RubyGems - bali - Versions diffs - 2.4.0 → 6.0.1 - Mend

bali 2.4.0 → 6.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

checksums.yaml +5 -13
data/.gitignore +2 -0
data/.rspec +1 -0
data/.travis.yml +44 -2
data/gemfiles/Gemfile-rails.5.0.x +7 -0
data/gemfiles/Gemfile-rails.5.1.x +6 -0
data/gemfiles/Gemfile-rails.5.2.x +6 -0
data/gemfiles/Gemfile-rails.6.0.x +5 -0
data/gemfiles/Gemfile-rails.edge +14 -0
data/lib/bali.rb +33 -22
data/lib/bali/config.rb +12 -0
data/lib/bali/dsl_error.rb +3 -0
data/lib/bali/{foundations/exceptions/bali_error.rb → error.rb} +0 -0
data/lib/bali/judge.rb +221 -0
data/lib/bali/printer.rb +42 -31
data/lib/bali/rails/action_controller.rb +17 -0
data/lib/bali/rails/action_view.rb +12 -0
data/lib/bali/rails/active_record.rb +11 -0
data/lib/bali/railtie.rb +13 -0
data/lib/bali/role.rb +110 -0
data/lib/bali/rspec/able_to_matcher.rb +39 -0
data/lib/bali/rule.rb +17 -0
data/lib/bali/ruler.rb +38 -0
data/lib/bali/rules.rb +51 -0
data/lib/bali/statics/active_record.rb +2 -0
data/lib/bali/statics/authorizer.rb +65 -0
data/lib/bali/statics/record.rb +13 -0
data/lib/bali/statics/scope_ruler.rb +39 -0
data/lib/bali/tasks/bali/print_rules.rake +9 -0
data/lib/bali/version.rb +1 -1
data/lib/generators/rails/USAGE +8 -0
data/lib/generators/rails/rules_generator.rb +17 -0
data/lib/generators/rails/templates/rules.rb +4 -0
data/lib/generators/rspec/rules_generator.rb +12 -0
data/lib/generators/rspec/templates/rules_spec.rb +7 -0
metadata +131 -49
data/lib/bali/dsl/map_rules_dsl.rb +0 -75
data/lib/bali/dsl/rules_for_dsl.rb +0 -130
data/lib/bali/foundations/all_foundations.rb +0 -17
data/lib/bali/foundations/exceptions/authorization_error.rb +0 -38
data/lib/bali/foundations/exceptions/dsl_error.rb +0 -3
data/lib/bali/foundations/exceptions/objection_error.rb +0 -3
data/lib/bali/foundations/judger/judge.rb +0 -329
data/lib/bali/foundations/judger/negative_judge.rb +0 -40
data/lib/bali/foundations/judger/positive_judge.rb +0 -41
data/lib/bali/foundations/role_extractor.rb +0 -61
data/lib/bali/foundations/rule/rule.rb +0 -55
data/lib/bali/foundations/rule/rule_class.rb +0 -54
data/lib/bali/foundations/rule/rule_group.rb +0 -91
data/lib/bali/integrators/all_integrators.rb +0 -8
data/lib/bali/integrators/rule_class_integrator.rb +0 -27
data/lib/bali/integrators/rule_group_integrator.rb +0 -29
data/lib/bali/integrators/rule_integrator.rb +0 -56
data/lib/bali/objector.rb +0 -173

data/lib/bali/rails/action_controller.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/lazy_load_hooks'
+  ActiveSupport.on_load :action_controller do
+    require "bali"
+    ::ActionController::Base.send :include, Bali::Statics::Authorizer
+    ::ActionController::Base.send :include, Bali::Statics::ScopeRuler
+    if defined? ::ActionController::API
+      ::ActionController::API.send :include, Bali::Statics::Authorizer
+      ::ActionController::API.send :include, Bali::Statics::ScopeRuler
+    end
+  end
+rescue LoadError
+end

data/lib/bali/rails/action_view.rb ADDED

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/lazy_load_hooks'
+  ActiveSupport.on_load :action_view do
+    require "bali"
+    ::ActionView::Base.send :include, Bali::Statics::Authorizer
+    ::ActionView::Base.send :include, Bali::Statics::ScopeRuler
+  end
+rescue LoadError
+end

data/lib/bali/rails/active_record.rb ADDED

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/lazy_load_hooks'
+  ActiveSupport.on_load :active_record do
+    require "bali"
+    ::ActiveRecord::Base.send :extend, Bali::Statics::Record
+  end
+rescue LoadError
+end

data/lib/bali/railtie.rb ADDED

@@ -0,0 +1,13 @@
+require "bali"
+require "rails"
+module Bali
+  class Railtie < ::Rails::Railtie
+    railtie_name :bali
+    rake_tasks do
+      path = File.expand_path(__dir__)
+      Dir.glob("#{path}/tasks/**/*.rake").each { |f| load f }
+    end
+  end
+end

data/lib/bali/role.rb ADDED

@@ -0,0 +1,110 @@
+class Bali::Role
+  RIGHTS = [
+    INHERIT = :inherit,
+    DEFAULT_DENY = :default_deny,
+    DEFAULT_ALLOW = :default_allow
+  ].freeze
+  IDENTIFIER_CLASSES = [
+    String,
+    Symbol,
+    NilClass,
+  ].freeze
+  attr_accessor :name
+  attr_accessor :cans, :cants
+  attr_reader :scope
+  attr_accessor :can_all
+  alias :can_all? :can_all
+  attr_accessor :right_level
+  def self.formalize(object)
+    case object
+    when *IDENTIFIER_CLASSES then [object]
+    when Array then (object.count == 0 ? nil : object)
+    else formalize(extract_roles_from_object(object))
+    end
+  end
+  def self.extract_roles_from_object(object)
+    method_name = object.class.role_field_for_authorization
+    method_name ?
+      formalize(object.send(method_name)) :
+      formalize(nil)
+  end
+  def initialize(name)
+    @name = name.to_sym if name
+    @right_level = INHERIT
+    @cans = {}
+    @cants = {}
+  end
+  def can_all?
+    right_level == DEFAULT_ALLOW
+  end
+  def cant_all?
+    right_level == DEFAULT_DENY
+  end
+  ##### DSL METHODS
+  def can(*args, &block)
+    add :can, *args, block
+  end
+  def cant(*args, &block)
+    add :cant, *args, block
+  end
+  def can_all
+    @right_level = DEFAULT_ALLOW
+  end
+  def cant_all
+    @right_level = DEFAULT_DENY
+  end
+  def scope(&block)
+    return @scope unless block_given?
+    raise Bali::DslError, "Block can't be scoped inside a role" if name
+    @scope = block
+  end
+  def add(term, *operations, block)
+    operations.each do |operation|
+      rule = Bali::Rule.new(term, operation)
+      rule.conditional = block if block
+      self << rule
+    end
+  end
+  ##### DSL METHODS
+  def << rule
+    operation = rule.operation.to_sym
+    if rule.term == :cant
+      cants[operation] = rule
+      cans.delete operation
+    else
+      cans[operation] = rule
+      cants.delete operation
+    end
+  end
+  def find_rule(term, operation)
+    case term
+    when :can then cans[operation.to_sym]
+    when :cant then cants[operation.to_sym]
+    end
+  end
+  def rules
+    cans.values + cants.values
+  end
+end

data/lib/bali/rspec/able_to_matcher.rb ADDED

@@ -0,0 +1,39 @@
+module RSpec
+  module Matchers
+    module BuiltIn
+      class AbleToMatcher < Be
+        def initialize(operation, class_or_record = nil)
+          @operation = operation
+          @class_or_record = class_or_record
+        end
+        def matches?(actor)
+          if @class_or_record
+            rule_class = "#{@class_or_record.class.name}#{Bali.config.suffix}".constantize
+            rule_class.can?(actor, @operation, @class_or_record)
+          else
+            @class_or_record = actor
+            rule_class = "#{@class_or_record.name}#{Bali.config.suffix}".constantize
+            rule_class.can?(nil, @operation, @class_or_record)
+          end
+        end
+        def failure_message
+          "expected to be able to #{@operation}, but actually cannot"
+        end
+        def failure_message_when_negated
+          "expected not to be able to #{@operation}, but actually can"
+        end
+        def description
+          "be able to #{@operation}"
+        end
+      end
+    end
+    def be_able_to(*args)
+      BuiltIn::AbleToMatcher.new(*args)
+    end
+  end
+end

data/lib/bali/rule.rb ADDED

@@ -0,0 +1,17 @@
+# This class represents a rule.
+#   can :delete
+# A rule can also contains conditional part
+class Bali::Rule
+  attr_reader :term
+  attr_reader :operation
+  attr_accessor :conditional
+  def initialize(term, operation)
+    @term = term
+    @operation = operation
+  end
+  def conditional?
+    @is_conditional ||= !!conditional
+  end
+end

data/lib/bali/ruler.rb ADDED

@@ -0,0 +1,38 @@
+# This class represents all roles, and its rules, for a resource
+class Bali::Ruler
+  attr_reader :model_class
+  attr_accessor :roles
+  private :model_class
+  def self.for(record_class)
+    rule_class = Bali::Rules.for(record_class)
+    rule_class.ruler if rule_class
+  end
+  def initialize(model_class)
+    @model_class = model_class
+    @roles = {}
+    @roles[nil] = Bali::Role.new(nil)
+  end
+  def << role
+    @roles[role.name] = role
+  end
+  def [] role
+    symbolized_role = role.to_sym if role
+    @roles[symbolized_role]
+  end
+  def find_or_create_role role_name
+    role = self[role_name]
+    if role.nil?
+      role = Bali::Role.new(role_name)
+      self << role
+    end
+    role
+  end
+end

data/lib/bali/rules.rb ADDED

@@ -0,0 +1,51 @@
+require "forwardable"
+class Bali::Rules
+  extend Bali::Statics::Authorizer
+  extend Bali::Statics::ScopeRuler
+  class << self
+    extend Forwardable
+    attr_writer :current_role
+    attr_reader :ruler
+    def_delegators :inheritable_role, :scope, :scope
+    def_delegators :inheritable_role, :can, :can
+    def_delegators :inheritable_role, :cant, :cant
+    def_delegators :inheritable_role, :cant_all, :cant_all
+    def_delegators :inheritable_role, :can_all, :can_all
+  end
+  def self.for(record_class)
+    rule_maker_cls_str = "#{record_class}#{Bali.config.suffix}"
+    rule_maker_cls_str.safe_constantize
+  end
+  def self.model_class
+    class_name = to_s
+    suffix = Bali.config.suffix
+    rule_class_maker_str = class_name[0...class_name.length - suffix.length]
+    rule_class_maker_str.constantize
+  end
+  def self.role(*role_names, &block)
+    role_names.each do |role_name|
+      if Bali::Role::IDENTIFIER_CLASSES.include?(role_name.class)
+        role = ruler.find_or_create_role role_name
+        role.instance_eval(&block)
+      else
+        raise Bali::DslError, "Cannot define role using #{param.class}. " +
+          "Please use either a Symbol, a String or nil"
+      end
+    end
+  end
+  def self.ruler
+    @ruler ||= Bali::Ruler.new(model_class)
+  end
+  def self.inheritable_role
+    ruler[nil]
+  end
+end

data/lib/bali/statics/active_record.rb ADDED

	@@ -0,0 +1,2 @@
1	+ # This class is deprecated. Please use Bali::Statics::Record instead of this.
2	+ Bali::Statics::ActiveRecord = Bali::Statics::Record

data/lib/bali/statics/authorizer.rb ADDED

@@ -0,0 +1,65 @@
+module Bali::Statics::Authorizer
+  module HelperFunctions
+    extend self
+    def not_true_actor?(actor)
+      Symbol === actor || String === actor
+    end
+    def find_actor(actor, operation, record = nil)
+      return actor unless not_true_actor?(actor)
+    end
+    def find_operation(actor, operation, record = nil)
+      not_true_actor?(actor) ?
+        actor :
+        operation
+    end
+    def find_record(actor, operation, record = nil)
+      if not_true_actor?(actor) && record.nil?
+        operation
+      elsif actor.is_a?(ActiveRecord::Base) && record.nil?
+        actor.class
+      else
+        record
+      end
+    end
+    def determine_model_class!(obj, arg1, arg2, arg3)
+      if arg2.nil? && arg3.nil? && !obj.respond_to?(:model_class)
+        raise Bali::Error, "Cannot perform checking when the actor is not known"
+      end
+      arg3 = obj.model_class if (arg2.nil? || arg1.nil?) && arg3.nil?
+      arg3
+    end
+    def check(term, obj, arg1, arg2, arg3)
+      # try to infer current user if only passing one arg
+      if arg2.nil? && arg3.nil? && obj.respond_to?(:current_user)
+        arg2 = arg1
+        arg1 = obj.current_user
+      elsif arg3.nil? && obj.respond_to?(:current_user)
+        arg3 = arg2
+        arg2 = arg1
+        arg1 = obj.current_user
+      end
+      arg3 = HelperFunctions.determine_model_class! obj, arg1, arg2, arg3
+      actor = HelperFunctions.find_actor(arg1, arg2, arg3)
+      operation = HelperFunctions.find_operation(arg1, arg2, arg3)
+      record = HelperFunctions.find_record(arg1, arg2, arg3)
+      Bali::Judge.check(term, actor, operation, record)
+    end
+  end
+  def can?(arg1, arg2 = nil, arg3 = nil)
+    HelperFunctions.check(:can, self, arg1, arg2, arg3)
+  end
+  def cant?(arg1, arg2 = nil, arg3 = nil)
+    HelperFunctions.check(:cant, self, arg1, arg2, arg3)
+  end
+end

data/lib/bali/statics/record.rb ADDED

@@ -0,0 +1,13 @@
+module Bali::Statics::Record
+  def self.extended(cls)
+    cls.class_eval do
+      class << self
+        attr_accessor :role_field_for_authorization
+      end
+      def self.extract_roles_from method_name
+        @role_field_for_authorization = method_name
+      end
+    end
+  end
+end

data/lib/bali/statics/scope_ruler.rb ADDED

@@ -0,0 +1,39 @@
+module Bali::Statics::ScopeRuler
+  module HelperFunctions
+    extend self
+    def extract_data_and_actor(obj, arg1, arg2 = nil)
+      if arg2.nil?
+        data = arg1
+        if obj.respond_to?(:current_user)
+          actor = obj.current_user
+        end
+      else
+        data, actor = arg1, arg2
+      end
+      return data, actor
+    end
+    def scope_for(relation)
+      rule_class = Bali::Rules.for(relation.model)
+      return unless rule_class
+      rule_class.inheritable_role.scope
+    end
+  end
+  def rule_scope(arg1, arg2 = nil)
+    data, actor = HelperFunctions.extract_data_and_actor(self, arg1, arg2)
+    return unless data
+    scope = HelperFunctions.scope_for(data)
+    scoped_data = case scope.arity
+                  when 0 then scope.call
+                  when 1 then scope.call(data)
+                  when 2 then scope.call(data, actor)
+                  end
+    scoped_data || data
+  end
+end

data/lib/bali/tasks/bali/print_rules.rake ADDED

@@ -0,0 +1,9 @@
+namespace :bali do
+  desc "Print all rules nicely"
+  task print_rules: :environment do
+    rules_path = Bali.config.rules_path
+    Dir.glob("#{rules_path}/**/*.rb").each { |f| load f }
+    $stdout.puts Bali::Printer.printable
+  end
+end