i_am_i_can 3.0.0pre → 3.0.0

data/lib/i_am_i_can/permission/assignment.rb

@@ -6,7 +6,7 @@ module IAmICan
       include Helpers::Ins
 
       # permission assignment for stored role
-      def can *preds, obj: nil, strict_mode: false, auto_define_before: config.auto_define_before
+      def can *preds, obj: nil, strict_mode: false, auto_define_before: i_am_i_can.auto_define_before
         self.class.have_permissions *preds, obj: obj if auto_define_before
         not_defined_items, covered_items = [ ], [ ]
 
@@ -21,8 +21,8 @@ module IAmICan
 
       alias has_permission can
 
-      def temporarily_can *preds, obj: nil, strict_mode: false, auto_define_before: config.auto_define_before
-        raise Error, "Permission Assignment: local role `#{name}` was not defined" unless config.subject_model.defined_local_roles.key?(self.name.to_sym)
+      def temporarily_can *preds, obj: nil, strict_mode: false, auto_define_before: i_am_i_can.auto_define_before
+        raise Error, "Permission Assignment: local role `#{name}` was not defined" unless i_am_i_can.subject_model.defined_local_roles.key?(self.name.to_sym)
         self.class.have_permissions *preds, obj: obj, save: false if auto_define_before
         not_defined_items, covered_items = [ ], [ ]
 
@@ -70,21 +70,6 @@ module IAmICan
       end
 
       alias locally_can? temporarily_can?
-
-      def local_permissions
-        @local_permissions ||= [ ]
-      end
-
-      alias local_permission_names local_permissions
-
-      def stored_permission_names
-        stored_permissions.map(&:name)
-      end
-
-      # TODO: show by hash
-      def permissions
-        local_permission_names + stored_permission_names
-      end
     end
   end
 end

data/lib/i_am_i_can/permission/definition.rb

@@ -6,11 +6,7 @@ module IAmICan
     module Definition
       include Helpers::Cls
 
-      def which(name:, **conditions)
-        find_by!(name: name, **conditions)
-      end
-
-      def have_permission *preds, obj: nil, desc: nil, save: config.default_save
+      def have_permission *preds, obj: nil, desc: nil, save: i_am_i_can.default_save
         failed_items = [ ]
 
         preds.each do |pred|
@@ -37,22 +33,6 @@ module IAmICan
 
       alias declare_permissions declare_permission
 
-      def defined_local_permissions
-        @defined_local_permissions ||= { }
-      end
-
-      def defined_stored_pms_names
-        config.permission_model.all.map(&:name)
-      end
-
-      def defined_stored_permissions
-        config.permission_model.all.map { |pms| [ pms.name, pms.desc ] }.to_h
-      end
-
-      def defined_permissions
-        defined_local_permissions.deep_merge(defined_stored_permissions)
-      end
-
       def self.extended(kls)
         kls.delegate :defined_permissions, :pms_naming, :deconstruct_obj, :pms_of_defined_local_role, to: kls
       end

data/lib/i_am_i_can/permission/helpers.rb

@@ -5,26 +5,42 @@ module IAmICan
         def _pms_definition_result(preds, obj, failed_items)
           prefix = 'Permission Definition Done'
           fail_msg = prefix + ", but #{failed_items} have been defined" if failed_items.present?
-          raise Error, fail_msg if  config.strict_mode && fail_msg
+          raise Error, fail_msg if  i_am_i_can.strict_mode && fail_msg
           puts fail_msg || prefix unless ENV['ITEST']
           prefix.present?
         end
 
         def _to_store_permission(pred, obj, **options)
-          return false if config.permission_model.exists?(pred, obj)
-          config.permission_model.create!(pred: pred, **deconstruct_obj(obj), **options)
+          return false if i_am_i_can.permission_model.exists?(pred, obj)
+          i_am_i_can.permission_model.create!(pred: pred, **deconstruct_obj(obj), **options)
         end
 
         def pms_naming(pred, obj)
-          config.permission_model.naming(pred, obj)
+          i_am_i_can.permission_model.naming(pred, obj)
         end
 
         def deconstruct_obj(obj)
-          config.permission_model.deconstruct_obj(obj)
+          i_am_i_can.permission_model.deconstruct_obj(obj)
+        end
+
+        def defined_local_permissions
+          @defined_local_permissions ||= { }
+        end
+
+        def defined_stored_pms_names
+          i_am_i_can.permission_model.all.map(&:name)
+        end
+
+        def defined_stored_permissions
+          i_am_i_can.permission_model.all.map { |pms| [ pms.name, pms.desc ] }.to_h
+        end
+
+        def defined_permissions
+          defined_local_permissions.deep_merge(defined_stored_permissions)
         end
 
         def pms_of_defined_local_role(role_name)
-          config.subject_model.defined_local_roles[role_name.to_sym]&.[](:permissions) || []
+          i_am_i_can.subject_model.defined_local_roles[role_name.to_sym]&.[](:permissions) || []
         end
       end
 
@@ -34,13 +50,24 @@ module IAmICan
           msg1 = "#{not_defined_items} have not been defined or have been repeatedly assigned" if not_defined_items.present?
           msg2 = "#{covered_items} have been covered" if covered_items.present?
           fail_msg = prefix + ', but ' + [msg1, msg2].compact.join(', ') if msg1 || msg2
-          raise Error, fail_msg if (strict_mode || config.strict_mode) && fail_msg
+          raise Error, fail_msg if (strict_mode || i_am_i_can.strict_mode) && fail_msg
           puts fail_msg || prefix unless ENV['ITEST']
           prefix.present?
         end
 
         def pms_matched?(pms_name, plist)
-          config.permission_model.matched?(pms_name, in: plist[:in])
+          i_am_i_can.permission_model.matched?(pms_name, in: plist[:in])
+        end
+
+        def local_permissions
+          @local_permissions ||= [ ]
+        end
+
+        alias local_permission_names local_permissions
+
+        # TODO: show by hash
+        def permissions
+          local_permission_names + stored_permission_names
         end
       end
     end

data/lib/i_am_i_can/permission.rb

@@ -1,68 +1,68 @@
 require 'i_am_i_can/permission/p_array'
+require 'i_am_i_can/permission/definition'
+require 'i_am_i_can/permission/assignment'
 
 module IAmICan
   module Permission
-    def matched?(pms_name = nil, pred: nil, obj: nil, **options)
-      PArray.new(options[:in]).matched?(pms_name || naming(pred, obj))
-    end
-
-    def which(pred:, obj: nil, **conditions)
-      find_by!(pred: pred, **deconstruct_obj(obj), **conditions)
-    end
-
-    def naming(pred, obj)
-      obj_type, obj_id = deconstruct_obj(obj).values
-      otp = "_#{obj_type}" if obj_type.present?
-      oid = "_#{obj_id}" if obj_id.present?
-      [pred, otp, oid].join.to_sym
-    end
+    extend ActiveSupport::Concern
 
-    def deconstruct_obj(obj)
-      return { } unless obj
+    class_methods do
+      def matched?(pms_name = nil, pred: nil, obj: nil, **options)
+        PArray.new(options[:in]).matched?(pms_name || naming(pred, obj))
+      end
 
-      if obj.is_a?(String) || obj.is_a?(Symbol)
-        { obj_type: obj }
-      elsif obj.respond_to?(:attributes)
-        { obj_type: obj.class.name, obj_id: obj.id }
-      else
-        { obj_type: obj.to_s, obj_id: nil }
+      def which(pred:, obj: nil, **conditions)
+        find_by!(pred: pred, **deconstruct_obj(obj), **conditions)
       end
-    end
 
-    def exists?(pred, obj)
-      super(pred: pred, **deconstruct_obj(obj))
-    end
+      def naming(pred, obj)
+        obj_type, obj_id = deconstruct_obj(obj).values
+        otp = "_#{obj_type}" if obj_type.present?
+        oid = "_#{obj_id}" if obj_id.present?
+        [pred, otp, oid].join.to_sym
+      end
 
-    def self.extended(kls)
-      kls.include InstanceMethods
-    end
-  end
+      def deconstruct_obj(obj)
+        return { } unless obj
 
-  # === End of ClassMethods ===
+        if obj.is_a?(String) || obj.is_a?(Symbol)
+          { obj_type: obj }
+        elsif obj.respond_to?(:attributes)
+          { obj_type: obj.class.name, obj_id: obj.id }
+        else
+          { obj_type: obj.to_s, obj_id: nil }
+        end
+      end
 
-  module Permission::InstanceMethods
-    # like: manage_User_1
-    def name
-      otp = "_#{obj_type}" if obj_type.present?
-      oid = "_#{obj_id}" if obj_id.present?
-      [pred, otp, oid].join.to_sym
+      def exists?(pred, obj)
+        super(pred: pred, **deconstruct_obj(obj))
+      end
     end
 
-    def assign_to role: nil, group: nil
-      obj = if role
-              role.is_a?(Symbol) ? ii_config.role_model.find(name: role) : role
-            else
-              group.is_a?(Symbol) ? ii_config.role_group_model.find(name: role) : group
-            end
-      obj.have_permission self.pred, obj: self.obj
-    end
+    included do
+      # like: manage_User_1
+      def name
+        otp = "_#{obj_type}" if obj_type.present?
+        oid = "_#{obj_id}" if obj_id.present?
+        [pred, otp, oid].join.to_sym
+      end
 
-    alias is_assigned_to assign_to
+      # def assign_to role: nil, group: nil
+      #   obj = if role
+      #           role.is_a?(Symbol) ? i_am_i_can.role_model.find(name: role) : role
+      #         else
+      #           group.is_a?(Symbol) ? i_am_i_can.role_group_model.find(name: role) : group
+      #         end
+      #   obj.have_permission self.pred, obj: self.obj
+      # end
+      #
+      # alias is_assigned_to assign_to
 
-    # :user, User, user
-    def obj
-      return obj_type.constantize.find(obj_id) if obj_id.present?
-      obj_type[/[A-Z]/] ? obj_type.constantize : obj_type.to_sym
+      # :user, User, user
+      def obj
+        return obj_type.constantize.find(obj_id) if obj_id.present?
+        obj_type[/[A-Z]/] ? obj_type.constantize : obj_type.to_sym
+      end
     end
   end
 end

data/lib/i_am_i_can/reflection.rb

@@ -0,0 +1,25 @@
+module IAmICan
+  module Reflection
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # User._roles => 'stored_roles'
+      %w[ subjects roles role_groups permissions ].each do |k|
+        define_method "_#{k}" do
+          v = instance_variable_get("@_#{k}")
+          return v if v.present?
+          instance_variable_set("@_#{k}", _reflect_of(k.singularize))
+        end
+      end
+    end
+
+    included do
+      # user._roles => Association CollectionProxy, same as: `user.stored_roles`
+      %w[ subjects roles role_groups permissions ].each do |k|
+        define_method "_#{k}" do
+          send(self.class.send("_#{k}")) if self.class.send("_#{k}")
+        end
+      end
+    end
+  end
+end

data/lib/i_am_i_can/resource.rb

@@ -0,0 +1,29 @@
+module IAmICan
+  module Resource
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # Book.that_allow(User.all).to(:read)
+      # Book.that_allow(User.last).to(:write)
+      def that_allow(subject)
+        ThatAllow.new(self, subject)
+      end
+    end
+  end
+
+  class ThatAllow
+    attr_accessor :records, :subject
+
+    def initialize(records, subject)
+      self.records = records
+      self.subject = subject
+    end
+
+    def to(pred)
+      roles = Configs.take.subject_model._roles
+      permissions = Configs.take.role_model._permissions
+      allowed_ids = subject.send(roles).send(permissions).where(pred: pred, obj_type: records.name).pluck(:obj_id)
+      records.where(id: allowed_ids)
+    end
+  end
+end

data/lib/i_am_i_can/role/assignment.rb

@@ -5,7 +5,7 @@ module IAmICan
     module Assignment
       include Helpers::Ins
 
-      def becomes_a *roles, which_can: [ ], obj: nil, auto_define_before: ii_config.auto_define_before, save: ii_config.default_save
+      def becomes_a *roles, which_can: [ ], obj: nil, auto_define_before: i_am_i_can.auto_define_before, save: i_am_i_can.default_save
         should_define_role = which_can.present? || auto_define_before
         self.class.have_roles *roles, which_can: which_can, obj: obj, save: save if should_define_role
         failed_items = [ ]
@@ -36,7 +36,7 @@ module IAmICan
 
       alias locally_is temporarily_is
 
-      def falls_from *roles, saved: ii_config.default_save
+      def falls_from *roles, saved: i_am_i_can.default_save
         failed_items = [ ]
 
         roles.each do |role|
@@ -57,20 +57,6 @@ module IAmICan
       alias leaves        falls_from
       alias has_not_role  falls_from
       alias has_not_roles falls_from
-
-      def local_role_names
-        @local_role_names ||= [ ]
-      end
-
-      def local_roles
-        defined_local_roles.slice(*local_role_names)
-      end
-
-      def roles
-        local_role_names + stored_role_names
-      end
-
-      alias role_names roles
     end
   end
 end

data/lib/i_am_i_can/role/definition.rb

@@ -5,14 +5,14 @@ module IAmICan
     module Definition
       include Helpers::Cls
 
-      def have_role *names, desc: nil, save: ii_config.default_save, which_can: [ ], obj: nil
+      def have_role *names, desc: nil, save: i_am_i_can.default_save, which_can: [ ], obj: nil
         failed_items, preds = [ ], which_can
 
         names.each do |name|
           description = desc || name.to_s.humanize
           if save
             next failed_items << name unless _to_store_role(name, desc: description)
-            ii_config.role_model.which(name: name).can *preds, obj: obj, auto_define_before: true, strict_mode: true if which_can.present?
+            i_am_i_can.role_model.which(name: name).can *preds, obj: obj, auto_define_before: true, strict_mode: true if which_can.present?
           else
             next failed_items << name if defined_local_roles.key?(name)
             defined_local_roles[name] ||= { desc: description, permissions: [ ] }
@@ -35,8 +35,8 @@ module IAmICan
 
       def group_roles *members, by_name:, which_can: [ ], obj: nil
         raise Error, 'Some of members have not been defined' unless (members - defined_stored_role_names).empty?
-        raise Error, "Given name #{by_name} has been used by a role" if ii_config.role_model.exists?(name: by_name)
-        ii_config.role_group_model.find_or_create_by!(name: by_name).members_add(members)
+        raise Error, "Given name #{by_name} has been used by a role" if i_am_i_can.role_model.exists?(name: by_name)
+        i_am_i_can.role_group_model.find_or_create_by!(name: by_name).members_add(members)
       end
 
       alias group_role   group_roles
@@ -50,51 +50,9 @@ module IAmICan
 
       alias has_and_groups_roles have_and_group_roles
 
-      # permission assignment locally for local role
-      # User.local_role_which(name: :admin, can: :fly)
-      #   same effect to: UserRole.new(name: :admin).temporarily_can :fly
-      def local_role_which(name:, can:, obj: nil, **options)
-        ii_config.role_model.new(name: name).temporarily_can *Array(can), obj: obj, **options
-      end
-
       def self.extended(kls)
         kls.delegate :defined_local_roles, :defined_stored_roles, :defined_roles, to: kls
       end
     end
-
-    # === End of MainMethods ===
-
-    module Definition::SecondaryMethods
-      def defined_local_roles
-        @local_roles ||= { }
-      end
-
-      def defined_stored_role_names
-        ii_config.role_model.pluck(:name).map(&:to_sym)
-      end
-
-      def defined_stored_roles
-        ii_config.role_model.all.map { |role| [ role.name.to_sym, role.desc ] }.to_h
-      end
-
-      def defined_roles
-        defined_local_roles.deep_merge(defined_stored_roles)
-      end
-
-      def defined_role_group_names
-        ii_config.role_group_model.pluck(:name).map(&:to_sym)
-
-      end
-
-      def defined_role_groups
-        ii_config.role_group_model.all.map { |group| [ group.name.to_sym, group.member_names.map(&:to_sym) ] }.to_h
-      end
-
-      def members_of_role_group name
-        ii_config.role_group_model.find_by!(name: name).member_names
-      end
-
-      Definition.include self
-    end
   end
 end

data/lib/i_am_i_can/role/helpers.rb

@@ -3,24 +3,48 @@ module IAmICan
     module Helpers
       module Cls
         def _to_store_role name, **options
-          return false if ii_config.role_model.exists?(name: name) || ii_config.role_group_model&.exists?(name: name)
-          ii_config.role_model.create!(name: name, **options)
+          return false if i_am_i_can.role_model.exists?(name: name) || i_am_i_can.role_group_model&.exists?(name: name)
+          i_am_i_can.role_model.create!(name: name, **options)
         end
 
         def _role_definition_result(names, failed_items)
           prefix = 'Role Definition Done'
           fail_msg = prefix + ", but name #{failed_items} have been used by other role or group" if failed_items.present?
-          raise Error, fail_msg if ii_config.strict_mode && fail_msg
+          raise Error, fail_msg if i_am_i_can.strict_mode && fail_msg
           puts fail_msg || prefix unless ENV['ITEST']
           prefix.present?
         end
+
+        def defined_local_roles
+          @local_roles ||= { }
+        end
+
+        def defined_stored_role_names
+          i_am_i_can.role_model.pluck(:name).map(&:to_sym)
+        end
+
+        def defined_stored_roles
+          i_am_i_can.role_model.all.map { |role| [ role.name.to_sym, role.desc ] }.to_h
+        end
+
+        def defined_roles
+          defined_local_roles.deep_merge(defined_stored_roles)
+        end
+
+        def defined_role_group_names
+          i_am_i_can.role_group_model.pluck(:name).map(&:to_sym)
+        end
+
+        def defined_role_groups
+          i_am_i_can.role_group_model.all.map { |group| [ group.name.to_sym, group.member_names.map(&:to_sym).sort ] }.to_h
+        end
       end
 
       module Ins
         def _role_assignment_result(names, failed_items)
           prefix = 'Role Assignment Done'
           fail_msg = prefix + ", but #{failed_items} have not been defined or have been repeatedly assigned" if failed_items.present?
-          raise Error, fail_msg if ii_config.strict_mode && fail_msg
+          raise Error, fail_msg if i_am_i_can.strict_mode && fail_msg
           puts fail_msg || prefix unless ENV['ITEST']
           prefix.present?
         end
@@ -28,10 +52,24 @@ module IAmICan
         def __role
           proc do |role|
             next role.to_sym if role.is_a?(String) || role.is_a?(Symbol)
-            next role.name if role.is_a?(ii_config.role_model)
+            next role.name if role.is_a?(i_am_i_can.role_model)
             # raise error
           end
         end
+
+        def local_role_names
+          @local_role_names ||= [ ]
+        end
+
+        def local_roles
+          defined_local_roles.slice(*local_role_names)
+        end
+
+        def roles
+          local_role_names + stored_role_names
+        end
+
+        alias role_names roles
       end
     end
   end

data/lib/i_am_i_can/role.rb

@@ -0,0 +1,17 @@
+require 'i_am_i_can/role/definition'
+require 'i_am_i_can/role/assignment'
+
+module IAmICan
+  module Role
+    extend ActiveSupport::Concern
+
+    class_methods do
+      def which(name:, **conditions)
+        find_by!(name: name, **conditions)
+      end
+    end
+
+    included do
+    end
+  end
+end

data/lib/i_am_i_can/subject/permission_querying.rb

@@ -39,18 +39,18 @@ module IAmICan
       end
 
       def temporarily_can? pred, obj
-        ii_config.permission_model.matched?(pred: pred, obj: obj, in: permissions_of_local_roles)
+        i_am_i_can.permission_model.matched?(pred: pred, obj: obj, in: permissions_of_local_roles)
       end
 
       alias locally_can? temporarily_can?
 
       def stored_can? pred, obj
-        ii_config.permission_model.matched?(pred: pred, obj: obj, in: permissions_of_stored_roles)
+        i_am_i_can.permission_model.matched?(pred: pred, obj: obj, in: permissions_of_stored_roles)
       end
 
       def group_can? pred, obj, without_group = false
-        return false if without_group || ii_config.without_group
-        ii_config.permission_model.matched?(pred: pred, obj: obj, in: permissions_of_role_groups)
+        return false if without_group || i_am_i_can.without_group
+        i_am_i_can.permission_model.matched?(pred: pred, obj: obj, in: permissions_of_role_groups)
       end
 
       def permissions_of_stored_roles

data/lib/i_am_i_can/subject.rb

@@ -0,0 +1,24 @@
+require 'i_am_i_can/subject/role_querying'
+require 'i_am_i_can/subject/permission_querying'
+
+module IAmICan
+  module Subject
+    extend ActiveSupport::Concern
+
+    class_methods do
+      # permission assignment locally for local role
+      # User.local_role_which(name: :admin, can: :fly)
+      #   same effect to: UserRole.new(name: :admin).temporarily_can :fly
+      def local_role_which(name:, can:, obj: nil, **options)
+        i_am_i_can.role_model.new(name: name).temporarily_can *Array(can), obj: obj, **options
+      end
+
+      def members_of_role_group name
+        i_am_i_can.role_group_model.find_by!(name: name).member_names.sort
+      end
+    end
+
+    included do
+    end
+  end
+end

data/lib/i_am_i_can/version.rb

@@ -1,3 +1,3 @@
 module IAmICan
-  VERSION = '3.0.0pre'
+  VERSION = '3.0.0'
 end