cantango 0.8.9.5 → 0.9.3.2

data/lib/cantango/permit_engine.rb

@@ -8,10 +8,9 @@ module CanTango
     end
 
     def execute!
-      if CanTango.config.debug.on?
-        puts "Permit Engine executing..." 
-        puts "No permits found!" if permits.empty?
-      end
+      return if !valid?
+      debug "Permit Engine executing..."
+
       # CanTango.config.permits.clear_executed! # should there be an option clear before each execution?
       permits.each do |permit|
         CanTango.config.permits.was_executed(permit, ability) if CanTango.config.debug.on?
@@ -19,6 +18,15 @@ module CanTango
       end
     end
 
+    def engine_name
+      :permit
+    end
+
+    def valid?
+      return false if !valid_mode?
+      permits.empty? ? invalid : true
+    end
+
     # by default, only execute permits for which the user
     # has a role or a role group
     # also execute any permit marked as special
@@ -32,6 +40,11 @@ module CanTango
 
     protected
 
+    def invalid
+      debug "No permits found!"
+      false
+    end
+
     def permit_factory
       @permit_factory ||= CanTango::PermitEngine::Factory.new ability
     end

data/lib/cantango/permit_engine/builder/base.rb

@@ -4,6 +4,8 @@ module CanTango
       class CreatePermitError < StandardError; end;
 
       class Base
+        include CanTango::Helpers::Debug
+
         attr_accessor :ability
 
         # creates the factory for the ability
@@ -37,7 +39,7 @@ module CanTango
         end
 
         def permit_clazz name
-          puts "Permit Finder: #{finder}" if CanTango.debug?
+          debug "Permit Finder: #{finder}"
           finder.new(subject, name).get_permit
         end
 

data/lib/cantango/permit_engine/executor/abstract.rb

@@ -2,6 +2,8 @@ module CanTango
   class PermitEngine < Engine
     module Executor
       class Abstract
+        include CanTango::Helpers::Debug
+
         attr_accessor :permit
 
         def initialize permit

data/lib/cantango/permit_engine/executor/base.rb

@@ -10,7 +10,7 @@ module CanTango
         protected
 
         def not_candidate_permit
-          puts "Permit #{permit} is not valid for #{subject}" if CanTango.debug?
+          debug "Permit #{permit} is not valid for #{subject}"
         end
       end
     end

data/lib/cantango/permit_engine/factory.rb

@@ -1,6 +1,8 @@
 module CanTango
   class PermitEngine < Engine
     class Factory
+      include CanTango::Helpers::Debug
+
       attr_accessor :ability
 
       # creates the factory for the ability
@@ -11,15 +13,15 @@ module CanTango
       end
 
       def build!
-        puts "PermitEngine Factory: No permits could be built" if permits.empty? && CanTango.debug?
+        debug "PermitEngine Factory: No permits could be built" if permits.empty?
         permits
       end
 
       def permits
         @permits ||= builders.inject([]) do |permits, builder|
-          puts "++ Permit Builder: #{builder_class builder}" if CanTango.debug?
+          debug "++ Permit Builder: #{builder_class builder}"
           built_permits = permits_built_with(builder)
-          puts "== Permits built: #{built_permits.size}" if CanTango.debug?
+          debug "== Permits built: #{built_permits.size}"
           permits = permits + built_permits if built_permits
         end.flatten
       end

data/lib/cantango/permit_engine/finder.rb

@@ -1,6 +1,8 @@
 module CanTango
   class PermitEngine < Engine
     class Finder
+      include CanTango::Helpers::Debug
+
       # This class is used to find the right permit, possible scoped for a specific user account
       attr_reader :user_account, :name
 
@@ -44,12 +46,8 @@ module CanTango
 
       def permit
         found = registered_permits.registered_for type, name
-        debug_msg permit_msg(found)
-        found        
-      end
-
-      def debug_msg msg
-        puts msg if CanTango.debug?
+        debug permit_msg(found)
+        found
       end
 
       def permit_msg found

data/lib/cantango/permit_engine/util.rb

@@ -6,7 +6,7 @@ module CanTango
       def permit_name clazz
         @name ||= clazz.to_s.demodulize.gsub(/Role/,'').gsub(/Permit$/, '').gsub(/Group/,'').underscore.to_sym
       end
-      
+
       # TODO:
       def role
         @role ||= permit_name

data/lib/cantango/permits/permit.rb

@@ -30,6 +30,10 @@ module CanTango
         clazz.name.gsub(/::.*/,'').gsub(/(.*)Permits/, '\1').underscore.to_sym
       end
 
+      def cached?
+        ability.cached?
+      end
+
       def permit_type
         self.class.type
       end
@@ -119,11 +123,32 @@ module CanTango
       # or if subclassing another Permit than Permit::Base
       #
       def permit?
+        cached? ? cached_rules : non_cached_rules
+        run_rule_methods
+      end
+
+      def run_rule_methods
         static_rules
         permit_rules
         dynamic_rules
       end
 
+      def non_cached_rules
+        include_non_cached if defined?(self.class::NonCached)
+     end
+
+      def cached_rules
+        include_cached if defined?(self.class::Cached)
+      end
+
+      def include_non_cached
+        self.class.send :include, self.class::NonCached
+      end
+
+      def include_cached
+        self.class.send :include, self.class::Cached
+      end
+
       def licenses *names
         names.to_strings.each do |name|
           try_license name

data/lib/cantango/permits/role_group_permit/builder.rb

@@ -8,17 +8,17 @@ module CanTango
         # builds a list of Permits for each role group of the current ability user (or account)
         # @return [Array<RoleGroupPermit::Base>] the role group permits built for this ability
         def build
-          if roles.empty?
-            puts "Not building any RoleGroupPermit" if CanTango.debug?
-            return [] if role_groups.empty?
-          end
-      
-          role_groups.inject([]) do |permits, role_group|
+          matching_permits = matching_role_groups(roles).inject([]) do |permits, role_group|
             puts "Building RoleGroupPermit for #{role_group}" if CanTango.debug?
             (permits << create_permit(role_group)) if valid?(role_group)
             permits
           end.compact
-        end
+
+          if matching_permits.empty?
+            puts "Not building any RoleGroupPermits since no role groups are roles that are members of a role group could be found for the permission candidate" if CanTango.debug?
+            return []
+          end
+       end
 
         def valid? role_group
           return true if !role_groups_filter?
@@ -31,6 +31,22 @@ module CanTango
 
         private
 
+        def matching_role_groups roles
+          role_groups | matching_role_groups_for(roles)
+        end
+
+        # will also run role_groups for which any role of the candidate is a member
+        # so if the candidate is a user and the user has a :trustee role and this role is part of the :trust role group,
+        # then the :trust role group permit will be run!
+        # Thus if the candidate has a particular role group or just has a role belonging to that role group, the permit
+        # for that role group will be run
+        def matching_role_groups_for roles
+          roles.inject([]) do |groups, role|
+            groups << subject.role_groups_for(role) if subject.respond_to?(:role_groups_for)
+            groups
+          end.flatten.compact.uniq
+        end
+
         def role_groups_filter?
           CanTango.config.role_groups.filter?
         end

data/lib/cantango/permits/role_permit.rb

@@ -28,7 +28,6 @@ module CanTango
         super
       end
 
-
       # In a specific Role based Permit you can use 
       #   def permit? user, options = {}
       #     ... permission logic follows
@@ -49,7 +48,7 @@ module CanTango
       def valid_for? subject
         in_role? subject
       end
-      
+
       protected
 
       include CanTango::Helpers::RoleMethods

data/lib/cantango/rails/helpers/rest_helper.rb

@@ -8,9 +8,10 @@ module CanTango::Rails::Helpers::RestHelper
   end
 
   def link_to_new obj, user_type, options = {}
-    return unless can_perform_action?(user_type, :create, obj)
+    clazz = obj.kind_of?(Class) ? obj : obj.class
+    return unless can_perform_action?(user_type, :create, clazz)
     # use i18n translation on label
-    link_to t(".create"), send(action_method obj, :new, options)
+    link_to t(".create"), send(action_method clazz, :new, options)
   end
 
   def link_to_delete obj, user_type, options = {}

data/lib/cantango/user_ac_engine.rb

@@ -0,0 +1,40 @@
+module CanTango
+  class UserAcEngine < Engine
+    autoload_modules :Executor
+
+    def initialize ability
+      super
+    end
+
+    def execute!
+      return if !valid?
+      debug "User AC Engine executing..."
+
+      permissions.each do |permission|
+        ability.can permission.action.to_sym, permission.thing_type.constantize do |thing|
+          thing.nil? || permission.thing_id.nil? || permission.thing_id == thing.id
+        end
+      end
+    end
+
+    def valid?
+      return false if !valid_mode?
+      permissions.empty? ? invalid : true
+    end
+
+    def engine_name
+      :user_ac
+    end
+
+    protected
+
+    def permissions
+      candidate.respond_to?(:permissions) ? candidate.permissions : []
+    end
+
+    def invalid
+      debug "No permissions for #{candidate} found!"
+      false
+    end
+  end
+end

data/lib/cantango/user_ac_engine/executor.rb

@@ -0,0 +1,59 @@
+# This class is responsible for executing a set of similar Permits and collecting their rule results into one rule collection
+# which can be cached under some key and later reused
+#
+module CanTango
+  class UserAcEngine < Engine
+    class Executor
+      include CanTango::Ability::CacheHelpers
+
+      attr_reader :ability, :permits
+
+      delegate :session, :user, :subject, :cached?, :to => :ability
+
+      def initialize ability, permit_type, permissions
+        @ability        = ability
+        @permissions    = permissions
+      end
+
+      def cache_key
+        :user_ac
+      end
+
+      def rules
+        @rules ||= []
+      end
+
+      def clear_rules!
+        @rules ||= []
+      end
+
+      def cache
+        @cache ||= CanTango::Ability::Cache.new self, :cache_key => cache_key, :key_method_names => key_method_names
+      end
+
+      def execute!
+        return if cached_rules?
+
+        clear_rules!
+        permit_rules
+
+        cache_rules!
+      end
+
+      def permit_rules
+        # TODO: somehow type specific caching of result of permits!
+        permits.each do |permit|
+          CanTango.config.permits.was_executed(permit, ability) if CanTango.debug?
+          break if permit.execute == :break
+        end
+      end
+
+      protected
+
+      def key_method_names
+        [:permissions_hash]
+      end
+    end
+  end
+end
+

data/lib/cantango/users/macros.rb

@@ -3,11 +3,14 @@ class Module
     self.send :include, CanTango::Users::User
     self.send :include, CanTango::Users::Masquerade if options[:masquerade]
   end
+  alias_method :cantango_user, :tango_user
 
   def tango_user_account options = {}
     self.send :include, CanTango::Users::UserAccount
     self.send :include, CanTango::Users::Masquerade if options[:masquerade]
   end
+  alias_method :tango_account, :tango_user_account 
+  alias_method :cantango_account, :tango_user_account
 
   def masquerader
     self.send :include, CanTango::Users::Masquerade

data/lib/cantango/users/user.rb

@@ -23,7 +23,7 @@ module CanTango
       end
 
       def self.included(base)
-        CanTango.config.users.register base.name.underscore
+        CanTango.config.users.register base.name.underscore, base
       end
     end
   end

data/lib/cantango/users/user_account.rb

@@ -16,7 +16,7 @@ module CanTango
       end
 
       def self.included(base)
-        CanTango.config.user_accounts.register base.name.underscore.gsub(/_account$/, '')
+        CanTango.config.user_accounts.register base.name.underscore.gsub(/_account$/, ''), base
       end
     end
   end

data/lib/generators/cantango/permission/permission_generator.rb

@@ -0,0 +1,43 @@
+require 'generators/cantango/base'
+
+module Cantango
+  module Generators
+    class PermissionGenerator < Cantango::Generators::Base
+      desc "Creates a Permission for a model in 'app/models'"
+
+      argument     :name,       :type => :string,
+          :desc => "Model to create Permission model for"
+
+      source_root File.dirname(__FILE__) + '/templates'
+
+      def main_flow
+        relational
+      end
+
+      def relational
+        Rails::Generators.invoke "model", ['Permission', "#{name}_id:integer", "thing_id:integer", "thing_type:string", "action:string"
+
+        puts "Manual Modifications to Permission model:"
+        puts "-----------------------------------------"
+        puts "belongs_to :#{name}"
+        puts "belongs_to :thing, :polymorphic => true"
+
+        puts "Manual Modifications to #{name.to_s.camelize} model:"
+        puts "has_many :permissions"
+        puts "-----------------------------------------"
+
+        puts "and then run:"
+        puts "rake db:migrate"
+      end
+
+      def document_store
+        Rails::Generators.invoke "model", ['Permission']
+        # use rails_artifactor to edit model?!
+      end
+
+      protected
+
+    end
+  end
+end
+