granted 0.1.0

data/lib/granted/db/migrations/create_grants.rb

@@ -0,0 +1,19 @@
+class CreateGrants < ActiveRecord::Migration
+  def self.filename
+    __FILE__
+  end
+
+  def change
+    create_table :grants do |t|
+      t.integer :grantee_id
+      t.string  :grantee_type
+      t.integer :subject_id
+      t.string  :subject_type
+      t.string  :type
+
+      t.timestamps
+    end
+
+    add_index :grants, [:grantee_id, :grantee_type, :subject_id, :subject_type, :type], unique: true, name: :grants_uniqueness
+  end
+end

data/lib/granted/grant_class_factory.rb

@@ -0,0 +1,14 @@
+module Granted
+  class GrantClassFactory
+    def self.create(right)
+      name = "#{right.to_s.camelize}Grant"
+      return if Granted.const_defined?(name)
+      clazz = Class.new(Granted::Grant)
+      Granted.const_set(name, clazz)
+    end
+
+    def self.get(right)
+      Granted.const_get("#{right.to_s.camelize}Grant")
+    end
+  end
+end

data/lib/granted/granter.rb

@@ -0,0 +1,67 @@
+module Granted
+  class Granter
+    def initialize
+    end
+
+    def to(grantee)
+      accept(grantee: grantee)
+    end
+    
+    def from(grantee)
+      accept(grantee: grantee)
+    end
+
+    def on(subject)
+      accept(subject: subject)
+    end
+
+    def rights(*rights)
+      accept(rights: [rights].flatten)
+    end
+
+    def right(right)
+      rights(right)
+    end
+
+    def grant
+      accept(action: :grant)
+    end
+
+    def revoke
+      accept(action: :revoke)
+    end
+
+    private
+
+    def accept(options)
+      @action  ||= options[:action]
+      @grantee ||= options[:grantee]
+      @subject ||= options[:subject]
+      @rights  ||= options[:rights]
+      finalize
+    end
+
+    def finalize
+      return self unless @grantee and @subject and @rights and @action
+      @rights.map do |right|
+        clazz = GrantClassFactory.get(right)
+        selector = clazz.grantee(@grantee).subject(@subject)
+        case @action.to_sym
+        when :grant  then give_grant(selector)
+        when :revoke then revoke_grant(selector)
+        else raise "Invalid action @action"
+        end
+      end
+    end
+
+    def revoke_grant(selector)
+      return true unless g = selector.first
+      g.destroy
+    end
+
+    def give_grant(selector)
+      selector.first_or_create
+    end
+
+  end
+end

data/lib/granted/models/grant.rb

@@ -0,0 +1,18 @@
+module Granted
+  class Grant < ActiveRecord::Base
+    belongs_to :grantee, polymorphic: true
+    belongs_to :subject, polymorphic: true
+
+    attr_accessible :grantee, :subject, :type
+
+    validates_uniqueness_of :type, scope: [:grantee_id, :grantee_type, :subject_id, :subject_type]
+
+    def self.grantee(grantee)
+      where(grantee_id: grantee.id, grantee_type: grantee.class.name)
+    end
+
+    def self.subject(subject)
+      where(subject_id: subject.id, subject_type: subject.class.name)
+    end
+  end
+end

data/lib/granted/modules/for_granted.rb

@@ -0,0 +1,81 @@
+module Granted
+  module ForGranted
+    extend ActiveSupport::Concern
+
+    included do
+    end
+
+    def grant(*rights)
+      Granted::Granter.new
+                      .grant
+                      .rights(rights)
+                      .on(self)
+    end
+
+    def revoke(*rights)
+      Granted::Granter.new
+                      .revoke
+                      .rights(rights)
+                      .on(self)
+    end
+
+    module ClassMethods
+      def grantable(*rights, grantees)
+        [rights].flatten.each do |right|
+          register_right(right, grantees[:to])
+        end
+      end
+
+      private
+
+      def register_right(right, grantees)
+        [grantees].flatten.each do |grantee|
+          GrantClassFactory.create(right)
+          setup_grantee(right, grantee)
+          setup_self(right, grantee)
+        end
+      end
+
+      def setup_grantee(right, grantee)
+        name_sym = name.pluralize.underscore.to_sym
+        grants_relation = "#{right}_grants".to_sym
+
+        # Relation to this right's grants
+        grantee.has_many grants_relation, as: :grantee, class_name: "Granted::#{right.to_s.camelize}Grant"
+
+        # e.g. User#readable_documents
+        rel_name = "#{right}able_#{name_sym}".to_sym
+        grantee.has_many rel_name, source: :subject, source_type: name, through: grants_relation
+        # grantee.attr_accessible "#{rel_name}_attributes".to_sym
+        # grantee.accepts_nested_attributes_for rel_name
+
+        # e.g. User#all_documents
+        rel_name = "all_#{name_sym}".to_sym
+        grantee.has_many :grants, as: :grantee, class_name: 'Granted::Grant', dependent: :destroy
+        grantee.has_many rel_name, source: :subject, source_type: name, through: :grants, uniq: true
+
+        # my_user.grant and my_user.revoke methods
+        grantee.send :include, Granted::Grantee
+      end
+
+      def setup_self(right, grantee)
+        name_sym = grantee.name.pluralize.underscore.to_sym
+
+        # Relation to grants
+        grants_relation = "#{right}_grants".to_sym
+        has_many grants_relation, as: :subject, class_name: "Granted::#{right.to_s.camelize}Grant", dependent: :destroy
+
+        # e.g. Document#read_users
+        rel_name = "#{right}_#{name_sym}".to_sym
+        has_many rel_name, source: :grantee, source_type: grantee.name, through: grants_relation
+        attr_accessible "#{rel_name}_attributes".to_sym
+        accepts_nested_attributes_for rel_name
+
+        # e.g. Document#all_users
+        rel_name = "all_#{name_sym}".to_sym
+        has_many :grants, as: :subject, class_name: "Granted::Grant", dependent: :destroy
+        has_many rel_name, source: :grantee, source_type: grantee.name, through: :grants, uniq: true
+      end
+    end
+  end
+end

data/lib/granted/modules/grantee.rb

@@ -0,0 +1,18 @@
+module Granted
+  module Grantee
+    extend ActiveSupport::Concern
+      def grant(*rights)
+        Granted::Granter.new
+                        .grant
+                        .rights(rights)
+                        .to(self)
+      end
+
+      def revoke(*rights)
+        Granted::Granter.new
+                        .revoke
+                        .rights(rights)
+                        .to(self)
+      end
+  end
+end

data/lib/granted/tasks/granted_tasks.rake

@@ -0,0 +1,16 @@
+require 'granted'
+require 'granted/db/migrations/create_grants'
+
+namespace :granted do
+  desc 'Create the grants table'
+  task create_migration: :environment do
+    to_dir = File.join(Rails.root, "db", "migrate")
+    from   = CreateGrants.filename
+    to     = File.join(to_dir, "#{Time.now.strftime("%Y%M%d%H%I%S")}_#{File.basename(from)}")
+    puts "Creating #{to}"
+    FileUtils.mkdir_p(to_dir)
+    FileUtils.cp(from, to)
+  end
+
+end
+

data/lib/granted/tasks.rb

@@ -0,0 +1 @@
+load 'granted/tasks/granted_tasks.rake'

data/lib/granted/version.rb

@@ -0,0 +1,3 @@
+module Granted
+  VERSION = File.read(File.join(File.dirname(__FILE__), "..", "..", "VERSION")).to_s
+end

data/lib/granted.rb

@@ -0,0 +1,12 @@
+# require 'granted/railtie' if defined?(Rails)
+require 'granted/version.rb'
+require 'granted/grant_class_factory.rb'
+require 'granted/granter.rb'
+require 'granted/models/grant.rb'
+require 'granted/modules/for_granted.rb'
+require 'granted/modules/grantee.rb'
+
+module Granted
+end
+
+Grant = Granted::Grant

data/spec/dummy/.rspec

@@ -0,0 +1 @@
+--color

data/spec/dummy/README.rdoc

@@ -0,0 +1,261 @@
+== Welcome to Rails
+
+Rails is a web-application framework that includes everything needed to create
+database-backed web applications according to the Model-View-Control pattern.
+
+This pattern splits the view (also called the presentation) into "dumb"
+templates that are primarily responsible for inserting pre-built data in between
+HTML tags. The model contains the "smart" domain objects (such as Account,
+Product, Person, Post) that holds all the business logic and knows how to
+persist themselves to a database. The controller handles the incoming requests
+(such as Save New Account, Update Product, Show Post) by manipulating the model
+and directing data to the view.
+
+In Rails, the model is handled by what's called an object-relational mapping
+layer entitled Active Record. This layer allows you to present the data from
+database rows as objects and embellish these data objects with business logic
+methods. You can read more about Active Record in
+link:files/vendor/rails/activerecord/README.html.
+
+The controller and view are handled by the Action Pack, which handles both
+layers by its two parts: Action View and Action Controller. These two layers
+are bundled in a single package due to their heavy interdependence. This is
+unlike the relationship between the Active Record and Action Pack that is much
+more separate. Each of these packages can be used independently outside of
+Rails. You can read more about Action Pack in
+link:files/vendor/rails/actionpack/README.html.
+
+
+== Getting Started
+
+1. At the command prompt, create a new Rails application:
+       <tt>rails new myapp</tt> (where <tt>myapp</tt> is the application name)
+
+2. Change directory to <tt>myapp</tt> and start the web server:
+       <tt>cd myapp; rails server</tt> (run with --help for options)
+
+3. Go to http://localhost:3000/ and you'll see:
+       "Welcome aboard: You're riding Ruby on Rails!"
+
+4. Follow the guidelines to start developing your application. You can find
+the following resources handy:
+
+* The Getting Started Guide: http://guides.rubyonrails.org/getting_started.html
+* Ruby on Rails Tutorial Book: http://www.railstutorial.org/
+
+
+== Debugging Rails
+
+Sometimes your application goes wrong. Fortunately there are a lot of tools that
+will help you debug it and get it back on the rails.
+
+First area to check is the application log files. Have "tail -f" commands
+running on the server.log and development.log. Rails will automatically display
+debugging and runtime information to these files. Debugging info will also be
+shown in the browser on requests from 127.0.0.1.
+
+You can also log your own messages directly into the log file from your code
+using the Ruby logger class from inside your controllers. Example:
+
+  class WeblogController < ActionController::Base
+    def destroy
+      @weblog = Weblog.find(params[:id])
+      @weblog.destroy
+      logger.info("#{Time.now} Destroyed Weblog ID ##{@weblog.id}!")
+    end
+  end
+
+The result will be a message in your log file along the lines of:
+
+  Mon Oct 08 14:22:29 +1000 2007 Destroyed Weblog ID #1!
+
+More information on how to use the logger is at http://www.ruby-doc.org/core/
+
+Also, Ruby documentation can be found at http://www.ruby-lang.org/. There are
+several books available online as well:
+
+* Programming Ruby: http://www.ruby-doc.org/docs/ProgrammingRuby/ (Pickaxe)
+* Learn to Program: http://pine.fm/LearnToProgram/ (a beginners guide)
+
+These two books will bring you up to speed on the Ruby language and also on
+programming in general.
+
+
+== Debugger
+
+Debugger support is available through the debugger command when you start your
+Mongrel or WEBrick server with --debugger. This means that you can break out of
+execution at any point in the code, investigate and change the model, and then,
+resume execution! You need to install ruby-debug to run the server in debugging
+mode. With gems, use <tt>sudo gem install ruby-debug</tt>. Example:
+
+  class WeblogController < ActionController::Base
+    def index
+      @posts = Post.all
+      debugger
+    end
+  end
+
+So the controller will accept the action, run the first line, then present you
+with a IRB prompt in the server window. Here you can do things like:
+
+  >> @posts.inspect
+  => "[#<Post:0x14a6be8
+          @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>,
+       #<Post:0x14a6620
+          @attributes={"title"=>"Rails", "body"=>"Only ten..", "id"=>"2"}>]"
+  >> @posts.first.title = "hello from a debugger"
+  => "hello from a debugger"
+
+...and even better, you can examine how your runtime objects actually work:
+
+  >> f = @posts.first
+  => #<Post:0x13630c4 @attributes={"title"=>nil, "body"=>nil, "id"=>"1"}>
+  >> f.
+  Display all 152 possibilities? (y or n)
+
+Finally, when you're ready to resume execution, you can enter "cont".
+
+
+== Console
+
+The console is a Ruby shell, which allows you to interact with your
+application's domain model. Here you'll have all parts of the application
+configured, just like it is when the application is running. You can inspect
+domain models, change values, and save to the database. Starting the script
+without arguments will launch it in the development environment.
+
+To start the console, run <tt>rails console</tt> from the application
+directory.
+
+Options:
+
+* Passing the <tt>-s, --sandbox</tt> argument will rollback any modifications
+  made to the database.
+* Passing an environment name as an argument will load the corresponding
+  environment. Example: <tt>rails console production</tt>.
+
+To reload your controllers and models after launching the console run
+<tt>reload!</tt>
+
+More information about irb can be found at:
+link:http://www.rubycentral.org/pickaxe/irb.html
+
+
+== dbconsole
+
+You can go to the command line of your database directly through <tt>rails
+dbconsole</tt>. You would be connected to the database with the credentials
+defined in database.yml. Starting the script without arguments will connect you
+to the development database. Passing an argument will connect you to a different
+database, like <tt>rails dbconsole production</tt>. Currently works for MySQL,
+PostgreSQL and SQLite 3.
+
+== Description of Contents
+
+The default directory structure of a generated Ruby on Rails application:
+
+  |-- app
+  |   |-- assets
+  |   |   |-- images
+  |   |   |-- javascripts
+  |   |   `-- stylesheets
+  |   |-- controllers
+  |   |-- helpers
+  |   |-- mailers
+  |   |-- models
+  |   `-- views
+  |       `-- layouts
+  |-- config
+  |   |-- environments
+  |   |-- initializers
+  |   `-- locales
+  |-- db
+  |-- doc
+  |-- lib
+  |   |-- assets
+  |   `-- tasks
+  |-- log
+  |-- public
+  |-- script
+  |-- test
+  |   |-- fixtures
+  |   |-- functional
+  |   |-- integration
+  |   |-- performance
+  |   `-- unit
+  |-- tmp
+  |   `-- cache
+  |       `-- assets
+  `-- vendor
+      |-- assets
+      |   |-- javascripts
+      |   `-- stylesheets
+      `-- plugins
+
+app
+  Holds all the code that's specific to this particular application.
+
+app/assets
+  Contains subdirectories for images, stylesheets, and JavaScript files.
+
+app/controllers
+  Holds controllers that should be named like weblogs_controller.rb for
+  automated URL mapping. All controllers should descend from
+  ApplicationController which itself descends from ActionController::Base.
+
+app/models
+  Holds models that should be named like post.rb. Models descend from
+  ActiveRecord::Base by default.
+
+app/views
+  Holds the template files for the view that should be named like
+  weblogs/index.html.erb for the WeblogsController#index action. All views use
+  eRuby syntax by default.
+
+app/views/layouts
+  Holds the template files for layouts to be used with views. This models the
+  common header/footer method of wrapping views. In your views, define a layout
+  using the <tt>layout :default</tt> and create a file named default.html.erb.
+  Inside default.html.erb, call <% yield %> to render the view using this
+  layout.
+
+app/helpers
+  Holds view helpers that should be named like weblogs_helper.rb. These are
+  generated for you automatically when using generators for controllers.
+  Helpers can be used to wrap functionality for your views into methods.
+
+config
+  Configuration files for the Rails environment, the routing map, the database,
+  and other dependencies.
+
+db
+  Contains the database schema in schema.rb. db/migrate contains all the
+  sequence of Migrations for your schema.
+
+doc
+  This directory is where your application documentation will be stored when
+  generated using <tt>rake doc:app</tt>
+
+lib
+  Application specific libraries. Basically, any kind of custom code that
+  doesn't belong under controllers, models, or helpers. This directory is in
+  the load path.
+
+public
+  The directory available for the web server. Also contains the dispatchers and the
+  default HTML files. This should be set as the DOCUMENT_ROOT of your web
+  server.
+
+script
+  Helper scripts for automation and generation.
+
+test
+  Unit and functional tests along with fixtures. When using the rails generate
+  command, template test files will be generated for you and placed in this
+  directory.
+
+vendor
+  External libraries that the application depends on. Also includes the plugins
+  subdirectory. If the app has frozen rails, those gems also go here, under
+  vendor/rails/. This directory is in the load path.

data/spec/dummy/Rakefile

@@ -0,0 +1,10 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+require 'bundler'
+Bundler.require
+require 'granted/tasks'
+
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/models/document.rb

@@ -0,0 +1,7 @@
+class Document < ActiveRecord::Base
+  include Granted::ForGranted
+
+  grantable :read, :write, :destroy, to: User
+
+  attr_accessible :content, :name
+end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,5 @@
+class User < ActiveRecord::Base
+  include Granted::ForGranted
+
+  attr_accessible :name
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application", :media => "all" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/config/application.rb

@@ -0,0 +1,65 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "active_resource/railtie"
+require "sprockets/railtie"
+# require "rails/test_unit/railtie"
+
+Bundler.require(*Rails.groups)
+require "granted"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    config.active_record.whitelist_attributes = true
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = '1.0'
+  end
+end
+