ktopping_acl9 0.12.0

data/lib/acl9/model_extensions/for_object.rb

@@ -0,0 +1,59 @@
+module Acl9
+  module ModelExtensions
+    module ForObject
+      ##
+      # Role check.
+      #
+      # @return [Boolean] Returns true if +subject+ has a role +role_name+ on this object.
+      #
+      # @param [Symbol,String] role_name Role name
+      # @param [Subject] subject Subject to add role for
+      # @see Acl9::ModelExtensions::Subject#has_role?
+      def accepts_role?(role_name, subject)
+        subject.has_role? role_name, self
+      end
+
+      ##
+      # Add role on the object to specified subject.
+      #
+      # @param [Symbol,String] role_name Role name
+      # @param [Subject] subject Subject to add role for
+      # @see Acl9::ModelExtensions::Subject#has_role!
+      def accepts_role!(role_name, subject)
+        subject.has_role! role_name, self
+      end
+
+      ##
+      # Free specified subject of a role on this object.
+      #
+      # @param [Symbol,String] role_name Role name
+      # @param [Subject] subject Subject to remove role from
+      # @see Acl9::ModelExtensions::Subject#has_no_role!
+      def accepts_no_role!(role_name, subject)
+        subject.has_no_role! role_name, self
+      end
+
+      ##
+      # Are there any roles for the specified +subject+ on this object?
+      #
+      # @param [Subject] subject Subject to query roles
+      # @return [Boolean] Returns true if +subject+ has any roles on this object.
+      # @see Acl9::ModelExtensions::Subject#has_roles_for?
+      def accepts_roles_by?(subject)
+        subject.has_roles_for? self
+      end
+
+      alias :accepts_role_by? :accepts_roles_by?
+
+      ##
+      # Which roles does +subject+ have on this object?
+      #
+      # @return [Array<Role>] Role instances, associated both with +subject+ and +object+
+      # @param [Subject] subject Subject to query roles
+      # @see Acl9::ModelExtensions::Subject#roles_for
+      def accepted_roles_by(subject)
+        subject.roles_for self
+      end
+    end
+  end
+end

data/lib/acl9/model_extensions/for_subject.rb

@@ -0,0 +1,184 @@
+module Acl9
+  module ModelExtensions
+    module ForSubject
+      ##
+      # Role check.
+      #
+      # There is a global option, +Acl9.config[:protect_global_roles]+, which governs
+      # this method behavior.
+      #
+      # If protect_global_roles is +false+, an object role is automatically counted
+      # as global role. E.g.
+      #
+      #   Acl9.config[:protect_global_roles] = false
+      #   user.has_role!(:manager, @foo)
+      #   user.has_role?(:manager, @foo)  # => true
+      #   user.has_role?(:manager)        # => true
+      #
+      # In this case manager is anyone who "manages" at least one object.
+      #
+      # However, if protect_global_roles option set to +true+, you'll need to 
+      # explicitly grant global role with same name.
+      #
+      #   Acl9.config[:protect_global_roles] = true
+      #   user.has_role!(:manager, @foo)
+      #   user.has_role?(:manager)        # => false
+      #   user.has_role!(:manager)
+      #   user.has_role?(:manager)        # => true
+      #
+      # protect_global_roles option is +false+ by default as for now, but this 
+      # may change in future!
+      #
+      # @return [Boolean] Whether +self+ has a role +role_name+ on +object+.
+      # @param [Symbol,String] role_name Role name
+      # @param [Object] object Object to query a role on
+      #
+      # @see Acl9::ModelExtensions::Object#accepts_role?
+      def has_role?(role_name, object = nil)
+        !! if object.nil? && !::Acl9.config[:protect_global_roles]
+          self.role_objects.find_by_name(role_name.to_s) ||
+          self.role_objects.member?(get_role(role_name, nil))
+        else
+          role = get_role(role_name, object)
+          role && self.role_objects.exists?(role.id)
+        end
+      end
+
+      ##
+      # Add specified role on +object+ to +self+.
+      #
+      # @param [Symbol,String] role_name Role name
+      # @param [Object] object Object to add a role for
+      # @see Acl9::ModelExtensions::Object#accepts_role!
+      def has_role!(role_name, object = nil)
+        role = get_role(role_name, object)
+
+        if role.nil?
+          role_attrs = case object
+                       when Class then { :authorizable_type => object.to_s }
+                       when nil   then {}
+                       else            { :authorizable => object }
+                       end.merge(      { :name => role_name.to_s })
+
+          role = self._auth_role_class.create(role_attrs)
+        end
+
+        self.role_objects << role if role && !self.role_objects.exists?(role.id)
+      end
+
+      ##
+      # Free +self+ from a specified role on +object+.
+      #
+      # @param [Symbol,String] role_name Role name
+      # @param [Object] object Object to remove a role on
+      # @see Acl9::ModelExtensions::Object#accepts_no_role!
+      def has_no_role!(role_name, object = nil)
+        delete_role(get_role(role_name, object))
+      end
+
+      ##
+      # Are there any roles for +self+ on +object+?
+      #
+      # @param [Object] object Object to query roles
+      # @return [Boolean] Returns true if +self+ has any roles on +object+.
+      # @see Acl9::ModelExtensions::Object#accepts_roles_by?
+      def has_roles_for?(object)
+        !!self.role_objects.detect(&role_selecting_lambda(object))
+      end
+
+      alias :has_role_for? :has_roles_for?
+
+      ##
+      # Which roles does +self+ have on +object+?
+      #
+      # @return [Array<Role>] Role instances, associated both with +self+ and +object+
+      # @param [Object] object Object to query roles
+      # @see Acl9::ModelExtensions::Object#accepted_roles_by
+      # @example
+      #   user = User.find(...)
+      #   product = Product.find(...)
+      #
+      #   user.roles_for(product).map(&:name).sort  #=> role names in alphabetical order
+      def roles_for(object)
+        self.role_objects.select(&role_selecting_lambda(object))
+      end
+
+      ##
+      # Unassign any roles on +object+ from +self+.
+      #
+      # @param [Object,nil] object Object to unassign roles for. +nil+ means unassign global roles.
+      def has_no_roles_for!(object = nil)
+        roles_for(object).each { |role| delete_role(role) }
+      end
+
+      ##
+      # Unassign all roles from +self+.
+      def has_no_roles!
+        # for some reason simple
+        #
+        #   self.roles.each { |role| delete_role(role) }
+        #
+        # doesn't work. seems like a bug in ActiveRecord
+        self.role_objects.map(&:id).each do |role_id|
+          delete_role self._auth_role_class.find(role_id)
+        end
+      end
+
+      private
+
+      def role_selecting_lambda(object)
+        case object
+        when Class
+          lambda { |role| role.authorizable_type == object.to_s }
+        when nil
+          lambda { |role| role.authorizable.nil? }
+        else
+          lambda do |role|
+            role.authorizable_type == object.class.base_class.to_s && role.authorizable == object
+          end
+        end
+      end
+
+      def get_role(role_name, object)
+        role_name = role_name.to_s
+
+        cond = case object
+               when Class
+                 [ 'name = ? and authorizable_type = ? and authorizable_id IS NULL', role_name, object.to_s ]
+               when nil
+                 [ 'name = ? and authorizable_type IS NULL and authorizable_id IS NULL', role_name ]
+               else
+                 [
+                   'name = ? and authorizable_type = ? and authorizable_id = ?',
+                   role_name, object.class.base_class.to_s, object.id
+                 ]
+               end
+
+        self._auth_role_class.first :conditions => cond
+      end
+
+      def delete_role(role)
+        if role
+          self.role_objects.delete role
+
+          role.destroy if role.send(self._auth_subject_class_name.demodulize.tableize).empty?
+        end
+      end
+      
+      protected
+
+      def _auth_role_class
+        self.class._auth_role_class_name.constantize
+      end
+      
+      def _auth_role_assoc
+      	self.class._auth_role_assoc_name
+      end
+
+      def role_objects
+      	send(self._auth_role_assoc)
+      end
+
+    end
+  end
+end

data/lib/acl9/model_extensions.rb

@@ -0,0 +1,139 @@
+require File.join(File.dirname(__FILE__), 'model_extensions', 'for_subject')
+require File.join(File.dirname(__FILE__), 'model_extensions', 'for_object')
+
+module Acl9
+  module ModelExtensions  #:nodoc:
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      # Add #has_role? and other role methods to the class.
+      # Makes a class a auth. subject class.
+      #
+      # @param [Hash] options the options for tuning
+      # @option options [String] :role_class_name (Acl9::config[:default_role_class_name])
+      #                           Class name of the role class (e.g. 'AccountRole')
+      # @option options [String] :join_table_name (Acl9::config[:default_join_table_name])
+      #                           Join table name (e.g. 'accounts_account_roles')
+      # @option options [String] :association_name (Acl9::config[:default_association_name])
+      #                           Association name (e.g. ':roles')
+      # @example
+      #   class User < ActiveRecord::Base
+      #     acts_as_authorization_subject
+      #   end
+      #
+      #   user = User.new
+      #   user.roles             #=> returns Role objects, associated with the user
+      #   user.has_role!(...)
+      #   user.has_no_role!(...)
+      #
+      #   # other functions from Acl9::ModelExtensions::Subject are made available
+      #
+      # @see Acl9::ModelExtensions::Subject
+      #
+      def acts_as_authorization_subject(options = {})
+      	assoc = options[:association_name] || Acl9::config[:default_association_name]
+        role = options[:role_class_name] || Acl9::config[:default_role_class_name]
+        join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] ||
+                    join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(role))
+
+        has_and_belongs_to_many assoc, :class_name => role, :join_table => join_table
+
+        cattr_accessor :_auth_role_class_name, :_auth_subject_class_name,
+                       :_auth_role_assoc_name
+
+        self._auth_role_class_name = role
+        self._auth_subject_class_name = self.to_s
+        self._auth_role_assoc_name = assoc
+
+        include Acl9::ModelExtensions::ForSubject
+      end
+
+      # Add role query and set methods to the class (making it an auth object class).
+      #
+      # @param [Hash] options the options for tuning
+      # @option options [String] :subject_class_name (Acl9::config[:default_subject_class_name])
+      #                          Subject class name (e.g. 'User', or 'Account)
+      # @option options [String] :role_class_name (Acl9::config[:default_role_class_name])
+      #                          Role class name (e.g. 'AccountRole')
+      # @example
+      #   class Product < ActiveRecord::Base
+      #     acts_as_authorization_object
+      #   end
+      #
+      #   product = Product.new
+      #   product.accepted_roles #=> returns Role objects, associated with the product
+      #   product.users          #=> returns User objects, associated with the product
+      #   product.accepts_role!(...)
+      #   product.accepts_no_role!(...)
+      #   # other functions from Acl9::ModelExtensions::Object are made available
+      #
+      # @see Acl9::ModelExtensions::Object
+      #
+      def acts_as_authorization_object(options = {})
+        subject = options[:subject_class_name] || Acl9::config[:default_subject_class_name]
+        subj_table = subject.constantize.table_name
+        subj_col = subject.underscore
+
+        role       = options[:role_class_name] || Acl9::config[:default_role_class_name]
+        role_table = role.constantize.table_name
+
+        sql_tables = <<-EOS
+          FROM #{subj_table}
+          INNER JOIN #{role_table}_#{subj_table} ON #{subj_col}_id = #{subj_table}.id
+          INNER JOIN #{role_table}               ON #{role_table}.id = #{role.underscore}_id
+        EOS
+
+        sql_where = <<-'EOS'
+          WHERE authorizable_type = '#{self.class.base_class.to_s}'
+          AND authorizable_id = #{column_for_attribute(self.class.primary_key).text? ? "'#{id}'": id}
+        EOS
+
+        has_many :accepted_roles, :as => :authorizable, :class_name => role, :dependent => :destroy
+
+        has_many :"#{subj_table}",
+          :finder_sql  => ("SELECT DISTINCT #{subj_table}.*" + sql_tables + sql_where),
+          :counter_sql => ("SELECT COUNT(DISTINCT #{subj_table}.id)" + sql_tables + sql_where),
+          :readonly => true
+
+        include Acl9::ModelExtensions::ForObject
+      end
+
+      # Make a class an auth role class.
+      #
+      # You'll probably never create or use objects of this class directly.
+      # Various auth. subject and object methods will do that for you
+      # internally.
+      #
+      # @param [Hash] options the options for tuning
+      # @option options [String] :subject_class_name (Acl9::config[:default_subject_class_name])
+      #                          Subject class name (e.g. 'User', or 'Account)
+      # @option options [String] :join_table_name (Acl9::config[:default_join_table_name])
+      #                           Join table name (e.g. 'accounts_account_roles')
+      #
+      # @example
+      #   class Role < ActiveRecord::Base
+      #     acts_as_authorization_role
+      #   end
+      #
+      # @see Acl9::ModelExtensions::Subject#has_role!
+      # @see Acl9::ModelExtensions::Subject#has_role?
+      # @see Acl9::ModelExtensions::Subject#has_no_role!
+      # @see Acl9::ModelExtensions::Object#accepts_role!
+      # @see Acl9::ModelExtensions::Object#accepts_role?
+      # @see Acl9::ModelExtensions::Object#accepts_no_role!
+      def acts_as_authorization_role(options = {})
+        subject = options[:subject_class_name] || Acl9::config[:default_subject_class_name]
+        join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] ||
+                     join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(subject))
+
+        has_and_belongs_to_many subject.demodulize.tableize.to_sym,
+          :class_name => subject,
+          :join_table => join_table
+
+        belongs_to :authorizable, :polymorphic => true
+      end
+    end
+  end
+end

data/lib/acl9.rb

@@ -0,0 +1,16 @@
+require File.join(File.dirname(__FILE__), 'acl9', 'config')
+
+if defined? ActiveRecord::Base
+  require File.join(File.dirname(__FILE__), 'acl9', 'model_extensions')
+
+  ActiveRecord::Base.send(:include, Acl9::ModelExtensions)
+end
+
+
+if defined? ActionController::Base
+  require File.join(File.dirname(__FILE__), 'acl9', 'controller_extensions')
+  require File.join(File.dirname(__FILE__), 'acl9', 'helpers')
+
+  ActionController::Base.send(:include, Acl9::ControllerExtensions)
+  Acl9Helpers = Acl9::Helpers unless defined?(Acl9Helpers)
+end