cmor_rbac 0.0.1.pre

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9b7d1cecf282129f154e661caf8196bb82526122a45838ed7ad52f73dda51b21
+  data.tar.gz: faeb72045033cb84cb4bd0480d87e7e11d6a79dbe5133ecb88a4e96e309f6041
+SHA512:
+  metadata.gz: d5cbd571abbe00af0a105b8ea916a453cdc564c6cfda079e654e9d7f00fb5dfd200251bdb18d4e1075f92622f4fae4df923a1d7068595313dfd703381436eeed
+  data.tar.gz: 05a719e8b3bec489d24cbcdf69d64467a6c836402cd571d51bfe4836d3f818ee902f6ad62f1f0ad4aef6d4c07b6d67cae127eedd9e76d6aa55dc65ffae2ed203

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2016 Roberto Vasquez Angel
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,37 @@
+= Cmor::Rbac
+
+This module implements role based access control on top of pundit.
+
+
+= Why?
+
+  * Flexible handling of roles, role permissions, permissions and user permissions in the database.
+  * Automatic mapping of controllers and actions to permissions.
+
+
+= Installation
+
+Add it to your gemfile, bundle and run installer:
+
+    echo "\ngem 'cmor_rbac'" >> Gemfile
+    bundle
+    rails g cmor:rbac:install
+
+The installer will add an initializer with configuration options in initializers/cmor_rbac.rb
+
+Add the database migrations and migrate:
+
+    rake cmor_rbac:install:migrations
+    rake db:migrate
+
+
+= Configuration
+
+Possible options in the initializer:
+
+  * user_class_name: The class of the user model. Default is User.
+
+
+= License
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,19 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Cmor::Rbac'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+Bundler::GemHelper.install_tasks
+
+require 'rails/dummy/tasks'

data/app/assets/javascripts/cmor/rbac/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/app/assets/stylesheets/cmor/rbac/application.css

@@ -0,0 +1,14 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
+ * files in this directory. It is generally better to create a new file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/controllers/cmor/rbac/application_controller.rb

@@ -0,0 +1,6 @@
+module Cmor
+  module Rbac
+    class ApplicationController < ActionController::Base
+    end
+  end
+end

data/app/helpers/cmor/rbac/application_helper.rb

@@ -0,0 +1,6 @@
+module Cmor
+  module Rbac
+    module ApplicationHelper
+    end
+  end
+end

data/app/models/cmor/rbac/permission.rb

@@ -0,0 +1,45 @@
+require 'model/flag_from_time_range_concern'
+
+module Cmor::Rbac
+  class Permission < ActiveRecord::Base
+    include Model::FlagFromTimeRangeConcern
+
+    DEFAULTS = {
+      enabled_from: '01.01.1900 00:00:00',
+      enabled_to:   '31.12.9999 23:59:59'
+    }
+
+    # associations
+    has_many :role_permissions, class_name: 'Cmor::Rbac::RolePermission', dependent: :destroy
+    has_many :roles, class_name: 'Cmor::Rbac::Role', through: :role_permissions
+    has_many :user_roles, through: :roles, class_name: 'Cmor::Rbac::UserRole'
+    has_many :users, through: :user_roles, class_name: Cmor::Rbac::Configuration.user_class_name
+
+    has_many :enabled_roles, -> { enabled }, class_name: 'Cmor::Rbac::Role', through: :role_permissions, source: :permission
+    has_many :enabled_user_roles, class_name: 'Cmor::Rbac::UserRole', through: :enabled_roles, source: :role_permissions
+
+    has_many :enabled_users, through: :enabled_user_roles, class_name: Cmor::Rbac::Configuration.user_class_name, source: :user
+
+    flag_from_time_range :enabled?
+
+    # validations
+    validates :identifier, presence: true, uniqueness: true
+    validates :enabled_from, presence: true
+    validates :enabled_to, presence: true
+
+    # callbacks
+    after_initialize :set_defaults
+
+    def human
+      "#{self.class.model_name.human}: #{identifier}"
+    end
+
+    private
+
+    def set_defaults
+      return if persisted?
+      self.enabled_from = DEFAULTS[:enabled_from]
+      self.enabled_to = DEFAULTS[:enabled_to]
+    end
+  end
+end

data/app/models/cmor/rbac/role.rb

@@ -0,0 +1,43 @@
+require 'model/flag_from_time_range_concern'
+
+module Cmor::Rbac
+  class Role < ActiveRecord::Base
+    include Model::FlagFromTimeRangeConcern
+
+    DEFAULTS = {
+      enabled_from: '01.01.1900 00:00:00',
+      enabled_to:   '31.12.9999 23:59:59'
+    }
+
+    # associations
+    has_many :user_roles, class_name:  'Cmor::Rbac::UserRole', inverse_of: :role
+    has_many :users, through: :user_roles
+
+    has_many :role_permissions, class_name: 'Cmor::Rbac::RolePermission'
+    has_many :permissions, class_name: 'Cmor::Rbac::Permission', through: :role_permissions
+
+    has_many :enabled_permissions, -> { enabled }, class_name: 'Cmor::Rbac::Permission', through: :role_permissions, source: :role
+
+    flag_from_time_range :enabled?
+
+    # validations
+    validates :identifier, presence: true, uniqueness: true
+    validates :enabled_from, presence: true
+    validates :enabled_to, presence: true
+
+    # callbacks
+    after_initialize :set_defaults
+
+    def human
+      "#{self.class.model_name.human}: #{identifier}"
+    end
+
+    private
+
+    def set_defaults
+      return if persisted?
+      self.enabled_from = DEFAULTS[:enabled_from]
+      self.enabled_to   = DEFAULTS[:enabled_to]
+    end
+  end
+end

data/app/models/cmor/rbac/role_permission.rb

@@ -0,0 +1,22 @@
+module Cmor::Rbac
+  class RolePermission < ActiveRecord::Base
+    # associations
+    belongs_to :permission
+    belongs_to :role
+    has_many :user_roles, through: :role
+    has_many :users, through: :user_roles
+
+    if Rails.version >= '5.0.0'
+      belongs_to :enabled_role, -> { enabled }, foreign_key: 'role_id', class_name: 'Cmor::Rbac::Role', optional: true
+    else
+      belongs_to :enabled_role, -> { enabled }, foreign_key: 'role_id', class_name: 'Cmor::Rbac::Role'
+    end
+    has_many :enabled_user_roles, through: :enabled_role, source: :user_roles
+    has_many :enabled_users, through: :enabled_user_roles, source: :enabled_role_permissions
+
+    # validations
+    validates :permission, presence: true
+    validates :permission_id, uniqueness: { scope: :role_id }
+    validates :role, presence: true
+  end
+end

data/app/models/cmor/rbac/user_role.rb

@@ -0,0 +1,20 @@
+module Cmor::Rbac
+  class UserRole < ActiveRecord::Base
+    # associations
+    belongs_to :user, class_name: Cmor::Rbac::Configuration.user_class_name, foreign_key: 'user_id', inverse_of: :user_roles
+    belongs_to :role, inverse_of: :user_roles
+
+    if Rails.version >= '5.0.0'
+      belongs_to :enabled_role, -> { enabled }, foreign_key: 'role_id', class_name: 'Cmor::Rbac::Role', optional: true
+    else
+      belongs_to :enabled_role, -> { enabled }, foreign_key: 'role_id', class_name: 'Cmor::Rbac::Role'
+    end
+    has_many :enabled_role_permissions, through: :enabled_role, source: :user_roles, class_name: 'Cmor::Rbac::RolePermission'
+    has_many :enabled_permissions, through: :enabled_role_permissions, class_name: 'Cmor::Rbac::Permission', source: :permission
+
+    # validations
+    validates :user, presence: true
+    validates :user_id, uniqueness: { scope: :role_id }
+    validates :role, presence: true
+  end
+end

data/app/models/concerns/model/cmor/rbac/user_concern.rb

@@ -0,0 +1,55 @@
+module Model
+  module Cmor
+    module Rbac
+      module UserConcern
+        extend ActiveSupport::Concern
+
+        included do
+          # associations
+          has_many :user_roles, class_name: 'Cmor::Rbac::UserRole', inverse_of: :user, dependent: :destroy
+          has_many :roles, class_name: 'Cmor::Rbac::Role', through: :user_roles
+          has_many :role_permissions, class_name: 'Cmor::Rbac::RolePermission', through: :roles
+          has_many :permissions, through: :role_permissions, class_name: 'Cmor::Rbac::Permission'
+
+          has_many :enabled_roles, -> { enabled }, class_name: 'Cmor::Rbac::Role', through: :user_roles # , source: :user
+          has_many :enabled_role_permissions, class_name: 'Cmor::Rbac::RolePermission', through: :enabled_roles, source: :user_roles
+          
+          has_many :enabled_permissions, through: :enabled_role_permissions, class_name: 'Cmor::Rbac::Permission', source: :permission
+        end
+
+        def allowed_to?(permission_identifier)
+          enabled_permissions.map(&:identifier).map(&:to_sym).include?(permission_identifier.to_sym)
+        end
+
+        def has_role?(role_identifier)
+          enabled_roles.map(&:identifier).map(&:to_sym).include?(role_identifier.to_sym)
+        end
+
+        def add_role(role_identifier)
+          role = ::Cmor::Rbac::Role.where(identifier: role_identifier).first
+          if role
+            roles << role
+          else
+            false
+          end
+        end
+
+        def roles_count
+          roles.count
+        end
+
+        def enabled_roles_count
+          enabled_roles.count
+        end
+
+        def permissions_count
+          permissions.count
+        end
+
+        def enabled_permissions_count
+          enabled_permissions.count
+        end
+      end
+    end
+  end
+end

data/app/models/concerns/model/flag_from_time_range_concern.rb

@@ -0,0 +1,26 @@
+module Model
+  module FlagFromTimeRangeConcern
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def flag_from_time_range(*args)
+        options = args.extract_options!
+        attributes = args
+
+        attributes.each do |attribute|
+          method_name_base = attribute.to_s.chomp('?')
+          define_method attribute do
+            time_range = (send("#{method_name_base}_from")..send("#{method_name_base}_to"))
+            time_range.cover? Time.zone.now
+          end
+
+          define_singleton_method method_name_base do
+            t = arel_table
+            now = Time.zone.now
+            where(t["#{method_name_base}_from"].lteq(now)).where(t["#{method_name_base}_to"].gteq(now))
+          end
+        end
+      end
+    end
+  end
+end

data/app/services/cmor/rbac/application_service.rb

@@ -0,0 +1,8 @@
+module Cmor
+  module Rbac
+    class ApplicationService < Rao::Service::Base
+      class Result < Rao::Service::Result::Base
+      end
+    end
+  end
+end

data/app/services/cmor/rbac/import_default_permissions_service.rb

@@ -0,0 +1,151 @@
+# require_dependency 'itsf_services'
+require_dependency 'active_model/validations/file_readability_validator'
+
+module Cmor
+  module Rbac
+    # Example:
+    #
+    #     # config/rbac.yml:
+    #     defaults:
+    #       permissions:
+    #         - posts/index
+    #         - posts/show
+    #       roles:
+    #         member:
+    #           - posts/index
+    #           - posts/show
+    #
+    #     # rails console:
+    #     Cmor::Rbac::ImportDefaultPermissionsService.call
+    #       =>
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Performing...
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]     Validating input...
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]       => Done
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Loaded YAML from /home/johndoe/rails_application/config/rbac.yml
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Checking for valid YAML structure
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Loaded 2 permissions
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Loaded 1 roles
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Saved 2 permissions
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Saved 1 roles
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]   Saved 2 role permissions
+    #         [Cmor::Rbac::ImportDefaultPermissionsService]     => Done
+    #
+    class ImportDefaultPermissionsService < ApplicationService
+      class Result < ApplicationService::Result
+        attr_accessor :permissions, :roles, :role_permissions
+      end
+
+      attr_accessor :filename
+
+      validates :filename, file_readability: true
+
+      def _perform
+        # say 'Validating input' do
+        #   unless valid?
+        #     say "Inputs are invalid. Errors: #{errors.full_messages.to_sentence}"
+        #     say 'Aborted'
+        #     return
+        #   end
+        # end
+
+        return unless load_yaml
+        return unless yaml_structure_valid?
+
+        load_permissions
+        load_roles
+
+        @result.permissions = create_or_update_permissions
+        @result.roles = create_or_update_roles
+        @result.role_permissions = create_or_update_role_permissions
+      end
+
+      private
+
+      def filename
+        @filename ||= Cmor::Rbac.default_permissions_filename.call
+      end
+
+      def create_or_update_permissions
+        permissions = @permissions.collect do |permission_identifier|
+          Cmor::Rbac::Permission.where(identifier: permission_identifier).first_or_initialize.tap do |permission|
+            permission.save!
+          end
+        end
+        say "Saved #{permissions.count} permissions"
+        permissions
+      end
+
+      def create_or_update_roles
+        roles = @roles.collect do |role_identifier, permissions|
+          Cmor::Rbac::Role.where(identifier: role_identifier).first_or_initialize.tap do |role|
+            role.save!
+          end
+        end
+        say "Saved #{roles.count} roles"
+        roles
+      end
+
+      def create_or_update_role_permissions
+        role_permissions = @roles.collect do |role_identifier, permissions|
+          role = Cmor::Rbac::Role.where(identifier: role_identifier).first
+          (permissions ||[]).collect do |permission_identifier|
+            permission = Cmor::Rbac::Permission.where(identifier: permission_identifier).first
+
+            Cmor::Rbac::RolePermission.where(role_id: role, permission_id: permission).first_or_initialize.tap do |role_permission|
+              role_permission.save!
+            end
+          end
+        end.flatten
+        say "Saved #{role_permissions.count} role permissions"
+        role_permissions
+      end
+
+      def load_permissions
+        @permissions = @yaml[:defaults][:permissions] || []
+        say "Loaded #{@permissions.size} permissions"
+      end
+
+      def load_roles
+        @roles = @yaml[:defaults][:roles] || []
+        say "Loaded #{@roles.size} roles"
+      end
+
+      def load_yaml
+        yaml = YAML.load_file(filename)
+        if yaml
+          say "Loaded YAML from #{filename}"
+          @yaml = yaml.with_indifferent_access
+        else
+          say "Could not load YAML from #{filename}"
+          @yaml = yaml
+        end
+      end
+
+      def yaml_structure_valid?
+        say "Checking for valid YAML structure"
+        unless @yaml.is_a?(Hash)
+          add_error_and_say(:yaml_file, "Expected file content of #{filename} to parse to a Hash, but was #{@yaml.class}")
+          return false
+        end
+
+        unless @yaml.has_key?(:defaults)
+          add_error_and_say(:yaml_file, "Expected yaml in #{filename} to have the key [defaults:].")
+          return false
+        end
+
+        unless @yaml[:defaults].has_key?(:roles)
+          add_error_and_say(:yaml_file, "Expected yaml in #{filename} to have the key [defaults:][roles:].")
+          return false
+        end
+
+
+        unless @yaml[:defaults].has_key?(:permissions)
+          add_error_and_say(:yaml_file, "Expected yaml in #{filename} to have the key [defaults:][permissions:].")
+          return false
+        end
+
+        return true
+      end
+    end
+  end
+end

data/app/views/cmor/rbac/_current_user_additional_table_rows.haml

@@ -0,0 +1,2 @@
+= table.association Cmor::Rbac::Role.model_name.human(count: :other) do |resource|
+  - resource.roles.map(&:identifier).join(', ')

data/app/views/layouts/cmor/rbac/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Rbac</title>
+  <%= stylesheet_link_tag    "cmor/rbac/application", media: "all" %>
+  <%= javascript_include_tag "cmor/rbac/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/initializers/inject_user_concern.rb

@@ -0,0 +1,10 @@
+Rails.configuration.to_prepare do
+  begin
+    puts "Including Model::Cmor::Rbac::UserConcern in #{Cmor::Rbac.user_class_name}"
+    Cmor::Rbac.user_class_name.constantize.class_eval do
+      include Model::Cmor::Rbac::UserConcern
+    end
+  rescue NameError => e
+    "Could not include Model::Cmor::Rbac::UserConcern into #{Cmor::Rbac.user_class_name}. Error: #{e.message}"
+  end
+end

data/config/locales/de.yml

@@ -0,0 +1,58 @@
+de:
+  activemodel:
+    models:
+      cmor/rbac/import_default_permissions_service: "Dienst zum Einrichten von Berechtigungen"
+    attributes:
+      cmor/rbac/import_default_permissions_service:
+        filename: Datei
+  activerecord:
+    attributes:
+      cmor/rbac/permission:
+        id: ID
+        actions: Aktionen
+        created_at: Erstellt am
+        enabled?: Aktiv
+        enabled_from: Aktiv ab
+        enabled_to: Aktiv bis
+        identifier: Bezeichner
+        updated_at: Aktualisiert am
+      cmor/rbac/role:
+        id: ID
+        actions: Aktionen
+        created_at: Erstellt am
+        enabled?: Aktiv
+        enabled_from: Aktiv ab
+        enabled_to: Aktiv bis
+        identifier: Bezeichner
+        updated_at: Aktualisiert am
+      cmor/rbac/role_permission:
+        id: ID
+        role: Rolle
+        role_id: Rolle
+        permission: Berechtigung
+        permission_id: Berechtigung
+        created_at: Erstellt am
+        updated_at: Aktualisiert am
+      cmor/rbac/user_role:
+        id: ID
+        user: Benutzer
+        user_id: Benutzer
+        role: Rolle
+        role_id: Rolle
+        created_at: Erstellt am
+        updated_at: Aktualisiert am
+    models:
+      cmor/rbac/permission:
+        one: Berechtigung
+        other: Berechtigungen
+      cmor/rbac/role:
+        one: Rolle
+        other: Rollen
+      cmor/rbac/role_permission:
+        one: Rollen-Berechtigung
+        other: Rollen-Berechtigungen
+      cmor/rbac/user_role:
+        one: Benutzer-Rolle
+        other: Benutzer-Rollen
+  routes:
+    cmor_rbac_engine: rbac

data/config/locales/en.yml

@@ -0,0 +1,58 @@
+en:
+  activemodel:
+    models:
+      cmor/rbac/import_default_permissions_service: "Import default permissions service"
+    attributes:
+      cmor/rbac/import_default_permissions_service:
+        filename: File
+  activerecord:
+    attributes:
+      cmor/rbac/permission:
+        id: ID
+        actions: Actions
+        created_at: Created at
+        enabled?: Active
+        enabled_from: Enabled from
+        enabled_to: Enabled to
+        identifier: Identifier
+        updated_at: Updated at
+      cmor/rbac/role:
+        id: ID
+        actions: Actions
+        created_at: Created at
+        enabled?: Active
+        enabled_from: Enabled from
+        enabled_to: Enabled to
+        identifier: Identifier
+        updated_at: Updated at
+      cmor/rbac/role_permission:
+        id: ID
+        role: Role
+        role_id: Role
+        permission: Permission
+        permission_id: Permission
+        created_at: Created at
+        updated_at: Updated at
+      cmor/rbac/user_role:
+        id: ID
+        user: User
+        user_id: User
+        role: Role
+        role_id: Role
+        created_at: Created at
+        updated_at: Updated at
+    models:
+      cmor/rbac/permission:
+        one: Permission
+        other: Permissions
+      cmor/rbac/role:
+        one: Role
+        other: Roles
+      cmor/rbac/role_permission:
+        one: Role Permission
+        other: Role Permissions
+      cmor/rbac/user_role:
+        one: User Role
+        other: User Roles
+  routes:
+    cmor_rbac_engine: rbac

data/config/routes.rb

@@ -0,0 +1,6 @@
+Cmor::Rbac::Engine.routes.draw do
+  localized do
+    scope :cmor_rbac_engine do
+    end
+  end
+end

data/db/migrate/20160301103116_create_cmor_rbac_roles.rb

@@ -0,0 +1,11 @@
+class CreateCmorRbacRoles < ActiveRecord::Migration[4.2]
+  def change
+    create_table :cmor_rbac_roles do |t|
+      t.string :identifier
+      t.timestamp :enabled_from
+      t.timestamp :enabled_to
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20160301103202_create_cmor_rbac_user_roles.rb

@@ -0,0 +1,10 @@
+class CreateCmorRbacUserRoles < ActiveRecord::Migration[4.2]
+  def change
+    create_table :cmor_rbac_user_roles do |t|
+      t.integer :user_id, index: true
+      t.integer :role_id, index: true
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20160301103219_create_cmor_rbac_permissions.rb

@@ -0,0 +1,11 @@
+class CreateCmorRbacPermissions < ActiveRecord::Migration[4.2]
+  def change
+    create_table :cmor_rbac_permissions do |t|
+      t.string :identifier
+      t.timestamp :enabled_from
+      t.timestamp :enabled_to
+
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20160301103240_create_cmor_rbac_role_permissions.rb

@@ -0,0 +1,10 @@
+class CreateCmorRbacRolePermissions < ActiveRecord::Migration[4.2]
+  def change
+    create_table :cmor_rbac_role_permissions do |t|
+      t.integer :role_id, index: true
+      t.integer :permission_id, index: true
+
+      t.timestamps null: false
+    end
+  end
+end

data/lib/active_model/validations/file_readability_validator.rb

@@ -0,0 +1,25 @@
+module ActiveModel
+  module Validations
+    class FileReadabilityValidator < ::ActiveModel::EachValidator
+      def validate_each(record, attribute, value)
+        filename = File.expand_path(value) if !value.nil? && value.respond_to?(:to_s)
+        if filename.nil?
+          record.errors.add(attribute, options[:message] || :filename_is_nil)
+          return
+        end
+        unless File.exists?(filename)
+          record.errors.add(attribute, options[:message] || :file_not_existent, filename: filename)
+          return
+        end
+        unless File.file?(filename)
+          record.errors.add(attribute, options[:message] || :file_not_file, filename: filename)
+          return
+        end
+        unless File.readable?(filename)
+          record.errors.add(attribute, options[:message] || :file_not_readable, filename: filename)
+          return
+        end
+      end
+    end
+  end
+end

data/lib/cmor/rbac/configuration.rb

@@ -0,0 +1,21 @@
+require 'active_support/core_ext/module/delegation'
+require 'active_support/core_ext/module/attribute_accessors'
+
+module Cmor
+  module Rbac
+    module Configuration
+      def configure
+        yield self
+      end
+
+      mattr_accessor(:user_class_name) { 'User' }
+      mattr_accessor(:user_factory_name) { :user }
+
+      mattr_accessor(:default_permissions_filename) { -> { Rails.root.join('config', 'rbac.yml') }  }
+
+      def self.user_class
+        user_class_name.constantize
+      end
+    end
+  end
+end

data/lib/cmor/rbac/engine.rb

@@ -0,0 +1,8 @@
+module Cmor
+  module Rbac
+    class Engine < ::Rails::Engine
+      isolate_namespace Cmor::Rbac
+
+    end
+  end
+end

data/lib/cmor/rbac/version.rb

@@ -0,0 +1,7 @@
+require 'cmor/version'
+
+module Cmor
+  module Rbac
+    VERSION = ::Cmor::VERSION
+  end
+end

data/lib/cmor/rbac.rb

@@ -0,0 +1,14 @@
+require 'cmor/rbac/configuration'
+require 'cmor/rbac/engine'
+
+module Cmor
+  module Rbac
+    extend Configuration
+
+    def self.table_name_prefix
+      'cmor_rbac_'
+    end
+  end
+end
+
+Cmor.configure { |c| c.register_configuration(:rbac, Cmor::Rbac) }

data/lib/cmor_rbac.rb

@@ -0,0 +1,4 @@
+require 'cmor_core'
+require 'rao-service'
+
+require 'cmor/rbac'

data/lib/generators/cmor/rbac/install/install_generator.rb

@@ -0,0 +1,23 @@
+module Cmor
+  module Rbac
+    module Generators
+      class InstallGenerator < Rails::Generators::Base
+        desc 'Generates the intializer'
+
+        source_root File.expand_path('../templates', __FILE__)
+
+        attr_reader :user_class_name, :user_factory_name
+
+        def initialize(*args)
+          super
+          @user_class_name = ENV.fetch('CMOR_RBAC_USER_CLASS_NAME') { 'User' }
+          @user_factory_name = ENV.fetch('CMOR_RBAC_USER_FACTORY_NAME') { 'user' }
+        end
+
+        def generate_initializer
+          template 'initializer.rb', 'config/initializers/cmor_rbac.rb'
+        end
+      end
+    end
+  end
+end

data/lib/generators/cmor/rbac/install/templates/initializer.rb

@@ -0,0 +1,20 @@
+Cmor::Rbac.configure do |config|
+  # Set the User class.
+  #
+  # Default: config.user_class_name = '<%= user_class_name %>'
+  # 
+  config.user_class_name = '<%= user_class_name %>'
+
+  # Factory name to use for users.
+  #
+  # default: config.user_factory_name = '<%= user_factory_name %>' 
+  #
+  config.user_factory_name = '<%= user_factory_name %>'
+
+  # Set the path of your default permissions file that will be used by
+  # Cmor::Rbac::ImportDefaultPermissionsService
+  # 
+  # default: config.default_permissions_filename = -> { Rails.root.join('config', 'rbac.yml') }
+  # 
+  config.default_permissions_filename = -> { Rails.root.join('config', 'rbac.yml') }
+end

data/lib/tasks/cmor/rbac_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :rbac do
+#   # Task goes here
+# end

data/spec/factories/cmor/rbac/permissions.rb

@@ -0,0 +1,5 @@
+FactoryBot.define do
+  factory :cmor_rbac_permission, class: Cmor::Rbac::Permission do
+    sequence(:identifier) { |i| "Permission ##{i}" }
+  end
+end

data/spec/factories/cmor/rbac/role_permissions.rb

@@ -0,0 +1,6 @@
+FactoryBot.define do
+  factory :cmor_rbac_role_permission, class: Cmor::Rbac::RolePermission do
+    association(:role,       factory: :cmor_rbac_role)
+    association(:permission, factory: :cmor_rbac_permission)
+  end
+end

data/spec/factories/cmor/rbac/roles.rb

@@ -0,0 +1,5 @@
+FactoryBot.define do
+  factory :cmor_rbac_role, class: Cmor::Rbac::Role do
+    sequence(:identifier) { |i| "Permission ##{i}" }
+  end
+end

data/spec/factories/cmor/rbac/user_roles.rb

@@ -0,0 +1,6 @@
+FactoryBot.define do
+  factory :cmor_rbac_user_role, class: Cmor::Rbac::UserRole do
+    association(:user, factory: Cmor::Rbac::Configuration.user_factory_name)
+    association(:role, factory: :cmor_rbac_role)
+  end
+end

metadata

@@ -0,0 +1,361 @@
+--- !ruby/object:Gem::Specification
+name: cmor_rbac
+version: !ruby/object:Gem::Version
+  version: 0.0.1.pre
+platform: ruby
+authors:
+- Roberto Vasquez Angel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-03-27 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.2.0
+- !ruby/object:Gem::Dependency
+  name: cmor_core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.1.pre
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.1.pre
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.6
+- !ruby/object:Gem::Dependency
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: factory_bot_rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: git_log_generator
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rao-shoulda_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails-dummy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails-i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: shoulda-matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-console
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rao-service
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.15.pre
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.0.15.pre
+description: Cmor::Rbac Module.
+email:
+- roberto@vasquez-angel.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.rdoc
+- Rakefile
+- app/assets/javascripts/cmor/rbac/application.js
+- app/assets/stylesheets/cmor/rbac/application.css
+- app/controllers/cmor/rbac/application_controller.rb
+- app/helpers/cmor/rbac/application_helper.rb
+- app/models/cmor/rbac/permission.rb
+- app/models/cmor/rbac/role.rb
+- app/models/cmor/rbac/role_permission.rb
+- app/models/cmor/rbac/user_role.rb
+- app/models/concerns/model/cmor/rbac/user_concern.rb
+- app/models/concerns/model/flag_from_time_range_concern.rb
+- app/services/cmor/rbac/application_service.rb
+- app/services/cmor/rbac/import_default_permissions_service.rb
+- app/views/cmor/rbac/_current_user_additional_table_rows.haml
+- app/views/layouts/cmor/rbac/application.html.erb
+- config/initializers/inject_user_concern.rb
+- config/locales/de.yml
+- config/locales/en.yml
+- config/routes.rb
+- db/migrate/20160301103116_create_cmor_rbac_roles.rb
+- db/migrate/20160301103202_create_cmor_rbac_user_roles.rb
+- db/migrate/20160301103219_create_cmor_rbac_permissions.rb
+- db/migrate/20160301103240_create_cmor_rbac_role_permissions.rb
+- lib/active_model/validations/file_readability_validator.rb
+- lib/cmor/rbac.rb
+- lib/cmor/rbac/configuration.rb
+- lib/cmor/rbac/engine.rb
+- lib/cmor/rbac/version.rb
+- lib/cmor_rbac.rb
+- lib/generators/cmor/rbac/install/install_generator.rb
+- lib/generators/cmor/rbac/install/templates/initializer.rb
+- lib/tasks/cmor/rbac_tasks.rake
+- spec/factories/cmor/rbac/permissions.rb
+- spec/factories/cmor/rbac/role_permissions.rb
+- spec/factories/cmor/rbac/roles.rb
+- spec/factories/cmor/rbac/user_roles.rb
+homepage: https://github.com/content-management-on-rails
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">"
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: Cmor::Rbac.
+test_files: []