cantango 0.9.3.2 → 0.9.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.textile +11 -9
- data/VERSION +1 -1
- data/cantango.gemspec +24 -3
- data/lib/cantango/ability/cache/key.rb +6 -2
- data/lib/cantango/ability/cache/reader.rb +3 -0
- data/lib/cantango/ability/cache/session_cache.rb +7 -3
- data/lib/cantango/ability/cache/writer.rb +8 -2
- data/lib/cantango/ability/cache.rb +25 -8
- data/lib/cantango/ability/cache_helpers.rb +4 -13
- data/lib/cantango/ability/cached_executor.rb +0 -0
- data/lib/cantango/ability/engine_helpers.rb +4 -1
- data/lib/cantango/ability/executor.rb +67 -0
- data/lib/cantango/ability/permission_helpers.rb +0 -1
- data/lib/cantango/ability.rb +1 -1
- data/lib/cantango/cached_ability.rb +3 -2
- data/lib/cantango/configuration/engines/cache.rb +0 -3
- data/lib/cantango/configuration/engines/engine.rb +5 -0
- data/lib/cantango/configuration/engines/permission.rb +5 -4
- data/lib/cantango/configuration/engines/permit.rb +0 -5
- data/lib/cantango/configuration/engines/user_ac.rb +6 -3
- data/lib/cantango/configuration/models/active_record.rb +11 -0
- data/lib/cantango/configuration/models/data_mapper.rb +12 -0
- data/lib/cantango/configuration/models/generic.rb +12 -0
- data/lib/cantango/configuration/models/mongo.rb +12 -0
- data/lib/cantango/configuration/models/mongo_mapper.rb +11 -0
- data/lib/cantango/configuration/models/mongoid.rb +13 -0
- data/lib/cantango/configuration/models.rb +27 -2
- data/lib/cantango/configuration/permits.rb +2 -1
- data/lib/cantango/configuration.rb +14 -0
- data/lib/cantango/engine.rb +5 -19
- data/lib/cantango/model/scope.rb +19 -5
- data/lib/cantango/permission_engine/collector.rb +3 -0
- data/lib/cantango/permission_engine/evaluator.rb +5 -0
- data/lib/cantango/permission_engine/factory.rb +3 -0
- data/lib/cantango/permission_engine/loader/permissions.rb +7 -8
- data/lib/cantango/permission_engine/store.rb +0 -1
- data/lib/cantango/permission_engine/yaml_store.rb +15 -4
- data/lib/cantango/permission_engine.rb +21 -4
- data/lib/cantango/permit_engine/factory.rb +10 -4
- data/lib/cantango/permit_engine.rb +39 -9
- data/lib/cantango/permits/account_permit/builder.rb +6 -2
- data/lib/cantango/{user_ac_engine → permits}/executor.rb +28 -30
- data/lib/cantango/permits/permit/class_methods.rb +21 -0
- data/lib/cantango/permits/permit/execute.rb +81 -0
- data/lib/cantango/permits/permit/license.rb +26 -0
- data/lib/cantango/permits/permit.rb +19 -138
- data/lib/cantango/permits/role_group_permit/builder.rb +5 -1
- data/lib/cantango/permits/role_group_permit.rb +3 -3
- data/lib/cantango/permits/role_permit/builder.rb +4 -0
- data/lib/cantango/permits/user_permit/builder.rb +5 -1
- data/lib/cantango/permits/user_permit.rb +1 -1
- data/lib/cantango/permits.rb +1 -0
- data/lib/cantango/rails/engine.rb +0 -3
- data/lib/cantango/rails/helpers/base_helper.rb +1 -1
- data/lib/cantango/rails/helpers/rest_helper.rb +1 -1
- data/lib/cantango/rules/adaptor/active_record.rb +1 -4
- data/lib/cantango/rules/adaptor/data_mapper.rb +11 -0
- data/lib/cantango/rules/adaptor/mongo.rb +19 -0
- data/lib/cantango/rules/adaptor/mongo_mapper.rb +10 -0
- data/lib/cantango/rules/adaptor/mongoid.rb +1 -5
- data/lib/cantango/rules/adaptor/relational.rb +13 -0
- data/lib/cantango/rules/adaptor.rb +12 -7
- data/lib/cantango/rules/user_relation.rb +1 -2
- data/lib/cantango/user_ac_engine.rb +25 -7
- data/lib/cantango.rb +2 -0
- data/spec/cantango/ability/executor_spec.rb +67 -0
- data/spec/cantango/ability_executor/cached_only_spec.rb +1 -0
- data/spec/cantango/model/scope_spec.rb +11 -0
- data/spec/cantango/models/items.rb +5 -0
- data/spec/cantango/permission_engine_cached_spec.rb +51 -0
- data/spec/cantango/permission_engine_spec.rb +55 -0
- data/spec/cantango/permit_engine_cached_spec.rb +56 -0
- data/spec/cantango/permit_engine_spec.rb +57 -1
- data/spec/cantango/permits/executor_cached_spec.rb +0 -0
- data/spec/cantango/permits/executor_spec.rb +68 -0
- data/spec/cantango/user_ac_engine_cached_spec.rb +64 -0
- data/spec/cantango/user_ac_engine_spec.rb +14 -2
- data/spec/fixtures/models/items.rb +3 -0
- data/spec/fixtures/models/user.rb +18 -0
- metadata +55 -34
@@ -1,6 +1,8 @@
|
|
1
1
|
module CanTango
|
2
2
|
class Configuration
|
3
3
|
class Models
|
4
|
+
autoload_modules :Generic, :ActiveRecord, :DataMapper, :MongoMapper, :Mongoid
|
5
|
+
|
4
6
|
include Singleton
|
5
7
|
include ClassExt
|
6
8
|
|
@@ -18,12 +20,35 @@ module CanTango
|
|
18
20
|
end
|
19
21
|
end
|
20
22
|
|
23
|
+
def exclude *names
|
24
|
+
@excluded = names.flatten.select_labels
|
25
|
+
end
|
26
|
+
|
27
|
+
def excluded
|
28
|
+
@excluded ||= []
|
29
|
+
end
|
30
|
+
|
21
31
|
def available_models
|
22
|
-
|
32
|
+
all_models - excluded.map {|m| m.to_s.camelize}
|
33
|
+
end
|
34
|
+
|
35
|
+
protected
|
36
|
+
|
37
|
+
def all_models
|
38
|
+
CanTango.config.orms.inject([]) do |result, orm|
|
39
|
+
result << adapter_for(orm).models.map(&:name)
|
40
|
+
result
|
41
|
+
end.flatten.compact
|
23
42
|
end
|
24
43
|
|
25
44
|
private
|
26
45
|
|
46
|
+
|
47
|
+
|
48
|
+
def adapter_for orm
|
49
|
+
"CanTango::Configuration::Models::#{orm.to_s.camlize}".constantize.new
|
50
|
+
end
|
51
|
+
|
27
52
|
def try_model model_string
|
28
53
|
model = try_class(model_string.singularize) || try_class(model_string)
|
29
54
|
raise "No model #{model_string} defined!" if !model
|
@@ -33,7 +58,7 @@ module CanTango
|
|
33
58
|
def grep reg_exp
|
34
59
|
available_models.grep reg_exp
|
35
60
|
end
|
36
|
-
|
61
|
+
|
37
62
|
def ar_models
|
38
63
|
# Sugar-high #to_strings didn't work here!
|
39
64
|
ActiveRecord::Base.descendants
|
@@ -4,6 +4,7 @@ module CanTango
|
|
4
4
|
include Singleton
|
5
5
|
|
6
6
|
attr_reader :accounts
|
7
|
+
attr_writer :enabled_types
|
7
8
|
|
8
9
|
def enabled_types
|
9
10
|
@enabled_types || available_types
|
@@ -102,7 +103,7 @@ module CanTango
|
|
102
103
|
end
|
103
104
|
|
104
105
|
def key_for subject
|
105
|
-
subject.
|
106
|
+
subject.respond_to?(:subject) ? key_maker.create_for(subject) : key_maker.new(subject)
|
106
107
|
end
|
107
108
|
|
108
109
|
def key_maker
|
@@ -35,6 +35,10 @@ module CanTango
|
|
35
35
|
}
|
36
36
|
end
|
37
37
|
|
38
|
+
def debug!
|
39
|
+
debug.set :on
|
40
|
+
end
|
41
|
+
|
38
42
|
# Turn on all engines and enable compile adapter
|
39
43
|
# i.e compilation of rules via sourcify
|
40
44
|
def enable_defaults!
|
@@ -42,6 +46,15 @@ module CanTango
|
|
42
46
|
adapters.use :compiler
|
43
47
|
end
|
44
48
|
|
49
|
+
def enable_helpers *names
|
50
|
+
names = names.to_symbols
|
51
|
+
enable_rest_helper if names.include? :rest
|
52
|
+
end
|
53
|
+
|
54
|
+
def enable_rest_helper
|
55
|
+
ApplicationController.send :include, CanTango::Rails::Helpers::RestHelper
|
56
|
+
end
|
57
|
+
|
45
58
|
def clear!
|
46
59
|
CanTango::Configuration.components.each do |c|
|
47
60
|
comp = send(c)
|
@@ -67,6 +80,7 @@ module CanTango
|
|
67
80
|
engine
|
68
81
|
end
|
69
82
|
|
83
|
+
attr_accessor :orms
|
70
84
|
attr_writer :localhost_list
|
71
85
|
|
72
86
|
def localhost_list
|
data/lib/cantango/engine.rb
CHANGED
@@ -4,12 +4,14 @@ module CanTango
|
|
4
4
|
|
5
5
|
attr_reader :ability
|
6
6
|
|
7
|
+
delegate :session, :user, :subject, :candidate, :cached?, :to => :ability
|
8
|
+
|
7
9
|
def initialize ability
|
8
10
|
@ability = ability
|
9
11
|
end
|
10
12
|
|
11
13
|
def execute!
|
12
|
-
|
14
|
+
raise NotImplementedError
|
13
15
|
end
|
14
16
|
|
15
17
|
def engine_name
|
@@ -23,31 +25,15 @@ module CanTango
|
|
23
25
|
end
|
24
26
|
|
25
27
|
def valid_cache_mode?
|
26
|
-
modes.include?(:cache) &&
|
28
|
+
modes.include?(:cache) && cached?
|
27
29
|
end
|
28
30
|
|
29
31
|
def valid_no_cache_mode?
|
30
|
-
modes.include?(:no_cache) && !
|
32
|
+
modes.include?(:no_cache) && !cached?
|
31
33
|
end
|
32
34
|
|
33
35
|
def modes
|
34
36
|
CanTango.config.engine(engine_name.to_sym).modes
|
35
37
|
end
|
36
|
-
|
37
|
-
def cache_mode?
|
38
|
-
ability.cached?
|
39
|
-
end
|
40
|
-
|
41
|
-
def user
|
42
|
-
ability.user
|
43
|
-
end
|
44
|
-
|
45
|
-
def subject
|
46
|
-
ability.subject
|
47
|
-
end
|
48
|
-
|
49
|
-
def candidate
|
50
|
-
ability.candidate
|
51
|
-
end
|
52
38
|
end
|
53
39
|
end
|
data/lib/cantango/model/scope.rb
CHANGED
@@ -14,10 +14,11 @@ module CanTango::Model
|
|
14
14
|
include CanTango::Api::User::Ability
|
15
15
|
|
16
16
|
|
17
|
-
attr_reader :actions, :clazz
|
17
|
+
attr_reader :actions, :mode, :clazz
|
18
18
|
|
19
|
-
def initialize clazz, *actions
|
19
|
+
def initialize clazz, mode, *actions
|
20
20
|
@clazz = clazz
|
21
|
+
@mode = mode
|
21
22
|
@actions = actions.flatten
|
22
23
|
end
|
23
24
|
|
@@ -33,17 +34,26 @@ module CanTango::Model
|
|
33
34
|
protected
|
34
35
|
|
35
36
|
def check ability
|
37
|
+
puts ability.rules.inspect
|
36
38
|
clazz.all.select do |obj|
|
37
|
-
|
38
|
-
ability.
|
39
|
+
actions.all? do |action|
|
40
|
+
ability.send mode_action, action.to_sym, obj
|
39
41
|
end
|
40
42
|
end
|
41
43
|
end
|
44
|
+
|
45
|
+
def mode_action
|
46
|
+
"#{mode}?"
|
47
|
+
end
|
42
48
|
end
|
43
49
|
|
44
50
|
module ClassMethods
|
45
51
|
def allowed_to *actions
|
46
|
-
CanTango::Model::Scope::AllowedActions.new self, *actions
|
52
|
+
CanTango::Model::Scope::AllowedActions.new self, :can, *actions
|
53
|
+
end
|
54
|
+
|
55
|
+
def not_allowed_to *actions
|
56
|
+
CanTango::Model::Scope::AllowedActions.new self, :cannot, *actions
|
47
57
|
end
|
48
58
|
|
49
59
|
CanTango::Model::Scope.rest_actions.each do |action|
|
@@ -51,6 +61,10 @@ module CanTango::Model
|
|
51
61
|
define_method :"#{meth_name}_by" do |user|
|
52
62
|
all.select {|obj| obj.user_ability(user).can? action.to_sym, obj }
|
53
63
|
end
|
64
|
+
|
65
|
+
define_method :"not_#{meth_name}_by" do |user|
|
66
|
+
all.select {|obj| obj.user_ability(user).cannot? action.to_sym, obj }
|
67
|
+
end
|
54
68
|
end
|
55
69
|
end
|
56
70
|
end
|
@@ -1,9 +1,12 @@
|
|
1
1
|
module CanTango
|
2
2
|
class PermissionEngine < Engine
|
3
3
|
class Collector
|
4
|
+
include CanTango::Helpers::Debug
|
5
|
+
|
4
6
|
attr_reader :ability, :permissions, :type
|
5
7
|
|
6
8
|
def initialize ability, permissions, type
|
9
|
+
debug "Collecting #{type} permissions"
|
7
10
|
@ability = ability
|
8
11
|
@permissions = permissions
|
9
12
|
@type = type
|
@@ -1,6 +1,8 @@
|
|
1
1
|
module CanTango
|
2
2
|
class PermissionEngine < Engine
|
3
3
|
class Evaluator
|
4
|
+
include CanTango::Helpers::Debug
|
5
|
+
|
4
6
|
attr_reader :ability, :rule
|
5
7
|
|
6
8
|
include CanTango::Rules
|
@@ -12,6 +14,9 @@ module CanTango
|
|
12
14
|
end
|
13
15
|
|
14
16
|
def evaluate! user
|
17
|
+
debug "Evaluating rule:"
|
18
|
+
debug rule.can
|
19
|
+
debug rule.cannot
|
15
20
|
@user = user
|
16
21
|
instance_eval rule.can if rule.can?
|
17
22
|
instance_eval rule.cannot if rule.cannot?
|
@@ -1,6 +1,8 @@
|
|
1
1
|
module CanTango
|
2
2
|
class PermissionEngine < Engine
|
3
3
|
class Factory
|
4
|
+
include CanTango::Helpers::Debug
|
5
|
+
|
4
6
|
attr_accessor :ability
|
5
7
|
|
6
8
|
# creates the factory for the ability
|
@@ -11,6 +13,7 @@ module CanTango
|
|
11
13
|
end
|
12
14
|
|
13
15
|
def build!
|
16
|
+
debug "building permissions"
|
14
17
|
@evaluators ||= permission_types.inject([]) do |res, type|
|
15
18
|
res << collector(type).build
|
16
19
|
res
|
@@ -6,17 +6,16 @@ module CanTango
|
|
6
6
|
|
7
7
|
def initialize file_name
|
8
8
|
@file_name = file_name
|
9
|
-
|
10
9
|
load!
|
11
10
|
end
|
12
11
|
|
13
12
|
def load_from_hash hash
|
14
13
|
return if hash.empty?
|
15
14
|
hash.each do |type, groups|
|
16
|
-
permissions[type] ||= {}
|
17
|
-
|
18
|
-
next if groups.nil?
|
19
|
-
|
15
|
+
permissions[type] ||= {}
|
16
|
+
|
17
|
+
next if groups.nil?
|
18
|
+
|
20
19
|
groups.each do |group, rules|
|
21
20
|
parser.parse(group, rules) do |permission|
|
22
21
|
permissions[type][permission.name] = permission
|
@@ -46,13 +45,13 @@ module CanTango
|
|
46
45
|
|
47
46
|
define_method(:"#{type}_compiled_permissions") do
|
48
47
|
type_permissions = send(:"#{type}_permissions")
|
49
|
-
|
48
|
+
|
50
49
|
return Hashie::Mash.new if !type_permissions || type_permissions.empty?
|
51
|
-
|
50
|
+
|
52
51
|
compiled_sum = send(:"#{type}_permissions").inject({}) do |compiled_sum, (actor, permission)|
|
53
52
|
compiled_sum.merge(permission.to_compiled_hash)
|
54
53
|
end
|
55
|
-
|
54
|
+
|
56
55
|
Hashie::Mash.new(compiled_sum)
|
57
56
|
end
|
58
57
|
end
|
@@ -3,7 +3,7 @@ require 'yaml'
|
|
3
3
|
module CanTango
|
4
4
|
class PermissionEngine < Engine
|
5
5
|
class YamlStore < Store
|
6
|
-
attr_reader :path
|
6
|
+
attr_reader :path, :last_load_time
|
7
7
|
|
8
8
|
# for a YamlStore, the name is the name of the yml file
|
9
9
|
# options: extension, path
|
@@ -14,16 +14,27 @@ module CanTango
|
|
14
14
|
|
15
15
|
def load!
|
16
16
|
loader.load!
|
17
|
+
@last_load_time = Time.now
|
17
18
|
end
|
18
19
|
|
19
20
|
def load_from_hash hash
|
20
21
|
loader.load_from_hash hash
|
21
22
|
end
|
22
23
|
|
23
|
-
#
|
24
|
-
#
|
24
|
+
# return cached permissions if file has not changed since last load
|
25
|
+
# otherwise load permissions again to reflect changes!
|
25
26
|
def permissions
|
26
|
-
@permissions
|
27
|
+
return @permissions if changed?
|
28
|
+
@permissions = loader.permissions
|
29
|
+
end
|
30
|
+
|
31
|
+
def changed?
|
32
|
+
return true if !last_load_time
|
33
|
+
last_modify_time <= last_load_time
|
34
|
+
end
|
35
|
+
|
36
|
+
def last_modify_time
|
37
|
+
File.mtime(file_path)
|
27
38
|
end
|
28
39
|
|
29
40
|
CanTango.config.permission_engine.types.each do |type|
|
@@ -4,13 +4,15 @@ module CanTango
|
|
4
4
|
autoload_modules :Factory, :Loader, :Parser, :Permission
|
5
5
|
autoload_modules :RulesParser, :Store, :YamlStore, :Statements, :Statement
|
6
6
|
|
7
|
+
include CanTango::Ability::Executor
|
8
|
+
include CanTango::Ability::RoleHelpers
|
9
|
+
include CanTango::Ability::UserHelpers
|
10
|
+
|
7
11
|
def initialize ability
|
8
12
|
super
|
9
13
|
end
|
10
14
|
|
11
|
-
def
|
12
|
-
return if !valid?
|
13
|
-
debug "Permission Engine executing..."
|
15
|
+
def permit_rules
|
14
16
|
permissions.each do |permission|
|
15
17
|
permission.evaluate! user
|
16
18
|
end
|
@@ -21,6 +23,7 @@ module CanTango
|
|
21
23
|
end
|
22
24
|
|
23
25
|
def valid?
|
26
|
+
puts "valid_mode? #{valid_mode?} #{modes} #{cached?}"
|
24
27
|
return false if !valid_mode?
|
25
28
|
permissions.empty? ? invalid : true
|
26
29
|
end
|
@@ -31,13 +34,27 @@ module CanTango
|
|
31
34
|
|
32
35
|
protected
|
33
36
|
|
37
|
+
alias_method :cache_key, :engine_name
|
38
|
+
|
39
|
+
def start_execute
|
40
|
+
debug "Permission Engine executing..."
|
41
|
+
end
|
42
|
+
|
43
|
+
def end_execute
|
44
|
+
debug "Done Permission Engine"
|
45
|
+
end
|
46
|
+
|
34
47
|
def invalid
|
35
48
|
debug "No permissions found!"
|
36
49
|
false
|
37
50
|
end
|
38
51
|
|
39
52
|
def permission_factory
|
40
|
-
@permission_factory ||= CanTango::PermissionEngine::Factory.new
|
53
|
+
@permission_factory ||= CanTango::PermissionEngine::Factory.new self
|
54
|
+
end
|
55
|
+
|
56
|
+
def changed?
|
57
|
+
permission_factory.store.changed?
|
41
58
|
end
|
42
59
|
end
|
43
60
|
end
|
@@ -17,13 +17,19 @@ module CanTango
|
|
17
17
|
permits
|
18
18
|
end
|
19
19
|
|
20
|
+
# return hash of permits built, keyed by name of builder
|
20
21
|
def permits
|
21
|
-
@permits ||= builders.inject(
|
22
|
+
@permits ||= builders.inject({}) do |permits, builder|
|
22
23
|
debug "++ Permit Builder: #{builder_class builder}"
|
23
24
|
built_permits = permits_built_with(builder)
|
24
|
-
|
25
|
-
|
26
|
-
|
25
|
+
|
26
|
+
if built_permits
|
27
|
+
debug "== Permits built: #{built_permits.size}"
|
28
|
+
permits[builder] = built_permits
|
29
|
+
end
|
30
|
+
|
31
|
+
permits
|
32
|
+
end
|
27
33
|
end
|
28
34
|
|
29
35
|
def permits_built_with builder
|
@@ -3,21 +3,26 @@ module CanTango
|
|
3
3
|
autoload_modules :Builder, :Compatibility, :Executor
|
4
4
|
autoload_modules :Factory, :Finder, :Loaders, :Util, :RoleMatcher
|
5
5
|
|
6
|
+
include CanTango::Ability::Executor
|
7
|
+
include CanTango::Ability::RoleHelpers
|
8
|
+
include CanTango::Ability::UserHelpers
|
9
|
+
|
6
10
|
def initialize ability
|
7
11
|
super
|
8
12
|
end
|
9
13
|
|
10
|
-
def
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
permits.each do |permit|
|
16
|
-
CanTango.config.permits.was_executed(permit, ability) if CanTango.config.debug.on?
|
17
|
-
break if permit.execute == :break
|
14
|
+
def permit_rules
|
15
|
+
# push result of each permit type execution into main ability rules array
|
16
|
+
permits.each_pair do |type, permits|
|
17
|
+
perm_rules = executor(type, permits).execute!
|
18
|
+
rules << perm_rules if !perm_rules.blank?
|
18
19
|
end
|
19
20
|
end
|
20
21
|
|
22
|
+
def executor type, permits
|
23
|
+
CanTango::Permits::Executor.new self, type, permits
|
24
|
+
end
|
25
|
+
|
21
26
|
def engine_name
|
22
27
|
:permit
|
23
28
|
end
|
@@ -40,13 +45,38 @@ module CanTango
|
|
40
45
|
|
41
46
|
protected
|
42
47
|
|
48
|
+
alias_method :cache_key, :engine_name
|
49
|
+
|
50
|
+
def start_execute
|
51
|
+
debug "Permit Engine executing..."
|
52
|
+
end
|
53
|
+
|
54
|
+
def end_execute
|
55
|
+
debug "Done Permit Engine"
|
56
|
+
end
|
57
|
+
|
43
58
|
def invalid
|
44
59
|
debug "No permits found!"
|
45
60
|
false
|
46
61
|
end
|
47
62
|
|
48
63
|
def permit_factory
|
49
|
-
@permit_factory ||= CanTango::PermitEngine::Factory.new
|
64
|
+
@permit_factory ||= CanTango::PermitEngine::Factory.new self
|
65
|
+
end
|
66
|
+
|
67
|
+
def key_method_names
|
68
|
+
permits.keys.map {|type| key type }.compact
|
69
|
+
end
|
70
|
+
|
71
|
+
def key type
|
72
|
+
case type
|
73
|
+
when :role
|
74
|
+
roles_list_meth
|
75
|
+
when :role_group
|
76
|
+
role_groups_list_meth
|
77
|
+
else
|
78
|
+
nil
|
79
|
+
end
|
50
80
|
end
|
51
81
|
end
|
52
82
|
end
|
@@ -8,15 +8,19 @@ module CanTango
|
|
8
8
|
# @return [Array<RoleGroupPermit::Base>] the role permits built for this ability
|
9
9
|
def build
|
10
10
|
return [] if !user_account
|
11
|
-
puts debug_msg if CanTango.debug?
|
11
|
+
puts debug_msg if CanTango.debug?
|
12
12
|
[permit].compact
|
13
13
|
end
|
14
14
|
|
15
|
+
def name
|
16
|
+
:account
|
17
|
+
end
|
18
|
+
|
15
19
|
protected
|
16
20
|
|
17
21
|
def debug_msg
|
18
22
|
permit ? "Building AccountPermit for #{user_account}, permit: #{permit}" : "Not building any AccountPermit"
|
19
|
-
end
|
23
|
+
end
|
20
24
|
|
21
25
|
def permit
|
22
26
|
create_permit(user_account.class.to_s)
|
@@ -2,44 +2,24 @@
|
|
2
2
|
# which can be cached under some key and later reused
|
3
3
|
#
|
4
4
|
module CanTango
|
5
|
-
|
5
|
+
module Permits
|
6
6
|
class Executor
|
7
|
-
include CanTango::Ability::
|
7
|
+
include CanTango::Ability::Executor
|
8
8
|
|
9
|
-
attr_reader :ability, :permits
|
9
|
+
attr_reader :ability, :permit_type, :permits
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
@
|
15
|
-
@permissions = permissions
|
11
|
+
def initialize ability, permit_type, permits
|
12
|
+
@ability = ability
|
13
|
+
@permit_type = permit_type
|
14
|
+
@permits = permits
|
16
15
|
end
|
17
16
|
|
18
|
-
|
19
|
-
:user_ac
|
20
|
-
end
|
21
|
-
|
22
|
-
def rules
|
23
|
-
@rules ||= []
|
24
|
-
end
|
25
|
-
|
26
|
-
def clear_rules!
|
27
|
-
@rules ||= []
|
28
|
-
end
|
17
|
+
alias_method :cache_key, :permit_type
|
29
18
|
|
30
19
|
def cache
|
31
20
|
@cache ||= CanTango::Ability::Cache.new self, :cache_key => cache_key, :key_method_names => key_method_names
|
32
21
|
end
|
33
22
|
|
34
|
-
def execute!
|
35
|
-
return if cached_rules?
|
36
|
-
|
37
|
-
clear_rules!
|
38
|
-
permit_rules
|
39
|
-
|
40
|
-
cache_rules!
|
41
|
-
end
|
42
|
-
|
43
23
|
def permit_rules
|
44
24
|
# TODO: somehow type specific caching of result of permits!
|
45
25
|
permits.each do |permit|
|
@@ -50,10 +30,28 @@ module CanTango
|
|
50
30
|
|
51
31
|
protected
|
52
32
|
|
33
|
+
def valid?
|
34
|
+
true
|
35
|
+
end
|
36
|
+
|
37
|
+
def start_execute
|
38
|
+
debug "Execute #{permit_type} permits"
|
39
|
+
end
|
40
|
+
|
41
|
+
def end_execute
|
42
|
+
debug "Done #{permit_type} permits"
|
43
|
+
end
|
44
|
+
|
53
45
|
def key_method_names
|
54
|
-
|
46
|
+
case permit_type
|
47
|
+
when :role
|
48
|
+
[roles_list_meth]
|
49
|
+
when :role_group
|
50
|
+
[role_groups_list_meth]
|
51
|
+
else
|
52
|
+
[]
|
53
|
+
end
|
55
54
|
end
|
56
55
|
end
|
57
56
|
end
|
58
57
|
end
|
59
|
-
|
@@ -0,0 +1,21 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Permits
|
3
|
+
class Permit
|
4
|
+
module ClassMethods
|
5
|
+
def first_name clazz
|
6
|
+
clazz.to_s.gsub(/^([A-Za-z]+).*/, '\1').underscore.to_sym # first part of class name
|
7
|
+
end
|
8
|
+
|
9
|
+
def type
|
10
|
+
:abstract
|
11
|
+
end
|
12
|
+
|
13
|
+
def account_name clazz
|
14
|
+
return nil if clazz.name == clazz.name.demodulize
|
15
|
+
clazz.name.gsub(/::.*/,'').gsub(/(.*)Permits/, '\1').underscore.to_sym
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|