i_am_i_can 3.0.1 → 4.0.0

data/lib/generators/i_am_i_can/templates/models/permission.erb

@@ -5,14 +5,16 @@ class <%= permission_c %> < ActiveRecord::Base
   has_and_belongs_to_many :related_role_groups,
                           join_table: '<%= group_pms_tb %>', foreign_key: :<%= group_u %>_id, class_name: '<%= group_c %>', association_foreign_key: :<%= permission_u %>_id
 <% end %>
+  belongs_to :obj, polymorphic: true
+
   acts_as_permission
 end
 
 __END__
 
-  string  :pred,     null: false
+  string  :action,     null: false
   string  :obj_type
   integer :obj_id
   string  :desc
 
-  index %i[ pred obj_type obj_id ], unique: true
+  index %i[ action obj_type obj_id ], unique: true

data/lib/generators/i_am_i_can/templates/models/role.erb

@@ -5,9 +5,11 @@ class <%= role_c %> < ActiveRecord::Base
   has_and_belongs_to_many :related_stored_groups,
                           join_table: '<%= group_role_tb %>', foreign_key: :<%= group_u %>_id, class_name: '<%= group_c %>', association_foreign_key: :<%= role_u %>_id
 <% end %>
-  has_and_belongs_to_many :stored_permissions,
+  has_and_belongs_to_many :permissions,
                           join_table: '<%= role_pms_tb %>', foreign_key: :<%= permission_u %>_id, class_name: '<%= permission_c %>', association_foreign_key: :<%= role_u %>_id
 
+  has_many_temporary_permissions
+
   acts_as_role
 
   # default_scope { with_stored_permissions }

data/lib/generators/i_am_i_can/templates/models/role_group.erb

@@ -1,10 +1,12 @@
 class RoleGroup < ActiveRecord::Base
-  has_and_belongs_to_many :stored_permissions,
+  has_and_belongs_to_many :permissions,
                           join_table: '<%= group_pms_tb %>', foreign_key: :<%= permission_u %>_id, class_name: '<%= permission_c %>', association_foreign_key: :<%= group_u %>_id
 
   has_and_belongs_to_many :members,
                           join_table: '<%= group_role_tb %>', foreign_key: :<%= role_u %>_id, class_name: '<%= role_c %>', association_foreign_key: :<%= group_u %>_id
 
+  has_many_temporary_permissions
+
   acts_as_role_group
 
   # default_scope { with_members.with_stored_permissions) }

data/lib/i_am_i_can/configs/config.rb

@@ -2,14 +2,13 @@ module IAmICan
   module Configs
     class Config
       attr_accessor :subject_class, :role_class, :role_group_class, :permission_class,
-                    :auto_define_before, :strict_mode, :without_group, :default_save, :act
+                    :auto_definition, :strict_mode, :without_group, :act
 
       def initialize(*classes)
         self.subject_class, self.role_class, self.permission_class, self.role_group_class = classes
-        self.auto_define_before = false
+        self.auto_definition = false
         self.strict_mode = false
         self.without_group = false
-        self.default_save = true
       end
 
       def subject_model

data/lib/i_am_i_can/configs/configs.rb

@@ -2,9 +2,7 @@ require 'i_am_i_can/configs/config'
 
 module IAmICan
   module Configs
-    cattr_accessor :configs do
-      { }
-    end
+    cattr_accessor :configs, default: { }
 
     def self.set_for(subject:, role:, permission:, role_group: nil, &block)
       config = Config.new(subject, role, permission, role_group)
@@ -21,9 +19,5 @@ module IAmICan
     def self.get(class_name)
       configs[class_name]
     end
-
-    def self.take
-      configs.values.first
-    end
   end
 end

data/lib/i_am_i_can/helpers/dynamic.rb

@@ -0,0 +1,102 @@
+module IAmICan
+  module Dynamic
+    extend self
+
+    def scopes
+      #
+      # Generate scopes of each specified i_am_i_can association
+      #
+      # scope :with_stored_roles, -> { includes(:stored_roles) }
+      #
+      proc do |keys|
+        keys.each do |k|
+          scope :"with_#{_reflect_of(k)}", ->  { includes(_reflect_of(k)) }
+        end
+      end
+    end
+
+    def class_reflections
+      #
+      # Extend each associated querying to a class method that returns ActiveRecord::Relation
+      #
+      # Suppose: in UserRole model,
+      #   has_and_belongs_to_many :related_users
+      #
+      # It will do like this:
+      #   def self.related_users
+      #     User.with_stored_roles.where(user_roles: { id: self.ids })
+      #   end
+      #
+      # Usage:
+      #   UserRole.all.related_users
+      #
+      proc do
+        %w[ subject role role_group permission ].each do |k|
+          next if _reflect_of(k).blank?
+          define_singleton_method _reflect_of(k) do
+            model = i_am_i_can.send("#{k}_model")
+            raise NoMethodError unless (reflect_name = model._reflect_of(i_am_i_can.act))
+
+            model.send("with_#{reflect_name}").where(
+                self.name.underscore.pluralize => { id: self.ids }
+            )
+          end
+        end
+      end
+    end
+
+    def assignment_helpers
+      #
+      # Generate methods for each Content of Assignment
+      #
+      # Example for a subject model called User, which `has_and_belongs_to_many :stored_roles`.
+      # You call the proc below by given contents [:role], then:
+      #
+      proc { |contents| contents.each do |content|
+        content_cls = i_am_i_can.send("#{content}_class")
+        _plural = '_' + content.to_s.pluralize
+
+        # _stored_roles_exec
+        #   Add / Remove (by passing action :cancel) roles to a user instance
+        define_method "_#{_reflect_of(content)}_exec" do |action = :assignment, instances = [ ], **conditions|
+          collection = send(_plural)
+          if conditions.present? && action == :assignment
+            # Role.where(name: [...]).where.not(id: roles.ids)
+            query_result = content_cls.constantize.where(conditions).where.not(id: collection.ids)
+          elsif conditions.present? && action == :cancel
+            # Role.where(id: roles.ids, name: [...])
+            query_result = content_cls.constantize.where(id: collection.ids, **conditions)
+          end
+
+          objects = [*(query_result || [ ]), *(instances - collection)].uniq
+          action == :assignment ? collection << objects : collection.destroy(objects)
+          objects
+        end
+        #
+        alias_method "_stored#{_plural}_exec", "_#{_reflect_of(content)}_exec"
+      end }
+    end
+
+    def definition_helpers
+      #
+      # Generate class methods for each Content of Definition
+      #
+      # Example for a subject model called User,
+      #   which `has_many_temporary_roles` and `has_and_belongs_to_many :stored_roles`.
+      # You call the proc below by given contents [:role], then:
+      #
+      proc { |contents| contents.each do |content|
+        content_cls = i_am_i_can.send("#{content}_class")
+        _plural = '_' + content.to_s.pluralize
+
+        # _create_roles
+        #    Define and store roles of Subject
+        define_singleton_method "_create#{_plural}" do |objects|
+          # Role.create([{ name: .. }]).reject { the roles that validation failed }
+          content_cls.constantize.create(objects)
+              .reject {|record| record.new_record? }
+        end
+      end }
+    end
+  end
+end

data/lib/i_am_i_can/helpers/result_of.rb

@@ -0,0 +1,71 @@
+module IAmICan
+  module ResultOf
+    module Role
+      def roles definition, i_am_i_can, given: [ ]
+        ResultOf.(definition, [ [], given ], config: i_am_i_can,
+                msg_prefix: 'Role Definition: ',
+                fail_msg: 'have been used by other roles!'
+        )
+      end
+
+      def role assignment, i_am_i_can, given: [ ]
+        ResultOf.(assignment, given, config: i_am_i_can,
+                msg_prefix: 'Role Assignment: ',
+                fail_msg: 'have not been defined or have been repeatedly assigned!'
+        )
+      end
+
+      ResultOf.include self
+    end
+
+    module RoleGroup
+      def members assignment, i_am_i_can, given: [ ]
+        ResultOf.(assignment, given, config: i_am_i_can,
+                msg_prefix: 'Role Grouping: ',
+                fail_msg: 'have not been defined!'
+        )
+      end
+
+      ResultOf.include self
+    end
+
+    module Permission
+      def permissions definition, i_am_i_can, given: [ ]
+        ResultOf.(definition, [ [], given ], config: i_am_i_can,
+                msg_prefix: 'Permission Definition: ',
+                fail_msg: 'have been used by other permissions!'
+        )
+      end
+
+      def permission assignment, i_am_i_can, given: [ ]
+        ResultOf.(assignment, given, config: i_am_i_can,
+                msg_prefix: 'Permission Assignment: ',
+                fail_msg: 'have not been defined or have been repeatedly assigned!'
+        )
+      end
+
+      ResultOf.include self
+    end
+
+    def call(assignment, given, msg_prefix:, fail_msg:, config:)
+      instances, names = given
+      instances.map!(&:name).map!(&:to_sym)
+      assignment = assignment.map(&:name).map(&:to_sym) unless assignment.first.is_a?(Symbol)
+
+      to_be_assigned_names = (instances + names).uniq
+      failed_items = to_be_assigned_names - assignment
+
+      msg = msg_prefix + (assignment.blank? ? 'do nothing' : "#{assignment} DONE")
+      msg << "; And #{failed_items} #{fail_msg}" if failed_items.present?
+
+      if config.strict_mode && failed_items.present?
+        raise Error, msg
+      else
+        Rails.logger.info(msg) unless ENV['ITEST']
+        assignment
+      end
+    end
+
+    extend self
+  end
+end

data/lib/i_am_i_can/permission/assignment.rb

@@ -1,75 +1,27 @@
-require 'i_am_i_can/permission/helpers'
-
 module IAmICan
   module Permission
     module Assignment
-      include Helpers::Ins
-
-      # permission assignment for stored role
-      def can *preds, obj: nil, strict_mode: false, auto_define_before: i_am_i_can.auto_define_before
-        self.class.have_permissions *preds, obj: obj if auto_define_before
-        not_defined_items, covered_items = [ ], [ ]
-
-        preds.each do |pred|
-          pms_name = pms_naming(pred, obj)
-          covered_items << pms_name if pms_matched?(pms_name, in: stored_permission_names)
-          not_defined_items << pms_name unless stored_permissions_add(pred: pred, **deconstruct_obj(obj))
-        end
-
-        _pms_assignment_result(preds, obj, not_defined_items, covered_items, strict_mode)
+      def can *actions,
+              resource: nil, obj: resource,
+              _d: i_am_i_can.auto_definition, auto_definition: _d
+        self.class.have_permissions *actions, obj: obj if auto_definition
+        _permissions_assignment(actions, obj)
       end
 
       alias has_permission can
 
-      def temporarily_can *preds, obj: nil, strict_mode: false, auto_define_before: i_am_i_can.auto_define_before
-        raise Error, "Permission Assignment: local role `#{name}` was not defined" unless i_am_i_can.subject_model.defined_local_roles.key?(self.name.to_sym)
-        self.class.have_permissions *preds, obj: obj, save: false if auto_define_before
-        not_defined_items, covered_items = [ ], [ ]
-
-        preds.each do |pred|
-          pms_name = pms_naming(pred, obj)
-          next not_defined_items << pms_name unless pms_name.in?(defined_permissions.keys)
-          covered_items << pms_name if pms_matched?(pms_name, in: pms_of_defined_local_role(self.name))
-          pms_of_defined_local_role(self.name) << pms_name
-        end
-
-        _pms_assignment_result(preds, obj, not_defined_items, covered_items, strict_mode)
-      end
-
-      alias locally_can temporarily_can
-
-      def cannot *preds, obj: nil, saved: true
-        not_defined_items = [ ]
-
-        preds.each do |pred|
-          pms_name = pms_naming(pred, obj)
-          if saved
-            next if stored_permissions_rmv(pred: pred, **deconstruct_obj(obj))
-            not_defined_items << pms_name
-          else
-            next not_defined_items << pms_name unless pms_name.in?(defined_permissions.keys)
-            pms_of_defined_local_role(self.name).delete(pms_name)
-          end
-        end
-
-        _pms_assignment_result(preds, obj, not_defined_items)
+      def cannot *actions, obj: nil
+        _permissions_assignment(:cancel, actions, obj)
       end
 
       alias is_not_allowed_to cannot
 
-      # `can? :manage, User` / `can? :manage, obj: User`
-      def can? pred, obj0 = nil, obj: nil
-        obj = obj0 || obj
-        pms_name = pms_naming(pred, obj)
-        temporarily_can?(pred, obj) || pms_matched?(pms_name, in: stored_permission_names)
+      def _permissions_assignment(action = :assignment, actions, obj)
+        permissions = actions.product(Array[obj]).map { |(p, o)| { action: p, **deconstruct_obj(o) } }
+        assignment = _stored_permissions_exec(action,
+                                              permissions.reduce({ }) { |a, b| a.merge(b) { |_, x, y| [x, y] } })
+        ResultOf.permission assignment, i_am_i_can, given: [[], permissions.map { |pms| pms.values.compact.join('_').to_sym }]
       end
-
-      def temporarily_can? pred, obj
-        pms_name = pms_naming(pred, obj)
-        pms_matched?(pms_name, in: pms_of_defined_local_role(self.name))
-      end
-
-      alias locally_can? temporarily_can?
     end
   end
 end

data/lib/i_am_i_can/permission/definition.rb

@@ -1,40 +1,20 @@
-require 'i_am_i_can/permission/helpers'
-require 'i_am_i_can/permission/p_array'
-
 module IAmICan
   module Permission
     module Definition
-      include Helpers::Cls
-
-      def have_permission *preds, obj: nil, desc: nil, save: i_am_i_can.default_save
-        failed_items = [ ]
-
-        preds.each do |pred|
-          pms_name = pms_naming(pred, obj)
-          description = desc || pms_name.to_s.tr('_', ' ')
-          if save
-            failed_items << pms_name unless _to_store_permission(pred, obj, desc: description)
-          else
-            failed_items << pms_name if pms_name.in?(defined_local_permissions.keys)
-            defined_local_permissions[pms_name] ||= { desc: description }
-          end
-        end
-
-        _pms_definition_result(preds, obj, failed_items)
+      def have_permission *actions, obj: nil
+        permissions = actions.product(Array[obj]).map { |(p, o)| { action: p, **deconstruct_obj(o) } }
+        definition = _create_permissions(permissions)
+        ResultOf.roles definition, i_am_i_can, given: permissions.map { |pms| pms.values.compact.join('_').to_sym }
       end
 
-      alias have_permissions have_permission
-      alias has_permission   have_permission
-      alias has_permissions  have_permission
+      %i[ have_permissions has_permission has_permissions ].each { |aname| alias_method aname, :have_permission }
 
-      def declare_permission *preds, **options
-        have_permission *preds, **options, save: false
+      def deconstruct_obj(obj)
+        i_am_i_can.permission_model.deconstruct_obj(obj)
       end
 
-      alias declare_permissions declare_permission
-
       def self.extended(kls)
-        kls.delegate :defined_permissions, :pms_naming, :deconstruct_obj, :pms_of_defined_local_role, to: kls
+        kls.delegate :deconstruct_obj, to: kls
       end
     end
   end

data/lib/i_am_i_can/permission.rb

@@ -1,4 +1,3 @@
-require 'i_am_i_can/permission/p_array'
 require 'i_am_i_can/permission/definition'
 require 'i_am_i_can/permission/assignment'
 
@@ -7,19 +6,23 @@ module IAmICan
     extend ActiveSupport::Concern
 
     class_methods do
-      def matched?(pms_name = nil, pred: nil, obj: nil, **options)
-        PArray.new(options[:in]).matched?(pms_name || naming(pred, obj))
+      def matched(actions, obj)
+        _ = deconstruct_obj(obj)
+        where(action: actions,
+              obj_type: [nil, _[:obj_type]],
+              obj_id: [nil, _[:obj_id]])
       end
 
-      def which(pred:, obj: nil, **conditions)
-        find_by!(pred: pred, **deconstruct_obj(obj), **conditions)
+      def matched?(actions, obj)
+        matched(actions, obj).present?
       end
 
-      def naming(pred, obj)
-        obj_type, obj_id = deconstruct_obj(obj).values
-        otp = "_#{obj_type}" if obj_type.present?
-        oid = "_#{obj_id}" if obj_id.present?
-        [pred, otp, oid].join.to_sym
+      def matched_all?(actions, obj)
+        matched(actions, obj).count == Array(actions).count
+      end
+
+      def which(action:, obj: nil, **conditions)
+        find_by!(action: action, **deconstruct_obj(obj), **conditions)
       end
 
       def deconstruct_obj(obj)
@@ -34,32 +37,23 @@ module IAmICan
         end
       end
 
-      def exists?(pred, obj)
-        super(pred: pred, **deconstruct_obj(obj))
+      def names
+        all.map(&:name)
       end
     end
 
     included do
       # like: manage_User_1
       def name
-        otp = "_#{obj_type}" if obj_type.present?
-        oid = "_#{obj_id}" if obj_id.present?
-        [pred, otp, oid].join.to_sym
+        [action, obj_type, obj_id].compact.join('_').to_sym
       end
 
       # def assign_to role: nil, group: nil
-      #   obj = if role
-      #           role.is_a?(Symbol) ? i_am_i_can.role_model.find(name: role) : role
-      #         else
-      #           group.is_a?(Symbol) ? i_am_i_can.role_group_model.find(name: role) : group
-      #         end
-      #   obj.have_permission self.pred, obj: self.obj
       # end
-      #
-      # alias is_assigned_to assign_to
 
-      # :user, User, user
+      # returns :user, User, user
       def obj
+        return if obj_type.blank?
         return obj_type.constantize.find(obj_id) if obj_id.present?
         obj_type[/[A-Z]/] ? obj_type.constantize : obj_type.to_sym
       end

data/lib/i_am_i_can/resource.rb

@@ -2,28 +2,33 @@ module IAmICan
   module Resource
     extend ActiveSupport::Concern
 
-    class_methods do
-      # Book.that_allow(User.all).to(:read)
-      # Book.that_allow(User.last).to(:write)
-      def that_allow(subject)
-        ThatAllow.new(self, subject)
+    included do
+      # Book.that_allow(User.all, to: :read)
+      # Book.that_allow(User.last, to: :write)
+      scope :that_allow, -> (subject, to:) do
+        tmp_role_ids = Array(subject).flat_map(&:temporary_roles).map(&:id).uniq
+        allowed_ids = subject.i_am_i_can.role_model.where(id: (subject._roles.ids + tmp_role_ids).uniq)
+                          ._permissions.where(action: to, obj_type: self.name).pluck(:obj_id).uniq
+        where(id: allowed_ids)
       end
     end
-  end
 
-  class ThatAllow
-    attr_accessor :records, :subject
-
-    def initialize(records, subject)
-      self.records = records
-      self.subject = subject
-    end
-
-    def to(pred)
-      roles = Configs.take.subject_model._roles
-      permissions = Configs.take.role_model._permissions
-      allowed_ids = subject.send(roles).send(permissions).where(pred: pred, obj_type: records.name).pluck(:obj_id).uniq
-      records.where(id: allowed_ids)
+    class_methods do
+      # def that_allow(subject)
+      #   ThatAllow.new(self, subject)
+      # end
     end
   end
+
+  # class ThatAllow
+  #   attr_accessor :records, :subject
+  #
+  #   def initialize(records, subject)
+  #     self.records = records
+  #     self.subject = subject
+  #   end
+  #
+  #   def to(action)
+  #   end
+  # end
 end

data/lib/i_am_i_can/role/assignment.rb

@@ -1,62 +1,41 @@
-require 'i_am_i_can/role/helpers'
-
 module IAmICan
   module Role
     module Assignment
-      include Helpers::Ins
-
-      def becomes_a *roles, which_can: [ ], obj: nil, auto_define_before: i_am_i_can.auto_define_before, save: i_am_i_can.default_save
-        should_define_role = which_can.present? || auto_define_before
-        self.class.have_roles *roles, which_can: which_can, obj: obj, save: save if should_define_role
-        failed_items = [ ]
-
-        roles.map(&__role).each do |role|
-          if save
-            failed_items << role unless stored_roles_add(role)
-          else
-            next failed_items << role unless role.in?(defined_roles.keys)
-            local_role_names << role unless role.in?(local_role_names)
-          end
-        end
-
-        _role_assignment_result(roles, failed_items)
+      def becomes_a *roles, which_can: [ ], obj: nil,
+                    _d: i_am_i_can.auto_definition,
+                    auto_definition: _d || which_can.present?,
+                    save: true
+        self.class.have_roles *roles, which_can: which_can, obj: obj if auto_definition
+        _roles_assignment(roles, save)
       end
 
-      alias is        becomes_a
-      alias is_a_role becomes_a
-      alias is_roles  becomes_a
-      alias has_role  becomes_a
-      alias has_roles becomes_a
-      alias role_is   becomes_a
-      alias roles_are becomes_a
+      %i[ is is_a is_a_role is_roles has_role has_roles role_is role_are ].each { |aname| alias_method aname, :becomes_a }
 
-      def temporarily_is *roles, **options
+      def is_a_temporary *roles, **options
         becomes_a *roles, save: false, **options
       end
 
-      alias locally_is temporarily_is
+      def falls_from *roles, saved: true
+        _roles_assignment(:cancel, roles, saved)
+      end
+
+      %i[ is_not_a will_not_be removes_role leaves has_not_role has_not_roles ].each { |aname| alias_method aname, :falls_from }
 
-      def falls_from *roles, saved: i_am_i_can.default_save
-        failed_items = [ ]
+      def is_not_a_temporary *roles
+        falls_from *roles, saved: false
+      end
 
-        roles.each do |role|
-          if saved
-            failed_items << role unless stored_roles_rmv(role)
-          else
-            next failed_items << role unless role.in?(defined_roles.keys)
-            local_role_names.delete(role)
-          end
+      def _roles_assignment(action = :assignment, roles, save)
+        instances, names = Role.extract(roles, i_am_i_can)
+        if save
+          assignment = _stored_roles_exec(action, instances, name: names)
+        else
+          to_be_assigned_names = (instances.map(&:name).map(&:to_sym) + names).uniq
+          assignment = _temporary_roles_exec(action, to_be_assigned_names)
         end
 
-        _role_assignment_result(roles, failed_items)
+        ResultOf.role assignment, i_am_i_can, given: [instances, names]
       end
-
-      alias is_not_a      falls_from
-      alias will_not_be   falls_from
-      alias removes_role  falls_from
-      alias leaves        falls_from
-      alias has_not_role  falls_from
-      alias has_not_roles falls_from
     end
   end
 end