cantango 0.8.0 → 0.8.5.1
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +32 -19
- data/README.textile +79 -131
- data/VERSION +1 -1
- data/cantango.gemspec +94 -61
- data/lib/cantango.rb +4 -6
- data/lib/cantango/ability.rb +28 -17
- data/lib/cantango/ability/cache.rb +30 -60
- data/lib/cantango/ability/cache/base_cache.rb +1 -1
- data/lib/cantango/ability/cache/key.rb +39 -0
- data/lib/cantango/ability/cache/kompiler.rb +22 -6
- data/lib/cantango/ability/cache/moneta_cache.rb +1 -1
- data/lib/cantango/ability/cache/reader.rb +32 -0
- data/lib/cantango/ability/cache/rules_cache.rb +31 -0
- data/lib/cantango/ability/cache/session_cache.rb +3 -2
- data/lib/cantango/ability/cache/writer.rb +42 -0
- data/lib/cantango/ability/cache_helpers.rb +28 -0
- data/lib/cantango/ability/masquerade_helpers.rb +7 -2
- data/lib/cantango/ability/permission_helpers.rb +0 -8
- data/lib/cantango/ability/permit_helpers.rb +0 -17
- data/lib/cantango/ability/role_helpers.rb +0 -2
- data/lib/cantango/ability/user_helpers.rb +1 -0
- data/lib/cantango/adapter/compiler.rb +9 -0
- data/lib/cantango/adapter/moneta.rb +23 -0
- data/lib/cantango/api.rb +1 -1
- data/lib/cantango/api/aliases.rb +4 -8
- data/lib/cantango/api/attributes.rb +17 -0
- data/lib/cantango/api/common.rb +6 -0
- data/lib/cantango/api/options.rb +9 -5
- data/lib/cantango/cache.rb +1 -1
- data/lib/cantango/cache/hash_cache.rb +34 -0
- data/lib/cantango/configuration.rb +13 -8
- data/lib/cantango/configuration/adapters.rb +25 -0
- data/lib/cantango/configuration/categories.rb +3 -1
- data/lib/cantango/configuration/engines.rb +83 -11
- data/lib/cantango/configuration/engines/cache.rb +12 -1
- data/lib/cantango/configuration/engines/engine.rb +5 -5
- data/lib/cantango/configuration/engines/permission.rb +1 -1
- data/lib/cantango/configuration/permit_registry.rb +17 -0
- data/lib/cantango/configuration/permits.rb +29 -0
- data/lib/cantango/configuration/registry.rb +5 -2
- data/lib/cantango/configuration/role_groups.rb +3 -0
- data/lib/cantango/configuration/role_registry.rb +4 -0
- data/lib/cantango/configuration/roles.rb +2 -0
- data/lib/cantango/configuration/user_accounts.rb +1 -0
- data/lib/cantango/configuration/users.rb +1 -0
- data/lib/cantango/engine.rb +13 -0
- data/lib/cantango/filters.rb +5 -0
- data/lib/cantango/filters/filter.rb +34 -0
- data/lib/cantango/filters/role_filter.rb +29 -0
- data/lib/cantango/filters/role_group_filter.rb +28 -0
- data/lib/cantango/permission_engine.rb +26 -1
- data/lib/cantango/permission_engine/collector.rb +7 -2
- data/lib/cantango/permission_engine/compiler.rb +8 -1
- data/lib/cantango/permission_engine/evaluator.rb +2 -2
- data/lib/cantango/permission_engine/factory.rb +8 -12
- data/lib/cantango/permission_engine/loader.rb +1 -1
- data/lib/cantango/permission_engine/loader/base.rb +1 -1
- data/lib/cantango/permission_engine/loader/categories.rb +3 -3
- data/lib/cantango/permission_engine/loader/permissions.rb +8 -5
- data/lib/cantango/permission_engine/moneta_store.rb +2 -2
- data/lib/cantango/permission_engine/parser.rb +1 -1
- data/lib/cantango/permission_engine/parser/categories.rb +1 -1
- data/lib/cantango/permission_engine/parser/category.rb +1 -1
- data/lib/cantango/permission_engine/parser/default.rb +1 -2
- data/lib/cantango/permission_engine/parser/ownership.rb +1 -1
- data/lib/cantango/permission_engine/parser/permissions.rb +1 -1
- data/lib/cantango/permission_engine/parser/regex.rb +2 -2
- data/lib/cantango/permission_engine/parser/relationship.rb +1 -1
- data/lib/cantango/permission_engine/parser/rule.rb +1 -1
- data/lib/cantango/permission_engine/permission.rb +2 -2
- data/lib/cantango/permission_engine/selector.rb +3 -3
- data/lib/cantango/permission_engine/selector/account_types.rb +24 -0
- data/lib/cantango/permission_engine/selector/base.rb +3 -3
- data/lib/cantango/permission_engine/selector/licenses.rb +2 -2
- data/lib/cantango/permission_engine/selector/role_groups.rb +7 -6
- data/lib/cantango/permission_engine/selector/roles.rb +10 -6
- data/lib/cantango/permission_engine/selector/user_types.rb +23 -0
- data/lib/cantango/permission_engine/selector/users.rb +2 -2
- data/lib/cantango/permission_engine/statement.rb +10 -9
- data/lib/cantango/permission_engine/statements.rb +27 -25
- data/lib/cantango/permission_engine/store.rb +1 -1
- data/lib/cantango/permission_engine/yaml_store.rb +2 -2
- data/lib/cantango/permit_engine.rb +29 -4
- data/lib/cantango/permit_engine/builder.rb +2 -3
- data/lib/cantango/permit_engine/builder/base.rb +9 -1
- data/lib/cantango/permit_engine/builder/special_permits.rb +7 -8
- data/lib/cantango/permit_engine/compatibility.rb +1 -1
- data/lib/cantango/permit_engine/executor.rb +1 -1
- data/lib/cantango/permit_engine/executor/abstract.rb +1 -1
- data/lib/cantango/permit_engine/executor/base.rb +1 -1
- data/lib/cantango/permit_engine/executor/system.rb +1 -1
- data/lib/cantango/permit_engine/factory.rb +2 -7
- data/lib/cantango/permit_engine/finder.rb +43 -9
- data/lib/cantango/permit_engine/role_matcher.rb +1 -1
- data/lib/cantango/permit_engine/util.rb +2 -1
- data/lib/cantango/permits.rb +9 -0
- data/lib/cantango/{permit_engine → permits}/account_permit.rb +15 -4
- data/lib/cantango/{permit_engine → permits}/account_permit/builder.rb +2 -6
- data/lib/cantango/{permit_engine → permits}/account_permit/finder.rb +2 -2
- data/lib/cantango/{permit_engine → permits}/license.rb +1 -1
- data/lib/cantango/{permit_engine → permits}/license/loader.rb +1 -1
- data/lib/cantango/{permit_engine → permits}/license/rules.rb +1 -1
- data/lib/cantango/permits/macros.rb +19 -0
- data/lib/cantango/{permit_engine → permits}/permit.rb +13 -1
- data/lib/cantango/{permit_engine → permits}/role_group_permit.rb +15 -3
- data/lib/cantango/{permit_engine → permits}/role_group_permit/builder.rb +10 -22
- data/lib/cantango/{permit_engine → permits}/role_group_permit/finder.rb +2 -2
- data/lib/cantango/{permit_engine → permits}/role_permit.rb +15 -3
- data/lib/cantango/permits/role_permit/builder.rb +27 -0
- data/lib/cantango/{permit_engine → permits}/role_permit/finder.rb +2 -2
- data/lib/cantango/{permit_engine → permits}/user_permit.rb +15 -3
- data/lib/cantango/{permit_engine → permits}/user_permit/builder.rb +2 -6
- data/lib/cantango/{permit_engine → permits}/user_permit/finder.rb +2 -2
- data/lib/cantango/rails.rb +3 -1
- data/lib/cantango/rails/engine.rb +11 -6
- data/lib/cantango/rails/helpers/base_helper.rb +28 -0
- data/lib/cantango/rails/helpers/controller_helper.rb +17 -0
- data/lib/cantango/rails/helpers/rest_helper.rb +44 -0
- data/lib/cantango/rails/helpers/view_helper.rb +17 -0
- data/lib/cantango/rails/railtie.rb +1 -1
- data/lib/cantango/rspec/config.rb +1 -1
- data/lib/cantango/rspec/matchers/be_allowed_to.rb +5 -3
- data/lib/cantango/rules/user_relation.rb +1 -1
- data/lib/cantango/users/macros.rb +8 -2
- data/lib/cantango/users/user.rb +1 -1
- data/lib/generators/cantango/account_permit/account_permit_generator.rb +37 -0
- data/lib/generators/cantango/account_permit/templates/account_permit.erb +13 -0
- data/lib/generators/cantango/base.rb +15 -18
- data/lib/generators/cantango/basic.rb +41 -0
- data/lib/generators/cantango/install/install_generator.rb +37 -0
- data/lib/generators/cantango/install/templates/cantango.rb +4 -0
- data/{spec/active_record/scenarios/user_accounts/config/account_permits.yml → lib/generators/cantango/install/templates/categories.yml} +0 -0
- data/lib/generators/cantango/install/templates/permissions.yml +4 -0
- data/lib/generators/cantango/license/license_generator.rb +6 -11
- data/lib/generators/cantango/license/templates/license.erb +1 -1
- data/lib/generators/cantango/license_base.rb +2 -2
- data/lib/generators/cantango/licenses/licenses_generator.rb +2 -7
- data/lib/generators/cantango/permit_generator.rb +31 -10
- data/lib/generators/cantango/role_permit/role_permit_generator.rb +11 -14
- data/lib/generators/cantango/role_permit/templates/account_permit.erb +2 -2
- data/lib/generators/cantango/role_permit/templates/role_group_permit.erb +2 -2
- data/lib/generators/cantango/role_permit/templates/role_permit.erb +2 -2
- data/lib/generators/cantango/role_permits/role_permits_generator.rb +16 -98
- data/lib/generators/cantango/user_permit/templates/account_permit.erb +5 -0
- data/lib/generators/cantango/user_permit/templates/user_permit.erb +13 -0
- data/lib/generators/cantango/user_permit/user_permit_generator.rb +36 -0
- data/spec/TODO +1 -6
- data/spec/active_record/helper/permits_config.rb +1 -1
- data/spec/active_record/scenarios/engines/permission_engine/{cantango_permissions.yml → permissions.yml} +2 -1
- data/spec/active_record/scenarios/engines/permission_engine/tango_permission_yml_spec.rb +8 -9
- data/spec/active_record/scenarios/engines/permit_engine/licenses_spec.rb +2 -2
- data/spec/active_record/scenarios/engines/permit_engine/role_groups_permits_spec.rb +2 -2
- data/spec/active_record/scenarios/shared/{can_tango.rb → cantango.rb} +1 -1
- data/spec/active_record/scenarios/shared/models/items.rb +0 -1
- data/spec/active_record/scenarios/shared/models/users.rb +6 -1
- data/spec/active_record/spec_helper.rb +6 -4
- data/spec/cantango/ability/cache/key_spec.rb +64 -0
- data/spec/cantango/ability/cache/{compiler_spec.rb → kompiler_spec.rb} +9 -21
- data/spec/cantango/ability/cache/reader_compile_spec.rb +42 -0
- data/spec/cantango/ability/cache/reader_spec.rb +33 -0
- data/spec/cantango/ability/cache/rules_cache_spec.rb +15 -0
- data/spec/cantango/ability/cache/session_cache_spec.rb +1 -1
- data/spec/cantango/ability/cache/writer_spec.rb +21 -0
- data/spec/cantango/ability/cache_spec.rb +6 -2
- data/spec/cantango/ability_filters_spec.rb +5 -10
- data/spec/cantango/ability_spec.rb +2 -3
- data/spec/cantango/api/attributes_spec.rb +27 -0
- data/spec/cantango/api/user/can_api_spec.rb +2 -2
- data/spec/cantango/api/user_account/can_api_spec.rb +2 -2
- data/spec/cantango/configuration/adapter_spec.rb +28 -0
- data/spec/cantango/configuration/engines/cache_spec.rb +2 -2
- data/spec/cantango/configuration/engines/permission_spec.rb +3 -3
- data/spec/cantango/configuration/engines/permit_spec.rb +1 -1
- data/spec/cantango/configuration/engines/store_shared.rb +3 -1
- data/spec/cantango/configuration/engines_spec.rb +106 -3
- data/spec/cantango/configuration/hash_registry_spec.rb +1 -1
- data/spec/cantango/configuration/permit_registry_spec.rb +14 -0
- data/spec/cantango/configuration/permits_spec.rb +25 -0
- data/spec/cantango/configuration/registry_spec.rb +1 -1
- data/spec/cantango/configuration/shared/registry_ex.rb +2 -1
- data/spec/cantango/configuration_spec.rb +5 -5
- data/spec/cantango/permission_engine/compiler_spec.rb +8 -0
- data/spec/cantango/permission_engine/permission_spec.rb +1 -1
- data/spec/cantango/permission_engine/yaml_store_spec.rb +14 -4
- data/spec/cantango/permission_engine_spec.rb +0 -0
- data/spec/cantango/permit_engine/account_permit_spec.rb +2 -4
- data/spec/cantango/permit_engine/builder/role_group_permits_spec.rb +4 -7
- data/spec/cantango/permit_engine/builder/role_permits_spec.rb +5 -6
- data/spec/cantango/permit_engine/builder/special_permits_spec.rb +3 -4
- data/spec/cantango/permit_engine/executor/system_spec.rb +2 -2
- data/spec/cantango/permit_engine/factory_spec.rb +2 -3
- data/spec/cantango/permit_engine/finder_spec.rb +144 -23
- data/spec/cantango/permit_engine/permit/permit_static_and_dynamic_rules_spec.rb +4 -5
- data/spec/cantango/permit_engine/role_group_permit_spec.rb +1 -1
- data/spec/cantango/permit_engine/role_permit_spec.rb +6 -7
- data/spec/cantango/permit_engine/user_permit_spec.rb +2 -3
- data/spec/cantango/permit_engine_spec.rb +2 -0
- data/spec/cantango/permits/macros_spec.rb +41 -0
- data/spec/cantango/permits/permit_spec.rb +46 -0
- data/spec/cantango_spec.rb +13 -0
- data/spec/devise-dummy/app/helpers/application_helper.rb +7 -0
- data/spec/devise-dummy/app/views/articles/admin.html.haml +1 -1
- data/spec/devise-dummy/app/views/articles/admin_account.html.haml +1 -1
- data/spec/devise-dummy/app/views/articles/guest.html.haml +1 -1
- data/spec/devise-dummy/app/views/articles/index.html.haml +1 -1
- data/spec/devise-dummy/app/views/comments/guest.html.haml +1 -1
- data/spec/devise-dummy/app/views/comments/index.html.haml +1 -1
- data/spec/devise-dummy/app/views/concertos/admin.html.haml +1 -1
- data/spec/devise-dummy/app/views/concertos/admin_account.html.haml +1 -1
- data/spec/devise-dummy/app/views/concertos/guest.html.haml +1 -1
- data/spec/devise-dummy/app/views/concertos/index.html.haml +1 -1
- data/spec/devise-dummy/app/views/users/index.html.haml +1 -1
- data/spec/devise-dummy/config/initializers/cantango.rb +3 -3
- data/spec/devise-dummy/config/{cantango_permissions.yml → permissions.yml} +2 -1
- data/spec/devise-integration/concerto_spec.rb +1 -1
- data/spec/dummy/app/models/user.rb +1 -0
- data/spec/dummy/app/views/articles/admin.html.haml +1 -1
- data/spec/dummy/app/views/articles/admin_account.html.haml +1 -1
- data/spec/dummy/app/views/articles/guest.html.haml +1 -1
- data/spec/dummy/app/views/articles/index.html.haml +1 -1
- data/spec/dummy/app/views/comments/guest.html.haml +1 -1
- data/spec/dummy/app/views/comments/index.html.haml +1 -1
- data/spec/dummy/app/views/concertos/admin.html.haml +1 -1
- data/spec/dummy/app/views/concertos/admin_account.html.haml +1 -1
- data/spec/dummy/app/views/concertos/guest.html.haml +1 -1
- data/spec/dummy/app/views/concertos/index.html.haml +1 -1
- data/spec/dummy/app/views/posts/admin.html.haml +1 -1
- data/spec/dummy/app/views/posts/admin_account.html.haml +1 -1
- data/spec/dummy/app/views/posts/guest.html.haml +1 -1
- data/spec/dummy/app/views/posts/index.html.haml +1 -1
- data/spec/dummy/app/views/users/admin.html.haml +1 -1
- data/spec/dummy/app/views/users/admin_account.html.haml +1 -1
- data/spec/dummy/app/views/users/guest.html.haml +1 -1
- data/spec/dummy/app/views/users/index.html.haml +1 -1
- data/spec/dummy/config/application.rb +1 -0
- data/spec/dummy/config/initializers/cantango.rb +1 -3
- data/spec/dummy/config/{cantango_permissions.yml → permissions.yml} +2 -2
- data/spec/dummy_spec_helper.rb +2 -0
- data/spec/entire_suite_spec.rb +2 -0
- data/spec/factories/user.rb +8 -0
- data/spec/factories/user_account.rb +6 -0
- data/spec/fixtures/config/permissions.yml +60 -19
- data/spec/fixtures/models/admin.rb +2 -0
- data/spec/fixtures/models/admin_account.rb +22 -0
- data/spec/fixtures/models/simple_roles.rb +5 -0
- data/spec/fixtures/models/user.rb +4 -0
- data/spec/helpers/dummy_app_ability.rb +2 -5
- data/spec/integration/cache_using_moneta_spec.rb +3 -1
- data/spec/integration/cache_using_session_spec.rb +2 -2
- data/spec/integration/user/articles_spec.rb +1 -1
- data/spec/integration/user/concerto_spec.rb +1 -1
- data/spec/spec_helper.rb +5 -5
- metadata +120 -95
- data/lib/cantango/ability/class_methods.rb +0 -27
- data/lib/cantango/api/aliases/account_permit.rb +0 -8
- data/lib/cantango/api/aliases/license.rb +0 -7
- data/lib/cantango/api/aliases/permit.rb +0 -9
- data/lib/cantango/api/aliases/role_group_permit.rb +0 -7
- data/lib/cantango/api/aliases/role_permit.rb +0 -7
- data/lib/cantango/api/aliases/user_permit.rb +0 -8
- data/lib/cantango/permission_engine/builder.rb +0 -6
- data/lib/cantango/permit_engine/role_permit/builder.rb +0 -46
- data/lib/cantango/rails/base_helpers.rb +0 -26
- data/lib/cantango/rails/controller_helpers.rb +0 -15
- data/lib/cantango/rails/view_helpers.rb +0 -15
- data/spec/active_record/scenarios/shared/permits/PERMITS README.textile +0 -3
- data/spec/active_record/scenarios/user_accounts/docs/USER_ACCOUNTS_SCENARIO.textile +0 -20
- data/spec/active_record/scenarios/user_accounts/docs/basic_rules_spec_possible_samples.txt +0 -84
- data/spec/factories.rb +0 -8
- data/spec/fixtures/config/cantango_permissions.yml +0 -48
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'yaml'
|
2
2
|
|
3
3
|
module CanTango
|
4
|
-
|
4
|
+
class PermissionEngine < Engine
|
5
5
|
class YamlStore < Store
|
6
6
|
attr_reader :path
|
7
7
|
|
@@ -30,7 +30,7 @@ module CanTango
|
|
30
30
|
@permissions ||= loader.permissions
|
31
31
|
end
|
32
32
|
|
33
|
-
CanTango.config.
|
33
|
+
CanTango.config.permission_engine.types.each do |type|
|
34
34
|
define_method(:"#{type}_permissions") do
|
35
35
|
loader.send(:"#{type}_permissions")
|
36
36
|
end
|
@@ -1,8 +1,33 @@
|
|
1
1
|
module CanTango
|
2
|
-
|
2
|
+
class PermitEngine < Engine
|
3
3
|
autoload_modules :Builder, :Compatibility, :Executor
|
4
|
-
autoload_modules :Factory, :Finder, :
|
5
|
-
|
6
|
-
|
4
|
+
autoload_modules :Factory, :Finder, :Loaders, :Util, :RoleMatcher
|
5
|
+
|
6
|
+
def initialize ability
|
7
|
+
super
|
8
|
+
end
|
9
|
+
|
10
|
+
def execute!
|
11
|
+
permits.each do |permit|
|
12
|
+
break if permit.execute == :break
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
# by default, only execute permits for which the user
|
17
|
+
# has a role or a role group
|
18
|
+
# also execute any permit marked as special
|
19
|
+
def permits
|
20
|
+
permit_factory.build!
|
21
|
+
end
|
22
|
+
|
23
|
+
def permit_class_names
|
24
|
+
@permit_class_names ||= permits.map{|p| p.class.to_s}
|
25
|
+
end
|
26
|
+
|
27
|
+
protected
|
28
|
+
|
29
|
+
def permit_factory
|
30
|
+
@permit_factory ||= CanTango::PermitEngine::Factory.new ability
|
31
|
+
end
|
7
32
|
end
|
8
33
|
end
|
@@ -1,8 +1,7 @@
|
|
1
1
|
module CanTango
|
2
|
-
|
2
|
+
class PermitEngine < Engine
|
3
3
|
module Builder
|
4
|
-
|
5
|
-
autoload :SpecialPermits, 'cantango/permit_engine/builder/special_permits'
|
4
|
+
autoload_modules :Base, :SpecialPermits
|
6
5
|
end
|
7
6
|
end
|
8
7
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
module CanTango
|
2
|
-
|
2
|
+
class PermitEngine < Engine
|
3
3
|
module Builder
|
4
4
|
class Base
|
5
5
|
attr_accessor :ability
|
@@ -13,6 +13,14 @@ module CanTango
|
|
13
13
|
|
14
14
|
protected
|
15
15
|
|
16
|
+
def finder
|
17
|
+
ns::Finder
|
18
|
+
end
|
19
|
+
|
20
|
+
def ns
|
21
|
+
self.class.to_s.gsub(/::Builder/, '').constantize
|
22
|
+
end
|
23
|
+
|
16
24
|
# Tries to create a new permit for the given role
|
17
25
|
# If no permit Class can be found, it should return nil
|
18
26
|
# @param [Symbol] the name
|
@@ -1,20 +1,19 @@
|
|
1
1
|
module CanTango
|
2
|
-
|
2
|
+
class PermitEngine < Engine
|
3
3
|
module Builder
|
4
|
-
class SpecialPermits < Base
|
4
|
+
class SpecialPermits < Base
|
5
5
|
def build
|
6
6
|
special_permits.map{|role| create_permit(role)}.compact
|
7
|
-
end
|
7
|
+
end
|
8
8
|
|
9
9
|
def special_permits
|
10
10
|
[:system, :any]
|
11
|
-
end
|
12
|
-
|
11
|
+
end
|
12
|
+
|
13
13
|
def finder
|
14
|
-
CanTango::
|
15
|
-
end
|
14
|
+
CanTango::Permits::RolePermit::Finder
|
15
|
+
end
|
16
16
|
end
|
17
17
|
end
|
18
|
-
|
19
18
|
end
|
20
19
|
end
|
@@ -1,10 +1,6 @@
|
|
1
|
-
require 'sugar-high/class_ext'
|
2
|
-
|
3
1
|
module CanTango
|
4
|
-
|
2
|
+
class PermitEngine < Engine
|
5
3
|
class Factory
|
6
|
-
include ClassExt
|
7
|
-
|
8
4
|
attr_accessor :ability, :builders
|
9
5
|
|
10
6
|
# creates the factory for the ability
|
@@ -28,7 +24,7 @@ module CanTango
|
|
28
24
|
|
29
25
|
def builder_class builder
|
30
26
|
return "CanTango::PermitEngine::Builder::SpecialPermits" if builder == :special
|
31
|
-
"CanTango::
|
27
|
+
"CanTango::Permits::#{builder.to_s.camelize}Permit::Builder"
|
32
28
|
end
|
33
29
|
|
34
30
|
def builders
|
@@ -39,7 +35,6 @@ module CanTango
|
|
39
35
|
ability.options
|
40
36
|
end
|
41
37
|
end
|
42
|
-
|
43
38
|
end
|
44
39
|
end
|
45
40
|
|
@@ -1,10 +1,7 @@
|
|
1
1
|
module CanTango
|
2
|
-
|
2
|
+
class PermitEngine < Engine
|
3
3
|
class Finder
|
4
|
-
include ClassExt
|
5
|
-
|
6
4
|
# This class is used to find the right permit, possible scoped for a specific user account
|
7
|
-
|
8
5
|
attr_reader :user_account, :name
|
9
6
|
|
10
7
|
def initialize user_account, name
|
@@ -13,13 +10,50 @@ module CanTango
|
|
13
10
|
end
|
14
11
|
|
15
12
|
def get_permit
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
13
|
+
raise find_error if !retrieve_permit
|
14
|
+
retrieve_permit
|
15
|
+
end
|
16
|
+
|
17
|
+
protected
|
18
|
+
|
19
|
+
def find_error
|
20
|
+
"Permit for #{type} #{name} could not be loaded. Define either class: #{account_permit_class} or #{permit_class}"
|
21
21
|
end
|
22
22
|
|
23
|
+
def retrieve_permit
|
24
|
+
@found_permit ||= [account_permit(name), permit(name)].compact.first
|
25
|
+
end
|
26
|
+
|
27
|
+
def account_permit name
|
28
|
+
|
29
|
+
# TODO: User/Account cases should be handled somehow following is just interim measure
|
30
|
+
return nil if !user_account.class.name =~ /Account/
|
31
|
+
account_permits_for_account.send(type).registered[name]
|
32
|
+
rescue
|
33
|
+
nil
|
34
|
+
end
|
35
|
+
|
36
|
+
def permit name
|
37
|
+
permits.send(type).registered[name]
|
38
|
+
end
|
39
|
+
|
40
|
+
def permits
|
41
|
+
CanTango.config.permits
|
42
|
+
end
|
43
|
+
|
44
|
+
# TODO: make proper account touching
|
45
|
+
|
46
|
+
def account_permits_for_account
|
47
|
+
account_permits.send(account)
|
48
|
+
end
|
49
|
+
|
50
|
+
def account_permits
|
51
|
+
CanTango.config.permits
|
52
|
+
end
|
53
|
+
|
54
|
+
def account
|
55
|
+
user_account.class.name.underscore
|
56
|
+
end
|
23
57
|
# this is used to namespace role permits for a specific type of user account
|
24
58
|
# this allows role permits to be defined differently for each user account (and hence sub application) if need be
|
25
59
|
# otherwise it will fall back to the generic role permit (the one which is not wrapped in a user account namespace)
|
@@ -1,7 +1,7 @@
|
|
1
1
|
require 'active_support/inflector'
|
2
2
|
|
3
3
|
module CanTango
|
4
|
-
|
4
|
+
class PermitEngine < Engine
|
5
5
|
module Util
|
6
6
|
def permit_name clazz
|
7
7
|
@name ||= clazz.to_s.demodulize.gsub(/Role/,'').gsub(/Permit$/, '').gsub(/Group/,'').underscore.to_sym
|
@@ -17,3 +17,4 @@ module CanTango
|
|
17
17
|
end
|
18
18
|
end
|
19
19
|
end
|
20
|
+
|
@@ -1,12 +1,23 @@
|
|
1
1
|
module CanTango
|
2
|
-
module
|
3
|
-
class AccountPermit < CanTango::
|
2
|
+
module Permits
|
3
|
+
class AccountPermit < CanTango::Permit
|
4
4
|
|
5
5
|
autoload_modules :Builder, :Finder
|
6
6
|
|
7
|
-
|
7
|
+
def self.inherited(base_clazz)
|
8
|
+
CanTango.config.permits.register_permit_class account_type_name(base_clazz), base_clazz, type, account_name(base_clazz)
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.type
|
12
|
+
:account
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.account_type_name clazz
|
16
|
+
clazz.name.demodulize.gsub(/(.*)(AccountPermit)/, '\1').underscore.to_sym
|
17
|
+
end
|
18
|
+
|
8
19
|
def account_type
|
9
|
-
self.class.
|
20
|
+
self.class.account_type_name self.class
|
10
21
|
end
|
11
22
|
|
12
23
|
# creates the permit
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module CanTango
|
2
|
-
module
|
3
|
-
class AccountPermit < CanTango::
|
2
|
+
module Permits
|
3
|
+
class AccountPermit < CanTango::Permit
|
4
4
|
class Builder < CanTango::PermitEngine::Builder::Base
|
5
5
|
# class NoAvailableRoles < StandardError; end
|
6
6
|
|
@@ -11,10 +11,6 @@ module CanTango
|
|
11
11
|
# raise NoAvailableRoles, "no available roles are defined" if available_roles.empty?
|
12
12
|
[] << create_permit(user_account.class.to_s)
|
13
13
|
end
|
14
|
-
|
15
|
-
def finder
|
16
|
-
CanTango::PermitEngine::AccountPermit::Finder
|
17
|
-
end
|
18
14
|
end
|
19
15
|
end
|
20
16
|
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
class Module
|
2
|
+
def tango_permit options = {}
|
3
|
+
name_from_class_name = CanTango::Permits::Permit.first_name self.to_s.split("::").last
|
4
|
+
name = options[:name] || name_from_class_name
|
5
|
+
|
6
|
+
account_from_class_name = CanTango::Permits::Permit.first_name self.to_s.split("::").first if (self.to_s.split("::").size > 1)
|
7
|
+
account = options[:account] || account_from_class_name
|
8
|
+
|
9
|
+
type = options[:type] || self.superclass.type
|
10
|
+
|
11
|
+
raise "Name of permit could not be determined, try specifying a :name option" if name.nil?
|
12
|
+
raise "Type of permit could not be determined, try specifying a :type option" if type.nil?
|
13
|
+
|
14
|
+
CanTango.config.permits.register_permit_class name, self, type, account
|
15
|
+
# return hash for debugging
|
16
|
+
{:name => name, :type => type, :account => account}
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
@@ -3,18 +3,30 @@ require 'sugar-high/array'
|
|
3
3
|
# The permit base class for both Role Permits and Role Group Permits
|
4
4
|
# Should contain all common logic
|
5
5
|
module CanTango
|
6
|
-
module
|
6
|
+
module Permits
|
7
7
|
class Permit
|
8
8
|
attr_reader :ability
|
9
9
|
|
10
10
|
# strategy is used to control the owns strategy (see rules.rb)
|
11
11
|
attr_reader :strategy
|
12
12
|
|
13
|
+
include CanTango::Api::Attributes
|
14
|
+
|
13
15
|
# creates the permit
|
14
16
|
def initialize ability
|
15
17
|
@ability = ability
|
16
18
|
end
|
17
19
|
|
20
|
+
def self.first_name clazz
|
21
|
+
clazz.to_s.gsub(/^([A-Za-z]+).*/, '\1').underscore.to_sym # first part of class name
|
22
|
+
end
|
23
|
+
|
24
|
+
|
25
|
+
def self.account_name clazz
|
26
|
+
return nil if clazz.name == clazz.name.demodulize
|
27
|
+
clazz.name.gsub(/::.*/,'').gsub(/(.*)Permits/, '\1').underscore.to_sym
|
28
|
+
end
|
29
|
+
|
18
30
|
# executes the permit
|
19
31
|
def execute
|
20
32
|
executor.execute!
|
@@ -1,11 +1,23 @@
|
|
1
1
|
module CanTango
|
2
|
-
module
|
3
|
-
class RoleGroupPermit < CanTango::
|
2
|
+
module Permits
|
3
|
+
class RoleGroupPermit < CanTango::Permit
|
4
4
|
|
5
5
|
autoload_modules :Builder, :Finder
|
6
6
|
|
7
|
+
def self.inherited(base_clazz)
|
8
|
+
CanTango.config.permits.register_permit_class role_group_name(base_clazz), base_clazz, type, account_name(base_clazz)
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.type
|
12
|
+
:role_group
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.role_group_name clazz
|
16
|
+
clazz.name.demodulize.gsub(/(.*)(RoleGroupPermit)/, '\1').underscore.to_sym
|
17
|
+
end
|
18
|
+
|
7
19
|
def role_group
|
8
|
-
self.class.
|
20
|
+
self.class.role_group_name self.class
|
9
21
|
end
|
10
22
|
|
11
23
|
# creates the permit
|