bali 2.4.0 → 6.0.0rc1

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    M2I3NWNjNmVlNWM4YzQyMGU0YzAyNzBmZGJmNTBjMTUxMGYxOWMxYg==
-  data.tar.gz: !binary |-
-    MzhkMjlhYzA4NDU3M2M4ODE1ODkxZTU0ZDA3NDJjZGUwODNmOTZhYg==
+SHA256:
+  metadata.gz: 6d59bbcd74624299c6680e6b33787924db86c22e95ea1eac9817835c90c8fd1b
+  data.tar.gz: 656f6455652098bd35ed58ea60434ace5643f2c5d6063a4ccf1e2b235156a79b
 SHA512:
-  metadata.gz: !binary |-
-    MTJhOTRkODJhMWM5OTIzNjA0NTQ0OWVjMTMzOTgwZDFlZDBhZjQzNjQ0N2Y2
-    YWViMDExYzMyZjI5Y2YyOTYxNDdhZWJmYWU5YTVlNDYwODgwZDA1NDhhZWRm
-    NTliMTI1ZGEyMjNjY2QyNGEwNTM5YjNjNDc5OGIxYjk2MTYyNTI=
-  data.tar.gz: !binary |-
-    NTMzMzBjNTczZmM2MDE1YmI0NjA0ZjY1MDRhZGZmNWRiNTRjZGYzMDRmMWI4
-    Zjk4ZTEzNGZkZDg0NzFmZjg0YjYwNDQ2OGVlYjgwNzkwNTY4MGFlZDE1NjI3
-    ZDI1ZjlhNmFhODA4OGQzZDFhMjBkNjdjMjk1ZTI0YTkzZmQ4MTY=
+  metadata.gz: e66ac8fffcacebda88e299bef9e0ef512d0dbed4f9e4b309df3bec6b3afabe4af4fd2182f501df0847c396f918adcc128c68846fd163a049b56b2ec2c807884b
+  data.tar.gz: a629ff732df6cb1bc347de1bab16dafb87ad29d87029c3a87b30a4b0301da430cf15e47f5b6844f104a071d0f755dce18a0d29277a07c0f4bd5bdde12e7fd5e9

data/.rspec

@@ -1,2 +1,3 @@
 --format documentation
 --color
+--require spec_helper

data/lib/bali.rb

@@ -1,14 +1,17 @@
 require_relative "bali/version"
 
-# load the DSL syntax maker definition, ordered by proper order of invocation
-require_relative "bali/dsl/map_rules_dsl"
-require_relative "bali/dsl/rules_for_dsl"
-
-require_relative "bali/objector"
-require_relative "bali/printer"
+begin
+  require "rails"
+  require "rails/generators"
+rescue LoadError => e
+  # ignores
+end
 
-require_relative "bali/foundations/all_foundations"
-require_relative "bali/integrators/all_integrators"
+require "zeitwerk"
+loader = Zeitwerk::Loader.for_gem
+loader.ignore("#{__dir__}/generators")
+loader.ignore("#{__dir__}/bali/activerecord.rb")
+loader.setup
 
 module Bali
   # mapping class to a RuleClass
@@ -21,13 +24,19 @@ module Bali
   TRANSLATED_SUBTARGET_ROLES = {}
 
   extend self
-  def map_rules(&block)
-    dsl_map_rules = Bali::MapRulesDsl.new
-    dsl_map_rules.instance_eval(&block)
+
+  def config
+    @config ||= Bali::Config.new
   end
 
-  def clear_rules
-    Bali::RULE_CLASS_MAP.clear
-    true
+  def configure
+    yield config
+  end
+
+  if defined? Rails
+    require "bali/railtie"
+    require "bali/activerecord"
   end
 end
+
+loader.eager_load

data/lib/bali/activerecord.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'active_support/lazy_load_hooks'
+
+ActiveSupport.on_load :active_record do
+  require "bali"
+  ::ActiveRecord::Base.send :include, Bali::Authorizer
+end

data/lib/bali/authorizer.rb

@@ -0,0 +1,24 @@
+module Bali::Authorizer
+  def self.included(base)
+    base.extend Bali::Authorizer::Statics
+  end
+
+  def can?(actor_or_roles, operation = nil)
+    self.class.can?(actor_or_roles, operation, self)
+  end
+
+  def cant?(actor_or_roles, operation = nil)
+    self.class.cant?(actor_or_roles, operation, self)
+  end
+end
+
+# to allow class-level objection
+module Bali::Authorizer::Statics
+  def can?(actor_or_roles, operation, record = self)
+    Bali::Judge.check(:can, actor_or_roles, operation, record)
+  end
+
+  def cant?(actor_or_roles, operation, record = self)
+    Bali::Judge.check(:cant, actor_or_roles, operation, record)
+  end
+end

data/lib/bali/config.rb

@@ -0,0 +1,12 @@
+class Bali::Config
+  attr_accessor :rules_path
+  attr_accessor :suffix
+
+  def initialize
+    if Rails.respond_to?(:root) && Rails.root
+      @rules_path = Rails.root.join("app", "rules")
+    end
+
+    @suffix = "Rules"
+  end
+end

data/lib/bali/dsl_error.rb

@@ -0,0 +1,3 @@
+# Error class to represent incorrect usage of syntax
+class Bali::DslError < Bali::Error
+end

data/lib/bali/judge.rb

@@ -0,0 +1,239 @@
+class Bali::Judge
+  # Fuzy value is possible when the evaluation is not yet clear cut, for example in this case:
+  #
+  # role :finance do
+  #   cant :view
+  # end
+  #
+  # others do
+  #   can :view
+  #   can :index
+  # end
+  #
+  # Checking cant view for finance role results in a definite false, but
+  # checking on index for the same role results in FUZY_TRUE. Eventually, all FUZY value will be
+  # normal TRUE or FALSE if no definite counterpart is found.
+
+  FUZY_FALSE = -2
+  FUZY_TRUE = 2
+  DEFINITE_FALSE = -1
+  DEFINITE_TRUE = 1
+
+  attr_accessor :term,
+    :actor,
+    :role,
+    :operation,
+    :record,
+    :should_cross_check
+
+  class << self
+    def check(term, actor_or_roles, operation, record)
+      if operation.nil?
+        # eg: user.can? :sign_in
+        operation = actor_or_roles
+        actor_or_roles = nil
+      end
+
+      judgement_value = default_value = term == :can ? false : true
+      roles = Bali::Role.formalize actor_or_roles
+
+      roles.each do |role|
+        judge = Bali::Judge.new(
+          term: term,
+          role: role,
+          actor: actor_or_roles,
+          operation: operation,
+          record: record
+        )
+
+        judgement_value = judge.judgement
+        break if judgement_value != default_value
+      end
+
+      judgement_value
+    end
+  end
+
+  def initialize(term:,
+    actor:,
+    role:,
+    operation:,
+    record:,
+    should_cross_check: true)
+
+    @term = term
+    @role = role
+    @actor = actor
+    @operation = operation
+    @record = record
+    @should_cross_check = should_cross_check
+  end
+
+  def judgement
+    our_holy_judgement = natural_value if no_rule_group?
+
+    if our_holy_judgement.nil? && rule.nil? && may_have_reservation?
+      our_holy_judgement = cross_check_reverse_value(cross_check_judge.judgement)
+    end
+
+    if our_holy_judgement.nil? && rule.nil?
+      cross_check_value = nil
+      # default if can? for undefined rule is false, after related clause
+      # cant be found in cant?
+      if should_cross_check
+        cross_check_value = cross_check_judge.judgement
+      end
+
+      # if cross check value nil, then the reverse rule is not defined,
+      # let's determine whether they can do anything or not
+      if cross_check_value.nil?
+        # rule_group can be nil for when user checking under undefined rule-group
+        if rule_group
+          if rule_group.can_all?
+            our_holy_judgement = term == :cant ? DEFINITE_FALSE : DEFINITE_TRUE
+          elsif rule_group.cant_all?
+            our_holy_judgement = term == :cant ? DEFINITE_TRUE : DEFINITE_FALSE
+          end
+
+        end # if rule_group exist
+      else
+        # process value from cross checking
+
+        if otherly_rule && (cross_check_value == FUZY_FALSE || cross_check_value == FUZY_TRUE)
+          # give chance to check at others block
+          @rule = otherly_rule
+        else
+          our_holy_judgement = cross_check_reverse_value(cross_check_value)
+        end
+      end
+    end # if our judgement nil and rule is nil
+
+    # if our holy judgement is still nil, but rule is defined
+    if our_holy_judgement.nil? && rule
+      if rule.conditional?
+        our_holy_judgement = run_condition(rule, actor, record)
+      else
+        our_holy_judgement = DEFINITE_TRUE
+      end
+    end
+
+    # return fuzy if otherly rule defines contrary to this term
+    if our_holy_judgement.nil? && rule.nil? && (other_rule_group && other_rule_group.find_rule(reversed_term, operation))
+      if rule_group && (rule_group.can_all? || rule_group.cant_all?)
+        # don't overwrite our holy judgement with fuzy value if rule group
+        # zeus/plant, because zeus/plant is more definite than any fuzy values
+        # eventhough the rule is abstractly defined
+      else
+        our_holy_judgement = term == :cant ? FUZY_TRUE : FUZY_FALSE
+      end
+    end
+
+    # if at this point still nil, well,
+    # return the natural value for this judge
+    if our_holy_judgement.nil?
+      if otherly_rule
+        our_holy_judgement = FUZY_TRUE
+      else
+        our_holy_judgement = natural_value
+      end
+    end
+
+    return !should_cross_check ?
+      our_holy_judgement :
+
+      # translate response for value above to traditional true/false
+      # holy judgement refer to non-standard true/false being used inside Bali
+      # which need to be translated from other beings to know
+      our_holy_judgement > 0
+  end
+
+  private
+
+    def record_class
+      record.is_a?(Class) ? record : record.class
+    end
+
+    def ruler
+      @ruler ||= Bali::Ruler.for record_class
+    end
+
+    def rule_group_for(role)
+      ruler.nil? ? nil : ruler[role]
+    end
+
+    def rule_group
+      @rule_group ||= rule_group_for role
+    end
+
+    def other_rule_group
+      @other_rule_group ||= rule_group_for nil
+    end
+
+    def no_rule_group?
+      rule_group.nil? && other_rule_group.nil?
+    end
+
+    def rule
+      # rule group may be nil, for when user checking for undefined rule group
+      @rule ||= rule_group ? rule_group.find_rule(term, operation) : nil
+    end
+
+    def otherly_rule
+      @otherly_rule ||= other_rule_group ? other_rule_group.find_rule(term, operation) : nil
+    end
+
+    def cross_check_judge
+      @cross_check_judge ||= begin
+        Bali::Judge.new(
+          term: reversed_term,
+          role: role,
+          operation: operation,
+          record: record,
+          should_cross_check: false,
+          actor: actor
+        )
+      end
+    end
+
+    def reversed_term
+      case term
+      when :can then :cant
+      when :cant then :can
+      end
+    end
+
+    def natural_value
+      term == :cant ? DEFINITE_TRUE : DEFINITE_FALSE
+    end
+
+    # returns true if we need to check rule that can overwrite
+    # the most powerful rule defined
+    def may_have_reservation?
+      term == :cant ?
+        (rule_group && rule_group.cant_all?) :
+        (rule_group && rule_group.can_all?)
+    end
+
+    def run_condition(rule, actor, record)
+      # must test first
+      conditional = rule.conditional
+      case conditional.arity
+      when 0
+        return conditional.() ? DEFINITE_TRUE : DEFINITE_FALSE
+      when 1
+        return conditional.(record) ? DEFINITE_TRUE : DEFINITE_FALSE
+      when 2
+        return conditional.(record, actor) ? DEFINITE_TRUE : DEFINITE_FALSE
+      end
+    end
+
+    def cross_check_reverse_value(cross_check_value)
+      case cross_check_value
+      when DEFINITE_TRUE then DEFINITE_FALSE
+      when DEFINITE_FALSE then DEFINITE_TRUE
+      when FUZY_FALSE then FUZY_TRUE
+      when FUZY_TRUE then FUZY_FALSE
+      end
+    end
+
+end

data/lib/bali/printer.rb

@@ -4,7 +4,7 @@ require "date"
 # module that would allow all defined rules to be printed for check
 module Bali::Printer
   module_function
-    
+
   SEPARATOR = " " * 6
   SUBTARGET_TITLE_SEPARATOR = SEPARATOR + ("-" * 80) + "\n"
 
@@ -14,50 +14,40 @@ module Bali::Printer
     # build up the string for pretty printing rules
     Bali::RULE_CLASS_MAP.each do |klass, rule_class|
       output << "===== #{klass.to_s} =====\n\n"
-      
-      rule_class.rule_groups.each do |subtarget, rule_group|
-        print_rule_group(rule_group, output)
-      end
 
-      if rule_class.others_rule_group.rules.any?
-        print_rule_group(rule_class.others_rule_group, output)
+      rule_class.roles.each do |subtarget, role|
+        print_role role, output
       end
+
       output << "\n\n"
     end
 
-    output << "\n\n"
-    output << DateTime.now.strftime("Printed at %d-%m-%Y %I:%M%p %Z")
+    output << DateTime.now.strftime("Printed at %Y-%m-%d %I:%M%p %Z")
 
     output.string
   end
 
-  def print_rule_group(rule_group, target_io)
-    target = rule_group.target.to_s
-    subtarget = rule_group.subtarget.to_s.capitalize
-    subtarget = "Others" if subtarget == "__*__"
-    is_zeus = rule_group.zeus?
-    is_plant = rule_group.plant?
+  def print_role role, target_io
+    subtarget = role.subtarget.to_s.capitalize
+    subtarget = "By default" if subtarget.blank?
+    can_all = role.can_all?
     counter = 0
 
-    target_io << "#{SEPARATOR}#{subtarget}, can all: #{is_zeus}, cannot all: #{is_plant}\n"
+    target_io << "#{SEPARATOR}#{subtarget}\n"
     target_io << SUBTARGET_TITLE_SEPARATOR
-    
-    if is_zeus
+
+    if can_all
       target_io << "#{SEPARATOR}  #{counter+=1}. #{subtarget} can do anything except if explicitly stated otherwise\n"
-    elsif is_plant
-      target_io << "#{SEPARATOR}  #{counter+=1}. #{subtarget} cannot do anything except if explicitly stated otherwise\n"
     end
-  
-    rule_group.rules.each do |rule|
+
+    role.rules.each do |rule|
       written_rule = StringIO.new
-      written_rule << "#{SEPARATOR}  #{counter+=1}. #{subtarget} #{rule.auth_val} #{rule.operation} #{target}"
-      if rule.has_decider?
+      written_rule << "#{SEPARATOR}  #{counter+=1}. #{subtarget} #{rule.term} #{rule.operation}"
+      if rule.conditional?
         written_rule << ", with condition"
       end
       written_rule << "\n"
       target_io << written_rule.string
     end
-
-    target_io << "\n"
   end
 end

data/lib/bali/railtie.rb

@@ -0,0 +1,13 @@
+require "bali"
+require "rails"
+
+module Bali
+  class Railtie < ::Rails::Railtie
+    railtie_name :bali
+
+    rake_tasks do
+      path = File.expand_path(__dir__)
+      Dir.glob("#{path}/tasks/**/*.rake").each { |f| load f }
+    end
+  end
+end