bali 2.4.0 → 6.0.1

data/lib/bali/foundations/role_extractor.rb

@@ -1,61 +0,0 @@
-class Bali::RoleExtractor
-  attr_reader :arg
-  
-  # argument can be anything, as long as role extractor know how to extract
-  def initialize(arg)
-    @arg = arg
-  end
-
-  def get_roles(object = @arg)
-    case object
-    when String; get_role_string(object)
-    when Symbol; get_role_symbol(object)
-    when NilClass; get_role_nil(object)
-    when Array; get_role_array(object)
-    else
-      get_role_object(object)
-    end
-  end
-
-  private
-    def get_role_string(object)
-      [object]
-    end
-
-    def get_role_symbol(object)
-      [object]
-    end
-
-    def get_role_nil(object)
-      [object]
-    end
-
-    def get_role_array(object)
-      object
-    end
-
-    # this case, _subtarget_roles is an object but not a symbol or a string
-    # let's try to deduct subtarget's roles
-    def get_role_object(object)
-      object_class = object.class.to_s
-
-      # variable to hold deducted role of the passed object
-      deducted_roles = nil
-      role_extracted = false
-
-      Bali::TRANSLATED_SUBTARGET_ROLES.each do |current_subtarget_class, roles_field_name|
-        if object_class == current_subtarget_class
-          deducted_roles = object.send(roles_field_name)
-          deducted_roles = get_roles(deducted_roles)
-          role_extracted = true
-          break
-        end # if matching class
-      end # each TRANSLATED_SUBTARGET_ROLES
-
-      unless role_extracted
-        raise Bali::AuthorizationError, "Bali does not know how to process roles: #{object}"
-      end
-
-      deducted_roles
-    end
-end

data/lib/bali/foundations/rule/rule.rb

@@ -1,55 +0,0 @@
-# for internal use, representing one, single, atomic rule
-class Bali::Rule
-  # auth_val is either :can or :cannot
-  attr_reader :auth_val
-
-  # what is the operation: create, update, delete, or any other
-  attr_reader :operation
-
-  # if decider is defined, a rule is executed only if decider evaluates to true
-  attr_accessor :decider
-  # either unless or if
-  attr_reader :decider_type
-
-  def initialize(auth_val, operation)
-    self.auth_val = auth_val
-    @operation = operation
-    self
-  end
-
-  def clone
-    cloned_rule = Bali::Rule.new(auth_val, operation)
-    cloned_rule.decider = decider if decider
-    cloned_rule.decider_type = decider_type if decider_type
-
-    cloned_rule
-  end
-
-  def auth_val=(aval)
-    # TODO: in version 3 remove :cant
-    if aval == :can || aval == :cannot
-      @auth_val = aval
-    elsif aval == :cant
-      @auth_val = :cannot
-    else
-      fail Bali::DslError, "auth_val can only either be :can or :cannot"
-    end
-  end
-
-  def decider_type=(dectype)
-    if dectype == :if || dectype == :unless
-      @decider_type = dectype
-    else
-      fail Bali::DslError, "decider type not allowed"
-    end
-  end
-
-  def is_discouragement?
-    # TODO: in version 3.0 remove :cant
-    self.auth_val == :cannot || self.auth_val == :cant
-  end
-
-  def has_decider?
-    self.decider.is_a?(Proc) && !self.decider_type.nil?
-  end
-end

data/lib/bali/foundations/rule/rule_class.rb

@@ -1,54 +0,0 @@
-# the parent of all Bali::RuleGroup.
-class Bali::RuleClass
-  attr_reader :target_class
-
-  # consist of canonised subtarget and its rule group, eg: 
-  # {
-  #   general_user: RuleGroup
-  # }
-  attr_accessor :rule_groups
-  
-  # rule group for "other" subtargets, always checked the last time
-  # after the "more proper" rule groups are checked
-  attr_accessor :others_rule_group
-
-  def initialize(target_class)
-    @target_class = target_class
-    self.rule_groups = {}
-    self.others_rule_group = Bali::RuleGroup.new(target_class, "__*__")
-  end
-
-  def add_rule_group(rule_group)
-    target_user = rule_group.subtarget
-    if target_user == "__*__" || target_user == :"__*__"
-      self.others_rule_group = rule_group
-    else
-      self.rule_groups[rule_group.subtarget] = rule_group
-    end
-  end
-
-  def rules_for(subtarget)
-    return others_rule_group if subtarget == "__*__"
-    subtarget = Bali::RuleGroup.canon_name(subtarget)
-    self.rule_groups[subtarget]
-  end
-
-  # options can contains:
-  #  :target_class => identifying the target class on which the clone will be applied
-  def clone(options = {})
-    target_class = options.fetch(:target_class)
-    cloned_rc = Bali::RuleClass.new(target_class)
-
-    rule_groups.each do |subtarget, rule_group|
-      rule_group_clone = rule_group.clone
-      rule_group_clone.target = target_class
-      cloned_rc.add_rule_group(rule_group_clone)
-    end
-
-    others_rule_group_clone = others_rule_group.clone
-    others_rule_group_clone.target = target_class
-    cloned_rc.others_rule_group = others_rule_group_clone
-
-    cloned_rc
-  end
-end

data/lib/bali/foundations/rule/rule_group.rb

@@ -1,91 +0,0 @@
-class Bali::RuleGroup
-  # the target class
-  attr_accessor :target
-
-  # the user to which this rule group is applied
-  attr_accessor :subtarget
-
-  # what can be done and what cannot be done
-  attr_accessor :cans, :cants
-
-  # if set to true then the subtarget can do anything
-  attr_accessor :zeus
-  alias :zeus? :zeus
-
-  # if set to true, well, cannot do anything
-  attr_accessor :plant
-  alias :plant? :plant
-
-  # allowing "general user" and :general_user to route to the same rule group
-  def self.canon_name(subtarget)
-    if subtarget.is_a?(String)
-      return subtarget.gsub(" ", "_").to_sym
-    else
-      return subtarget
-    end
-  end
-
-  def initialize(target, subtarget)
-    self.target = target
-    self.subtarget = Bali::RuleGroup.canon_name(subtarget)
-
-    self.cans = {}
-    self.cants = {}
-
-    # by default, rule group is neither zeus nor plant
-    # it is neutral.
-    # meaning, it is neither allowed to do everything, nor it is 
-    # prohibited to do anything. neutral.
-    self.zeus = false
-    self.plant = false
-  end
-
-  def clone
-    cloned_rg = Bali::RuleGroup.new(target, subtarget)
-    cans.each_value { |can_rule| cloned_rg.add_rule(can_rule.clone) }
-    cants.each_value { |cant_rule| cloned_rg.add_rule(cant_rule.clone) }
-    cloned_rg.zeus = zeus
-    cloned_rg.plant = plant
-
-    cloned_rg
-  end
-
-  def add_rule(rule)
-    # operation cannot be defined twice
-    operation = rule.operation.to_sym
-
-    return if self.cants[operation] && self.cans[operation]
-
-    if rule.is_discouragement?
-      self.cants[operation] = rule
-      self.cans.delete operation
-    else
-      self.cans[operation] = rule
-      self.cants.delete operation
-    end
-  end
-
-  def clear_rules
-    self.cans = {}
-    self.cants = {}
-  end
-
-  def get_rule(auth_val, operation)
-    rule = nil
-    case auth_val
-    when :can, "can"
-      rule = self.cans[operation.to_sym]
-    when :cannot, "cannot"
-      rule = self.cants[operation.to_sym]
-    else
-      fail Bali::DslError, "Undefined operation: #{auth_val}"
-    end
-
-    rule
-  end
-
-  # all rules
-  def rules
-    self.cans.values + self.cants.values
-  end
-end

data/lib/bali/integrators/all_integrators.rb

@@ -1,8 +0,0 @@
-module Bali
-  module Integrator
-  end
-end
-
-require_relative "rule_class_integrator"
-require_relative "rule_group_integrator"
-require_relative "rule_integrator"

data/lib/bali/integrators/rule_class_integrator.rb

@@ -1,27 +0,0 @@
-module Bali
-  module Integrator
-    # high-level functions to access and manage RuleClass classes
-    module RuleClass
-      
-      module_function
-
-      # return all rule classes
-      def all
-        Bali::RULE_CLASS_MAP
-      end
-
-      # return all rule class of a target
-      def for(target)
-        Bali::RULE_CLASS_MAP[target.to_s]
-      end
-
-      # add a new rule class
-      def add(rule_class)
-        target = rule_class.target_class
-
-        Bali::RULE_CLASS_MAP[target.to_s] = rule_class
-        rule_class
-      end # add_rule_class
-    end
-  end
-end

data/lib/bali/integrators/rule_group_integrator.rb

@@ -1,29 +0,0 @@
-module Bali
-  module Integrator
-    module RuleGroup
-
-      module_function
-
-      # attempt to search the rule group, 
-      # but if not exist, will return nil
-      def for(target_class, subtarget)
-        rule_class = Bali::Integrator::RuleClass.for(target_class)
-        rule_class.nil? ? nil : rule_class.rules_for(subtarget)
-      end
-
-      # make a rule group a zeus, that is, he can do everything, unless
-      # specified more specifically otherwise by a definite rule
-      def make_zeus(rule_group)
-        rule_group.zeus = true
-        rule_group.plant = false
-      end
-
-      # make a rule group a plant, that is, he cannot do everything, unless
-      # specified more specifically otherwise by a definite rule
-      def make_plant(rule_group)
-        rule_group.plant = true
-        rule_group.zeus = false
-      end
-    end
-  end
-end

data/lib/bali/integrators/rule_integrator.rb

@@ -1,56 +0,0 @@
-module Bali
-  module Integrator
-    module Rule
-
-      module_function
-
-      # process conditional statement in rule definition
-      # conditional hash: {if: proc} or {unless: proc}
-      def embed_condition(rule, conditional_hash = nil)
-        return if conditional_hash.nil?
-
-        condition_type = conditional_hash.keys[0].to_s.downcase
-        condition_type_symb = condition_type.to_sym
-
-        if condition_type_symb == :if || condition_type_symb == :unless
-          rule.decider = conditional_hash.values[0]
-          rule.decider_type = condition_type_symb
-        end
-        nil
-      end
-
-      # to define can and cant is basically using this method
-      # args can comprises of symbols, and hash (for condition)
-      def add(auth_val, rule_group, *args)
-        conditional_hash = nil
-        operations = []
-
-        # scan args for options
-        args.each do |elm|
-          if elm.is_a?(Hash)
-            conditional_hash = elm
-          else
-            operations << elm
-          end
-        end
-
-        # add operation one by one
-        operations.each do |op|
-          rule = Bali::Rule.new(auth_val, op)
-          Bali::Integrator::Rule.embed_condition(rule, conditional_hash)
-          rule_group.add_rule(rule)
-        end
-      end # bali_process_auth_rules
-
-      # add can rule programatically
-      def add_can(rule_group, *args)
-        add :can, rule_group, *args
-      end
-
-      # add cannot rule programatically
-      def add_cannot(rule_group, *args)
-        add :cannot, rule_group, *args
-      end
-    end
-  end
-end

data/lib/bali/objector.rb

@@ -1,173 +0,0 @@
-# module that will be included in each instantiated target classes as defined
-# in map_rules
-module Bali::Objector
-  def self.included(base)
-    base.extend Bali::Objector::Statics
-  end
-
-  # check whether user can/cant perform an operation, return true when positive
-  # or false otherwise
-  def can?(subtargets, operation)
-    self.class.can?(subtargets, operation, self)
-  end
-
-  # check whether user can/cant perform an operation, raise an error when access
-  # is denied
-  def can!(subtargets, operation)
-    self.class.can!(subtargets, operation, self)
-  end
-
-  # check whether user can/cant perform an operation, return true when negative
-  # or false otherwise
-  def cannot?(subtargets, operation)
-    self.class.cannot?(subtargets, operation, self)
-  end
-
-  # check whether user can/cant perform an operation, raise an error when access
-  # is given
-  def cannot!(subtargets, operation)
-    self.class.cannot!(subtargets, operation, self)
-  end
-
-  def cant?(subtargets, operation)
-    puts "Deprecation Warning: please use cannot? instead, cant? will be deprecated on major release 3.0"
-    cannot?(subtargets, operation)
-  end
-
-  def cant!(subtargets, operation)
-    puts "Deprecation Warning: please use cannot! instead, cant! will be deprecated on major release 3.0"
-    cannot!(subtargets, operation)
-  end
-end
-
-# to allow class-level objection
-module Bali::Objector::Statics
-  # get the proper roles for the subtarget, for any type of subtarget
-  def bali_translate_subtarget_roles(arg)
-    role_extractor = Bali::RoleExtractor.new(arg)
-    role_extractor.get_roles
-  end
-
-  def can?(subtarget_roles, operation, record = self, options = {})
-    subs = bali_translate_subtarget_roles(subtarget_roles)
-    # well, it is largely not used unless decider's is 2 arity
-    original_subtarget = options[:original_subtarget].nil? ? subtarget_roles : options[:original_subtarget]
-
-    judgement_value = false
-    role = nil
-    judger = nil
-
-    subs.each do |subtarget|
-      next if judgement_value == true
-
-      judge = Bali::Judger::Judge.build(:can, {
-        subtarget: subtarget,
-        original_subtarget: original_subtarget,
-        operation: operation,
-        record: record
-      })
-      judgement_value = judge.judgement
-
-      role = subtarget
-    end
-
-    if block_given? 
-      yield original_subtarget, role, judgement_value 
-    end
-
-    judgement_value
-  rescue => e
-    if e.is_a?(Bali::AuthorizationError) || e.is_a?(Bali::Error)
-      raise e
-    else
-      raise Bali::ObjectionError, e.message, e.backtrace
-    end
-  end
-
-  def cannot?(subtarget_roles, operation, record = self, options = {})
-    subs = bali_translate_subtarget_roles subtarget_roles
-    original_subtarget = options[:original_subtarget].nil? ? subtarget_roles : options[:original_subtarget]
-
-    judgement_value = true
-    role = nil
-    judger = nil
-
-    subs.each do |subtarget|
-      next if judgement_value == false
-
-      judge = Bali::Judger::Judge.build(:cannot, {
-        subtarget: subtarget,
-        original_subtarget: original_subtarget,
-        operation: operation,
-        record: record
-      })
-      judgement_value = judge.judgement
-
-      role = subtarget
-    end
-
-    if block_given?
-      yield original_subtarget, role, judgement_value
-    end
-
-    judgement_value
-  rescue => e
-    if e.is_a?(Bali::AuthorizationError)
-      raise e
-    else
-      raise Bali::ObjectionError, e.message, e.backtrace
-    end
-  end
-
-  def can!(subtarget_roles, operation, record = self, options = {})
-    can?(subtarget_roles, operation, record, options) do |original_subtarget, role, can_value|
-      if !can_value
-        auth_error = Bali::AuthorizationError.new
-        auth_error.auth_level = :can
-        auth_error.operation = operation
-        auth_error.role = role
-        auth_error.target = record
-        auth_error.subtarget = original_subtarget
-
-        if role
-          auth_error.subtarget = original_subtarget if !(original_subtarget.is_a?(Symbol) || original_subtarget.is_a?(String) || original_subtarget.is_a?(Array))
-        end
-
-        raise auth_error
-      else
-        return can_value
-      end # if cannot is false, means cannot
-    end # can?
-  end
-
-  def cant!(subtarget_roles, operation, record = self, options = {})
-    puts "Deprecation Warning: please use cannot! instead, cant! will be deprecated on major release 3.0"
-    cannot!(subtarget_roles, operation, record, options)
-  end
-
-  def cant?(subtarget_roles, operation)
-    puts "Deprecation Warning: please use cannot? instead, cant? will be deprecated on major release 3.0"
-    cannot?(subtarget_roles, operation)
-  end
-
-  def cannot!(subtarget_roles, operation, record = self, options = {})
-    cannot?(subtarget_roles, operation, record, options) do |original_subtarget, role, cant_value|
-      if cant_value == false
-        auth_error = Bali::AuthorizationError.new
-        auth_error.auth_level = :cannot
-        auth_error.operation = operation
-        auth_error.role = role
-        auth_error.target = record
-        auth_error.subtarget = original_subtarget
-
-        if role
-          auth_error.subtarget = original_subtarget if !(original_subtarget.is_a?(Symbol) || original_subtarget.is_a?(String) || original_subtarget.is_a?(Array))
-        end
-
-        raise auth_error
-      else
-        return cant_value
-      end # if cannot is false, means can
-    end # cannot?
-  end
-end