caber 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cf2b829a8c4545b9421f75c2dc2fbf08bbfa45e03dc01d6cc14cd9bc91c742ff
4
- data.tar.gz: 66c199b0d561879e11467ba60723a7d5489c5e1824961a41a2497bb4e64654ac
3
+ metadata.gz: 32626bb698069dab3797b3fe532bce89def4fc6a91c0662e030b93df58c7b0c4
4
+ data.tar.gz: 999efb197f1567376feb709b6d2e77d83d2d4d0f79e42ecdae8c7e2429997f9d
5
5
  SHA512:
6
- metadata.gz: fb15e64a7fe5ba982b6d55eea3be6d7294f4064f1bb3b31641bc9577b36e3eafd2767442dcf4b287d6382aaf1fd0a26868fccb169a4c11dd436c4d217612eb0a
7
- data.tar.gz: f1503f5ed8203e44b807529bc9028bc961437d6d684f11017e43536422a8dddcf06bf1e2f680116c7696d2ecc4983dee7eddfef7f19b440d112a4a36aee863d9
6
+ metadata.gz: 67c2028ca5dd0aead722b9ea20961c41e2fe8fe6733c4b68b732f08f4292b32b568ac7f3b6e49d0f30168b01cc7c78ff457f319410c7e504856640c57800c605
7
+ data.tar.gz: 868d630bf81d19a45b9ff058cdac098ccb6115f985e1a9c0426e30243ed6b36e8dbf2b16b3da1a68e889906d2b571cf1aed9beac62ed9ce4940f6ee638cec7a9
data/README.md CHANGED
@@ -37,13 +37,21 @@ end
37
37
  Now you're ready to grant some permissions! To give someone permission on something:
38
38
 
39
39
  ```
40
- document.grant_permission_to :view, user
40
+ document.grant_permission_to "viewer", user
41
41
  ```
42
42
 
43
43
  You can query permissions in both directions:
44
44
  ```
45
- document.grants_permission_to? :view, user
46
- user.has_permission_to? :view, document
45
+ document.grants_permission_to? "viewer", user
46
+ user.has_permission_on? "viewer", document
47
+ ```
48
+
49
+ You can also check more than one permission at once by passing an array.
50
+ The check will be positive if *either* are granted:
51
+
52
+ ```
53
+ document.grants_permission_to? ["viewer", "editor"], user
54
+ user.has_permission_on? ["viewer", "editor"], document
47
55
  ```
48
56
 
49
57
  ### Global permissions
@@ -51,9 +59,62 @@ user.has_permission_to? :view, document
51
59
  To grant or query permissions globally (for instance, for a public view permission), you can use a `nil` subject:
52
60
 
53
61
  ```
54
- document.grant_permission_to :view, nil
62
+ document.grant_permission_to "viewer", nil
55
63
  ```
56
64
 
65
+ ### Relationships
66
+
67
+ In order to query lists of available objects, subjects need to be told what types they can be granted permission on. For each type, after including `Caber::Subject`, call `can_have_permissions_on` with the ActiveRecord class you want to be able to get lists of. `permitted_*` relationships are then automatically added for that type:
68
+
69
+ ```
70
+ class User < ApplicationRecord
71
+ include Caber::Subject
72
+ can_have_permissions_on Document
73
+ end
74
+
75
+ user.permitted_documents
76
+ # => all documents with any granted permission
77
+
78
+ user.permitted_documents.with_permission "viewer"
79
+ # => all documents that the user has viewer permission on
80
+
81
+ user.permitted_documents.with_permission ["viewer", "editor"]
82
+ # => all documents that the user has viewer or editor permission on
83
+
84
+ ```
85
+
86
+ The inverse relationship is also possible by specifying `can_grant_permissions_to` on objects:
87
+
88
+ ```
89
+ class Document < ApplicationRecord
90
+ include Caber::Object
91
+ can_grant_permissions_to User
92
+ end
93
+
94
+ document.permitted_users
95
+ # => all users with any permission
96
+
97
+ document.permitted_users.with_permission "viewer"
98
+ # => all users with viewer permission
99
+
100
+ document.permitted_users.with_permission ["viewer", "editor"]
101
+ # => all users with viewer or editor permission
102
+
103
+ ```
104
+
105
+ ### Revoking permissions
106
+
107
+ You can revoke some or all permissions from a user:
108
+
109
+ ```
110
+ # Remove a specific permission
111
+ document.revoke_permission("viewer", user)
112
+
113
+ # Remove all permissions from a user
114
+ document.revoke_all_permissions(user)
115
+ ```
116
+
117
+
57
118
  ## Development
58
119
 
59
120
  After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests.
@@ -67,3 +128,10 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/manyfo
67
128
  ## Code of Conduct
68
129
 
69
130
  Everyone interacting in the Caber project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/manyfold3d/caber/blob/master/CODE_OF_CONDUCT.md).
131
+
132
+ ## Acknowledgements
133
+
134
+ This gem was created as part of [Manyfold](https://manyfold.app), with funding from [NGI0 Entrust](https://nlnet.nl/entrust), a fund established by [NLnet](https://nlnet.nl) with financial support from the European Commission's [Next Generation Internet](https://ngi.eu) program.
135
+
136
+ [<img src="https://nlnet.nl/logo/banner.png" alt="NLnet foundation logo" width="20%" />](https://nlnet.nl)
137
+ [<img src="https://nlnet.nl/image/logos/NGI0_tag.svg" alt="NGI Zero Logo" width="20%" />](https://nlnet.nl/entrust)
@@ -2,6 +2,12 @@ module Caber::Object
2
2
  extend ActiveSupport::Concern
3
3
 
4
4
  included do
5
+ has_many :caber_relations, as: :object, class_name: "Caber::Relation", dependent: :destroy
6
+ scope :with_permission, ->(permission) { where("caber_relations.permission": permission) }
7
+
8
+ def self.can_grant_permissions_to(model)
9
+ has_many :"permitted_#{model.name.pluralize.parameterize}", through: :caber_relations, source: :subject, source_type: model.name
10
+ end
5
11
  end
6
12
 
7
13
  def grant_permission_to(permission, subject)
@@ -11,4 +17,12 @@ module Caber::Object
11
17
  def grants_permission_to?(permission, subject)
12
18
  Caber::Relation.where(object: self, subject: [subject, nil], permission: permission).present?
13
19
  end
20
+
21
+ def revoke_permission(permission, subject)
22
+ Caber::Relation.where(object: self, subject: subject, permission: permission).destroy_all
23
+ end
24
+
25
+ def revoke_all_permissions(subject)
26
+ Caber::Relation.where(object: self, subject: subject).destroy_all
27
+ end
14
28
  end
@@ -2,6 +2,12 @@ module Caber::Subject
2
2
  extend ActiveSupport::Concern
3
3
 
4
4
  included do
5
+ has_many :caber_relations, as: :subject, class_name: "Caber::Relation", dependent: :destroy
6
+ scope :with_permission, ->(permission) { where("caber_relations.permission": permission) }
7
+
8
+ def self.can_have_permissions_on(model)
9
+ has_many :"permitted_#{model.name.pluralize.parameterize}", through: :caber_relations, source: :object, source_type: model.name
10
+ end
5
11
  end
6
12
 
7
13
  def has_permission_on?(permission, object)
data/lib/caber/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Caber
2
- VERSION = "0.1.0"
2
+ VERSION = "0.2.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: caber
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Smith
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-28 00:00:00.000000000 Z
11
+ date: 2024-08-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails