cantango 0.9.3.2 → 0.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.textile +11 -9
- data/VERSION +1 -1
- data/cantango.gemspec +24 -3
- data/lib/cantango/ability/cache/key.rb +6 -2
- data/lib/cantango/ability/cache/reader.rb +3 -0
- data/lib/cantango/ability/cache/session_cache.rb +7 -3
- data/lib/cantango/ability/cache/writer.rb +8 -2
- data/lib/cantango/ability/cache.rb +25 -8
- data/lib/cantango/ability/cache_helpers.rb +4 -13
- data/lib/cantango/ability/cached_executor.rb +0 -0
- data/lib/cantango/ability/engine_helpers.rb +4 -1
- data/lib/cantango/ability/executor.rb +67 -0
- data/lib/cantango/ability/permission_helpers.rb +0 -1
- data/lib/cantango/ability.rb +1 -1
- data/lib/cantango/cached_ability.rb +3 -2
- data/lib/cantango/configuration/engines/cache.rb +0 -3
- data/lib/cantango/configuration/engines/engine.rb +5 -0
- data/lib/cantango/configuration/engines/permission.rb +5 -4
- data/lib/cantango/configuration/engines/permit.rb +0 -5
- data/lib/cantango/configuration/engines/user_ac.rb +6 -3
- data/lib/cantango/configuration/models/active_record.rb +11 -0
- data/lib/cantango/configuration/models/data_mapper.rb +12 -0
- data/lib/cantango/configuration/models/generic.rb +12 -0
- data/lib/cantango/configuration/models/mongo.rb +12 -0
- data/lib/cantango/configuration/models/mongo_mapper.rb +11 -0
- data/lib/cantango/configuration/models/mongoid.rb +13 -0
- data/lib/cantango/configuration/models.rb +27 -2
- data/lib/cantango/configuration/permits.rb +2 -1
- data/lib/cantango/configuration.rb +14 -0
- data/lib/cantango/engine.rb +5 -19
- data/lib/cantango/model/scope.rb +19 -5
- data/lib/cantango/permission_engine/collector.rb +3 -0
- data/lib/cantango/permission_engine/evaluator.rb +5 -0
- data/lib/cantango/permission_engine/factory.rb +3 -0
- data/lib/cantango/permission_engine/loader/permissions.rb +7 -8
- data/lib/cantango/permission_engine/store.rb +0 -1
- data/lib/cantango/permission_engine/yaml_store.rb +15 -4
- data/lib/cantango/permission_engine.rb +21 -4
- data/lib/cantango/permit_engine/factory.rb +10 -4
- data/lib/cantango/permit_engine.rb +39 -9
- data/lib/cantango/permits/account_permit/builder.rb +6 -2
- data/lib/cantango/{user_ac_engine → permits}/executor.rb +28 -30
- data/lib/cantango/permits/permit/class_methods.rb +21 -0
- data/lib/cantango/permits/permit/execute.rb +81 -0
- data/lib/cantango/permits/permit/license.rb +26 -0
- data/lib/cantango/permits/permit.rb +19 -138
- data/lib/cantango/permits/role_group_permit/builder.rb +5 -1
- data/lib/cantango/permits/role_group_permit.rb +3 -3
- data/lib/cantango/permits/role_permit/builder.rb +4 -0
- data/lib/cantango/permits/user_permit/builder.rb +5 -1
- data/lib/cantango/permits/user_permit.rb +1 -1
- data/lib/cantango/permits.rb +1 -0
- data/lib/cantango/rails/engine.rb +0 -3
- data/lib/cantango/rails/helpers/base_helper.rb +1 -1
- data/lib/cantango/rails/helpers/rest_helper.rb +1 -1
- data/lib/cantango/rules/adaptor/active_record.rb +1 -4
- data/lib/cantango/rules/adaptor/data_mapper.rb +11 -0
- data/lib/cantango/rules/adaptor/mongo.rb +19 -0
- data/lib/cantango/rules/adaptor/mongo_mapper.rb +10 -0
- data/lib/cantango/rules/adaptor/mongoid.rb +1 -5
- data/lib/cantango/rules/adaptor/relational.rb +13 -0
- data/lib/cantango/rules/adaptor.rb +12 -7
- data/lib/cantango/rules/user_relation.rb +1 -2
- data/lib/cantango/user_ac_engine.rb +25 -7
- data/lib/cantango.rb +2 -0
- data/spec/cantango/ability/executor_spec.rb +67 -0
- data/spec/cantango/ability_executor/cached_only_spec.rb +1 -0
- data/spec/cantango/model/scope_spec.rb +11 -0
- data/spec/cantango/models/items.rb +5 -0
- data/spec/cantango/permission_engine_cached_spec.rb +51 -0
- data/spec/cantango/permission_engine_spec.rb +55 -0
- data/spec/cantango/permit_engine_cached_spec.rb +56 -0
- data/spec/cantango/permit_engine_spec.rb +57 -1
- data/spec/cantango/permits/executor_cached_spec.rb +0 -0
- data/spec/cantango/permits/executor_spec.rb +68 -0
- data/spec/cantango/user_ac_engine_cached_spec.rb +64 -0
- data/spec/cantango/user_ac_engine_spec.rb +14 -2
- data/spec/fixtures/models/items.rb +3 -0
- data/spec/fixtures/models/user.rb +18 -0
- metadata +55 -34
@@ -0,0 +1,81 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Permits
|
3
|
+
class Permit
|
4
|
+
module Execute
|
5
|
+
# executes the permit
|
6
|
+
def execute
|
7
|
+
return if disabled?
|
8
|
+
debug "Execute Permit: #{self}"
|
9
|
+
executor.execute!
|
10
|
+
ability_sync!
|
11
|
+
end
|
12
|
+
|
13
|
+
# In a specific Role based Permit you can use
|
14
|
+
# def permit? user, options = {}
|
15
|
+
# return if !super(user, :in_role)
|
16
|
+
# ... permission logic follows
|
17
|
+
#
|
18
|
+
# This will call the Permit::Base#permit? instance method (the method below)
|
19
|
+
# It will only return true if the user matches the role of the Permit class and the
|
20
|
+
# options passed in is set to :in_role
|
21
|
+
#
|
22
|
+
# If these confitions are not met, it will return false and thus the outer permit
|
23
|
+
# will not run the permission logic to follow
|
24
|
+
#
|
25
|
+
# Normally super for #permit? should not be called except for this case,
|
26
|
+
# or if subclassing another Permit than Permit::Base
|
27
|
+
#
|
28
|
+
def permit?
|
29
|
+
cached? ? cached_rules : non_cached_rules
|
30
|
+
run_rule_methods
|
31
|
+
end
|
32
|
+
|
33
|
+
def run_rule_methods
|
34
|
+
static_rules
|
35
|
+
permit_rules
|
36
|
+
dynamic_rules
|
37
|
+
end
|
38
|
+
|
39
|
+
def non_cached_rules
|
40
|
+
include_non_cached if defined?(self.class::NonCached)
|
41
|
+
end
|
42
|
+
|
43
|
+
def cached_rules
|
44
|
+
include_cached if defined?(self.class::Cached)
|
45
|
+
end
|
46
|
+
|
47
|
+
def include_non_cached
|
48
|
+
self.class.send :include, self.class::NonCached
|
49
|
+
end
|
50
|
+
|
51
|
+
def include_cached
|
52
|
+
self.class.send :include, self.class::Cached
|
53
|
+
end
|
54
|
+
|
55
|
+
# return the executor used to execute the permit
|
56
|
+
def executor
|
57
|
+
@executor ||= case self.class.name
|
58
|
+
when /System/
|
59
|
+
then CanTango::PermitEngine::Executor::System.new self
|
60
|
+
else
|
61
|
+
CanTango::PermitEngine::Executor::Base.new self
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
# This method will contain the actual rules
|
66
|
+
# can be implemented in the subclass
|
67
|
+
|
68
|
+
def permit_rules
|
69
|
+
end
|
70
|
+
|
71
|
+
def static_rules
|
72
|
+
end
|
73
|
+
|
74
|
+
def dynamic_rules
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Permits
|
3
|
+
class Permit
|
4
|
+
module License
|
5
|
+
def licenses *names
|
6
|
+
names.to_strings.each do |name|
|
7
|
+
try_license name
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
protected
|
12
|
+
|
13
|
+
def try_license name
|
14
|
+
module_name = "#{name.camelize}License"
|
15
|
+
clazz = module_name.constantize
|
16
|
+
clazz.new(self).license_rules
|
17
|
+
rescue NameError
|
18
|
+
raise "License #{module_name} is not defined"
|
19
|
+
rescue
|
20
|
+
raise "License #{clazz} could not be enforced using #{self.inspect}"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
@@ -1,43 +1,36 @@
|
|
1
|
-
require 'sugar-high/array'
|
2
|
-
|
3
1
|
# The permit base class for both Role Permits and Role Group Permits
|
4
2
|
# Should contain all common logic
|
5
3
|
module CanTango
|
6
4
|
module Permits
|
7
5
|
class Permit
|
8
|
-
|
6
|
+
autoload_modules :Execute, :License, :ClassMethods
|
7
|
+
|
8
|
+
include CanTango::Helpers::Debug
|
9
|
+
include CanTango::Rules # also makes a Permit a subclass of CanCan::Ability
|
10
|
+
include CanTango::Api::Attributes
|
11
|
+
|
12
|
+
include Execute
|
13
|
+
include License
|
14
|
+
extend ClassMethods
|
9
15
|
|
10
16
|
# strategy is used to control the owns strategy (see rules.rb)
|
11
|
-
attr_reader :strategy, :disabled
|
17
|
+
attr_reader :ability, :strategy, :disabled
|
12
18
|
|
13
|
-
|
19
|
+
delegate :cached?, :options, :subject, :user, :user_account, :to => :ability
|
14
20
|
|
15
21
|
# creates the permit
|
16
22
|
def initialize ability
|
17
23
|
@ability = ability
|
18
24
|
end
|
19
25
|
|
20
|
-
def self.first_name clazz
|
21
|
-
clazz.to_s.gsub(/^([A-Za-z]+).*/, '\1').underscore.to_sym # first part of class name
|
22
|
-
end
|
23
|
-
|
24
|
-
def self.type
|
25
|
-
:abstract
|
26
|
-
end
|
27
|
-
|
28
|
-
def self.account_name clazz
|
29
|
-
return nil if clazz.name == clazz.name.demodulize
|
30
|
-
clazz.name.gsub(/::.*/,'').gsub(/(.*)Permits/, '\1').underscore.to_sym
|
31
|
-
end
|
32
|
-
|
33
|
-
def cached?
|
34
|
-
ability.cached?
|
35
|
-
end
|
36
|
-
|
37
26
|
def permit_type
|
38
27
|
self.class.type
|
39
28
|
end
|
40
29
|
|
30
|
+
def ability_rules
|
31
|
+
ability.send :rules
|
32
|
+
end
|
33
|
+
|
41
34
|
def disable!
|
42
35
|
@disabled = true
|
43
36
|
end
|
@@ -46,14 +39,6 @@ module CanTango
|
|
46
39
|
@disabled || config_disabled?
|
47
40
|
end
|
48
41
|
|
49
|
-
# executes the permit
|
50
|
-
def execute
|
51
|
-
return if disabled?
|
52
|
-
puts "Execute Permit: #{self}" if CanTango.debug?
|
53
|
-
executor.execute!
|
54
|
-
ability_sync!
|
55
|
-
end
|
56
|
-
|
57
42
|
def valid_for? subject
|
58
43
|
raise NotImplementedError
|
59
44
|
end
|
@@ -66,10 +51,6 @@ module CanTango
|
|
66
51
|
config.models.by_reg_exp reg_exp
|
67
52
|
end
|
68
53
|
|
69
|
-
def options
|
70
|
-
ability.options
|
71
|
-
end
|
72
|
-
|
73
54
|
CanTango::Api::Options.options_list.each do |obj|
|
74
55
|
class_eval %{
|
75
56
|
def #{obj}
|
@@ -86,129 +67,29 @@ module CanTango
|
|
86
67
|
!localhost?
|
87
68
|
end
|
88
69
|
|
89
|
-
def subject
|
90
|
-
ability.subject
|
91
|
-
end
|
92
|
-
|
93
|
-
def user
|
94
|
-
ability.user
|
95
|
-
end
|
96
|
-
|
97
|
-
def user_account
|
98
|
-
ability.user_account
|
99
|
-
end
|
100
|
-
|
101
|
-
def ability_rules
|
102
|
-
ability.send(:rules)
|
103
|
-
end
|
104
|
-
|
105
70
|
def ability_sync!
|
106
71
|
ability_rules << (rules - ability_rules)
|
107
72
|
ability_rules.flatten!
|
108
73
|
end
|
109
74
|
|
110
|
-
# In a specific Role based Permit you can use
|
111
|
-
# def permit? user, options = {}
|
112
|
-
# return if !super(user, :in_role)
|
113
|
-
# ... permission logic follows
|
114
|
-
#
|
115
|
-
# This will call the Permit::Base#permit? instance method (the method below)
|
116
|
-
# It will only return true if the user matches the role of the Permit class and the
|
117
|
-
# options passed in is set to :in_role
|
118
|
-
#
|
119
|
-
# If these confitions are not met, it will return false and thus the outer permit
|
120
|
-
# will not run the permission logic to follow
|
121
|
-
#
|
122
|
-
# Normally super for #permit? should not be called except for this case,
|
123
|
-
# or if subclassing another Permit than Permit::Base
|
124
|
-
#
|
125
|
-
def permit?
|
126
|
-
cached? ? cached_rules : non_cached_rules
|
127
|
-
run_rule_methods
|
128
|
-
end
|
129
|
-
|
130
|
-
def run_rule_methods
|
131
|
-
static_rules
|
132
|
-
permit_rules
|
133
|
-
dynamic_rules
|
134
|
-
end
|
135
|
-
|
136
|
-
def non_cached_rules
|
137
|
-
include_non_cached if defined?(self.class::NonCached)
|
138
|
-
end
|
139
|
-
|
140
|
-
def cached_rules
|
141
|
-
include_cached if defined?(self.class::Cached)
|
142
|
-
end
|
143
|
-
|
144
|
-
def include_non_cached
|
145
|
-
self.class.send :include, self.class::NonCached
|
146
|
-
end
|
147
|
-
|
148
|
-
def include_cached
|
149
|
-
self.class.send :include, self.class::Cached
|
150
|
-
end
|
151
|
-
|
152
|
-
def licenses *names
|
153
|
-
names.to_strings.each do |name|
|
154
|
-
try_license name
|
155
|
-
end
|
156
|
-
end
|
157
|
-
|
158
|
-
include CanTango::Rules # also makes a Permit a subclass of CanCan::Ability
|
159
|
-
|
160
75
|
protected
|
161
76
|
|
77
|
+
include CanTango::PermitEngine::Util
|
78
|
+
include CanTango::PermitEngine::Compatibility
|
79
|
+
include CanTango::PermitEngine::RoleMatcher
|
80
|
+
|
162
81
|
def config_disabled?
|
163
82
|
(CanTango.config.permits.disabled[permit_type] || []).include?(permit_name.to_s)
|
164
83
|
end
|
165
84
|
|
166
|
-
def try_license name
|
167
|
-
module_name = "#{name.camelize}License"
|
168
|
-
clazz = module_name.constantize
|
169
|
-
clazz.new(self).license_rules
|
170
|
-
rescue NameError
|
171
|
-
raise "License #{module_name} is not defined"
|
172
|
-
rescue
|
173
|
-
raise "License #{clazz} could not be enforced using #{self.inspect}"
|
174
|
-
end
|
175
|
-
|
176
|
-
# This method will contain the actual rules
|
177
|
-
# can be implemented in the subclass
|
178
|
-
|
179
|
-
def permit_rules
|
180
|
-
end
|
181
|
-
|
182
|
-
def static_rules
|
183
|
-
end
|
184
|
-
|
185
|
-
def dynamic_rules
|
186
|
-
end
|
187
|
-
|
188
|
-
#include CanTango::PermitEngine::Cache
|
189
|
-
include CanTango::PermitEngine::Util
|
190
|
-
include CanTango::PermitEngine::Compatibility
|
191
|
-
|
192
85
|
def strategy
|
193
86
|
@strategy ||= options[:strategy] || CanTango::Ability.strategy || :default
|
194
87
|
end
|
195
88
|
|
196
|
-
include CanTango::PermitEngine::RoleMatcher
|
197
|
-
|
198
89
|
def any_role_match?
|
199
90
|
role_match?(subject) || role_group_match?(subject)
|
200
91
|
end
|
201
92
|
|
202
|
-
# return the executor used to execute the permit
|
203
|
-
def executor
|
204
|
-
@executor ||= case self.class.name
|
205
|
-
when /System/
|
206
|
-
then CanTango::PermitEngine::Executor::System.new self
|
207
|
-
else
|
208
|
-
CanTango::PermitEngine::Executor::Base.new self
|
209
|
-
end
|
210
|
-
end
|
211
|
-
|
212
93
|
def config
|
213
94
|
CanTango.config
|
214
95
|
end
|
@@ -18,7 +18,11 @@ module CanTango
|
|
18
18
|
puts "Not building any RoleGroupPermits since no role groups are roles that are members of a role group could be found for the permission candidate" if CanTango.debug?
|
19
19
|
return []
|
20
20
|
end
|
21
|
-
|
21
|
+
end
|
22
|
+
|
23
|
+
def name
|
24
|
+
:role_group
|
25
|
+
end
|
22
26
|
|
23
27
|
def valid? role_group
|
24
28
|
return true if !role_groups_filter?
|
@@ -19,7 +19,7 @@ module CanTango
|
|
19
19
|
def permit_name
|
20
20
|
self.class.role_group_name self.class
|
21
21
|
end
|
22
|
-
|
22
|
+
|
23
23
|
alias_method :role_group, :permit_name
|
24
24
|
|
25
25
|
# creates the permit
|
@@ -45,11 +45,11 @@ module CanTango
|
|
45
45
|
def permit?
|
46
46
|
super
|
47
47
|
end
|
48
|
-
|
48
|
+
|
49
49
|
def valid_for? subject
|
50
50
|
in_role_group? subject
|
51
51
|
end
|
52
|
-
|
52
|
+
|
53
53
|
protected
|
54
54
|
|
55
55
|
include CanTango::Helpers::RoleMethods
|
@@ -11,11 +11,15 @@ module CanTango
|
|
11
11
|
[permit].compact
|
12
12
|
end
|
13
13
|
|
14
|
+
def name
|
15
|
+
:user
|
16
|
+
end
|
17
|
+
|
14
18
|
protected
|
15
19
|
|
16
20
|
def debug_msg
|
17
21
|
permit ? "Building UserPermit for #{user}, permit: #{permit}" : "Not building any UserPermit"
|
18
|
-
end
|
22
|
+
end
|
19
23
|
|
20
24
|
def permit
|
21
25
|
@permit ||= create_permit(user.class.to_s)
|
data/lib/cantango/permits.rb
CHANGED
@@ -2,7 +2,6 @@ module CanTango
|
|
2
2
|
# Include helpers in the given scope to AC and AV.
|
3
3
|
# "Borrowed" from devise
|
4
4
|
def self.include_helpers(scope)
|
5
|
-
|
6
5
|
# Seems like the order of initializers is important! ActiveRecord should go first!
|
7
6
|
ActiveSupport.on_load(:active_record) do
|
8
7
|
RailsAutoLoader.load_models! if CanTango.config.autoload.models?
|
@@ -15,11 +14,9 @@ module CanTango
|
|
15
14
|
ActiveSupport.on_load(:action_view) do
|
16
15
|
include scope::Rails::Helpers::ViewHelper
|
17
16
|
end
|
18
|
-
|
19
17
|
end
|
20
18
|
|
21
19
|
class RailsEngine < ::Rails::Engine
|
22
|
-
|
23
20
|
initializer "cantango.helpers" do
|
24
21
|
CanTango.include_helpers(CanTango)
|
25
22
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
module CanTango::Rails::Helpers::RestHelper
|
2
2
|
CanTango.config.models.available_models.each do |model|
|
3
3
|
class_eval %{
|
4
|
-
def delete_#{model}_path obj, options = {}
|
4
|
+
def delete_#{model.to_s.underscore}_path obj, options = {}
|
5
5
|
#{model}_path obj, {:method => 'delete'}.merge(options)
|
6
6
|
end
|
7
7
|
}
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Rules
|
3
|
+
module Adaptor
|
4
|
+
module Mongo
|
5
|
+
#include CanTango::Rules::Adaptor::Generic
|
6
|
+
# using #in on Hash (Mongoid query)
|
7
|
+
def include_condition attribute, user_scope
|
8
|
+
{ attribute.to_sym.in => user_scope.send(attribute) }
|
9
|
+
end
|
10
|
+
|
11
|
+
def attribute_condition attribute, user_scope
|
12
|
+
{ attribute.to_sym => user_scope.send(attribute) }
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
|
@@ -2,11 +2,7 @@ module CanTango
|
|
2
2
|
module Rules
|
3
3
|
module Adaptor
|
4
4
|
module Mongoid
|
5
|
-
|
6
|
-
# using #in on Hash (Mongoid query)
|
7
|
-
def list_include
|
8
|
-
{ scope_key.in => user_scope.send(attribute) }
|
9
|
-
end
|
5
|
+
include module CanTango::Rules::Adaptor::Mongo
|
10
6
|
end
|
11
7
|
end
|
12
8
|
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Rules
|
3
|
+
module Adaptor
|
4
|
+
module Relational
|
5
|
+
def attribute_condition attribute, user_scope
|
6
|
+
{ attribute.to_sym => user_scope.send(attribute) }
|
7
|
+
end
|
8
|
+
alias_method :include_condition, :attribute_condition
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
@@ -1,29 +1,34 @@
|
|
1
1
|
module CanTango
|
2
2
|
module Rules
|
3
3
|
module Adaptor
|
4
|
-
autoload_modules :Generic
|
5
|
-
autoload_modules :ActiveRecord, :Mongoid
|
4
|
+
autoload_modules :Generic, :Relational, :Mongo
|
5
|
+
autoload_modules :ActiveRecord, :DataMapper, :Mongoid, :MongoMapper
|
6
6
|
|
7
7
|
# include adaptor depending on which ORM the object inherits from or includes
|
8
8
|
def use_adaptor! base, object
|
9
9
|
orm_map.each_pair do |orm, const|
|
10
10
|
begin
|
11
|
-
|
12
|
-
|
13
|
-
rescue
|
11
|
+
base.class.send :include, get_adapter(object, const.constantize, orm)
|
12
|
+
rescue
|
14
13
|
next
|
15
14
|
end
|
16
15
|
end
|
17
16
|
end
|
18
17
|
|
19
|
-
def
|
18
|
+
def get_adapter object, adaptor_class, orm
|
19
|
+
object.kind_of?(adaptor_class) ? adaptor_for(orm) : adaptor_for(:generic)
|
20
|
+
end
|
21
|
+
|
22
|
+
def adaptor_for orm
|
20
23
|
"CanTango::Rules::Adaptor::#{orm.to_s.camelize}".constantize
|
21
24
|
end
|
22
25
|
|
23
26
|
def orm_map
|
24
27
|
{
|
25
28
|
:active_record => "ActiveRecord::Base",
|
26
|
-
:
|
29
|
+
:data_mapper => "DataMapper::Resource",
|
30
|
+
:mongoid => "Mongoid::Document",
|
31
|
+
:mongo_mapper => "MongoMapper::Document"
|
27
32
|
}
|
28
33
|
end
|
29
34
|
end
|
@@ -50,7 +50,7 @@ module CanTango
|
|
50
50
|
end
|
51
51
|
|
52
52
|
def rules
|
53
|
-
ability.send :rules
|
53
|
+
ability.send :rules
|
54
54
|
end
|
55
55
|
|
56
56
|
def plural_attribute
|
@@ -62,7 +62,6 @@ module CanTango
|
|
62
62
|
raise "#{model} has no :#{attribute} or :#{plural_attribute} defined" if !model.new.respond_to?(attribute) && !model.new.respond_to?(plural_attribute)
|
63
63
|
end
|
64
64
|
end
|
65
|
-
|
66
65
|
end
|
67
66
|
end
|
68
67
|
end
|
@@ -1,20 +1,20 @@
|
|
1
1
|
module CanTango
|
2
2
|
class UserAcEngine < Engine
|
3
|
-
|
3
|
+
include CanTango::Ability::Executor
|
4
|
+
include CanTango::Ability::RoleHelpers
|
5
|
+
include CanTango::Ability::UserHelpers
|
4
6
|
|
5
7
|
def initialize ability
|
6
8
|
super
|
7
9
|
end
|
8
10
|
|
9
|
-
def
|
10
|
-
return if !valid?
|
11
|
-
debug "User AC Engine executing..."
|
12
|
-
|
11
|
+
def permit_rules
|
13
12
|
permissions.each do |permission|
|
14
13
|
ability.can permission.action.to_sym, permission.thing_type.constantize do |thing|
|
15
14
|
thing.nil? || permission.thing_id.nil? || permission.thing_id == thing.id
|
16
15
|
end
|
17
16
|
end
|
17
|
+
rules << ability_rules if !ability_rules.blank?
|
18
18
|
end
|
19
19
|
|
20
20
|
def valid?
|
@@ -28,12 +28,30 @@ module CanTango
|
|
28
28
|
|
29
29
|
protected
|
30
30
|
|
31
|
+
def ability_rules
|
32
|
+
ability.send(:rules)
|
33
|
+
end
|
34
|
+
|
35
|
+
alias_method :cache_key, :engine_name
|
36
|
+
|
37
|
+
def key_method_names
|
38
|
+
[:permissions_hash]
|
39
|
+
end
|
40
|
+
|
41
|
+
def start_execute
|
42
|
+
debug "User AC Engine executing..."
|
43
|
+
end
|
44
|
+
|
45
|
+
def end_execute
|
46
|
+
debug "Done User AC Engine"
|
47
|
+
end
|
48
|
+
|
31
49
|
def permissions
|
32
|
-
candidate.respond_to?(:
|
50
|
+
candidate.respond_to?(:all_permissions) ? candidate.all_permissions : []
|
33
51
|
end
|
34
52
|
|
35
53
|
def invalid
|
36
|
-
debug "No permissions for #{candidate} found
|
54
|
+
debug "No permissions for #{candidate} found for #all_permissions call"
|
37
55
|
false
|
38
56
|
end
|
39
57
|
end
|
data/lib/cantango.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'cantango/rails/railtie' if defined?(Rails)
|
2
2
|
require 'cantango/rails/engine' if defined?(Rails)
|
3
3
|
require 'cancan'
|
4
|
+
require 'active_support' # for Delegate module
|
5
|
+
require 'active_support/core_ext/module/delegation'
|
4
6
|
require 'cantango/cancan/rule'
|
5
7
|
require 'sugar-high/array'
|
6
8
|
require 'sugar-high/blank'
|