croods 0.1.0

data/lib/croods/policy/scope.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+module Croods
+  class Policy
+    class Scope
+      def initialize(tenant:, user:, scope:)
+        self.user  = user
+        self.scope = scope
+        self.tenant = user&.tenant || tenant
+      end
+
+      def resolve
+        self.scope = tenant_scope(scope) if Croods.multi_tenancy?
+
+        return scope if action.public
+
+        return scope if super?
+
+        return owner_scope(scope) if owner?
+
+        scope
+      end
+
+      protected
+
+      attr_accessor :tenant, :user, :scope
+
+      def scope_is_the_owner?(scope, target)
+        return scope.reflect_on_association(target) unless target == :user
+
+        scope.resource.user_is_the_owner? &&
+          scope.reflect_on_association(target)
+      end
+
+      def reflection_path(scope, target, path = [])
+        return path if scope_is_the_owner?(scope, target)
+
+        associations = scope.reflect_on_all_associations(:belongs_to)
+
+        return path if associations.empty?
+
+        associations.each do |association|
+          model = association.class_name.constantize
+          expanded_path = path + [association]
+          association_path = reflection_path(model, target, expanded_path)
+          return association_path if association_path != path
+        end
+
+        path
+      end
+
+      def joins(path)
+        joins = nil
+
+        path.reverse.each do |association|
+          joins = joins ? { association.name => joins } : association.name
+        end
+
+        joins
+      end
+
+      def immediate_tenant_scope(scope)
+        scope.where(Croods.tenant_attribute => tenant.id)
+      end
+
+      def immediate_tenant_scope?(scope)
+        scope.has_attribute?(Croods.tenant_attribute)
+      end
+
+      def tenant_scope(scope)
+        return immediate_tenant_scope(scope) if immediate_tenant_scope?(scope)
+
+        path = reflection_path(scope, Croods.multi_tenancy_by)
+        return scope if path.empty?
+
+        scope.joins(joins(path)).where(
+          path.last.plural_name => { Croods.tenant_attribute => tenant.id }
+        )
+      end
+
+      def user_owner_scope(scope)
+        scope.where(id: user.id)
+      end
+
+      def user_owner_scope?(scope)
+        scope == User || scope.try(:klass) == User
+      end
+
+      def immediate_owner_scope(scope)
+        scope.where(user_id: user.id)
+      end
+
+      def immediate_owner_scope?(scope)
+        scope.resource.user_is_the_owner? && scope.has_attribute?(:user_id)
+      end
+
+      def owner_scope(scope)
+        return user_owner_scope(scope) if user_owner_scope?(scope)
+
+        return immediate_owner_scope(scope) if immediate_owner_scope?(scope)
+
+        path = reflection_path(scope, :user)
+        return scope if path.empty?
+
+        scope.joins(joins(path)).where(
+          path.last.plural_name => { user_id: user.id }
+        )
+      end
+
+      def super?
+        super_roles.each do |role|
+          return true if user&.send("#{role}?")
+        end
+
+        false
+      end
+
+      def roles
+        action.roles || DEFAULT_ROLES
+      end
+
+      def super_roles
+        roles.reject { |role| role == :owner }
+      end
+
+      def owner?
+        roles.include?(:owner)
+      end
+    end
+  end
+end

data/lib/croods/railtie.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module Croods
+  class Railtie < ::Rails::Railtie
+  end
+end

data/lib/croods/resource.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative 'resource/names'
+require_relative 'resource/paths'
+require_relative 'resource/identifier'
+require_relative 'resource/model'
+require_relative 'resource/policy'
+require_relative 'resource/controller'
+require_relative 'resource/actions'
+require_relative 'resource/attributes'
+require_relative 'resource/json_schema'
+require_relative 'resource/authentication'
+require_relative 'resource/authorization'
+require_relative 'resource/filters'
+require_relative 'resource/sorting'
+require_relative 'resource/services'
+
+module Croods
+  module Resource
+    extend ActiveSupport::Concern
+
+    class_methods do
+      include Names
+      include Paths
+      include Identifier
+      include Model
+      include Policy
+      include Controller
+      include Actions
+      include Attributes
+      include JsonSchema
+      include Authentication
+      include Authorization
+      include Filters
+      include Sorting
+      include Services
+    end
+  end
+end

data/lib/croods/resource/actions.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Croods
+  module Resource
+    module Actions
+      DEFAULT_ACTIONS = %i[index create update destroy show].freeze
+
+      def default_actions
+        DEFAULT_ACTIONS.map do |name|
+          Croods::Action.new name
+        end
+      end
+
+      def actions(*names)
+        return filtered_actions if names.empty?
+
+        @actions = names.map do |name|
+          Croods::Action.new name
+        end
+      end
+
+      def filtered_actions
+        @actions ||= default_actions
+
+        @actions.reject { |action| ignored_actions.include?(action.name) }
+      end
+
+      def add_action(name, method: :get, on: :member, &block)
+        additional_actions << Action.new(
+          name, method: method, on: on, block: block
+        )
+      end
+
+      def additional_actions
+        @additional_actions ||= []
+      end
+
+      def remove_actions(*names)
+        names.each do |name|
+          ignored_actions << name.to_sym
+        end
+      end
+
+      def ignored_actions
+        @ignored_actions ||= []
+      end
+
+      alias remove_action remove_actions
+    end
+  end
+end

data/lib/croods/resource/attributes.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require_relative 'attributes/base'
+require_relative 'attributes/request'
+require_relative 'attributes/response'
+
+module Croods
+  module Resource
+    module Attributes
+      include Base
+
+      def request(&block)
+        request_instance.instance_eval(&block)
+      end
+
+      def response(&block)
+        response_instance.instance_eval(&block)
+      end
+
+      def request_instance
+        @request_instance ||= Request.new(ignore_user: user_is_the_owner?)
+      end
+
+      def response_instance
+        @response_instance ||= Response.new
+      end
+
+      def merged_attributes(type, hash = nil)
+        (hash || attributes)
+          .merge(type.additional_attributes)
+          .reject { |name| type.ignored_attributes.include?(name) }
+      end
+
+      def request_attributes
+        merged_attributes(request_instance)
+      end
+
+      def response_attributes
+        merged_attributes(response_instance)
+      end
+
+      def attributes
+        merged_attributes(self, model.columns_hash)
+      end
+
+      def definitions
+        attributes
+          .merge(request_instance.additional_attributes)
+          .merge(response_instance.additional_attributes)
+      end
+    end
+  end
+end

data/lib/croods/resource/attributes/base.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Croods
+  module Resource
+    module Attributes
+      module Base
+        def add_attribute(name, type, **options)
+          attribute = Croods::Attribute.new(name, type, **options)
+          additional_attributes[name.to_s] = attribute
+        end
+
+        def additional_attributes
+          @additional_attributes ||= {}
+        end
+
+        def remove_attributes(*names)
+          names.each do |name|
+            ignored_attributes << name.to_s
+          end
+        end
+
+        def ignored_attributes
+          @ignored_attributes ||= []
+        end
+
+        alias remove_attribute remove_attributes
+      end
+    end
+  end
+end

data/lib/croods/resource/attributes/request.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module Croods
+  module Resource
+    module Attributes
+      class Request
+        include Base
+
+        attr_accessor :ignore_user
+
+        def initialize(ignore_user:)
+          self.ignore_user = ignore_user
+        end
+
+        def ignored_attributes
+          @ignored_attributes ||= default_ignored_attributes
+        end
+
+        def default_ignored_attributes
+          return [] unless ignore_user
+
+          ['user_id']
+        end
+      end
+    end
+  end
+end

data/lib/croods/resource/attributes/response.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module Croods
+  module Resource
+    module Attributes
+      class Response
+        include Base
+      end
+    end
+  end
+end

data/lib/croods/resource/authentication.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Croods
+  module Resource
+    module Authentication
+      OPTIONS = %i[
+        database_authenticatable registerable recoverable rememberable
+        trackable validatable
+      ].freeze
+
+      ATTRIBUTES = %i[
+        allow_password_change confirmation_sent_at confirmation_token
+        encrypted_password confirmed_at provider uid remember_created_at
+        reset_password_sent_at reset_password_token tokens unconfirmed_email
+        current_sign_in_at current_sign_in_ip last_sign_in_at last_sign_in_ip
+        sign_in_count
+      ].freeze
+
+      def use_for_authentication!(*options)
+        add_model_authentication(*options)
+
+        remove_attributes(*ATTRIBUTES)
+        remove_attribute(Croods.tenant_attribute) if Croods.multi_tenancy?
+
+        request do
+          add_attribute :password, :string, null: false
+        end
+      end
+
+      def add_model_authentication(*options)
+        extend_model do
+          before_create do
+            self.uid = email unless uid.present?
+          end
+
+          extend Devise::Models
+
+          devise_options = options.empty? ? OPTIONS : options
+          devise(*devise_options)
+
+          include DeviseTokenAuth::Concerns::User
+        end
+      end
+    end
+  end
+end

data/lib/croods/resource/authorization.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Croods
+  module Resource
+    module Authorization
+      def authorize(*roles, on: nil)
+        return if roles.empty?
+
+        on = [on] if on&.is_a?(Symbol)
+
+        actions.each do |action|
+          next if on && !on.include?(action.name)
+
+          action.roles = roles
+        end
+      end
+
+      def public_actions(*names)
+        return unless names
+
+        names = [names] if names&.is_a?(Symbol)
+
+        extend_controller do
+          skip_before_action :authenticate_user!, only: names
+        end
+
+        actions.each do |action|
+          next unless names.include?(action.name)
+
+          action.public = true
+        end
+      end
+
+      alias public_action public_actions
+
+      def user_is_not_the_owner!
+        @user_is_the_owner = false
+      end
+
+      def user_is_the_owner?
+        return @user_is_the_owner unless @user_is_the_owner.nil?
+
+        @user_is_the_owner = true
+      end
+    end
+  end
+end