RubyGems - bali - Versions diffs - 2.4.0 → 6.0.1 - Mend

bali 2.4.0 → 6.0.1

Files changed (54) hide show

checksums.yaml +5 -13
data/.gitignore +2 -0
data/.rspec +1 -0
data/.travis.yml +44 -2
data/gemfiles/Gemfile-rails.5.0.x +7 -0
data/gemfiles/Gemfile-rails.5.1.x +6 -0
data/gemfiles/Gemfile-rails.5.2.x +6 -0
data/gemfiles/Gemfile-rails.6.0.x +5 -0
data/gemfiles/Gemfile-rails.edge +14 -0
data/lib/bali.rb +33 -22
data/lib/bali/config.rb +12 -0
data/lib/bali/dsl_error.rb +3 -0
data/lib/bali/{foundations/exceptions/bali_error.rb → error.rb} +0 -0
data/lib/bali/judge.rb +221 -0
data/lib/bali/printer.rb +42 -31
data/lib/bali/rails/action_controller.rb +17 -0
data/lib/bali/rails/action_view.rb +12 -0
data/lib/bali/rails/active_record.rb +11 -0
data/lib/bali/railtie.rb +13 -0
data/lib/bali/role.rb +110 -0
data/lib/bali/rspec/able_to_matcher.rb +39 -0
data/lib/bali/rule.rb +17 -0
data/lib/bali/ruler.rb +38 -0
data/lib/bali/rules.rb +51 -0
data/lib/bali/statics/active_record.rb +2 -0
data/lib/bali/statics/authorizer.rb +65 -0
data/lib/bali/statics/record.rb +13 -0
data/lib/bali/statics/scope_ruler.rb +39 -0
data/lib/bali/tasks/bali/print_rules.rake +9 -0
data/lib/bali/version.rb +1 -1
data/lib/generators/rails/USAGE +8 -0
data/lib/generators/rails/rules_generator.rb +17 -0
data/lib/generators/rails/templates/rules.rb +4 -0
data/lib/generators/rspec/rules_generator.rb +12 -0
data/lib/generators/rspec/templates/rules_spec.rb +7 -0
metadata +131 -49
data/lib/bali/dsl/map_rules_dsl.rb +0 -75
data/lib/bali/dsl/rules_for_dsl.rb +0 -130
data/lib/bali/foundations/all_foundations.rb +0 -17
data/lib/bali/foundations/exceptions/authorization_error.rb +0 -38
data/lib/bali/foundations/exceptions/dsl_error.rb +0 -3
data/lib/bali/foundations/exceptions/objection_error.rb +0 -3
data/lib/bali/foundations/judger/judge.rb +0 -329
data/lib/bali/foundations/judger/negative_judge.rb +0 -40
data/lib/bali/foundations/judger/positive_judge.rb +0 -41
data/lib/bali/foundations/role_extractor.rb +0 -61
data/lib/bali/foundations/rule/rule.rb +0 -55
data/lib/bali/foundations/rule/rule_class.rb +0 -54
data/lib/bali/foundations/rule/rule_group.rb +0 -91
data/lib/bali/integrators/all_integrators.rb +0 -8
data/lib/bali/integrators/rule_class_integrator.rb +0 -27
data/lib/bali/integrators/rule_group_integrator.rb +0 -29
data/lib/bali/integrators/rule_integrator.rb +0 -56
data/lib/bali/objector.rb +0 -173

data/lib/bali/rails/action_controller.rb ADDED

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/lazy_load_hooks'
+  ActiveSupport.on_load :action_controller do
+    require "bali"
+    ::ActionController::Base.send :include, Bali::Statics::Authorizer
+    ::ActionController::Base.send :include, Bali::Statics::ScopeRuler
+    if defined? ::ActionController::API
+      ::ActionController::API.send :include, Bali::Statics::Authorizer
+      ::ActionController::API.send :include, Bali::Statics::ScopeRuler
+    end
+  end
+rescue LoadError
+end

data/lib/bali/rails/action_view.rb ADDED

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/lazy_load_hooks'
+  ActiveSupport.on_load :action_view do
+    require "bali"
+    ::ActionView::Base.send :include, Bali::Statics::Authorizer
+    ::ActionView::Base.send :include, Bali::Statics::ScopeRuler
+  end
+rescue LoadError
+end

data/lib/bali/rails/active_record.rb ADDED

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+begin
+  require 'active_support/lazy_load_hooks'
+  ActiveSupport.on_load :active_record do
+    require "bali"
+    ::ActiveRecord::Base.send :extend, Bali::Statics::Record
+  end
+rescue LoadError
+end

data/lib/bali/railtie.rb ADDED

@@ -0,0 +1,13 @@
+require "bali"
+require "rails"
+module Bali
+  class Railtie < ::Rails::Railtie
+    railtie_name :bali
+    rake_tasks do
+      path = File.expand_path(__dir__)
+      Dir.glob("#{path}/tasks/**/*.rake").each { |f| load f }
+    end
+  end
+end

data/lib/bali/role.rb ADDED

@@ -0,0 +1,110 @@
+class Bali::Role
+  RIGHTS = [
+    INHERIT = :inherit,
+    DEFAULT_DENY = :default_deny,
+    DEFAULT_ALLOW = :default_allow
+  ].freeze
+  IDENTIFIER_CLASSES = [
+    String,
+    Symbol,
+    NilClass,
+  ].freeze
+  attr_accessor :name
+  attr_accessor :cans, :cants
+  attr_reader :scope
+  attr_accessor :can_all
+  alias :can_all? :can_all
+  attr_accessor :right_level
+  def self.formalize(object)
+    case object
+    when *IDENTIFIER_CLASSES then [object]
+    when Array then (object.count == 0 ? nil : object)
+    else formalize(extract_roles_from_object(object))
+    end
+  end
+  def self.extract_roles_from_object(object)
+    method_name = object.class.role_field_for_authorization
+    method_name ?
+      formalize(object.send(method_name)) :
+      formalize(nil)
+  end
+  def initialize(name)
+    @name = name.to_sym if name
+    @right_level = INHERIT
+    @cans = {}
+    @cants = {}
+  end
+  def can_all?
+    right_level == DEFAULT_ALLOW
+  end
+  def cant_all?
+    right_level == DEFAULT_DENY
+  end
+  ##### DSL METHODS
+  def can(*args, &block)
+    add :can, *args, block
+  end
+  def cant(*args, &block)
+    add :cant, *args, block
+  end
+  def can_all
+    @right_level = DEFAULT_ALLOW
+  end
+  def cant_all
+    @right_level = DEFAULT_DENY
+  end
+  def scope(&block)
+    return @scope unless block_given?
+    raise Bali::DslError, "Block can't be scoped inside a role" if name
+    @scope = block
+  end
+  def add(term, *operations, block)
+    operations.each do |operation|
+      rule = Bali::Rule.new(term, operation)
+      rule.conditional = block if block
+      self << rule
+    end
+  end
+  ##### DSL METHODS
+  def << rule
+    operation = rule.operation.to_sym
+    if rule.term == :cant
+      cants[operation] = rule
+      cans.delete operation
+    else
+      cans[operation] = rule
+      cants.delete operation
+    end
+  end
+  def find_rule(term, operation)
+    case term
+    when :can then cans[operation.to_sym]
+    when :cant then cants[operation.to_sym]
+    end
+  end
+  def rules
+    cans.values + cants.values
+  end
+end

data/lib/bali/rspec/able_to_matcher.rb ADDED

@@ -0,0 +1,39 @@
+module RSpec
+  module Matchers
+    module BuiltIn
+      class AbleToMatcher < Be
+        def initialize(operation, class_or_record = nil)
+          @operation = operation
+          @class_or_record = class_or_record
+        end
+        def matches?(actor)
+          if @class_or_record
+            rule_class = "#{@class_or_record.class.name}#{Bali.config.suffix}".constantize
+            rule_class.can?(actor, @operation, @class_or_record)
+          else
+            @class_or_record = actor
+            rule_class = "#{@class_or_record.name}#{Bali.config.suffix}".constantize
+            rule_class.can?(nil, @operation, @class_or_record)
+          end
+        end
+        def failure_message
+          "expected to be able to #{@operation}, but actually cannot"
+        end
+        def failure_message_when_negated
+          "expected not to be able to #{@operation}, but actually can"
+        end
+        def description
+          "be able to #{@operation}"
+        end
+      end
+    end
+    def be_able_to(*args)
+      BuiltIn::AbleToMatcher.new(*args)
+    end
+  end
+end

data/lib/bali/rule.rb ADDED

@@ -0,0 +1,17 @@
+# This class represents a rule.
+#   can :delete
+# A rule can also contains conditional part
+class Bali::Rule
+  attr_reader :term
+  attr_reader :operation
+  attr_accessor :conditional
+  def initialize(term, operation)
+    @term = term
+    @operation = operation
+  end
+  def conditional?
+    @is_conditional ||= !!conditional
+  end
+end

data/lib/bali/ruler.rb ADDED

@@ -0,0 +1,38 @@
+# This class represents all roles, and its rules, for a resource
+class Bali::Ruler
+  attr_reader :model_class
+  attr_accessor :roles
+  private :model_class
+  def self.for(record_class)
+    rule_class = Bali::Rules.for(record_class)
+    rule_class.ruler if rule_class
+  end
+  def initialize(model_class)
+    @model_class = model_class
+    @roles = {}
+    @roles[nil] = Bali::Role.new(nil)
+  end
+  def << role
+    @roles[role.name] = role
+  end
+  def [] role
+    symbolized_role = role.to_sym if role
+    @roles[symbolized_role]
+  end
+  def find_or_create_role role_name
+    role = self[role_name]
+    if role.nil?
+      role = Bali::Role.new(role_name)
+      self << role
+    end
+    role
+  end
+end

data/lib/bali/rules.rb ADDED

@@ -0,0 +1,51 @@
+require "forwardable"
+class Bali::Rules
+  extend Bali::Statics::Authorizer
+  extend Bali::Statics::ScopeRuler
+  class << self
+    extend Forwardable
+    attr_writer :current_role
+    attr_reader :ruler
+    def_delegators :inheritable_role, :scope, :scope
+    def_delegators :inheritable_role, :can, :can
+    def_delegators :inheritable_role, :cant, :cant
+    def_delegators :inheritable_role, :cant_all, :cant_all
+    def_delegators :inheritable_role, :can_all, :can_all
+  end
+  def self.for(record_class)
+    rule_maker_cls_str = "#{record_class}#{Bali.config.suffix}"
+    rule_maker_cls_str.safe_constantize
+  end
+  def self.model_class
+    class_name = to_s
+    suffix = Bali.config.suffix
+    rule_class_maker_str = class_name[0...class_name.length - suffix.length]
+    rule_class_maker_str.constantize
+  end
+  def self.role(*role_names, &block)
+    role_names.each do |role_name|
+      if Bali::Role::IDENTIFIER_CLASSES.include?(role_name.class)
+        role = ruler.find_or_create_role role_name
+        role.instance_eval(&block)
+      else
+        raise Bali::DslError, "Cannot define role using #{param.class}. " +
+          "Please use either a Symbol, a String or nil"
+      end
+    end
+  end
+  def self.ruler
+    @ruler ||= Bali::Ruler.new(model_class)
+  end
+  def self.inheritable_role
+    ruler[nil]
+  end
+end

data/lib/bali/statics/active_record.rb ADDED

	@@ -0,0 +1,2 @@
1	+ # This class is deprecated. Please use Bali::Statics::Record instead of this.
2	+ Bali::Statics::ActiveRecord = Bali::Statics::Record

data/lib/bali/statics/authorizer.rb ADDED

@@ -0,0 +1,65 @@
+module Bali::Statics::Authorizer
+  module HelperFunctions
+    extend self
+    def not_true_actor?(actor)
+      Symbol === actor || String === actor
+    end
+    def find_actor(actor, operation, record = nil)
+      return actor unless not_true_actor?(actor)
+    end
+    def find_operation(actor, operation, record = nil)
+      not_true_actor?(actor) ?
+        actor :
+        operation
+    end
+    def find_record(actor, operation, record = nil)
+      if not_true_actor?(actor) && record.nil?
+        operation
+      elsif actor.is_a?(ActiveRecord::Base) && record.nil?
+        actor.class
+      else
+        record
+      end
+    end
+    def determine_model_class!(obj, arg1, arg2, arg3)
+      if arg2.nil? && arg3.nil? && !obj.respond_to?(:model_class)
+        raise Bali::Error, "Cannot perform checking when the actor is not known"
+      end
+      arg3 = obj.model_class if (arg2.nil? || arg1.nil?) && arg3.nil?
+      arg3
+    end
+    def check(term, obj, arg1, arg2, arg3)
+      # try to infer current user if only passing one arg
+      if arg2.nil? && arg3.nil? && obj.respond_to?(:current_user)
+        arg2 = arg1
+        arg1 = obj.current_user
+      elsif arg3.nil? && obj.respond_to?(:current_user)
+        arg3 = arg2
+        arg2 = arg1
+        arg1 = obj.current_user
+      end
+      arg3 = HelperFunctions.determine_model_class! obj, arg1, arg2, arg3
+      actor = HelperFunctions.find_actor(arg1, arg2, arg3)
+      operation = HelperFunctions.find_operation(arg1, arg2, arg3)
+      record = HelperFunctions.find_record(arg1, arg2, arg3)
+      Bali::Judge.check(term, actor, operation, record)
+    end
+  end
+  def can?(arg1, arg2 = nil, arg3 = nil)
+    HelperFunctions.check(:can, self, arg1, arg2, arg3)
+  end
+  def cant?(arg1, arg2 = nil, arg3 = nil)
+    HelperFunctions.check(:cant, self, arg1, arg2, arg3)
+  end
+end

data/lib/bali/statics/record.rb ADDED

@@ -0,0 +1,13 @@
+module Bali::Statics::Record
+  def self.extended(cls)
+    cls.class_eval do
+      class << self
+        attr_accessor :role_field_for_authorization
+      end
+      def self.extract_roles_from method_name
+        @role_field_for_authorization = method_name
+      end
+    end
+  end
+end

data/lib/bali/statics/scope_ruler.rb ADDED

@@ -0,0 +1,39 @@
+module Bali::Statics::ScopeRuler
+  module HelperFunctions
+    extend self
+    def extract_data_and_actor(obj, arg1, arg2 = nil)
+      if arg2.nil?
+        data = arg1
+        if obj.respond_to?(:current_user)
+          actor = obj.current_user
+        end
+      else
+        data, actor = arg1, arg2
+      end
+      return data, actor
+    end
+    def scope_for(relation)
+      rule_class = Bali::Rules.for(relation.model)
+      return unless rule_class
+      rule_class.inheritable_role.scope
+    end
+  end
+  def rule_scope(arg1, arg2 = nil)
+    data, actor = HelperFunctions.extract_data_and_actor(self, arg1, arg2)
+    return unless data
+    scope = HelperFunctions.scope_for(data)
+    scoped_data = case scope.arity
+                  when 0 then scope.call
+                  when 1 then scope.call(data)
+                  when 2 then scope.call(data, actor)
+                  end
+    scoped_data || data
+  end
+end

data/lib/bali/tasks/bali/print_rules.rake ADDED

@@ -0,0 +1,9 @@
+namespace :bali do
+  desc "Print all rules nicely"
+  task print_rules: :environment do
+    rules_path = Bali.config.rules_path
+    Dir.glob("#{rules_path}/**/*.rb").each { |f| load f }
+    $stdout.puts Bali::Printer.printable
+  end
+end