RubyGems - easy-admin-rails - Versions diffs - 0.1.15 → 0.2.0 - Mend

easy-admin-rails 0.1.15 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

data/lib/easy_admin/permissions/component.rb ADDED Viewed

@@ -0,0 +1,168 @@
+module EasyAdmin
+  module Permissions
+    module Component
+      extend ActiveSupport::Concern
+      # Check if current user has permission
+      def current_user_can?(permission_name, context: nil)
+        current_user = helpers.current_user if helpers.respond_to?(:current_user)
+        EasyAdmin::Permissions.authorized?(current_user, permission_name, context: context)
+      end
+      # Check if current user has role
+      def current_user_has_role?(role_name, context: nil)
+        current_user = helpers.current_user if helpers.respond_to?(:current_user)
+        EasyAdmin::Permissions.has_role?(current_user, role_name, context: context)
+      end
+      # Render content only if user has permission
+      def if_can(permission_name, context: nil, &block)
+        if current_user_can?(permission_name, context: context)
+          block.call if block_given?
+        end
+      end
+      # Render content only if user has role
+      def if_has_role(role_name, context: nil, &block)
+        if current_user_has_role?(role_name, context: context)
+          block.call if block_given?
+        end
+      end
+      # Render content if user DOESN'T have permission
+      def unless_can(permission_name, context: nil, &block)
+        unless current_user_can?(permission_name, context: context)
+          block.call if block_given?
+        end
+      end
+      # Render content if user DOESN'T have role
+      def unless_has_role(role_name, context: nil, &block)
+        unless current_user_has_role?(role_name, context: context)
+          block.call if block_given?
+        end
+      end
+      # Conditional CSS classes based on permissions
+      def permission_classes(permission_name, enabled_classes: "", disabled_classes: "opacity-50 cursor-not-allowed", context: nil)
+        if current_user_can?(permission_name, context: context)
+          enabled_classes
+        else
+          disabled_classes
+        end
+      end
+      # Conditional attributes based on permissions
+      def permission_attrs(permission_name, enabled_attrs: {}, disabled_attrs: {}, context: nil)
+        if current_user_can?(permission_name, context: context)
+          enabled_attrs
+        else
+          disabled_attrs
+        end
+      end
+      # Generate link with permission check
+      def permission_link(text, href, permission_name, context: nil, **attrs, &block)
+        if current_user_can?(permission_name, context: context)
+          a(href: href, **attrs) do
+            if block_given?
+              block.call
+            else
+              text
+            end
+          end
+        else
+          span(class: "text-gray-400 cursor-not-allowed", **attrs.except(:href, :data)) do
+            if block_given?
+              block.call
+            else
+              text
+            end
+          end
+        end
+      end
+      # Generate button with permission check
+      def permission_button(text = nil, permission_name:, context: nil, disabled_class: "opacity-50 cursor-not-allowed", **attrs, &block)
+        can_access = current_user_can?(permission_name, context: context)
+        button_attrs = attrs.dup
+        button_attrs[:disabled] = true unless can_access
+        button_attrs[:class] = [button_attrs[:class], disabled_class].compact.join(" ") unless can_access
+        button(**button_attrs) do
+          if block_given?
+            block.call
+          elsif text
+            text
+          end
+        end
+      end
+      # Render form field only if user can edit
+      def permission_field(permission_name, context: nil, readonly_class: "bg-gray-100", &block)
+        can_edit = current_user_can?(permission_name, context: context)
+        if can_edit
+          block.call if block_given?
+        else
+          # Render read-only version
+          div(class: readonly_class) do
+            block.call if block_given?
+          end
+        end
+      end
+      # Show different content based on multiple permission checks
+      def permission_case(context: nil, &block)
+        permission_case_builder = PermissionCaseBuilder.new(self, context)
+        permission_case_builder.instance_eval(&block) if block_given?
+        permission_case_builder.render
+      end
+      private
+      # Helper class for building conditional permission rendering
+      class PermissionCaseBuilder
+        def initialize(component, context)
+          @component = component
+          @context = context
+          @cases = []
+          @else_block = nil
+        end
+        def when_can(permission_name, &block)
+          @cases << { type: :permission, name: permission_name, block: block }
+          self
+        end
+        def when_has_role(role_name, &block)
+          @cases << { type: :role, name: role_name, block: block }
+          self
+        end
+        def otherwise(&block)
+          @else_block = block
+          self
+        end
+        def render
+          @cases.each do |case_item|
+            case case_item[:type]
+            when :permission
+              if @component.current_user_can?(case_item[:name], context: @context)
+                return case_item[:block].call if case_item[:block]
+              end
+            when :role
+              if @component.current_user_has_role?(case_item[:name], context: @context)
+                return case_item[:block].call if case_item[:block]
+              end
+            end
+          end
+          @else_block&.call
+        end
+      end
+    end
+  end
+end

data/lib/easy_admin/permissions/configuration.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module EasyAdmin
+  module Permissions
+    class Configuration
+      attr_accessor :enabled,
+                    :cache_duration,
+                    :admin_bypass,
+                    :user_model,
+                    :context_types
+      def initialize
+        @enabled = false
+        @cache_duration = 1.hour
+        @admin_bypass = true
+        @user_model = 'User'
+        @context_types = [] # e.g., ['Organization', 'Project']
+      end
+      # Define available permission contexts
+      def contexts(*types)
+        @context_types = types.map(&:to_s)
+      end
+      # Set the user model class
+      def user_class(klass = nil)
+        if klass
+          @user_model = klass.to_s
+        else
+          @user_model.constantize
+        end
+      end
+      def user_class_name
+        @user_model
+      end
+    end
+  end
+end

data/lib/easy_admin/permissions/controller.rb ADDED Viewed

@@ -0,0 +1,164 @@
+module EasyAdmin
+  module Permissions
+    module Controller
+      extend ActiveSupport::Concern
+      included do
+        # Include Action Policy authorization
+        include ActionPolicy::Controller if defined?(ActionPolicy)
+        # Set up authorization context for Action Policy
+        if respond_to?(:authorize)
+          authorize :user, through: :current_user
+        end
+      end
+      # Check if current user has permission
+      def current_user_can?(permission_name, context: nil)
+        EasyAdmin::Permissions.authorized?(current_user, permission_name, context: context)
+      end
+      # Check if current user has role
+      def current_user_has_role?(role_name, context: nil)
+        EasyAdmin::Permissions.has_role?(current_user, role_name, context: context)
+      end
+      # Require permission or show 403 error
+      def require_permission!(permission_name, context: nil)
+        unless current_user_can?(permission_name, context: context)
+          handle_permission_denied(permission_name)
+        end
+      end
+      # Require role or show 403 error
+      def require_role!(role_name, context: nil)
+        unless current_user_has_role?(role_name, context: context)
+          handle_role_denied(role_name)
+        end
+      end
+      # Before action to check permissions for CRUD operations
+      def check_permissions_for_action
+        action = action_name.to_s
+        resource_name = controller_name
+        permission_map = {
+          'index' => "#{resource_name}:read",
+          'show' => "#{resource_name}:read",
+          'new' => "#{resource_name}:create",
+          'create' => "#{resource_name}:create",
+          'edit' => "#{resource_name}:update",
+          'update' => "#{resource_name}:update",
+          'destroy' => "#{resource_name}:delete"
+        }
+        if permission_name = permission_map[action]
+          require_permission!(permission_name)
+        end
+      end
+      # Get current user's permissions for view helpers
+      def current_user_permissions(context: nil)
+        return [] unless current_user
+        EasyAdmin::Permissions.user_permissions(current_user, context: context)
+      end
+      # Check permission in views (helper method)
+      def can?(permission_name, context: nil)
+        current_user_can?(permission_name, context: context)
+      end
+      # Check role in views (helper method)
+      def has_role?(role_name, context: nil)
+        current_user_has_role?(role_name, context: context)
+      end
+      private
+      def handle_permission_denied(permission_name)
+        respond_to do |format|
+          format.html do
+            if request.xhr? || request.headers['Content-Type'] == 'text/html'
+              render plain: permission_denied_component(permission_name).call, status: :forbidden
+            else
+              redirect_to root_path, alert: "Permission denied: #{permission_name}"
+            end
+          end
+          format.json { render json: { error: "Permission denied: #{permission_name}" }, status: :forbidden }
+          format.turbo_stream { render turbo_stream: turbo_stream.replace("main", permission_denied_component(permission_name).call) }
+        end
+      end
+      def handle_role_denied(role_name)
+        respond_to do |format|
+          format.html do
+            if request.xhr? || request.headers['Content-Type'] == 'text/html'
+              render plain: role_denied_component(role_name).call, status: :forbidden
+            else
+              redirect_to root_path, alert: "Role required: #{role_name}"
+            end
+          end
+          format.json { render json: { error: "Role required: #{role_name}" }, status: :forbidden }
+          format.turbo_stream { render turbo_stream: turbo_stream.replace("main", role_denied_component(role_name).call) }
+        end
+      end
+      def permission_denied_component(permission_name)
+        if defined?(EasyAdmin::Permissions::PermissionDeniedComponent)
+          EasyAdmin::Permissions::PermissionDeniedComponent.new(permission: permission_name, user: current_user)
+        else
+          # Fallback component
+          BasicPermissionDeniedComponent.new(permission: permission_name)
+        end
+      end
+      def role_denied_component(role_name)
+        if defined?(EasyAdmin::Permissions::RoleDeniedComponent)
+          EasyAdmin::Permissions::RoleDeniedComponent.new(role: role_name, user: current_user)
+        else
+          # Fallback component
+          BasicRoleDeniedComponent.new(role: role_name)
+        end
+      end
+      # Basic fallback components for when full components aren't defined
+      class BasicPermissionDeniedComponent
+        def initialize(permission:)
+          @permission = permission
+        end
+        def call
+          <<~HTML
+            <div class="flex items-center justify-center min-h-96">
+              <div class="text-center">
+                <div class="text-6xl text-gray-400 mb-4">🔒</div>
+                <h2 class="text-2xl font-bold text-gray-900 mb-2">Permission Denied</h2>
+                <p class="text-gray-600">You need the '#{@permission}' permission to access this resource.</p>
+                <a href="javascript:history.back()" class="inline-block mt-4 px-4 py-2 bg-blue-500 text-white rounded hover:bg-blue-600">Go Back</a>
+              </div>
+            </div>
+          HTML
+        end
+      end
+      class BasicRoleDeniedComponent
+        def initialize(role:)
+          @role = role
+        end
+        def call
+          <<~HTML
+            <div class="flex items-center justify-center min-h-96">
+              <div class="text-center">
+                <div class="text-6xl text-gray-400 mb-4">👑</div>
+                <h2 class="text-2xl font-bold text-gray-900 mb-2">Role Required</h2>
+                <p class="text-gray-600">You need the '#{@role}' role to access this resource.</p>
+                <a href="javascript:history.back()" class="inline-block mt-4 px-4 py-2 bg-blue-500 text-white rounded hover:bg-blue-600">Go Back</a>
+              </div>
+            </div>
+          HTML
+        end
+      end
+    end
+  end
+end

data/lib/easy_admin/permissions/dsl.rb ADDED Viewed

@@ -0,0 +1,180 @@
+module EasyAdmin
+  module Permissions
+    class DSL
+      def initialize
+        @permissions = []
+        @roles = []
+      end
+      # Define a permission
+      def permission(resource_type, action, description: nil, conditions: {})
+        name = "#{resource_type}:#{action}"
+        @permissions << {
+          name: name,
+          resource_type: resource_type.to_s,
+          action: action.to_s,
+          description: description || "#{action.to_s.humanize} #{resource_type.to_s.humanize}",
+          conditions: conditions
+        }
+      end
+      # Define a role with permissions
+      def role(name, slug: nil, description: nil, permissions: [], active: true, metadata: {})
+        @roles << {
+          name: name.to_s.humanize,
+          slug: slug&.to_s || name.to_s.parameterize,
+          description: description,
+          permissions: permissions.map(&:to_s),
+          active: active,
+          metadata: metadata
+        }
+      end
+      # Shortcut methods for common permission patterns
+      def crud_permissions(resource_type, description_prefix: nil)
+        prefix = description_prefix || resource_type.to_s.humanize
+        permission resource_type, :read, description: "View #{prefix.downcase}"
+        permission resource_type, :create, description: "Create new #{prefix.downcase.singularize}"
+        permission resource_type, :update, description: "Edit existing #{prefix.downcase}"
+        permission resource_type, :delete, description: "Delete #{prefix.downcase}"
+      end
+      def admin_permissions(resource_type, description_prefix: nil)
+        crud_permissions(resource_type, description_prefix: description_prefix)
+        permission resource_type, :manage, description: "Full management of #{(description_prefix || resource_type.to_s.humanize).downcase}"
+      end
+      # Resource shortcuts
+      def resource(resource_type, actions: [:read, :create, :update, :delete], description_prefix: nil)
+        prefix = description_prefix || resource_type.to_s.humanize
+        actions.each do |action|
+          case action
+          when :read
+            permission resource_type, :read, description: "View #{prefix.downcase}"
+          when :create
+            permission resource_type, :create, description: "Create new #{prefix.downcase.singularize}"
+          when :update
+            permission resource_type, :update, description: "Edit existing #{prefix.downcase}"
+          when :delete
+            permission resource_type, :delete, description: "Delete #{prefix.downcase}"
+          else
+            permission resource_type, action, description: "#{action.to_s.humanize} #{prefix.downcase}"
+          end
+        end
+      end
+      # EasyAdmin resource shortcuts using actual resource discovery
+      def easy_admin_resource(resource_name, actions: nil)
+        available_actions = EasyAdmin::Permissions::ResourcePermissions.actions_for_resource(resource_name)
+        actions_to_create = actions || available_actions
+        actions_to_create.each do |action|
+          next unless available_actions.include?(action.to_s)
+          permission_data = EasyAdmin::Permissions::ResourcePermissions.discover_all_permissions
+                              .find { |p| p[:resource_type] == resource_name.to_s && p[:action] == action.to_s }
+          if permission_data
+            permission resource_name, action, description: permission_data[:description]
+          else
+            permission resource_name, action
+          end
+        end
+      end
+      # Auto-discover and create permissions for all EasyAdmin resources
+      def auto_discover_resources(actions: nil)
+        EasyAdmin::Permissions::ResourcePermissions.available_resources.each do |resource_name|
+          easy_admin_resource(resource_name, actions: actions)
+        end
+      end
+      # Enhanced role definition with EasyAdmin resource support
+      def easy_admin_role(name, slug: nil, description: nil, resources: {}, permissions: [], active: true, metadata: {})
+        # Convert resources hash to permission names
+        resource_permissions = []
+        resources.each do |resource_name, resource_actions|
+          Array(resource_actions).each do |action|
+            resource_permissions << "#{resource_name}:#{action}"
+          end
+        end
+        # Combine with manual permissions
+        all_permissions = resource_permissions + permissions.map(&:to_s)
+        role(name, slug: slug, description: description, permissions: all_permissions, active: active, metadata: metadata)
+      end
+      # Execute the DSL block and return the collected data
+      def self.evaluate(&block)
+        dsl = new
+        dsl.instance_eval(&block) if block_given?
+        {
+          permissions: dsl.instance_variable_get(:@permissions),
+          roles: dsl.instance_variable_get(:@roles)
+        }
+      end
+      # Create permissions and roles in the database
+      def self.seed_database(data)
+        # Check if models are available (avoid running during migrations)
+        begin
+          EasyAdmin::Permissions::Permission
+          EasyAdmin::Permissions::Role
+          EasyAdmin::Permissions::RolePermission
+        rescue NameError => e
+          Rails.logger.info "EasyAdmin::Permissions models not yet loaded: #{e.message}"
+          return
+        end
+        ActiveRecord::Base.transaction do
+          # Create permissions
+          data[:permissions].each do |perm_data|
+            EasyAdmin::Permissions::Permission.find_or_create_by(name: perm_data[:name]) do |permission|
+              permission.resource_type = perm_data[:resource_type]
+              permission.action = perm_data[:action]
+              permission.description = perm_data[:description]
+              permission.conditions = perm_data[:conditions]
+            end
+          end
+          # Create roles and assign permissions
+          data[:roles].each do |role_data|
+            role = EasyAdmin::Permissions::Role.find_or_create_by(slug: role_data[:slug]) do |r|
+              r.name = role_data[:name]
+              r.description = role_data[:description]
+              r.active = role_data[:active]
+              r.metadata = role_data[:metadata]
+            end
+            # Clear existing permissions for this role
+            role.role_permissions.destroy_all
+            # Assign new permissions
+            role_data[:permissions].each do |permission_name|
+              permission = EasyAdmin::Permissions::Permission.find_by(name: permission_name)
+              if permission
+                EasyAdmin::Permissions::RolePermission.find_or_create_by(
+                  role: role,
+                  permission: permission
+                )
+              else
+                Rails.logger.warn "Permission '#{permission_name}' not found for role '#{role_data[:name]}'"
+              end
+            end
+          end
+        end
+      end
+    end
+    # Main method to define permissions and roles
+    def self.define(&block)
+      data = DSL.evaluate(&block)
+      DSL.seed_database(data)
+    end
+  end
+end

data/lib/easy_admin/permissions/models.rb ADDED Viewed

@@ -0,0 +1,44 @@
+module EasyAdmin
+  module Permissions
+    module Models
+      extend ActiveSupport::Concern
+      # Include this in your Role model
+      module Role
+        extend ActiveSupport::Concern
+        included do
+          has_many :user_roles, class_name: 'EasyAdmin::Permissions::UserRole', dependent: :destroy
+          has_many :users, through: :user_roles, class_name: EasyAdmin::Permissions.configuration.user_class_name
+          validates :name, presence: true, uniqueness: true
+          validates :slug, presence: true, uniqueness: true
+          before_validation :generate_slug, if: -> { slug.blank? }
+          scope :active, -> { where(active: true) }
+        end
+        private
+        def generate_slug
+          self.slug = name&.parameterize
+        end
+      end
+      # Include this in your UserRole model (join table)
+      module UserRole
+        extend ActiveSupport::Concern
+        included do
+          belongs_to :user, class_name: EasyAdmin::Permissions.configuration.user_class_name, foreign_key: 'user_id'
+          belongs_to :role, class_name: 'EasyAdmin::Permissions::Role'
+          validates :user_id, uniqueness: { scope: :role_id }
+          scope :active, -> { where(active: true) }
+        end
+      end
+    end
+  end
+end