mongoid-canhaz 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b14c99ec3f1ee2d7aea8e1ce4dc2be7ae8976eb3
+  data.tar.gz: 951457668fb45dd765fa435164a32e19f2cc13f3
+SHA512:
+  metadata.gz: 3736d6b36da342b38b16df66c28a773d02767263b2cac73929ee4b0921f6b6f3c426d03334aee42761d1292b0e3a061bb9542729b56e5b4ad120d2076c349d51
+  data.tar.gz: 6ea2aef048c3763c81be5e44a951328365488f8aa5481b54eb332f1303e4eeb35944c3a1aa9630e57b7f5098c61a8f4f7cb9da1faa8008756cec1f2400f4ca6e

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+coverage
+InstalledFiles
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+
+# YARD artifacts
+.yardoc
+_yardoc
+doc/
+*.swp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in mongoid-canhaz.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,32 @@
+PATH
+  remote: .
+  specs:
+    mongoid-canhaz (0.0.1)
+      mongoid (>= 2.2.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (3.2.12)
+      activesupport (= 3.2.12)
+      builder (~> 3.0.0)
+    activesupport (3.2.12)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    builder (3.0.4)
+    i18n (0.6.4)
+    mongoid (3.1.2)
+      activemodel (~> 3.2)
+      moped (~> 1.4.2)
+      origin (~> 1.0)
+      tzinfo (~> 0.3.22)
+    moped (1.4.3)
+    multi_json (1.7.2)
+    origin (1.0.11)
+    tzinfo (0.3.37)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  mongoid-canhaz!

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Intrepidd
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,81 @@
+mongoid-canhaz
+====================
+
+A mongoid port of the permissions gem for active record : rails-canhaz
+
+This gem is a simple mongoid extention that allows any application using mongoid to manage permissions based roles.
+
+## Installation
+
+Standard gem installation :
+
+```
+gem install mongoid-canhaz
+```
+
+Or in your Gemfile if you use bundler
+
+```ruby
+gem 'mongoid-canhaz'
+```
+
+## How to use it ?
+
+The mongoid-canhaz gem defines two static functions for mongoid documents which allow them to act as a subject or an object.
+
+In order to use these functions, you need to include ``Canhaz::Mongoid::Document`` inside your class.
+
+A subject has roles on objects.
+
+Here is an example
+
+```ruby
+class User
+  include Mongoid::Document
+  include Canhaz::Mongoid::Document
+
+  acts_as_canhaz_subject
+end
+
+class Article
+  include Mongoid::Document
+  include Canhaz::Mongoid::Document
+
+  acts_as_canhaz_object
+end
+```
+
+Now our models are marked as canhaz subjects and objects, we have access to some handy functions :
+
+
+```ruby
+user = User.first
+article = Article.first
+
+user.can?(:read, article) # Can the user read this article? false for now
+
+user.can!(:read, article) # Ok, so the user can read this article
+user.can!(:edit, article) # He can edit it as well
+
+user.can?(:read, article) # Will be true
+
+user.objects_with_permission(Article, :read) # Will return all the articles w/ read permissions for this user
+
+article.subjects_with_permission(User, :read) # Will return all the users hat are able to read this article
+
+#You can also remove permissions
+
+user.cannot!(:read, article)
+
+# global permissions :
+
+user.can?(:haz_cheezburgers) # false
+
+user.can!(:haz_cheezburgers)
+
+user.can?(:haz_cheezburgers) # true
+
+```
+
+## Changelog
+* 1.0.0 : First release

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/lib/mongoid-canhaz.rb

@@ -0,0 +1,14 @@
+require "mongoid-canhaz/version"
+require "mongoid-canhaz/model_extentions"
+
+module Canhaz
+  module Mongoid
+    module Document
+
+      def self.included(base)
+        base.send(:include, Canhaz::Mongoid::ModelExtensions)
+      end
+
+    end
+  end
+end

data/lib/mongoid-canhaz/exceptions.rb

@@ -0,0 +1,9 @@
+module Canhaz
+  module Mongoid
+    module Exceptions
+      class NotACanHazSubject < StandardError; end
+      class NotACanHazObject < StandardError; end
+      class NullPermission < StandardError ; end
+    end
+  end
+end

data/lib/mongoid-canhaz/model_extentions.rb

@@ -0,0 +1,47 @@
+require 'mongoid-canhaz/permission'
+require 'mongoid-canhaz/object_extensions'
+require 'mongoid-canhaz/subject_extensions'
+
+module Canhaz
+  module Mongoid
+
+    module ModelExtensions
+
+      def self.included(base)
+        base.send(:extend, ClassMethods)
+      end
+
+      def canhaz_object?
+        false
+      end
+
+      def canhaz_subject?
+        false
+      end
+
+      module ClassMethods
+
+        ##
+        # Marks the current model as a canhaz object for authorizations
+        #
+        def acts_as_canhaz_subject
+          include Canhaz::Mongoid::SubjectExtensions
+          has_many :permissions, :class_name => 'Canhaz::Mongoid::Permission', :inverse_of => 'csubject'
+        end
+
+        ##
+        # Marks the current model as a canhaz subject for authorizations
+        #
+        def acts_as_canhaz_object
+          include Canhaz::Mongoid::ObjectExtensions
+          class_eval do
+            has_many :permissions_subjects, :class_name => 'Canhaz::Mongoid::Permission', :inverse_of => 'cobject'
+          end
+        end
+
+      end
+
+    end
+
+  end
+end

data/lib/mongoid-canhaz/object_extensions.rb

@@ -0,0 +1,21 @@
+module Canhaz
+  module Mongoid
+    module ObjectExtensions
+
+      def canhaz_object?
+        true
+      end
+
+      # Gets the subjects that have the corresponding permission and type on this model
+      #
+      # @param type [Class] The type of the subjects we're looking for
+      # @param permission [String, Symbol] The permission
+      def subjects_with_permission(type, permission)
+        raise Exceptions::NotACanHazSubject unless type.respond_to?(:acts_as_canhaz_subject)
+        permissions = self.permissions_subjects.where(:type => self.class.to_s, :permission => permission.to_s)
+        type.in(:id => permissions.collect(&:csubject_id))
+      end
+
+    end
+  end
+end

data/lib/mongoid-canhaz/permission.rb

@@ -0,0 +1,18 @@
+require 'mongoid'
+
+module Canhaz
+  module Mongoid
+
+    class Permission
+      include ::Mongoid::Document
+
+      field :type, :type => String
+      field :csubject_id, :type => String
+      field :cobject_id, :type => String
+      field :permission, :type => String
+
+      validates :permission, :presence => true, :uniqueness => {:scope => [:type, :cobject_id, :csubject_id]}
+    end
+
+  end
+end

data/lib/mongoid-canhaz/subject_extensions.rb

@@ -0,0 +1,98 @@
+require 'mongoid-canhaz/exceptions'
+
+module Canhaz
+  module Mongoid
+
+    module SubjectExtensions
+
+      def canhaz_subject?
+        true
+      end
+
+      # Creates a permission on a given object
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [Object, nil] The model on which the permission is effective
+      #   Can be nil if it is a global permission that does not target an object
+      # @return [Bool] True if the role was successfully created, false if it was already present
+      def can!(permission, object = nil)
+        assert_permission_not_nil(permission)
+        assert_canhaz_object(object)
+        object_type = object.nil? ? nil : object.class.to_s
+        object_id = object.nil? ? nil : object.id
+        perm = self.permissions.build(:permission => permission, :type => object_type, :cobject_id => object_id)
+        if perm.valid?
+          perm.save
+          return true
+        end
+        self.permissions.delete perm
+        perm.destroy
+        false
+      end
+
+      # Checks if the subject has a given permission on a given object
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [Object, nil] The model we are testing the permission on
+      #  Can be nil if it is a global permission that does not target an object
+      # @return [Bool] True if the user has the given permission, false otherwise
+      def can?(permission, object = nil)
+        assert_canhaz_object(object)
+        assert_permission_not_nil(permission)
+        find_canhaz_permission(object, permission).present?
+      end
+
+      # Checks if the subject does not have a given permission on a given object
+      # Acts as a proxy of !subject.can?(permission, object)
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [Object] The model we are testing the permission on. Can be nil if it is a global permission that does not target an object
+      # @return [Bool] True if the user has not the given permission, false otherwise
+      def cannot?(permission, object = nil)
+        !self.can?(permission, object)
+      end
+
+      # Removes a permission on a given object
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [Object, nil] The model on which the permission is effective. Can be nil if it is a global permission that does not target an object
+      # @return [Bool] True if the role was successfully removed, false if it did not exist
+      def cannot!(permission, object = nil)
+        assert_canhaz_object(object)
+        assert_permission_not_nil(permission)
+        row = find_canhaz_permission(object, permission)
+        return false unless row.present?
+        self.permissions.delete row
+        row.destroy and return true
+      end
+
+      # Gets All objects that match a given type and permission
+      #
+      # @param type [Class] The type of the objects
+      # @param permission [String, Symbol] The name of the permission
+      # @return The macthing objects in an array
+      def objects_with_permission(type, permission)
+        raise Exceptions::NotACanHazObject unless type.respond_to?(:acts_as_canhaz_object)
+        permissions = self.permissions.where(:permission => permission.to_s, :type => type.to_s)
+        type.in(:id => permissions.collect(&:cobject_id))
+      end
+
+      private
+
+      def assert_canhaz_object(object)
+        raise Exceptions::NotACanHazObject unless (object.nil? || (object.respond_to?('canhaz_object?') && object.canhaz_object?))
+      end
+
+      def assert_permission_not_nil(permission)
+        raise Exceptions::NullPermission unless permission.present?
+      end
+
+      def find_canhaz_permission(object, permission)
+        object_type = object.nil? ? nil : object.class.to_s
+        object_id = object.nil? ? nil : object.id.to_s
+        self.permissions.where(:permission => permission.to_s, :type => object_type, :cobject_id => object_id).to_a.first
+      end
+
+    end
+  end
+end

data/lib/mongoid-canhaz/version.rb

@@ -0,0 +1,5 @@
+module Canhaz
+  module Mongoid
+    VERSION = "1.0.0"
+  end
+end

data/mongoid-canhaz.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'mongoid-canhaz/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "mongoid-canhaz"
+  gem.version       = Canhaz::Mongoid::VERSION
+  gem.authors       = ["Intrepidd"]
+  gem.email         = ["adrien@siami.fr"]
+  gem.description   = "A simple mongoid extention that allows any application using mongoid to manage permissions based roles."
+  gem.summary       = "A simple mongoid extention that allows any application using mongoid to manage permissions based roles."
+  gem.homepage      = "https://github.com/Intrepidd/mongoid-canhaz/"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency 'mongoid', '>= 2.2.0'
+end

data/test/init_connection.rb

@@ -0,0 +1,2 @@
+::Mongoid.connect_to('mongoid-canhaz')
+::Mongoid::Sessions.default.drop

data/test/models/test_object.rb

@@ -0,0 +1,7 @@
+class TestObject
+  include Mongoid::Document
+  include Canhaz::Mongoid::Document
+
+  acts_as_canhaz_object
+
+end

data/test/models/test_subject.rb

@@ -0,0 +1,7 @@
+class TestSubject
+  include Mongoid::Document
+  include Canhaz::Mongoid::Document
+
+  acts_as_canhaz_subject
+
+end

data/test/test_canhaz.rb

@@ -0,0 +1,131 @@
+require 'test/unit'
+require 'mongoid'
+require 'mongoid-canhaz'
+require 'models/test_object'
+require 'models/test_subject'
+require 'init_connection'
+
+class TestCanhaz < Test::Unit::TestCase
+  def test_methods
+    assert_equal true, TestObject.respond_to?(:acts_as_canhaz_object)
+    assert_equal true, TestSubject.respond_to?(:acts_as_canhaz_subject)
+
+    assert_equal true, TestObject.respond_to?(:acts_as_canhaz_subject)
+    assert_equal true, TestSubject.respond_to?(:acts_as_canhaz_object)
+
+    object = TestObject.new
+    subject = TestSubject.new
+
+    assert_equal true, object.canhaz_object?
+    assert_equal false, object.canhaz_subject?
+    assert_equal false, subject.canhaz_object?
+    assert_equal true, subject.canhaz_subject?
+  end
+
+
+  def test_can
+    object = TestObject.new
+    subject = TestSubject.new
+
+    object.save
+    subject.save
+
+    assert_equal 0, subject.permissions.size
+    assert_equal false, subject.can?(:foo, object)
+    assert_equal true, subject.cannot?(:foo, object)
+
+    assert_equal true, subject.can!(:foo, object)
+    assert_equal 1, subject.permissions.size
+    assert_equal 1, subject.reload.permissions.size
+    assert_equal true, subject.can?(:foo, object)
+    assert_equal false, subject.cannot?(:foo, object)
+
+    assert_equal false, subject.can!(:foo, object)
+    assert_equal 1, subject.permissions.size
+    assert_equal 1, subject.reload.permissions.size
+
+    assert_raise Canhaz::Mongoid::Exceptions::NotACanHazObject do
+      subject.can!(:foo, 1)
+    end
+
+    assert_equal true, subject.cannot!(:foo, object)
+    assert_equal 0, subject.permissions.size
+    assert_equal 0, subject.reload.permissions.size
+    assert_equal false, subject.can?(:foo, object)
+
+    assert_equal false, subject.can?(:bar)
+    assert_equal true, subject.cannot?(:bar)
+
+    assert_equal true, subject.can!(:bar)
+    assert_equal false, subject.cannot?(:bar)
+
+    assert_equal false, subject.can!(:bar)
+
+    assert_equal true, subject.cannot!(:bar)
+
+    assert_equal false, subject.can?(:bar)
+    assert_equal true, subject.cannot?(:bar)
+  end
+
+  def test_objects_with_permission
+    subject = TestSubject.new
+
+    o1 = TestObject.new
+    o2 = TestObject.new
+    o3 = TestObject.new
+
+    subject.save
+    o1.save
+    o2.save
+    o3.save
+
+    assert_equal [], subject.objects_with_permission(TestObject, :foo).to_a
+
+    subject.can!(:foo, o1)
+    assert_equal [o1], subject.objects_with_permission(TestObject, :foo).to_a
+    assert_equal [o1], subject.reload.objects_with_permission(TestObject, :foo).to_a
+
+    subject.can!(:bar, o2)
+    assert_equal [o1], subject.objects_with_permission(TestObject, :foo).to_a
+    assert_equal [o1], subject.reload.objects_with_permission(TestObject, :foo).to_a
+
+    subject.can!(:foo, o3)
+    assert_equal [o1, o3], subject.objects_with_permission(TestObject, :foo).to_a
+    assert_equal [o1, o3], subject.reload.objects_with_permission(TestObject, :foo).to_a
+
+    assert_raise Canhaz::Mongoid::Exceptions::NotACanHazObject do
+        subject.objects_with_permission(Fixnum, :foo)
+    end
+  end
+
+  def test_subjects_with_permission
+    object = TestObject.new
+    s1 = TestSubject.new
+    s2 = TestSubject.new
+    s3 = TestSubject.new
+
+    object.save
+    s1.save
+    s2.save
+    s3.save
+
+    assert_equal [], object.subjects_with_permission(TestSubject, :foo).to_a
+
+    assert_equal true, s1.can!(:foo, object)
+    assert_equal [s1], object.subjects_with_permission(TestSubject, :foo).to_a
+    assert_equal [s1], object.reload.subjects_with_permission(TestSubject, :foo).to_a
+
+    assert_equal true, s2.can!(:bar, object)
+    assert_equal [s1], object.subjects_with_permission(TestSubject, :foo).to_a
+    assert_equal [s1], object.reload.subjects_with_permission(TestSubject, :foo).to_a
+
+    assert_equal true, s3.can!(:foo, object)
+    assert_equal [s1, s3], object.subjects_with_permission(TestSubject, :foo).to_a
+    assert_equal [s1, s3], object.reload.subjects_with_permission(TestSubject, :foo).to_a
+
+    assert_raise Canhaz::Mongoid::Exceptions::NotACanHazSubject do
+        object.subjects_with_permission(Fixnum, :foo)
+    end
+  end
+
+end

metadata

@@ -0,0 +1,81 @@
+--- !ruby/object:Gem::Specification
+name: mongoid-canhaz
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Intrepidd
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-03-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 2.2.0
+description: A simple mongoid extention that allows any application using mongoid
+  to manage permissions based roles.
+email:
+- adrien@siami.fr
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/mongoid-canhaz.rb
+- lib/mongoid-canhaz/exceptions.rb
+- lib/mongoid-canhaz/model_extentions.rb
+- lib/mongoid-canhaz/object_extensions.rb
+- lib/mongoid-canhaz/permission.rb
+- lib/mongoid-canhaz/subject_extensions.rb
+- lib/mongoid-canhaz/version.rb
+- mongoid-canhaz.gemspec
+- test/init_connection.rb
+- test/models/test_object.rb
+- test/models/test_subject.rb
+- test/test_canhaz.rb
+homepage: https://github.com/Intrepidd/mongoid-canhaz/
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: A simple mongoid extention that allows any application using mongoid to manage
+  permissions based roles.
+test_files:
+- test/init_connection.rb
+- test/models/test_object.rb
+- test/models/test_subject.rb
+- test/test_canhaz.rb