mongoid_ability 0.0.11 → 0.1.0

data/lib/mongoid_ability/owner.rb

@@ -1,50 +1,35 @@
 module MongoidAbility
   module Owner
-
     def self.included base
       base.extend ClassMethods
       base.class_eval do
         delegate :can?, :cannot?, to: :ability
-
         before_save :cleanup_locks
       end
     end
 
-    # =====================================================================
+    # ---------------------------------------------------------------------
 
     module ClassMethods
-      # override if needed
-      # return for example :my_locks
       def locks_relation_name
-        @locks_relation_name ||= relations.detect{ |name, meta| meta.class_name == lock_class_name }.first.to_sym
+        :locks
       end
 
-      # override if your relation is named differently
-      def roles_relation_name
+      def inherit_from_relation_name
         :roles
       end
-
-      # override if needed
-      # return for example 'MyLock'
-      def lock_class_name
-        lock_classes = ObjectSpace.each_object(Class).select{ |cls| cls < MongoidAbility::Lock }
-        lock_superclasses = lock_classes.reject{ |cls| lock_classes.any?{ |c| cls < c } }
-        @lock_class_name ||= lock_superclasses.first.name
-      end
     end
 
-    # =====================================================================
+    # ---------------------------------------------------------------------
 
     def locks_relation
       self.send(self.class.locks_relation_name)
     end
 
-    def roles_relation
-      self.send(self.class.roles_relation_name)
+    def inherit_from_relation
+      self.send(self.class.inherit_from_relation_name)
     end
 
-    # ---------------------------------------------------------------------
-
     def ability
       @ability ||= MongoidAbility::Ability.new(self)
     end
@@ -56,6 +41,5 @@ module MongoidAbility
         lock.destroy if locks_relation.where(action: lock.action, subject_type: lock.subject_type, subject_id: lock.subject_id).any?(&:closed?)
       end
     end
-
   end
 end

data/lib/mongoid_ability/resolve_default_locks.rb

@@ -0,0 +1,15 @@
+module MongoidAbility
+  class ResolveDefaultLocks < ResolveLocks
+
+    def call
+      return false if default_locks.any?{ |l| l.closed?(options) }
+      return true if default_locks.any?{ |l| l.open?(options) }
+    end
+
+    private # =============================================================
+
+    def default_locks
+      subject_class.default_locks.select{ |l| l.action.to_s == action.to_s }
+    end
+  end
+end

data/lib/mongoid_ability/resolve_inherited_locks.rb

@@ -0,0 +1,32 @@
+module MongoidAbility
+  class ResolveInheritedLocks < ResolveLocks
+
+    def call
+      uo = user_outcome
+      return uo if uo != nil
+
+      if owner.respond_to?(owner.class.inherit_from_relation_name) && owner.inherit_from_relation != nil
+        io = owner.inherit_from_relation.collect { |inherited_owner| inherited_owner_outcome(inherited_owner) }.compact
+        return io.any?{ |o| o == true } unless io.empty?
+      end
+
+      default_outcome
+    end
+
+    private # =============================================================
+
+    def user_outcome
+      @user_outcome ||= ResolveOwnerLocks.call(owner, action, subject_class, subject, options)
+    end
+
+    def inherited_owner_outcome inherited_owner
+      @inherited_owner_outcome ||= {}
+      @inherited_owner_outcome[inherited_owner] ||= ResolveOwnerLocks.call(inherited_owner, action, subject_class, subject, options)
+    end
+
+    def default_outcome
+      @default_outcome ||= ResolveDefaultLocks.call(nil, action, subject_class, nil, options)
+    end
+
+  end
+end

data/lib/mongoid_ability/resolve_locks.rb

@@ -0,0 +1,34 @@
+module MongoidAbility
+  class ResolveLocks < Struct.new(:owner, :action, :subject_type, :subject, :options)
+
+    attr_reader(
+      :subject_class,
+      :subject_id
+    )
+
+    def self.call(*args)
+      new(*args).call
+    end
+
+    # =====================================================================
+
+    def initialize(*args)
+      super(*args)
+
+      @subject_class = subject_type.to_s.constantize
+      @subject_id = subject.id if subject.present?
+
+      raise StandardError, "#{subject_type} class does not have default locks" unless @subject_class.respond_to?(:default_locks)
+      raise StandardError, "#{subject_type} class does not have default lock for :#{action} action" unless @subject_class.self_and_ancestors_with_default_locks.any? do |cls|
+        cls.default_locks.any?{ |l| l.action == action }
+      end
+    end
+
+    # =====================================================================
+
+    def call
+      raise NotImplementedError
+    end
+
+  end
+end

data/lib/mongoid_ability/resolve_owner_locks.rb

@@ -0,0 +1,25 @@
+module MongoidAbility
+  class ResolveOwnerLocks < ResolveLocks
+
+    def call
+      locks_for_subject_type = owner.locks_relation.for_action(action).for_subject_type(subject_type)
+
+      return unless locks_for_subject_type.exists?
+
+      # return outcome if owner defines lock for id
+      if subject.present?
+        id_locks = locks_for_subject_type.id_locks.for_subject_id(subject_id)
+        return false if id_locks.any?{ |l| l.closed?(options) }
+        return true if id_locks.any?{ |l| l.open?(options) }
+      end
+
+      # return outcome if owner defines lock for subject_type
+      class_locks = locks_for_subject_type.class_locks
+      return false if class_locks.class_locks.any?{ |l| l.closed?(options) }
+      return true if class_locks.class_locks.any?{ |l| l.open?(options) }
+
+      nil
+    end
+
+  end
+end

data/lib/mongoid_ability/subject.rb

@@ -3,58 +3,54 @@ module MongoidAbility
 
     def self.included base
       base.extend ClassMethods
-      base.class_eval do
-      end
     end
 
-    # =====================================================================
+    # ---------------------------------------------------------------------
 
     module ClassMethods
       def default_locks
-        @default_locks ||= []
+        @default_locks ||= DefaultLocksExtension.new
       end
 
-      def default_locks_with_inherited
-        return default_locks unless superclass.respond_to?(:default_locks_with_inherited)
-        superclass.default_locks_with_inherited.concat(default_locks)
+      def default_locks= locks
+        @default_locks = DefaultLocksExtension.new(locks)
       end
 
-      def default_locks= val
-        @default_locks = val
+      def default_lock lock_cls, action, outcome, attrs={}
+        default_locks << lock_cls.new( { subject_type: self.to_s, action: action, outcome: outcome }.merge(attrs))
       end
 
-      def default_lock action, outcome
-        if existing_lock = default_locks.detect{ |l| l.action.to_s == action.to_s }
-          existing_lock.outcome = outcome
-        else
-          default_locks << lock_class_name.constantize.new(subject_type: self, action: action, outcome: outcome)
-        end
+      def self_and_ancestors_with_default_locks
+        ancestors.select { |a| a.is_a?(Class) && a.respond_to?(:default_locks) }
       end
 
-      # ---------------------------------------------------------------------
+      def ancestors_with_default_locks
+        self_and_ancestors_with_default_locks - [self]
+      end
 
-      # override if needed
-      # return for example 'MyLock'
-      def lock_class_name
-        lock_classes = ObjectSpace.each_object(Class).select{ |cls| cls < MongoidAbility::Lock }
-        lock_superclasses = lock_classes.reject{ |cls| lock_classes.any?{ |c| cls < c } }
-        @lock_class_name ||= lock_superclasses.first.name
+      def accessible_by ability, action=:read, options={}
+        AccessibleQueryBuilder.call(self, ability, action, options)
       end
+    end
 
-      # ---------------------------------------------------------------------
+    # ---------------------------------------------------------------------
 
-      def self_and_ancestors_with_default_locks
-        self.ancestors.select{ |a| a.is_a?(Class) && a.respond_to?(:default_locks) }
-      end
+    require 'forwardable'
+    class DefaultLocksExtension
+      extend Forwardable
+      def_delegators :@default_locks, :any?, :collect, :delete, :detect, :first, :map, :push, :select
 
-      def ancestors_with_default_locks
-        self_and_ancestors_with_default_locks - [self]
-      end
+      attr_reader :default_locks
 
-      # ---------------------------------------------------------------------
+      def initialize default_locks=[]
+        @default_locks = default_locks
+      end
 
-      def accessible_by ability, action=:read
-        AccessibleQueryBuilder.call(self, ability, action)
+      def << lock
+        if existing_lock = self.detect{ |l| l.action.to_s == lock.action.to_s }
+          @default_locks.delete(existing_lock)
+        end
+        @default_locks.push lock
       end
     end
 

data/lib/mongoid_ability/version.rb

@@ -1,3 +1,3 @@
 module MongoidAbility
-  VERSION = "0.0.11"
+  VERSION = "0.1.0"
 end

data/test/mongoid_ability/ability_role_test.rb

@@ -3,22 +3,28 @@ require "test_helper"
 module MongoidAbility
   describe 'ability on Role' do
 
-    let(:read_lock) { TestLock.new(subject_type: TestAbilitySubject.to_s, action: :read, outcome: false) }
-    let(:role) { TestRole.new(test_locks: [read_lock]) }
+    let(:read_lock) { MyLock.new(subject_type: MySubject, action: :read, outcome: false) }
+    let(:role) { MyRole.new(my_locks: [ read_lock ]) }
     let(:ability) { Ability.new(role) }
 
     # ---------------------------------------------------------------------
 
+    before do
+      MySubject.default_locks = [ MyLock.new(action: :read, outcome: true) ]
+    end
+
+    # ---------------------------------------------------------------------
+
     it 'role can?' do
-      ability.can?(:read, TestAbilitySubject).must_equal false
+      ability.can?(:read, MySubject).must_equal false
     end
 
     it 'role cannot?' do
-      ability.cannot?(:update, TestAbilitySubject).must_equal false
+      ability.cannot?(:read, MySubject).must_equal true
     end
 
     it 'is accessible by' do
-      TestAbilitySubject.accessible_by(ability, :read).must_be_kind_of Mongoid::Criteria
+      MySubject.accessible_by(ability, :read).must_be_kind_of Mongoid::Criteria
     end
 
   end

data/test/mongoid_ability/ability_test.rb

@@ -2,50 +2,53 @@ require "test_helper"
 
 module MongoidAbility
   describe Ability do
-
-    let(:user) { TestUser.new }
-    let(:ability) { Ability.new(user) }
-
-    # ---------------------------------------------------------------------
+    let(:owner) { MyOwner.new }
+    let(:ability) { Ability.new(owner) }
 
     it 'exposes owner' do
-      ability.owner.must_equal user
+      ability.owner.must_equal owner
     end
 
-    # ---------------------------------------------------------------------
-
     describe 'default locks' do
+      before do
+        # NOTE: we might need to use the .default_lock macro in case we propagate down directly
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: true) ]
+        MySubject1.default_locks = []
+        MySubject2.default_locks = []
+      end
+
       it 'propagates from superclass to all subclasses' do
-        ability.can?(:update, TestAbilitySubjectSuper1).must_equal true
-        ability.can?(:update, TestAbilitySubject).must_equal true
+        ability.can?(:update, MySubject).must_equal true
+        ability.can?(:update, MySubject1).must_equal true
+        ability.can?(:update, MySubject2).must_equal true
       end
+    end
 
-      describe 'when defined for all superclasses' do
-        it 'propagates default locks to subclasses' do
-          ability.can?(:read, TestAbilitySubjectSuper2).must_equal false
-          TestAbilitySubjectSuper1.stub(:default_locks, [
-            TestLock.new(subject_type: TestAbilitySubjectSuper1.to_s, action: :read, outcome: false)
-          ]) do
-            ability.can?(:read, TestAbilitySubjectSuper1).must_equal false
-          end
-          TestAbilitySubject.stub(:default_locks, [
-            TestLock.new(subject_type: TestAbilitySubject.to_s, action: :read, outcome: true)
-          ]) do
-            ability.can?(:read, TestAbilitySubject).must_equal true
-          end
-        end
+    describe 'when defined for all superclasses' do
+      before do
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+        MySubject1.default_locks = [ MyLock.new(subject_type: MySubject1, action: :read, outcome: true) ]
+        MySubject2.default_locks = [ MyLock.new(subject_type: MySubject2, action: :read, outcome: false) ]
       end
 
-      describe 'when defined for some superclasses' do
-        it 'propagates default locks to subclasses' do
-          ability.can?(:read, TestAbilitySubjectSuper2).must_equal false
-          ability.can?(:read, TestAbilitySubjectSuper1).must_equal false
-          TestAbilitySubject.stub(:default_locks, [
-            TestLock.new(subject_type: TestAbilitySubjectSuper1.to_s, action: :read, outcome: true)
-          ]) do
-            ability.can?(:read, TestAbilitySubject).must_equal true
-          end
-        end
+      it 'respects the definitions' do
+        ability.can?(:read, MySubject).must_equal false
+        ability.can?(:read, MySubject1).must_equal true
+        ability.can?(:read, MySubject2).must_equal false
+      end
+    end
+
+    describe 'when defined for some superclasses' do
+      before do
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+        MySubject1.default_locks = []
+        MySubject2.default_locks = [ MyLock.new(subject_type: MySubject2, action: :read, outcome: true) ]
+      end
+
+      it 'propagates default locks to subclasses' do
+        ability.can?(:read, MySubject).must_equal false
+        ability.can?(:read, MySubject1).must_equal false
+        ability.can?(:read, MySubject2).must_equal true
       end
     end
 
@@ -54,49 +57,45 @@ module MongoidAbility
     describe 'user locks' do
       describe 'when defined for superclass' do
         before do
-          user.tap do |u|
-            u.test_locks = [TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)]
-          end
+          MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+          MySubject1.default_locks = []
+          MySubject2.default_locks = []
+          owner.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]
         end
+
         it 'applies the superclass lock' do
-          ability.can?(:read, TestAbilitySubject).must_equal true
+          ability.can?(:read, MySubject2).must_equal true
         end
       end
     end
 
     # ---------------------------------------------------------------------
 
-    describe 'role locks' do
-      describe 'when multiple roles' do
+    describe 'inherited owner locks' do
+      describe 'when multiple inherited owners' do
         before do
-          user.tap do |u|
-            u.roles = [
-              TestRole.new(name: 'Editor', test_locks: [
-                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)
-              ]),
-              TestRole.new(name: 'SysOp', test_locks: [
-                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: false)
-              ])
-            ]
-          end
+          MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+          owner.my_roles = [
+            MyRole.new(my_locks: [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]),
+            MyRole.new(my_locks: [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ])
+          ]
         end
+
         it 'prefers positive outcome' do
-          ability.can?(:read, TestAbilitySubjectSuper2).must_equal true
+          ability.can?(:read, MySubject).must_equal true
         end
       end
 
       describe 'when defined for superclass' do
         before do
-          user.tap do |u|
-            u.roles = [
-              TestRole.new(test_locks: [
-                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)
-              ])
-            ]
-          end
+          MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+          MySubject1.default_locks = []
+          MySubject2.default_locks = []
+          owner.my_roles = [ MyRole.new(my_locks: [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]) ]
         end
+
         it 'applies the superclass lock' do
-          ability.can?(:read, TestAbilitySubject).must_equal true
+          ability.can?(:read, MySubject2).must_equal true
         end
       end
     end
@@ -106,47 +105,24 @@ module MongoidAbility
     describe 'combined locks' do
       describe 'user and role locks' do
         before do
-          user.tap do |u|
-            u.test_locks = [
-              TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: false)
-            ]
-            u.roles = [
-              TestRole.new(test_locks: [
-                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)
-              ])
-            ]
-          end
+          MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+          owner.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+          owner.my_roles = [ MyRole.new(my_locks: [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]) ]
         end
+
         it 'prefers user locks' do
-          ability.can?(:read, TestAbilitySubjectSuper2).must_equal false
+          ability.can?(:read, MySubject).must_equal false
         end
       end
 
       describe 'roles and default locks' do
         before do
-          user.tap do |u|
-            u.roles = [
-              TestRole.new(test_locks: [
-                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)
-              ])
-            ]
-          end
+          MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+          owner.my_roles = [ MyRole.new(my_locks: [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]) ]
         end
-        it 'prefers role locks' do
-          ability.can?(:read, TestAbilitySubjectSuper2).must_equal true
-        end
-      end
-    end
 
-    # ---------------------------------------------------------------------
-
-    describe 'class locks' do
-      it 'prefers negative outcome across same class' do
-        TestAbilityResolverSubject.stub(:default_locks, [
-          TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: false),
-          TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: true)
-        ]) do
-          ability.can?(:read, TestAbilityResolverSubject).must_equal false
+        it 'prefers role locks' do
+          ability.can?(:read, MySubject).must_equal true
         end
       end
     end