mongoid_acl 0.0.2 → 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
data/LICENSE.md ADDED
@@ -0,0 +1,14 @@
1
+ # Mongoid::ACL
2
+ Copyright 2011 Niels Vandekeybus <progster@gmail.com>
3
+
4
+ Licensed under the Apache License, Version 2.0 (the "License");
5
+ you may not use this file except in compliance with the License.
6
+ You may obtain a copy of the License at
7
+
8
+ http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ Unless required by applicable law or agreed to in writing, software
11
+ distributed under the License is distributed on an "AS IS" BASIS,
12
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ See the License for the specific language governing permissions and
14
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,64 @@
1
+ Mongoid::ACL
2
+ ===============
3
+ mongoid_acl allows you to easily add access control lists to your Mongoid::Document objects. This implementation assumes you need to check acl's when loading an object, it's not efficient if you want to retrieve all the objects an actor has rights on.
4
+
5
+ Installation
6
+ ------------
7
+ To install add the following line to your gemfile (requires recent version of bundler)
8
+
9
+ gem 'mongoid_acl', :hg => 'https://bitbucket.org/nielsv/mongoid_acl'
10
+
11
+ After that, remember to run “bundle install”
12
+
13
+ Usage
14
+ -----
15
+ An example mongoid document object that on creation automatically adds permissions for the user it belongs to.
16
+
17
+ class Comment
18
+ include Mongoid::Document
19
+ include Mongoid::ACL
20
+ field :text
21
+
22
+ belongs_to :user
23
+
24
+ set_callback(:create,:after) do |comment|
25
+ comment.can_manage!(self.user_id)
26
+ end
27
+ end
28
+
29
+ class User
30
+ include Mongoid::Document
31
+
32
+ field :name
33
+ end
34
+
35
+ A quick example using the classes above
36
+
37
+ user_a = User.create(:name => "user a",:_id => "a")
38
+ comment_1 = Comment.create(:text => 'some text',:user_id => user_a.id)
39
+
40
+ comment_1.can_read?(user_a)
41
+ >> true
42
+ comment_1.can_update?(user_a)
43
+ >> true
44
+
45
+ comment_1.can_destroy?(user_a)
46
+ >> true
47
+
48
+ user_b = User.create(:name => "user b",:_id => "b")
49
+ comment_1.can_destroy?(user_b)
50
+ >> false
51
+
52
+ comment_1.can_update?(user_b)
53
+ >> false
54
+
55
+ comment_1.can_update!(user_b)
56
+
57
+ comment_1.can_update?(user_b)
58
+ >> true
59
+
60
+
61
+ Credits
62
+ -------
63
+ (c) 2011 Niels Vandekeybus
64
+ Licensed under the apache license, version 2.0 (see LICENSE.md for details)
@@ -0,0 +1,15 @@
1
+ module Mongoid
2
+ module ACL
3
+ extend ActiveSupport::Concern
4
+ READ_PERM = 'read'
5
+ UPDATE_PERM = 'update'
6
+ DESTROY_PERM ='destroy'
7
+
8
+ PUBLIC_IDENTIFIER = '__PUBLIC__'
9
+
10
+ included do
11
+ include Mongoid::ACL::Methods
12
+ include Mongoid::ACL::Integration
13
+ end
14
+ end
15
+ end
@@ -0,0 +1,13 @@
1
+ module Mongoid
2
+ module ACL
3
+ module Integration
4
+ extend ActiveSupport::Concern
5
+
6
+ included do
7
+ field :acls, :type => Hash
8
+
9
+ attr_protected :acls
10
+ end
11
+ end
12
+ end
13
+ end
@@ -0,0 +1,91 @@
1
+ module Mongoid
2
+ module ACL
3
+ module Methods
4
+ extend ActiveSupport::Concern
5
+
6
+ module InstanceMethods
7
+ # check if an actor with identifier has read permission (Mongoid::ACL::READ_PERM) on this object
8
+ # @param [String] identifier of the actor
9
+ # @return [Boolean]
10
+ def can_read?(identifier)
11
+ self.has_permission_for(Mongoid::ACL::READ_PERM,identifier)
12
+ end
13
+
14
+ # check if an actor with identifier has the update permission (Mongoid::ACL::UPDATE_PERM) on this object
15
+ # @param [String] identifier of the actor
16
+ # @return [Boolean]
17
+ def can_update?(identifier)
18
+ self.has_permission_for(Mongoid::ACL::UPDATE_PERM,identifier)
19
+
20
+ end
21
+
22
+ # check if an actor with identifier has the destroy permission (Mongoid::ACL::DESTROY_PERM) on this object
23
+ # @param [String] identifier of the actor
24
+ # @return [Boolean]
25
+ def can_destroy?(identifier)
26
+ self.has_permission_for(Mongoid::ACL::DESTROY_PERM,identifier)
27
+ end
28
+
29
+ # quickly check whether an actor has the read,update and destroy permission on this object
30
+ # @param [String] identifier of the actor
31
+ # @return [Boolean]
32
+ def can_manage?(identifier)
33
+ can_read?(identifier) && can_update?(identifier) && can_destroy?(identifier)
34
+ end
35
+
36
+ # quickly add read permission for this actor
37
+ # @param [String] identifier of the actor
38
+ # @return [Boolean]
39
+ def can_read!(identifier)
40
+ self.add_permission_for(Mongoid::ACL::READ_PERM,identifier)
41
+ end
42
+
43
+ # quickly add update permission for this actor
44
+ # @param [String] identifier of the actor
45
+ # @return [Boolean]
46
+ def can_update!(identifier)
47
+ self.add_permission_for(Mongoid::ACL::UPDATE_PERM,identifier)
48
+ end
49
+
50
+ # quickly add destroy permission for this actor
51
+ # @param [String] identifier of the actor
52
+ # @return [Boolean]
53
+ def can_destroy!(identifier)
54
+ self.add_permission_for(Mongoid::ACL::DESTROY_PERM,identifier)
55
+ end
56
+
57
+
58
+ # quickly add read,update and destroy permission for this actor
59
+ # @param [String] identifier of the actor
60
+ # @return [Boolean]
61
+ def can_manage!(identifier)
62
+ self.add_permission_for([Mongoid::ACL::READ_PERM,Mongoid::ACL::UPDATE_PERM,Mongoid::ACL::DESTROY_PERM],identifier)
63
+ end
64
+
65
+ # add identifier(s) to the given permission(s) in the acl list of this object
66
+ # @param [Array,String] permission
67
+ # @param [Array,String] identifier
68
+ # @returns [Boolean]
69
+ def add_permission_for(permission,identifier)
70
+ if identifier.kind_of?(Array)
71
+ identifier = {"$each" => identifier}
72
+ end
73
+ if permission.kind_of?(Array)
74
+ hash_map = Hash.new
75
+ permission.each{ |p| hash_map["acls.#{p}"] = identifier}
76
+ else
77
+ hash_map = {"acls.#{permission}" => identifier}
78
+ end
79
+ return self.collection.update({"_id" => self.id}, {"$addToSet" => hash_map })
80
+ end
81
+
82
+
83
+ def has_permission_for(permission,identifier)
84
+ return false if self.acls.nil?
85
+ self.acls[permission].include?(PUBLIC_IDENTIFIER) || self.acls[permission].include?(identifier)
86
+ end
87
+
88
+ end
89
+ end
90
+ end
91
+ end
@@ -0,0 +1,5 @@
1
+ module Mongoid
2
+ module ACL
3
+ VERSION = '0.0.3'
4
+ end
5
+ end
@@ -0,0 +1,3 @@
1
+ require 'mongoid_acl/acl'
2
+ require 'mongoid_acl/integration'
3
+ require 'mongoid_acl/methods'
@@ -0,0 +1,11 @@
1
+ require File.join(File.dirname(__FILE__), 'user')
2
+
3
+ class Post
4
+ include Mongoid::Document
5
+ include Mongoid::ACL
6
+
7
+ field :title
8
+ field :content
9
+
10
+ belongs_to :user
11
+ end
@@ -0,0 +1,5 @@
1
+ class User
2
+ include Mongoid::Document
3
+
4
+ field :user_name
5
+ end
@@ -0,0 +1,45 @@
1
+ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
+
3
+ describe Mongoid::ACL do
4
+
5
+ before :all do
6
+ @post1 = Post.create!(:title => 'post1')
7
+ @post2 = Post.create!(:title => 'post2')
8
+ @user1 = User.create!(:name => 'user1')
9
+ @user2 = User.create!(:name => 'user2')
10
+ end
11
+
12
+ context "no acls assigned" do
13
+ it 'validates that after create no acls are present' do
14
+ @post1.acls.should == nil
15
+ @post2.acls.should == nil
16
+ end
17
+
18
+ end
19
+ context 'user1 can manage post1' do
20
+ before :all do
21
+ @post1.can_manage!(@user1.id)
22
+ @post1 = Post.find(@post1.id)
23
+ end
24
+
25
+ it 'has the necessary acls' do
26
+ @post1.should be_is_a Post
27
+ @post1.should_not be_new_record
28
+
29
+ @post1.acls.should == {
30
+ Mongoid::ACL::READ_PERM => [@user1.id],
31
+ Mongoid::ACL::UPDATE_PERM => [@user1.id],
32
+ Mongoid::ACL::DESTROY_PERM => [@user1.id]
33
+ }
34
+ end
35
+
36
+ it 'validates user1 can manage post1' do
37
+ @post1.can_manage?(@user1.id).should == true
38
+ end
39
+
40
+ it 'validates user2 can not manage post1' do
41
+ @post1.can_manage?(@user2.id).should == false
42
+ end
43
+ end
44
+
45
+ end
@@ -0,0 +1,28 @@
1
+ require 'rubygems'
2
+ require 'bundler'
3
+ Bundler.setup
4
+
5
+ require 'mongoid'
6
+
7
+ Mongoid.configure do |config|
8
+ name = 'mongoid_acl_test'
9
+ host = 'localhost'
10
+ config.master = Mongo::Connection.new.db(name)
11
+ config.autocreate_indexes = true
12
+ end
13
+
14
+ $LOAD_PATH.unshift(File.dirname(__FILE__))
15
+ $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
16
+
17
+
18
+ require 'mongoid_acl'
19
+ require 'rspec'
20
+ require 'rspec/autorun'
21
+
22
+ models_folder = File.join(File.dirname(__FILE__), 'models')
23
+ Dir[ File.join(models_folder, '*.rb') ].each { |file|
24
+ require file.sub('.rb','')
25
+ file_name = File.basename(file).sub('.rb', '')
26
+ klass = file_name.classify.constantize
27
+ klass.collection.drop
28
+ }
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mongoid_acl
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.2
4
+ version: 0.0.3
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -13,7 +13,7 @@ date: 2011-12-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rspec
16
- requirement: &2152824700 !ruby/object:Gem::Requirement
16
+ requirement: &2152720440 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ~>
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '2.5'
22
22
  type: :development
23
23
  prerelease: false
24
- version_requirements: *2152824700
24
+ version_requirements: *2152720440
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: mongoid
27
- requirement: &2152821780 !ruby/object:Gem::Requirement
27
+ requirement: &2152719420 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ~>
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: '2.2'
33
33
  type: :development
34
34
  prerelease: false
35
- version_requirements: *2152821780
35
+ version_requirements: *2152719420
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: bson_ext
38
- requirement: &2152821100 !ruby/object:Gem::Requirement
38
+ requirement: &2152718760 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ~>
@@ -43,10 +43,10 @@ dependencies:
43
43
  version: '1.3'
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *2152821100
46
+ version_requirements: *2152718760
47
47
  - !ruby/object:Gem::Dependency
48
48
  name: rake
49
- requirement: &2152820420 !ruby/object:Gem::Requirement
49
+ requirement: &2152718140 !ruby/object:Gem::Requirement
50
50
  none: false
51
51
  requirements:
52
52
  - - ! '>='
@@ -54,14 +54,25 @@ dependencies:
54
54
  version: '0'
55
55
  type: :development
56
56
  prerelease: false
57
- version_requirements: *2152820420
57
+ version_requirements: *2152718140
58
58
  description: Add basic Access Control Lists to Mongoid documents. Optimized for speed
59
59
  by using only ONE request to MongoDB to validate, update, and retrieve updated data.
60
60
  email: progster@gmail.com
61
61
  executables: []
62
62
  extensions: []
63
63
  extra_rdoc_files: []
64
- files: []
64
+ files:
65
+ - lib/mongoid_acl/acl.rb
66
+ - lib/mongoid_acl/integration.rb
67
+ - lib/mongoid_acl/methods.rb
68
+ - lib/mongoid_acl/version.rb
69
+ - lib/mongoid_acl.rb
70
+ - LICENSE.md
71
+ - README.md
72
+ - spec/models/post.rb
73
+ - spec/models/user.rb
74
+ - spec/mongoid_acl/acl_spec.rb
75
+ - spec/spec_helper.rb
65
76
  homepage: https://bitbucket.org/nielsv/mongoid_acl
66
77
  licenses: []
67
78
  post_install_message:
@@ -86,4 +97,8 @@ rubygems_version: 1.8.12
86
97
  signing_key:
87
98
  specification_version: 3
88
99
  summary: Add basic Access Control Lists to Mongoid documents
89
- test_files: []
100
+ test_files:
101
+ - spec/models/post.rb
102
+ - spec/models/user.rb
103
+ - spec/mongoid_acl/acl_spec.rb
104
+ - spec/spec_helper.rb