eaco 0.5.0

data/lib/eaco/adapters.rb

@@ -0,0 +1,14 @@
+module Eaco
+
+  # Persistance adapters for ACL objects and authorized collections extractor
+  # strategies.
+  #
+  # @see ActiveRecord
+  # @see CouchrestModel
+  #
+  module Adapters
+    autoload :ActiveRecord,   'eaco/adapters/active_record'
+    autoload :CouchrestModel, 'eaco/adapters/couchrest_model'
+  end
+
+end

data/lib/eaco/adapters/active_record.rb

@@ -0,0 +1,70 @@
+module Eaco
+  module Adapters
+
+    ##
+    # PostgreSQL 9.4 and up backing store for ACLs.
+    #
+    # @see ACL
+    # @see PostgresJSONb
+    #
+    module ActiveRecord
+      autoload :PostgresJSONb, 'eaco/adapters/active_record/postgres_jsonb'
+      autoload :Compatibility, 'eaco/adapters/active_record/compatibility'
+
+      ##
+      # Currently defined collection extraction strategies.
+      #
+      # @return Hash
+      #
+      def self.strategies
+        {:pg_jsonb => PostgresJSONb}
+      end
+
+      ##
+      # Checks whether the model's data structure fits the ACL persistance
+      # requirements.
+      #
+      # @param base [Class] your application's model
+      #
+      # @return void
+      #
+      def self.included(base)
+        Compatibility.new(base).check!
+
+        column = base.columns_hash.fetch('acl', nil)
+
+        unless column
+          raise Malformed, "Please define a jsonb column named `acl` on #{base}."
+        end
+
+        unless column.type == :json || column.type == :jsonb
+          raise Malformed, "The `acl` column on #{base} must be of the json type."
+        end
+      end
+
+      ##
+      # @return [ACL] this Resource's ACL.
+      #
+      # @see ACL
+      #
+      def acl
+        acl = read_attribute(:acl)
+        self.class.acl.new(acl)
+      end
+
+      ##
+      # Sets the Resource's ACL.
+      #
+      # @param acl [ACL] the new ACL to set.
+      #
+      # @return [ACL]
+      #
+      # @see ACL
+      #
+      def acl=(acl)
+        write_attribute :acl, acl.to_hash
+      end
+    end
+
+  end
+end

data/lib/eaco/adapters/active_record/compatibility.rb

@@ -0,0 +1,83 @@
+module Eaco
+  module Adapters
+    module ActiveRecord
+
+      ##
+      # Sets up JSONB support for the different AR versions
+      #
+      class Compatibility
+        autoload :V32, 'eaco/adapters/active_record/compatibility/v32.rb'
+        autoload :V40, 'eaco/adapters/active_record/compatibility/v40.rb'
+        autoload :V41, 'eaco/adapters/active_record/compatibility/v41.rb'
+        autoload :V42, 'eaco/adapters/active_record/compatibility/v42.rb'
+
+        ##
+        # @param model [ActiveRecord::Base] the model to check
+        #
+        def initialize(model)
+          @model = model
+        end
+
+        ##
+        # Checks whether the model is compatible. Looks up the
+        # {#support_module} and includes it.
+        #
+        # @see #support_module
+        def check!
+          layer = support_module
+          base.instance_eval { include layer }
+        end
+
+        private
+
+        ##
+        # @return [ActiveRecord::Base] associated with the model
+        #
+        def base
+          @model.base_class.superclass
+        end
+
+        ##
+        # @return [String] the +ActiveRecord+ major and minor version numbers
+        #
+        # Example: "42" for 4.2
+        #
+        def active_record_version
+          ver = base.parent::VERSION
+          [ver.const_get(:MAJOR), ver.const_get(:MINOR)].join
+        end
+
+        ##
+        # Tries to look up the support module for the {#active_record_version}
+        # in the {Compatibility} namespace.
+        #
+        # @return [Module] the support module
+        #
+        # @raise [Eaco::Error] if not found.
+        #
+        # @see check!
+        #
+        def support_module
+          unless self.class.const_defined?(support_module_name)
+            raise Eaco::Error, <<-EOF
+              Unsupported Active Record version: #{active_record_version}
+            EOF
+          end
+
+          self.class.const_get support_module_name
+        end
+
+        ##
+        # @return [String] "V" with {.active_record_version} appended.
+        #
+        # Example: "V32" for Rails 3.2.
+        #
+        def support_module_name
+          ['V', active_record_version].join
+        end
+
+      end
+
+    end
+  end
+end

data/lib/eaco/adapters/active_record/compatibility/v32.rb

@@ -0,0 +1,27 @@
+module Eaco
+  module Adapters
+    module ActiveRecord
+      class Compatibility
+
+        ##
+        # Rails 3.2 JSONB support module.
+        #
+        # Uses https://github.com/romanbsd/activerecord-postgres-json to do
+        # the dirty compatibility stuff. This module only uses +.serialize+
+        # to set the +JSON+ coder.
+        #
+        module V32
+          require 'activerecord-postgres-json'
+
+          ##
+          # Sets the JSON coder on the acl column
+          #
+          def self.included(base)
+            base.serialize :acl, ::ActiveRecord::Coders::JSON
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/eaco/adapters/active_record/compatibility/v40.rb

@@ -0,0 +1,59 @@
+module Eaco
+  module Adapters
+    module ActiveRecord
+      class Compatibility
+
+        ##
+        # Rails v4.0.X compatibility layer for jsonb
+        #
+        module V40
+          ##
+          #
+          # Sets up the OID Type Map, reloads it, hacks native database types,
+          # and makes jsonb mimick itself as a json - for the rest of the AR
+          # machinery to work intact.
+          #
+          def self.included(base)
+            adapter = base.connection
+
+            adapter.class::OID.register_type 'jsonb', adapter.class::OID::Json.new
+            adapter.send :reload_type_map
+
+            adapter.native_database_types.update(jsonb: {name: 'json'})
+
+            adapter.class.parent::PostgreSQLColumn.instance_eval do
+              include Column
+            end
+          end
+
+          ##
+          # Patches to ActiveRecord::ConnectionAdapters::PostgreSQLColumn
+          #
+          module Column
+            ##
+            # Makes +sql_type+ return +json+ for +jsonb+ columns
+            #
+            def sql_type
+              orig_type = super
+              orig_type == 'jsonb' ? 'json' : type
+            end
+
+            ##
+            # Makes +simplified_type+ return +json+ for +jsonb+ columns
+            #
+            # @return [Symbol]
+            #
+            def simplified_type(field_type)
+              if field_type == 'jsonb'
+                :json
+              else
+                super
+              end
+            end
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/eaco/adapters/active_record/compatibility/v41.rb

@@ -0,0 +1,16 @@
+module Eaco
+  module Adapters
+    module ActiveRecord
+      class Compatibility
+
+        ##
+        # Rails 4.1 JSONB support module.
+        #
+        # Magically, the 4.0 hacks work on 4.1. YAY!
+        #
+        V41 = V40
+
+      end
+    end
+  end
+end

data/lib/eaco/adapters/active_record/compatibility/v42.rb

@@ -0,0 +1,17 @@
+module Eaco
+  module Adapters
+    module ActiveRecord
+      class Compatibility
+
+        ##
+        # Rails 4.2 JSONB support module.
+        #
+        # Magically, this module is empty. YAY!
+        #
+        module V42
+        end
+
+      end
+    end
+  end
+end

data/lib/eaco/adapters/active_record/postgres_jsonb.rb

@@ -0,0 +1,36 @@
+module Eaco
+  module Adapters
+    module ActiveRecord
+
+      ##
+      # Authorized collection extractor on PostgreSQL >= 9.4 and a +jsonb+
+      # column named +acl+.
+      #
+      # TODO negative authorizations (using a separate column?)
+      #
+      # @see ACL
+      # @see Actor
+      # @see Resource
+      #
+      module PostgresJSONb
+
+        ##
+        # Uses the json key existance operator +?|+ to check whether one of the
+        # +Actor+'s +Designator+ instances exist as keys in the +ACL+ objects.
+        #
+        # @param actor [Actor]
+        #
+        # @return [ActiveRecord::Relation] the authorized collection scope.
+        #
+        def accessible_by(actor)
+          return scoped if actor.is_admin?
+
+          designators = actor.designators.map {|d| quote_value(d) }
+
+          where("acl ?| array[#{designators.join(',')}]")
+        end
+      end
+
+    end
+  end
+end

data/lib/eaco/adapters/couchrest_model.rb

@@ -0,0 +1,37 @@
+module Eaco
+  module Adapters
+
+    ##
+    # CouchRest::Model backing store for ACLs, that naively uses +property+.
+    # As the ACL class is an +Hash+, it gets unserialized automagically by
+    # CouchRest guts.
+    #
+    # @see ACL
+    # @see CouchDBLucene
+    #
+    module CouchrestModel
+      autoload :CouchDBLucene, 'eaco/adapters/couchrest_model/couchdb_lucene'
+
+      ##
+      # Returns currently available collection extraction strategies.
+      #
+      def self.strategies
+        {lucene: CouchDBLucene}
+      end
+
+      ##
+      # Defines the +acl+ property on the given model
+      #
+      # @param base [CouchRest::Model] your model class.
+      #
+      # @return [void]
+      #
+      def self.included(base)
+        base.instance_eval do
+          property :acl, acl
+        end
+      end
+    end
+
+  end
+end

data/lib/eaco/adapters/couchrest_model/couchdb_lucene.rb

@@ -0,0 +1,71 @@
+module Eaco
+  module Adapters
+    module CouchrestModel
+
+      ##
+      # Authorized collection extractor on CouchDB using the CouchDB Lucene
+      # full-text indexer <https://github.com/ifad/couchdb-lucene>, a patched
+      # CouchRest <https://github.com/ifad/couchrest> to interact with the
+      # "_fti" couchdb lucene API endpoint, and a patched CouchRest::Model
+      # <https://github.com/ifad/couchrest_model> that provides a search()
+      # API to run lucene queries.
+      #
+      # It requires an indexing strategy similar to the following:
+      #
+      #   {
+      #     _id: "_design/lucene",
+      #     language: "javascript",
+      #     fulltext: {
+      #       search: {
+      #         defaults: { store: "no" },
+      #         analyzer: "perfield:{acl:\"keyword\"}",
+      #         index: function(doc) {
+      #
+      #           var acl = doc.acl;
+      #           if (!acl) {
+      #             return null;
+      #           }
+      #
+      #           var ret = new Document();
+      #
+      #           for (key in acl) {
+      #             ret.add(key, {
+      #               type: 'string',
+      #               field: 'acl',
+      #               index: 'not_analyzed'
+      #             });
+      #           }
+      #
+      #           return ret;
+      #         }
+      #       }
+      #     }
+      #   }
+      #
+      # Made in Italy.
+      #
+      # @see ACL
+      # @see Actor
+      # @see Resource
+      #
+      module CouchDBLucene
+
+        ##
+        # Uses a Lucene query to extract Resources accessible by the given Actor.
+        #
+        # @param actor [Actor]
+        #
+        # @return [CouchRest::Model::Search::View] the authorized collection scope.
+        #
+        def accessible_by(actor)
+         return search(nil) if actor.is_admin?
+
+         designators = actor.designators.map {|item| '"%s"' % item }
+
+         search "acl:(#{designators.join(' OR ')})"
+        end
+      end
+
+    end
+  end
+end