dynamican 1.0.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ee2ebd9f3470a7ad1002ee3344a357fc1549e8065dffc09986f9c466577de8a9
-  data.tar.gz: e1cac4d8aa2b6f209dc6885cebe31d9ec5548af8578514aa9bf44fe1836fb697
+  metadata.gz: 07765d12ff4c1d8450e780bc29414d1db951b7ae2645876de19b723f92a9d688
+  data.tar.gz: 784a582fab983684cd45d41205e9a2a050036e13bad45d70ebd3f88a15be4d66
 SHA512:
-  metadata.gz: 63e6761a9fed8385830c6f10697a0448ec08a8e2a781612ac54544ed810635bbfec6006c26e5054b653131a495815c6da5ed1842e11262736f9b1a274c9b0882
-  data.tar.gz: be88310e037fb8cb2e71af8f8616f1441a2963b4b65a6599762e92b6800e30cec6ede2216c5558d2ff8c8ffc7407c94e866c5894a3f8e15c31517dcb213ac5a6
+  metadata.gz: deabb5e5032c2c99eff13b680fcc816c712430de25ff791a2803bfd91eb5a26c6babf0bf524872195be4d67c50e7e95103910fb60331da43236869f6e7d2f687
+  data.tar.gz: 9b805a8fe35cd6c131988fdc81d7a7d17a07b8526db04208028462f7c394229767a3bca7e1cd21bd8b670b857eba23f3c2a18e22aeec861a2588b19ec69b630c

data/README.md

@@ -14,9 +14,11 @@ This command will generate a migration file in your project, which you can run w
 
     rails db:migrate
 
-In each model you want to have the feature, just put the following.
+## Permissions
 
-    include Dynamican::Model
+In each model you want to have permissions, put the following.
+
+    include Dynamican::Permittable
 
 ### Using a model permissions on another model
 
@@ -43,9 +45,9 @@ I wanted to have the possibility to assign permissions both directly to my User
       end
     end
 
-I personally have put this in `app/decorators/models/user/dynamican_overrides.rb` (rails needs to load the folder of course); you can make it work as you please but i recommend to keep it separate from the original User model.
+I have put this in `app/decorators/models/user/dynamican_overrides.rb` (rails needs to load the folder of course); you can make it work as you please but i recommend to keep it separate from the original User model.
 
-## Usage
+### Configuration and Usage
 
 Now the hard part: the real configuration.
 
@@ -56,7 +58,7 @@ Create one `Dynamican::Action` for each action you need. For example i created C
     a3 = Dynamican::Action.create(name: 'update')
     a4 = Dynamican::Action.create(name: 'delete')
 
-Then create one `Dynamican::Item` for each resource you want your permittables to have permissions to act on. This is not mandatory for every permission though: you can also set a permission to do a general action, like `login`. Right now i'm trying to setup permissions for my permittable (Role model) to act on Order model.
+Make sure you have one `Dynamican::Item` for each resource you want your permittables to have permissions to act on. This is not mandatory for every permission though: you can also set a permission to do a general action, like `login`. Right now i'm trying to setup permissions for my permittable (Role model) to act on Order model.
 
     i1 = Dynamican::Item.create(name: 'Order')
 
@@ -108,8 +110,6 @@ You can store in conditions statements whatever conditions you like in plain rub
 2. The same thing happens with the item: it will be defined both as `@item` and as the name of its class, so if you call `user.can? :read, @order` you will have `@item` and `@order` variable defined containing your `@order` object.
 3. You can pass as third argument an hash of objects like this `user.can? :read, @order, time: Time.zone.now, whatever: @you_want` and you will have `@time` and `@whatever` variables defined.
 
-WARNING: since the condition statement gets evaluated, i recommend not to allow anyone except project developers to create conditions, in order to prevent malicious code from being executed.
-
 If one `Dynamican::Permission` is linked to many conditions, the model will be allowed to make that action only if all conditions are true. If you want to set alternative conditions, you should store the `or` conditions inside the same condition statement, like this:
 
     condition.statement = '@user.nice? || @user.polite?'
@@ -121,6 +121,50 @@ There is a `for_item(item_name)` scope, which turns to string and then classifie
 There is also a `without_item` scope to filter records that are not linked to any item.
 As mentioned before, you can also use `conditional` and `unconditional` scopes to find objects with or without any condition attached.
 
-### Controller usage
+### Controller helpers
 
 Your controllers now all have the `authorize!` method, which accepts one or two arguments: the first is the action, and the second (optional) is the item (or list of items) you want to check permissions for. As you can see, the usage is similar to the `can?` method. The reason is that is actually calls that method on the instance of `@current_user` and, whether permissions are evaluated as false, it raises an exception which is rescued by an `unauthorized` response rendered.
+
+## Filters
+
+In each model you want to have filters, put the following.
+
+    include Dynamican::Skimmable
+
+### Use skimming filters of another model
+
+If you want, you can also allow a related model (for example User) to use Role's skimming rules. In that case the in the User model you should do as follows.
+
+    skim_throught :roles
+
+### Configuration and Usage
+
+Make sure you have one `Dynamican::Item` for each class you want your skimmable models to skim.  The name of the item has to be PascalCase.
+
+    item = Skimming::Item.create(name: 'Order')
+
+Create one `Dynamican::Rule` for each condition you want to evaluate when you decide if the skimmable should keep the items of a certain collection.
+
+    rule = Skimming::Rule.create(statement: '@order.created_at < 1.month.ago')
+
+This, for example, hides all orders older than 1 month from the collection.
+
+Create one `Dynamican::Filter` for each item your model needs to skim and assign the rule.
+
+    role.create_filter(item: item, rule: rule)
+
+If now you call `role.skim orders_collection` only orders newer than 1 month ago will be returned.
+
+Also user can do that if it has the role assigned and you have specified `skim_through :roles` in User model.
+
+### Rules
+
+You can store in filters rules whatever conditions you like in plain ruby and the string will be evaulated. Inside the rules, object have to be called as instance variables. These instance variables indeed need to be present and can be declared in a few ways.
+
+1. The model name of the instance you called `skim` from, like the user, will be defined automatically based on model name, so if you call `user.skim rooms_collection` you will have `@user` variable defined.
+2. Based on the skimmed collection, instance variables are defined. In the case above, `@order` variable will be present for each of the orders to be evaluated in. The collection name is calculated based on the class of the first object in the collection and will raise an error if is not the same for all collection elements. You can override this calculation specifying the `item_name` of the collection (the skimming will look for collection_filters with that `item_name`). This can be necessary if you are filtering throught different classes instances having STI.
+3. You can pass as third argument an hash of objects like this `user.skim rooms_collection, time: Time.zone.now, whatever: @you_want` and you will have `@time` and `@whatever` variables defined for rule evaluation.
+
+
+## Security
+Since the conditions and rules statements get evaluated, it's highly recommended not to allow anyone except project developers to create them, in order to prevent unsafe code from being executed.

data/dynamican.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name        = 'dynamican'
-  s.version     = '1.0.1'
-  s.date        = '2020-09-10'
+  s.version     = '2.0.0'
+  s.date        = '2024-03-05'
   s.summary     = "Dynamic permissions"
   s.description = "Dynamic and flexible database configurable permissions for your application"
   s.authors     = ["Valerio Bellaveglia"]

data/lib/dynamican/{evaluator.rb → authorizer.rb}

@@ -1,5 +1,5 @@
 module Dynamican
-  class Evaluator
+  class Authorizer
     attr_reader :subject, :action, :item, :item_name, :conditions_instances
 
     def initialize(subject, action, item, conditions_instances = {})

data/lib/dynamican/{model.rb → permittable.rb}

@@ -1,5 +1,5 @@
 module Dynamican
-  module Model
+  module Permittable
     extend ActiveSupport::Concern
 
     included do
@@ -10,7 +10,7 @@ module Dynamican
       if item.respond_to? :each
         item.all? { |single_item| can? action, single_item }
       else
-        Dynamican::Evaluator.new(self, action, item, conditions_instances).evaluate
+        Dynamican::Authorizer.new(self, action, item, conditions_instances).evaluate
       end
     end
   end

data/lib/dynamican/skimmable.rb

@@ -0,0 +1,20 @@
+module Dynamican
+    module Skimmable
+      extend ActiveSupport::Concern
+  
+      included do
+        has_many :filters, class_name: 'Dynamican::Filter', as: :skimmable
+      end
+  
+      module ClassMethods
+        def skim_through(association)
+          has_many :filters, through: association, class_name: 'Dynamican::Filter', source: :filters
+        end
+      end
+  
+      def skim(collection, item_name: nil, **skimming_instances)
+        Dynamican::Skimmer.new(self, collection, item_name, skimming_instances).skim
+      end
+    end
+  end
+  

data/lib/dynamican/skimmer.rb

@@ -0,0 +1,49 @@
+module Dynamican
+    class Skimmer
+      attr_reader :subject, :collection, :item_name, :skimming_instances
+  
+      def initialize(subject, collection, item_name, skimming_instances)
+        @subject = subject
+        @collection = collection
+        @item_name = calculate_item_name
+        @skimming_instances = skimming_instances
+      end
+  
+      def skim
+        set_instance_variables
+  
+        filters_rules = subject.filters.for_item(item_name).map(&:rules).flatten.map(&:statement)
+  
+        return collection if filters_rules.empty?
+  
+        skimming_result = collection.select do |collection_item|
+          instance_variable_set("@#{item_name.downcase}", collection_item)
+  
+          filters_rules.all? { |rule| eval rule }
+        end
+  
+        skimming_result
+      end
+  
+      private
+  
+      def calculate_item_name
+        return item_name.to_s.classify if item_name
+  
+        items_classes = collection.map(&:class).uniq
+  
+        raise 'Invalid collection: contains items with different classes (#{items.classes.join(', ')}). Use same class items or specify their item_name.' unless items_classes.count == 1
+  
+        items_classes.first.name.demodulize
+      end
+  
+      def set_instance_variables
+        instance_variable_set("@#{subject.class.name.downcase}", subject)
+  
+        skimming_instances.each do |instance_name, instance_object|
+          instance_variable_set("@#{instance_name}", instance_object)
+        end
+      end
+    end
+  end
+  

data/lib/dynamican.rb

@@ -1,8 +1,12 @@
 require 'dynamican/authorization'
-require 'dynamican/evaluator'
-require 'dynamican/model'
+require 'dynamican/authorizer'
+require 'dynamican/permittable'
+require 'dynamican/skimmer'
+require 'dynamican/skimmable'
 require 'models/dynamican/permission'
 require 'models/dynamican/action'
 require 'models/dynamican/item'
 require 'models/dynamican/condition'
+require 'models/dynamican/filter'
+require 'models/dynamican/rule'
 require 'generators/dynamican_migration_generator'

data/lib/generators/dynamican_migration_generator.rb

@@ -10,44 +10,58 @@ class DynamicanMigrationGenerator < Rails::Generators::Base
 
   def migration_data
 <<MIGRATION
-  class DynamicanMigration < ActiveRecord::Migration[5.2]
-    def change
-      unless table_exists? :permissions
-        create_table :permissions do |t|
-          t.bigint :permittable_id
-          t.string :permittable_type
-          t.bigint :action_id
-
-          t.timestamps
-        end
-
-        create_table :actions do |t|
-          t.string :name
-
-          t.timestamps
-        end
-
-        create_table :items do |t|
-          t.string :name
-
-          t.timestamps
-        end
-
-        create_table :conditions do |t|
-          t.bigint :permission_id
-          t.string :statement
-          t.string :description
-
-          t.timestamps
-        end
-
-        create_table :items_permissions do |t|
-          t.bigint :item_id
-          t.bigint :permission_id
-        end
-      end
+class DynamicanMigration < ActiveRecord::Migration[5.2]
+  def change
+    create_table :dynamican_permissions do |t|
+      t.bigint :permittable_id
+      t.string :permittable_type
+      t.bigint :action_id
+
+      t.timestamps
+    end
+
+    create_table :dynamican_actions do |t|
+      t.string :name
+
+      t.timestamps
+    end
+
+    create_table :dynamican_items do |t|
+      t.string :name
+
+      t.timestamps
+    end
+
+    create_table :dynamican_conditions do |t|
+      t.bigint :permission_id
+      t.string :statement
+      t.string :description
+
+      t.timestamps
+    end
+
+    create_table :dynamican_filters do |t|
+      t.bigint :item_id
+      t.bigint :skimmable_id
+      t.string :skimmable_type
+
+      t.timestamps
+    end
+
+    create_table :dynamican_rules do |t|
+      t.bigint :filter_id
+      t.string :statement
+      t.string :name
+
+      t.timestamps
+    end
+
+    create_table :dynamican_items_dynamican_permissions do |t|
+      t.bigint :item_id
+      t.bigint :permission_id
     end
   end
+end
 MIGRATION
   end
 end

data/lib/models/dynamican/action.rb

@@ -1,9 +1,9 @@
 module Dynamican
   class Action < ActiveRecord::Base
+    self.table_name = 'dynamican_actions'
+    
     has_many :permissions, class_name: 'Dynamican::Permission', inverse_of: :action, foreign_key: :action_id, dependent: :destroy
 
     validates :name, presence: true, uniqueness: true
-
-    attr_readonly :name
   end
 end

data/lib/models/dynamican/condition.rb

@@ -1,5 +1,7 @@
 module Dynamican
   class Condition < ActiveRecord::Base
+    self.table_name = 'dynamican_conditions'
+
     belongs_to :permission, class_name: 'Dynamican::Permission', inverse_of: :conditions, foreign_key: :permission_id
 
     validates_presence_of :statement

data/lib/models/dynamican/filter.rb

@@ -0,0 +1,14 @@
+module Dynamican
+    class Filter < ActiveRecord::Base
+        self.table_name = 'dynamican_filters'
+
+      belongs_to :skimmable, polymorphic: true
+      belongs_to :item, class_name: 'Dynamican::Item', inverse_of: :filters, foreign_key: :item_id
+      has_many :rules
+  
+      validates_presence_of :rules
+  
+      scope :for_item, -> (item_name) { joins(:item).where(items: { name: item_name }) }
+    end
+  end
+  

data/lib/models/dynamican/item.rb

@@ -1,11 +1,12 @@
 module Dynamican
   class Item < ActiveRecord::Base
+    self.table_name = 'dynamican_items'
+
     has_and_belongs_to_many :permissions, class_name: 'Dynamican::Permission', inverse_of: :items, foreign_key: :item_id, dependent: :destroy
+    has_many :filters, class_name: 'Dynamican::Filter', inverse_of: :item, foreign_key: :item_id
 
     validates :name, presence: true, uniqueness: true
 
-    attr_readonly :name
-
     before_validation :classify_name
 
     def classify_name

data/lib/models/dynamican/permission.rb

@@ -1,11 +1,13 @@
 module Dynamican
   class Permission < ActiveRecord::Base
+    self.table_name = 'dynamican_permissions'
+
     belongs_to :permittable, polymorphic: true
     belongs_to :action, class_name: 'Dynamican::Action', inverse_of: :permissions, foreign_key: :action_id
-    has_and_belongs_to_many :items, class_name: 'Dynamican::Item', inverse_of: :permissions, foreign_key: :permission_id
+    has_and_belongs_to_many :items, class_name: 'Dynamican::Item', inverse_of: :permissions, foreign_key: :permission_id, join_table: :dynamican_items_dynamican_permissions
     has_many :conditions, class_name: 'Dynamican::Condition', inverse_of: :permission, foreign_key: :permission_id
 
-    scope :for_action, -> (action_name) { joins(:action).where(actions: { name: action_name }) }
+    scope :for_action, -> (action_name) { joins(:action).where(action: { name: action_name }) }
     scope :for_item, -> (item_name) { joins(:items).where(items: { name: item_name.to_s.classify }) }
     scope :without_item, -> { left_outer_joins(:items).where(items: { id: nil }) }
     scope :conditional, -> { joins(:conditions) }

data/lib/models/dynamican/rule.rb

@@ -0,0 +1,10 @@
+module Dynamican
+    class Rule < ActiveRecord::Base
+        self.table_name = 'dynamican_rules'
+
+      belongs_to :filter, class_name: 'Dynamican::Filter', inverse_of: :rule, foreign_key: :filter_id
+  
+      validates_presence_of :statement
+    end
+  end
+  

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dynamican
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.0.0
 platform: ruby
 authors:
 - Valerio Bellaveglia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-09-10 00:00:00.000000000 Z
+date: 2024-03-05 00:00:00.000000000 Z
 dependencies: []
 description: Dynamic and flexible database configurable permissions for your application
 email:
@@ -21,13 +21,17 @@ files:
 - dynamican.gemspec
 - lib/dynamican.rb
 - lib/dynamican/authorization.rb
-- lib/dynamican/evaluator.rb
-- lib/dynamican/model.rb
+- lib/dynamican/authorizer.rb
+- lib/dynamican/permittable.rb
+- lib/dynamican/skimmable.rb
+- lib/dynamican/skimmer.rb
 - lib/generators/dynamican_migration_generator.rb
 - lib/models/dynamican/action.rb
 - lib/models/dynamican/condition.rb
+- lib/models/dynamican/filter.rb
 - lib/models/dynamican/item.rb
 - lib/models/dynamican/permission.rb
+- lib/models/dynamican/rule.rb
 homepage: https://github.com/ValerioBellaveglia/Dynamican
 licenses:
 - MIT
@@ -47,7 +51,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.5.3
 signing_key:
 specification_version: 4
 summary: Dynamic permissions