permissify 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/generators/permissify/controller/USAGE +3 -0
- data/lib/generators/permissify/controller/controller_generator.rb +11 -0
- data/lib/generators/permissify/controller/template/interface/permissified_controller.rb +12 -0
- data/lib/generators/permissify/product/product_generator.rb +17 -0
- data/lib/generators/permissify/product/template/interface/permissified_brand.rb +7 -0
- data/lib/generators/permissify/product/template/interface/permissified_merchant.rb +7 -0
- data/lib/generators/permissify/role/role_generator.rb +1 -1
- data/lib/permissify/aggregate.rb +66 -60
- data/lib/permissify/controller.rb +27 -0
- data/lib/permissify/model.rb +22 -20
- data/lib/permissify/model_class.rb +29 -27
- data/lib/permissify/roles.rb +24 -0
- data/lib/permissify.rb +2 -0
- metadata +11 -3
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
module Permissify
|
|
2
|
+
module Generators
|
|
3
|
+
class ControllerGenerator < Rails::Generators::Base
|
|
4
|
+
source_root File.expand_path('../template/interface', __FILE__)
|
|
5
|
+
|
|
6
|
+
def generate_controller
|
|
7
|
+
copy_file "permissified_controller.rb", "app/controllers/permissified_controller.rb"
|
|
8
|
+
end
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
module PermissifiedController
|
|
2
|
+
|
|
3
|
+
# app-specific consideration for whether operating on a
|
|
4
|
+
# merchant/business, brand, corporation, dealer or
|
|
5
|
+
# admin (special case : nil? null object that defines PERMISSIBLE_PRODUCTS?)
|
|
6
|
+
def current_entity
|
|
7
|
+
return @current_entity if @current_entity
|
|
8
|
+
TODO_IMPLEMENT_PERMISSIFY_CONTROLLER_CURRENT_ENTITY_INTERFACE_METHOD
|
|
9
|
+
nil
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module Permissify
|
|
2
|
+
module Generators
|
|
3
|
+
class ProductGenerator < Rails::Generators::Base
|
|
4
|
+
source_root File.expand_path('../template', __FILE__)
|
|
5
|
+
|
|
6
|
+
def generate_product
|
|
7
|
+
copy_file "product.rb", "app/models/product.rb"
|
|
8
|
+
copy_file "/interface/permissified_merchant.rb", "app/models/permissified_merchant.rb"
|
|
9
|
+
copy_file "/interface/permissified_brand.rb", "app/models/permissified_brand.rb"
|
|
10
|
+
# directory instead?
|
|
11
|
+
# d app/models/permissfy_interfaces
|
|
12
|
+
# f app/models/permissfy_interfaces/merchant.rb
|
|
13
|
+
# f app/models/permissfy_interfaces/brand.rb
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -3,7 +3,7 @@ module Permissify
|
|
|
3
3
|
class RoleGenerator < Rails::Generators::Base
|
|
4
4
|
source_root File.expand_path('../template', __FILE__)
|
|
5
5
|
|
|
6
|
-
def
|
|
6
|
+
def generate_role
|
|
7
7
|
copy_file "role.rb", "app/models/role.rb"
|
|
8
8
|
# also make the following?
|
|
9
9
|
# d app/models/system_fixtures
|
data/lib/permissify/aggregate.rb
CHANGED
|
@@ -1,79 +1,85 @@
|
|
|
1
|
-
module Permissify
|
|
2
|
-
|
|
1
|
+
module Permissify
|
|
2
|
+
module Aggregate
|
|
3
|
+
attr_accessor :abilities
|
|
3
4
|
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
def permissions_union # [integer values].max
|
|
6
|
+
@union ||= construct_union
|
|
7
|
+
end
|
|
7
8
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
9
|
+
def construct_union
|
|
10
|
+
union = {}
|
|
11
|
+
self.send(self.class::PERMISSIFIED_ASSOCIATION).collect(&:permissions).each do |permissions_hash|
|
|
12
|
+
permissions_hash.each do |key, descriptor|
|
|
13
|
+
descriptor ||= {'0' => false}
|
|
14
|
+
if union[key].nil?
|
|
15
|
+
union[key] = descriptor
|
|
16
|
+
else
|
|
17
|
+
arbitrate(union, descriptor, key, :max)
|
|
18
|
+
end
|
|
19
|
+
union[key]['0'] = (union[key]['0'] == '1' || descriptor['0'] == '1')
|
|
17
20
|
end
|
|
18
|
-
union[key]['0'] = (union[key]['0'] == '1' || descriptor['0'] == '1')
|
|
19
21
|
end
|
|
22
|
+
union
|
|
20
23
|
end
|
|
21
|
-
union
|
|
22
|
-
end
|
|
23
24
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
25
|
+
def permissions_intersection(product_permissions)
|
|
26
|
+
return @intersection if @intersection
|
|
27
|
+
@intersection = {}
|
|
28
|
+
permissions_union
|
|
28
29
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
@
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
30
|
+
# TODO : Product/Role references should be plugged-in...
|
|
31
|
+
# - could aggregate keep track of class names that it is included in?
|
|
32
|
+
# - there is a lot tangled up in here...
|
|
33
|
+
Ability.all_for(%w(Product Role)).each do |ability|
|
|
34
|
+
key = ability[:key]
|
|
35
|
+
descriptor = @union[key]
|
|
36
|
+
product_descriptor = product_permissions[key]
|
|
37
|
+
if permissable?(descriptor) && permissable?(product_descriptor)
|
|
38
|
+
@intersection[key] = descriptor
|
|
39
|
+
arbitrate(@intersection, product_descriptor, key, :min)
|
|
40
|
+
else
|
|
41
|
+
@intersection[key] = null_permission
|
|
42
|
+
end
|
|
38
43
|
end
|
|
39
|
-
end
|
|
40
44
|
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
+
include_permissions_unless_common_to_role_and_product('Product', product_permissions)
|
|
46
|
+
include_permissions_unless_common_to_role_and_product('Role', @union)
|
|
47
|
+
@intersection
|
|
48
|
+
end
|
|
45
49
|
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
50
|
+
def permissable?(descriptor); descriptor && (descriptor['0'] == true || descriptor['0'] == '1'); end
|
|
51
|
+
def subscribed_to?(feature); allowed_to?('on', feature); end
|
|
52
|
+
def allowed_to?(action, feature); (permissions_union["#{feature}_#{action}"]['0'] == true rescue false); end
|
|
49
53
|
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
54
|
+
def include_permissions_unless_common_to_role_and_product(applicability_type, applicable_permissions)
|
|
55
|
+
Ability.all_for(applicability_type).each do |ability|
|
|
56
|
+
key = ability[:key]
|
|
57
|
+
descriptor = applicable_permissions[key]
|
|
58
|
+
unless @intersection.has_key?(key)
|
|
59
|
+
if permissable?(descriptor)
|
|
60
|
+
descriptor['0'] = true
|
|
61
|
+
@intersection[key] = descriptor
|
|
62
|
+
arbitrate(@intersection, descriptor, key, :min)
|
|
63
|
+
else
|
|
64
|
+
@intersection[key] = null_permission
|
|
65
|
+
end
|
|
61
66
|
end
|
|
62
67
|
end
|
|
63
68
|
end
|
|
64
|
-
end
|
|
65
69
|
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
+
private
|
|
71
|
+
def arbitrate(aggregation, other_descriptor, key, min_or_max) # assuming all permission 'args' are integers stored as strings
|
|
72
|
+
1.upto(other_descriptor.size-1) do |i|
|
|
73
|
+
is = i.to_s; aggregation[key][is] = [aggregation[key][is].to_i, other_descriptor[is].to_i].send(min_or_max) # .to_s ?
|
|
74
|
+
end
|
|
70
75
|
end
|
|
71
|
-
|
|
72
|
-
def null_permission; {'0' => false, '1' => 0}; end
|
|
76
|
+
def null_permission; {'0' => false, '1' => 0}; end
|
|
73
77
|
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
@permissions_association ||= :
|
|
78
|
+
# # TODO : need to do this differently : specify in model? discern from
|
|
79
|
+
# def permissions_association # kinda icky
|
|
80
|
+
# klass = self.respond_to?(:products) ? self.class : Business
|
|
81
|
+
# @permissions_association ||= {User => :roles, klass => :products}[self.class]
|
|
82
|
+
# @permissions_association ||= :permission_objects
|
|
83
|
+
# end
|
|
78
84
|
end
|
|
79
85
|
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module Permissify
|
|
2
|
+
module Controller # Interface : override/rewrite as needed
|
|
3
|
+
|
|
4
|
+
# is this going to work?
|
|
5
|
+
# generator creates app/controllers/permissified_controller.rb
|
|
6
|
+
# - if not, remedy by having both Permissify::Controller and PermissifedController in application_controller?
|
|
7
|
+
include PermissifiedController
|
|
8
|
+
|
|
9
|
+
def current_entity # merchant/business, brand, corporation, dealer or special case (all? none? products) for admin
|
|
10
|
+
return @current_entity if @current_entity
|
|
11
|
+
TODO_IMPLEMENT_PERMISSIFY_CONTROLLER_CURRENT_ENTITY_INTERFACE_METHOD
|
|
12
|
+
nil
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def domain_permissions
|
|
16
|
+
return entity.permissions_union if current_user.nil? # public pages allow corp/brand/merchant product permissions
|
|
17
|
+
return current_user.permissions_union unless current_entity # admin, by convention, not subscribed to any products
|
|
18
|
+
current_user.permissions_intersection(current_entity.permissions_union)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def allowed_to?(action, permission_category)
|
|
22
|
+
@permissions ||= domain_permissions
|
|
23
|
+
(@permissions["#{permission_category}_#{action}"]['0'] == true rescue false)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
end
|
|
27
|
+
end
|
data/lib/permissify/model.rb
CHANGED
|
@@ -1,26 +1,28 @@
|
|
|
1
|
-
module Permissify
|
|
2
|
-
|
|
1
|
+
module Permissify
|
|
2
|
+
module Model
|
|
3
|
+
attr_accessor :from, :from_permissions_model
|
|
3
4
|
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
def establish_from_permissions_model
|
|
6
|
+
self.from_permissions_model ||= self.from.nil? ? nil : self.class.find(self.from)
|
|
7
|
+
end
|
|
7
8
|
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
def initialize_permissions
|
|
10
|
+
self.permissions ||= self.from.nil? ? {} : establish_from_permissions_model.permissions
|
|
11
|
+
end
|
|
11
12
|
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
13
|
+
def allows?(ability_key) ; logger.debug(ability_key.inspect.to_s);
|
|
14
|
+
allowed = self.permissions[ability_key];
|
|
15
|
+
allowed && allowed['0'];
|
|
16
|
+
end
|
|
17
|
+
def remove_permissions(keys)
|
|
18
|
+
keys = [keys] if keys.class == String
|
|
19
|
+
keys.each{ |k| self.permissions[k] = nil}
|
|
20
|
+
self.save
|
|
15
21
|
end
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
def update_permissions(new_or_updated_permissions)
|
|
22
|
-
self.permissions = self.permissions.merge(new_or_updated_permissions)
|
|
23
|
-
self.save
|
|
22
|
+
def update_permissions(new_or_updated_permissions)
|
|
23
|
+
self.permissions = self.permissions.merge(new_or_updated_permissions)
|
|
24
|
+
self.save
|
|
25
|
+
end
|
|
26
|
+
def underscored_name_symbol; self.class.underscored_name_symbol(self.name); end
|
|
24
27
|
end
|
|
25
|
-
def underscored_name_symbol; self.class.underscored_name_symbol(self.name); end
|
|
26
28
|
end
|
|
@@ -1,34 +1,36 @@
|
|
|
1
|
-
module Permissify
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
1
|
+
module Permissify
|
|
2
|
+
module ModelClass
|
|
3
|
+
def retire_permissions_objects(retire_sql)
|
|
4
|
+
ActiveRecord::Base.connection.execute retire_sql
|
|
5
|
+
end
|
|
5
6
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
7
|
+
def create_seeds(table_name, seed_specifications)
|
|
8
|
+
@model_class_seed_specifications = seed_specifications
|
|
9
|
+
seed_specifications.each do |id, name|
|
|
10
|
+
permissions_model = locate(id, name)
|
|
11
|
+
permissions_model.permissions = send("#{underscored_name_symbol(name)}_permissions")
|
|
12
|
+
permissions_model.save
|
|
13
|
+
end
|
|
14
|
+
ActiveRecord::Base.connection.execute "ALTER TABLE #{table_name} AUTO_INCREMENT = 101;"
|
|
12
15
|
end
|
|
13
|
-
ActiveRecord::Base.connection.execute "ALTER TABLE #{table_name} AUTO_INCREMENT = 101;"
|
|
14
|
-
end
|
|
15
16
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
17
|
+
def create_with_id(table, id, name)
|
|
18
|
+
permissions = send("#{underscored_name_symbol(name)}_permissions")
|
|
19
|
+
permissions_model = new
|
|
20
|
+
permissions_model.name = name
|
|
21
|
+
permissions_model.permissions = permissions
|
|
22
|
+
permissions_model.save
|
|
23
|
+
ActiveRecord::Base.connection.execute "UPDATE #{table}s SET id=#{id} WHERE id=#{permissions_model.id};"
|
|
24
|
+
find(id)
|
|
25
|
+
end
|
|
25
26
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
27
|
+
def locate(id, name)
|
|
28
|
+
model_with_id = find_by_id(id)
|
|
29
|
+
model_with_id ||= send("create_#{underscored_name_symbol(name)}")
|
|
30
|
+
end
|
|
30
31
|
|
|
31
|
-
|
|
32
|
-
|
|
32
|
+
def underscored_name_symbol(name)
|
|
33
|
+
name.to_s.downcase.gsub('-','_').gsub(':','').gsub(' ',' ').gsub(' ','_')
|
|
34
|
+
end
|
|
33
35
|
end
|
|
34
36
|
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
module Permissions::Roles
|
|
2
|
+
include Permissify::Aggregate
|
|
3
|
+
|
|
4
|
+
def primary_domain_type; sorted_domain_types.first; end
|
|
5
|
+
def primary_role_name; role_list(:description).sort.first; end
|
|
6
|
+
def sorted_domain_types; role_list(:domain_type).sort; end
|
|
7
|
+
def manages_roles; role_list(:manages_roles); end
|
|
8
|
+
def manages_role_names; sorted_role_names(manages_roles); end
|
|
9
|
+
def role_list(collection_method); roles.collect(&collection_method).flatten.uniq; end
|
|
10
|
+
|
|
11
|
+
def can_create_and_modify(users, app_instance) # TODO : unit test for this
|
|
12
|
+
role_names_that_this_user_can_manage = manages_role_names
|
|
13
|
+
# 2 ways to go here : must be able to manage *all* or *any* of a user's roles.
|
|
14
|
+
# Chose *all* to prevent lower ranking users from demoting higher ranking users
|
|
15
|
+
users.select do |u|
|
|
16
|
+
u_role_names = sorted_role_names(u.roles)
|
|
17
|
+
! u_role_names.blank? && (role_names_that_this_user_can_manage & u_role_names) == u_role_names
|
|
18
|
+
end
|
|
19
|
+
users.delete_if{|u| !u.instances.include?(app_instance)}
|
|
20
|
+
return users
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def sorted_role_names(roles); roles.collect(&:name).sort; end
|
|
24
|
+
end
|
data/lib/permissify.rb
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: permissify
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 23
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 4
|
|
10
|
+
version: 0.0.4
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Frederick Fix
|
|
@@ -61,13 +61,21 @@ files:
|
|
|
61
61
|
- lib/generators/permissify/ability/ability_generator.rb
|
|
62
62
|
- lib/generators/permissify/ability/template/ability.rb
|
|
63
63
|
- lib/generators/permissify/ability/USAGE
|
|
64
|
+
- lib/generators/permissify/controller/controller_generator.rb
|
|
65
|
+
- lib/generators/permissify/controller/template/interface/permissified_controller.rb
|
|
66
|
+
- lib/generators/permissify/controller/USAGE
|
|
67
|
+
- lib/generators/permissify/product/product_generator.rb
|
|
68
|
+
- lib/generators/permissify/product/template/interface/permissified_brand.rb
|
|
69
|
+
- lib/generators/permissify/product/template/interface/permissified_merchant.rb
|
|
64
70
|
- lib/generators/permissify/product/USAGE
|
|
65
71
|
- lib/generators/permissify/role/role_generator.rb
|
|
66
72
|
- lib/generators/permissify/role/template/role.rb
|
|
67
73
|
- lib/generators/permissify/role/USAGE
|
|
68
74
|
- lib/permissify/aggregate.rb
|
|
75
|
+
- lib/permissify/controller.rb
|
|
69
76
|
- lib/permissify/model.rb
|
|
70
77
|
- lib/permissify/model_class.rb
|
|
78
|
+
- lib/permissify/roles.rb
|
|
71
79
|
- lib/permissify.rb
|
|
72
80
|
- CHANGELOG.rdoc
|
|
73
81
|
- Gemfile
|