RubyGems - can_play - Versions diffs - 0.1.6 - Mend

can_play 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

checksums.yaml +7 -0
data/.gitignore +10 -0
data/Gemfile +6 -0
data/LICENSE.txt +21 -0
data/README.md +94 -0
data/Rakefile +1 -0
data/bin/console +14 -0
data/bin/setup +7 -0
data/can_play.gemspec +27 -0
data/config/locales/zh-CN.yml +17 -0
data/lib/can_play/ability.rb +32 -0
data/lib/can_play/controller.rb +6 -0
data/lib/can_play/power.rb +9 -0
data/lib/can_play/version.rb +3 -0
data/lib/can_play.rb +145 -0
data/lib/generators/can_play/install_generator.rb +20 -0
data/lib/generators/templates/can_play.rb +8 -0
metadata +130 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3fbbcdcfbceff8da3ea0f8d1a8484d73bc814894
+  data.tar.gz: 04b2983c9fc11afab1c095f471999c42bf2b07df
+SHA512:
+  metadata.gz: d1b74feb74f1f6241033a43b4389b3cfcf77dcb83b25b2b4a68677ecc684a7be4de3d9ad7a5ed27c2857e7e85f753f54f977e8ca92386e81ca171fc50a7ff19e
+  data.tar.gz: 3d84f0d8b560f66e7272017bed18157dfba01d8d212d1f14c54f6ac4a3f927c84a882b2657f1c93055c2f65b307dc6ff054bcf236e78e57304447054fdbb72bf

data/.gitignore ADDED Viewed

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+.idea/*

data/Gemfile ADDED Viewed

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+  gem "cancancan"
+  gem "consul"
+  gem "rolify"
+# Specify your gem's dependencies in can_play.gemspec
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+Copyright (c) 2015 TODO: Write your name
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,94 @@
+can_plan集成了cancancan和consul的功能，使用DSL描述用户对单个类的实例或某个类的操作权限，及可获取的条目的基础的relation对象.
+## 安装方式
+### 安装cancancan
+cancancan的使用请参见cancancan主页，在此我们安装后，不需要设置Ability文件，can_play在内部集成了这些设置。
+### 安装consul
+consul的使用请参见consul主页，在此我们安装后，不需要设置power文件，也无需在controller中设置current_power，can_play在内部集成了这些设置。
+### can_play安装
+在gemfile中加入can_play的github地址来安装。
+安装后执行如下命令
+```
+rails generate can_play:install
+```
+会在initializer和locales文件夹下生成文件。
+initializer文件夹下的can_play.rb是can_play的基本配置文件。
+locales下的can_play.zh-Cn.yml文件用于描述权限名称。
+### DSL文件描述权限
+dsl文件写法如下：
+	#用哪个类用来描写权限，可在intializer下的can_play.rb文件下描写。
+	class Resource
+	  include CanPlay
+	  # 所有limit块、collection块和member块中都注入了user这个变量，指向当前登录用户，可直接使用。
+	  group Contract do |klass|
+	  	# 描述某个用户可以查看到哪些合同条目。
+	    limit do
+	      if user.is_admin?
+	        klass.all
+	      elsif user.role? '供应商'
+	        klass.where(emall: user.emall)
+	      elsif user.role? '采购人'
+	        klass.where(department: user.department)
+	      else
+	        klass.none
+	      end
+	    end
+		# 描述某个用户可以是否而已查看合同列表、创建合同。
+	    collection [:list, :create], klass do
+	      user.is_admin?
+	    end
+		# 描述某个用户可以是否可以查看、更新某个合同。
+	    member [:read, :update], klass do |obj|
+	      if user.is_admin?
+	        true
+	      elsif user.role? '供应商'
+	        obj.emall.is? user.emall
+	      elsif user.role? '采购人'
+	        obj.department.is? user.department
+	      else
+	        false
+	      end
+	    end
+		# 描述某个用户可以是否可以删除、终止某个合同。
+	    member [:delete, :terminate], klass do |obj|
+	      user.is_admin?
+	    end
+	  end
+	  group Project do |klass|
+	    limit do
+	      if user.is_admin?
+	        klass.all
+	      else
+	        klass.none
+	      end
+	    end
+	    collection [:list, :create], klass do
+	      user.is_admin?
+	    end
+	    member [:read, :update, :delete, :create_later_documents], klass do |obj|
+	      user.is_admin?
+	    end
+	  end
+  	end
+### 和角色类之间建立关联
+此处的DSL相当于在数据库中的resouces表，记录了所有权限。我们需要通过role_resources这样的中间表，建立角色和资源之间的关联。因此在数据库建立中间表role_resources,使用一个resource_name字段来跟DSL中的权限、资源进行关联。我们再前端页面，只需要调用Resource.grouped_resources_with_chinese_desc就可获取到所有DSL文件中描述的所有权限以及中文描述。再在controller和view中创建权限和role的关联即可（往role_resources中间表写条目）。

data/Rakefile ADDED Viewed

	@@ -0,0 +1 @@
1	+ require "bundler/gem_tasks"

data/bin/console ADDED Viewed

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+require "bundler/setup"
+require "can_play"
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+require "irb"
+IRB.start

data/bin/setup ADDED Viewed

@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+IFS=$'\n\t'
+bundle install
+# Do any other automated setup that you need to do here

data/can_play.gemspec ADDED Viewed

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'can_play/version'
+Gem::Specification.new do |spec|
+  spec.name          = "can_play"
+  spec.version       = CanPlay::VERSION
+  spec.authors       = ["happyming9527"]
+  spec.email         = ["happyming9527@gmail.com"]
+  spec.summary       = %q{a permission system.}
+  spec.description   = %q{control user's permissions based on role and resource.}
+  spec.homepage      = "https://github.com/happyming9527/can_play"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_dependency 'cancancan', "~> 1.12"
+  spec.add_dependency 'consul', "~> 0.12"
+  spec.add_dependency 'ror_hack', "~> 0.1 "
+end

data/config/locales/zh-CN.yml ADDED Viewed

@@ -0,0 +1,17 @@
+---
+zh-CN:
+  can_play:
+    class_name:
+      can_play: 权限管理模型
+    authority_name:
+      common:
+        list: 列表查看
+        create: 新建
+        read: 查看
+        update: 修改
+        delete: 删除
+      plan:
+        test: 测试

data/lib/can_play/ability.rb ADDED Viewed

@@ -0,0 +1,32 @@
+class Ability
+  include CanCan::Ability
+  attr_accessor :user
+  def initialize(user)
+    self.user = user||CanPlay::Config.user_class_name.constantize.new
+    CanPlay::Config.role_class_name.constantize.all.each do |role|
+      next unless user.role?(role.name)
+      role.send(CanPlay::Config.role_resources_middle_class_name.underscore.pluralize).each do |role_resource|
+        resource = CanPlay::Config.resource_class_name.constantize.find_by_name(role_resource.resource_name)
+        next unless resource
+        if resource[:type] == 'collection'
+          if resource[:behavior]
+            block = resource[:behavior]
+            can(resource[:verb], resource[:object]) if block.call(user)
+          else
+            can resource[:verb], resource[:object]
+          end
+        elsif resource[:type] == 'member'
+          if resource[:behavior]
+            block = resource[:behavior]
+            can resource[:verb], resource[:object] do |object|
+              block.call(user, object)
+            end
+          else
+            can resource[:verb], resource[:object]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/can_play/controller.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class ActionController::Base
+  include Consul::Controller
+  current_power do
+    Power.new(current_user)
+  end
+end

data/lib/can_play/power.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class Power
+  include Consul::Power
+  attr_accessor :user
+  def initialize(user)
+    self.user = user
+  end
+end

data/lib/can_play/version.rb ADDED Viewed

@@ -0,0 +1,3 @@
+module CanPlay
+  VERSION = "0.1.6"
+end

data/lib/can_play.rb ADDED Viewed

@@ -0,0 +1,145 @@
+require 'ror_hack'
+require 'consul'
+require 'cancancan'
+require "can_play/version"
+require "can_play/power"
+require "can_play/ability"
+require "can_play/controller"
+module CanPlay
+  extend ActiveSupport::Concern
+  included do
+    @groups        = []
+    @current_group = nil
+    @resources     = []
+  end
+  module Config
+    mattr_accessor :user_class_name, :role_class_name, :role_resources_middle_class_name, :resource_class_name
+    @@user_class_name = 'User'
+    @@role_class_name = 'Role'
+    @@role_resources_middle_class_name = 'RoleResource'
+    @@resource_class_name = 'Resource'
+    def self.setup
+      yield self
+    end
+  end
+  module ClassMethods
+    # 为每个 resource 添加一个 group, 方便管理
+    def group(opts, &block)
+      if opts.is_a?(Hash)
+        opts  = opts.with_indifferent_access
+        group = {name: opts.delete(:name), klass: opts.delete(:klass)}
+      elsif opts.is_a?(Module)
+        can_play_name = I18n.t("can_play.class_name.#{opts.name.underscore.singularize}", default: '')
+        model_name = I18n.t("activerecord.models.#{opts.name.underscore.singularize}", default: '')
+        name  = (can_play_name.present?||model_name.present?) ? opts.name.underscore.pluralize : opts.try(:table_name)
+        group = {name: name, klass: opts}
+      else
+        # do nothing
+      end
+      group = group.with_indifferent_access
+      @groups << group
+      @groups        = @groups.uniq { |i| i[:name] }
+      @current_group = group
+      block.call(group[:klass])
+      @current_group = nil
+    end
+    def limit(name=nil, &block)
+      raise "Need define group first" if @current_group.nil?
+      Power.power(name||@current_group[:name], &block)
+    end
+    def collection(verb_or_verbs, &block)
+      raise "Need define group first" if @current_group.nil?
+      group    = @current_group
+      behavior = nil
+      if block
+        behavior = lambda do |user|
+          # 在block定义的binding里，注入user这个变量。
+          old_binding = block.binding
+          old_binding.eval("user=nil;lambda {|v| user = v}").call(user)
+          block.call_with_binding(old_binding)
+        end
+      end
+      if verb_or_verbs.kind_of?(Array)
+        verb_or_verbs.each do |verb|
+          add_resource(group, verb, group[:klass], 'collection', behavior)
+        end
+      else
+        add_resource(group, verb_or_verbs, group[:klass], 'collection', behavior)
+      end
+    end
+    def member(verb_or_verbs, &block)
+      raise "Need define group first" if @current_group.nil?
+      group    = @current_group
+      behavior = nil
+      if block
+        behavior = lambda do |user, obj|
+          # 在block定义的binding里，注入user这个变量。
+          old_binding = block.binding
+          old_binding.eval("user=nil;lambda {|v| user = v}").call(user)
+          block.call_with_binding(old_binding, obj)
+        end
+      end
+      if verb_or_verbs.kind_of?(Array)
+        verb_or_verbs.each do |verb|
+          add_resource(group, verb, group[:klass], 'member', behavior)
+        end
+      else
+        add_resource(group, verb_or_verbs, group[:klass], 'member', behavior)
+      end
+    end
+    def add_resource(group, verb, object, type, behavior)
+      name     = "#{verb}_#{object.to_s.underscore}"
+      resource = {
+        name:     name,
+        group:    group,
+        verb:     verb,
+        object:   object,
+        type:     type,
+        behavior: behavior
+      }.with_indifferent_access
+      @resources.keep_if { |i| i[:name] != name }
+      @resources << resource
+    end
+    def find_by_name(name)
+      @resources.find { |r| r[:name] == name }
+    end
+    def grouped_resources
+      @grouped_resources ||= @resources.group_by { |i| i[:group] }
+    end
+    def my_resources
+      @resources
+    end
+    def grouped_resources_with_chinese_desc
+      grouped_resources.tap do |i|
+        i.each do |group, resources|
+          group[:chinese_desc] = begin
+            name = I18n.t("can_play.class_name.#{group[:name].singularize}", default: '')
+            name = group[:klass].model_name.human if name.blank?
+            name
+          end
+          resources.each do |resource|
+            resource[:chinese_desc] = I18n.t("can_play.authority_name.#{group[:name].singularize}.#{resource[:verb]}", default: '').presence || I18n.t("can_play.authority_name.common.#{resource[:verb]}")
+          end
+        end
+        i.rehash
+      end
+    end
+  end
+end

data/lib/generators/can_play/install_generator.rb ADDED Viewed

@@ -0,0 +1,20 @@
+require 'rails/generators/base'
+module CanPlay
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path("../../templates", __FILE__)
+      desc "Creates a can_play initializer and copy locale files to your application."
+      def copy_initializer
+        template "can_play.rb", "config/initializers/can_play.rb"
+      end
+      def copy_locale
+        copy_file "../../../config/locales/zh-Cn.yml", "config/locales/can_play.zh-CN.yml"
+      end
+    end
+  end
+end

data/lib/generators/templates/can_play.rb ADDED Viewed

@@ -0,0 +1,8 @@
+# 在此可设置角色类名称、角色权限中间表等信息。
+CanPlay::Config.setup do |config|
+  config.user_class_name = 'User'
+  config.role_class_name = 'Role'
+  config.role_resources_middle_class_name = 'RoleResource'
+  config.resource_class_name = 'Resource'
+end

metadata ADDED Viewed

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: can_play
+version: !ruby/object:Gem::Version
+  version: 0.1.6
+platform: ruby
+authors:
+- happyming9527
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2015-08-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.12'
+- !ruby/object:Gem::Dependency
+  name: consul
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.12'
+- !ruby/object:Gem::Dependency
+  name: ror_hack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.1'
+description: control user's permissions based on role and resource.
+email:
+- happyming9527@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- can_play.gemspec
+- config/locales/zh-CN.yml
+- lib/can_play.rb
+- lib/can_play/ability.rb
+- lib/can_play/controller.rb
+- lib/can_play/power.rb
+- lib/can_play/version.rb
+- lib/generators/can_play/install_generator.rb
+- lib/generators/templates/can_play.rb
+homepage: https://github.com/happyming9527/can_play
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.6
+signing_key:
+specification_version: 4
+summary: a permission system.
+test_files: []