ixtlan-user-management 0.2.0 → 0.3.1

data/lib/ixtlan/user_management/dummy_authentication.rb

@@ -58,13 +58,13 @@ module Ixtlan
       end
 
       def group_for( model, login )
-        model.new('name' => login.sub( /\[.*/, '' ) )
+        model.new('name' => login.sub( /\[.*/, '' ), 'associations'=> split( login ) )
       end
 
       def split( login )
-        login.sub( /.*\[/ , '' ).sub( /\].*/, '' ).split( /,/ )
+        login.sub( /.*\[/ , '' ).sub( /\].*/, '' ).split( /,/ ) if login.match /.+\[/
       end
 
     end
   end
-end
+end

data/lib/ixtlan/user_management/group_model.rb

@@ -25,7 +25,7 @@ module Ixtlan
       include Virtus
 
       attribute :name, String
-      attribute :associations, Array[Object]
+      attribute :associations, Array[Object], :default => nil
     end
   end
-end
+end

data/lib/ixtlan/user_management/guard.rb

@@ -29,32 +29,58 @@ module Ixtlan
         :delete => 'delete'
       }
 
-      def allow?( resource ,method, association = nil )
-        perm = permissions( resource )
-        (perm.associations.empty? || 
-          perm.associations.include?( association.to_s ) ) && 
-          perm.allow?( METHODS[ method ] ) #TODO, associations )
+      def allow?( resource, method, association = nil )
+        perms = permissions[ resource ] || []
+        perms.one? do |perm|
+          ( perm.associations.nil? || 
+            perm.associations.include?( association.to_s ) ) && 
+          perm.allow?( METHODS[ method ], association )
+        end
       end
 
-      def associations( resource, method )
-        perm = permissions( resource )
-        unless perm.associations.empty?
-          perm.associations
+      def associations( resource, method = nil )
+        perms = permissions[ resource ] || []
+        asso = perms.select { |perm| perm.associations }
+        if asso.empty?
+          nil
+        else
+          asso.collect{ |perm| perm.associations }.flatten
         end
         # TODO method 
       end
       
+      def check_parent( resource, parent_resource )
+        perms = permissions[ resource ]
+        if perms
+          perms.each do |perm|
+            if perm.parent && perm.parent.resource != parent_resource
+              raise 'parent resource is not guarded'
+            end
+          end
+        end
+      end
+
       def all_permissions
-        @permissions.values
+        permissions.values.flatten.select { |pp| pp.parent.nil? }
       end
 
-      def permissions( resource )
+      def permissions
         @permissions ||= {}
-        @permissions[ resource ] ||= Permission.new( :resource => resource )
+      end
+
+      def permissions_new( resource )
+        pp = Permission.new( :resource => resource )
+        ( permissions[ resource ] ||= [] ) << pp
+        pp
       end
       
-      def permission( resource, *associations, &block ) 
-        current = permissions( resource )
+      def permission_for( resource, *associations, &block ) 
+        current = permissions_new( resource )
+	associations.flatten!
+        if associations.first.is_a? Permission
+          current.parent = associations.first
+          associations = associations[ 1..-1 ]
+        end
         current.associations = associations unless associations.empty?
         block.call current if block
         current

data/lib/ixtlan/user_management/permission_model.rb

@@ -26,7 +26,7 @@ module Ixtlan
       
       attribute :verb, String
       attribute :name, String
-#      attribute :associations, Array[String]
+      attribute :associations, Array[String], :default => nil
     end
     class Permission   
       include Virtus
@@ -36,40 +36,77 @@ module Ixtlan
                   :allow_update, 
                   :allow_delete ]
       
+      attribute :parent, Permission
+      attribute :children, Array[Permission]
       attribute :resource, String
       attribute :actions, Array[Action], :default => []
       attribute :allow, Boolean, :default => true
-      attribute :associations, Array[String]
-      
-      def allow?( method )#TODO, association = nil )
+      attribute :associations, Array[String], :default => nil
+     
+      def parent=( pt )
+        super
+        if pt
+          pt.children << self
+        elsif parent
+          parent.children.delete self
+        end
+      end
+
+      def allow?( method, association = nil )
         action = self.actions.detect { |a| a.name == method }
         if self.allow 
-          ! action.nil? #TODO && ( associations.nil || action.associations.include?( association ) )
+          action != nil && ( action.associations.nil? || action.associations.include?( association ) )
         else
           action.nil? #TODO associations
         end
       end
 
-      def allow_all
+      def allow_all( *associations )
         self.allow = false
         self.actions.clear
+        set_asso( self, *associations )
+        self
       end
 
+      def set_asso( obj, *associations )
+        case associations.first
+        when NilClass
+          # leave default
+        when Array
+          # assume empty
+          obj.associations = associations.flatten
+        else
+          obj.associations = associations
+        end
+      end
+      
       def deny_all
         self.allow = true
         self.actions.clear
+        self
       end
 
       def allow_mutate( *associations )
         allow_retrieve( *associations )
         allow_create( *associations )
         allow_update( *associations )
+        self
       end
       
       def method_missing( method, *args )
         if METHODS.include?( method )
-          actions << Action.new( :name => method.to_s.sub( /allow_/, '' ),
-                                 :associations => args )
+          a = Action.new( :name => method.to_s.sub( /allow_/, '' ) )
+          set_asso( a, *args )
+          self.actions << a
+          self
+        elsif METHODS.include?( method.to_s.sub( /_verb$/, '' ).to_sym )
+          verb = args.first
+          args = args[ 1..-1 ]
+          a = Action.new( :name => method.to_s.gsub( /allow_|_verb/, '' ),
+                          :verb => verb )
+          set_asso( a, *args )
+          self.actions << a
+          self
         else
           super
         end

data/lib/ixtlan/user_management/session_serializer.rb

@@ -25,19 +25,22 @@ module Ixtlan
 
       root 'session'
 
-      add_context( :single,
-                   :only => [],
-                   :methods => [:idle_session_timeout ],
-                   :include => { 
-                     :user => {
-                       :only => [],
-                       :methods => [ :id, :login, :name ]
-                     },
-                     :permissions => {
-                       :include => [ :actions, :associations ]
-                     }
-                   } )
-      
+      PERM = [ :resource, 
+               :allow, 
+               :associations ]
+      ACTION = only( :name,
+                     :verb,
+                     :associations )
+
+      add_context( :single ) do
+        only( :idle_session_timeout,
+              :user => only( :id, :login, :name ),
+              :permissions => only( PERM,
+                                    :actions => ACTION,
+                                    :children => only( PERM,
+                                                       :actions => ACTION ) ) )
+                                    
+      end
     end
   end
 end

data/lib/ixtlan/user_management/user_serializer.rb

@@ -23,15 +23,12 @@ module Ixtlan
   module UserManagement
     class UserSerializer < Ixtlan::Babel::Serializer
 
-      add_context(:session,
-                  :only => [],
-                  :methods => [:login, :name],
-                  :include=> { 
-                    :groups => {
-                      :only => [],
-                      :methods => [:name]
-                    }
-                  })
+      add_context( :session ) do
+        only( :login, 
+              :name,
+              :groups => only( :name,
+                               :associations ) )
+      end
     end
   end
 end

data/spec/guard_spec.rb

@@ -22,7 +22,7 @@ describe Ixtlan::UserManagement::Guard do
 
   before do
     %w( audits errors configuration ).each do |resource|
-      subject.permission( resource ).deny_all
+      subject.permission_for( resource ).deny_all
     end
   end
 
@@ -79,7 +79,7 @@ describe Ixtlan::UserManagement::Guard do
         %w( audits errors configuration ).each do |resource|
           [ 'domain', nil ].each do |asso|
             expected = Ixtlan::UserManagement::Guard::METHODS[ m ] 
-            subject.allow?( resource, m, asso ).must_equal (expected == meth)
+            subject.allow?( resource, m, asso ).must_equal(expected == meth)
           end
         end
       end
@@ -90,8 +90,27 @@ describe Ixtlan::UserManagement::Guard do
         p.send method
         p.associations = [ 'domain', 'nodomain' ]
       end
-    
+
+      [ :get, :post, :put, :delete ].each do |m|
+        %w( audits errors configuration ).each do |resource|
+          [ 'something', nil ].each do |asso|
+            subject.allow?( resource, m, asso ).must_equal false
+          end
+        end
+      end
       meth = method.to_s.sub( /allow_/, '' )
+      [ :get, :post, :put, :delete ].each do |m|
+        %w( audits errors configuration ).each do |resource|
+          expected = Ixtlan::UserManagement::Guard::METHODS[ m ] 
+          subject.allow?( resource, m, 'domain' ).must_equal(expected == meth)
+        end
+      end
+    end
+    it "#{method.to_s.sub( /_/, 's ')} with action with associations" do
+      subject.all_permissions.each do |p| 
+        p.send method, 'domain', 'nodomain'
+      end
+
       [ :get, :post, :put, :delete ].each do |m|
         %w( audits errors configuration ).each do |resource|
           [ 'something', nil ].each do |asso|
@@ -99,10 +118,11 @@ describe Ixtlan::UserManagement::Guard do
           end
         end
       end
+      meth = method.to_s.sub( /allow_/, '' )
       [ :get, :post, :put, :delete ].each do |m|
         %w( audits errors configuration ).each do |resource|
           expected = Ixtlan::UserManagement::Guard::METHODS[ m ] 
-          subject.allow?( resource, m, 'domain' ).must_equal (expected == meth)
+          subject.allow?( resource, m, 'domain' ).must_equal(expected == meth)
         end
       end
     end

data/spec/session_manager_spec.rb

@@ -25,8 +25,8 @@ describe Ixtlan::UserManagement::SessionManager do
     expected = {
       "login"=>"root",
       "name"=>"Root",
-      "groups"=>[{"name"=>"root"},
-                 {"name"=>"admin"}]
+      "groups"=>[{"name"=>"root", "associations"=>nil},
+                 {"name"=>"admin", "associations"=>nil}]
     }
 
     data = subject.to_session( user )

data/spec/session_serializer_spec.rb

@@ -43,9 +43,57 @@ describe Ixtlan::UserManagement::Session do
     result.must_equal expected
   end
 
+  it 'serializes with associations' do
+    guard.permission_for( 'audits' ).allow_all( 12,123 )
+
+    subject.permissions = guard.all_permissions
+
+    expected = {
+      "session"=>{"idle_session_timeout"=>30,
+        "user"=>{
+          "id"=>1,
+          "login"=>"root",
+          "name"=>"Root"
+        },
+        "permissions"=>[{ "children" => [],
+                          "resource"=>"audits",
+                          "actions"=>[],
+                          "allow"=>false,
+                          "associations"=>["12", "123"]}]
+      }
+    }    
+    result = factory.new_serializer( subject ).to_hash
+    result.must_equal expected
+  end
+
+  it 'serializes with empty associations' do
+    guard.permission_for( 'audits' ).allow_retrieve( [] )
+
+    subject.permissions = guard.all_permissions
+
+    expected = {
+      "session"=>{"idle_session_timeout"=>30,
+        "user"=>{
+          "id"=>1,
+          "login"=>"root",
+          "name"=>"Root"
+        },
+        "permissions"=>[{ "children" => [],
+                          "resource"=>"audits",
+                          "actions"=>[{ "verb"=>nil, 
+                                        "name"=>"retrieve",
+                                        "associations"=>[] }],
+                          "allow"=>true,
+                          "associations"=>nil}]
+      }
+    }    
+    result = factory.new_serializer( subject ).to_hash
+    result.must_equal expected
+  end
+
   it 'serializes with root permissions' do
     %w( audits errors configuration ).each do |resource|
-      guard.permission( resource ).allow_all
+      guard.permission_for( resource ).allow_all
     end
 
     subject.permissions = guard.all_permissions
@@ -57,18 +105,21 @@ describe Ixtlan::UserManagement::Session do
           "login"=>"root",
           "name"=>"Root"
         },
-        "permissions"=>[{"resource"=>"audits",
+        "permissions"=>[{ "children" => [],
+                          "resource"=>"audits",
                           "actions"=>[],
                           "allow"=>false,
-                          "associations"=>[]},
-                        {"resource"=>"errors",
+                          "associations"=>nil},
+                        { "children" => [],
+                          "resource"=>"errors",
                           "actions"=>[],
                           "allow"=>false,
-                          "associations"=>[]},
-                        {"resource"=>"configuration",
+                          "associations"=>nil},
+                        { "children" => [],
+                          "resource"=>"configuration",
                           "actions"=>[],
                           "allow"=>false,
-                          "associations"=>[]}
+                          "associations"=>nil}
                        ]
       }
     }
@@ -77,10 +128,10 @@ describe Ixtlan::UserManagement::Session do
   end
 
   it 'serializes with some permissions' do
-    guard.permission( 'audits' ).allow_retrieve
-    guard.permission( 'errors' ).allow_create
-    guard.permission( 'configuration' ).allow_update
-    guard.permission( 'users' ).allow_delete
+    guard.permission_for( 'audits' ).allow_retrieve
+    guard.permission_for( 'errors' ).allow_create
+    guard.permission_for( 'configuration' ).allow_update
+    guard.permission_for( 'users' ).allow_delete
 
     subject.permissions = guard.all_permissions
 
@@ -91,26 +142,34 @@ describe Ixtlan::UserManagement::Session do
           "login"=>"root",
           "name"=>"Root"
         },
-        "permissions"=>[{"resource"=>"audits",
-                          "actions"=>[{"verb"=>nil,
-                                        "name"=>"retrieve"}],
+        "permissions"=>[{ "children" => [],
+                          "resource"=>"audits",
+                          "actions"=>[{ "verb" => nil,
+                                        "name"=>"retrieve",
+                                        "associations"=>nil}],
                           "allow"=>true,
-                          "associations"=>[]},
-                        {"resource"=>"errors",
-                          "actions"=>[{"verb"=>nil,
-                                        "name"=>"create"}],
+                          "associations"=>nil},
+                        { "children" => [],
+                          "resource"=>"errors",
+                          "actions"=>[{ "verb" => nil,
+                                        "name"=>"create",
+                                        "associations"=>nil}],
                           "allow"=>true,
-                          "associations"=>[]},
-                        {"resource"=>"configuration",
-                          "actions"=>[{"verb"=>nil,
-                                        "name"=>"update"}],
+                          "associations"=>nil},
+                        { "children" => [],
+                          "resource"=>"configuration",
+                          "actions"=>[{ "verb" => nil,
+                                        "name"=>"update",
+                                        "associations"=>nil}],
                           "allow"=>true,
-                          "associations"=>[]},
-                        {"resource"=>"users",
-                          "actions"=>[{"verb"=>nil,
-                                        "name"=>"delete"}],
+                          "associations"=>nil},
+                        { "children" => [],
+                          "resource"=>"users",
+                          "actions"=>[{ "verb" => nil,
+                                        "name"=>"delete",
+                                        "associations"=>nil}],
                           "allow"=>true,
-                          "associations"=>[]}
+                          "associations"=>nil}
                        ]
       }
     }
@@ -119,8 +178,8 @@ describe Ixtlan::UserManagement::Session do
   end
 
   it 'serializes permissions with assoications' do
-    guard.permission( 'audits', 'domain' ).allow_mutate
-    guard.permission( 'users', 'nodomain', 'domain' ).allow_delete
+    guard.permission_for( 'audits', 'domain' ).allow_mutate
+    guard.permission_for( 'users', 'nodomain', 'domain' ).allow_delete
 
     subject.permissions = guard.all_permissions
 
@@ -131,18 +190,24 @@ describe Ixtlan::UserManagement::Session do
           "login"=>"root",
           "name"=>"Root"
         },
-        "permissions"=>[{"resource"=>"audits",
-                          "actions"=>[{"verb"=>nil, 
-                                        "name"=>"retrieve"},
-                                      {"verb"=>nil,
-                                        "name"=>"create"},
-                                      {"verb"=>nil,
-                                        "name"=>"update"}],
+        "permissions"=>[{ "children" => [],
+                          "resource"=>"audits",
+                          "actions"=>[{ "verb" => nil,
+                                        "name"=>"retrieve",
+                                        "associations"=>nil},
+                                      { "verb" => nil,
+                                        "name"=>"create",
+                                        "associations"=>nil},
+                                      { "verb" => nil,
+                                        "name"=>"update",
+                                        "associations"=>nil}],
                           "allow"=>true,
                           "associations"=>["domain"]},
-                        {"resource"=>"users",
-                          "actions"=>[{"verb"=>nil,
-                                        "name"=>"delete"}],
+                        { "children" => [],
+                          "resource"=>"users",
+                          "actions"=>[{ "verb" => nil,
+                                        "name"=>"delete",
+                                        "associations"=>nil}],
                           "allow"=>true,
                           "associations"=>["nodomain", "domain"]}
                        ]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ixtlan-user-management
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.1
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-10-03 00:00:00.000000000 Z
+date: 2013-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -219,6 +219,22 @@ dependencies:
     none: false
   prerelease: false
   type: :development
+- !ruby/object:Gem::Dependency
+  name: ixtlan-babel
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+    none: false
+  prerelease: false
+  type: :development
 - !ruby/object:Gem::Dependency
   name: json
   version_requirements: !ruby/object:Gem::Requirement