croods 0.1.0

data/lib/croods/controller/member.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Croods
+  class Controller < ActionController::API
+    module Member
+      protected
+
+      def member
+        return @member ||= member_by_id if resource.identifier == :id
+
+        @member ||= member_by_identifier
+      end
+
+      def member_by_id
+        policy_scope(model).find(params[:id])
+      end
+
+      def member_by_identifier
+        policy_scope(model).find_by!(resource.identifier => identifier)
+      end
+
+      def identifier
+        params[resource.identifier]
+      end
+
+      def member_params
+        params
+          .permit(resource.request_attributes.keys)
+          .merge(
+            params
+              .require(resource.resource_name)
+              .permit(resource.request_attributes.keys)
+          )
+      end
+
+      def new_member
+        policy_scope(model).new(
+          member_params
+            .merge(tenant_params(model))
+            .merge(user_params(model))
+        )
+      end
+    end
+  end
+end

data/lib/croods/controller/model.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module Croods
+  class Controller < ActionController::API
+    module Model
+      protected
+
+      def model_name
+        resource_name.singularize
+      end
+
+      def model
+        model_name.constantize
+      end
+    end
+  end
+end

data/lib/croods/controller/multi_tenancy.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module Croods
+  class Controller < ActionController::API
+    module MultiTenancy
+      extend ActiveSupport::Concern
+
+      included do
+        before_action :authorize_multi_tenancy, unless: :devise_controller?
+      end
+
+      protected
+
+      def tenant_model
+        return unless Croods.multi_tenancy?
+
+        Croods.multi_tenancy_by.to_s.titleize.constantize
+      end
+
+      def header_tenant
+        return unless Croods.multi_tenancy?
+
+        tenant_model.find_by!(slug: request.headers['Tenant'])
+      end
+
+      def current_tenant
+        return unless Croods.multi_tenancy?
+
+        @current_tenant ||= current_user&.tenant
+      end
+
+      def tenant_params(model)
+        return {} unless Croods.multi_tenancy?
+
+        return {} unless model.has_attribute? Croods.tenant_attribute
+
+        { Croods.tenant_attribute => current_tenant.id }
+      end
+
+      def authorize_multi_tenancy
+        return unless Croods.multi_tenancy?
+
+        return unless current_user
+
+        return if request.headers['Tenant'] == current_tenant.slug
+
+        raise(
+          Pundit::NotAuthorizedError,
+          'You are not authorized to access this organization'
+        )
+      end
+    end
+  end
+end

data/lib/croods/controller/not_found.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Croods
+  class Controller < ActionController::API
+    module NotFound
+      extend ActiveSupport::Concern
+
+      included do
+        rescue_from ActiveRecord::RecordNotFound, with: :not_found
+      end
+
+      protected
+
+      def not_found(exception)
+        render status: :not_found, json: {
+          id: 'not_found',
+          message: exception.message
+        }
+      end
+    end
+  end
+end

data/lib/croods/controller/record_invalid.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Croods
+  class Controller < ActionController::API
+    module RecordInvalid
+      extend ActiveSupport::Concern
+
+      included do
+        rescue_from ActiveRecord::RecordInvalid, with: :record_invalid
+      end
+
+      protected
+
+      def record_invalid(exception)
+        render status: :unprocessable_entity, json: {
+          id: 'record_invalid',
+          message: exception.message
+        }
+      end
+    end
+  end
+end

data/lib/croods/controller/resource.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Croods
+  class Controller < ActionController::API
+    module Resource
+      protected
+
+      def resource_name
+        *names, _last = self.class.to_s.titleize.split
+        names.join
+      end
+
+      def resource
+        "#{resource_name}::Resource".constantize
+      end
+
+      def action
+        @action ||= resource.actions.find do |action|
+          action.name.to_s == action_name
+        end
+      end
+
+      def execute_service(member_or_collection, params, &block)
+        return instance_eval(&block) unless action&.service
+
+        action.service.execute(member_or_collection, params, current_user)
+      end
+    end
+  end
+end

data/lib/croods/middleware.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+require_relative 'middleware/request_validation'
+require_relative 'middleware/response_validation'
+
+module Croods
+  module Middleware
+    METHODS = %i[get post put patch delete options head].freeze
+
+    EXPOSE_HEADERS = %w[
+      access-token expiry token-type uid client Authorization Link Total
+      Per-Page
+    ].freeze
+
+    def self.insert!
+      insert_cors!
+      insert_request_validation!
+      insert_response_validation!
+    end
+
+    def self.insert_cors!
+      Rails.application.config.middleware.insert_before 0, Rack::Cors do
+        allow do
+          origins '*'
+          resource '*', headers: :any, expose: EXPOSE_HEADERS, methods: METHODS
+        end
+      end
+    end
+
+    def self.insert_request_validation!
+      Rails.application.config.middleware.insert_before(
+        ActionDispatch::Executor,
+        Middleware::RequestValidation
+      )
+    end
+
+    def self.insert_response_validation!
+      Rails.application.config.middleware.insert_after(
+        ActionDispatch::Callbacks,
+        Middleware::ResponseValidation
+      )
+    end
+  end
+end

data/lib/croods/middleware/base.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Croods
+  module Middleware
+    class Base
+      attr_accessor :app, :options
+
+      def initialize(app, **options)
+        self.app = app
+        self.options = options
+      end
+
+      def call(env)
+        committee = self.class.name.gsub('Croods', 'Committee').constantize
+          .new(app, options.merge(schema: Croods.json_schema))
+        committee.call(env)
+      end
+    end
+  end
+end

data/lib/croods/middleware/request_validation.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module Croods
+  module Middleware
+    class RequestValidation < Base
+    end
+  end
+end

data/lib/croods/middleware/response_validation.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module Croods
+  module Middleware
+    class ResponseValidation < Base
+    end
+  end
+end

data/lib/croods/model.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+module Croods
+  class Model < ActiveRecord::Base
+    self.abstract_class = true
+
+    def self.resource_name
+      to_s.pluralize
+    end
+
+    def self.resource
+      "#{resource_name}::Resource".constantize
+    end
+
+    def as_json(_options = {})
+      attributes = {}
+
+      resource.response_attributes.each do |name, attribute|
+        value = send(name)
+        value = value.iso8601 if value && attribute.type == :datetime
+        attributes[name] = value
+      end
+
+      attributes
+    end
+
+    def tenant
+      return unless Croods.multi_tenancy?
+
+      public_send(Croods.multi_tenancy_by)
+    end
+
+    def resource_name
+      self.class.to_s.pluralize
+    end
+
+    def resource
+      "#{resource_name}::Resource".constantize
+    end
+  end
+end

data/lib/croods/policy.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+require_relative 'policy/scope'
+
+module Croods
+  class Policy
+    DEFAULT_ROLES = %i[owner admin].freeze
+
+    def initialize(user, member)
+      self.user = user
+      self.member = member
+    end
+
+    protected
+
+    cattr_writer :roles
+    attr_accessor :user, :member
+
+    def super?(role)
+      return role?(role) unless Croods.multi_tenancy? && user && member_user
+
+      role?(role) && member_user.tenant == user.tenant
+    end
+
+    def role?(role)
+      user&.public_send("#{role}?")
+    end
+
+    def owner?
+      return true unless member_user
+
+      return false unless user
+
+      member_user == user
+    end
+
+    def member_user
+      return @member_user if @member_user
+
+      return if member.instance_of?(Class)
+
+      @member_user = reflection_user(member)
+    end
+
+    def user_is_the_owner?(record)
+      record.respond_to?(:user) && record.resource.user_is_the_owner?
+    end
+
+    def reflection_user(record)
+      return unless record
+
+      return record.user if user_is_the_owner?(record)
+
+      associations = list_associations(record)
+
+      return if associations.empty?
+
+      associations.each do |association|
+        association_user = reflection_user(record.public_send(association.name))
+        return association_user if association_user
+      end
+
+      nil
+    end
+
+    def list_associations(record)
+      record.class.reflect_on_all_associations(:belongs_to)
+    end
+
+    def other_tenant?(user_to_compare)
+      user.tenant != user_to_compare.tenant
+    end
+
+    def skip_associations_authorization?
+      !Croods.multi_tenancy? || member.instance_of?(Class)
+    end
+
+    def other_tenant_user?
+      member.respond_to?(:user) && other_tenant?(member.user)
+    end
+
+    def authorize_associations
+      return true if skip_associations_authorization?
+      return false if other_tenant_user?
+
+      associations = list_associations(member)
+
+      return true if associations.empty?
+
+      associations.each do |association|
+        association_user = reflection_user(member.public_send(association.name))
+        return false if association_user && other_tenant?(association_user)
+      end
+
+      true
+    end
+
+    def authorize_action(action)
+      return true if action.public
+
+      return false unless authorize_associations
+
+      roles = action.roles || DEFAULT_ROLES
+
+      roles.each do |role|
+        return true if authorize_role(role)
+      end
+
+      false
+    end
+
+    def authorize_role(role)
+      return owner? if role.to_sym == :owner
+
+      super?(role)
+    end
+  end
+end