mongoid_ability 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2419970ae62d412e5779447e3b68ad88999e65fc
-  data.tar.gz: 2850d0cc5ce00717c5aa9ee21af855a50f01edbe
+  metadata.gz: f894c51e60acf940ca8b92ec9f7402df3b852bf9
+  data.tar.gz: d923b2dfee15aee43d0aab8535adbd4ad44ff6f2
 SHA512:
-  metadata.gz: 55f72d123b8ba7dc2dd788c2403a1616b8b73516cc96a36d4a7600294675d548390dec31fdb1274cf334306aba42e1ddc419d67b551eb26c5ff43cf48e81f239
-  data.tar.gz: b16ce12d9d7ed6a604c3b2b4774018f9de5e1e193b5ccc7c0cf4bcc0fa9f00ca896cd59e32cff37020d6ebe803140742b6caef3d82c17f22cee986e9e3c25d4b
+  metadata.gz: 5a004c82655f15430cbb9421a3180a35d72375687f5301bb0fffd8b373055b87dd15ee9e187db4cd321ef7bede86c525f7a600030d088fdb31b019c654c51098
+  data.tar.gz: d8336fcfbb6a4f1ca8ede3e970dae45406b9cd575c83a78e5c48fda2ef02d6274ab06d218839ebe13b8a5c7ba71a121e40e2b2875ae074b5ee8d5f63a1d080c2

data/.travis.yml

@@ -1,6 +1,6 @@
 language: ruby
-cache: bundler
 script: 'bundle exec rake'
+sudo: false
 rvm:
   - 2.1.2
 services:
@@ -11,4 +11,4 @@ notifications:
     recipients:
       - tomas.celizna@gmail.com
     on_failure: change
-    on_success: never
+    on_success: never

data/README.md

@@ -81,13 +81,6 @@ end
 
 The subject classes can be subclassed. Subclasses inherit the default locks (unless they override them), the resulting outcome being correctly calculated bottom-up the superclass chain.
 
-The subject also acquires a convenience `Mongoid::Criteria` named `.accessible_by`. This criteria can be used to query for subject based on the user's ability:
-
-```ruby
-ability = MongoidAbility::Ability.new(current_user)
-MySubject.accessible_by(ability, :read, options={})
-```
-
 ### Owner
 
 This `Ability` class supports two levels of inheritance (for example User and its Roles). The locks can be either embedded (via `.embeds_many`) or associated (via `.has_many`). Make sure to include the `as: :owner` option.

data/lib/mongoid_ability/accessible_query_builder.rb

@@ -1,16 +1,35 @@
-# FIXME: this is extremely slow and not suitable for use, yet
-
 module MongoidAbility
   class AccessibleQueryBuilder < Struct.new(:base_class, :ability, :action, :options)
-
-    def self.call *args
+    def self.call(*args)
       new(*args).call
     end
 
     # =====================================================================
 
+    # TODO: cleanup
     def call
-      base_class_and_descendants.inject(base_criteria) { |criteria, cls| criteria.merge!(criteria_for_class(cls)) }
+      closed_classes = [] # [cls]
+      open_ids = [] # [cls, id]
+      closed_ids = [] # [id]
+
+      base_class_and_descendants.each do |cls|
+        closed_classes << cls.to_s if ability.cannot?(action, cls, options)
+
+        id_locks(cls).each do |lock|
+          if ability.can?(action, cls.new(_id: lock.subject_id), options)
+            open_ids << [cls.to_s, lock.subject_id]
+          else
+            closed_ids << lock.subject_id
+          end
+        end
+      end
+
+      closed_classes_condition = { :_type.nin => closed_classes }
+      open_ids_condition = { :_type.in => open_ids.map(&:first), :_id.in => open_ids.map(&:last) }
+      closed_ids_condition = { :_id.nin => closed_ids }
+      or_conditions = [ closed_classes_condition, open_ids_condition ].reject(&:blank?)
+
+      base_criteria.where( :$and => [ { :$or => or_conditions }, closed_ids_condition ])
     end
 
     private # =============================================================
@@ -25,16 +44,12 @@ module MongoidAbility
       @base_class_superclass ||= (base_class.ancestors_with_default_locks.last || base_class)
     end
 
-    def base_class_descendants
-      @base_class_descendants ||= ObjectSpace.each_object(Class).select{ |cls| cls < base_class_superclass }
+    def default_lock(_cls, action)
+      base_class_superclass.default_locks.detect { |l| l.action.to_s == action.to_s }
     end
 
     def base_class_and_descendants
-      @base_class_and_descendants ||= [base_class].concat(base_class_descendants)
-    end
-
-    def hereditary?
-      base_class_and_descendants.count > 1
+      @base_class_and_descendants ||= [base_class].concat(base_class.descendants)
     end
 
     # ---------------------------------------------------------------------
@@ -50,79 +65,21 @@ module MongoidAbility
 
     # ---------------------------------------------------------------------
 
-    def owner_id_locks_for_subject_type cls
+    def id_locks(cls)
+      (Array(owner_id_locks_for_subject_type(cls)) + Array(inherited_from_relation_ids_locks_for_subject_type(cls))).flatten
+    end
+
+    def owner_id_locks_for_subject_type(cls)
       @owner_id_locks_for_subject_type ||= {}
       @owner_id_locks_for_subject_type[cls] ||= owner.locks_relation.id_locks.for_action(action).for_subject_type(cls.to_s)
     end
 
-    def inherited_from_relation_ids_locks_for_subject_type cls
+    def inherited_from_relation_ids_locks_for_subject_type(cls)
       return [] unless inherited_from_relation
       @inherited_from_relation_ids_locks_for_subject_type ||= {}
-      @inherited_from_relation_ids_locks_for_subject_type[cls] ||= inherited_from_relation.collect { |o|
+      @inherited_from_relation_ids_locks_for_subject_type[cls] ||= inherited_from_relation.collect do |o|
         o.locks_relation.id_locks.for_action(action).for_subject_type(cls.to_s)
-      }.flatten
-    end
-
-    # ---------------------------------------------------------------------
-
-    def role_has_open_id_lock? cls, subject_id
-      @role_has_open_id_lock ||= {}
-      @role_has_open_id_lock["#{cls}_#{subject_id}"] ||= begin
-        inherited_from_relation_ids_locks_for_subject_type(cls).
-          select{ |l| l.open?(options) }.
-          map(&:subject_id).
-          include?(subject_id)
-      end
-    end
-
-    def owner_has_open_id_lock? cls, subject_id
-      @owner_has_open_id_lock ||= {}
-      @owner_has_open_id_lock["#{cls}_#{subject_id}"] ||= begin
-        owner_id_locks_for_subject_type(cls).
-          select{ |l| l.open?(options) }.
-          map(&:subject_id).
-          include?(subject_id)
-      end
+      end.flatten
     end
-
-    # ---------------------------------------------------------------------
-
-    def criteria_for_class cls
-      @criteria_for_class ||= {}
-      @criteria_for_class[cls] ||= ability.can?(action, cls, options) ? exclude_criteria(cls) : include_criteria(cls)
-    end
-
-    def exclude_criteria cls
-      @exclude_criteria ||= {}
-      @exclude_criteria[cls] ||= begin
-        id_locks = inherited_from_relation_ids_locks_for_subject_type(cls).select{ |l| l.closed?(options) }
-        id_locks = id_locks.reject{ |lock| role_has_open_id_lock?(cls, lock.subject_id) }
-        id_locks = id_locks.reject{ |lock| owner_has_open_id_lock?(cls, lock.subject_id) }
-        id_locks += owner_id_locks_for_subject_type(cls).select{ |l| l.closed?(options) }
-
-        excluded_ids = id_locks.map(&:subject_id).flatten
-
-        conditions = { :_id.nin => excluded_ids }
-        conditions = conditions.merge(_type: cls.to_s) if hereditary?
-
-        base_criteria.or(conditions)
-      end
-    end
-
-    def include_criteria cls
-      @include_criteria ||= {}
-      @include_criteria[cls] ||= begin
-        id_locks = inherited_from_relation_ids_locks_for_subject_type(cls).select{ |l| l.open?(options) }
-        id_locks += owner_id_locks_for_subject_type(cls).select{ |l| l.open?(options) }
-
-        included_ids = id_locks.map(&:subject_id).flatten
-
-        conditions = { :_id.in => included_ids }
-        conditions = conditions.merge(_type: cls.to_s) if hereditary?
-
-        base_criteria.or(conditions)
-      end
-    end
-
   end
 end

data/lib/mongoid_ability/lock.rb

@@ -2,7 +2,7 @@ require 'mongoid'
 
 module MongoidAbility
   module Lock
-    def self.included base
+    def self.included(base)
       base.extend ClassMethods
       base.class_eval do
         field :action, type: Symbol, default: :read
@@ -12,14 +12,14 @@ module MongoidAbility
         belongs_to :subject, polymorphic: true, touch: true
 
         # TODO: validate that action is defined on subject or its superclasses
-        validates :action, presence: true, uniqueness: { scope: [ :subject_type, :subject_id, :outcome ] }
+        validates :action, presence: true, uniqueness: { scope: [:subject_type, :subject_id, :outcome] }
         validates :outcome, presence: true
 
-        scope :for_action, -> action { where(action: action.to_sym) }
+        scope :for_action, -> (action) { where(action: action.to_sym) }
 
-        scope :for_subject_type, -> subject_type { where(subject_type: subject_type.to_s) }
-        scope :for_subject_id, -> subject_id { where(subject_id: subject_id.presence) }
-        scope :for_subject, -> subject { where(subject_type: subject.class.model_name, subject_id: subject.id) }
+        scope :for_subject_type, -> (subject_type) { where(subject_type: subject_type.to_s) }
+        scope :for_subject_id, -> (subject_id) { where(subject_id: subject_id.presence) }
+        scope :for_subject, -> (subject) { where(subject_type: subject.class.model_name, subject_id: subject.id) }
 
         scope :class_locks, -> { where(subject_id: nil) }
         scope :id_locks, -> { ne(subject_id: nil) }
@@ -28,52 +28,50 @@ module MongoidAbility
 
     # =====================================================================
 
-    # NOTE: override for more complicated results
-    def calculated_outcome options={}
-      outcome
-    end
-
-    # NOTE: override for more complicated results
-    def conditions
-      res = { _type: subject_type }
-      res = res.merge(_id: subject_id) if subject_id.present?
-      res = { '$not' => res } if calculated_outcome == false
-      res
-    end
-
-    # calculates outcome as if this lock is not present
-    def inherited_outcome options=default_options
-      return calculated_outcome(options) unless owner.present?
-      cloned_owner = owner.clone
-      cloned_owner.locks_relation = cloned_owner.locks_relation - [self]
-      MongoidAbility::Ability.new(cloned_owner).can? action, (subject.present? ? subject : subject_class), options
-    end
+    concerning :LockType do
+      def class_lock?
+        !id_lock?
+      end
 
-    # this is used when calculating inherited outcome
-    def default_options
-      {}
+      def id_lock?
+        subject_id.present?
+      end
     end
 
-    # ---------------------------------------------------------------------
+    concerning :Outcome do
+      # NOTE: override for more complicated results
+      def calculated_outcome(_options = {})
+        outcome
+      end
 
-    def subject_class
-      subject_type.constantize
-    end
+      def open?(options = {})
+        calculated_outcome(options) == true
+      end
 
-    def open? options={}
-      calculated_outcome(options) == true
+      def closed?(options = {})
+        !open?(options)
+      end
     end
 
-    def closed? options={}
-      !open?(options)
-    end
+    concerning :InheritedOutcome do
+      # calculates outcome as if this lock is not present
+      def inherited_outcome(options = default_options)
+        return calculated_outcome(options) unless owner.present?
+        cloned_owner = owner.clone
+        cloned_owner.locks_relation = cloned_owner.locks_relation - [self]
+        MongoidAbility::Ability.new(cloned_owner).can? action, (subject.present? ? subject : subject_class), options
+      end
 
-    def class_lock?
-      !id_lock?
+      # used when calculating inherited outcome
+      def default_options
+        {}
+      end
     end
 
-    def id_lock?
-      subject_id.present?
+    concerning :Subject do
+      def subject_class
+        subject_type.constantize
+      end
     end
   end
 end

data/lib/mongoid_ability/resolve_owner_locks.rb

@@ -1,6 +1,5 @@
 module MongoidAbility
   class ResolveOwnerLocks < ResolveLocks
-
     def call
       # FIXME: this is not a very nice fix
       return unless owner.respond_to?(:locks_relation)
@@ -12,17 +11,16 @@ module MongoidAbility
       # return outcome if owner defines lock for id
       if subject.present?
         id_locks = locks_for_subject_type.id_locks.for_subject_id(subject_id)
-        return false if id_locks.any?{ |l| l.closed?(options) }
-        return true if id_locks.any?{ |l| l.open?(options) }
+        return false if id_locks.any? { |l| l.closed?(options) }
+        return true if id_locks.any? { |l| l.open?(options) }
       end
 
       # return outcome if owner defines lock for subject_type
       class_locks = locks_for_subject_type.class_locks
-      return false if class_locks.class_locks.any?{ |l| l.closed?(options) }
-      return true if class_locks.class_locks.any?{ |l| l.open?(options) }
+      return false if class_locks.class_locks.any? { |l| l.closed?(options) }
+      return true if class_locks.class_locks.any? { |l| l.open?(options) }
 
       nil
     end
-
   end
 end

data/lib/mongoid_ability/subject.rb

@@ -1,7 +1,6 @@
 module MongoidAbility
   module Subject
-
-    def self.included base
+    def self.included(base)
       base.extend ClassMethods
       base.class_eval do
       end
@@ -12,21 +11,15 @@ module MongoidAbility
         @default_locks ||= []
       end
 
-      def default_locks= locks
+      def default_locks=(locks)
         @default_locks = locks
       end
 
-      def default_lock lock_cls, action, outcome, options={}
-        # unless is_root_class?
-        #   unless root_class.has_default_lock_for_action?(action)
-        #     raise StandardError, "action is not defined on root class (#{root_class})"
-        #   end
-        # end
-
-        lock = lock_cls.new( subject_type: self.to_s, action: action, outcome: outcome, options: options )
+      def default_lock(lock_cls, action, outcome, options = {})
+        lock = lock_cls.new(subject_type: to_s, action: action, outcome: outcome, options: options)
 
         # remove any existing locks
-        if existing_lock = default_locks.detect{ |l| l.action == lock.action }
+        if existing_lock = default_locks.detect { |l| l.action == lock.action }
           default_locks.delete(existing_lock)
         end
 
@@ -54,20 +47,19 @@ module MongoidAbility
 
       # ---------------------------------------------------------------------
 
-      def default_lock_for_action action
-        default_locks.detect{ |lock| lock.action == action.to_sym }
+      def default_lock_for_action(action)
+        default_locks.detect { |lock| lock.action == action.to_sym }
       end
 
-      def has_default_lock_for_action? action
+      def has_default_lock_for_action?(action)
         default_lock_for_action(action).present?
       end
 
       # ---------------------------------------------------------------------
 
-      def accessible_by ability, action=:read, options={}
+      def accessible_by(ability, action = :read, options = {})
         AccessibleQueryBuilder.call(self, ability, action, options)
       end
     end
-
   end
 end

data/lib/mongoid_ability/version.rb

@@ -1,3 +1,3 @@
 module MongoidAbility
-  VERSION = "0.2.1"
+  VERSION = "0.3.0"
 end

data/mongoid_ability.gemspec

@@ -21,7 +21,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "cancancan", "~> 1.9"
   spec.add_dependency "mongoid", "~> 5.0"
 
-  spec.add_development_dependency "bundler", "~> 1.6"
+  spec.add_development_dependency "bundler"
   spec.add_development_dependency "coveralls"
   spec.add_development_dependency "database_cleaner", ">= 1.5.1"
   spec.add_development_dependency "guard"

data/test/mongoid_ability/accessible_query_builder_test.rb

@@ -1,24 +1,21 @@
-require "test_helper"
+require 'test_helper'
 
 module MongoidAbility
   describe AccessibleQueryBuilder do
-
     let(:base_class) { MySubject }
-
     let(:owner) { MyOwner.new }
     let(:ability) { Ability.new(owner) }
-
     let(:action) { :read }
-
-    subject { AccessibleQueryBuilder.call(base_class, ability, action) }
+    let(:options) { Hash.new }
 
     before do
-      MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
+      MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]
     end
 
+    subject { AccessibleQueryBuilder.call(base_class, ability, action, options) }
+
     it 'returns Mongoid::Criteria' do
       subject.must_be_kind_of Mongoid::Criteria
     end
-
   end
 end

data/test/mongoid_ability/lock_test.rb

@@ -2,14 +2,14 @@ require 'test_helper'
 
 module MongoidAbility
   describe Lock do
-
     subject { MyLock.new }
     let(:my_subject) { MySubject.new }
     let(:inherited_lock) { MyLock1.new }
+
     # ---------------------------------------------------------------------
 
     before do
-      MySubject.default_locks = [ MyLock.new(action: :read, outcome: true), MyLock.new(action: :update, outcome: false) ]
+      MySubject.default_locks = [MyLock.new(action: :read, outcome: true), MyLock.new(action: :update, outcome: false)]
     end
 
     # ---------------------------------------------------------------------
@@ -27,13 +27,16 @@ module MongoidAbility
       subject.must_respond_to :open?
       subject.open?.must_equal false
     end
+
     it '#closed?' do
       subject.must_respond_to :closed?
       subject.closed?.must_equal true
     end
+
     it '#class_lock?' do
       subject.must_respond_to :class_lock?
     end
+
     it '#id_lock?' do
       subject.must_respond_to :id_lock?
     end
@@ -74,48 +77,9 @@ module MongoidAbility
       end
 
       it 'returns calculated_outcome for default locks' do
-        lock = MySubject.default_locks.detect{ |l| l.action == :read }
+        lock = MySubject.default_locks.detect { |l| l.action == :read }
         lock.inherited_outcome.must_equal true
       end
     end
-
-    # ---------------------------------------------------------------------
-
-    describe '#criteria' do
-      let(:open_subject_type_lock) { MyLock.new(subject_type: MySubject, action: :read, outcome: true) }
-      let(:closed_subject_type_lock) { MyLock.new(subject_type: MySubject, action: :read, outcome: false) }
-
-      let(:open_subject_lock) { MyLock.new(subject: my_subject, action: :read, outcome: true) }
-      let(:closed_subject_lock) { MyLock.new(subject: my_subject, action: :read, outcome: false) }
-
-      it 'returns conditions Hash' do
-        open_subject_type_lock.conditions.must_be_kind_of Hash
-        closed_subject_type_lock.conditions.must_be_kind_of Hash
-
-        open_subject_lock.conditions.must_be_kind_of Hash
-        closed_subject_lock.conditions.must_be_kind_of Hash
-      end
-
-      describe 'when open' do
-        it 'includes subject_type' do
-          open_subject_type_lock.conditions.must_equal({ _type: open_subject_type_lock.subject_type })
-        end
-
-        it 'includes id' do
-          open_subject_lock.conditions.must_equal({ _type: open_subject_type_lock.subject_type, _id: open_subject_lock.subject_id })
-        end
-      end
-
-      describe 'when closed' do
-        it 'excludes subject_type' do
-          closed_subject_type_lock.conditions.must_equal({ '$not' => { _type: open_subject_type_lock.subject_type }})
-        end
-
-        it 'includes id' do
-          closed_subject_lock.conditions.must_equal({ '$not' => { _type: open_subject_type_lock.subject_type, _id: open_subject_lock.subject_id }})
-        end
-      end
-    end
-
   end
 end

data/test/mongoid_ability/owner_locks_test.rb

@@ -13,13 +13,13 @@ module MongoidAbility
     # ---------------------------------------------------------------------
 
     before do
-      MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]
+      MySubject.default_locks = [MyLock.new(subject_type: MySubject, action: :read, outcome: true)]
     end
 
     # ---------------------------------------------------------------------
 
     describe 'when lock for subject' do
-      before { owner.my_locks = [ subject_lock ] }
+      before { owner.my_locks = [subject_lock] }
 
       it 'applies it' do
         ability.can?(:read, subject.class).must_equal true
@@ -30,13 +30,12 @@ module MongoidAbility
     # ---------------------------------------------------------------------
 
     describe 'when lock for subject type' do
-      before { owner.my_locks = [ subject_type_lock ] }
+      before { owner.my_locks = [subject_type_lock] }
 
       it 'applies it' do
         ability.can?(:read, subject.class).must_equal false
         ability.can?(:read, subject).must_equal false
       end
     end
-
   end
 end

data/test/mongoid_ability/owner_test.rb

@@ -41,6 +41,5 @@ module MongoidAbility
         owner.has_lock?(other_lock).must_equal false
       end
     end
-
   end
 end

data/test/mongoid_ability/subject_accessible_by_test.rb

@@ -2,134 +2,138 @@ require 'test_helper'
 
 module MongoidAbility
   describe '.accessible_by' do
+    let(:my_subject) { MySubject.create! }
+    let(:my_subject1) { MySubject1.create! }
+    let(:my_subject2) { MySubject2.create! }
 
     let(:role_1) { MyRole.new }
     let(:role_2) { MyRole.new }
-    let(:owner) { MyOwner.new(my_roles: [ role_1, role_2 ]) }
+    let(:owner) { MyOwner.new(my_roles: [role_1, role_2]) }
     let(:ability) { Ability.new(owner) }
 
-    before do
-      MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]
-      MySubject1.default_locks = []
+    # =====================================================================
+
+    describe 'default open locks' do
+      before do
+        # NOTE: we might need to use the .default_lock macro in case we propagate down directly
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: true) ]
+        MySubject1.default_locks = []
+        MySubject2.default_locks = []
+
+        my_subject
+        my_subject1
+        my_subject2
+      end
+
+      it 'propagates from superclass to all subclasses' do
+        MySubject.accessible_by(ability, :update).to_a.must_include my_subject
+        MySubject.accessible_by(ability, :update).to_a.must_include my_subject1
+        MySubject.accessible_by(ability, :update).to_a.must_include my_subject2
 
-      @my_subject = MySubject.create!
-      @my_subject_1 = MySubject1.create!
+        MySubject1.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject1.accessible_by(ability, :update).to_a.must_include my_subject1
+        MySubject1.accessible_by(ability, :update).to_a.must_include my_subject2
+
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject1
+        MySubject2.accessible_by(ability, :update).to_a.must_include my_subject2
+      end
     end
 
-    # =====================================================================
+    describe 'default closed locks' do
+      before do
+        # NOTE: we might need to use the .default_lock macro in case we propagate down directly
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: false) ]
+        MySubject1.default_locks = []
+        MySubject2.default_locks = []
 
-    describe 'default locks' do
-      describe 'when open' do
-        it 'returns everything' do
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject_1
-        end
+        my_subject
+        my_subject1
+        my_subject2
       end
 
-      describe 'when closed' do
-        before do
-          MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          MySubject1.default_locks = []
-        end
+      it 'propagates from superclass to all subclasses' do
+        MySubject.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject.accessible_by(ability, :update).to_a.wont_include my_subject1
+        MySubject.accessible_by(ability, :update).to_a.wont_include my_subject2
 
-        it 'returns nothing' do
-          MySubject.accessible_by(ability, :read).to_a.wont_include @my_subject
-          MySubject.accessible_by(ability, :read).to_a.wont_include @my_subject_1
-        end
+        MySubject1.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject1.accessible_by(ability, :update).to_a.wont_include my_subject1
+        MySubject1.accessible_by(ability, :update).to_a.wont_include my_subject2
+
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject1
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject2
       end
     end
 
-    # ---------------------------------------------------------------------
+    describe 'default combined locks' do
+      before do
+        # NOTE: we might need to use the .default_lock macro in case we propagate down directly
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: false) ]
+        MySubject1.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: true) ]
+        MySubject2.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: false) ]
 
-    describe 'subject_type lock' do
-      describe 'on roles' do
-        it 'overrides default lock' do
-          role_1.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          MySubject.accessible_by(ability, :read).to_a.must_be :empty?
-        end
-
-        it 'takes the most permissive of roles' do
-          role_1.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          role_2.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject_1
-        end
+        my_subject
+        my_subject1
+        my_subject2
       end
 
-      describe 'on user' do
-        it 'overrides default lock' do
-          owner.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          MySubject.accessible_by(ability, :read).to_a.must_be :empty?
-        end
-
-        it 'overrides role locks' do
-          role_1.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          owner.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject_1
-        end
+      it 'propagates from superclass to all subclasses' do
+        MySubject.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject.accessible_by(ability, :update).to_a.must_include my_subject1
+        MySubject.accessible_by(ability, :update).to_a.wont_include my_subject2
+
+        MySubject1.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject1.accessible_by(ability, :update).to_a.must_include my_subject1
+        MySubject1.accessible_by(ability, :update).to_a.wont_include my_subject2
+
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject1
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject2
       end
     end
 
     # ---------------------------------------------------------------------
 
-    describe 'subject_id lock' do
-      describe 'on roles' do
-        it 'overrides default lock' do
-          role_1.my_locks = [ MyLock.new(subject: @my_subject, action: :read, outcome: false) ]
-          MySubject1.accessible_by(ability, :read).to_a.wont_include @my_subject
-        end
-
-        it 'overrides default negative lock' do
-          MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          role_1.my_locks = [ MyLock.new(subject: @my_subject, action: :read, outcome: true) ]
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject
-        end
-
-        it 'overrides subject_type lock' do
-          role_1.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          role_2.my_locks = [ MyLock.new(subject: @my_subject, action: :read, outcome: true) ]
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject
-        end
-
-        it 'takes the most permissive of roles' do
-          role_1.my_locks = [ MyLock.new(subject: @my_subject, action: :read, outcome: true) ]
-          role_2.my_locks = [ MyLock.new(subject: @my_subject, action: :read, outcome: false) ]
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject
-        end
-
-        describe 'for subclasses' do
-          it 'overrides default negative lock' do
-            MySubject.default_locks = [ MyLock.new(subject_type: MySubject1, action: :read, outcome: false) ]
-            role_1.my_locks = [ MyLock.new(subject: @my_subject_1, action: :read, outcome: true) ]
-            MySubject.accessible_by(ability, :read).to_a.wont_include @my_subject
-            MySubject.accessible_by(ability, :read).to_a.must_include @my_subject_1
-          end
-        end
+    describe 'closed id locks' do
+      let(:role_1) { MyRole.new(my_locks: [ MyLock.new(subject: my_subject, action: :update, outcome: false) ]) }
+
+      before do
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: true) ]
+        MySubject1.default_locks = []
+        MySubject2.default_locks = []
+
+        my_subject
+        my_subject1
+        my_subject2
       end
 
-      describe 'on user' do
-        it 'overrides default lock' do
-          owner.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          MySubject.accessible_by(ability, :read).to_a.must_be :empty?
-        end
-
-        it 'overrides subject_type lock' do
-          owner.my_locks = [
-            MyLock.new(subject_type: MySubject, action: :read, outcome: false),
-            MyLock.new(subject_type: MySubject1, action: :read, outcome: true)
-          ]
-          MySubject.accessible_by(ability, :read).to_a.wont_include @my_subject
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject_1
-        end
-
-        it 'overrides role locks' do
-          role_1.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: false) ]
-          owner.my_locks = [ MyLock.new(subject_type: MySubject, action: :read, outcome: true) ]
-          MySubject.accessible_by(ability, :read).to_a.must_include @my_subject
-        end
+      it 'applies id locks' do
+        MySubject.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject.accessible_by(ability, :update).to_a.must_include my_subject1
+        MySubject.accessible_by(ability, :update).to_a.must_include my_subject2
       end
     end
 
+    describe 'open id locks' do
+      let(:role_1) { MyRole.new(my_locks: [ MyLock.new(subject: my_subject1, action: :update, outcome: true) ]) }
+
+      before do
+        MySubject.default_locks = [ MyLock.new(subject_type: MySubject, action: :update, outcome: false) ]
+        MySubject1.default_locks = []
+        MySubject2.default_locks = []
+
+        my_subject
+        my_subject1
+        my_subject2
+      end
+
+      it 'applies id locks' do
+        MySubject.accessible_by(ability, :update).to_a.wont_include my_subject
+        MySubject1.accessible_by(ability, :update).to_a.must_include my_subject1
+        MySubject2.accessible_by(ability, :update).to_a.wont_include my_subject2
+      end
+    end
   end
 end

data/test/mongoid_ability/subject_test.rb

@@ -2,7 +2,6 @@ require 'test_helper'
 
 module MongoidAbility
   describe Subject do
-
     describe '.default_lock' do
       before do
         MySubject.default_locks = []
@@ -20,17 +19,6 @@ module MongoidAbility
       end
     end
 
-    # describe 'when lock not defined on superclass' do
-    #   before do
-    #     MySubject.default_locks = []
-    #     MySubject1.default_locks = []
-    #   end
-    #
-    #   it 'must raise error' do
-    #     -> { MySubject1.default_lock MyLock, :test, true }.must_raise StandardError
-    #   end
-    # end
-
     describe 'prevents conflicts' do
       before do
         MySubject.default_locks = []
@@ -39,15 +27,15 @@ module MongoidAbility
       end
 
       it 'does not allow multiple locks for same action' do
-        MySubject.default_locks.select{ |l| l.action == :read }.count.must_equal 1
+        MySubject.default_locks.count { |l| l.action == :read }.must_equal 1
       end
 
       it 'replace existing locks with new attributes' do
-        MySubject.default_locks.detect{ |l| l.action == :read }.outcome.must_equal false
+        MySubject.default_locks.detect { |l| l.action == :read }.outcome.must_equal false
       end
 
       it 'replaces existing locks with new one' do
-        MySubject.default_locks.detect{ |l| l.action == :read }.class.must_equal MyLock1
+        MySubject.default_locks.detect { |l| l.action == :read }.class.must_equal MyLock1
       end
     end
 
@@ -57,11 +45,10 @@ module MongoidAbility
       it { MySubject2.is_root_class?.must_equal false }
     end
 
-    describe ".root_class" do
+    describe '.root_class' do
       it { MySubject.root_class.must_equal MySubject }
       it { MySubject1.root_class.must_equal MySubject }
       it { MySubject2.root_class.must_equal MySubject }
     end
-
   end
 end

data/test/support/expectations.rb

@@ -0,0 +1,4 @@
+module MongoidAbility
+  module Expectations
+  end
+end

data/test/support/test_classes/my_lock.rb

@@ -0,0 +1,15 @@
+module MongoidAbility
+  class MyLock
+    include Mongoid::Document
+    include Mongoid::Timestamps
+    include MongoidAbility::Lock
+    
+    embedded_in :owner, polymorphic: true, touch: true
+  end
+
+  class MyLock1 < MyLock
+    def calculated_outcome(opts = {})
+      opts.fetch(:override, outcome)
+    end
+  end
+end

data/test/support/test_classes/my_owner.rb

@@ -0,0 +1,21 @@
+module MongoidAbility
+  class MyOwner
+    include Mongoid::Document
+    include Mongoid::Timestamps
+    include MongoidAbility::Owner
+
+    embeds_many :my_locks, class_name: 'MongoidAbility::MyLock', as: :owner
+    has_and_belongs_to_many :my_roles
+
+    def self.locks_relation_name
+      :my_locks
+    end
+
+    def self.inherit_from_relation_name
+      :my_roles
+    end
+  end
+
+  class MyOwner1 < MyOwner
+  end
+end

data/test/support/test_classes/my_role.rb

@@ -0,0 +1,16 @@
+module MongoidAbility
+  class MyRole
+    include Mongoid::Document
+    include MongoidAbility::Owner
+
+    embeds_many :my_locks, class_name: 'MongoidAbility::MyLock', as: :owner
+    has_and_belongs_to_many :my_owners
+
+    def self.locks_relation_name
+      :my_locks
+    end
+  end
+
+  class MyRole1 < MyRole
+  end
+end

data/test/support/test_classes/my_subject.rb

@@ -0,0 +1,16 @@
+module MongoidAbility
+  class MySubject
+    include Mongoid::Document
+    include MongoidAbility::Subject
+
+    default_lock MyLock, :read, true
+    default_lock MyLock1, :update, false
+  end
+
+  class MySubject1 < MySubject
+    default_lock MyLock, :read, false
+  end
+
+  class MySubject2 < MySubject1
+  end
+end

data/test/test_helper.rb

@@ -9,8 +9,8 @@ require 'mongoid_ability'
 
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
 
-if ENV["CI"]
-  require "coveralls"
+if ENV['CI']
+  require 'coveralls'
   Coveralls.wear!
 end
 
@@ -28,3 +28,7 @@ class MiniTest::Spec
   before(:each) { DatabaseCleaner.start }
   after(:each) { DatabaseCleaner.clean }
 end
+
+class Object
+  include MongoidAbility::Expectations
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mongoid_ability
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Tomáš Celizna
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-10 00:00:00.000000000 Z
+date: 2016-01-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cancancan
@@ -42,16 +42,16 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
@@ -177,7 +177,11 @@ files:
 - test/mongoid_ability/resolve_owner_locks_test.rb
 - test/mongoid_ability/subject_accessible_by_test.rb
 - test/mongoid_ability/subject_test.rb
-- test/support/test_classes.rb
+- test/support/expectations.rb
+- test/support/test_classes/my_lock.rb
+- test/support/test_classes/my_owner.rb
+- test/support/test_classes/my_role.rb
+- test/support/test_classes/my_subject.rb
 - test/test_helper.rb
 homepage: https://github.com/tomasc/mongoid_ability
 licenses:
@@ -199,7 +203,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.8
+rubygems_version: 2.4.6
 signing_key: 
 specification_version: 4
 summary: Custom Ability class that allows CanCanCan authorization library store permissions
@@ -218,5 +222,9 @@ test_files:
 - test/mongoid_ability/resolve_owner_locks_test.rb
 - test/mongoid_ability/subject_accessible_by_test.rb
 - test/mongoid_ability/subject_test.rb
-- test/support/test_classes.rb
+- test/support/expectations.rb
+- test/support/test_classes/my_lock.rb
+- test/support/test_classes/my_owner.rb
+- test/support/test_classes/my_role.rb
+- test/support/test_classes/my_subject.rb
 - test/test_helper.rb

data/test/support/test_classes.rb

@@ -1,161 +0,0 @@
-module MongoidAbility
-  class MyLock
-    include Mongoid::Document
-    include MongoidAbility::Lock
-    embedded_in :owner, polymorphic: true
-  end
-
-  class MyLock1 < MyLock
-    def calculated_outcome opts={}
-      opts.fetch(:override, outcome)
-    end
-  end
-
-  # ---------------------------------------------------------------------
-
-  class MySubject
-    include Mongoid::Document
-    include MongoidAbility::Subject
-
-    default_lock MyLock, :read, true
-    default_lock MyLock1, :update, false
-  end
-
-  class MySubject1 < MySubject
-    default_lock MyLock, :read, false
-  end
-
-  class MySubject2 < MySubject1
-  end
-
-  # ---------------------------------------------------------------------
-
-  class MyOwner
-    include Mongoid::Document
-    include MongoidAbility::Owner
-
-    embeds_many :my_locks, class_name: 'MongoidAbility::MyLock', as: :owner
-    has_and_belongs_to_many :my_roles
-
-    def self.locks_relation_name
-      :my_locks
-    end
-
-    def self.inherit_from_relation_name
-      :my_roles
-    end
-  end
-
-  class MyOwner1 < MyOwner
-  end
-
-  # ---------------------------------------------------------------------
-
-  class MyRole
-    include Mongoid::Document
-    include MongoidAbility::Owner
-
-    embeds_many :my_locks, class_name: 'MongoidAbility::MyLock', as: :owner
-    has_and_belongs_to_many :my_owners
-
-    def self.locks_relation_name
-      :my_locks
-    end
-  end
-
-  class MyRole1 < MyRole
-  end
-end
-
-
-
-
-
-
-
-# class TestLock
-#   include Mongoid::Document
-#   include MongoidAbility::Lock
-#
-#   embedded_in :owner, polymorphic: true
-# end
-#
-# class TestLockSub < TestLock
-# end
-#
-# # ---------------------------------------------------------------------
-#
-# class TestOwnerSuper
-#   include Mongoid::Document
-#   include MongoidAbility::Owner
-#
-#   embeds_many :test_locks, class_name: 'TestLock', as: :owner
-# end
-#
-# class TestOwner < TestOwnerSuper
-# end
-#
-# # ---------------------------------------------------------------------
-#
-# class SubjectTest
-#   include Mongoid::Document
-#   include MongoidAbility::Subject
-#
-#   default_lock :read, true
-# end
-#
-# class SubjectTestOne < SubjectTest
-# end
-#
-# class SubjectTestTwo < SubjectTest
-# end
-#
-# class SubjectSingleTest
-#   include Mongoid::Document
-#   include MongoidAbility::Subject
-#
-#   default_lock :read, true
-# end
-#
-# # ---------------------------------------------------------------------
-#
-# class TestAbilityResolverSubject
-#   include Mongoid::Document
-#   include MongoidAbility::Subject
-#
-#   default_lock :read, true
-# end
-#
-# class TestAbilitySubjectSuper2
-#   include Mongoid::Document
-#   include MongoidAbility::Subject
-#
-#   default_lock :read, false
-#   default_lock :update, true
-# end
-#
-# class TestAbilitySubjectSuper1 < TestAbilitySubjectSuper2
-# end
-#
-# class TestAbilitySubject < TestAbilitySubjectSuper1
-# end
-#
-# # ---------------------------------------------------------------------
-#
-# class TestRole
-#   include Mongoid::Document
-#   include MongoidAbility::Owner
-#
-#   field :name, type: String
-#
-#   embeds_many :test_locks, class_name: 'TestLock', as: :owner
-#   has_and_belongs_to_many :users, class_name: 'TestUser'
-# end
-#
-# class TestUser
-#   include Mongoid::Document
-#   include MongoidAbility::Owner
-#
-#   embeds_many :test_locks, class_name: 'TestLock', as: :owner
-#   has_and_belongs_to_many :roles, class_name: 'TestRole'
-# end