dynamican 0.1.7

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d6dd7da02224c7b3e20e8b582f5929657255d33d4ddf81037a09e2c303df7182
+  data.tar.gz: 1c7f34c8b6335a89c21087243bdcaec746966ff76c7bc076204aefa736fce121
+SHA512:
+  metadata.gz: ea646968f0358bada82722bda78c2895bd6763428823f02ab51866caedbd45e7af0f411b5e77850e2bb71f83751503922aed96cb39b906fd344ebcca453154d9
+  data.tar.gz: 3c29cc459e4aff80101d2ec436deba04c3600410e030cc4e3cf09ad575df8b3cd1f93602a8639937930733c82513a6ea8293eeddbb309cd9cb5afe7159bfd329

data/.gitignore

@@ -0,0 +1 @@
+dynamican-*

data/README.md

@@ -0,0 +1,118 @@
+# Dynamican
+Dynamican is a flexible gem to introduce permissions on rails applications. It is very customizable because it stores all the rules inside the database and can be added to multiple models: for example you can add permissions to your Role model or to users. With a couple of overrides you can also add permissions to both Role and User and use role permissions through user.
+
+## Installation
+Inside your Gemfile put
+
+    gem 'dynamican'
+
+then run `bundle install`
+
+Once you have the gem, open the source code and look for migrations folder. You need to create in your project those migrations and run them. Obviously if you already have the gem installed and you are only updating, you only need to create the migrations for the later versions of the gem.
+
+In each model you want to have the feature, just put
+
+    include Dynamican::Model
+
+Create `config/dynamican.yml` file and compile it as follows for each of the models you included the code above into (let's say for instance you included Dynamican::Model into User and Role models)
+
+    associations:
+      role:
+        class_name: 'Role'
+      user:
+        class_name: 'User'
+
+### Using permissions on one model through another model
+
+I wanted to have the possibility to assign permissions both directly to my User model and my Role model, so that if the User had one permission and one of its Role had another, the User could benefit from both. So i assigned the feature (as explained above) to both models and then decorated my User model like this
+
+    module Decorators
+      module Models
+        module User
+          module DynamicanOverrides
+            def self.prepended(base)
+              base.class_eval do
+                has_many :user_permission_connectors, class_name: 'Dynamican::PermissionConnector'
+                has_many :user_permissions, class_name: 'Dynamican::Permission', through: :user_permission_connectors, source: :permission
+                has_many :role_permissions, through: :roles, class_name: 'Dynamican::Permission', source: :permissions
+              end
+            end
+
+            def permission_connectors
+              Dynamican::PermissionConnector.where(id: user_permission_connectors.ids + roles.map(&:permission_connectors).flatten.map(&:id))
+            end
+
+            def permissions
+              Dynamican::Permission.where(id: user_permissions.ids + role_permissions.ids)
+            end
+
+            ::User.prepend self
+          end
+        end
+      end
+    end
+
+I personally have put this in `app/decorators/models/user/dynamican_overrides.rb` (you need to load the folder if you don't already have it) but you can make it work as you please. I recommend to keep it separate from the original User model though.
+
+## Usage
+
+Now the hard part: the real configuration.
+
+Create one `Dynamican::Permission` for each pair of action-object you need. For example i created CRUD permissions for my models. Let's say, for instance, you have the Order model.
+
+    p1 = Dynamican::Permission.create(action: 'create', object_name: 'order')
+    p2 = Dynamican::Permission.create(action: 'read', object_name: 'order')
+    p3 = Dynamican::Permission.create(action: 'update', object_name: 'order')
+    p4 = Dynamican::Permission.create(action: 'delete', object_name: 'order')
+
+To assign one of these permissions to your Role or User, you need to create a `Dynamican::PermissionConnector` like this
+
+    user.permission_connectors.create(permission: p1)
+
+Or simply
+
+    user.permissions << p1
+
+Now your user is considered able to create orders and you can check the permissions:
+
+    user.can? :create, :order
+    # Returns true
+
+    user.can? :read, :order
+    # Returns false
+
+You can pass as second argument (the object) a symbol, a string, the class itself and also the instance (instances are used for condition evaluations).
+You can also pass an array of these elements and permissions for all elements will be evaluated. The `can?` method will return true only if all permissions are evaluated positively.
+You can also create custom permissions which don't need an object, simply leaving the `object_name` empty. Let's say you want to give permission to a certain user to dance
+
+    p5 = Dynamican::Permission.create(action: 'dance')
+
+    user.permissions << p5
+
+Call the `can?` method without any second argument
+
+    user.can? :dance
+
+    # Returns true
+
+
+## Conditions
+
+You can link a `Dynamican::PermissionConnector` to as many conditions as you want.
+
+Conditions are created like this
+
+    permission_connector.conditions.create(statement: '@user.orders.count < 5')
+    permission_connector.conditions.create(statement: '@object.field.present?')
+
+You can store in conditions statements whatever conditions you like in plain ruby and the string will be evaulated. Inside the statements, object have to be called as instance variables. These instance variables need to be present and can be declared as follows:
+
+1. The model name of the instance you called `can?` from, like the user, will be defined automatically based on model name so if you call `user.can?` you will have `@user` variable defined.
+2. The object you pass as second argument (which should match the `object_name` of your permission) will be defined as `@object`, so if you call `user.can? :read, @order` you will have `@object` variable defined containing your `@order`.
+3. You can pass as third argument an hash of objects like this `user.can? :read, @order, time: Time.zone.now, whatever: @you_want` and you will have `@time` and `@whatever` variables defined.
+
+WARNING: since the condition statement gets evaluated, i recommend not to allow anyone except project developers to create conditions to prevent malicious code from being executed.
+
+If one `Dynamican::PermissionConnector` is linked to many conditions, the model will be allowed to make that action only if all conditions are true. If you want to set alternative conditions, you should store the or conditions inside the same statement, like this:
+
+    condition.statement = '@user.nice? || @user.polite?'

data/dynamican.gemspec

@@ -0,0 +1,12 @@
+Gem::Specification.new do |s|
+  s.name        = 'dynamican'
+  s.version     = '0.1.7'
+  s.date        = '2020-04-12'
+  s.summary     = "Dynamic permissions"
+  s.description = "Dynamic and flexible database configurable permissions for your application"
+  s.authors     = ["Valerio Bellaveglia"]
+  s.files       = `git ls-files`.split("\n")
+  s.homepage    = 'https://github.com/ValerioBellaveglia/Dynamican'
+  s.require_path = 'lib'
+  s.license = 'MIT'
+end

data/lib/dynamican/configuration.rb

@@ -0,0 +1,17 @@
+module Dynamican
+  def self.configuration
+    @configuration ||= Configuration.new(configuration_hash)
+  end
+
+  def self.configuration_hash
+    @configuration_hash ||= HashWithIndifferentAccess.new(YAML.load_file('config/dynamican.yml'))
+  end
+
+  class Configuration
+    attr_accessor :associations
+
+    def initialize(configuration_hash)
+      @associations = configuration_hash[:associations]
+    end
+  end
+end

data/lib/dynamican/evaluator.rb

@@ -0,0 +1,43 @@
+module Dynamican
+  class Evaluator
+    attr_reader :subject, :action, :object, :object_name, :conditions_instances
+
+    def initialize(subject, action, object, conditions_instances = {})
+      @subject = subject
+      @action = action
+      @object = object
+      @object_name = calculate_object_name
+      @conditions_instances = conditions_instances
+    end
+
+    def evaluate
+      set_instance_variables
+
+      matching_connectors = subject.permission_connectors.for_action(action).for_object(object_name)
+      matching_conditions_statements = matching_connectors.conditional.map(&:conditions).flatten.map(&:statement)
+
+      matching_connectors.unconditional.any? ||
+      matching_conditions_statements.any? && matching_conditions_statements.map { |statement| eval statement }.all?
+    end
+
+    private
+
+    def set_instance_variables
+      instance_variable_set("@#{subject.model_name.element}", subject)
+
+      conditions_instances.each do |instance_name, instance_object|
+        instance_variable_set("@#{instance_name}", instance_object)
+      end
+    end
+
+    def calculate_object_name
+      if object.class.in? [Symbol, String, Class]
+        object.to_s.downcase
+      elsif object.is_a?(NilClass)
+        nil
+      else
+        object.class.to_s.downcase
+      end
+    end
+  end
+end

data/lib/dynamican/model.rb

@@ -0,0 +1,18 @@
+module Dynamican
+  module Model
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :permission_connectors, class_name: 'Dynamican::PermissionConnector'
+      has_many :permissions, class_name: 'Dynamican::Permission', through: :permission_connectors, source: :permission
+    end
+
+    def can?(action, object = nil, conditions_instances = {})
+      if object.respond_to? :each
+        object.all? { |single_object| can? action, single_object }
+      else
+        Dynamican::Evaluator.new(self, action, object, conditions_instances).evaluate
+      end
+    end
+  end
+end

data/lib/dynamican.rb

@@ -0,0 +1,6 @@
+require 'dynamican/configuration'
+require 'dynamican/evaluator'
+require 'dynamican/model'
+require 'models/dynamican/condition'
+require 'models/dynamican/permission_connector'
+require 'models/dynamican/permission'

data/lib/models/dynamican/condition.rb

@@ -0,0 +1,5 @@
+module Dynamican
+  class Condition < ActiveRecord::Base
+    has_and_belongs_to_many :permission_connectors, class_name: 'Dynamican::PermissionConnector', foreign_key: :condition_id
+  end
+end

data/lib/models/dynamican/permission.rb

@@ -0,0 +1,10 @@
+module Dynamican
+  class Permission < ActiveRecord::Base
+    has_many :permission_connectors, class_name: 'Dynamican::PermissionConnector', inverse_of: :permission, foreign_key: :permission_id
+
+    validates_presence_of :action
+
+    scope :for_action, -> (actions) { where(action: actions) }
+    scope :for_object, -> (object_names) { where(object_name: object_names) }
+  end
+end

data/lib/models/dynamican/permission_connector.rb

@@ -0,0 +1,14 @@
+module Dynamican
+  class PermissionConnector < ActiveRecord::Base
+    Dynamican.configuration.associations.each do |association_name, association_options|
+      belongs_to association_name.to_sym, class_name: association_options[:class_name], inverse_of: association_options[:inverse_of], foreign_key: "#{association_name}_id".to_sym, optional: true
+    end
+    has_and_belongs_to_many :conditions, class_name: 'Dynamican::Condition', inverse_of: :permission_connectors, foreign_key: :permission_connector_id
+    belongs_to :permission, class_name: 'Dynamican::Permission', inverse_of: :permission_connectors, foreign_key: :permission_id
+
+    scope :conditional, -> { where(conditional: true) }
+    scope :unconditional, -> { where(conditional: false) }
+    scope :for_action, -> (action) { joins(:permission).where(permissions: { action: action }) }
+    scope :for_object, -> (object_name) { joins(:permission).where(permissions: { object_name: object_name }) }
+  end
+end

data/migrations/0.1.2/dynamican_create_database_structure.rb

@@ -0,0 +1,31 @@
+class DynamicanCreateDatabaseStructure < ActiveRecord::Migration[5.2]
+  def change
+    create_table :conditions do |t|
+      t.string :description
+      t.string :statement
+
+      t.timestamps
+    end
+
+    create_table :permissions do |t|
+      t.string :action
+      t.string :object_name
+
+      t.timestamps
+    end
+
+    create_table :permission_connectors do |t|
+      t.references :user
+      t.references :role
+      t.references :permission
+      t.boolean :conditional, default: false
+
+      t.timestamps
+    end
+
+    create_table :conditions_permission_connectors do |t|
+      t.bigint :condition_id
+      t.bigint :permission_connector_id
+    end
+  end
+end

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: dynamican
+version: !ruby/object:Gem::Version
+  version: 0.1.7
+platform: ruby
+authors:
+- Valerio Bellaveglia
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-04-12 00:00:00.000000000 Z
+dependencies: []
+description: Dynamic and flexible database configurable permissions for your application
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- README.md
+- dynamican.gemspec
+- lib/dynamican.rb
+- lib/dynamican/configuration.rb
+- lib/dynamican/evaluator.rb
+- lib/dynamican/model.rb
+- lib/models/dynamican/condition.rb
+- lib/models/dynamican/permission.rb
+- lib/models/dynamican/permission_connector.rb
+- migrations/0.1.2/dynamican_create_database_structure.rb
+homepage: https://github.com/ValerioBellaveglia/Dynamican
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.2
+signing_key: 
+specification_version: 4
+summary: Dynamic permissions
+test_files: []