cantango 0.8.8.1 → 0.8.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.textile +17 -8
- data/VERSION +1 -1
- data/cantango.gemspec +2 -2
- data/lib/cantango.rb +4 -0
- data/lib/cantango/configuration/permits.rb +34 -5
- data/lib/cantango/permit_engine/factory.rb +2 -2
- data/lib/cantango/permits/account_permit.rb +5 -5
- data/lib/cantango/permits/permit.rb +23 -2
- data/lib/cantango/permits/role_group_permit.rb +2 -1
- data/lib/cantango/permits/role_permit.rb +2 -1
- data/lib/cantango/permits/user_permit.rb +6 -6
- data/spec/cantango/permit_engine/user_permit_spec.rb +26 -0
- metadata +33 -33
data/README.textile
CHANGED
@@ -35,16 +35,25 @@ Run bundler in a terminal/console from the folder of your Gemfile (root folder o
|
|
35
35
|
|
36
36
|
@$ bundle@
|
37
37
|
|
38
|
-
h2. Update Oct
|
38
|
+
h2. Update Oct 8, 2011
|
39
39
|
|
40
|
-
Version *0.8.
|
40
|
+
Version *0.8.9* has been released.
|
41
41
|
|
42
|
-
*
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
42
|
+
* You can now disable specific Permits to not be executed by the Permits engine
|
43
|
+
|
44
|
+
This is especially useful when you are conerting permits into permissions
|
45
|
+
|
46
|
+
<pre>
|
47
|
+
CanTango.config.permits.disable_for :user, [:admin, :editor] # AdminPermit, EditorPermit
|
48
|
+
CanTango.config.permits.disable_for :role, :guest # GuestRolePermit
|
49
|
+
CanTango.config.permits.disable_for :account, :admin # AdminAccountPermit
|
50
|
+
puts CanTango.config.permits.disabled # => {:role => ['guest'], :user ...}
|
51
|
+
puts CanTango.config.permits.disabled_for :role # => :guest
|
52
|
+
CanTango.config.permits.enable_all_types! # reset types only
|
53
|
+
CanTango.config.permits.enable_all! # reset types and specific
|
54
|
+
</pre>
|
55
|
+
|
56
|
+
Note: You can also disable a permit directly from within the Permit class, using the new @disable!@ method. This can fx be done in a permit initializer.
|
48
57
|
|
49
58
|
h2. Quickstart
|
50
59
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.8.
|
1
|
+
0.8.9
|
data/cantango.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = "cantango"
|
8
|
-
s.version = "0.8.
|
8
|
+
s.version = "0.8.9"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Kristian Mandrup", "Stanislaw Pankevich"]
|
12
|
-
s.date = "2011-10-
|
12
|
+
s.date = "2011-10-08"
|
13
13
|
s.description = "Define your permission rules as role- or role group specific permits.\nIntegrates well with multiple Devise user acounts.\nIncludes rules caching.\nStore permissions in yaml file or key-value store"
|
14
14
|
s.email = "kmandrup@gmail.com, s.pankevich@gmail.com"
|
15
15
|
s.extra_rdoc_files = [
|
data/lib/cantango.rb
CHANGED
@@ -5,16 +5,45 @@ module CanTango
|
|
5
5
|
|
6
6
|
attr_reader :accounts
|
7
7
|
|
8
|
-
def
|
9
|
-
@
|
8
|
+
def enabled_types
|
9
|
+
@enabled_types || available_types
|
10
10
|
end
|
11
|
+
alias_method :enabled, :enabled_types
|
11
12
|
|
12
|
-
def
|
13
|
+
def available_types
|
13
14
|
[:user, :account, :role, :role_group, :special]
|
14
15
|
end
|
15
16
|
|
16
|
-
def
|
17
|
-
@
|
17
|
+
def disable_types *types
|
18
|
+
@enabled_types = available_types - types.flatten
|
19
|
+
end
|
20
|
+
alias_method :disable, :disable_types
|
21
|
+
|
22
|
+
def enable_all_types!
|
23
|
+
@enabled_types = available_types
|
24
|
+
end
|
25
|
+
|
26
|
+
def disable_for type, *names
|
27
|
+
@disabled ||= {}
|
28
|
+
@disabled[type.to_sym] = names.flatten.select_labels.map{|n| n.to_s.underscore}
|
29
|
+
end
|
30
|
+
|
31
|
+
def enable_all_for type
|
32
|
+
@disabled ||= {}
|
33
|
+
@disabled[type.to_sym] = nil
|
34
|
+
end
|
35
|
+
|
36
|
+
def disabled
|
37
|
+
@disabled ||= {}
|
38
|
+
end
|
39
|
+
|
40
|
+
def disabled_for type
|
41
|
+
disabled[type]
|
42
|
+
end
|
43
|
+
|
44
|
+
def enable_all!
|
45
|
+
@disabled = {}
|
46
|
+
enable_all_types!
|
18
47
|
end
|
19
48
|
|
20
49
|
def accounts
|
@@ -17,9 +17,9 @@ module CanTango
|
|
17
17
|
|
18
18
|
def permits
|
19
19
|
@permits ||= builders.inject([]) do |permits, builder|
|
20
|
-
puts "++ Permit Builder: #{builder_class builder}"
|
20
|
+
puts "++ Permit Builder: #{builder_class builder}" if CanTango.debug?
|
21
21
|
built_permits = permits_built_with(builder)
|
22
|
-
puts "== Permits built: #{built_permits.size}"
|
22
|
+
puts "== Permits built: #{built_permits.size}" if CanTango.debug?
|
23
23
|
permits = permits + built_permits if built_permits
|
24
24
|
end.flatten
|
25
25
|
end
|
@@ -16,9 +16,10 @@ module CanTango
|
|
16
16
|
clazz.name.demodulize.gsub(/(.*)(AccountPermit)/, '\1').underscore.to_sym
|
17
17
|
end
|
18
18
|
|
19
|
-
def
|
19
|
+
def permit_name
|
20
20
|
self.class.account_type_name self.class
|
21
21
|
end
|
22
|
+
alias_method :account_type, :permit_name
|
22
23
|
|
23
24
|
# creates the permit
|
24
25
|
# @param [Permits::Ability] the ability
|
@@ -27,7 +28,6 @@ module CanTango
|
|
27
28
|
super
|
28
29
|
end
|
29
30
|
|
30
|
-
|
31
31
|
# In a specific Role based Permit you can use
|
32
32
|
# def permit? user, options = {}
|
33
33
|
# ... permission logic follows
|
@@ -46,14 +46,14 @@ module CanTango
|
|
46
46
|
end
|
47
47
|
|
48
48
|
def valid_for? subject
|
49
|
-
debug_invalid if
|
49
|
+
debug_invalid if !(subject_name == account_name)
|
50
50
|
subject_name == account_name
|
51
51
|
end
|
52
52
|
|
53
53
|
protected
|
54
54
|
|
55
55
|
def debug_invalid
|
56
|
-
puts "Not a valid permit for subject: (account class) #{subject_account} != #{permit_account} (permit account)"
|
56
|
+
puts "Not a valid permit for subject: (account class) #{subject_account} != #{permit_account} (permit account)" if CanTango.debug?
|
57
57
|
end
|
58
58
|
|
59
59
|
def subject_name
|
@@ -62,7 +62,7 @@ module CanTango
|
|
62
62
|
end
|
63
63
|
|
64
64
|
def account_name
|
65
|
-
|
65
|
+
account_type(self.class)
|
66
66
|
end
|
67
67
|
end
|
68
68
|
end
|
@@ -8,7 +8,7 @@ module CanTango
|
|
8
8
|
attr_reader :ability
|
9
9
|
|
10
10
|
# strategy is used to control the owns strategy (see rules.rb)
|
11
|
-
attr_reader :strategy
|
11
|
+
attr_reader :strategy, :disabled
|
12
12
|
|
13
13
|
include CanTango::Api::Attributes
|
14
14
|
|
@@ -21,14 +21,31 @@ module CanTango
|
|
21
21
|
clazz.to_s.gsub(/^([A-Za-z]+).*/, '\1').underscore.to_sym # first part of class name
|
22
22
|
end
|
23
23
|
|
24
|
+
def self.type
|
25
|
+
:abstract
|
26
|
+
end
|
27
|
+
|
24
28
|
def self.account_name clazz
|
25
29
|
return nil if clazz.name == clazz.name.demodulize
|
26
30
|
clazz.name.gsub(/::.*/,'').gsub(/(.*)Permits/, '\1').underscore.to_sym
|
27
31
|
end
|
28
32
|
|
33
|
+
def permit_type
|
34
|
+
self.class.type
|
35
|
+
end
|
36
|
+
|
37
|
+
def disable!
|
38
|
+
@disabled = true
|
39
|
+
end
|
40
|
+
|
41
|
+
def disabled?
|
42
|
+
@disabled || config_disabled?
|
43
|
+
end
|
44
|
+
|
29
45
|
# executes the permit
|
30
46
|
def execute
|
31
|
-
|
47
|
+
return if disabled?
|
48
|
+
puts "Execute Permit: #{self}" if CanTango.debug?
|
32
49
|
executor.execute!
|
33
50
|
ability_sync!
|
34
51
|
end
|
@@ -117,6 +134,10 @@ module CanTango
|
|
117
134
|
|
118
135
|
protected
|
119
136
|
|
137
|
+
def config_disabled?
|
138
|
+
(CanTango.config.permits.disabled[permit_type] || []).include?(permit_name.to_s)
|
139
|
+
end
|
140
|
+
|
120
141
|
def try_license name
|
121
142
|
module_name = "#{name.camelize}License"
|
122
143
|
clazz = module_name.constantize
|
@@ -16,9 +16,10 @@ module CanTango
|
|
16
16
|
clazz.name.demodulize.gsub(/(.*)(RoleGroupPermit)/, '\1').underscore.to_sym
|
17
17
|
end
|
18
18
|
|
19
|
-
def
|
19
|
+
def permit_name
|
20
20
|
self.class.role_group_name self.class
|
21
21
|
end
|
22
|
+
alias_method :role_group, :permit_name
|
22
23
|
|
23
24
|
# creates the permit
|
24
25
|
def initialize ability
|
@@ -16,9 +16,10 @@ module CanTango
|
|
16
16
|
clazz.name.demodulize.gsub(/(.*)(RolePermit)/, '\1').underscore.to_sym
|
17
17
|
end
|
18
18
|
|
19
|
-
def
|
19
|
+
def permit_name
|
20
20
|
self.class.role_name self.class
|
21
21
|
end
|
22
|
+
alias_method :role, :permit_name
|
22
23
|
|
23
24
|
# creates the permit
|
24
25
|
# @param [Permits::Ability] the ability
|
@@ -16,10 +16,11 @@ module CanTango
|
|
16
16
|
clazz.name.demodulize.gsub(/(.*)(Permit)/, '\1').underscore.to_sym
|
17
17
|
end
|
18
18
|
|
19
|
-
#
|
20
|
-
def
|
19
|
+
# UserPermit becomes :user
|
20
|
+
def permit_name
|
21
21
|
self.class.user_type_name self.class
|
22
22
|
end
|
23
|
+
alias_method :user_type, :permit_name
|
23
24
|
|
24
25
|
# creates the permit
|
25
26
|
# @param [Permits::Ability] the ability
|
@@ -28,7 +29,6 @@ module CanTango
|
|
28
29
|
super
|
29
30
|
end
|
30
31
|
|
31
|
-
|
32
32
|
# In a specific Role based Permit you can use
|
33
33
|
# def permit? user, options = {}
|
34
34
|
# ... permission logic follows
|
@@ -47,14 +47,14 @@ module CanTango
|
|
47
47
|
end
|
48
48
|
|
49
49
|
def valid_for? subject
|
50
|
-
debug_invalid if
|
50
|
+
debug_invalid if !(subject_user == permit_user)
|
51
51
|
subject_user == permit_user
|
52
52
|
end
|
53
53
|
|
54
54
|
protected
|
55
55
|
|
56
56
|
def debug_invalid
|
57
|
-
puts "Not a valid permit for subject: (user class) #{subject_user} != #{permit_user} (permit user)"
|
57
|
+
puts "Not a valid permit for subject: (user class) #{subject_user} != #{permit_user} (permit user)" if CanTango.debug?
|
58
58
|
end
|
59
59
|
|
60
60
|
def subject_user
|
@@ -62,7 +62,7 @@ module CanTango
|
|
62
62
|
end
|
63
63
|
|
64
64
|
def permit_user
|
65
|
-
|
65
|
+
permit_name(self.class)
|
66
66
|
end
|
67
67
|
end
|
68
68
|
end
|
@@ -27,14 +27,40 @@ describe CanTango::Permits::UserPermit do
|
|
27
27
|
AdminPermit.new ability
|
28
28
|
end
|
29
29
|
|
30
|
+
before do
|
31
|
+
CanTango.debug_off!
|
32
|
+
end
|
33
|
+
|
30
34
|
describe 'attributes' do
|
31
35
|
it "should be the permit for the :admin user" do
|
32
36
|
permit.user_type.should == :admin
|
37
|
+
permit.permit_name.should == :admin
|
33
38
|
end
|
34
39
|
|
35
40
|
it "should have an ability" do
|
36
41
|
permit.ability.should be_a(CanTango::Ability)
|
37
42
|
end
|
38
43
|
end
|
44
|
+
|
45
|
+
describe 'disable Admin Permit' do
|
46
|
+
before do
|
47
|
+
CanTango.config.permits.disable_for :user, [:admin, :editor]
|
48
|
+
end
|
49
|
+
|
50
|
+
it "should have an ability" do
|
51
|
+
permit.disabled?.should be_true
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
describe 'enable all Permits' do
|
56
|
+
before do
|
57
|
+
CanTango.config.permits.enable_all!
|
58
|
+
end
|
59
|
+
|
60
|
+
it "should be disabled" do
|
61
|
+
CanTango.config.permits.disabled.should be_empty
|
62
|
+
permit.disabled?.should be_false
|
63
|
+
end
|
64
|
+
end
|
39
65
|
end
|
40
66
|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cantango
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.9
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,11 +10,11 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2011-10-
|
13
|
+
date: 2011-10-08 00:00:00.000000000Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: rails
|
17
|
-
requirement: &
|
17
|
+
requirement: &2158311360 !ruby/object:Gem::Requirement
|
18
18
|
none: false
|
19
19
|
requirements:
|
20
20
|
- - ! '>='
|
@@ -22,10 +22,10 @@ dependencies:
|
|
22
22
|
version: 3.0.1
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
|
-
version_requirements: *
|
25
|
+
version_requirements: *2158311360
|
26
26
|
- !ruby/object:Gem::Dependency
|
27
27
|
name: cancan
|
28
|
-
requirement: &
|
28
|
+
requirement: &2158310420 !ruby/object:Gem::Requirement
|
29
29
|
none: false
|
30
30
|
requirements:
|
31
31
|
- - ! '>='
|
@@ -33,10 +33,10 @@ dependencies:
|
|
33
33
|
version: '1.4'
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
|
-
version_requirements: *
|
36
|
+
version_requirements: *2158310420
|
37
37
|
- !ruby/object:Gem::Dependency
|
38
38
|
name: sugar-high
|
39
|
-
requirement: &
|
39
|
+
requirement: &2158309000 !ruby/object:Gem::Requirement
|
40
40
|
none: false
|
41
41
|
requirements:
|
42
42
|
- - ! '>='
|
@@ -44,10 +44,10 @@ dependencies:
|
|
44
44
|
version: 0.6.0
|
45
45
|
type: :runtime
|
46
46
|
prerelease: false
|
47
|
-
version_requirements: *
|
47
|
+
version_requirements: *2158309000
|
48
48
|
- !ruby/object:Gem::Dependency
|
49
49
|
name: sweetloader
|
50
|
-
requirement: &
|
50
|
+
requirement: &2158307620 !ruby/object:Gem::Requirement
|
51
51
|
none: false
|
52
52
|
requirements:
|
53
53
|
- - ~>
|
@@ -55,10 +55,10 @@ dependencies:
|
|
55
55
|
version: 0.1.0
|
56
56
|
type: :runtime
|
57
57
|
prerelease: false
|
58
|
-
version_requirements: *
|
58
|
+
version_requirements: *2158307620
|
59
59
|
- !ruby/object:Gem::Dependency
|
60
60
|
name: hashie
|
61
|
-
requirement: &
|
61
|
+
requirement: &2158305560 !ruby/object:Gem::Requirement
|
62
62
|
none: false
|
63
63
|
requirements:
|
64
64
|
- - ! '>='
|
@@ -66,10 +66,10 @@ dependencies:
|
|
66
66
|
version: '0.4'
|
67
67
|
type: :runtime
|
68
68
|
prerelease: false
|
69
|
-
version_requirements: *
|
69
|
+
version_requirements: *2158305560
|
70
70
|
- !ruby/object:Gem::Dependency
|
71
71
|
name: rspec-rails
|
72
|
-
requirement: &
|
72
|
+
requirement: &2158304220 !ruby/object:Gem::Requirement
|
73
73
|
none: false
|
74
74
|
requirements:
|
75
75
|
- - ! '>='
|
@@ -77,10 +77,10 @@ dependencies:
|
|
77
77
|
version: 2.6.1
|
78
78
|
type: :development
|
79
79
|
prerelease: false
|
80
|
-
version_requirements: *
|
80
|
+
version_requirements: *2158304220
|
81
81
|
- !ruby/object:Gem::Dependency
|
82
82
|
name: forgery
|
83
|
-
requirement: &
|
83
|
+
requirement: &2158302900 !ruby/object:Gem::Requirement
|
84
84
|
none: false
|
85
85
|
requirements:
|
86
86
|
- - ! '>='
|
@@ -88,10 +88,10 @@ dependencies:
|
|
88
88
|
version: '0.3'
|
89
89
|
type: :development
|
90
90
|
prerelease: false
|
91
|
-
version_requirements: *
|
91
|
+
version_requirements: *2158302900
|
92
92
|
- !ruby/object:Gem::Dependency
|
93
93
|
name: factory_girl
|
94
|
-
requirement: &
|
94
|
+
requirement: &2158302380 !ruby/object:Gem::Requirement
|
95
95
|
none: false
|
96
96
|
requirements:
|
97
97
|
- - ! '>='
|
@@ -99,10 +99,10 @@ dependencies:
|
|
99
99
|
version: '0'
|
100
100
|
type: :development
|
101
101
|
prerelease: false
|
102
|
-
version_requirements: *
|
102
|
+
version_requirements: *2158302380
|
103
103
|
- !ruby/object:Gem::Dependency
|
104
104
|
name: sqlite3
|
105
|
-
requirement: &
|
105
|
+
requirement: &2158301860 !ruby/object:Gem::Requirement
|
106
106
|
none: false
|
107
107
|
requirements:
|
108
108
|
- - ! '>='
|
@@ -110,10 +110,10 @@ dependencies:
|
|
110
110
|
version: '0'
|
111
111
|
type: :development
|
112
112
|
prerelease: false
|
113
|
-
version_requirements: *
|
113
|
+
version_requirements: *2158301860
|
114
114
|
- !ruby/object:Gem::Dependency
|
115
115
|
name: sourcify
|
116
|
-
requirement: &
|
116
|
+
requirement: &2158301260 !ruby/object:Gem::Requirement
|
117
117
|
none: false
|
118
118
|
requirements:
|
119
119
|
- - ! '>='
|
@@ -121,10 +121,10 @@ dependencies:
|
|
121
121
|
version: '0'
|
122
122
|
type: :development
|
123
123
|
prerelease: false
|
124
|
-
version_requirements: *
|
124
|
+
version_requirements: *2158301260
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
126
|
name: dkastner-moneta
|
127
|
-
requirement: &
|
127
|
+
requirement: &2158296100 !ruby/object:Gem::Requirement
|
128
128
|
none: false
|
129
129
|
requirements:
|
130
130
|
- - ! '>='
|
@@ -132,10 +132,10 @@ dependencies:
|
|
132
132
|
version: '1.0'
|
133
133
|
type: :development
|
134
134
|
prerelease: false
|
135
|
-
version_requirements: *
|
135
|
+
version_requirements: *2158296100
|
136
136
|
- !ruby/object:Gem::Dependency
|
137
137
|
name: rspec
|
138
|
-
requirement: &
|
138
|
+
requirement: &2158294880 !ruby/object:Gem::Requirement
|
139
139
|
none: false
|
140
140
|
requirements:
|
141
141
|
- - ! '>='
|
@@ -143,10 +143,10 @@ dependencies:
|
|
143
143
|
version: 2.4.0
|
144
144
|
type: :development
|
145
145
|
prerelease: false
|
146
|
-
version_requirements: *
|
146
|
+
version_requirements: *2158294880
|
147
147
|
- !ruby/object:Gem::Dependency
|
148
148
|
name: jeweler
|
149
|
-
requirement: &
|
149
|
+
requirement: &2158293680 !ruby/object:Gem::Requirement
|
150
150
|
none: false
|
151
151
|
requirements:
|
152
152
|
- - ! '>='
|
@@ -154,10 +154,10 @@ dependencies:
|
|
154
154
|
version: 1.6.4
|
155
155
|
type: :development
|
156
156
|
prerelease: false
|
157
|
-
version_requirements: *
|
157
|
+
version_requirements: *2158293680
|
158
158
|
- !ruby/object:Gem::Dependency
|
159
159
|
name: bundler
|
160
|
-
requirement: &
|
160
|
+
requirement: &2158292980 !ruby/object:Gem::Requirement
|
161
161
|
none: false
|
162
162
|
requirements:
|
163
163
|
- - ! '>='
|
@@ -165,10 +165,10 @@ dependencies:
|
|
165
165
|
version: 1.0.1
|
166
166
|
type: :development
|
167
167
|
prerelease: false
|
168
|
-
version_requirements: *
|
168
|
+
version_requirements: *2158292980
|
169
169
|
- !ruby/object:Gem::Dependency
|
170
170
|
name: rdoc
|
171
|
-
requirement: &
|
171
|
+
requirement: &2158291700 !ruby/object:Gem::Requirement
|
172
172
|
none: false
|
173
173
|
requirements:
|
174
174
|
- - ! '>='
|
@@ -176,7 +176,7 @@ dependencies:
|
|
176
176
|
version: '0'
|
177
177
|
type: :development
|
178
178
|
prerelease: false
|
179
|
-
version_requirements: *
|
179
|
+
version_requirements: *2158291700
|
180
180
|
description: ! 'Define your permission rules as role- or role group specific permits.
|
181
181
|
|
182
182
|
Integrates well with multiple Devise user acounts.
|
@@ -822,7 +822,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
822
822
|
version: '0'
|
823
823
|
segments:
|
824
824
|
- 0
|
825
|
-
hash: -
|
825
|
+
hash: -3737746753132701377
|
826
826
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
827
827
|
none: false
|
828
828
|
requirements:
|