cantango-roles 0.1.0

data/lib/cantango/roles_ext/builder/permit/role.rb

@@ -0,0 +1,35 @@
+module CanTango::Builder
+  module Permit
+    class Role < Base
+      include CanTango::Helpers::Debug
+
+      # builds a list of Permits for each role of the current ability user (or account)
+      # @return [Array<RoleGroupPermit::Base>] the role permits built for this ability
+      def build
+        if roles.empty?
+          debug "Not building any RolePermit"
+          return []
+        end
+        roles.inject([]) do |permits, role|
+          debug "Building RolePermit for #{role}"
+          (permits << create_permit(role)) if valid?(role.to_sym)
+          permits
+        end.compact
+      end
+
+      protected
+
+      def roles
+        ability.respond_to?(:roles) ? ability.roles : []
+      end
+
+      def valid? role
+        filter(role).valid?
+      end
+
+      def filter role
+        CanTango::Filters::RoleFilter.new role
+      end
+    end
+  end
+end

data/lib/cantango/roles_ext/builder/permit/role_group.rb

@@ -0,0 +1,61 @@
+module CanTango::Builder
+  module Permit
+    class RoleGroup < Base
+      include CanTango::Helpers::Debug
+      # builds a list of Permits for each role group of the current ability user (or account)
+      # @return [Array<RoleGroupPermit::Base>] the role group permits built for this ability
+      def build
+        matching_permits = matching_role_groups(roles).inject([]) do |permits, role_group|
+          debug "Building RoleGroupPermit for #{role_group}"
+          (permits << create_permit(role_group)) if valid?(role_group)
+          permits
+        end.compact
+
+        if matching_permits.empty?
+          debug "Not building any RoleGroupPermits since no role groups could be found that are relevant for the permission candidate"
+          return []
+        end
+        matching_permits
+      end
+
+      def name
+        :role_group
+      end
+
+      def valid? role_group
+        return true if !role_groups_filter?
+        filter(role_group).valid?
+      end
+
+      def filter role_group
+        CanTango::Filters::RoleGroupFilter.new role_group
+      end
+
+      private
+
+      def role_groups
+        ability.respond_to?(:role_groups) ? ability.role_groups : []
+      end
+
+      def matching_role_groups roles
+        role_groups | matching_role_groups_for(roles)
+      end
+
+      # will also run role_groups for which any role of the candidate is a member
+      # so if the candidate is a user and the user has a :trustee role and this role is part of the :trust role group,
+      # then the :trust role group permit will be run!
+      # Thus if the candidate has a particular role group or just has a role belonging to that role group, the permit
+      # for that role group will be run
+      def matching_role_groups_for roles
+        roles.inject([]) do |groups, role|
+          groups << subject.role_groups_for(role) if subject.respond_to?(:role_groups_for)
+          groups
+        end.flatten.compact.uniq
+      end
+
+      def role_groups_filter?
+        CanTango.config.role_groups.filter?
+      end
+    end
+  end
+end

data/lib/cantango/roles_ext/configuration.rb

@@ -0,0 +1,13 @@
+module CanTango
+  class Configuration
+    module Registry
+      sweet_scope :ns => {:CanTango => 'cantango/roles_ext'} do     
+        sweetload :Role
+      end
+    end
+
+    sweet_scope :ns => {:CanTango => 'cantango/roles_ext'} do     
+      sweetload :System, :RoleGroups, :Roles
+    end
+  end
+end

data/lib/cantango/roles_ext/configuration/registry/role.rb

@@ -0,0 +1,34 @@
+module CanTango
+  class Configuration
+    module Registry
+      class Role < Base
+        def only *names
+          @onlies = names.select_labels
+        end
+
+        def onlies
+          @onlies ||= []
+        end
+
+        def excluded
+          @excluded ||= []
+        end
+
+        def exclude *names
+          @excluded = names.select_labels
+        end
+
+        def filter?
+          !(excluded + onlies).empty?
+        end
+
+        def clear!
+          super
+          @excluded = []
+          @onlies = []
+        end
+      end
+    end
+  end
+end
+

data/lib/cantango/roles_ext/configuration/role_groups.rb

@@ -0,0 +1,17 @@
+module CanTango
+  class Configuration
+    class RoleGroups < System
+      def system
+        @system ||= :troles
+      end
+      
+      def default_system_apis
+        {
+          :troles => {:list => :role_group_list, :has => :in_role_group?}
+        }
+      end
+    end
+  end
+end
+
+

data/lib/cantango/roles_ext/configuration/roles.rb

@@ -0,0 +1,16 @@
+module CanTango
+  class Configuration
+    class Roles < System
+      def system
+        @system ||= :simple_roles
+      end
+            
+      def default_system_apis
+        {
+          :troles       => {:list => :role_list, :has => :has_role?},
+          :simple_roles => {:list => :roles_list}
+        }
+      end
+    end
+  end
+end

data/lib/cantango/roles_ext/configuration/system.rb

@@ -0,0 +1,43 @@
+module CanTango
+  class Configuration
+    class System < Registry::Role
+      include Singleton
+
+      def system= name
+        raise ArgumentError, "Must be a label" if !name.kind_of_label?
+        @system = name.to_sym
+      end
+
+      def system_apis= system_apis
+        raise ArgumentError, "Must be a hash fx :troles => :role_list, was: #{system_apis}" if !system_apis.kind_of?(Hash)
+        @system_apis = system_apis
+      end
+
+      def system
+        @system ||= default_system
+      end
+
+      def default_system
+        nil
+      end
+
+      def add_systems system_apis
+        raise ArgumentError, "Must be a hash fx :troles => :role_list, was: #{system_apis}" if !system_apis.kind_of?(Hash)
+        self.system_apis.merge! system_apis
+      end
+      alias_method :add_system, :add_systems
+
+      def system_api
+        system_apis[system] || {}
+      end
+      
+      def system_apis
+        @system_apis ||= default_system_apis
+      end
+      
+      def default_system_apis
+        {}
+      end
+    end
+  end
+end

data/lib/cantango/roles_ext/engine.rb

@@ -0,0 +1,7 @@
+module CanTango
+  class Engine
+    if defined? CanTango::Permit
+      sweetload :Permit
+    end
+  end
+end

data/lib/cantango/roles_ext/engine/permits.rb

@@ -0,0 +1,5 @@
+module CanTango::Engine
+  class Permits < Base
+    include CanTango::Ability::Helpers::Role
+  end
+end

data/lib/cantango/roles_ext/filter.rb

@@ -0,0 +1,7 @@
+module CanTango
+  module Filter
+    sweet_scope :ns => {:CanTango => 'cantango/roles_ext'} do     
+      sweetload :Role, :RoleGroup
+    end
+  end
+end

data/lib/cantango/roles_ext/filter/role.rb

@@ -0,0 +1,29 @@
+module CanTango
+  module Filter
+    class Role < Base
+      alias_method :role, :item
+
+      def initialize role, roles = nil
+        super
+      end
+
+      def not_only?
+        !only_roles.empty? && !only_roles.include?(role)
+      end
+
+      def excluded?
+        !excluded_roles.empty? && excluded_roles.include?(role)
+      end
+
+      def only_roles
+        CanTango.config.roles.onlies
+      end
+
+      def excluded_roles
+        CanTango.config.roles.excluded
+      end
+    end
+  end
+end
+
+

data/lib/cantango/roles_ext/filter/role_group.rb

@@ -0,0 +1,28 @@
+module CanTango
+  module Filter
+    class RoleGroup < Base
+      alias_method :role_group, :item
+
+      def initialize role_group, role_groups = nil
+        super      
+      end
+
+      def not_only?
+        !only_role_groups.empty? && !only_role_groups.include?(role_group)
+      end
+
+      def excluded?
+        !excluded_role_groups.empty? && excluded_role_groups.include?(role_group)
+      end
+
+      def only_role_groups
+        CanTango.config.role_groups.onlies
+      end
+
+      def excluded_role_groups
+        CanTango.config.role_groups.excluded
+      end
+    end
+  end
+end
+

data/lib/cantango/roles_ext/helpers.rb

@@ -0,0 +1,7 @@
+module CanTango
+  module Helpers
+    sweet_scope :ns => {:CanTango => 'cantango/roles_ext'} do     
+      sweetload :Role, :RoleGroup
+    end
+  end
+end

data/lib/cantango/roles_ext/helpers/role.rb

@@ -0,0 +1,14 @@
+module CanTango
+  module Helpers
+    module Role
+      def role_method name
+        config.roles.method_names[name]
+      end
+      
+      def config
+        CanTango.config
+      end
+    end
+  end
+end
+

data/lib/cantango/roles_ext/helpers/role_group.rb

@@ -0,0 +1,14 @@
+module CanTango
+  module Helpers
+    module RoleGroup
+      def role_group_method name
+        config.roles_groups.method_names[name]
+      end
+
+      def config
+        CanTango.config
+      end
+    end
+  end
+end
+

data/lib/cantango/roles_ext/permit/helper/role_matcher.rb

@@ -0,0 +1,13 @@
+module CanTango::Permit
+  module Helper
+    module RoleMatcher
+      def role_match? candidate
+        candidate.has_role? permit_name(self.class)
+      end
+
+      def role_group_match? candidate, group_name = nil
+        candidate.is_in_group? permit_name(self.class)
+      end
+    end
+  end
+end

data/lib/cantango/roles_ext/permit/role.rb

@@ -0,0 +1,35 @@
+module CanTango
+  module Permit
+    class Role < Base
+      extend ClassMethods
+
+      # creates the permit
+      # @param [Permits::Ability] the ability
+      # @param [Hash] the options
+      def initialize ability
+        super
+      end
+
+      def valid_for? subject
+        in_role? subject
+      end
+
+      def self.hash_key
+        roles_list_meth
+      end
+
+      protected
+
+      include CanTango::Permit::Helper::RoleMatcher
+
+      include CanTango::Helpers::RoleMethods
+      extend CanTango::Helpers::RoleMethods
+
+      def in_role? subject
+        return subject.send(has_role_meth, role) if subject.respond_to? has_role_meth
+        return subject.send(roles_list_meth).include? role if subject.respond_to? roles_list_meth
+        false
+      end
+    end
+  end
+end

data/lib/cantango/roles_ext/permit/role_group.rb

@@ -0,0 +1,47 @@
+module CanTango
+  module Permit
+    class RoleGroup < Base
+      extend ClassMethods
+
+      def name
+        self.class.permit_name self.class
+      end
+
+      # creates the permit
+      def initialize executor
+        super
+      end
+
+      def execute!
+        super
+      end
+
+      def valid_for? subject
+        in_role_group? subject
+      end
+
+      def self.hash_key
+        role_groups_list_meth
+      end
+
+      protected
+
+      include CanTango::Permit::Helper::RoleMatcher
+
+      include CanTango::Helpers::RoleMethods
+      extend CanTango::Helpers::RoleMethods
+
+      def in_role_group? subject
+        has_role_group?(subject) || role_groups_of(subject).include?(role) 
+      end
+
+      def has_role_group? subject
+        subject.send(has_role_group_meth, role) if subject.respond_to?(has_role_group_meth) 
+      end
+
+      def role_groups_of subject
+        subject.respond_to?(role_groups_list_meth) ? subject.send(role_groups_list_meth) : []
+      end
+    end
+  end
+end