();
+                $('[after-getting="field"][data-field="users_count"]').text('');
+              }
+            }
+          }
+        });
+      }
+    });
+  });
+</script>