RubyGems - can_play - Versions diffs - 0.1.6 - Mend

can_play 0.1.6

Files changed (18) hide show

checksums.yaml +7 -0
data/.gitignore +10 -0
data/Gemfile +6 -0
data/LICENSE.txt +21 -0
data/README.md +94 -0
data/Rakefile +1 -0
data/bin/console +14 -0
data/bin/setup +7 -0
data/can_play.gemspec +27 -0
data/config/locales/zh-CN.yml +17 -0
data/lib/can_play/ability.rb +32 -0
data/lib/can_play/controller.rb +6 -0
data/lib/can_play/power.rb +9 -0
data/lib/can_play/version.rb +3 -0
data/lib/can_play.rb +145 -0
data/lib/generators/can_play/install_generator.rb +20 -0
data/lib/generators/templates/can_play.rb +8 -0
metadata +130 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3fbbcdcfbceff8da3ea0f8d1a8484d73bc814894
+  data.tar.gz: 04b2983c9fc11afab1c095f471999c42bf2b07df
+SHA512:
+  metadata.gz: d1b74feb74f1f6241033a43b4389b3cfcf77dcb83b25b2b4a68677ecc684a7be4de3d9ad7a5ed27c2857e7e85f753f54f977e8ca92386e81ca171fc50a7ff19e
+  data.tar.gz: 3d84f0d8b560f66e7272017bed18157dfba01d8d212d1f14c54f6ac4a3f927c84a882b2657f1c93055c2f65b307dc6ff054bcf236e78e57304447054fdbb72bf

data/.gitignore ADDED Viewed

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.idea/*

data/Gemfile ADDED Viewed

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+  gem "cancancan"
+  gem "consul"
+  gem "rolify"
+# Specify your gem's dependencies in can_play.gemspec
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2015 TODO: Write your name
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,94 @@
+can_plan集成了cancancan和consul的功能，使用DSL描述用户对单个类的实例或某个类的操作权限，及可获取的条目的基础的relation对象.
+## 安装方式
+### 安装cancancan
+cancancan的使用请参见cancancan主页，在此我们安装后，不需要设置Ability文件，can_play在内部集成了这些设置。
+### 安装consul
+consul的使用请参见consul主页，在此我们安装后，不需要设置power文件，也无需在controller中设置current_power，can_play在内部集成了这些设置。
+### can_play安装
+在gemfile中加入can_play的github地址来安装。
+安装后执行如下命令
+```
+rails generate can_play:install
+```
+会在initializer和locales文件夹下生成文件。
+initializer文件夹下的can_play.rb是can_play的基本配置文件。
+locales下的can_play.zh-Cn.yml文件用于描述权限名称。
+### DSL文件描述权限
+dsl文件写法如下：
+	#用哪个类用来描写权限，可在intializer下的can_play.rb文件下描写。
+	class Resource
+	  include CanPlay
+	  # 所有limit块、collection块和member块中都注入了user这个变量，指向当前登录用户，可直接使用。
+	  group Contract do |klass|
+	  	# 描述某个用户可以查看到哪些合同条目。
+	    limit do
+	      if user.is_admin?
+	        klass.all
+	      elsif user.role? '供应商'
+	        klass.where(emall: user.emall)
+	      elsif user.role? '采购人'
+	        klass.where(department: user.department)
+	      else
+	        klass.none
+	      end
+	    end
+		# 描述某个用户可以是否而已查看合同列表、创建合同。
+	    collection [:list, :create], klass do
+	      user.is_admin?
+	    end
+		# 描述某个用户可以是否可以查看、更新某个合同。
+	    member [:read, :update], klass do |obj|
+	      if user.is_admin?
+	        true
+	      elsif user.role? '供应商'
+	        obj.emall.is? user.emall
+	      elsif user.role? '采购人'
+	        obj.department.is? user.department
+	      else
+	        false
+	      end
+	    end
+		# 描述某个用户可以是否可以删除、终止某个合同。
+	    member [:delete, :terminate], klass do |obj|
+	      user.is_admin?
+	    end
+	  end
+	  group Project do |klass|
+	    limit do
+	      if user.is_admin?
+	        klass.all
+	      else
+	        klass.none
+	      end
+	    end
+	    collection [:list, :create], klass do
+	      user.is_admin?
+	    end
+	    member [:read, :update, :delete, :create_later_documents], klass do |obj|
+	      user.is_admin?
+	    end
+	  end
+  	end
+### 和角色类之间建立关联
+此处的DSL相当于在数据库中的resouces表，记录了所有权限。我们需要通过role_resources这样的中间表，建立角色和资源之间的关联。因此在数据库建立中间表role_resources,使用一个resource_name字段来跟DSL中的权限、资源进行关联。我们再前端页面，只需要调用Resource.grouped_resources_with_chinese_desc就可获取到所有DSL文件中描述的所有权限以及中文描述。再在controller和view中创建权限和role的关联即可（往role_resources中间表写条目）。

data/Rakefile ADDED Viewed

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/bin/console ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "can_play"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start

data/bin/setup ADDED Viewed

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+bundle install
+# Do any other automated setup that you need to do here

data/can_play.gemspec ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'can_play/version'
+Gem::Specification.new do |spec|
+  spec.name          = "can_play"
+  spec.version       = CanPlay::VERSION
+  spec.authors       = ["happyming9527"]
+  spec.email         = ["happyming9527@gmail.com"]
+  spec.summary       = %q{a permission system.}
+  spec.description   = %q{control user's permissions based on role and resource.}
+  spec.homepage      = "https://github.com/happyming9527/can_play"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_dependency 'cancancan', "~> 1.12"
+  spec.add_dependency 'consul', "~> 0.12"
+  spec.add_dependency 'ror_hack', "~> 0.1 "
+end

data/config/locales/zh-CN.yml ADDED Viewed

@@ -0,0 +1,17 @@
+---
+zh-CN:
+  can_play:
+    class_name:
+      can_play: 权限管理模型
+    authority_name:
+      common:
+        list: 列表查看
+        create: 新建
+        read: 查看
+        update: 修改
+        delete: 删除
+      plan:
+        test: 测试

data/lib/can_play/ability.rb ADDED Viewed

@@ -0,0 +1,32 @@
+class Ability
+  include CanCan::Ability
+  attr_accessor :user
+  def initialize(user)
+    self.user = user||CanPlay::Config.user_class_name.constantize.new
+    CanPlay::Config.role_class_name.constantize.all.each do |role|
+      next unless user.role?(role.name)
+      role.send(CanPlay::Config.role_resources_middle_class_name.underscore.pluralize).each do |role_resource|
+        resource = CanPlay::Config.resource_class_name.constantize.find_by_name(role_resource.resource_name)
+        next unless resource
+        if resource[:type] == 'collection'
+          if resource[:behavior]
+            block = resource[:behavior]
+            can(resource[:verb], resource[:object]) if block.call(user)
+          else
+            can resource[:verb], resource[:object]
+          end
+        elsif resource[:type] == 'member'
+          if resource[:behavior]
+            block = resource[:behavior]
+            can resource[:verb], resource[:object] do |object|
+              block.call(user, object)
+            end
+          else
+            can resource[:verb], resource[:object]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/can_play/controller.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class ActionController::Base
+  include Consul::Controller
+  current_power do
+    Power.new(current_user)
+  end
+end

data/lib/can_play/power.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class Power
+  include Consul::Power
+  attr_accessor :user
+  def initialize(user)
+    self.user = user
+  end
+end

data/lib/can_play/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module CanPlay
+  VERSION = "0.1.6"
+end

data/lib/can_play.rb ADDED Viewed

@@ -0,0 +1,145 @@
+require 'ror_hack'
+require 'consul'
+require 'cancancan'
+require "can_play/version"
+require "can_play/power"
+require "can_play/ability"
+require "can_play/controller"
+module CanPlay
+  extend ActiveSupport::Concern
+  included do
+    @groups        = []
+    @current_group = nil
+    @resources     = []
+  end
+  module Config
+    mattr_accessor :user_class_name, :role_class_name, :role_resources_middle_class_name, :resource_class_name
+    @@user_class_name = 'User'
+    @@role_class_name = 'Role'
+    @@role_resources_middle_class_name = 'RoleResource'
+    @@resource_class_name = 'Resource'
+    def self.setup
+      yield self
+    end
+  end
+  module ClassMethods
+    # 为每个 resource 添加一个 group, 方便管理
+    def group(opts, &block)
+      if opts.is_a?(Hash)
+        opts  = opts.with_indifferent_access
+        group = {name: opts.delete(:name), klass: opts.delete(:klass)}
+      elsif opts.is_a?(Module)
+        can_play_name = I18n.t("can_play.class_name.#{opts.name.underscore.singularize}", default: '')
+        model_name = I18n.t("activerecord.models.#{opts.name.underscore.singularize}", default: '')
+        name  = (can_play_name.present?||model_name.present?) ? opts.name.underscore.pluralize : opts.try(:table_name)
+        group = {name: name, klass: opts}
+      else
+        # do nothing
+      end
+      group = group.with_indifferent_access
+      @groups << group
+      @groups        = @groups.uniq { |i| i[:name] }
+      @current_group = group
+      block.call(group[:klass])
+      @current_group = nil
+    end
+    def limit(name=nil, &block)
+      raise "Need define group first" if @current_group.nil?
+      Power.power(name||@current_group[:name], &block)
+    end
+    def collection(verb_or_verbs, &block)
+      raise "Need define group first" if @current_group.nil?
+      group    = @current_group
+      behavior = nil
+      if block
+        behavior = lambda do |user|
+          # 在block定义的binding里，注入user这个变量。
+          old_binding = block.binding
+          old_binding.eval("user=nil;lambda {|v| user = v}").call(user)
+          block.call_with_binding(old_binding)
+        end
+      end
+      if verb_or_verbs.kind_of?(Array)
+        verb_or_verbs.each do |verb|
+          add_resource(group, verb, group[:klass], 'collection', behavior)
+        end
+      else
+        add_resource(group, verb_or_verbs, group[:klass], 'collection', behavior)
+      end
+    end
+    def member(verb_or_verbs, &block)
+      raise "Need define group first" if @current_group.nil?
+      group    = @current_group
+      behavior = nil
+      if block
+        behavior = lambda do |user, obj|
+          # 在block定义的binding里，注入user这个变量。
+          old_binding = block.binding
+          old_binding.eval("user=nil;lambda {|v| user = v}").call(user)
+          block.call_with_binding(old_binding, obj)
+        end
+      end
+      if verb_or_verbs.kind_of?(Array)
+        verb_or_verbs.each do |verb|
+          add_resource(group, verb, group[:klass], 'member', behavior)
+        end
+      else
+        add_resource(group, verb_or_verbs, group[:klass], 'member', behavior)
+      end
+    end
+    def add_resource(group, verb, object, type, behavior)
+      name     = "#{verb}_#{object.to_s.underscore}"
+      resource = {
+        name:     name,
+        group:    group,
+        verb:     verb,
+        object:   object,
+        type:     type,
+        behavior: behavior
+      }.with_indifferent_access
+      @resources.keep_if { |i| i[:name] != name }
+      @resources << resource
+    end
+    def find_by_name(name)
+      @resources.find { |r| r[:name] == name }
+    end
+    def grouped_resources
+      @grouped_resources ||= @resources.group_by { |i| i[:group] }
+    end
+    def my_resources
+      @resources
+    end
+    def grouped_resources_with_chinese_desc
+      grouped_resources.tap do |i|
+        i.each do |group, resources|
+          group[:chinese_desc] = begin
+            name = I18n.t("can_play.class_name.#{group[:name].singularize}", default: '')
+            name = group[:klass].model_name.human if name.blank?
+            name
+          end
+          resources.each do |resource|
+            resource[:chinese_desc] = I18n.t("can_play.authority_name.#{group[:name].singularize}.#{resource[:verb]}", default: '').presence || I18n.t("can_play.authority_name.common.#{resource[:verb]}")
+          end
+        end
+        i.rehash
+      end
+    end
+  end
+end

data/lib/generators/can_play/install_generator.rb ADDED Viewed

@@ -0,0 +1,20 @@
+require 'rails/generators/base'
+module CanPlay
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+      desc "Creates a can_play initializer and copy locale files to your application."
+      def copy_initializer
+        template "can_play.rb", "config/initializers/can_play.rb"
+      end
+      def copy_locale
+        copy_file "../../../config/locales/zh-Cn.yml", "config/locales/can_play.zh-CN.yml"
+      end
+    end
+  end
+end

data/lib/generators/templates/can_play.rb ADDED Viewed

@@ -0,0 +1,8 @@
+# 在此可设置角色类名称、角色权限中间表等信息。
+CanPlay::Config.setup do |config|
+  config.user_class_name = 'User'
+  config.role_class_name = 'Role'
+  config.role_resources_middle_class_name = 'RoleResource'
+  config.resource_class_name = 'Resource'
+end

metadata ADDED Viewed

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: can_play
+version: !ruby/object:Gem::Version
+  version: 0.1.6
+platform: ruby
+authors:
+- happyming9527
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2015-08-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: consul
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.12'
+- !ruby/object:Gem::Dependency
+  name: ror_hack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: control user's permissions based on role and resource.
+email:
+- happyming9527@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- can_play.gemspec
+- config/locales/zh-CN.yml
+- lib/can_play.rb
+- lib/can_play/ability.rb
+- lib/can_play/controller.rb
+- lib/can_play/power.rb
+- lib/can_play/version.rb
+- lib/generators/can_play/install_generator.rb
+- lib/generators/templates/can_play.rb
+homepage: https://github.com/happyming9527/can_play
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.6
+signing_key:
+specification_version: 4
+summary: a permission system.
+test_files: []