auth-assistant 0.4.0

data/lib/generators/auth_assist/config/config_generator.rb

@@ -0,0 +1,72 @@
+require 'generators/migration_helper'
+require 'generators/role_migrations'
+require 'auth_assistant/model/user_config'
+
+module AuthAssist
+  module Generators
+    class ConfigGenerator < Rails::Generators::NamedBase
+      desc "Generates user role migration and matching auth configuration initializer" 
+
+      class_option :devise, :type => :boolean, :aliases => "-d", :default => false,
+                                     :desc => "Initialize devise."
+
+      class_option :admin, :type => :boolean, :aliases => "-a", :default => false,
+                                    :desc => "Creae admin user."
+
+
+      class_option :migration, :type => :boolean, :aliases => "-m", :default => true,
+                                     :desc => "To generate a user role migration."
+            
+      def self.source_root
+        @source_root ||= File.expand_path("../../templates", __FILE__)
+      end
+
+      def init_devise
+        return if !options[:devise]
+        run 'rails g devise_install'        
+        run 'rails g devise User'
+      end
+      
+      def create_initializer
+        # prefixing with x should make sure it is run after devise initializer
+        template "auth_assistant.rb", "config/initializers/x_auth_assistant.rb"
+      end 
+
+      def create_ability_model
+        copy_file 'ability.rb', 'app/models/ability.rb'
+        copy_file 'permits.rb', 'lib/permits.rb'
+      end
+
+      def create_admin_user
+        return if !options[:admin]
+        run 'rails g devise Admin' if options[:admin]                
+        # use STI
+        gsub_file 'app/models/admin.rb', /ActiveRecord::Base/, 'User'        
+      end
+
+      def copy_locale
+        locale_file = File.expand_path("../../../../../config/locales/en.yml", __FILE__)
+        puts locale_file        
+        copy_file locale_file, "config/locales/auth_assist.en.yml"    
+      end
+      
+      def run_migration
+        clear_user_relations        
+        return nil if !options[:migration]                 
+        clazz = AuthAssist::RoleMigrations.clazz(name)
+        mig_obj = clazz.new(self)
+        mig_obj.run_migration
+        mig_obj.configure
+      end 
+
+      def self.banner
+        "#{$0} auth_assist:config strategy [admin_field, role_field, roles_field, roles_mask, role_assignment, multi_role_assignment]"
+      end
+      
+      protected                  
+        include ::AuthAssist::MigrationHelper
+        include ::AuthAssist::RoleMigrations
+        
+    end
+  end
+end

data/lib/generators/auth_assist/templates/ability.rb

@@ -0,0 +1,22 @@
+class Ability
+  include CanCan::Ability
+
+  def self.role_permits
+    @role_permits if @role_permits
+
+    # use inject ?
+    @role_permits ||= [] 
+    ['Admin', 'User', 'Author'].each do |role|                         
+      # set up each RolePermit instance to share this same Ability so that the can and cannot operations work on the same permission collection!
+      @role_permits << Kernel.const_get("RolePermit::#{role}").new(self)
+    end
+    @role_permits
+  end
+
+  def initialize(user, request)
+    # put ability logic here!
+    user ||= User.new # guest    
+    Ability.role_permits.each{|rp| rp.permit?(user, request) }
+  end    
+end
+      

data/lib/generators/auth_assist/templates/auth_assistant.rb

@@ -0,0 +1,6 @@
+require 'auth-assistant'
+require 'permits'
+
+AuthAssistant.configure do
+  role_strategy = <%= AuthAssistant::Configuration.instance.strategy(name).to_sym.inspect %>
+end

data/lib/generators/auth_assist/templates/permits.rb

@@ -0,0 +1,91 @@
+module RolePermit
+
+  class Base 
+    attr_accessor :ability
+       
+    def initialize(ability)
+      @ability = ability
+    end
+
+    def permit?(user, request) 
+      user.has ability      
+    end
+
+    def can(action, subject, conditions = nil, &block)
+      ability.can_definitions << CanDefinition.new(true, action, subject, conditions, block)
+    end
+        
+    def cannot(action, subject, conditions = nil, &block)
+      ability.can_definitions << CanDefinition.new(false, action, subject, conditions, block)
+    end
+    
+    def owns(user, clazz, field = :user_id)
+      can :manage, clazz, field => user.id
+    end 
+    
+  end
+  
+  class Admin < Base
+    def initialize(ability)
+      super
+    end
+
+    def permit?(user, request)    
+      super
+      return if !user.role? :admin    
+      can :manage, :all    
+    end  
+  end
+
+  class User < Base
+    def initialize(ability)
+      super
+    end
+
+    def permit?(user, request) 
+      super
+      return if user.role? :admin
+      can :read, :all           
+      
+      # user.owns(Comment)
+      
+      # a user can manage comments he/she created
+      # can :manage, Comment do |comment|
+      #   comment.try(:user) == user
+      # end            
+      
+      # can :create, Comment
+    end  
+  end
+
+  class Moderator < Base
+    def initialize(ability)
+      super
+    end
+    
+    def permit?(user, request)
+      super
+      return if !user.role?(:moderator)
+      can :read, :all      
+      # owns(user, Comment)
+    end  
+  end
+
+
+  class Author < Base
+    def initialize(ability)
+      super
+    end
+    
+    def permit?(user)     
+      super      
+      return if !user.role? :author
+      # can :create, Post
+
+      # an author can manage posts he/she created      
+      # can :update, Post do |post|
+      #   post.try(:user) == user      
+      # end
+    end  
+  end
+end

data/lib/generators/auth_assist/templates/remove_multi_role_assignments_migration.rb

@@ -0,0 +1,24 @@
+class CreateMultiRoleAssignments < ActiveRecord::Migration
+  def self.down
+    create_table :role_assignments do |t|
+      t.integer :user_id
+      t.integer :role_id
+      t.timestamps
+    end
+
+    create_table :roles do |t|
+      t.string :name
+      t.timestamps
+    end
+
+    add_column :users, :role_assignment_id, :integer
+        
+  end
+
+  def self.up
+    drop_table :role_assignments
+    drop_table :roles
+    remove_column :users, :role_assignment_id
+  end
+  
+end

data/lib/generators/auth_assist/templates/remove_role_assignments_migration.rb

@@ -0,0 +1,17 @@
+class CreateRoleAssignments < ActiveRecord::Migration
+  def self.down
+    create_table :roles do |t|
+      t.string :name
+      t.timestamps
+    end
+
+    add_column :users, :role_id, :integer
+        
+  end
+
+  def self.up
+    drop_table :roles
+    remove_column :users, :role_id
+  end
+  
+end

data/lib/generators/auth_assist/templates/role_assignments_migration.rb

@@ -0,0 +1,14 @@
+class CreateRoleAssignments < ActiveRecord::Migration
+  def self.up
+    create_table :role_assignments do |t|
+      t.integer :user_id
+      t.integer :role_id
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :role_assignments
+  end
+end

data/lib/generators/auth_assist/templates/roles_migration.rb

@@ -0,0 +1,13 @@
+class CreateRoles < ActiveRecord::Migration
+  def self.up
+    create_table :roles do |t|
+      t.integer :role_id
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :role_assignments
+  end
+end

data/lib/generators/auth_assist/test.rb

@@ -0,0 +1,40 @@
+module RolePermit
+
+  class Base 
+    attr_accessor :ability
+       
+    def initialize(ability)
+      @ability = ability
+    end
+
+    def permit?(user) 
+      puts "Base Permit"
+    end
+  end
+  
+  class Admin < Base
+    def initialize(ability)
+      super
+    end
+
+    def permit?(user)    
+      super
+      puts "Admin"
+    end  
+  end
+
+  class User < Base
+    def initialize(ability)
+      super
+    end
+
+    def permit?(user) 
+      super
+      puts "User"
+    end  
+  end
+end  
+
+
+RolePermit::Admin.new(0).permit? 0
+RolePermit::User.new(0).permit? 0

data/lib/generators/auth_assist/views/views_generator.rb

@@ -0,0 +1,66 @@
+module AuthAssist
+  module Generators
+    class ViewsGenerator < Rails::Generators::Base
+      desc "Copies all AuthAssist views to your application."
+  
+      argument :scope, :required => false, :default => nil,
+                       :desc => "The scope to copy views to"
+  
+      class_option :template_engine, :type => :string, :aliases => "-t", :default => "erb",
+                                     :desc => "Template engine for the views. Available options are 'erb' and 'haml'."
+  
+      def self.source_root
+        @_devise_source_root ||= File.expand_path("../../../../app/views", __FILE__)
+      end
+
+      def copy_views
+        case options[:template_engine]
+        when "haml"
+          verify_haml_existence
+          verify_haml_version
+          create_and_copy_haml_views
+        else
+          directory "auth_assist", "app/views/#{scope || 'devise'}"
+        end
+      end
+  
+      protected
+  
+      def verify_haml_existence
+        begin
+          require 'haml'
+        rescue LoadError
+          say "HAML is not installed, or it is not specified in your Gemfile."
+          exit
+        end
+      end
+  
+      def verify_haml_version
+        unless Haml.version[:major] == 2 and Haml.version[:minor] >= 3 or Haml.version[:major] >= 3
+          say "To generate HAML templates, you need to install HAML 2.3 or above."
+          exit
+        end
+      end
+  
+      def create_and_copy_haml_views
+        require 'tmpdir'
+        html_root = "#{self.class.source_root}/auth_assist"
+
+        Dir.mktmpdir("auth_assist-haml.") do |haml_root|
+          Dir["#{html_root}/**/*"].each do |path|
+            relative_path = path.sub(html_root, "")
+            source_path   = (haml_root + relative_path).sub(/erb$/, "haml")
+
+            if File.directory?(path)
+              FileUtils.mkdir_p(source_path)
+            else
+              `html2haml -r #{path} #{source_path}`
+            end
+          end
+
+          directory haml_root, "app/views/#{scope || 'devise'}"
+        end
+      end
+    end
+  end
+end

data/lib/generators/auth_code_refactor.rb

@@ -0,0 +1,71 @@
+module AuthAssist
+  module MigrationHelper
+    module CodeRefactor 
+
+      # erase      
+      def clear_user_relations
+        erase_in_user(has_roles_through_assignments)
+        erase_in_user(has_roles)  
+        erase_in_user(has_role_assignments)
+      end
+
+      def erase_in_user(txt)  
+        file = File.new(model_file('user'))
+        return if !(file.read =~ /#{txt}/)         
+        gsub_file model_file('user'), /#{Regexp.escape(txt + "\n")}/, ''
+      end
+
+
+      # insert
+      def write_model_file(name, content)
+        File.open(model_file(name), 'w+') do |f| 
+          f.write(content) 
+        end
+      end
+
+      def insert_user_relation(relation)
+        file = File.new(model_file('user'))
+        return if (file.read =~ /#{relation}/) 
+        gsub_file model_file('user'), /class User < ActiveRecord::Base/ do |match|
+          match << "\n  #{relation}"
+        end
+      end      
+        
+      def remove_user_relation(relation)
+        erase_in_user(relation)  
+      end
+    
+      
+      # refactor code
+      def has_role_assignments 
+        'has_many :role_assignments'
+      end
+
+      def has_roles_through_assignments 
+        'has_many :roles, :through => :role_assignments'
+      end
+
+      def has_roles 
+        'has_many :roles'
+      end
+        
+      def role_file_content
+        %q{
+  class Role < ActiveRecord::Base
+  has_many :role_assignments
+  has_many :users, :through => :role_assignments
+  end          
+        }    
+      end       
+    
+      def role_assignment_file_content
+        %q{
+  class RoleAssignment < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :role
+  end          
+        }
+      end
+    end 
+  end
+end