kantox-roles 1.2.1

data/lib/rails/generators/kantox/pundit_policy_generator.rb

@@ -0,0 +1,234 @@
+module Kantox
+
+  # FMI: built-ins (fuck Thor, it’s so crypting)
+  #      — *class_name* Todo
+  #      — *plural_name* todos
+  #      — *file_name* todo
+  class PunditPolicyGenerator < Rails::Generators::NamedBase
+    desc 'Creates new pundit policy in app/policies and specs for it'
+    source_root File.expand_path('../templates', __FILE__)
+
+    class_option :users, type: 'array', default: ['Administrator'], aliases: '-u',
+                         desc: 'Select users allowed to this controller.'
+
+    def create_pundit_policy_file
+      invoke 'pundit:install' unless application_policy_exist?
+
+      wrn "Plural name of Model specified. Please review results carefully." if file_name == plural_name
+
+      (controller = check_controller! class_name).is_a?(Class) ?
+        nfo("Controller #{controller} to guard found successfully") :
+        err("Could not find the controller to create policy for (input: «#{class_name}»).")
+
+      (allowed = check_allowed! options['users']).is_a?(String) ?
+        err("Wrong user classes specified: #{allowed}.") :
+        nfo("Allowed users would be: #{allowed}")
+
+      methods = controller.instance_methods(false).reject do |im|
+        im.to_s =~ /\A∃|\A_callback_|\W\z/
+      end
+      scs "Everything looks fine. Will guard [#{controller}]; allow: #{allowed}; methods: #{methods}."
+
+      create_file "app/policies/#{file_name}_policy.rb",
+                  tmpl_policy(class_name, policy_methods(methods, allowed), methods, allowed)
+
+      is_controller = controller <= ApplicationController ? controller : nil
+      create_file "spec/policies/#{file_name}_policy_spec.rb",
+                  tmpl_policy_spec(
+                    class_name,
+                    spec_methods(methods, allowed),
+                    controller_code(is_controller, class_name, methods, allowed)
+                  )
+
+      yaml_methods = methods.map { |im| "  '#{im}': :pundit" }.join($/)
+      create_file "strategies/#{file_name}.yml",
+<<-FILE
+'#{controller.name}' :
+#{yaml_methods}
+FILE
+    end
+
+  protected
+
+    SYMBOLS = { scs: ['107', '✔'], nfo: ['68', '✓'], wrn: ['226', '✗'], err: ['196', '✘'] }
+    def log msg
+      raise "Do not call log directly, use [err,wrn,nfo,scs].sample, you lame programmer!" unless cllr = caller(0)[1][/`(\w+)'/, 1]
+      sym = SYMBOLS[cllr.to_sym]
+      puts "\e[01;38;05;#{sym.first}m#{sym.last} kantox:pundit_policy\e[0m: #{msg}"
+    end
+
+    def err msg
+      log "#{msg}\nAborting...\n\n"
+      exit 1
+    end
+
+    def nfo msg
+      log msg
+    end
+
+    def wrn msg
+      log msg
+    end
+
+    def scs msg
+      log msg
+    end
+
+    def application_policy_exist?
+      File.exist? "#{Rails.root}/app/policies/application_policy.rb"
+    end
+
+    # for historical reasons this is called “check_controller,” while it currently simply finds a class, not necessarily a controller
+    def check_controller! name
+      variants = ['app/controllers/admin/', 'app/controllers/', 'app/datatables/'].product([name.tableize, name.tableize.singularize]).map &:join
+      controllers = variants.map do |v|
+        next nil unless (files = Dir["#{Rails.root}/#{v}*.rb"]).size > 0
+        require files.first
+        entity = files.first[/\A#{Rails.root}\/#{v}_?(.*)\.rb\z/, 1].camelize
+        c_name = "#{'Controller' == entity ? name.pluralize : name}#{entity}"
+        Admin.const_defined?(c_name) ?
+          Admin.const_get(c_name) :
+          (Kernel.const_defined?(c_name) ? Kernel.const_get(c_name) : nil)
+      end.compact
+      wrn "Was unable to find controller by name #{name}" if controllers.empty?
+      controllers.first
+    end
+
+    def check_allowed! users
+      allowed = users.select do |u|
+        begin
+          require "#{Rails.root}/app/models/#{u.underscore}.rb"
+        rescue LoadError => e
+          wrn e
+        end
+        Kernel.const_defined? u
+      end
+
+      (disallowed = users - allowed).empty? ? allowed : disallowed.inspect
+    end
+
+    def policy_methods mthds, allowed
+      # allowed here are already checked existing classes
+      mthds.map do |im| <<-FILE
+      # Checker for #{im} method. Allows access for [#{allowed.join(',')}]
+      # @return [TrueClass|FalseClass] true to allow access, false otherwise
+      # def #{im}?
+      #   [#{allowed.join(', ')}].include? @user.class
+      # end
+FILE
+      end.join($/).strip
+    end
+
+    def spec_methods mthds, allowed
+      allowed_steps = allowed.map do |a|
+        "#     expect(subject).to permit(#{a}.new, nil)"
+      end.join("#{$/}  ")
+      mthds.map do |im| <<-FILE
+  ## Permissions for #{im} method
+  # permissions :#{im}? do
+  #  it "denies access if user is not allowed (not in [#{allowed.join(',')}])", :roles do
+  #    expect(subject).not_to permit(User.new, nil)
+  #  end
+  #
+  #  it "grants access if user is allowed (one of [#{allowed.join(',')}])", :roles do
+  #{allowed_steps}
+  #  end
+  # end
+FILE
+      end.join($/).strip
+    end
+
+    def controller_code controller, klazz, mthds, allowed
+      return '' if controller.nil? # FIXME Handle let(...) below properly and reenable!!
+
+      mthds.map do |im| <<-FILE
+# describe #{controller}, :type => :controller do
+#   include AuthorizationHelper
+#
+#   subject { Kantox::Policies::#{klazz}Policy }
+#
+#   describe :#{im} do
+#     context('#{klazz} @ #{controller}') do
+#       let(:workflow_state) { 'preapproved' }
+#       let(:profile) { create(:profile, workflow_state: workflow_state, telephone: '12345678') }
+#       let(:client)  { create(:client, roles: [Role.poster], profiles: [profile]) }
+#       before do
+#         flexmock(controller, current_user: user)
+#         get :#{im}, params(profile_id: profile.id, client_id: client.id, format: :json)
+#       end
+#
+#       users = [
+#         [#{allowed.join(', ')}],
+#         [User]
+#       ].zip [200, 403]
+#
+#       users.each do |users, code|
+#         users.each do |user|
+#           context("for \#{user.name}") do
+#             let(:user) { user.new }
+#             it { response.status.should == code }
+#           end
+#         end
+#       end
+#     end
+#   end
+# end
+FILE
+      end.join($/).strip
+    end
+
+    def tmpl_policy klazz, mthds_code, mthds, allowed
+      mthds_joined = mthds.map { |m| ":#{m}?" }.join ', '
+<<-FILE
+module Kantox
+  module Policies
+    class #{klazz}Policy < ApplicationPolicy
+      ALLOWED = lambda do |type|
+        case type
+        when :read  then [#{allowed.join(', ')}]
+        when :write then []
+        end
+      end
+      # Split methods according to roles above
+      METHODS = {
+        read:  [#{mthds_joined}],
+        write: []
+      }
+
+
+      ############################################################################
+      ### The methods below are just stubs for exotic handlers.
+      ### Uncomment those you want to behave in specific manner.
+      ############################################################################
+
+      #{mthds_code}
+    end
+  end
+end
+FILE
+    end
+
+    def tmpl_policy_spec klazz, mthds, controller_code
+<<-FILE
+require 'spec_helper'
+
+examples_for_policy Kantox::Policies::#{klazz}Policy
+
+
+############################################################################
+### The methods below are just stubs for exotic handlers.
+### Uncomment those you want to behave in specific manner.
+############################################################################
+
+# describe Kantox::Policies::#{klazz}Policy do
+
+#  subject { Kantox::Policies::#{klazz}Policy }
+
+  #{mthds}
+# end
+
+#{controller_code}
+FILE
+    end
+  end
+end

metadata

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: kantox-roles
+version: !ruby/object:Gem::Version
+  version: 1.2.1
+platform: ruby
+authors:
+- Kantox LTD
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-10-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: hashie
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: pundit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.10'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.12'
+- !ruby/object:Gem::Dependency
+  name: cucumber
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Roles Management interface for virtually every backend, mostly like OmniAuth
+  for authentication
+email:
+- aleksei.matiushkin@kantox.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- kantox-roles.gemspec
+- lib/kantox/roles.rb
+- lib/kantox/roles/helpers.rb
+- lib/kantox/roles/logger.rb
+- lib/kantox/roles/strategies/aspect.rb
+- lib/kantox/roles/strategies/cancancan.rb
+- lib/kantox/roles/strategies/pundit.rb
+- lib/kantox/roles/strategies/strategy_error.rb
+- lib/kantox/roles/strategies/wrapper.rb
+- lib/kantox/roles/version.rb
+- lib/rails/generators/kantox/policy_spec_helper.rb.tmpl
+- lib/rails/generators/kantox/pundit_policy_generator.rb
+homepage: http://kantox.com
+licenses:
+- Kantox LTD Commercial
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - "~>"
+    - !ruby/object:Gem::Version
+      version: '2.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: OmniRoles mechanism for Kantox Role Management
+test_files: []
+has_rdoc: