mongoid_ability 1.0.0 → 2.0.0

data/lib/mongoid_ability/find_lock.rb

@@ -0,0 +1,71 @@
+module MongoidAbility
+  # finds first lock that controls specified params
+
+  class FindLock < Struct.new(:owner, :action, :subject_type, :subject_id, :options)
+    def self.call(*args)
+      new(*args).call
+    end
+
+    def initialize(owner, action, subject_type, subject_id = nil, options = {})
+      super(owner, action, subject_type.to_s, subject_id, options)
+    end
+
+    def call
+      lock = nil
+      subject_class.self_and_ancestors_with_default_locks.each do |cls|
+        break if lock = FindOwnedLock.call(owner, action, cls, subject_id, options)
+        break if lock = FindInheritedLock.call(owner, action, cls, subject_id, options)
+        break if lock = FindDefaultLock.call(owner, action, cls, subject_id, options)
+      end
+      lock
+    end
+
+    private
+
+    def subject_class
+      subject_type.constantize
+    end
+
+    # ---------------------------------------------------------------------
+
+    class FindDefaultLock < FindLock
+      def call
+        locks = subject_class.default_locks.for_action(action)
+        locks.compact.detect(&:closed?) || locks.compact.detect(&:open?)
+      end
+    end
+
+    class FindInheritedLock < FindLock
+      def call
+        return unless owner.respond_to?(owner.class.inherit_from_relation_name)
+        locks = LocksDecorator.new(
+          owner.inherit_from_relation
+                .flat_map { |inherited_owner| FindOwnedLock.call(inherited_owner, action, subject_type, subject_id, options) }
+        )
+
+        if subject_id.present?
+          lock = locks.for_subject_id(subject_id).detect(&:closed?) ||
+                 locks.for_subject_id(subject_id).detect(&:open?)
+          return lock unless lock.nil?
+        end
+
+        locks.class_locks.detect(&:open?) || locks.class_locks.detect(&:closed?)
+      end
+    end
+
+    class FindOwnedLock < FindLock
+      def call
+        return unless owner.respond_to?(:locks_relation)
+        locks = owner.locks_relation.for_action(action).for_subject_type(subject_type)
+
+        if subject_id.present?
+          lock = locks.for_subject_id(subject_id).detect(&:closed?) ||
+                 locks.for_subject_id(subject_id).detect(&:open?)
+          return lock unless lock.nil?
+        end
+
+        locks.class_locks.detect(&:closed?) || locks.class_locks.detect(&:open?)
+      end
+    end
+  end
+end

data/lib/mongoid_ability/lock.rb

@@ -46,32 +46,24 @@ module MongoidAbility
     end
 
     concerning :Outcome do
-      # NOTE: override for more complicated results
-      def calculated_outcome(_options = {})
+      def open?
         outcome
       end
 
-      def open?(options = {})
-        calculated_outcome(options) == true
-      end
-
-      def closed?(options = {})
-        !open?(options)
+      def closed?
+        !open?
       end
     end
 
+    # calculates outcome as if this lock is not present
     concerning :InheritedOutcome do
-      # calculates outcome as if this lock is not present
-      def inherited_outcome(options = default_options)
-        return calculated_outcome(options) unless owner.present?
+      def inherited_outcome(options = {})
+        return outcome unless owner.present?
         cloned_owner = owner.clone
         cloned_owner.locks_relation = cloned_owner.locks_relation - [self]
-        MongoidAbility::Ability.new(cloned_owner).can? action, (subject.present? ? subject : subject_class), options
-      end
+        cloned_ability = MongoidAbility::Ability.new(cloned_owner)
 
-      # used when calculating inherited outcome
-      def default_options
-        {}
+        cloned_ability.can?(action, (subject.present? ? subject : subject_class), options)
       end
     end
 
@@ -80,5 +72,22 @@ module MongoidAbility
         subject_type.constantize
       end
     end
+
+    concerning :Group do
+      def group_key_for_calc
+        [subject_type, subject_id, action, options]
+      end
+    end
+
+    concerning :Sort do
+      class_methods do
+        def sort
+          -> (a, b) {
+            [a.subject_type, a.subject_id.to_s, a.action, (a.outcome ? -1 : 1)] <=>
+              [b.subject_type, b.subject_id.to_s, b.action, (b.outcome ? -1 : 1)]
+          }
+        end
+      end
+    end
   end
 end

data/lib/mongoid_ability/locks_decorator.rb

@@ -0,0 +1,45 @@
+module MongoidAbility
+  # adds scope-like methods on top of an Array containing locks
+
+  class LocksDecorator < SimpleDelegator
+    def for_action(action)
+      compact.select do |lock|
+        lock.action == action.to_sym
+      end
+    end
+
+    def for_subject_type(subject_type)
+      compact.select do |lock|
+        lock.subject_type == subject_type.to_s
+      end
+    end
+
+    def for_subject_types(subject_types)
+      subject_types = Array(subject_types).map(&:to_s)
+      compact.select do |lock|
+        subject_types.include?(lock.subject_type)
+      end
+    end
+
+    def for_subject_id(subject_id)
+      compact.select do |lock|
+        lock.subject_id == BSON::ObjectId.from_string(subject_id)
+      end
+    end
+
+    def for_subject(subject)
+      compact.select do |lock|
+        lock.subject_type == subject.class.model_name &&
+          lock.subject_id == subject.id
+      end
+    end
+
+    def class_locks
+      compact.select(&:class_lock?)
+    end
+
+    def id_locks
+      compact.select(&:id_lock?)
+    end
+  end
+end

data/lib/mongoid_ability/owner.rb

@@ -3,7 +3,9 @@ module MongoidAbility
     def self.included(base)
       base.extend ClassMethods
       base.class_eval do
-        delegate :can?, :cannot?, to: :ability
+        delegate  :can?, :cannot?,
+                  to: :ability
+
         before_save :cleanup_locks
       end
     end
@@ -19,14 +21,17 @@ module MongoidAbility
     end
 
     def locks_relation
+      return unless respond_to?(self.class.locks_relation_name)
       send(self.class.locks_relation_name)
     end
 
     def locks_relation=(val)
+      return unless respond_to?("#{self.class.locks_relation_name}=")
       send "#{self.class.locks_relation_name}=", val
     end
 
     def inherit_from_relation
+      return unless respond_to?(self.class.inherit_from_relation_name)
       send(self.class.inherit_from_relation_name)
     end
 
@@ -36,14 +41,29 @@ module MongoidAbility
 
     def has_lock?(lock)
       @has_lock ||= {}
-      @has_lock[lock] ||= locks_relation.where(action: lock.action, subject_type: lock.subject_type, subject_id: lock.subject_id.presence).cache.exists?
+
+      return @has_lock[lock.id.to_s] if @has_lock.key?(lock.id.to_s)
+
+      @has_lock[lock.id.to_s] ||= begin
+        locks_relation.where(
+          subject_type: lock.subject_type,
+          subject_id: lock.subject_id.presence,
+          action: lock.action,
+          options: lock.options
+        ).exists?
+      end
     end
 
     private
 
     def cleanup_locks
       locks_relation.select(&:open?).each do |lock|
-        lock.destroy if locks_relation.where(action: lock.action, subject_type: lock.subject_type, subject_id: lock.subject_id).any?(&:closed?)
+        lock.destroy if locks_relation.where(
+          subject_type: lock.subject_type,
+          subject_id: lock.subject_id.presence,
+          action: lock.action,
+          options: lock.options
+        ).any?(&:closed?)
       end
     end
   end

data/lib/mongoid_ability/subject.rb

@@ -3,12 +3,18 @@ module MongoidAbility
     def self.included(base)
       base.extend ClassMethods
       base.class_eval do
+        # always set the _type field as it is used by :accessible_by queries
+        field :_type, type: String, default: model_name
       end
     end
 
     module ClassMethods
       def default_locks
-        @default_locks ||= []
+        @default_locks ||= LocksDecorator.new([])
+      end
+
+      def reset_default_locks!
+        @default_locks = LocksDecorator.new([])
       end
 
       def default_locks=(locks)
@@ -19,16 +25,14 @@ module MongoidAbility
         lock = lock_cls.new(subject_type: to_s, action: action, outcome: outcome, options: options)
 
         # remove any existing locks
-        if existing_lock = default_locks.detect { |l| l.action == lock.action }
+        if existing_lock = default_locks.detect { |l| l.action == lock.action && l.options == lock.options }
           default_locks.delete(existing_lock)
         end
 
         # add new lock
-        default_locks.push lock
+        default_locks.push(lock)
       end
 
-      # ---------------------------------------------------------------------
-
       def self_and_ancestors_with_default_locks
         ancestors.select { |a| a.is_a?(Class) && a.respond_to?(:default_locks) }
       end
@@ -45,24 +49,8 @@ module MongoidAbility
         self_and_ancestors_with_default_locks.last
       end
 
-      # ---------------------------------------------------------------------
-
-      def default_lock_for_action(action)
-        default_locks.detect { |lock| lock.action == action.to_sym }
-      end
-
       def has_default_lock_for_action?(action)
-        default_lock_for_action(action).present?
-      end
-
-      # ---------------------------------------------------------------------
-
-      def accessible_by(ability, action = :read, options = {})
-        AccessibleQueryBuilder.call(self, ability, action, options)
-      end
-
-      def values_for_accessible_query(ability, action = :read, options = {})
-        ValuesForAccessibleQuery.call(self, ability, action, options)
+        default_locks.for_action(action).present?
       end
     end
   end

data/lib/mongoid_ability/version.rb

@@ -1,3 +1,3 @@
 module MongoidAbility
-  VERSION = '1.0.0'.freeze
+  VERSION = '2.0.0'.freeze
 end

data/test/cancancan/model_adapters/mongoid_adapter_options_test.rb

@@ -0,0 +1,102 @@
+require 'test_helper'
+
+module CanCan
+  module ModelAdapters
+    describe MongoidAdapter do
+      describe '.accessible_by' do
+        let(:owner) { MyOwner.new }
+        let(:ability) { MongoidAbility::Ability.new(owner) }
+        let(:subject1) { MySubject.new }
+
+        before do
+          subject1.save!
+          subject2.save!
+        end
+
+        describe 'Boolean' do
+          let(:subject2) { MySubject.new(override: true) }
+
+          describe 'positive' do
+            before(:all) { MySubject.default_lock MyLock, :read, true, override: true }
+
+            it { MySubject.accessible_by(ability).wont_include subject1 }
+            it { MySubject.accessible_by(ability).must_include subject2 }
+          end
+
+          describe 'negative' do
+            before(:all) do
+              MySubject.default_lock MyLock, :read, true
+              MySubject.default_lock MyLock, :read, false, override: true
+            end
+
+            it { MySubject.accessible_by(ability).must_include subject1 }
+            it { MySubject.accessible_by(ability).wont_include subject2 }
+          end
+        end
+
+        describe 'String' do
+          let(:subject2) { MySubject.new(str_val: "Jan Tschichold") }
+
+          describe 'positive' do
+            before(:all) { MySubject.default_lock MyLock, :read, true, str_val: 'Jan Tschichold' }
+
+            it { MySubject.accessible_by(ability).wont_include subject1 }
+            it { MySubject.accessible_by(ability).must_include subject2 }
+          end
+
+          describe 'negative' do
+            before(:all) do
+              MySubject.default_lock MyLock, :read, true
+              MySubject.default_lock MyLock, :read, false, str_val: 'Jan Tschichold'
+            end
+
+            it { MySubject.accessible_by(ability).must_include subject1 }
+            it { MySubject.accessible_by(ability).wont_include subject2 }
+          end
+        end
+
+        describe 'Regexp' do
+          let(:subject2) { MySubject.new(str_val: "Jan Tschichold") }
+
+          describe 'positive' do
+            before(:all) { MySubject.default_lock MyLock, :read, true, str_val: /tschichold/i }
+
+            it { MySubject.accessible_by(ability).wont_include subject1 }
+            it { MySubject.accessible_by(ability).must_include subject2 }
+          end
+
+          describe 'negative' do
+            before(:all) do
+              MySubject.default_lock MyLock, :read, true
+              MySubject.default_lock MyLock, :read, false, str_val: /tschichold/i
+            end
+
+            it { MySubject.accessible_by(ability).must_include subject1 }
+            it { MySubject.accessible_by(ability).wont_include subject2 }
+          end
+        end
+
+        describe 'Array' do
+          let(:subject2) { MySubject.new(str_val: "John") }
+
+          describe 'positive' do
+            before(:all) { MySubject.default_lock MyLock, :read, true, str_val: %w(John Paul George Ringo) }
+
+            it { MySubject.accessible_by(ability).wont_include subject1 }
+            it { MySubject.accessible_by(ability).must_include subject2 }
+          end
+
+          describe 'negative' do
+            before(:all) do
+              MySubject.default_lock MyLock, :read, true
+              MySubject.default_lock MyLock, :read, false, str_val: %w(John Paul George Ringo)
+            end
+
+            it { MySubject.accessible_by(ability).must_include subject1 }
+            it { MySubject.accessible_by(ability).wont_include subject2 }
+          end
+        end
+      end
+    end
+  end
+end

data/test/cancancan/model_adapters/mongoid_adapter_test.rb

@@ -0,0 +1,207 @@
+require 'test_helper'
+
+module CanCan
+  module ModelAdapters
+    describe MongoidAdapter do
+      describe '.accessible_by' do
+        let(:my_subject) { MySubject.new }
+        let(:my_subject1) { MySubject1.new }
+        let(:my_subject11) { MySubject11.new }
+        let(:my_subject2) { MySubject2.new }
+        let(:my_subject21) { MySubject21.new }
+
+        let(:role_1) { MyRole.new }
+        let(:role_2) { MyRole.new }
+        let(:owner) { MyOwner.new(my_roles: [role_1, role_2]) }
+        let(:ability) { MongoidAbility::Ability.new(owner) }
+
+        before do
+          my_subject.save!
+          my_subject1.save!
+          my_subject11.save!
+          my_subject2.save!
+          my_subject21.save!
+        end
+
+        describe 'subject type locks' do
+          describe 'default open locks' do
+            before { MySubject.default_lock MyLock, :read, true }
+
+            it { MySubject.accessible_by(ability, :read).to_a.must_include my_subject }
+            it { MySubject.accessible_by(ability, :read).to_a.must_include my_subject1 }
+            it { MySubject.accessible_by(ability, :read).to_a.must_include my_subject2 }
+
+            it { MySubject1.accessible_by(ability, :read).to_a.wont_include my_subject }
+            it { MySubject1.accessible_by(ability, :read).to_a.must_include my_subject1 }
+            it { MySubject1.accessible_by(ability, :read).to_a.must_include my_subject2 }
+
+            it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject }
+            it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject1 }
+            it { MySubject2.accessible_by(ability, :read).to_a.must_include my_subject2 }
+          end
+
+          describe 'default closed locks' do
+            before { MySubject.default_lock MyLock, :read, false }
+
+            it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject }
+            it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject1 }
+            it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+
+            it { MySubject1.accessible_by(ability, :read).to_a.wont_include my_subject }
+            it { MySubject1.accessible_by(ability, :read).to_a.wont_include my_subject1 }
+            it { MySubject1.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+
+            it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject }
+            it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject1 }
+            it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+
+            it { MySubject.accessible_by(ability, :read).selector.must_equal({}) }
+          end
+
+          describe 'default combined locks' do
+            before(:all) do
+              MySubject.default_lock MyLock, :read, false
+              MySubject1.default_lock MyLock, :read, true
+              MySubject2.default_lock MyLock, :read, false
+            end
+
+            it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject }
+            it { MySubject.accessible_by(ability, :read).to_a.must_include my_subject1 }
+            it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+
+            it { MySubject1.accessible_by(ability, :read).to_a.must_include my_subject1 }
+            it { MySubject1.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+
+            it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+          end
+
+          describe 'combined locks' do
+            before(:all) do
+              MySubject.default_lock MyLock, :read, true
+            end
+
+            let(:lock) { MyLock.new(subject_type: MySubject1, action: :read, outcome: false) }
+            let(:role) { MyRole.new(my_locks: [lock]) }
+            let(:owner) { MyOwner.new(my_roles: [role]) }
+
+            it { MySubject.accessible_by(ability, :read).to_a.must_include my_subject }
+            it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject1 }
+            it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+
+            it { MySubject1.accessible_by(ability, :read).to_a.wont_include my_subject1 }
+            it { MySubject1.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+
+            it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+          end
+        end
+
+        describe 'conditions locks' do
+          describe 'subject locks' do
+            describe 'closed id locks' do
+              let(:lock) { MyLock.new(subject: my_subject, action: :read, outcome: false) }
+              let(:role_1) { MyRole.new(my_locks: [lock]) }
+
+              before(:all) do
+                MySubject.default_lock MyLock, :read, true
+              end
+
+              it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject }
+              it { MySubject.accessible_by(ability, :read).to_a.must_include my_subject1 }
+              it { MySubject.accessible_by(ability, :read).to_a.must_include my_subject2 }
+            end
+
+            describe 'open id locks' do
+              let(:lock) { MyLock.new(subject: my_subject1, action: :read, outcome: true) }
+              let(:role_1) { MyRole.new(my_locks: [lock]) }
+
+              before(:all) do
+                MySubject.default_lock MyLock, :read, false
+              end
+
+              it { MySubject.accessible_by(ability, :read).to_a.wont_include my_subject }
+              it { MySubject1.accessible_by(ability, :read).to_a.must_include my_subject1 }
+              it { MySubject2.accessible_by(ability, :read).to_a.wont_include my_subject2 }
+            end
+
+            describe 'closed types & open ids' do
+              let(:lock_1) { MyLock.new(subject_type: MySubject, action: :read, outcome: false) }
+              let(:lock_2) { MyLock.new(subject: my_subject, action: :read, outcome: true) }
+              let(:lock_3) { MyLock.new(subject: my_subject1, action: :read, outcome: true) }
+
+              let(:owner) { MyOwner.new(my_locks: [lock_1, lock_2, lock_3]) }
+
+              it { MySubject.accessible_by(ability, :read).must_include my_subject }
+              it { MySubject.accessible_by(ability, :read).must_include my_subject1 }
+            end
+          end
+
+          describe 'arbitrary conditions' do
+            describe 'positive' do
+              let(:my_subject1) { MySubject1.new(override: true) }
+
+              before(:all) { MySubject.default_lock MyLock, :read, true, override: true }
+
+              it { MySubject.accessible_by(ability, :read).to_a.wont_include(my_subject) }
+              it { MySubject.accessible_by(ability, :read).to_a.must_include(my_subject1) }
+              it { MySubject.accessible_by(ability, :read).to_a.wont_include(my_subject2) }
+
+              it { MySubject1.accessible_by(ability, :read).to_a.wont_include(my_subject) }
+              it { MySubject1.accessible_by(ability, :read).to_a.must_include(my_subject1) }
+              it { MySubject1.accessible_by(ability, :read).to_a.wont_include(my_subject2) }
+
+              it { MySubject2.accessible_by(ability, :read).to_a.wont_include(my_subject) }
+              it { MySubject2.accessible_by(ability, :read).to_a.wont_include(my_subject1) }
+              it { MySubject2.accessible_by(ability, :read).to_a.wont_include(my_subject2) }
+            end
+
+            describe 'negative' do
+              let(:my_subject1) { MySubject1.new(override: true) }
+
+              before(:all) do
+                MySubject.default_lock MyLock, :read, true
+                MySubject.default_lock MyLock, :read, false, override: true
+              end
+
+              it { MySubject.accessible_by(ability, :read).to_a.must_include(my_subject) }
+              it { MySubject.accessible_by(ability, :read).to_a.wont_include(my_subject1) }
+              it { MySubject.accessible_by(ability, :read).to_a.must_include(my_subject2) }
+
+              it { MySubject1.accessible_by(ability, :read).to_a.wont_include(my_subject) }
+              it { MySubject1.accessible_by(ability, :read).to_a.wont_include(my_subject1) }
+              it { MySubject1.accessible_by(ability, :read).to_a.must_include(my_subject2) }
+
+              it { MySubject2.accessible_by(ability, :read).to_a.wont_include(my_subject) }
+              it { MySubject2.accessible_by(ability, :read).to_a.wont_include(my_subject1) }
+              it { MySubject2.accessible_by(ability, :read).to_a.must_include(my_subject2) }
+            end
+          end
+        end
+
+        describe 'prefix' do
+          let(:lock_1) { MyLock.new(subject: my_subject1, action: :read, outcome: true) }
+          let(:lock_2) { MyLock.new(subject: my_subject2, action: :read, outcome: false) }
+          let(:role_1) { MyRole.new(my_locks: [lock_1, lock_2]) }
+
+          let(:prefix) { :subject }
+          let(:selector) { MySubject.accessible_by(ability, :read, prefix: prefix).selector }
+
+          before(:all) do
+            MySubject.default_lock MyLock, :read, true
+          end
+
+          it 'allows to pass prefix' do
+            selector.must_equal(
+              '$and' => [
+                { '$or' => [
+                  { 'subject_type' => { '$nin' => [] } },
+                  { 'subject_id' => my_subject1.id }
+                ] },
+                { 'subject_id' => { '$ne' => my_subject2.id } }
+              ]
+            )
+          end
+        end
+      end
+    end
+  end
+end