effective_roles 1.3.1 → 1.3.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1354b2d3e3b153eb52f9b83a4edd7e54f2b43ac2
-  data.tar.gz: 13b982ccbc08bc3549d5dbd4ea6b0a7263e55a83
+  metadata.gz: bc53981f7c579c5ff33a87070f1d0a761c2d7fc2
+  data.tar.gz: eb79c31edb80c855541bf78a35eb717b22849af9
 SHA512:
-  metadata.gz: 5ebacd48387fc1cfdc7c75e42a18cde5d704332720b24e04ba12cec1ddc539fe961c5ad22eda8fc9910f11aae6b35d210230888671725c612070765bbb865c2a
-  data.tar.gz: 588b462eb1a33a73bb0a3f6d299cbbc592145415344af265cc944f0934c83e111297128812eab4a30a0321a287f020041cb758e948d7ee5252dc84b104d341e1
+  metadata.gz: 5f8bc2e438991c33a6eca9a851763d698f9ee664f21757336137901dac1b52f517f2f7c2f0c99b0cd6dd48c8c5505e08eb7f5b29c23c25e9052d2789a16822b8
+  data.tar.gz: 9ed90a7550a6ead52c3a49d43e315fec04e262f8947de555bc7c930128cf00e4f284b2c215c2d6a012c42ced234a6d953a69cd8fd03fa4f3ea0f42e152d1c852

data/README.md

@@ -211,6 +211,22 @@ simple_form_for @user do |f|
   = f.input :roles, :collection => EffectiveRoles.roles_collection(f.object, current_user), :as => :check_boxes
 ```
 
+## Summary table
+
+Use the `effective_roles_summary_table` view helper to output a table of the actual permission levels for each role and ActiveRecord object combination.
+
+You can customize the helper function with the following keys: roles, only, except, plus and additionally
+
+```ruby
+effective_roles_summary_table(roles: [:admin, :superadmin], only: [Post, Event])
+effective_roles_summary_table(except: [Post, User])
+effective_roles_summary_table(plus: [Reports::PostReport]) # Add a non ActiveRecord object to the output, sorted with the other model names
+effective_roles_summary_table(additionally: [Reports::PostReport]) # Add a non ActiveRecord object to the output, after the other models
+effective_roles_summary_table(plus: {post_report: :export}) # A custom permission based on a symbol
+```
+
+You can override the `effective_roles_authorization_label(klass)` method for better control of the label display.
+
 ## Bitmask Implementation
 
 The underlying role information for any acts_as_role_restricted ActiveRecord object is stored in that object's roles_mask field.

data/app/helpers/effective_roles_helper.rb

@@ -10,4 +10,92 @@ module EffectiveRolesHelper
 
     render :partial => 'effective/roles/roles_fields', :locals => opts
   end
+
+  # Output a table of permissions for each role based on current permissions
+
+  # effective_roles_summary_table(roles: [:admin, :superadmin], only: [Post, Event])
+  # effective_roles_summary_table(except: [Post, User])
+  # effective_roles_summary_table(aditionally: [Report::PostReport, User])
+  def effective_roles_summary_table(opts = {})
+    roles = Array(opts[:roles]).presence || EffectiveRoles.roles
+
+    if opts[:only].present?
+      klasses = Array(opts[:only])
+      render partial: '/effective/roles/summary_table', locals: {klasses: klasses, roles: roles}
+      return
+    end
+
+    # Figure out all klasses (ActiveRecord objects)
+    tables = ActiveRecord::Base.connection.tables - ['schema_migrations', 'delayed_jobs']
+
+    klasses = ActiveRecord::Base.descendants.map do |model|
+      model if (model.respond_to?(:table_name) && tables.include?(model.table_name))
+    end.compact
+
+    if opts[:except]
+      klasses = klasses - Array(opts[:except])
+    end
+
+    if opts[:plus]
+      klasses = klasses + Array(opts[:plus])
+    end
+
+    klasses = klasses.sort do |a, b|
+      a = a.respond_to?(:name) ? a.name : a.to_s
+      b = b.respond_to?(:name) ? b.name : b.to_s
+
+      a_namespaces = a.split('::')
+      b_namespaces = b.split('::')
+
+      if a_namespaces.length != b_namespaces.length
+        a_namespaces.length <=> b_namespaces.length
+      else
+        a <=> b
+      end
+    end
+
+    if opts[:additionally]
+      klasses = klasses + Array(opts[:additionally])
+    end
+
+    render partial: '/effective/roles/summary_table', locals: {klasses: klasses, roles: roles}
+  end
+
+  def effective_roles_authorization_badge(level)
+    case level
+    when :manage
+      content_tag(:span, 'Full', class: 'label label-success')
+    when :update
+      content_tag(:span, 'Edit', class: 'label label-success')
+    when :update_own
+      content_tag(:span, 'Edit Own', class: 'label label-info')
+    when :create
+      content_tag(:span, 'Create', class: 'label label-success')
+    when :show
+      content_tag(:span, 'Read only', class: 'label label-warning')
+    when :index
+      content_tag(:span, 'Read only', class: 'label label-warning')
+    when :destroy
+      content_tag(:span, 'Delete only', class: 'label label-warning')
+    when :none
+      content_tag(:span, 'No Access', class: 'label label-danger')
+    when :unknown
+      content_tag(:span, 'Unknown', class: 'label')
+    else
+      content_tag(:span, level.to_s.titleize, class: 'label label-success')
+    end
+  end
+
+  def effective_roles_authorization_label(klass)
+    klass = klass.keys.first if klass.kind_of?(Hash)
+
+    label = (klass.respond_to?(:name) ? klass.name : klass.to_s)
+
+    ['Effective::Datatables::', 'Effective::'].each do |replace|
+      label = label.sub(replace, '')
+    end
+
+    label
+  end
+
 end

data/app/views/effective/roles/_summary_table.html.haml

@@ -0,0 +1,12 @@
+%table.table
+  %thead
+    %th
+    - roles.each do |role|
+      %th.text-center= role
+  %tbody
+    - klasses.each do |klass|
+      %tr
+        %td= effective_roles_authorization_label(klass)
+        - roles.each do |role|
+          %td.text-center
+            = effective_roles_authorization_badge(EffectiveRoles.authorization_level(controller, role, klass))

data/lib/effective_roles.rb

@@ -8,6 +8,8 @@ module EffectiveRoles
   mattr_accessor :assignable_roles
   mattr_accessor :disabled_roles
 
+  mattr_accessor :authorization_method_for_summary_table
+
   def self.setup
     yield self
   end
@@ -48,6 +50,63 @@ module EffectiveRoles
     user.roles.map { |role| assignable[role] }.flatten.compact.uniq
   end
 
+  # This is used by the effective_roles_summary_table helper method
+  def self.authorization_level(controller, role, resource)
+    auth_method = authorization_method_for_summary_table
+
+    return :unknown unless (auth_method.respond_to?(:call) || auth_method.kind_of?(Symbol))
+    return :unknown unless (controller.current_user rescue nil).respond_to?(:roles=)
+
+    controller.instance_variable_set(:@current_ability, nil)
+    controller.current_user.roles = [role]
+    resource = (resource.new() rescue resource)
+
+    # Custom actions
+    if resource.kind_of?(Hash)
+      resource.each do |key, value|
+        return value if (controller.instance_exec(controller, value, key, &auth_method) rescue false)
+      end
+    end
+
+    # Check for Manage
+    return :manage if (
+      (controller.instance_exec(controller, :create, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :update, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :show, resource, &auth_method) rescue false) &&
+      (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+    )
+
+    # Check for Update
+    return :update if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+
+    # Check for Update Own
+    if resource.respond_to?('user=')
+      resource.user = controller.current_user
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user = nil
+    elsif resource.respond_to?('user_id=')
+      resource.user_id = controller.current_user.id
+      return :update_own if (controller.instance_exec(controller, :update, resource, &auth_method) rescue false)
+      resource.user_id = nil
+    elsif resource.kind_of?(User)
+      return :update_own if (controller.instance_exec(controller, :update, controller.current_user, &auth_method) rescue false)
+    end
+
+    # Check for Create
+    return :create if (controller.instance_exec(controller, :create, resource, &auth_method) rescue false)
+
+    # Check for Show
+    return :show if (controller.instance_exec(controller, :show, resource, &auth_method) rescue false)
+
+    # Check for Index
+    return :index if (controller.instance_exec(controller, :index, resource, &auth_method) rescue false)
+
+    # Check for Destroy
+    return :destroy if (controller.instance_exec(controller, :destroy, resource, &auth_method) rescue false)
+
+    :none
+  end
+
   private
 
   def self.role_description(role, obj = nil)

data/lib/effective_roles/version.rb

@@ -1,3 +1,3 @@
 module EffectiveRoles
-  VERSION = '1.3.1'.freeze
+  VERSION = '1.3.2'.freeze
 end

data/lib/generators/templates/effective_roles.rb

@@ -77,4 +77,13 @@ EffectiveRoles.setup do |config|
   }
 
 
+  # config.authorization_method_for_summary_table
+  # This has absolutely no affect on the any logic involving roles
+  # It's purely for the effective_roles_summary_table() helper method
+  #
+  # It should match the authorization check used by your application
+  #
+  # Use CanCan: can?(action, resource)
+  config.authorization_method_for_summary_table = Proc.new { |controller, action, resource| true }
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_roles
 version: !ruby/object:Gem::Version
-  version: 1.3.1
+  version: 1.3.2
 platform: ruby
 authors:
 - Code and Effect
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-19 00:00:00.000000000 Z
+date: 2015-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -165,6 +165,7 @@ files:
 - app/helpers/effective_roles_helper.rb
 - app/models/concerns/acts_as_role_restricted.rb
 - app/views/effective/roles/_roles_fields.html.haml
+- app/views/effective/roles/_summary_table.html.haml
 - lib/effective_roles.rb
 - lib/effective_roles/engine.rb
 - lib/effective_roles/version.rb