cantango 0.8.9.5 → 0.9.3.2

data/README.textile

@@ -35,14 +35,42 @@ Run bundler in a terminal/console from the folder of your Gemfile (root folder o
 
 @$ bundle@
 
-h2. Update Oct 17, 2011
+h2. Update Oct 29, 2011
 
-Version *0.8.9.5* has been released. Contains an important bug fix for permit options!
+Versions *0.9+* have naming bug. Please use version 0.8.9 for now.
 
-Also the user _[user_class]_can?_ and _cannot?_ API methods have been updated to work correctly when _current_[user_class]_ and such methods (fx as generated by _Devise_) return an account and not a user instance. 
-In this case CanTango will attempt to call the #user method on the account to get the user. 
-In many cases for more advanced scenarios, it makes more sense to treat the devise models as accounts and have the user models defined separately and linked to one or more accounts. 
-The accounts would then have the credentials for the user in that partiular context and the user only the user specific details.
+New features:
+
+* Model AC filters and scopes
+* Engine _:user_ac_ (User Access Control)
+* Cache and No-Cache modes for Ability, run in succession and rule results merged
+
+The :user_ac engine is a port of the Permission system from the _Rails in Action_ book. 
+With this engine a user can have many permissions defined, where each such permission is a persisted Permission model instance that describes a 'can' action on a specific type of object.
+
+The new modal Ability model allows you to define rules that are run in Cache mode and others that can be run in no-cache mode. This enables you to circumvent the previos restriction that didn't allow you to use normal conditional ruby logic outside blocks if you enabled caching.
+
+<pre>
+class UserPermit < CanTango::UserPermit
+  def static_rules
+    ...
+  end
+
+  module Cached
+    def permit_rules
+    end
+  end
+
+  module NonCached
+    def permit_rules
+    end
+  end
+end
+</pre>
+
+Any rule method defined directly for the permit is run for any (or both) modes. To define rules specifically for cache or no-cache modes, you should place them in a nested module to signify this as shown in this example.
+
+You can configure modes with the new config object @CanTango.config.ability.modes@ and set it via @CanTango.config.ability.mode = :no_cache@ . The valid modes are: :cache, :no_cache, and :both. You can similarly configure which modes each engine should participate in, fx via @CanTango.config.permit_engine.mode = :cache@
 
 h2. Quickstart
 
@@ -121,7 +149,7 @@ If you use any of these adapters, you must manually include the following in you
 
 @gem 'dkastner-moneta'@ for moneta adapter and @gem 'sourcify'@ for the compiler adapter.
 
-CanTango uses @autoload_modules@ from the "sweetloader":https://github.com/kristianmandrup/sweet_loader.git' gem.
+CanTango uses @autoload_modules@ from the "sweetloader":https://github.com/kristianmandrup/sweet_loader.git gem.
 This ensures that all such modules are lazy-loaded. Thus if you configure CanTango to exclude an engine, the code for that engine will never be loaded, minimizing the load time and memory print.
 
 h2. You need help?

data/VERSION

@@ -1 +1 @@
-0.8.9.5
+0.9.3.2

data/cantango.gemspec

@@ -4,14 +4,17 @@
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = "cantango"
-  s.version = "0.8.9.5"
+  s.name = %q{cantango}
+  s.version = "0.9.3.2"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Kristian Mandrup", "Stanislaw Pankevich"]
-  s.date = "2011-10-17"
-  s.description = "Define your permission rules as role- or role group specific permits.\nIntegrates well with multiple Devise user acounts.\nIncludes rules caching.\nStore permissions in yaml file or key-value store"
-  s.email = "kmandrup@gmail.com, s.pankevich@gmail.com"
+  s.authors = [%q{Kristian Mandrup}, %q{Stanislaw Pankevich}]
+  s.date = %q{2011-10-29}
+  s.description = %q{Define your permission rules as role- or role group specific permits.
+Integrates well with multiple Devise user acounts.
+Includes rules caching.
+Store permissions in yaml file or key-value store}
+  s.email = %q{kmandrup@gmail.com, s.pankevich@gmail.com}
   s.extra_rdoc_files = [
     "LICENSE.txt",
     "README.textile"
@@ -38,12 +41,14 @@ Gem::Specification.new do |s|
     "lib/cantango/ability/cache/session_cache.rb",
     "lib/cantango/ability/cache/writer.rb",
     "lib/cantango/ability/cache_helpers.rb",
+    "lib/cantango/ability/engine_helpers.rb",
     "lib/cantango/ability/masquerade_helpers.rb",
     "lib/cantango/ability/permission_helpers.rb",
     "lib/cantango/ability/permit_helpers.rb",
     "lib/cantango/ability/role_helpers.rb",
     "lib/cantango/ability/scope.rb",
     "lib/cantango/ability/user_helpers.rb",
+    "lib/cantango/ability_executor.rb",
     "lib/cantango/adapter/compiler.rb",
     "lib/cantango/adapter/moneta.rb",
     "lib/cantango/api.rb",
@@ -60,14 +65,17 @@ Gem::Specification.new do |s|
     "lib/cantango/api/user_account/ability.rb",
     "lib/cantango/api/user_account/can.rb",
     "lib/cantango/api/user_account/scope.rb",
+    "lib/cantango/api/user_account/session.rb",
     "lib/cantango/cache.rb",
     "lib/cantango/cache/hash_cache.rb",
     "lib/cantango/cache/moneta_cache.rb",
+    "lib/cantango/cached_ability.rb",
     "lib/cantango/cancan/rule.rb",
     "lib/cantango/configuration.rb",
     "lib/cantango/configuration/ability.rb",
     "lib/cantango/configuration/adapters.rb",
     "lib/cantango/configuration/autoload.rb",
+    "lib/cantango/configuration/candidate_registry.rb",
     "lib/cantango/configuration/categories.rb",
     "lib/cantango/configuration/debug.rb",
     "lib/cantango/configuration/engines.rb",
@@ -76,10 +84,12 @@ Gem::Specification.new do |s|
     "lib/cantango/configuration/engines/permission.rb",
     "lib/cantango/configuration/engines/permit.rb",
     "lib/cantango/configuration/engines/store.rb",
+    "lib/cantango/configuration/engines/user_ac.rb",
     "lib/cantango/configuration/factory.rb",
     "lib/cantango/configuration/guest.rb",
     "lib/cantango/configuration/hash_registry.rb",
     "lib/cantango/configuration/models.rb",
+    "lib/cantango/configuration/modes.rb",
     "lib/cantango/configuration/permit_registry.rb",
     "lib/cantango/configuration/permits.rb",
     "lib/cantango/configuration/registry.rb",
@@ -96,7 +106,11 @@ Gem::Specification.new do |s|
     "lib/cantango/filters/role_filter.rb",
     "lib/cantango/filters/role_group_filter.rb",
     "lib/cantango/helpers.rb",
+    "lib/cantango/helpers/debug.rb",
     "lib/cantango/helpers/role_methods.rb",
+    "lib/cantango/model.rb",
+    "lib/cantango/model/filter.rb",
+    "lib/cantango/model/scope.rb",
     "lib/cantango/permission_engine.rb",
     "lib/cantango/permission_engine/collector.rb",
     "lib/cantango/permission_engine/compiler.rb",
@@ -183,6 +197,8 @@ Gem::Specification.new do |s|
     "lib/cantango/rules/rule_class.rb",
     "lib/cantango/rules/scope.rb",
     "lib/cantango/rules/user_relation.rb",
+    "lib/cantango/user_ac_engine.rb",
+    "lib/cantango/user_ac_engine/executor.rb",
     "lib/cantango/users.rb",
     "lib/cantango/users/macros.rb",
     "lib/cantango/users/masquerade.rb",
@@ -201,6 +217,7 @@ Gem::Specification.new do |s|
     "lib/generators/cantango/license/templates/license.erb",
     "lib/generators/cantango/license_base.rb",
     "lib/generators/cantango/licenses/licenses_generator.rb",
+    "lib/generators/cantango/permission/permission_generator.rb",
     "lib/generators/cantango/permit_generator.rb",
     "lib/generators/cantango/role_permit/role_permit_generator.rb",
     "lib/generators/cantango/role_permit/templates/account_permit.erb",
@@ -227,6 +244,7 @@ Gem::Specification.new do |s|
     "spec/active_record/migrations/005_create_account.rb",
     "spec/active_record/migrations/006_create_todo.rb",
     "spec/active_record/migrations/007_create_user_todos.rb",
+    "spec/active_record/migrations/008_create_permissions.rb",
     "spec/active_record/scenarios/SCENARIOS README.textile",
     "spec/active_record/scenarios/engines/permission_engine/categories.yml",
     "spec/active_record/scenarios/engines/permission_engine/permissions.yml",
@@ -281,6 +299,8 @@ Gem::Specification.new do |s|
     "spec/cantango/ability/cache/session_cache_spec.rb",
     "spec/cantango/ability/cache/writer_spec.rb",
     "spec/cantango/ability/cache_spec.rb",
+    "spec/cantango/ability_executor/cached_only_spec.rb",
+    "spec/cantango/ability_executor_spec.rb",
     "spec/cantango/ability_filters_spec.rb",
     "spec/cantango/ability_spec.rb",
     "spec/cantango/api/attributes_spec.rb",
@@ -294,6 +314,7 @@ Gem::Specification.new do |s|
     "spec/cantango/api/user_account/scope_api_spec.rb",
     "spec/cantango/api/user_account_api_spec.rb",
     "spec/cantango/api/user_api_spec.rb",
+    "spec/cantango/cached_ability_spec.rb",
     "spec/cantango/configuration/ability_spec.rb",
     "spec/cantango/configuration/adapter_spec.rb",
     "spec/cantango/configuration/autoload_spec.rb",
@@ -323,6 +344,8 @@ Gem::Specification.new do |s|
     "spec/cantango/configuration/user_spec.rb",
     "spec/cantango/configuration_spec.rb",
     "spec/cantango/license/save_license_spec.rb",
+    "spec/cantango/model/filter_spec.rb",
+    "spec/cantango/model/scope_spec.rb",
     "spec/cantango/models/items.rb",
     "spec/cantango/models/users.rb",
     "spec/cantango/moneta_spec.rb",
@@ -332,7 +355,7 @@ Gem::Specification.new do |s|
     "spec/cantango/permission_engine/categories_store_spec.rb",
     "spec/cantango/permission_engine/compiler_spec.rb",
     "spec/cantango/permission_engine/loader/categories_spec.rb",
-    "spec/cantango/permission_engine/loader/permissions/cantango_permissions_loader.rb",
+    "spec/cantango/permission_engine/loader/permissions/cantango_permissions_loader_spec.rb",
     "spec/cantango/permission_engine/loader/permissions/shared.rb",
     "spec/cantango/permission_engine/moneta_store_spec.rb",
     "spec/cantango/permission_engine/parser_spec.rb",
@@ -359,6 +382,7 @@ Gem::Specification.new do |s|
     "spec/cantango/permits/macros_spec.rb",
     "spec/cantango/permits/permit_spec.rb",
     "spec/cantango/rules_spec.rb",
+    "spec/cantango/user_ac_engine_spec.rb",
     "spec/cantango_spec.rb",
     "spec/devise-dummy/Rakefile",
     "spec/devise-dummy/app/controllers/accounts_controller.rb",
@@ -562,6 +586,7 @@ Gem::Specification.new do |s|
     "spec/entire_suite_spec.rb",
     "spec/factories/user.rb",
     "spec/factories/user_account.rb",
+    "spec/fixtures/config/cantango_permissions.yml",
     "spec/fixtures/config/categories.yml",
     "spec/fixtures/config/evaluator_fixtures.yml",
     "spec/fixtures/config/licenses.yml",
@@ -573,6 +598,7 @@ Gem::Specification.new do |s|
     "spec/fixtures/models/admin.rb",
     "spec/fixtures/models/admin_account.rb",
     "spec/fixtures/models/items.rb",
+    "spec/fixtures/models/permission.rb",
     "spec/fixtures/models/simple_roles.rb",
     "spec/fixtures/models/user.rb",
     "spec/fixtures/models/user_account.rb",
@@ -582,6 +608,7 @@ Gem::Specification.new do |s|
     "spec/generators/cantango/install_generator_spec.rb",
     "spec/generators/cantango/license_generator_spec.rb",
     "spec/generators/cantango/licenses_generator_spec.rb",
+    "spec/generators/cantango/permission_generator_spec.rb",
     "spec/generators/cantango/role_permit_generator_spec.rb",
     "spec/generators/cantango/role_permits_generator_spec.rb",
     "spec/helpers/dummy_app_ability.rb",
@@ -635,11 +662,11 @@ Gem::Specification.new do |s|
     "wiki/when_to_use.markdown",
     "wiki/why_to_use.markdown"
   ]
-  s.homepage = "http://github.com/kristianmandrup/cantango"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.10"
-  s.summary = "CanCan extension with role oriented permission management and more"
+  s.homepage = %q{http://github.com/kristianmandrup/cantango}
+  s.licenses = [%q{MIT}]
+  s.require_paths = [%q{lib}]
+  s.rubygems_version = %q{1.8.6}
+  s.summary = %q{CanCan extension with role oriented permission management and more}
 
   if s.respond_to? :specification_version then
     s.specification_version = 3

data/lib/cantango.rb

@@ -10,9 +10,10 @@ require 'sweetloader'
 AutoLoader.namespaces = {:CanTango => 'cantango'}
 
 module CanTango
-  autoload_modules :Ability, :Api, :Configuration, :Cache, :Permits
-  autoload_modules :PermitEngine, :Rails, :Users
-  autoload_modules :PermissionEngine, :Rules, :Api, :Helpers, :Filters, :Engine
+  autoload_modules :Ability, :CachedAbility, :AbilityExecutor
+  autoload_modules :Api, :Configuration, :Cache, :Permits
+  autoload_modules :PermitEngine, :PermissionEngine, :UserAcEngine
+  autoload_modules :Rails, :Users, :Rules, :Api, :Helpers, :Filters, :Model, :Engine
 
   class << self
     def configure &block

data/lib/cantango/ability.rb

@@ -4,50 +4,39 @@ module CanTango
   class Ability
     autoload_modules :Scope, :Cache
     autoload_modules :MasqueradeHelpers, :PermitHelpers, :PermissionHelpers
-    autoload_modules :UserHelpers, :RoleHelpers, :CacheHelpers
+    autoload_modules :UserHelpers, :RoleHelpers, :CacheHelpers, :EngineHelpers
 
     include CanCan::Ability
 
-    attr_reader :options, :subject, :session, :candidate
+    attr_reader :options, :candidate
 
     # Equivalent to a CanCan Ability#initialize call
     # which executes all the permission logic
     def initialize candidate, options = {}
       raise "Candidate must be something!" if !candidate
       @candidate, @options = candidate, options
-      @session = options[:session] || {} # seperate session cache for each type of user?
-
-      return if cached_rules?
 
       clear_rules!
       permit_rules
-      execute_engines!
 
-      cache_rules! if caching_on?
+      execute_engines! if engines_on?
     end
 
     include CanTango::PermitEngine::Util
 
-    def permit_rules
-    end
-
-    def clear_rules!
-      @rules = []
+    def cached?
+      false
     end
 
-    def execute_engines!
-      each_engine {|engine| engine.new(self).execute! if engine  }
+    def permit_rules
     end
 
-    def each_engine &block
-      engines.execution_order.each do |name| 
-        
-        yield engines.registered[name] if engines.active? name
-      end
+    def clear_rules!
+      @rules ||= default_rules
     end
 
-    def engines
-      CanTango.config.engines
+    def session
+      @session = options[:session] || {} # seperate session cache for each type of user?
     end
 
     def subject
@@ -60,11 +49,18 @@ module CanTango
       CanTango.config
     end
 
+    include EngineHelpers
     include CacheHelpers
     include MasqueradeHelpers
     include PermissionHelpers
     include PermitHelpers
     include UserHelpers
     include RoleHelpers
+
+    protected
+
+    def default_rules
+      []
+    end
   end
 end

data/lib/cantango/ability/cache/key.rb

@@ -4,9 +4,14 @@ module CanTango
       class Key
         attr_reader :user, :subject
 
-        def initialize user, subject = nil
+        def initialize user, subject = nil, method_names = nil
           @user = user
           @subject = subject || user
+          @method_names = method_names
+        end
+
+        def method_names
+          @method_names ||= [:roles_list, :role_groups_list]
         end
 
         def self.create_for ability
@@ -26,7 +31,16 @@ module CanTango
         protected
 
         def hash_values
-          @hash_values ||= [user_key, subject_roles_hash].compact
+          @hash_values ||= [user_key, subject_roles_hash, permissions_key].compact
+        end
+
+        def permissions_key
+          return subject.send(:permissions_hash) if permissions_key? && subject.respond_to?(:permissions_hash)
+          subject.send(:permissions) if permissions_key?
+        end
+
+        def permissions_key?
+          subject.respond_to?(:permissions) && permission_engine.modes.include?(:cache) && permission_engine.on?
         end
 
         def user_key
@@ -43,11 +57,25 @@ module CanTango
         end
 
         def role_hash_values
-          @role_hash_values ||= [:roles_list, :role_groups_list].inject([]) do |result, meth|
-            result << subject.send(meth) if subject.respond_to? meth
+          @role_hash_values ||= method_names.inject([]) do |result, meth_name|
+            result << subject.send(meth_name) if use_in_hash? meth_name
             result
           end
         end
+
+        private
+
+        def permission_engine
+          CanTango.config.engine(:user_ac)
+        end
+
+        def use_in_hash? meth_name
+          subject.respond_to?(meth_name) && CanTango.config.permits.enabled_types.include?(meth_map[meth_name])
+        end
+
+        def meth_map
+          {:roles_list => :role, :role_groups_list => :role_group }
+        end
       end
     end
   end

data/lib/cantango/ability/cache/rules_cache.rb

@@ -17,11 +17,18 @@ module CanTango
         end
 
         def cache_options
-          CanTango.config.cache_engine.store.options || {}
+          cache_engine.store.options || {}
         end
 
         def clazz
-          CanTango.config.cache_engine.store.default_class
+          cache_engine.store.default_class
+        end
+
+        protected
+
+        def cache_engine
+          raise "Cache engine not registered!" if !CanTango.config.engine(:cache)
+          CanTango.config.engine(:cache)
         end
       end
     end

data/lib/cantango/ability/cache_helpers.rb

@@ -3,7 +3,7 @@ module CanTango
     module CacheHelpers
 
       def cached_rules?
-        caching_on? && cache.key.same?(session)
+        cache.key.same?(session)
       end
 
       def cache_rules!
@@ -17,12 +17,6 @@ module CanTango
       def cache
         @cache ||= Cache.new self
       end
-
-      protected
-
-      def caching_on?
-        CanTango.config.cache_engine.on?
-      end
     end
   end
 end

data/lib/cantango/ability/engine_helpers.rb

@@ -0,0 +1,27 @@
+module CanTango
+  class Ability
+    module EngineHelpers
+      def execute_engines!
+        each_engine {|engine| engine.new(self).execute! if engine  }
+      end
+
+      def each_engine &block
+        engines.execution_order.each do |name|
+          yield engines.registered[name] if engines.active? name
+        end
+      end
+
+      def opts_engines_off?
+        options[:engines] == :off
+      end
+
+       def engines_on?
+        CanTango.config.engines.any?(:on) && !opts_engines_off?
+      end
+
+      def engines
+        CanTango.config.engines
+      end
+    end
+  end
+end