ez-permissions 0.3.0 → 0.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2561daddeb0d81e3d7916f64a0d334eeb181cc1bc1244fbfd96090abb6d0b5a3
-  data.tar.gz: 648bd08668a2def0f908fa5be6125fbce12d186a760f1c2e51bc87b1e935041d
+  metadata.gz: c103819ff5b91d66f0f956545f2b0c1366e4ff076f953370e34e2e4c3685c099
+  data.tar.gz: f8094eb993fff840aac16397516ecaff77f121cecd09d654f7b3316113199b45
 SHA512:
-  metadata.gz: a43ee4b3d8416de6d87e2dec796528698a3dc51e44e1b4357153f59081033ebdf8525fb9acf9c4b3263df7a745292ba9a7095a93dd119624f7844c18a5e4d3cf
-  data.tar.gz: f945fff2beff8c9543e8e6d1fa8742c8e8dc5259d055b82b31930010be0e1f37a2d0196af9b57855e7c786b3a87406b5d5b532a28039abf68726f5abe19e76e9
+  metadata.gz: 75e8986de02432aa15c5135fa5821ca390daf446f4dfcef6c936bb3708179798b8b964138ce406142516fc0042aabed6516840fab1440318741973826d04e17b
+  data.tar.gz: 2eb3c3a15fb6e31dc47dccc28ffba3482a53d5face7757ed3f4269112346f5f739c6968d6cebbc2c71fe089c3c64a4b291a6ed15993ff713e2da8877dc649e08

data/README.md

@@ -7,9 +7,9 @@
 **Ez Permissions** (read as "easy permissions") - one of the [ez-engines](https://github.com/ez-engines) collection that helps easily add permissions interface to your [Rails](http://rubyonrails.org/) application.
 
 - Most advanced RBAC model:
-- Flexible tool with simple DSL and confguration
+- Flexible tool with simple DSL and configuration
 - All in one solution
-- Convetion over configuration principles.
+- Convention over configuration principles.
 - Depends on [ez-core](https://github.com/ez-engines/ez-core)
 
 ## Installation
@@ -36,7 +36,7 @@ Ez::Permissions.configure do |config|
   config.models_roles_table_name = 'my_model_roles'
   config.permissions_roles_table_name = 'my_permissions_roles'
 
-  # Suppress stdoud messages for test environment
+  # Suppress STDOUT messages for test environment
   config.mute_stdout = true if Rails.env.test?
 
   # Define your custom callbacks
@@ -61,7 +61,7 @@ rails generate ez:permissions:migrations
 
 ## DSL
 
-Simple DSL for difinition of permission relationships
+Simple DSL for definition of permission relationships
 ```ruby
 Ez::Permissions::DSL.define do |setup|
   # You need add all resources of your application and possible actions
@@ -72,8 +72,8 @@ Ez::Permissions::DSL.define do |setup|
   setup.add :permissions, actions: %i[crud my_custom_action]
 
   # Actions option are not required. In such case you add all crud actions by default
-  setup.add :users
-  setup.add :projects
+  setup.add :users, group: :accounts # You can group resources
+  setup.add :projects # Resource without a group will get "others" group
 end
 ```
 
@@ -89,7 +89,7 @@ user = User.first
 
 # User model become permission model
 user.roles #=> [application level roles]
-user.assigned_roles #=> [user owned roles, gloabal and scoped]
+user.assigned_roles #=> [user owned roles, global and scoped]
 user.permissions #=> [user available permissions through assigned_roles]
 ```
 
@@ -146,6 +146,10 @@ Permissions.includes_role?(user, :admin)
 # Check if user includes scoped role
 project = Project.first
 Permissions.includes_role?(user, :manager, scoped: project)
+
+# List users with particular role in particular scope
+project = Project.first
+Permissions.list_by_role(:manager, scoped: project)
 ```
 
 ### Permissions
@@ -180,7 +184,7 @@ end
 # otherwise you will get an exception
 Ez::Permissions::NotAuthorized
 
-# Both .authrorize and .authorize! methods can be used without blocks.
+# Both .authorize and .authorize! methods can be used without blocks.
 
 # if you don't want raise exception, just use
 Permissions.authorize(user, :create, :users) { puts 'Yeahh!' } #=> false
@@ -191,11 +195,33 @@ Permissions.can?(user, :create, :users) => # true
 Permissions.can?(user, :create, :users, scoped: project) => # false
 ```
 
+### Caching user permissions
+
+If in one HTTP request (e.g. navigation menu rendering) you don't want to hit the database with dozens of queries, you can cache all user permission in a hash
+
+```ruby
+user_permissions =  Permissions.model_permissions_map(user)
+user_permissions # => #<Ez::Permissions::API::Authorize::ModelPermissions...
+
+# You can fetch permissions as a hash
+user_permissions.permissions_map # => { :read_users => true}
+
+# and the in your code just fetch by the key:
+if user_permissions.permissions_map[:read_users]
+  # execute authorized code
+end
+
+# or user #can? and #authorize! helper methods
+user_permissions.can?(:read, :users) # => true
+user_permissions.can?(:create, :users) # => false
+user_permissions.authorize!(:create, :users) # => raise Ez::Permissions::NotAuthorized
+```
+
 ### Testing
 EzPermissions ships with bunch of RSpec helper methods that helps mock permission.
 For large test suite (more than 5000 specs) it saves up to 30% of test runs time.
 
-Add test helpers tou your rspec config
+Add test helpers to your rspec config
 ```ruby
 require 'ez/permissions/rspec_helpers'
 
@@ -226,7 +252,7 @@ mock_model_role(:worker, user)
 mock_permission(:users, :create)
 ```
 
-### Cleaup redundant permissions
+### Cleanup redundant permissions
 If you changed your permissions DSL and removed redundant resources and actions
 
 ```sh
@@ -234,7 +260,7 @@ rake ez:permissions:outdated # display list of outdated permissions
 rake ez:permissions:cleanup # remove outdated permissions from the DB
 ```
 
-### Kepp it excplicit!
+### Keep it explicit!
 You can wonder, why we just not add authorization methods to user instance, like:
 ```ruby
 user.can?(:something)
@@ -248,7 +274,7 @@ Of course, you can use them as mixins, but it's up to you.
 - User can has role in scope of some resource (Project, Company, Business, etc.)
 - User can has role in global scope (without scope)
 - If user want access data in scope of resource - user must has assigned role scoped for this resource
-- If user want access data in global scope - user must has assigned role wihtout any scoped resorce (global role)
+- If user want access data in global scope - user must has assigned role without any scoped resource (global role)
 - User with global role - can't access scoped resources.
 - User with scoped role - can't access global resources.
 

data/lib/ez/permissions/api/authorize.rb

@@ -1,9 +1,19 @@
 # frozen_string_literal: true
 
+require_relative 'authorize/model_permissions'
+
 module Ez
   module Permissions
     module API
       module Authorize
+        def model_permissions(model)
+          ModelPermissions.new(
+            model.permissions.each_with_object({}) do |permission, acum|
+              acum["#{permission.action}_#{permission.resource}".to_sym] = true
+            end
+          )
+        end
+
         def authorize!(model, *actions, resource, scoped: nil, &block)
           authorize(model, *actions, resource, scoped: scoped, raise_exception: true, &block)
         end

data/lib/ez/permissions/api/authorize/model_permissions.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+module Ez
+  module Permissions
+    module API
+      module Authorize
+        class ModelPermissions
+          attr_reader :permissions_map
+
+          def initialize(permissions_map)
+            @permissions_map = permissions_map
+          end
+
+          def can?(action_name, resource_name)
+            permissions_map[to_key(action_name, resource_name)] == true
+          end
+
+          def authorize!(action_name, resource_name)
+            permissions_map.fetch(to_key(action_name, resource_name))
+          rescue KeyError
+            raise Ez::Permissions::NotAuthorizedError
+          end
+
+          private
+
+          def to_key(action_name, resource_name)
+            "#{action_name}_#{resource_name}".to_sym
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ez/permissions/api/models.rb

@@ -26,6 +26,15 @@ module Ez
           model_role(role, model, scoped) ? true : false
         end
 
+        def list_by_role(role_name, scoped: nil)
+          role = Ez::Permissions::API.get_role!(role_name)
+
+          Ez::Permissions::ModelRole.where(
+            role:   role,
+            scoped: scoped
+          ).map(&:model)
+        end
+
         private
 
         def model_role(role, model, scoped)

data/lib/ez/permissions/dsl.rb

@@ -42,7 +42,7 @@ module Ez
         return unless seed_to_db(resource)
 
         message(
-          "Resource [#{name}] has been successfully registred with actions: [#{resource.actions.join(', ')}]",
+          "Resource [#{name}] has been successfully registered with actions: [#{resource.actions.join(', ')}]",
           'SUCCESS'
         )
       end

data/lib/ez/permissions/resource.rb

@@ -5,12 +5,13 @@ module Ez
     class Resource
       ACTIONS = %i[create read update delete].freeze
 
-      attr_reader :name, :model, :actions
+      attr_reader :name, :model, :actions, :group
 
       def initialize(name, options = {})
         @name    = name
         @model   = options.fetch(:model, nil)
         @actions = process_actions(options.fetch(:actions, []))
+        @group   = options.fetch(:group, :others)
       end
 
       def <=>(other)

data/lib/ez/permissions/version.rb

@@ -2,6 +2,6 @@
 
 module Ez
   module Permissions
-    VERSION = '0.3.0'
+    VERSION = '0.4.4'
   end
 end

data/lib/tasks/ez/permissions_tasks.rake

@@ -7,8 +7,8 @@ namespace :ez do
       Ez::Permissions::Permission.find_each do |permission|
         next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
 
-        STDOUT.puts "[WARNING] Ez::Permissions: \n"
-        "Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is redundant"
+        STDOUT.puts '[WARNING] Ez::Permissions:'\
+          "Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is redundant"
       end
     end
 
@@ -17,8 +17,8 @@ namespace :ez do
         next if Ez::Permissions::DSL.resource_action?(permission.resource, permission.action)
 
         permission.destroy
-        STDOUT.puts "[WARNING] Ez::Permissions: \n"
-        "Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is removed"
+        STDOUT.puts '[WARNING] Ez::Permissions:'\
+          "Permission##{permission.id} [#{permission.resource} -> #{permission.action}] is removed"
       end
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ez-permissions
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.4
 platform: ruby
 authors:
 - Volodya Sveredyuk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-08 00:00:00.000000000 Z
+date: 2020-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ez-core
@@ -176,6 +176,7 @@ files:
 - lib/ez/permissions.rb
 - lib/ez/permissions/api.rb
 - lib/ez/permissions/api/authorize.rb
+- lib/ez/permissions/api/authorize/model_permissions.rb
 - lib/ez/permissions/api/models.rb
 - lib/ez/permissions/api/permissions.rb
 - lib/ez/permissions/api/roles.rb
@@ -207,7 +208,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: Easy permissions engine for Rails app.