RubyGems - mongoid_ability - Versions diffs - 0.0.1 → 0.0.2 - Mend

mongoid_ability 0.0.1 → 0.0.2

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +5 -5
data/lib/mongoid_ability/ability.rb +31 -3
data/lib/mongoid_ability/ability_resolver.rb +6 -51
data/lib/mongoid_ability/version.rb +1 -1
data/test/mongoid_ability/ability_resolver_test.rb +6 -136
data/test/mongoid_ability/ability_test.rb +70 -1
data/test/mongoid_ability/subject_test.rb +6 -6
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1c92cfc98a8f67825aeaad355026c5f72ae43663
-  data.tar.gz: e571fe34334634fba9f92751354d775af59e4439
+  metadata.gz: f9a16f215f974b85cd17bd6675d923602799f392
+  data.tar.gz: 279a119c7ffab5ff22f94dd0879f835167013341
 SHA512:
-  metadata.gz: 80315b4061b1a1700d2a5ac4980972203afe88060731315954ef6ec0e6b2bdd6a7094d8f7f2f32bc53385fbb01e7ee29d923d8da10dc562fb39b4b54b748de01
-  data.tar.gz: dd66e44b4e6e513be6e5d128ca8a50457f103071abc759972cbf04f849d5ecabffc875e4fa082455fdd7c60682cb336e0634c37cc99f760bb219eb2104f023af
+  metadata.gz: 1c3d0e88ad2427638da638689a72f19c2d6ba605aa9a0e0c4355dd57f44d5cc3940daa82e0658a029eb0a66baba24f04f63349bb3a3de9440c9171dab2681966
+  data.tar.gz: f1f8f836c9961bf9c114fb63993d9a99512deabb5cd09b85a028bceec24c9cc644aaf88a90e1c68a42eeeada20f074b9fe6330c81a30eb445a322cdf87f0d436

data/README.md CHANGED Viewed

@@ -30,7 +30,7 @@ The permissions are defined by a `Lock` that applies to a `Subject` and defines
 ### Lock
-A `Lock` class can be any class that include `MongoidAbility::Lock`.
+A `Lock` class can be any class that include `MongoidAbility::Lock`. There should be only one such class in an application.
 ```ruby
 class MyLock
@@ -65,7 +65,7 @@ The lock class can be further subclassed in order to customise its behavior, for
 ### Subject
-All subjects (classes which permissions you want to control) have to include the `MongoidAbility::Subject` module.
+All subjects (classes which permissions you want to control) will include the `MongoidAbility::Subject` module.
 Each action and its default outcome, needs to be defined using the `.default_lock` macro.
@@ -90,7 +90,7 @@ MySubject.accessible_by(ability, :read)
 ### Owner
-This gem supports two levels of ownership of a lock: a `User` and its many `Role`s. The locks can be either embedded (via `.embeds_many`) or associated (via `.has_many`). Please make sure to include the `as: :owner` option.
+This gem supports two levels of ownership of a lock: a `User` and its many `Role`s. The locks can be either embedded (via `.embeds_many`) or associated (via `.has_many`). Make sure to include the `as: :owner` option.
 ```ruby
 class MyUser
@@ -123,7 +123,7 @@ The owner also gains the `#can?` and `#cannot?` methods, that are delegate to th
 ```ruby
 current_user.can?(:read, resource)
-other_user.can?(:read, resource)
+other_user.can?(:read, ResourceClass)
 ```
 ### CanCanCan
@@ -134,7 +134,7 @@ The default `:current_ability` defined by [CanCanCan](https://github.com/CanCanC
 1. Setup subject classes and their default locks.
 2. Define permissions using lock objects embedded (or associated to) either in user or role.
-3. Use standard [CanCanCan](https://github.com/CanCanCommunity/cancancan) helpers (`authorize!`, `can?`, `cannot?`) to authorize the current user.
+3. Use standard [CanCanCan](https://github.com/CanCanCommunity/cancancan) helpers (`.authorize!`, `#can?`, `#cannot?`) to authorize the current user.
 ## How it works?

data/lib/mongoid_ability/ability.rb CHANGED Viewed

@@ -4,8 +4,6 @@ module MongoidAbility
   class Ability
     include CanCan::Ability
-    # ---------------------------------------------------------------------
     attr_reader :user
@@ -17,13 +15,43 @@ module MongoidAbility
       can do |action, subject_type, subject|
         subject_class = subject_type.to_s.constantize
         outcome = nil
         subject_class.self_and_ancestors_with_default_locks.each do |cls|
-          outcome = AbilityResolver.new(user, action, cls.to_s, subject).outcome
+          outcome = combined_outcome(user, action, cls, subject)
           break unless outcome.nil?
         end
         outcome
       end
     end
+    private # =============================================================
+    def combined_outcome  user, action, cls, subject
+      uo = user_outcome(user, action, cls, subject)
+      return uo unless uo.nil?
+      ro = user.roles_relation.collect{ |role| AbilityResolver.new(role, action, cls.to_s, subject).outcome }.compact
+      return ro.any?{ |i| i == true } unless ro.empty?
+      class_outcome(cls, action)
+    end
+    # ---------------------------------------------------------------------
+    def user_outcome user, action, cls, subject
+      AbilityResolver.new(user, action, cls.to_s, subject).outcome
+    end
+    def role_outcome role, action, cls, subject
+      AbilityResolver.new(role, action, cls.to_s, subject).outcome
+    end
+    def class_outcome subject_class, action
+      class_locks = subject_class.default_locks.select{ |l| l.action == action }
+      return false if class_locks.any?(&:closed?)
+      return true if class_locks.any?(&:open?)
+    end
   end
 end

data/lib/mongoid_ability/ability_resolver.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module MongoidAbility
   class AbilityResolver
-    def initialize user, action, subject_type, subject=nil
+    def initialize owner, action, subject_type, subject=nil
       @subject_class = subject_type.to_s.constantize
       raise StandardError, "#{subject_type} class does not have default locks" unless @subject_class.respond_to?(:default_locks)
@@ -9,7 +9,7 @@ module MongoidAbility
         cls.default_locks.any?{ |l| l.action == action }
       end
-      @user = user
+      @owner = owner
       @action = action.to_sym
       @subject_type = subject_type.to_s
       @subject = subject
@@ -19,68 +19,23 @@ module MongoidAbility
     # ---------------------------------------------------------------------
     def outcome
-      ua = user_outcome
-      return ua unless ua.nil?
-      ra = roles_outcome
-      return ra unless ra.nil?
-      class_outcome
-    end
-    # ---------------------------------------------------------------------
-    def user_outcome
-      locks_for_subject_type = @user.locks_relation.for_action(@action).for_subject_type(@subject_type)
+      locks_for_subject_type = @owner.locks_relation.for_action(@action).for_subject_type(@subject_type)
       return unless locks_for_subject_type.exists?
-      # return outcome if user defines lock for id
+      # return outcome if owner defines lock for id
       if @subject.present?
         id_locks = locks_for_subject_type.id_locks.for_subject_id(@subject_id)
         return false if id_locks.any?(&:closed?)
         return true if id_locks.any?(&:open?)
       end
-      # return outcome if user defines lock for subject_type
+      # return outcome if owner defines lock for subject_type
       class_locks = locks_for_subject_type.class_locks
       return false if class_locks.class_locks.any?(&:closed?)
       return true if class_locks.class_locks.any?(&:open?)
-    end
-    # ---------------------------------------------------------------------
-    def roles_outcome
-      locks_for_subject_type = @user.roles_relation.collect(&@user.class.locks_relation_name).flatten.select{ |l| l.subject_type == @subject_type && l.action == @action }
-      return unless locks_for_subject_type.present?
-      # return outcome if any role defines lock for id
-      if @subject.present?
-        id_locks = locks_for_subject_type.select{ |l| l.subject_id == @subject_id }
-        # for same role, prefer closed lock
-        id_locks = id_locks.reject{ |l| l.open? && id_locks.any?{ |ol| ol.closed? && ol.owner == l.owner } }
-        # across multiple roles, prefer open lock
-        return true if id_locks.any?(&:open?)
-        return false if id_locks.any?(&:closed?)
-      end
-      # for same role prefer closed lock
-      class_locks = locks_for_subject_type.reject(&:id_lock?)
-      class_locks = class_locks.reject{ |l| l.open? && class_locks.any?{ |ol| ol.closed? && ol.owner == l.owner } }
-      # across multiple roles, prefer open lock
-      return true if class_locks.any?(&:open?)
-      return false if class_locks.any?(&:closed?)
-    end
-    # ---------------------------------------------------------------------
-    def class_outcome
-      class_locks = @subject_class.default_locks.select{ |l| l.action == @action }
-      return false if class_locks.any?(&:closed?)
-      return true if class_locks.any?(&:open?)
+      nil
     end
   end

data/lib/mongoid_ability/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module MongoidAbility
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/test/mongoid_ability/ability_resolver_test.rb CHANGED Viewed

@@ -29,45 +29,13 @@ module MongoidAbility
         end
       end
     end
-    # ---------------------------------------------------------------------
-    describe '#outcome' do
-      describe 'when locks on both user and its roles' do
-        before do
-          user.roles = [
-            role_sysop.tap { |r| r.test_locks = [
-              TestLock.new(action: :read, outcome: true, subject_type: TestAbilityResolverSubject.to_s)
-            ]}
-          ]
-          user.test_locks = [
-            TestLock.new(action: :read, outcome: false, subject_type: TestAbilityResolverSubject.to_s)
-          ]
-        end
-        it 'prefers users locks' do
-          subject.outcome.must_equal false
-        end
-      end
-      describe 'when locks on roles and on class' do
-        before do
-          user.roles = [
-            role_sysop.tap { |r| r.test_locks = [
-              TestLock.new(action: :read, outcome: false, subject_type: TestAbilityResolverSubject.to_s)
-            ]}
-          ]
-        end
-        it 'prefers role locks' do
-          subject.outcome.must_equal false
-        end
-      end
-    end
     # ---------------------------------------------------------------------
-    describe '#user_outcome' do
+    describe '#outcome' do
       describe 'no locks' do
         it 'returns nil if no locks for subject_type and action exists' do
-          subject.user_outcome.must_be_nil
+          subject.outcome.must_be_nil
         end
       end
@@ -76,7 +44,7 @@ module MongoidAbility
           user.test_locks = [
             TestLock.new(action: :read, subject: ability_resolver_subject, outcome: true)
           ]
-          subject_with_id.user_outcome.must_equal true
+          subject_with_id.outcome.must_equal true
         end
         it 'prefers negative outcome' do
@@ -84,7 +52,7 @@ module MongoidAbility
             TestLock.new(action: :read, subject: ability_resolver_subject, outcome: true),
             TestLock.new(action: :read, subject: ability_resolver_subject, outcome: false)
           ]
-          subject_with_id.user_outcome.must_equal false
+          subject_with_id.outcome.must_equal false
         end
       end
@@ -93,7 +61,7 @@ module MongoidAbility
           user.test_locks = [
             TestLock.new(action: :read, subject_type: TestAbilityResolverSubject.to_s, outcome: true)
           ]
-          subject.user_outcome.must_equal true
+          subject.outcome.must_equal true
         end
         it 'prefers negative outcome' do
@@ -101,105 +69,7 @@ module MongoidAbility
             TestLock.new(action: :read, subject_type: TestAbilityResolverSubject.to_s, outcome: true),
             TestLock.new(action: :read, subject_type: TestAbilityResolverSubject.to_s, outcome: false)
           ]
-          subject.user_outcome.must_equal false
-        end
-      end
-    end
-    # ---------------------------------------------------------------------
-    describe '#roles_outcome' do
-      describe 'no locks' do
-        it 'returns nil if no locks for subject_type exist in any of user roles' do
-          subject.roles_outcome.must_be_nil
-        end
-      end
-      describe 'id locks' do
-        it 'returns outcome' do
-          user.roles = [
-            role_sysop.tap{ |r| r.test_locks = [
-              TestLock.new(subject: ability_resolver_subject, action: :read, outcome: true)
-            ]},
-            role_editor
-          ]
-          subject_with_id.roles_outcome.must_equal true
-        end
-        it 'prefers negative outcome across one role' do
-          user.roles = [
-            role_sysop.tap{ |r| r.test_locks = [
-              TestLock.new(subject: ability_resolver_subject, action: :read, outcome: true),
-              TestLock.new(subject: ability_resolver_subject, action: :read, outcome: false)
-            ]},
-            role_editor
-          ]
-          subject_with_id.roles_outcome.must_equal false
-        end
-        it 'prefers positive outcome across multiple roles' do
-          user.roles = [
-            role_sysop.tap{ |r| r.test_locks = [
-              TestLock.new(subject: ability_resolver_subject, action: :read, outcome: true)
-            ]},
-            role_editor.tap{ |r| r.test_locks = [
-              TestLock.new(subject: ability_resolver_subject, action: :read, outcome: false)
-            ]}
-          ]
-          subject_with_id.roles_outcome.must_equal true
-        end
-      end
-      describe 'class locks' do
-        it 'returns outcome' do
-          user.roles = [
-            role_sysop.tap{ |r| r.test_locks = [
-              TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: true)
-            ]},
-            role_editor
-          ]
-          subject.roles_outcome.must_equal true
-        end
-        it 'prefers negative outcome across one role' do
-          user.roles = [
-            role_sysop.tap{ |r| r.test_locks = [
-              TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: true),
-              TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: false)
-            ]},
-            role_editor
-          ]
-          subject.roles_outcome.must_equal false
-        end
-        it 'prefers positive outcome across multiple roles' do
-          user.roles = [
-            role_sysop.tap{ |r| r.test_locks = [
-              TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: true)
-            ]},
-            role_editor.tap{ |r| r.test_locks = [
-              TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: false)
-            ]}
-          ]
-          subject.roles_outcome.must_equal true
-        end
-      end
-    end
-    # ---------------------------------------------------------------------
-    describe '#class_outcome' do
-      it 'returns outcome' do
-        subject.class_outcome.must_equal true
-      end
-      it 'prefers negative outcome across same class' do
-        TestAbilityResolverSubject.stub(:default_locks, [
-          TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: false),
-          TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: true)
-        ]) do
-          subject.class_outcome.must_equal false
+          subject.outcome.must_equal false
         end
       end
     end

data/test/mongoid_ability/ability_test.rb CHANGED Viewed

@@ -69,6 +69,24 @@ module MongoidAbility
     # ---------------------------------------------------------------------
     describe 'role locks' do
+      describe 'when multiple roles' do
+        before do
+          user.tap do |u|
+            u.roles = [
+              TestRole.new(name: 'Editor', test_locks: [
+                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)
+              ]),
+              TestRole.new(name: 'SysOp', test_locks: [
+                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: false)
+              ])
+            ]
+          end
+        end
+        it 'prefers positive outcome' do
+          ability.can?(:read, TestAbilitySubjectSuper2).must_equal true
+        end
+      end
       describe 'when defined for superclass' do
         before do
           user.tap do |u|
@@ -87,5 +105,56 @@ module MongoidAbility
     # ---------------------------------------------------------------------
+    describe 'combined locks' do
+      describe 'user and role locks' do
+        before do
+          user.tap do |u|
+            u.test_locks = [
+              TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: false)
+            ]
+            u.roles = [
+              TestRole.new(test_locks: [
+                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)
+              ])
+            ]
+          end
+        end
+        it 'prefers user locks' do
+          ability.can?(:read, TestAbilitySubjectSuper2).must_equal false
+        end
+      end
+      describe 'roles and default locks' do
+        before do
+          user.tap do |u|
+            u.roles = [
+              TestRole.new(test_locks: [
+                TestLock.new(subject_type: TestAbilitySubjectSuper2.to_s, action: :read, outcome: true)
+              ])
+            ]
+          end
+        end
+        it 'prefers role locks' do
+          ability.can?(:read, TestAbilitySubjectSuper2).must_equal true
+        end
+      end
+    end
+    # ---------------------------------------------------------------------
+    describe 'class locks' do
+      it 'prefers negative outcome across same class' do
+        TestAbilityResolverSubject.stub(:default_locks, [
+          TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: false),
+          TestLock.new(subject_type: TestAbilityResolverSubject.to_s, action: :read, outcome: true)
+        ]) do
+          ability.can?(:read, TestAbilityResolverSubject).must_equal false
+        end
+      end
+    end
   end
-end
+end

data/test/mongoid_ability/subject_test.rb CHANGED Viewed

@@ -72,12 +72,12 @@ module MongoidAbility
           end
         end
-        describe "when closed lock on user's role" do
-          before { user.roles = [TestRole.new(test_locks: [closed_lock])] }
-          it 'returns criteria excluding such ids' do
-            subject.class.accessible_by(ability).selector.fetch('_id', {}).fetch('$nin', []).must_include subject.id
-          end
-        end
+        # describe "when closed lock on user's role" do
+        #   before { user.roles = [TestRole.new(test_locks: [closed_lock])] }
+        #   it 'returns criteria excluding such ids' do
+        #     subject.class.accessible_by(ability).selector.fetch('_id', {}).fetch('$nin', []).must_include subject.id
+        #   end
+        # end
         describe "when class does not permit" do
           before do

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mongoid_ability
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Tomas Celizna
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-12-30 00:00:00.000000000 Z
+date: 2015-05-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cancancan
@@ -186,7 +186,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.2.2
+rubygems_version: 2.4.6
 signing_key:
 specification_version: 4
 summary: Custom Ability class that allows CanCanCan authorization library store permissions