cancan-permits 0.3.4 → 0.3.5

data/README.markdown

@@ -6,7 +6,12 @@ Role specific Permits for use with [CanCan](http://github.com/ryanb/cancan) perm
 
 See Changelog.txt (Major updates as per Nov 24. 2010)
 
-Nov 28: Added Generators to create individual Permit and License!
+Nov 28: 
+Added Generators to create individual Permit and License!
+
+Nov 29: 
+Added ability to specify YAML files with configurations for Permits, Licenses and even Permissions for individual users.
+Thanks to 'ticktricktrack' for the request and suggestion. (I hope you can use this and move on from here...)
 
 ## Install
 
@@ -49,6 +54,84 @@ Modify the User model in 'models/user.rb' (optional)
   end
 </code>
 
+### Load Permissions from yml files
+
+*Individual user permissions:*
+- config/user_permissions.yml
+
+Each key at the top level is expected to match an email value for an existing user.
+
+Example yml config file:
+<code>
+abc@mail.ru:
+  can:
+    update: [Comment, Fruit, Car, Friendship]        
+    manage: 
+      - Article
+    owns: 
+      - User
+mike.shedlock.com:
+  can:
+    read:
+      - all
+  cannot:
+    update:
+      - Post
+</code>
+
+Usage in a permit
+
+<code>
+class AdminPermit < Permit::Base
+  def initialize(ability, options = {})
+    super
+  end
+
+  def permit?(user, options = {})
+    super
+    return if !role_match? user
+    can :manage, :all          
+    load_rules user
+  end  
+end
+</code>
+
+
+*License permissions:*
+- config/licenses.yml
+
+Each key at the top level is expected to match a license name.
+
+Example yml config file:
+<code>
+blogging:
+  can:
+    manage:
+      - Article
+      - Post
+admin:
+  can:
+    manage:
+      - all
+  cannot:
+    manage:
+      - User  
+</code>
+
+Usage in a license
+
+<code>
+class UserAdminLicense < License::Base
+  def initialize name
+    super
+  end
+
+  def enforce!
+    can(:manage, User)
+    load_rules
+  end  
+</code>
+
 ### User Roles
 
 CanCan permits requires that you have some kind of Role system in place and that User#has_role? uses this Role system.
@@ -94,7 +177,6 @@ Permit example:
     def permit?(user, options = {})    
       super
       return if !role_match? user
-
       can :manage, :all    
     end  
   end

data/VERSION

@@ -1 +1 @@
-0.3.4
+0.3.5

data/cancan-permits.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{cancan-permits}
-  s.version = "0.3.4"
+  s.version = "0.3.5"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Kristian Mandrup"]
-  s.date = %q{2010-11-28}
+  s.date = %q{2010-11-29}
   s.description = %q{Role specific Permits for use with CanCan permission system}
   s.email = %q{kmandrup@gmail.com}
   s.extra_rdoc_files = [
@@ -28,6 +28,9 @@ Gem::Specification.new do |s|
     "development.sqlite3",
     "lib/cancan-permits.rb",
     "lib/cancan-permits/license/base_license.rb",
+    "lib/cancan-permits/loader/permission_config.rb",
+    "lib/cancan-permits/loader/permissions_loader.rb",
+    "lib/cancan-permits/loader/permissions_parser.rb",
     "lib/cancan-permits/main.rb",
     "lib/cancan-permits/namespaces.rb",
     "lib/cancan-permits/permit/base_permit.rb",
@@ -59,6 +62,10 @@ Gem::Specification.new do |s|
     "spec/active_record/owner_permits_spec.rb",
     "spec/active_record/permits_spec.rb",
     "spec/active_record/spec_helper.rb",
+    "spec/cancan-permits/license_loader/license_loader_spec.rb",
+    "spec/cancan-permits/license_loader/licenses.yml",
+    "spec/cancan-permits/user_permissions_loader/user_permissions.yml",
+    "spec/cancan-permits/user_permissions_loader/user_permissions_loader.rb",
     "spec/data_mapper/models/all_models.rb",
     "spec/data_mapper/owner_permits_spec.rb",
     "spec/data_mapper/permits_spec.rb",
@@ -111,6 +118,8 @@ Gem::Specification.new do |s|
     "spec/active_record/owner_permits_spec.rb",
     "spec/active_record/permits_spec.rb",
     "spec/active_record/spec_helper.rb",
+    "spec/cancan-permits/license_loader/license_loader_spec.rb",
+    "spec/cancan-permits/user_permissions_loader/user_permissions_loader.rb",
     "spec/data_mapper/models/all_models.rb",
     "spec/data_mapper/owner_permits_spec.rb",
     "spec/data_mapper/permits_spec.rb",

data/lib/cancan-permits/license/base_license.rb

@@ -1,14 +1,31 @@
+require 'yaml'
+
 module License
   class Base
-    attr_reader :permit
+    attr_reader :permit, :licenses
     
-    def initialize permit
+    def initialize permit, licenses_file = nil
       @permit = permit
+      @licenses = ::PermissionsLoader.load_licenses licenses_file
     end
 
     def enforce!
       raise "enforce! must be implemented by subclass of License::Base"
     end
+
+    def load_rules name = nil
+      return if !licenses || licenses.empty?      
+
+      name ||= self.class.to_s..gsub(/License$/, "").underscore.to_sym
+            
+      licenses[name].can_statement do |permission_statement|
+        instance_eval permission_statement
+      end
+
+      licenses[name].cannot_statement do |permission_statement|
+        instance_eval permission_statement
+      end
+    end
     
     def can(action, subject, conditions = nil, &block)
       permit.can action, subject, conditions, &block

data/lib/cancan-permits/loader/permission_config.rb

@@ -0,0 +1,41 @@
+class PermissionConfig
+  attr_accessor :name, :can, :cannot  
+  
+  def initialize name
+    @name = name
+  end  
+
+  # Should take @can={"manage"=>["all"]}, @cannot={"update"=>["User", "Profile"]}
+  # and create string ready to ruby evaluate like:
+  # can(:manage, :all)
+  # cannot(:update, [User, Profile]) 
+  def can_eval &block
+    statements = [:manage, :read, :update, :create, :write].map do |action|
+      targets = can[action]
+      targets ? "can(:#{action}, #{parse_targets(targets)})" : nil
+    end.compact.join("\n")
+    yield statements if !statements.empty? && block
+  end
+
+  def can_eval &block
+    statements = [:manage, :read, :update, :create, :write].map do |action|
+      targets = cannot[action]
+      targets ? "cannot(:#{action}, #{parse_targets(targets)})" : nil
+    end.compact.join("\n")
+    yield statements if !statements.empty? && block
+  end
+  
+  def parse_targets targets
+    targets.map do |target|
+      if target == 'all'
+        ':all'
+      else
+        begin
+          "#{target.constantize}"
+        rescue
+          puts "[permission] target #{target} does not have a class so it was skipped"
+        end
+      end
+    end
+  end
+end

data/lib/cancan-permits/loader/permissions_loader.rb

@@ -0,0 +1,46 @@
+class PermissionsLoader
+  
+  attr_accessor :permissions
+  
+  def initialize file_name    
+    begin
+      if file_name.nil? || !File.file?(file_name)
+        # raise ArgumentError, "PermissionsLoader Error: The permissions file #{file_name} could not be found" 
+        puts "PermissionsLoader Error: The permissions file #{file_name} could not be found" 
+        return nil
+      end
+
+      yml_content = YAML.load_file(file_name)
+      parser = PermissionsParser.new
+
+      self.permissions ||= {}
+      yml_content.each do |key, value|
+        parser.parse(key, value) do |permission|
+          permissions[permission.name] = permission
+        end
+      end
+    rescue RuntimeError => e    
+      raise "PermissionsLoader Error: The permissions for the file #{file_name} could not be loaded - cause was #{e}"
+    end
+  end
+
+  def self.load_user_permissions name = nil
+    name ||= user_permissions_config_file
+    PermissionsLoader.new name
+  end
+
+  def self.load_licenses name = nil
+    name ||= licenses_config_file
+    PermissionsLoader.new name
+  end
+  
+  def self.user_permissions_config_file
+    # raise '#user_permissions_config_file only works in a Rails app enviroment' if !defined? Rails
+    File.join(::Rails.root, 'config', 'user_permissions.yml') if defined? Rails
+  end
+
+  def self.licenses_config_file
+    # raise '#licenses_config_file only works in a Rails app enviroment' if !defined? Rails
+    File.join(::Rails.root, 'config', 'licenses.yml') if defined? Rails
+  end
+end

data/lib/cancan-permits/loader/permissions_parser.rb

@@ -0,0 +1,25 @@
+class PermissionsParser
+  def initialize
+  end
+
+  def parse(key, obj, &blk)
+    license = ::PermissionConfig.new key
+    case obj
+    when Hash
+      parse_permission(obj, license, &blk)
+    else
+      raise "Each key must have a YAML hash that defines its permission configuration"
+    end
+    yield license if blk
+  end      
+
+  protected
+
+  def parse_permission(obj, license, &blk)
+    # Forget keys because I don't know what to do with them
+    obj.each do |key, value|   
+      raise ArgumentError, "A CanCan license can only have the keys can: and cannot:" if ![:can, :cannot].include?(key.to_sym)
+      license.send :"#{key}=", value
+    end
+  end
+end

data/lib/cancan-permits/main.rb

@@ -1,4 +1,5 @@
 require 'cancan-permits/namespaces'
 require_all File.dirname(__FILE__) + '/permit'
 require_all File.dirname(__FILE__) + '/permits'
-require_all File.dirname(__FILE__) + '/license'
+require_all File.dirname(__FILE__) + '/license'
+require_all File.dirname(__FILE__) + '/loader'

data/lib/cancan-permits/permit/base_permit.rb

@@ -6,6 +6,8 @@ module Permit
     attr_reader :ability
     attr_reader :strategy # this can be used to customize the strategy used by owns to determine ownership, fx to support alternative ORMs 
 
+    attr_reader :user_permissions
+
     def licenses *names
       names.to_strings.each do |name|         
         begin
@@ -22,10 +24,27 @@ module Permit
         end
       end
     end
+
+    def load_rules user 
+      return if !user_permissions || user_permissions.empty?
+      raise "#load_enforcements expects the user to have an email property: #{user.inspect}" if !user || !user.respond_to?(:email) 
+
+      id = user.email
+      return nil if id.strip.empty?
+
+      user_permissions[id].can_statement do |permission_statement|
+        instance_eval permission_statement
+      end
+
+      user_permissions[id].cannot_statement do |permission_statement|
+        instance_eval permission_statement
+      end
+    end
        
     def initialize ability, options = {}
       @ability  = ability
       @strategy = options[:strategy] || Permits::Ability.strategy || :default      
+      @user_permissions = ::PermissionsLoader.load_user_permissions options[:permissions_file]
     end
 
     def permit?(user, options = {}) 

data/spec/cancan-permits/license_loader/license_loader_spec.rb

@@ -0,0 +1,28 @@
+require 'rspec/core'
+require 'cancan-permits' 
+
+DIR = File.dirname(__FILE__) 
+
+describe 'Load License permissions' do
+  before :each do
+    @permissions_file = File.join(DIR, 'licenses.yml')
+  end
+
+  it "should load a licenses permission file" do
+    loader = PermissionsLoader.new @permissions_file
+    # puts "loaded permissions #{loader.permissions}"
+    loader.permissions.should_not be_empty    
+  end 
+  
+  it "should be able to instantiate a base license with permission file" do
+    License::Base.new 'x', @permissions_file
+  end   
+  
+  it "should be able to instantiate a base permit without permission file" do
+    Permit::Base.new 'x'
+  end     
+end
+
+
+
+

data/spec/cancan-permits/license_loader/licenses.yml

@@ -0,0 +1,12 @@
+blogging:
+  can:
+    manage:
+      - Article
+      - Post
+admin:
+  can:
+    manage:
+      - all
+  cannot:
+    manage:
+      - User

data/spec/cancan-permits/user_permissions_loader/user_permissions.yml

@@ -0,0 +1,14 @@
+abc@mail.ru:
+  can:
+    update: [Comment, Fruit, Car, Friendship]        
+    manage: 
+      - Article
+    owns: 
+      - User
+mike.shedlock.com:
+  can:
+    read:
+      - all
+  cannot:
+    update:
+      - Post

data/spec/cancan-permits/user_permissions_loader/user_permissions_loader.rb

@@ -0,0 +1,28 @@
+require 'rspec/core'
+require 'cancan-permits' 
+
+DIR = File.dirname(__FILE__) 
+
+describe 'User Permissions Loader' do
+  before :each do
+    @permissions_file = File.join(DIR, 'user_permissions.yml')
+  end
+
+  it "should load a user permissions file" do
+    loader = PermissionsLoader.new @permissions_file
+    # puts "loaded permissions #{loader.permissions}"
+    loader.permissions.should_not be_empty    
+  end    
+  
+  it "should be able to instantiate a base permit with permission file" do
+    Permit::Base.new 'x', :permissions_file => @permissions_file
+  end   
+
+  it "should be able to instantiate a base permit without permission file" do
+    Permit::Base.new 'x'
+  end     
+end
+
+
+
+

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 3
-  - 4
-  version: 0.3.4
+  - 5
+  version: 0.3.5
 platform: ruby
 authors: 
 - Kristian Mandrup
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-11-28 00:00:00 +01:00
+date: 2010-11-29 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -173,6 +173,9 @@ files:
 - development.sqlite3
 - lib/cancan-permits.rb
 - lib/cancan-permits/license/base_license.rb
+- lib/cancan-permits/loader/permission_config.rb
+- lib/cancan-permits/loader/permissions_loader.rb
+- lib/cancan-permits/loader/permissions_parser.rb
 - lib/cancan-permits/main.rb
 - lib/cancan-permits/namespaces.rb
 - lib/cancan-permits/permit/base_permit.rb
@@ -204,6 +207,10 @@ files:
 - spec/active_record/owner_permits_spec.rb
 - spec/active_record/permits_spec.rb
 - spec/active_record/spec_helper.rb
+- spec/cancan-permits/license_loader/license_loader_spec.rb
+- spec/cancan-permits/license_loader/licenses.yml
+- spec/cancan-permits/user_permissions_loader/user_permissions.yml
+- spec/cancan-permits/user_permissions_loader/user_permissions_loader.rb
 - spec/data_mapper/models/all_models.rb
 - spec/data_mapper/owner_permits_spec.rb
 - spec/data_mapper/permits_spec.rb
@@ -283,6 +290,8 @@ test_files:
 - spec/active_record/owner_permits_spec.rb
 - spec/active_record/permits_spec.rb
 - spec/active_record/spec_helper.rb
+- spec/cancan-permits/license_loader/license_loader_spec.rb
+- spec/cancan-permits/user_permissions_loader/user_permissions_loader.rb
 - spec/data_mapper/models/all_models.rb
 - spec/data_mapper/owner_permits_spec.rb
 - spec/data_mapper/permits_spec.rb