mongoid_acl 0.0.2 → 0.0.3

data/LICENSE.md

@@ -0,0 +1,14 @@
+# Mongoid::ACL
+Copyright 2011 Niels Vandekeybus <progster@gmail.com>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,64 @@
+Mongoid::ACL
+===============
+mongoid_acl allows you to easily add access control lists to your Mongoid::Document objects. This implementation assumes you need to check acl's when loading an object, it's not efficient if you want to retrieve all the objects an actor has rights on.
+
+Installation
+------------
+To install add the following line to your gemfile (requires recent version of bundler)
+
+    gem 'mongoid_acl', :hg => 'https://bitbucket.org/nielsv/mongoid_acl'
+
+After that, remember to run “bundle install”
+
+Usage
+-----
+An example mongoid document object that on creation automatically adds permissions for the user it belongs to.
+
+    class Comment
+        include Mongoid::Document
+        include Mongoid::ACL
+        field :text
+
+        belongs_to :user
+
+        set_callback(:create,:after) do |comment|
+            comment.can_manage!(self.user_id)
+        end
+    end
+
+    class User
+        include Mongoid::Document
+        
+        field :name
+    end
+
+A quick example using the classes above    
+
+    user_a = User.create(:name => "user a",:_id => "a")
+    comment_1 = Comment.create(:text => 'some text',:user_id => user_a.id)
+    
+    comment_1.can_read?(user_a)
+    >> true
+    comment_1.can_update?(user_a)
+    >> true
+    
+    comment_1.can_destroy?(user_a)
+    >> true
+
+    user_b = User.create(:name => "user b",:_id => "b")
+    comment_1.can_destroy?(user_b)
+    >> false
+
+    comment_1.can_update?(user_b)
+    >> false
+
+    comment_1.can_update!(user_b)
+
+    comment_1.can_update?(user_b)
+    >> true
+    
+
+Credits
+-------
+(c) 2011 Niels Vandekeybus
+Licensed under the apache license, version 2.0 (see LICENSE.md for details)

data/lib/mongoid_acl/acl.rb

@@ -0,0 +1,15 @@
+module Mongoid
+  module ACL
+    extend ActiveSupport::Concern
+    READ_PERM = 'read'
+    UPDATE_PERM = 'update'
+    DESTROY_PERM ='destroy'
+    
+    PUBLIC_IDENTIFIER = '__PUBLIC__'
+    
+    included do
+      include Mongoid::ACL::Methods
+      include Mongoid::ACL::Integration
+    end
+  end
+end

data/lib/mongoid_acl/integration.rb

@@ -0,0 +1,13 @@
+module Mongoid
+  module ACL
+    module Integration
+      extend ActiveSupport::Concern
+      
+      included do
+        field :acls, :type => Hash
+        
+        attr_protected :acls
+      end
+    end
+  end
+end

data/lib/mongoid_acl/methods.rb

@@ -0,0 +1,91 @@
+module Mongoid
+  module ACL
+    module Methods
+      extend ActiveSupport::Concern
+
+      module InstanceMethods
+        # check if an actor with identifier has read permission (Mongoid::ACL::READ_PERM) on this object
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_read?(identifier)
+          self.has_permission_for(Mongoid::ACL::READ_PERM,identifier)
+        end
+      
+        # check if an actor with identifier has the update permission (Mongoid::ACL::UPDATE_PERM) on this object
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_update?(identifier)
+          self.has_permission_for(Mongoid::ACL::UPDATE_PERM,identifier)
+
+        end
+      
+        # check if an actor with identifier has the destroy permission (Mongoid::ACL::DESTROY_PERM) on this object
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_destroy?(identifier)
+          self.has_permission_for(Mongoid::ACL::DESTROY_PERM,identifier)
+        end
+      
+        # quickly check whether an actor has the read,update and destroy permission on this object
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_manage?(identifier)
+          can_read?(identifier) && can_update?(identifier) && can_destroy?(identifier)
+        end
+      
+        # quickly add read permission for this actor
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_read!(identifier)
+          self.add_permission_for(Mongoid::ACL::READ_PERM,identifier)
+        end
+      
+        # quickly add update permission for this actor
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_update!(identifier)
+          self.add_permission_for(Mongoid::ACL::UPDATE_PERM,identifier)
+        end
+      
+        # quickly add destroy permission for this actor
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_destroy!(identifier)
+          self.add_permission_for(Mongoid::ACL::DESTROY_PERM,identifier)
+        end
+      
+            
+        # quickly add read,update and destroy permission for this actor
+        # @param [String] identifier of the actor
+        # @return [Boolean] 
+        def can_manage!(identifier)
+          self.add_permission_for([Mongoid::ACL::READ_PERM,Mongoid::ACL::UPDATE_PERM,Mongoid::ACL::DESTROY_PERM],identifier)
+        end
+      
+        # add identifier(s) to the given permission(s) in the acl list of this object
+        # @param [Array,String] permission
+        # @param [Array,String] identifier
+        # @returns [Boolean]
+        def add_permission_for(permission,identifier)
+          if identifier.kind_of?(Array)
+            identifier = {"$each" => identifier}
+          end
+          if permission.kind_of?(Array)
+            hash_map = Hash.new
+            permission.each{ |p| hash_map["acls.#{p}"] = identifier}
+          else
+            hash_map = {"acls.#{permission}" => identifier}
+          end
+          return self.collection.update({"_id" => self.id}, {"$addToSet" => hash_map })
+        end
+      
+      
+        def has_permission_for(permission,identifier)
+          return false if self.acls.nil?
+          self.acls[permission].include?(PUBLIC_IDENTIFIER) || self.acls[permission].include?(identifier)
+        end
+      
+      end
+    end
+  end
+end

data/lib/mongoid_acl/version.rb

@@ -0,0 +1,5 @@
+module Mongoid
+  module ACL
+    VERSION = '0.0.3'
+  end
+end

data/lib/mongoid_acl.rb

@@ -0,0 +1,3 @@
+require 'mongoid_acl/acl'
+require 'mongoid_acl/integration'
+require 'mongoid_acl/methods'

data/spec/models/post.rb

@@ -0,0 +1,11 @@
+require File.join(File.dirname(__FILE__), 'user')
+
+class Post
+  include Mongoid::Document
+  include Mongoid::ACL
+
+  field :title
+  field :content
+  
+  belongs_to :user
+end

data/spec/models/user.rb

@@ -0,0 +1,5 @@
+class User
+  include Mongoid::Document
+
+  field :user_name
+end

data/spec/mongoid_acl/acl_spec.rb

@@ -0,0 +1,45 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Mongoid::ACL do
+  
+  before :all do
+    @post1 = Post.create!(:title => 'post1')
+    @post2 = Post.create!(:title => 'post2')
+    @user1 = User.create!(:name => 'user1')
+    @user2 = User.create!(:name => 'user2')
+  end
+
+  context "no acls assigned" do
+    it 'validates that after create no acls are present' do
+      @post1.acls.should == nil
+      @post2.acls.should == nil
+    end
+    
+  end
+  context 'user1 can manage post1' do
+    before :all do
+      @post1.can_manage!(@user1.id)
+      @post1 = Post.find(@post1.id)
+    end
+    
+    it 'has the necessary acls' do
+      @post1.should be_is_a Post
+      @post1.should_not be_new_record
+
+      @post1.acls.should == { 
+        Mongoid::ACL::READ_PERM => [@user1.id],
+        Mongoid::ACL::UPDATE_PERM => [@user1.id],
+        Mongoid::ACL::DESTROY_PERM => [@user1.id]
+      }
+    end
+      
+    it 'validates user1 can manage post1' do
+      @post1.can_manage?(@user1.id).should == true
+    end
+      
+    it 'validates user2 can not manage post1' do
+      @post1.can_manage?(@user2.id).should == false
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,28 @@
+require 'rubygems'
+require 'bundler'
+Bundler.setup
+
+require 'mongoid'
+
+Mongoid.configure do |config|
+  name = 'mongoid_acl_test'
+  host = 'localhost'
+  config.master = Mongo::Connection.new.db(name)
+  config.autocreate_indexes = true
+end
+
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+
+require 'mongoid_acl'
+require 'rspec'
+require 'rspec/autorun'
+
+models_folder = File.join(File.dirname(__FILE__), 'models')
+Dir[ File.join(models_folder, '*.rb') ].each { |file|
+  require file.sub('.rb','')
+  file_name = File.basename(file).sub('.rb', '')
+  klass = file_name.classify.constantize
+  klass.collection.drop
+}

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mongoid_acl
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
   prerelease: 
 platform: ruby
 authors:
@@ -13,7 +13,7 @@ date: 2011-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &2152824700 !ruby/object:Gem::Requirement
+  requirement: &2152720440 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: '2.5'
   type: :development
   prerelease: false
-  version_requirements: *2152824700
+  version_requirements: *2152720440
 - !ruby/object:Gem::Dependency
   name: mongoid
-  requirement: &2152821780 !ruby/object:Gem::Requirement
+  requirement: &2152719420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -32,10 +32,10 @@ dependencies:
         version: '2.2'
   type: :development
   prerelease: false
-  version_requirements: *2152821780
+  version_requirements: *2152719420
 - !ruby/object:Gem::Dependency
   name: bson_ext
-  requirement: &2152821100 !ruby/object:Gem::Requirement
+  requirement: &2152718760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -43,10 +43,10 @@ dependencies:
         version: '1.3'
   type: :development
   prerelease: false
-  version_requirements: *2152821100
+  version_requirements: *2152718760
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &2152820420 !ruby/object:Gem::Requirement
+  requirement: &2152718140 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,14 +54,25 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *2152820420
+  version_requirements: *2152718140
 description: Add basic Access Control Lists to Mongoid documents. Optimized for speed
   by using only ONE request to MongoDB to validate, update, and retrieve updated data.
 email: progster@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
+files:
+- lib/mongoid_acl/acl.rb
+- lib/mongoid_acl/integration.rb
+- lib/mongoid_acl/methods.rb
+- lib/mongoid_acl/version.rb
+- lib/mongoid_acl.rb
+- LICENSE.md
+- README.md
+- spec/models/post.rb
+- spec/models/user.rb
+- spec/mongoid_acl/acl_spec.rb
+- spec/spec_helper.rb
 homepage: https://bitbucket.org/nielsv/mongoid_acl
 licenses: []
 post_install_message: 
@@ -86,4 +97,8 @@ rubygems_version: 1.8.12
 signing_key: 
 specification_version: 3
 summary: Add basic Access Control Lists to Mongoid documents
-test_files: []
+test_files:
+- spec/models/post.rb
+- spec/models/user.rb
+- spec/mongoid_acl/acl_spec.rb
+- spec/spec_helper.rb