cantango 0.9.3.2 → 0.9.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.textile +11 -9
- data/VERSION +1 -1
- data/cantango.gemspec +24 -3
- data/lib/cantango/ability/cache/key.rb +6 -2
- data/lib/cantango/ability/cache/reader.rb +3 -0
- data/lib/cantango/ability/cache/session_cache.rb +7 -3
- data/lib/cantango/ability/cache/writer.rb +8 -2
- data/lib/cantango/ability/cache.rb +25 -8
- data/lib/cantango/ability/cache_helpers.rb +4 -13
- data/lib/cantango/ability/cached_executor.rb +0 -0
- data/lib/cantango/ability/engine_helpers.rb +4 -1
- data/lib/cantango/ability/executor.rb +67 -0
- data/lib/cantango/ability/permission_helpers.rb +0 -1
- data/lib/cantango/ability.rb +1 -1
- data/lib/cantango/cached_ability.rb +3 -2
- data/lib/cantango/configuration/engines/cache.rb +0 -3
- data/lib/cantango/configuration/engines/engine.rb +5 -0
- data/lib/cantango/configuration/engines/permission.rb +5 -4
- data/lib/cantango/configuration/engines/permit.rb +0 -5
- data/lib/cantango/configuration/engines/user_ac.rb +6 -3
- data/lib/cantango/configuration/models/active_record.rb +11 -0
- data/lib/cantango/configuration/models/data_mapper.rb +12 -0
- data/lib/cantango/configuration/models/generic.rb +12 -0
- data/lib/cantango/configuration/models/mongo.rb +12 -0
- data/lib/cantango/configuration/models/mongo_mapper.rb +11 -0
- data/lib/cantango/configuration/models/mongoid.rb +13 -0
- data/lib/cantango/configuration/models.rb +27 -2
- data/lib/cantango/configuration/permits.rb +2 -1
- data/lib/cantango/configuration.rb +14 -0
- data/lib/cantango/engine.rb +5 -19
- data/lib/cantango/model/scope.rb +19 -5
- data/lib/cantango/permission_engine/collector.rb +3 -0
- data/lib/cantango/permission_engine/evaluator.rb +5 -0
- data/lib/cantango/permission_engine/factory.rb +3 -0
- data/lib/cantango/permission_engine/loader/permissions.rb +7 -8
- data/lib/cantango/permission_engine/store.rb +0 -1
- data/lib/cantango/permission_engine/yaml_store.rb +15 -4
- data/lib/cantango/permission_engine.rb +21 -4
- data/lib/cantango/permit_engine/factory.rb +10 -4
- data/lib/cantango/permit_engine.rb +39 -9
- data/lib/cantango/permits/account_permit/builder.rb +6 -2
- data/lib/cantango/{user_ac_engine → permits}/executor.rb +28 -30
- data/lib/cantango/permits/permit/class_methods.rb +21 -0
- data/lib/cantango/permits/permit/execute.rb +81 -0
- data/lib/cantango/permits/permit/license.rb +26 -0
- data/lib/cantango/permits/permit.rb +19 -138
- data/lib/cantango/permits/role_group_permit/builder.rb +5 -1
- data/lib/cantango/permits/role_group_permit.rb +3 -3
- data/lib/cantango/permits/role_permit/builder.rb +4 -0
- data/lib/cantango/permits/user_permit/builder.rb +5 -1
- data/lib/cantango/permits/user_permit.rb +1 -1
- data/lib/cantango/permits.rb +1 -0
- data/lib/cantango/rails/engine.rb +0 -3
- data/lib/cantango/rails/helpers/base_helper.rb +1 -1
- data/lib/cantango/rails/helpers/rest_helper.rb +1 -1
- data/lib/cantango/rules/adaptor/active_record.rb +1 -4
- data/lib/cantango/rules/adaptor/data_mapper.rb +11 -0
- data/lib/cantango/rules/adaptor/mongo.rb +19 -0
- data/lib/cantango/rules/adaptor/mongo_mapper.rb +10 -0
- data/lib/cantango/rules/adaptor/mongoid.rb +1 -5
- data/lib/cantango/rules/adaptor/relational.rb +13 -0
- data/lib/cantango/rules/adaptor.rb +12 -7
- data/lib/cantango/rules/user_relation.rb +1 -2
- data/lib/cantango/user_ac_engine.rb +25 -7
- data/lib/cantango.rb +2 -0
- data/spec/cantango/ability/executor_spec.rb +67 -0
- data/spec/cantango/ability_executor/cached_only_spec.rb +1 -0
- data/spec/cantango/model/scope_spec.rb +11 -0
- data/spec/cantango/models/items.rb +5 -0
- data/spec/cantango/permission_engine_cached_spec.rb +51 -0
- data/spec/cantango/permission_engine_spec.rb +55 -0
- data/spec/cantango/permit_engine_cached_spec.rb +56 -0
- data/spec/cantango/permit_engine_spec.rb +57 -1
- data/spec/cantango/permits/executor_cached_spec.rb +0 -0
- data/spec/cantango/permits/executor_spec.rb +68 -0
- data/spec/cantango/user_ac_engine_cached_spec.rb +64 -0
- data/spec/cantango/user_ac_engine_spec.rb +14 -2
- data/spec/fixtures/models/items.rb +3 -0
- data/spec/fixtures/models/user.rb +18 -0
- metadata +55 -34
@@ -0,0 +1,81 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Permits
|
3
|
+
class Permit
|
4
|
+
module Execute
|
5
|
+
# executes the permit
|
6
|
+
def execute
|
7
|
+
return if disabled?
|
8
|
+
debug "Execute Permit: #{self}"
|
9
|
+
executor.execute!
|
10
|
+
ability_sync!
|
11
|
+
end
|
12
|
+
|
13
|
+
# In a specific Role based Permit you can use
|
14
|
+
# def permit? user, options = {}
|
15
|
+
# return if !super(user, :in_role)
|
16
|
+
# ... permission logic follows
|
17
|
+
#
|
18
|
+
# This will call the Permit::Base#permit? instance method (the method below)
|
19
|
+
# It will only return true if the user matches the role of the Permit class and the
|
20
|
+
# options passed in is set to :in_role
|
21
|
+
#
|
22
|
+
# If these confitions are not met, it will return false and thus the outer permit
|
23
|
+
# will not run the permission logic to follow
|
24
|
+
#
|
25
|
+
# Normally super for #permit? should not be called except for this case,
|
26
|
+
# or if subclassing another Permit than Permit::Base
|
27
|
+
#
|
28
|
+
def permit?
|
29
|
+
cached? ? cached_rules : non_cached_rules
|
30
|
+
run_rule_methods
|
31
|
+
end
|
32
|
+
|
33
|
+
def run_rule_methods
|
34
|
+
static_rules
|
35
|
+
permit_rules
|
36
|
+
dynamic_rules
|
37
|
+
end
|
38
|
+
|
39
|
+
def non_cached_rules
|
40
|
+
include_non_cached if defined?(self.class::NonCached)
|
41
|
+
end
|
42
|
+
|
43
|
+
def cached_rules
|
44
|
+
include_cached if defined?(self.class::Cached)
|
45
|
+
end
|
46
|
+
|
47
|
+
def include_non_cached
|
48
|
+
self.class.send :include, self.class::NonCached
|
49
|
+
end
|
50
|
+
|
51
|
+
def include_cached
|
52
|
+
self.class.send :include, self.class::Cached
|
53
|
+
end
|
54
|
+
|
55
|
+
# return the executor used to execute the permit
|
56
|
+
def executor
|
57
|
+
@executor ||= case self.class.name
|
58
|
+
when /System/
|
59
|
+
then CanTango::PermitEngine::Executor::System.new self
|
60
|
+
else
|
61
|
+
CanTango::PermitEngine::Executor::Base.new self
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
# This method will contain the actual rules
|
66
|
+
# can be implemented in the subclass
|
67
|
+
|
68
|
+
def permit_rules
|
69
|
+
end
|
70
|
+
|
71
|
+
def static_rules
|
72
|
+
end
|
73
|
+
|
74
|
+
def dynamic_rules
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Permits
|
3
|
+
class Permit
|
4
|
+
module License
|
5
|
+
def licenses *names
|
6
|
+
names.to_strings.each do |name|
|
7
|
+
try_license name
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
protected
|
12
|
+
|
13
|
+
def try_license name
|
14
|
+
module_name = "#{name.camelize}License"
|
15
|
+
clazz = module_name.constantize
|
16
|
+
clazz.new(self).license_rules
|
17
|
+
rescue NameError
|
18
|
+
raise "License #{module_name} is not defined"
|
19
|
+
rescue
|
20
|
+
raise "License #{clazz} could not be enforced using #{self.inspect}"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
@@ -1,43 +1,36 @@
|
|
1
|
-
require 'sugar-high/array'
|
2
|
-
|
3
1
|
# The permit base class for both Role Permits and Role Group Permits
|
4
2
|
# Should contain all common logic
|
5
3
|
module CanTango
|
6
4
|
module Permits
|
7
5
|
class Permit
|
8
|
-
|
6
|
+
autoload_modules :Execute, :License, :ClassMethods
|
7
|
+
|
8
|
+
include CanTango::Helpers::Debug
|
9
|
+
include CanTango::Rules # also makes a Permit a subclass of CanCan::Ability
|
10
|
+
include CanTango::Api::Attributes
|
11
|
+
|
12
|
+
include Execute
|
13
|
+
include License
|
14
|
+
extend ClassMethods
|
9
15
|
|
10
16
|
# strategy is used to control the owns strategy (see rules.rb)
|
11
|
-
attr_reader :strategy, :disabled
|
17
|
+
attr_reader :ability, :strategy, :disabled
|
12
18
|
|
13
|
-
|
19
|
+
delegate :cached?, :options, :subject, :user, :user_account, :to => :ability
|
14
20
|
|
15
21
|
# creates the permit
|
16
22
|
def initialize ability
|
17
23
|
@ability = ability
|
18
24
|
end
|
19
25
|
|
20
|
-
def self.first_name clazz
|
21
|
-
clazz.to_s.gsub(/^([A-Za-z]+).*/, '\1').underscore.to_sym # first part of class name
|
22
|
-
end
|
23
|
-
|
24
|
-
def self.type
|
25
|
-
:abstract
|
26
|
-
end
|
27
|
-
|
28
|
-
def self.account_name clazz
|
29
|
-
return nil if clazz.name == clazz.name.demodulize
|
30
|
-
clazz.name.gsub(/::.*/,'').gsub(/(.*)Permits/, '\1').underscore.to_sym
|
31
|
-
end
|
32
|
-
|
33
|
-
def cached?
|
34
|
-
ability.cached?
|
35
|
-
end
|
36
|
-
|
37
26
|
def permit_type
|
38
27
|
self.class.type
|
39
28
|
end
|
40
29
|
|
30
|
+
def ability_rules
|
31
|
+
ability.send :rules
|
32
|
+
end
|
33
|
+
|
41
34
|
def disable!
|
42
35
|
@disabled = true
|
43
36
|
end
|
@@ -46,14 +39,6 @@ module CanTango
|
|
46
39
|
@disabled || config_disabled?
|
47
40
|
end
|
48
41
|
|
49
|
-
# executes the permit
|
50
|
-
def execute
|
51
|
-
return if disabled?
|
52
|
-
puts "Execute Permit: #{self}" if CanTango.debug?
|
53
|
-
executor.execute!
|
54
|
-
ability_sync!
|
55
|
-
end
|
56
|
-
|
57
42
|
def valid_for? subject
|
58
43
|
raise NotImplementedError
|
59
44
|
end
|
@@ -66,10 +51,6 @@ module CanTango
|
|
66
51
|
config.models.by_reg_exp reg_exp
|
67
52
|
end
|
68
53
|
|
69
|
-
def options
|
70
|
-
ability.options
|
71
|
-
end
|
72
|
-
|
73
54
|
CanTango::Api::Options.options_list.each do |obj|
|
74
55
|
class_eval %{
|
75
56
|
def #{obj}
|
@@ -86,129 +67,29 @@ module CanTango
|
|
86
67
|
!localhost?
|
87
68
|
end
|
88
69
|
|
89
|
-
def subject
|
90
|
-
ability.subject
|
91
|
-
end
|
92
|
-
|
93
|
-
def user
|
94
|
-
ability.user
|
95
|
-
end
|
96
|
-
|
97
|
-
def user_account
|
98
|
-
ability.user_account
|
99
|
-
end
|
100
|
-
|
101
|
-
def ability_rules
|
102
|
-
ability.send(:rules)
|
103
|
-
end
|
104
|
-
|
105
70
|
def ability_sync!
|
106
71
|
ability_rules << (rules - ability_rules)
|
107
72
|
ability_rules.flatten!
|
108
73
|
end
|
109
74
|
|
110
|
-
# In a specific Role based Permit you can use
|
111
|
-
# def permit? user, options = {}
|
112
|
-
# return if !super(user, :in_role)
|
113
|
-
# ... permission logic follows
|
114
|
-
#
|
115
|
-
# This will call the Permit::Base#permit? instance method (the method below)
|
116
|
-
# It will only return true if the user matches the role of the Permit class and the
|
117
|
-
# options passed in is set to :in_role
|
118
|
-
#
|
119
|
-
# If these confitions are not met, it will return false and thus the outer permit
|
120
|
-
# will not run the permission logic to follow
|
121
|
-
#
|
122
|
-
# Normally super for #permit? should not be called except for this case,
|
123
|
-
# or if subclassing another Permit than Permit::Base
|
124
|
-
#
|
125
|
-
def permit?
|
126
|
-
cached? ? cached_rules : non_cached_rules
|
127
|
-
run_rule_methods
|
128
|
-
end
|
129
|
-
|
130
|
-
def run_rule_methods
|
131
|
-
static_rules
|
132
|
-
permit_rules
|
133
|
-
dynamic_rules
|
134
|
-
end
|
135
|
-
|
136
|
-
def non_cached_rules
|
137
|
-
include_non_cached if defined?(self.class::NonCached)
|
138
|
-
end
|
139
|
-
|
140
|
-
def cached_rules
|
141
|
-
include_cached if defined?(self.class::Cached)
|
142
|
-
end
|
143
|
-
|
144
|
-
def include_non_cached
|
145
|
-
self.class.send :include, self.class::NonCached
|
146
|
-
end
|
147
|
-
|
148
|
-
def include_cached
|
149
|
-
self.class.send :include, self.class::Cached
|
150
|
-
end
|
151
|
-
|
152
|
-
def licenses *names
|
153
|
-
names.to_strings.each do |name|
|
154
|
-
try_license name
|
155
|
-
end
|
156
|
-
end
|
157
|
-
|
158
|
-
include CanTango::Rules # also makes a Permit a subclass of CanCan::Ability
|
159
|
-
|
160
75
|
protected
|
161
76
|
|
77
|
+
include CanTango::PermitEngine::Util
|
78
|
+
include CanTango::PermitEngine::Compatibility
|
79
|
+
include CanTango::PermitEngine::RoleMatcher
|
80
|
+
|
162
81
|
def config_disabled?
|
163
82
|
(CanTango.config.permits.disabled[permit_type] || []).include?(permit_name.to_s)
|
164
83
|
end
|
165
84
|
|
166
|
-
def try_license name
|
167
|
-
module_name = "#{name.camelize}License"
|
168
|
-
clazz = module_name.constantize
|
169
|
-
clazz.new(self).license_rules
|
170
|
-
rescue NameError
|
171
|
-
raise "License #{module_name} is not defined"
|
172
|
-
rescue
|
173
|
-
raise "License #{clazz} could not be enforced using #{self.inspect}"
|
174
|
-
end
|
175
|
-
|
176
|
-
# This method will contain the actual rules
|
177
|
-
# can be implemented in the subclass
|
178
|
-
|
179
|
-
def permit_rules
|
180
|
-
end
|
181
|
-
|
182
|
-
def static_rules
|
183
|
-
end
|
184
|
-
|
185
|
-
def dynamic_rules
|
186
|
-
end
|
187
|
-
|
188
|
-
#include CanTango::PermitEngine::Cache
|
189
|
-
include CanTango::PermitEngine::Util
|
190
|
-
include CanTango::PermitEngine::Compatibility
|
191
|
-
|
192
85
|
def strategy
|
193
86
|
@strategy ||= options[:strategy] || CanTango::Ability.strategy || :default
|
194
87
|
end
|
195
88
|
|
196
|
-
include CanTango::PermitEngine::RoleMatcher
|
197
|
-
|
198
89
|
def any_role_match?
|
199
90
|
role_match?(subject) || role_group_match?(subject)
|
200
91
|
end
|
201
92
|
|
202
|
-
# return the executor used to execute the permit
|
203
|
-
def executor
|
204
|
-
@executor ||= case self.class.name
|
205
|
-
when /System/
|
206
|
-
then CanTango::PermitEngine::Executor::System.new self
|
207
|
-
else
|
208
|
-
CanTango::PermitEngine::Executor::Base.new self
|
209
|
-
end
|
210
|
-
end
|
211
|
-
|
212
93
|
def config
|
213
94
|
CanTango.config
|
214
95
|
end
|
@@ -18,7 +18,11 @@ module CanTango
|
|
18
18
|
puts "Not building any RoleGroupPermits since no role groups are roles that are members of a role group could be found for the permission candidate" if CanTango.debug?
|
19
19
|
return []
|
20
20
|
end
|
21
|
-
|
21
|
+
end
|
22
|
+
|
23
|
+
def name
|
24
|
+
:role_group
|
25
|
+
end
|
22
26
|
|
23
27
|
def valid? role_group
|
24
28
|
return true if !role_groups_filter?
|
@@ -19,7 +19,7 @@ module CanTango
|
|
19
19
|
def permit_name
|
20
20
|
self.class.role_group_name self.class
|
21
21
|
end
|
22
|
-
|
22
|
+
|
23
23
|
alias_method :role_group, :permit_name
|
24
24
|
|
25
25
|
# creates the permit
|
@@ -45,11 +45,11 @@ module CanTango
|
|
45
45
|
def permit?
|
46
46
|
super
|
47
47
|
end
|
48
|
-
|
48
|
+
|
49
49
|
def valid_for? subject
|
50
50
|
in_role_group? subject
|
51
51
|
end
|
52
|
-
|
52
|
+
|
53
53
|
protected
|
54
54
|
|
55
55
|
include CanTango::Helpers::RoleMethods
|
@@ -11,11 +11,15 @@ module CanTango
|
|
11
11
|
[permit].compact
|
12
12
|
end
|
13
13
|
|
14
|
+
def name
|
15
|
+
:user
|
16
|
+
end
|
17
|
+
|
14
18
|
protected
|
15
19
|
|
16
20
|
def debug_msg
|
17
21
|
permit ? "Building UserPermit for #{user}, permit: #{permit}" : "Not building any UserPermit"
|
18
|
-
end
|
22
|
+
end
|
19
23
|
|
20
24
|
def permit
|
21
25
|
@permit ||= create_permit(user.class.to_s)
|
data/lib/cantango/permits.rb
CHANGED
@@ -2,7 +2,6 @@ module CanTango
|
|
2
2
|
# Include helpers in the given scope to AC and AV.
|
3
3
|
# "Borrowed" from devise
|
4
4
|
def self.include_helpers(scope)
|
5
|
-
|
6
5
|
# Seems like the order of initializers is important! ActiveRecord should go first!
|
7
6
|
ActiveSupport.on_load(:active_record) do
|
8
7
|
RailsAutoLoader.load_models! if CanTango.config.autoload.models?
|
@@ -15,11 +14,9 @@ module CanTango
|
|
15
14
|
ActiveSupport.on_load(:action_view) do
|
16
15
|
include scope::Rails::Helpers::ViewHelper
|
17
16
|
end
|
18
|
-
|
19
17
|
end
|
20
18
|
|
21
19
|
class RailsEngine < ::Rails::Engine
|
22
|
-
|
23
20
|
initializer "cantango.helpers" do
|
24
21
|
CanTango.include_helpers(CanTango)
|
25
22
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
module CanTango::Rails::Helpers::RestHelper
|
2
2
|
CanTango.config.models.available_models.each do |model|
|
3
3
|
class_eval %{
|
4
|
-
def delete_#{model}_path obj, options = {}
|
4
|
+
def delete_#{model.to_s.underscore}_path obj, options = {}
|
5
5
|
#{model}_path obj, {:method => 'delete'}.merge(options)
|
6
6
|
end
|
7
7
|
}
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Rules
|
3
|
+
module Adaptor
|
4
|
+
module Mongo
|
5
|
+
#include CanTango::Rules::Adaptor::Generic
|
6
|
+
# using #in on Hash (Mongoid query)
|
7
|
+
def include_condition attribute, user_scope
|
8
|
+
{ attribute.to_sym.in => user_scope.send(attribute) }
|
9
|
+
end
|
10
|
+
|
11
|
+
def attribute_condition attribute, user_scope
|
12
|
+
{ attribute.to_sym => user_scope.send(attribute) }
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
|
@@ -2,11 +2,7 @@ module CanTango
|
|
2
2
|
module Rules
|
3
3
|
module Adaptor
|
4
4
|
module Mongoid
|
5
|
-
|
6
|
-
# using #in on Hash (Mongoid query)
|
7
|
-
def list_include
|
8
|
-
{ scope_key.in => user_scope.send(attribute) }
|
9
|
-
end
|
5
|
+
include module CanTango::Rules::Adaptor::Mongo
|
10
6
|
end
|
11
7
|
end
|
12
8
|
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
module CanTango
|
2
|
+
module Rules
|
3
|
+
module Adaptor
|
4
|
+
module Relational
|
5
|
+
def attribute_condition attribute, user_scope
|
6
|
+
{ attribute.to_sym => user_scope.send(attribute) }
|
7
|
+
end
|
8
|
+
alias_method :include_condition, :attribute_condition
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
@@ -1,29 +1,34 @@
|
|
1
1
|
module CanTango
|
2
2
|
module Rules
|
3
3
|
module Adaptor
|
4
|
-
autoload_modules :Generic
|
5
|
-
autoload_modules :ActiveRecord, :Mongoid
|
4
|
+
autoload_modules :Generic, :Relational, :Mongo
|
5
|
+
autoload_modules :ActiveRecord, :DataMapper, :Mongoid, :MongoMapper
|
6
6
|
|
7
7
|
# include adaptor depending on which ORM the object inherits from or includes
|
8
8
|
def use_adaptor! base, object
|
9
9
|
orm_map.each_pair do |orm, const|
|
10
10
|
begin
|
11
|
-
|
12
|
-
|
13
|
-
rescue
|
11
|
+
base.class.send :include, get_adapter(object, const.constantize, orm)
|
12
|
+
rescue
|
14
13
|
next
|
15
14
|
end
|
16
15
|
end
|
17
16
|
end
|
18
17
|
|
19
|
-
def
|
18
|
+
def get_adapter object, adaptor_class, orm
|
19
|
+
object.kind_of?(adaptor_class) ? adaptor_for(orm) : adaptor_for(:generic)
|
20
|
+
end
|
21
|
+
|
22
|
+
def adaptor_for orm
|
20
23
|
"CanTango::Rules::Adaptor::#{orm.to_s.camelize}".constantize
|
21
24
|
end
|
22
25
|
|
23
26
|
def orm_map
|
24
27
|
{
|
25
28
|
:active_record => "ActiveRecord::Base",
|
26
|
-
:
|
29
|
+
:data_mapper => "DataMapper::Resource",
|
30
|
+
:mongoid => "Mongoid::Document",
|
31
|
+
:mongo_mapper => "MongoMapper::Document"
|
27
32
|
}
|
28
33
|
end
|
29
34
|
end
|
@@ -50,7 +50,7 @@ module CanTango
|
|
50
50
|
end
|
51
51
|
|
52
52
|
def rules
|
53
|
-
ability.send :rules
|
53
|
+
ability.send :rules
|
54
54
|
end
|
55
55
|
|
56
56
|
def plural_attribute
|
@@ -62,7 +62,6 @@ module CanTango
|
|
62
62
|
raise "#{model} has no :#{attribute} or :#{plural_attribute} defined" if !model.new.respond_to?(attribute) && !model.new.respond_to?(plural_attribute)
|
63
63
|
end
|
64
64
|
end
|
65
|
-
|
66
65
|
end
|
67
66
|
end
|
68
67
|
end
|
@@ -1,20 +1,20 @@
|
|
1
1
|
module CanTango
|
2
2
|
class UserAcEngine < Engine
|
3
|
-
|
3
|
+
include CanTango::Ability::Executor
|
4
|
+
include CanTango::Ability::RoleHelpers
|
5
|
+
include CanTango::Ability::UserHelpers
|
4
6
|
|
5
7
|
def initialize ability
|
6
8
|
super
|
7
9
|
end
|
8
10
|
|
9
|
-
def
|
10
|
-
return if !valid?
|
11
|
-
debug "User AC Engine executing..."
|
12
|
-
|
11
|
+
def permit_rules
|
13
12
|
permissions.each do |permission|
|
14
13
|
ability.can permission.action.to_sym, permission.thing_type.constantize do |thing|
|
15
14
|
thing.nil? || permission.thing_id.nil? || permission.thing_id == thing.id
|
16
15
|
end
|
17
16
|
end
|
17
|
+
rules << ability_rules if !ability_rules.blank?
|
18
18
|
end
|
19
19
|
|
20
20
|
def valid?
|
@@ -28,12 +28,30 @@ module CanTango
|
|
28
28
|
|
29
29
|
protected
|
30
30
|
|
31
|
+
def ability_rules
|
32
|
+
ability.send(:rules)
|
33
|
+
end
|
34
|
+
|
35
|
+
alias_method :cache_key, :engine_name
|
36
|
+
|
37
|
+
def key_method_names
|
38
|
+
[:permissions_hash]
|
39
|
+
end
|
40
|
+
|
41
|
+
def start_execute
|
42
|
+
debug "User AC Engine executing..."
|
43
|
+
end
|
44
|
+
|
45
|
+
def end_execute
|
46
|
+
debug "Done User AC Engine"
|
47
|
+
end
|
48
|
+
|
31
49
|
def permissions
|
32
|
-
candidate.respond_to?(:
|
50
|
+
candidate.respond_to?(:all_permissions) ? candidate.all_permissions : []
|
33
51
|
end
|
34
52
|
|
35
53
|
def invalid
|
36
|
-
debug "No permissions for #{candidate} found
|
54
|
+
debug "No permissions for #{candidate} found for #all_permissions call"
|
37
55
|
false
|
38
56
|
end
|
39
57
|
end
|
data/lib/cantango.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
require 'cantango/rails/railtie' if defined?(Rails)
|
2
2
|
require 'cantango/rails/engine' if defined?(Rails)
|
3
3
|
require 'cancan'
|
4
|
+
require 'active_support' # for Delegate module
|
5
|
+
require 'active_support/core_ext/module/delegation'
|
4
6
|
require 'cantango/cancan/rule'
|
5
7
|
require 'sugar-high/array'
|
6
8
|
require 'sugar-high/blank'
|