cantango-permits 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.rspec +1 -0
- data/Gemfile +39 -0
- data/Gemfile.lock +155 -0
- data/MIT-LICENSE +20 -0
- data/README.mdown +362 -0
- data/Rakefile +45 -0
- data/VERSION +1 -0
- data/lib/cantango/executor.rb +5 -0
- data/lib/cantango/executor/base.rb +9 -0
- data/lib/cantango/executor/permit.rb +7 -0
- data/lib/cantango/executor/permit/abstract.rb +27 -0
- data/lib/cantango/executor/permit/base.rb +19 -0
- data/lib/cantango/executor/permit/special.rb +9 -0
- data/lib/cantango/executor/permit_type.rb +50 -0
- data/lib/cantango/license.rb +19 -0
- data/lib/cantango/license/rules.rb +17 -0
- data/lib/cantango/permit.mdown +4 -0
- data/lib/cantango/permit.rb +5 -0
- data/lib/cantango/permit/account_type.rb +44 -0
- data/lib/cantango/permit/attribute.rb +71 -0
- data/lib/cantango/permit/base.rb +94 -0
- data/lib/cantango/permit/class_methods.rb +49 -0
- data/lib/cantango/permit/helper.rb +11 -0
- data/lib/cantango/permit/helper/execution.rb +38 -0
- data/lib/cantango/permit/helper/host.rb +13 -0
- data/lib/cantango/permit/helper/license.rb +34 -0
- data/lib/cantango/permit/helper/naming.rb +38 -0
- data/lib/cantango/permit/helper/state.rb +21 -0
- data/lib/cantango/permit/special.rb +17 -0
- data/lib/cantango/permit/user.rb +36 -0
- data/lib/cantango/permit/user_type.rb +34 -0
- data/lib/cantango/permits.rb +20 -0
- data/lib/cantango/permits_ext.rb +7 -0
- data/lib/cantango/permits_ext/ability.rb +7 -0
- data/lib/cantango/permits_ext/ability/helper.rb +9 -0
- data/lib/cantango/permits_ext/ability/helper/permits.rb +8 -0
- data/lib/cantango/permits_ext/builder.rb +7 -0
- data/lib/cantango/permits_ext/builder/permit.rb +9 -0
- data/lib/cantango/permits_ext/builder/permit/account_type.rb +13 -0
- data/lib/cantango/permits_ext/builder/permit/base.rb +94 -0
- data/lib/cantango/permits_ext/builder/permit/special.rb +13 -0
- data/lib/cantango/permits_ext/builder/permit/user_type.rb +7 -0
- data/lib/cantango/permits_ext/class_methods.rb +28 -0
- data/lib/cantango/permits_ext/config.rb +11 -0
- data/lib/cantango/permits_ext/config/engines.rb +9 -0
- data/lib/cantango/permits_ext/config/engines/permit.rb +20 -0
- data/lib/cantango/permits_ext/config/permits.rb +43 -0
- data/lib/cantango/permits_ext/config/permits/accounts.rb +15 -0
- data/lib/cantango/permits_ext/config/permits/disabling.rb +22 -0
- data/lib/cantango/permits_ext/config/permits/enabling.rb +14 -0
- data/lib/cantango/permits_ext/config/permits/execution.rb +21 -0
- data/lib/cantango/permits_ext/config/permits/key.rb +19 -0
- data/lib/cantango/permits_ext/config/permits/registration.rb +33 -0
- data/lib/cantango/permits_ext/config/permits/tracking.rb +19 -0
- data/lib/cantango/permits_ext/config/permits/types.rb +25 -0
- data/lib/cantango/permits_ext/engine.rb +7 -0
- data/lib/cantango/permits_ext/engine/permits.rb +75 -0
- data/lib/cantango/permits_ext/factory.rb +7 -0
- data/lib/cantango/permits_ext/factory/permits.rb +40 -0
- data/lib/cantango/permits_ext/finder.rb +7 -0
- data/lib/cantango/permits_ext/finder/base.rb +35 -0
- data/lib/cantango/permits_ext/finder/permit.rb +7 -0
- data/lib/cantango/permits_ext/finder/permit/account.rb +47 -0
- data/lib/cantango/permits_ext/finder/permit/base.rb +53 -0
- data/lib/cantango/permits_ext/loader.rb +7 -0
- data/lib/cantango/permits_ext/loader/categories.rb +50 -0
- data/lib/cantango/permits_ext/loader/license.rb +19 -0
- data/lib/cantango/permits_ext/macros.rb +7 -0
- data/lib/cantango/permits_ext/macros/permit.rb +32 -0
- data/lib/cantango/permits_ext/parser.rb +7 -0
- data/lib/cantango/permits_ext/parser/categories.rb +15 -0
- data/lib/cantango/permits_ext/registry.rb +7 -0
- data/lib/cantango/permits_ext/registry/permit.rb +45 -0
- data/lib/generators/cantango/account_permit/account_permit_generator.rb +37 -0
- data/lib/generators/cantango/account_permit/templates/account_permit.erb +23 -0
- data/lib/generators/cantango/base.rb +71 -0
- data/lib/generators/cantango/basic.rb +41 -0
- data/lib/generators/cantango/license/license_generator.rb +29 -0
- data/lib/generators/cantango/license/templates/license.erb +10 -0
- data/lib/generators/cantango/license_base.rb +15 -0
- data/lib/generators/cantango/licenses/licenses_generator.rb +26 -0
- data/lib/generators/cantango/permit_generator.rb +58 -0
- data/lib/generators/cantango/role_permit/role_permit_generator.rb +39 -0
- data/lib/generators/cantango/role_permit/templates/account_permit.erb +4 -0
- data/lib/generators/cantango/role_permit/templates/role_group_permit.erb +24 -0
- data/lib/generators/cantango/role_permit/templates/role_permit.erb +23 -0
- data/lib/generators/cantango/role_permits/role_permits_generator.rb +45 -0
- data/lib/generators/cantango/user_permit/templates/account_permit.erb +5 -0
- data/lib/generators/cantango/user_permit/templates/user_permit.erb +23 -0
- data/lib/generators/cantango/user_permit/user_permit_generator.rb +36 -0
- data/lib/tasks/permits_tasks.rake +4 -0
- data/spec/cantango/ability/helper/permits_spec.rb +14 -0
- data/spec/cantango/builder/permit/account_type_spec.rb +25 -0
- data/spec/cantango/builder/permit/base_spec.rb +30 -0
- data/spec/cantango/builder/permit/special_spec.rb +25 -0
- data/spec/cantango/builder/permit/user_type_spec.rb +27 -0
- data/spec/cantango/config/engines/permit_spec.rb +14 -0
- data/spec/cantango/config/engines_spec.rb +142 -0
- data/spec/cantango/config/permit_registry_ex.rb +9 -0
- data/spec/cantango/config/permit_registry_spec.rb +8 -0
- data/spec/cantango/config/permits/accounts_spec.rb +23 -0
- data/spec/cantango/config/permits/disabling_spec.rb +38 -0
- data/spec/cantango/config/permits/enabling_spec.rb +19 -0
- data/spec/cantango/config/permits/execution_spec.rb +27 -0
- data/spec/cantango/config/permits/registration_spec.rb +15 -0
- data/spec/cantango/config/permits/tracking_spec.rb +19 -0
- data/spec/cantango/config/permits/types_spec.rb +27 -0
- data/spec/cantango/config/permits_spec.rb +76 -0
- data/spec/cantango/engine/permit_cached_spec.rb +52 -0
- data/spec/cantango/engine/permit_spec.rb +58 -0
- data/spec/cantango/engine/permit_static_dynamic_spec.rb +65 -0
- data/spec/cantango/executor/custom_permit_spec.rb +65 -0
- data/spec/cantango/executor/more_permit_spec.rb +45 -0
- data/spec/cantango/executor/permit_base_spec.rb +46 -0
- data/spec/cantango/executor/permit_spec.rb +53 -0
- data/spec/cantango/executor/special_permit_spec.rb +36 -0
- data/spec/cantango/factory/permits_spec.rb +70 -0
- data/spec/cantango/finder/account_permit_spec.rb +30 -0
- data/spec/cantango/finder/permit_spec.rb +23 -0
- data/spec/cantango/license/save_license_spec.rb +24 -0
- data/spec/cantango/license_spec.rb +0 -0
- data/spec/cantango/loader/categories_spec.rb +47 -0
- data/spec/cantango/loader/license_spec.rb +7 -0
- data/spec/cantango/macros/permit_spec.rb +38 -0
- data/spec/cantango/parser/categories_spec.rb +19 -0
- data/spec/cantango/permit/account_type_spec.rb +34 -0
- data/spec/cantango/permit/attribute_permit_spec.rb +65 -0
- data/spec/cantango/permit/base_spec.rb +106 -0
- data/spec/cantango/permit/class_methods_spec.rb +34 -0
- data/spec/cantango/permit/helper/execution_spec.rb +54 -0
- data/spec/cantango/permit/helper/host_spec.rb +29 -0
- data/spec/cantango/permit/helper/license_spec.rb +37 -0
- data/spec/cantango/permit/helper/naming_spec.rb +56 -0
- data/spec/cantango/permit/helper/state_spec.rb +24 -0
- data/spec/cantango/permit/special_default_spec.rb +2 -0
- data/spec/cantango/permit/special_first_spec.rb +2 -0
- data/spec/cantango/permit/user_type_spec.rb +78 -0
- data/spec/cantango/registry/permit_spec.rb +67 -0
- data/spec/fixtures/config/cantango_permissions.yml +49 -0
- data/spec/fixtures/config/categories.yml +6 -0
- data/spec/fixtures/config/evaluator_fixtures.yml +18 -0
- data/spec/fixtures/config/licenses.yml +4 -0
- data/spec/fixtures/config/permissions.yml +60 -0
- data/spec/fixtures/config/role_group.yml +4 -0
- data/spec/fixtures/config/roles.yml +4 -0
- data/spec/fixtures/config/test_permissions.yml +55 -0
- data/spec/fixtures/config/user_permissions.yml +8 -0
- data/spec/fixtures/models.rb +15 -0
- data/spec/fixtures/models/admin.rb +2 -0
- data/spec/fixtures/models/admin_account.rb +22 -0
- data/spec/fixtures/models/items.rb +11 -0
- data/spec/fixtures/models/permission.rb +12 -0
- data/spec/fixtures/models/simple_roles.rb +49 -0
- data/spec/fixtures/models/user.rb +52 -0
- data/spec/fixtures/models/user_account.rb +21 -0
- data/spec/fixtures/tango_fixtures.rb +29 -0
- data/spec/generators/cantango/account_role_permit_generator_spec.rb +35 -0
- data/spec/generators/cantango/account_role_permits_generator_spec.rb +59 -0
- data/spec/generators/cantango/license_generator_spec.rb +33 -0
- data/spec/generators/cantango/licenses_generator_spec.rb +58 -0
- data/spec/generators/cantango/role_permit_generator_spec.rb +35 -0
- data/spec/generators/cantango/role_permits_generator_spec.rb +58 -0
- data/spec/helpers/current_user_accounts.rb +20 -0
- data/spec/helpers/current_users.rb +10 -0
- data/spec/spec_helper.rb +24 -0
- metadata +325 -0
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color --format nested
|
data/Gemfile
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
source :rubygems
|
2
|
+
|
3
|
+
group :default do
|
4
|
+
gem 'rails', '>= 3.1'
|
5
|
+
gem 'sugar-high', '>= 0.6.1'
|
6
|
+
gem 'sweetloader', '>= 0.1.6'
|
7
|
+
gem 'hashie', '>= 1.2.0'
|
8
|
+
|
9
|
+
gem 'cantango-config', '~> 0.2.0'
|
10
|
+
gem 'cantango-api', '>= 0.1.3'
|
11
|
+
end
|
12
|
+
|
13
|
+
group :development do
|
14
|
+
gem "bundler", ">= 1.1.rc"
|
15
|
+
gem "jeweler", ">= 1.6.4"
|
16
|
+
gem "rcov", ">= 0"
|
17
|
+
end
|
18
|
+
|
19
|
+
group :test do
|
20
|
+
gem 'require_all', '~> 1.2.0'
|
21
|
+
|
22
|
+
# gem 'cantango-roles' #, :path => '/Users/kmandrup/pr/stanislaw/cantango-roles'
|
23
|
+
|
24
|
+
gem 'forgery'
|
25
|
+
gem 'sqlite3'
|
26
|
+
# Data
|
27
|
+
gem 'database_cleaner'
|
28
|
+
gem 'factory_girl'
|
29
|
+
|
30
|
+
# Specs
|
31
|
+
gem 'spork'
|
32
|
+
|
33
|
+
# Debug and performance tests
|
34
|
+
gem 'cutter'
|
35
|
+
end
|
36
|
+
|
37
|
+
group :test, :development do
|
38
|
+
gem "rspec", ">= 2.6.0"
|
39
|
+
end
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,155 @@
|
|
1
|
+
GEM
|
2
|
+
remote: http://rubygems.org/
|
3
|
+
specs:
|
4
|
+
actionmailer (3.1.3)
|
5
|
+
actionpack (= 3.1.3)
|
6
|
+
mail (~> 2.3.0)
|
7
|
+
actionpack (3.1.3)
|
8
|
+
activemodel (= 3.1.3)
|
9
|
+
activesupport (= 3.1.3)
|
10
|
+
builder (~> 3.0.0)
|
11
|
+
erubis (~> 2.7.0)
|
12
|
+
i18n (~> 0.6)
|
13
|
+
rack (~> 1.3.5)
|
14
|
+
rack-cache (~> 1.1)
|
15
|
+
rack-mount (~> 0.8.2)
|
16
|
+
rack-test (~> 0.6.1)
|
17
|
+
sprockets (~> 2.0.3)
|
18
|
+
activemodel (3.1.3)
|
19
|
+
activesupport (= 3.1.3)
|
20
|
+
builder (~> 3.0.0)
|
21
|
+
i18n (~> 0.6)
|
22
|
+
activerecord (3.1.3)
|
23
|
+
activemodel (= 3.1.3)
|
24
|
+
activesupport (= 3.1.3)
|
25
|
+
arel (~> 2.2.1)
|
26
|
+
tzinfo (~> 0.3.29)
|
27
|
+
activeresource (3.1.3)
|
28
|
+
activemodel (= 3.1.3)
|
29
|
+
activesupport (= 3.1.3)
|
30
|
+
activesupport (3.1.3)
|
31
|
+
multi_json (~> 1.0)
|
32
|
+
arel (2.2.1)
|
33
|
+
builder (3.0.0)
|
34
|
+
cancan (1.6.7)
|
35
|
+
cantango-api (0.1.3)
|
36
|
+
cantango-config (>= 0.1.9.2)
|
37
|
+
cantango-core (>= 0.1.9.3)
|
38
|
+
hashie (~> 1.2)
|
39
|
+
rails (>= 3.1)
|
40
|
+
sugar-high (~> 0.6.2)
|
41
|
+
sweetloader (~> 0.1.6)
|
42
|
+
cantango-config (0.2.1)
|
43
|
+
cantango-core (~> 0.1.9)
|
44
|
+
hashie (~> 1.2)
|
45
|
+
rails (>= 3.1)
|
46
|
+
sugar-high (>= 0.6.1)
|
47
|
+
sweetloader (~> 0.1.6)
|
48
|
+
cantango-core (0.1.9.3)
|
49
|
+
cancan (>= 1.4)
|
50
|
+
hashie (~> 1.2)
|
51
|
+
rails (>= 3.0.1)
|
52
|
+
sugar-high (>= 0.6.0)
|
53
|
+
sweetloader (~> 0.1.5)
|
54
|
+
colorize (0.5.8)
|
55
|
+
cutter (0.8.2)
|
56
|
+
activesupport (>= 2.3.5)
|
57
|
+
colorize (>= 0.5)
|
58
|
+
database_cleaner (0.7.0)
|
59
|
+
diff-lcs (1.1.3)
|
60
|
+
erubis (2.7.0)
|
61
|
+
factory_girl (2.3.2)
|
62
|
+
activesupport
|
63
|
+
forgery (0.5.0)
|
64
|
+
git (1.2.5)
|
65
|
+
hashie (1.2.0)
|
66
|
+
hike (1.2.1)
|
67
|
+
i18n (0.6.0)
|
68
|
+
jeweler (1.6.4)
|
69
|
+
bundler (~> 1.0)
|
70
|
+
git (>= 1.2.5)
|
71
|
+
rake
|
72
|
+
json (1.6.3)
|
73
|
+
mail (2.3.0)
|
74
|
+
i18n (>= 0.4.0)
|
75
|
+
mime-types (~> 1.16)
|
76
|
+
treetop (~> 1.4.8)
|
77
|
+
mime-types (1.17.2)
|
78
|
+
multi_json (1.0.4)
|
79
|
+
polyglot (0.3.3)
|
80
|
+
rack (1.3.5)
|
81
|
+
rack-cache (1.1)
|
82
|
+
rack (>= 0.4)
|
83
|
+
rack-mount (0.8.3)
|
84
|
+
rack (>= 1.0.0)
|
85
|
+
rack-ssl (1.3.2)
|
86
|
+
rack
|
87
|
+
rack-test (0.6.1)
|
88
|
+
rack (>= 1.0)
|
89
|
+
rails (3.1.3)
|
90
|
+
actionmailer (= 3.1.3)
|
91
|
+
actionpack (= 3.1.3)
|
92
|
+
activerecord (= 3.1.3)
|
93
|
+
activeresource (= 3.1.3)
|
94
|
+
activesupport (= 3.1.3)
|
95
|
+
bundler (~> 1.0)
|
96
|
+
railties (= 3.1.3)
|
97
|
+
railties (3.1.3)
|
98
|
+
actionpack (= 3.1.3)
|
99
|
+
activesupport (= 3.1.3)
|
100
|
+
rack-ssl (~> 1.3.2)
|
101
|
+
rake (>= 0.8.7)
|
102
|
+
rdoc (~> 3.4)
|
103
|
+
thor (~> 0.14.6)
|
104
|
+
rake (0.9.2.2)
|
105
|
+
rcov (0.9.11)
|
106
|
+
rdoc (3.12)
|
107
|
+
json (~> 1.4)
|
108
|
+
require_all (1.2.0)
|
109
|
+
rspec (2.7.0)
|
110
|
+
rspec-core (~> 2.7.0)
|
111
|
+
rspec-expectations (~> 2.7.0)
|
112
|
+
rspec-mocks (~> 2.7.0)
|
113
|
+
rspec-core (2.7.1)
|
114
|
+
rspec-expectations (2.7.0)
|
115
|
+
diff-lcs (~> 1.1.2)
|
116
|
+
rspec-mocks (2.7.0)
|
117
|
+
spork (0.8.5)
|
118
|
+
sprockets (2.0.3)
|
119
|
+
hike (~> 1.2)
|
120
|
+
rack (~> 1.0)
|
121
|
+
tilt (~> 1.1, != 1.3.0)
|
122
|
+
sqlite3 (1.3.5)
|
123
|
+
sugar-high (0.6.2.1)
|
124
|
+
activesupport (>= 3.0.1)
|
125
|
+
sweetloader (0.1.6)
|
126
|
+
activesupport (>= 3.0.1)
|
127
|
+
i18n
|
128
|
+
thor (0.14.6)
|
129
|
+
tilt (1.3.3)
|
130
|
+
treetop (1.4.10)
|
131
|
+
polyglot
|
132
|
+
polyglot (>= 0.3.1)
|
133
|
+
tzinfo (0.3.31)
|
134
|
+
|
135
|
+
PLATFORMS
|
136
|
+
ruby
|
137
|
+
|
138
|
+
DEPENDENCIES
|
139
|
+
bundler (>= 1.1.rc)
|
140
|
+
cantango-api (>= 0.1.3)
|
141
|
+
cantango-config (~> 0.2.0)
|
142
|
+
cutter
|
143
|
+
database_cleaner
|
144
|
+
factory_girl
|
145
|
+
forgery
|
146
|
+
hashie (>= 1.2.0)
|
147
|
+
jeweler (>= 1.6.4)
|
148
|
+
rails (>= 3.1)
|
149
|
+
rcov
|
150
|
+
require_all (~> 1.2.0)
|
151
|
+
rspec (>= 2.6.0)
|
152
|
+
spork
|
153
|
+
sqlite3
|
154
|
+
sugar-high (>= 0.6.1)
|
155
|
+
sweetloader (>= 0.1.6)
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2011 YOURNAME
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.mdown
ADDED
@@ -0,0 +1,362 @@
|
|
1
|
+
# CanTango Permits
|
2
|
+
|
3
|
+
The Permit system for [CanTango](https://github.com/kristianmandrup/cantango).
|
4
|
+
|
5
|
+
Permits are a way to partition Ability rules into logical units.
|
6
|
+
|
7
|
+
*CanTango Permits* includes:
|
8
|
+
|
9
|
+
* a basic set of useful permits
|
10
|
+
* a permit engine to execute the permits
|
11
|
+
|
12
|
+
The Permits systems comes with a few useful Permit types out-of-the-box, but you are free to develop your own to suit your needs.
|
13
|
+
|
14
|
+
## Built-in permit types
|
15
|
+
|
16
|
+
The set of buit-in Permit types include:
|
17
|
+
|
18
|
+
* User
|
19
|
+
* UserType
|
20
|
+
* AccountType
|
21
|
+
* Special
|
22
|
+
|
23
|
+
The [CanTango roles](http://github.com/kristianmandrup/cantango-roles) system adds Permit types for the following:
|
24
|
+
|
25
|
+
* Role
|
26
|
+
* RoleGroup
|
27
|
+
|
28
|
+
## Custom permit types
|
29
|
+
|
30
|
+
You can easily customize or create your own types of Permits to suit your needs!
|
31
|
+
The Permit system will introspect the ability candidate and see which Permits apply and then build and execute these permits automatically, merging all the resulting rule sets into one.
|
32
|
+
The simplest way to create a custom permit types is to subclass the Attribute permit as shown below.
|
33
|
+
To create more complex permit types that go beyond mapping to an attribute, please look at the code of any of the built-in permits (such as Attribute Permit) to gain an insight for how to do this.
|
34
|
+
|
35
|
+
Example of a custom permit type:
|
36
|
+
|
37
|
+
```ruby
|
38
|
+
class MembershipPermit < CanTango::Permit::Attribute
|
39
|
+
class Builder < CanTango::Permit::Attribute::Builder
|
40
|
+
attribute :membership
|
41
|
+
end
|
42
|
+
|
43
|
+
def self.inherited(base_clazz)
|
44
|
+
register base_clazz, :name => attribute_name(base_clazz)
|
45
|
+
end
|
46
|
+
|
47
|
+
# optional override of inference of attribute via class name
|
48
|
+
attribute :membership
|
49
|
+
end
|
50
|
+
```
|
51
|
+
|
52
|
+
## Permit system
|
53
|
+
|
54
|
+
The permit system iterates over all the registered types of permits and executes all registered permits of each type. The result is a set of Ability rules that work with the [CanCan](http://github.com/ryanb/cancan) Ability mechanism.
|
55
|
+
|
56
|
+
## Defining Permits and Licenses in your app
|
57
|
+
|
58
|
+
The `app/permits` folder will be added to Rails autoloading.
|
59
|
+
The directory layout should be the following:
|
60
|
+
|
61
|
+
```text
|
62
|
+
- /app
|
63
|
+
- /permits
|
64
|
+
- /permit
|
65
|
+
- /role
|
66
|
+
- editor.rb
|
67
|
+
- /role_group
|
68
|
+
- editors.rb
|
69
|
+
- /user_type
|
70
|
+
- admin.rb
|
71
|
+
-/admin (account)
|
72
|
+
- /role
|
73
|
+
- editor.rb
|
74
|
+
```
|
75
|
+
|
76
|
+
Default _:editor_ Role permit (scope less):
|
77
|
+
|
78
|
+
```ruby
|
79
|
+
module Permit::Role
|
80
|
+
class Editor < CanTango::Permit::Role
|
81
|
+
def calc_rules
|
82
|
+
can :edit, Post
|
83
|
+
end
|
84
|
+
|
85
|
+
module Cache
|
86
|
+
def calc_rules
|
87
|
+
can :edit, Post
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
```
|
93
|
+
|
94
|
+
The _:editor_ Role permit applicable for the Admin scope. Typically the scope is linked to the account (but doesn't have to be).
|
95
|
+
|
96
|
+
```ruby
|
97
|
+
module Permit::Admin::Role
|
98
|
+
class Editor < CanTango::Permit::Role
|
99
|
+
def calc_rules
|
100
|
+
can :edit, Post if session[:edit_mode]
|
101
|
+
end
|
102
|
+
|
103
|
+
modes :no_cache
|
104
|
+
end
|
105
|
+
end
|
106
|
+
```
|
107
|
+
|
108
|
+
Here the `#modes` macro is used to indicate that this Permit should only be executed for the `:no_cache` mode.
|
109
|
+
|
110
|
+
Another option is fx to wrap the Permit class inside the Account class namespace like this:
|
111
|
+
|
112
|
+
```text
|
113
|
+
- /app
|
114
|
+
- /models
|
115
|
+
- /admin_account
|
116
|
+
- editor_role_permit.rb
|
117
|
+
- admin_account.rb
|
118
|
+
```
|
119
|
+
|
120
|
+
```ruby
|
121
|
+
class AdminAccount < ActiveRecord::Base
|
122
|
+
class EditorRolePermit < CanTango::Permit::Role
|
123
|
+
tango_permit :name => :editor, :type => :role, :ns => :admin
|
124
|
+
|
125
|
+
def calc_rules
|
126
|
+
can :edit, Post if session[:edit_mode]
|
127
|
+
end
|
128
|
+
|
129
|
+
modes :no_cache
|
130
|
+
end
|
131
|
+
end
|
132
|
+
```
|
133
|
+
|
134
|
+
By default this is not supported out-of-the-box, hence you have to use the `#tango_permit` macro to tell CanTango exactly how to understand this custom class namespace layout.
|
135
|
+
|
136
|
+
Note: This is NOT a recommended approach.
|
137
|
+
|
138
|
+
### Licenses
|
139
|
+
|
140
|
+
Licenses have their own namespace folder `license` inside the `app/permits` folder. The default (scope less) licenses are placed directly in the `license` folder.
|
141
|
+
|
142
|
+
```text
|
143
|
+
- /app
|
144
|
+
- /permits
|
145
|
+
- /license
|
146
|
+
- blogging.rb
|
147
|
+
- /admin
|
148
|
+
- blogging.rb
|
149
|
+
```
|
150
|
+
|
151
|
+
Default _:blogging_ License (scope less):
|
152
|
+
|
153
|
+
```ruby
|
154
|
+
module License
|
155
|
+
class Blogging < CanTango::License
|
156
|
+
module Cache
|
157
|
+
def calc_rules
|
158
|
+
can [:create, :edit], Post
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
module NoCache
|
163
|
+
def calc_rules
|
164
|
+
can :publish, Post if session[:publishing] == :on
|
165
|
+
end
|
166
|
+
end
|
167
|
+
end
|
168
|
+
end
|
169
|
+
```
|
170
|
+
|
171
|
+
The _:editor_ License applicable for the Admin scope. Typically the scope is linked to the account (but doesn't have to be).
|
172
|
+
|
173
|
+
```ruby
|
174
|
+
module License::Admin
|
175
|
+
class Blogging < CanTango::License
|
176
|
+
def calc_rules
|
177
|
+
can :edit, Post
|
178
|
+
end
|
179
|
+
|
180
|
+
modes :all
|
181
|
+
end
|
182
|
+
end
|
183
|
+
```
|
184
|
+
|
185
|
+
|
186
|
+
## Install 'cantango-permits' gem
|
187
|
+
|
188
|
+
`gem install cantango-permits`
|
189
|
+
|
190
|
+
Or insert into Gemfile
|
191
|
+
|
192
|
+
`gem 'cantango-permits'`
|
193
|
+
|
194
|
+
Run bundler in a terminal/console from the folder of your Gemfile (root folder of app)
|
195
|
+
|
196
|
+
`$ bundle`
|
197
|
+
|
198
|
+
## Usage
|
199
|
+
|
200
|
+
```ruby
|
201
|
+
require 'cantango/permits'
|
202
|
+
require 'cantango/permit_engine'
|
203
|
+
```
|
204
|
+
|
205
|
+
## Configuration
|
206
|
+
|
207
|
+
Turn on/off: Enable and disable types of permits and specific permits
|
208
|
+
|
209
|
+
```ruby
|
210
|
+
CanTango.config.permits do |permits|
|
211
|
+
# which types of permits to enable
|
212
|
+
permits.types.enable :user_type, :account_type
|
213
|
+
|
214
|
+
permits.enable_all_for :account_type
|
215
|
+
permits.types.disable :user_type, :account_type
|
216
|
+
permits.disable_for :user_type, :admin, :editor
|
217
|
+
end
|
218
|
+
```
|
219
|
+
|
220
|
+
Registration: Which permits have been registered (and for which types)
|
221
|
+
|
222
|
+
```ruby
|
223
|
+
CanTango.config.permits do |permits|
|
224
|
+
permits.registry_for :account_type # Registry for :account_type permits
|
225
|
+
permits.registered_for :account_type # names of AccountType permits
|
226
|
+
permits.all
|
227
|
+
permits.show_all
|
228
|
+
end
|
229
|
+
```
|
230
|
+
|
231
|
+
Debug: Which permits allowed/denied specific actions for specific candidates to be taken
|
232
|
+
|
233
|
+
```ruby
|
234
|
+
CanTango.config.permits do |permits|
|
235
|
+
permits.allowed candidate, actions, subjects, *extra_args
|
236
|
+
permits.denied candidate, actions, subjects, *extra_args
|
237
|
+
end
|
238
|
+
```
|
239
|
+
|
240
|
+
### Permits Engine
|
241
|
+
|
242
|
+
The Permits engine can be configured as any other CanTango Engine:
|
243
|
+
Use the `on!` and `off!` methods to enable to disable use of the engine.
|
244
|
+
Use the `mode=` to set the execution mode.
|
245
|
+
|
246
|
+
```ruby
|
247
|
+
CanTango.config.engine(:permits) do |engine|
|
248
|
+
# toggle engine on/off
|
249
|
+
engine.on!
|
250
|
+
engine.on?
|
251
|
+
engine.off!
|
252
|
+
engine.modes.valid # => [:cache, :no_cache, :both]
|
253
|
+
|
254
|
+
# set execution modes
|
255
|
+
engine.modes.register :cache, :no_cache
|
256
|
+
engine.modes.registered # => [:cache, :no_cache]
|
257
|
+
end
|
258
|
+
```
|
259
|
+
|
260
|
+
## Permits finder
|
261
|
+
|
262
|
+
Will look up a particular registered Permit in the Permit registry (see Configuration).
|
263
|
+
Permits are registered automatically by an inheritance hook. If you want to override this, you need
|
264
|
+
to register your class directly (manually) with the the permits registry.
|
265
|
+
|
266
|
+
```ruby
|
267
|
+
module CanTango::Finder::Permit
|
268
|
+
class Base
|
269
|
+
def initialize name, type
|
270
|
+
@name, @type = [name, type]
|
271
|
+
end
|
272
|
+
end
|
273
|
+
end
|
274
|
+
```
|
275
|
+
|
276
|
+
## Permits Factory
|
277
|
+
|
278
|
+
Builds and returns a list of all enabled permits of a specific type
|
279
|
+
|
280
|
+
```ruby
|
281
|
+
module CanTango::Factory
|
282
|
+
class Permits
|
283
|
+
def initialize ability
|
284
|
+
@ability = ability
|
285
|
+
end
|
286
|
+
|
287
|
+
# @return Array<Permit>
|
288
|
+
def create
|
289
|
+
permits.build
|
290
|
+
end
|
291
|
+
end
|
292
|
+
end
|
293
|
+
```
|
294
|
+
|
295
|
+
## Categories
|
296
|
+
|
297
|
+
Categories are loaded from a Yaml file (by default `categories.yaml`). The loader `CanTango::Loader::Categories` is based on the `CanTango::Loader::Yaml` from _cantango-core_.
|
298
|
+
The parser `CanTango::Parser::Categories` parses the yaml into a hash referencing constants (models).
|
299
|
+
|
300
|
+
## Macros
|
301
|
+
|
302
|
+
The macro `#tango_permit` can be used to attempt to register a Permit class with the Permits registry based on naming conventions and options passed in.
|
303
|
+
|
304
|
+
```ruby
|
305
|
+
class MySuperPermit < CanTango::Permit::Base
|
306
|
+
tango_permit :name => :super, :type => :user_type, :account => :admin
|
307
|
+
|
308
|
+
# the internals
|
309
|
+
end
|
310
|
+
```
|
311
|
+
|
312
|
+
## Engine
|
313
|
+
|
314
|
+
```ruby
|
315
|
+
module CanTango::Engine
|
316
|
+
class Permits
|
317
|
+
def initialize ability
|
318
|
+
super
|
319
|
+
end
|
320
|
+
|
321
|
+
def calc_rules
|
322
|
+
# push result of each permit type execution into main ability rules array
|
323
|
+
permits.each_pair do |type, permits|
|
324
|
+
perm_rules = executor(type, permits).execute!
|
325
|
+
rules << perm_rules if !perm_rules.blank?
|
326
|
+
end
|
327
|
+
end
|
328
|
+
|
329
|
+
def executor type, permits
|
330
|
+
CanTango::Ability::Executor::PermitType.new self, type, permits(type)
|
331
|
+
end
|
332
|
+
|
333
|
+
def permits type
|
334
|
+
@permits ||= permits_factory(type).build!
|
335
|
+
end
|
336
|
+
|
337
|
+
def permits_factory type
|
338
|
+
@permits_factory ||= CanTango::Factory::Permits.new self, type
|
339
|
+
end
|
340
|
+
end
|
341
|
+
end
|
342
|
+
```
|
343
|
+
|
344
|
+
## Design goals
|
345
|
+
|
346
|
+
This CanTango extension should have the least amount of dependencies on other extensions.
|
347
|
+
|
348
|
+
## Contributing to Cantango Permits
|
349
|
+
|
350
|
+
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
|
351
|
+
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
|
352
|
+
* Fork the project
|
353
|
+
* Start a feature/bugfix branch
|
354
|
+
* Commit and push until you are happy with your contribution
|
355
|
+
* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
|
356
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
|
357
|
+
|
358
|
+
## Copyright
|
359
|
+
|
360
|
+
Copyright (c) 2011 Kristian Mandrup. See LICENSE.txt for
|
361
|
+
further details.
|
362
|
+
|