ez-permissions 0.1.2 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d61f8b0da7075fce3bcda936552795798409466554085d9204356871375e0bb9
-  data.tar.gz: a978748b29533101823a8c42c3f723f17879777eac05be362d19d3cc3a603bc8
+  metadata.gz: e17eb8ad5fd168be1fc8a40908d613466f05df2cf724ad2989e8eb0ea98068b0
+  data.tar.gz: 42ab1e2a10d6c279139e034ecefbdc1b60e36ed8de464904d4f0fb067650c971
 SHA512:
-  metadata.gz: 10d393a8297ec27fd7bcf478d7e47d5c62fbfa8a1268428fb588933a967a98a919b75037746a82a93fa10b329ee495b559e2880b3ce5f37c214ed26c7976f0b5
-  data.tar.gz: a7c3a76e50a9d380ed43f393fc1901db3ff3eb26e8321d0fb1fb2915f96542a4c34bfcd422029a35fa864740f7ed144648e325b59d3be84a6a12c3847eb88164
+  metadata.gz: 7b8b712c799ce127b6ec8e2d3a5f95e8b2d79a36c693f846263dc18f0faf256cadc0c92a792dee8e15b054a1beb77c49f8d62ec3438187f1b82efbed9507b784
+  data.tar.gz: 901a12fb2c742deb2f17d3dab4082e8bdeab288101d34a1434ad68dc16d860e456c325567345374494a6f2930a022d7c1c58ec7c9771fe29b313eaaa1d701621

data/README.md

@@ -1,6 +1,7 @@
 # Ez::Permissions
 
 [![Gem Version](https://badge.fury.io/rb/ez-permissions.svg)](https://badge.fury.io/rb/ez-permissions)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Build Status](https://travis-ci.org/ez-engines/ez-permissions.svg?branch=master)](https://travis-ci.org/ez-engines/ez-permissions)
 
 **Ez Permissions** (read as "easy permissions") - one of the [ez-engines](https://github.com/ez-engines) collection that helps easily add permissions interface to your [Rails](http://rubyonrails.org/) application.
@@ -132,6 +133,13 @@ Permissions.assign_role(user, :admin, scoped: project)
 
 # Reject user role in global scope, but project admin role will stay
 Permissions.reject_role(user, :admin)
+
+# Check if user includes global role
+Permissions.includes_role?(user, :admin)
+
+# Check if user includes scoped role
+project = Project.first
+Permissions.includes_role?(user, :manager, scoped: project)
 ```
 
 ### Permissions
@@ -169,6 +177,45 @@ Ez::Permissions::API::Authrozation::NotAuthorized
 # if you don't want raise exception, just use
 Permissions.authorize(user, :create, :users) { puts 'Yeahh!' } #=> false
 # Because user has scoped role in the project and don't has global role.
+
+# and for simple cases you can always ask if user can something
+Permissions.can?(user, :create, :users) => # true
+Permissions.can?(user, :create, :users, scoped: project) => # false
+```
+
+### Testing
+EzPermissions ships with bunch of RSpec helper methods that helps mock permission.
+For large test suite (more than 5000 specs) it saves up to 30% of test runs time.
+
+Add test helpers tou your rspec config
+```ruby
+require 'ez/permissions/rspec_helpers'
+
+RSpec.configure do |config|
+  config.include Ez::Permissions::RSpecHelpers
+end
+
+```
+
+Examples:
+```ruby
+user = User.first
+project = Project.first
+
+# Mock role, model role, all permissions and user assigned role. DB will not be touched.
+assume_user_permissions(user, :admin, :all)
+
+# In case when you need real records data to be stored in DB, use
+seed_user_permissions(user, :admin, :create, :update, :users, scoped: project)
+
+# Mock role and who possible could has or not this role
+mock_role(:manager, has: [user], has_not: [User.second], scoped: project)
+
+# Mock model (user) role assignment
+mock_model_role(:worker, user)
+
+# Mock permissions for resources/action
+mock_permission(:users, :create)
 ```
 
 ### Kepp it excplicit!

data/lib/ez/permissions/api/authorize.rb

@@ -13,7 +13,7 @@ module Ez
         def authorize(model, *actions, resource, scoped: nil, raise_exception: false)
           return handle_no_permission_model_callback.call(self) if handle_no_permission_model_callback && !model
 
-          return yield if permissions(model, *actions, resource, scoped: scoped).any?
+          return yield if can?(model, *actions, resource, scoped: scoped)
 
           return handle_not_authorized_callback.call(self) if handle_not_authorized_callback
 
@@ -22,12 +22,16 @@ module Ez
           false
         end
 
+        def can?(model, *actions, resource, scoped: nil)
+          permissions(model, *actions, resource, scoped: scoped).any?
+        end
+
         private
 
         def permissions(model, *actions, resource, scoped: nil)
           # TODO: Refactor to 1 query with joins
-          roles_ids = model.assigned_roles.where(scoped: scoped).pluck(:role_id)
-          permission_ids = Ez::Permissions::PermissionRole.where(role_id: roles_ids).pluck(:permission_id)
+          role_ids = model.assigned_roles.where(scoped: scoped).pluck(:role_id)
+          permission_ids = Ez::Permissions::PermissionRole.where(role_id: role_ids).pluck(:permission_id)
 
           Ez::Permissions::Permission.where(
             id:       permission_ids,

data/lib/ez/permissions/api/models.rb

@@ -17,11 +17,23 @@ module Ez
         def reject_role(model, role_name, scoped: nil)
           role = Ez::Permissions::API.get_role!(role_name)
 
+          model_role(role, model, scoped)&.delete
+        end
+
+        def includes_role?(model, role_name, scoped: nil)
+          role = Ez::Permissions::API.get_role!(role_name)
+
+          model_role(role, model, scoped) ? true : false
+        end
+
+        private
+
+        def model_role(role, model, scoped)
           Ez::Permissions::ModelRole.find_by(
             role:   role,
             model:  model,
             scoped: scoped
-          )&.delete
+          )
         end
       end
     end

data/lib/ez/permissions/rspec_helpers.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+# rubocop:disable all
+module Ez
+  module Permissions
+    module RSpecHelpers
+      def seed_user_permissions(user, role, *actions, resource, scoped: nil)
+        Ez::Permissions::API.create_role(role)
+
+        actions.each do |action|
+          Ez::Permissions::API.grant_permission(role, action, resource)
+        end
+
+        Ez::Permissions::API.assign_role(user, role, scoped: scoped)
+      end
+
+      def assume_user_permissions(model, role, *actions, resource, scoped: nil)
+        # ROLE
+        mocked_role = mock_role(role) # ROLE
+
+        # MODEL ROLE
+        allow(Ez::Permissions::ModelRole).to receive(:find_by).with(
+          role:   mocked_role,
+          model:  model,
+          scoped: scoped
+        ).and_return(mock_model_role(mocked_role, model, scoped: scoped))
+
+        # PERMISSIONS
+        mocked_permissions = actions.map { |action| mock_permission(resource, action) }
+
+        # USER ROLES
+        mocked_assiges_roles = double(:mocked_assiges_roles, where: [], size: 1, first: mocked_role)
+        mocked_roles = double(:mocked_roles, pluck: [])
+
+        # USER PERMISSION MODEL
+        allow(model).to receive(:assigned_roles).and_return(mocked_assiges_roles)
+        allow(mocked_assiges_roles).to receive(:where).with(scoped: scoped).and_return(mocked_roles)
+        allow(mocked_roles).to receive(:pluck).with(:role_id).and_return [mocked_role.id]
+
+        mocked_permission_role = double(:mocked_permission_role, pluck: [])
+        allow(Ez::Permissions::PermissionRole).to receive(:where).with(role_id: [mocked_role.id]).and_return(mocked_permission_role)
+        allow(mocked_permission_role).to receive(:pluck).with(:permission_id).and_return(mocked_permissions.map(&:id))
+
+        # USER PERMISSION MODEL for scoped access
+        mocked_empty_permission_role = double(:mocked_permission_role, pluck: [])
+        allow(Ez::Permissions::PermissionRole).to receive(:where).with(role_id: []).and_return(mocked_empty_permission_role)
+        allow(mocked_empty_permission_role).to receive(:pluck).with(:permission_id).and_return([])
+
+        # PERMISSIONS
+        allow(Ez::Permissions::Permission).to receive(:where).with(
+          id:       mocked_permissions.map(&:id),
+          resource: resource,
+          action:   actions.map(&:to_s)
+        ).and_return(mocked_permissions)
+
+        # PERMISSIONS missing for all other actions
+        other_resource_actions = Ez::Permissions::DSL.resource(resource).actions.reject { |a| actions.include?(a) }.map(&:to_s)
+
+        allow(Ez::Permissions::Permission).to receive(:where).with(
+          id:       mocked_permissions.map(&:id),
+          resource: resource,
+          action:   other_resource_actions
+        ).and_return([])
+
+        # PERMISSIONS missing for scoped access
+        allow(Ez::Permissions::Permission).to receive(:where).with(
+          id:       [],
+          resource: resource,
+          action:   actions.map(&:to_s)
+        ).and_return([])
+      end
+
+      def mock_role(name, has: [], has_not: [], scoped: nil)
+        mocked_role = double(:role, id: rand(1..99_999), name: name.to_s)
+
+        allow(Ez::Permissions::Role).to receive(:find_by).with(name: name).and_return(mocked_role)
+        allow(Ez::Permissions::Role).to receive(:find_by!).with(name: name).and_return(mocked_role)
+
+        has.each do |model|
+          mock_model_role(mocked_role, model, scoped: scoped)
+        end
+
+        has_not.each do |model|
+          allow(Ez::Permissions::ModelRole).to receive(:find_by).with(
+            role:   mocked_role,
+            model:  model,
+            scoped: scoped
+          ).and_return(nil)
+        end
+
+        # Allow any model to assign the role
+        allow(Ez::Permissions::ModelRole).to receive(:find_or_create_by!).with(
+          role:   mocked_role,
+          model:  anything,
+          scoped: scoped
+        ).and_return(double(:mocked_model_role))
+
+        mocked_role
+      end
+
+      def mock_model_role(role, model, scoped: nil)
+        mocked_model_role = double(:mocked_model_role, role: role, model: model, scoped: scoped)
+
+        allow(Ez::Permissions::ModelRole).to receive(:find_by).with(
+          role:   role,
+          model:  model,
+          scoped: scoped
+        ).and_return(mocked_model_role)
+
+        allow(Ez::Permissions::ModelRole).to receive(:find_or_create_by!).with(
+          role:   role,
+          model:  model,
+          scoped: scoped
+        ).and_return(mocked_model_role)
+      end
+
+      def mock_permission(resource, action)
+        mocked_permission = double(:permission, id: rand(1..99_999), resource: resource.to_s, action: action.to_s)
+
+        allow(Ez::Permissions::Permission)
+          .to receive(:find_by!)
+          .with(resource: resource, action: action)
+          .and_return(mocked_permission)
+
+        mocked_permission
+      end
+    end
+  end
+end
+# rubocop:enable all

data/lib/ez/permissions/version.rb

@@ -2,6 +2,6 @@
 
 module Ez
   module Permissions
-    VERSION = '0.1.2'
+    VERSION = '0.2.0'
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ez-permissions
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.2.0
 platform: ruby
 authors:
 - Volodya Sveredyuk
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-02-24 00:00:00.000000000 Z
+date: 2019-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ez-core
@@ -178,6 +178,7 @@ files:
 - lib/ez/permissions/engine.rb
 - lib/ez/permissions/railtie.rb
 - lib/ez/permissions/resource.rb
+- lib/ez/permissions/rspec_helpers.rb
 - lib/ez/permissions/version.rb
 - lib/generators/ez/permissions/install_generator.rb
 - lib/generators/ez/permissions/migrations_generator.rb