permission_settings 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9e25a8cbe2c442852bb095cf6f22baee35d970546b4d364782080e6203358cd
-  data.tar.gz: e53e6a081eed45d7a898e7bac3075ae4bafb026f30e1b51df7fe99f14df7adfc
+  metadata.gz: 1029e7171c15a82d09d7bcfadb14d8e45aded629e8e2f81874a238282b1bc0c4
+  data.tar.gz: 40ef5214fc0b39459f828d33a5a3c475357c1af575d7fc7cd2d5a02642fbb7ee
 SHA512:
-  metadata.gz: f6bb3ab35d44e9065b5072d71e4c37d992a5bdf80f8a8682784b0193a1318fb778e572018cdb0a955f7aeedbc2c9cc5fa339d686f88f79c0759424cb3e8882d1
-  data.tar.gz: d61fcd410e33a3b8b14d6678f0370b5c139f481ee9e758b70e8f2ad04f18784defdfb95186f2ccd60864bccef49e75fbf7a5b21688870d446b33033f7022bbbd
+  metadata.gz: d400451434a9c263bccca2ed9c5a127f10c9fbebb46fbc9929a5becb6b207c5c1b299662f0d34a7ae904e45fbaf5079fccb4559c6e619b2887f9b01bc6a63834
+  data.tar.gz: fefcf3d7553b8939c3e3010dfcd0322161d87cc33c5e2738924c3a2b5fde98250a553caf221fbba02185bdd1600b62bf327c669974fa1ea94ed005b118744531

data/.rubocop.yml

@@ -1,7 +1,13 @@
+require:
+  - rubocop-rake
+  - rubocop-rspec
+
 AllCops:
-  TargetRubyVersion: 2.6
+  NewCops: enable
+  TargetRubyVersion: 3.0
 
 Style/StringLiterals:
+
   Enabled: true
 
 Style/StringLiteralsInInterpolation:
@@ -10,3 +16,12 @@ Style/StringLiteralsInInterpolation:
 
 Layout/LineLength:
   Max: 120
+
+Style/Documentation:
+  Enabled: false
+
+Metrics/BlockLength:
+  Max: 150
+
+RSpec/MultipleExpectations:
+  Max: 4

data/CHANGELOG.md

@@ -1,5 +1,29 @@
 ## [Unreleased]
 
+## [1.0.0] - 2024-01-30
+
+- Added documentation
+- Added rubocop
+- Added Github Actions CI
+
+## [0.1.3] - 2024-01-29
+
+- Cover with tests different use cases
+
+## [0.1.2] - 2024-01-25
+
+- Configuration interface.
+  - Added `#configure` method to configure: 
+    * permissions_dir_path configuration option for setting path to permissions directory
+    * role_access_method configuration option for setting method name to access role of the resource instance
+  - Added `#has_settings` method to configure dynamic settings.
+    It accepts a scope name were the settings will stored under and default settings hash from a yaml file.
+
+## [0.1.1] - 2024-01-23
+
+- Added basic class structure and core logic
+- Configured rspec. Covered instance verification logic with specs
+
 ## [0.1.0] - 2024-01-17
 
 - Initial release

data/README.md

@@ -1,24 +1,180 @@
-# PermissionSettings
+# PermissionSettings - [Changelog](https://github.com/Misha7776/permission_settings/blob/main/README.md)
 
-TODO: Delete this and the text below, and describe your gem
+**PermissionSettings** allows to dynamically set, retrieve and check permissions of your resource model.
+Under the hood it uses **[Rails Settings](https://github.com/ledermann/rails-settings)** gem for storing settings in database.
+Main idea is to store permissions in yaml files that can be divided by resource models and roles.
+It alos allows to change permissions without restarting the application that gives you more flexibility in build a permissions system.
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/permission_settings`. To experiment with that code, run `bin/console` for an interactive prompt.
+### Tested with ruby:
+- 3.0.2
 
-## Installation
+## Requirements
+
+- Rails 6.1 or newer (including Rails 7.0)
 
-TODO: Replace `UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG` with your gem name right after releasing it to RubyGems.org. Please do not do it earlier due to security reasons. Alternatively, replace this section with instructions to install your gem from git if you don't plan to release to RubyGems.org.
+## Installation
 
-Install the gem and add to the application's Gemfile by executing:
+Include the gem in your Gemfile and run `bundle` to install it:
 
-    $ bundle add UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```ruby
+gem 'permission_settings', '~> 0.1.0'
+```
 
-If bundler is not being used to manage dependencies, install the gem by executing:
+Generate and run the migration to create the settings table that is used to store the permissions:
 
-    $ gem install UPDATE_WITH_YOUR_GEM_NAME_IMMEDIATELY_AFTER_RELEASE_TO_RUBYGEMS_ORG
+```shell
+rails g rails_settings:migration
+rake db:migrate
+```
 
 ## Usage
 
-TODO: Write usage instructions here
+### Configuration
+
+You can configure the gem by calling `PermissionSettings.configure` method in an initializer:
+
+```ruby 
+# config/initializers/permission_settings.rb
+
+PermissionSettings.configure do |_config|
+  config.permissions_dir_path = 'config/permissions'
+  config.role_access_method = :role
+end
+```
+* `permissions_dir_path` - configuration option for setting path to permissions directory
+* `role_access_method` - configuration option for setting method name to access role of the resource instance
+
+You can create different yaml files for different resource models to keep permissions separated.
+by default it looks for yaml files in `config/permissions` directory.
+
+### Permissions file structure
+
+Gem will load permissions from yaml files into database on application start.
+
+The permissions file should be a yaml file and should be the same as the name of the resource model.
+
+For example, if you have a `User` model, you can create a `user.yml` file in `config/permissions` directory with the following structure:
+
+```yaml
+# config/permissions/person.yml
+
+admin:
+  notifications:
+    read: true
+    create: true
+    edit: true
+    delete: true
+
+manager:
+  notifications:
+    read: true
+    create: false
+    edit: false
+    delete: false
+```
+
+In this file we should divided permissions into roles. If not following this structure gem won't find permissions that are defined for a specific role of that calling instance.
+If you experience a `PersistentSettings::NotFoundError` error, please check if you have defined permissions for that role inside the permissions file of resource model.
+
+### Connecting permissions to the resource and calling model
+
+To connect permissions to the resource model you need just to include `PersmissionSettings` module in the model class:
+
+Calling model:
+
+```ruby
+class User < ApplicationRecord
+  include PermissionSettings
+end
+```
+
+Resource model:
+
+```ruby 
+class Person < ApplicationRecord
+  include PermissionSettings
+end
+```
+
+In order to check permissions of the resource instance you need to pass it as a named argument `resource` to the `#can?` method.
+
+Take into account that the resource model should have a `role` filed or method that returns a role name of the calling instance or you can configure the gem to use another method name by setting `role_access_method` configuration option.
+
+### Checking permissions
+
+You can check permissions of the resource instance by calling `#can?` method:
+
+```ruby
+user = User.first # => #<User id: 1, name: "John", role: "manager">
+person = Person.last # => #<Person id: 2, name: "Jane", role: "client">
+user.can?(:read, :notifications, resource: person) # => true
+```
+
+Method `can?` accepts 2 arguments:
+* `*permission_keys` - this keys will be used to find permissions in the settings. It can be a string or an array of strings. Required argument.
+* `*resource` - Named argument resource. Instance towards which the permissions will be checked. Required argument.
+
+### Accessing permissions
+
+You can also access permissions of the resource or calling instance by calling `#settings` method:
+
+```ruby
+person = Person.last # => #<Person id: 2, name: "Jane", role: "client">
+person.settings[PermissionSettings.configuration.scope_name].admin.notifications.read # => false
+```
+
+More about settings you can read in [Rails Settings](https://github.com/ledermann/rails-settings) gem documentation.
+
+### Dynamic settings
+
+You can override default settings by calling `#has_settings` method in the resource model class:
+
+```ruby
+custom_permissions = {
+  admin: {
+    notifications: {
+      read: false,
+      create: false,
+      edit: false,
+      delete: false
+    }
+  }
+}
+admin = User.first # => #<User id: 1, name: "John", role: "admin">
+person = Person.last # => #<User id: 2, name: "Jane", role: "client">
+
+admin.can?(:read, :notifications, resource: person) # => true
+
+person.settings(PermissionSettings.configuration.scope_name).update(custom_permissions)
+
+admin.can?(:read, :notifications, resource: person) # => false
+```
+
+If you will unset your custom settings, default settings will be used:
+
+```ruby
+custom_permissions = {
+  admin: {
+    notifications: {
+      read: false,
+      create: false,
+      edit: false,
+      delete: false
+    }
+  }
+}
+
+admin = User.first # => #<User id: 1, name: "John", role: "admin">
+person = Person.last # => #<User id: 2, name: "Jane", role: "client">
+
+person.settings(PermissionSettings.configuration.scope_name).update(custom_permissions)
+
+admin.can?(:read, :notifications, resource: person) # => false
+
+person.settings(policy_scope).update({ admin: { notifications: nil } })
+
+admin.can?(:read, :notifications, resource: person) # => true
+```
 
 ## Development
 
@@ -28,7 +184,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/permission_settings. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/[USERNAME]/permission_settings/blob/main/CODE_OF_CONDUCT.md).
+Bug reports and pull requests are welcome on GitHub at [Permission Settings](https://github.com/Misha7776/permission_settings). This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/Misha7776/permission_settings/blob/main/CODE_OF_CONDUCT.md).
 
 ## License
 

data/config/custom_permissions/user.yml

@@ -0,0 +1,56 @@
+admin:
+  notifications:
+    read: true
+    create: true
+    edit: true
+    delete: true
+
+  items:
+    read: true
+    create: true
+    edit: true
+    delete: true
+
+  payments:
+    read: true
+    create: true
+    edit: true
+    delete: false
+
+manager:
+  notifications:
+    read: true
+    create: false
+    edit: false
+    delete: false
+
+  items:
+    read: true
+    create: true
+    edit: true
+    delete: true
+
+  payments:
+    read: true
+    create: true
+    edit: false
+    delete: false
+
+client:
+  notifications:
+    read: true
+    create: false
+    edit: false
+    delete: false
+
+  items:
+    read: true
+    create: false
+    edit: false
+    delete: false
+
+  payments:
+    read: true
+    create: false
+    edit: false
+    delete: false

data/config/initializers/permission_settings.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+PermissionSettings.configure do |_config|
+  # config.permissions_dir_path = 'config/permissions'
+  # config.role_access_method = :role
+end

data/config/permissions/user.yml

@@ -0,0 +1,56 @@
+admin:
+  notifications:
+    read: true
+    create: true
+    edit: true
+    delete: true
+
+  items:
+    read: true
+    create: true
+    edit: true
+    delete: true
+
+  payments:
+    read: true
+    create: true
+    edit: true
+    delete: false
+
+manager:
+  notifications:
+    read: true
+    create: false
+    edit: false
+    delete: false
+
+  items:
+    read: true
+    create: true
+    edit: true
+    delete: true
+
+  payments:
+    read: true
+    create: true
+    edit: false
+    delete: false
+
+client:
+  notifications:
+    read: true
+    create: false
+    edit: false
+    delete: false
+
+  items:
+    read: true
+    create: false
+    edit: false
+    delete: false
+
+  payments:
+    read: true
+    create: false
+    edit: false
+    delete: false

data/lib/permission_settings/configuration.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+require 'byebug'
+
+module PermissionSettings
+  class Configuration
+    class PermissionsDirNotFound < StandardError; end
+
+    DEFAULT_PERMISSION_FILE_PATH = 'config/permissions'
+    DEFAULT_ROLE_ACCESS_METHOD = :role
+
+    attr_accessor :role_access_method
+    attr_reader :permissions_dir_path
+
+    def initialize
+      @permissions_dir_path = DEFAULT_PERMISSION_FILE_PATH
+      @role_access_method = DEFAULT_ROLE_ACCESS_METHOD
+    end
+
+    def permissions_dir_path=(path)
+      raise PermissionsDirNotFound, 'Permissions directory not found' unless Dir.exist?(path)
+
+      @permissions_dir_path = path
+    end
+
+    def scope_name(klass)
+      [klass.name.underscore, 'permissions'].join('_').to_sym
+    end
+
+    def load_permissions_file(klass)
+      if RUBY_VERSION.to_f >= 3.1
+        YAML.load_file(permission_file_path(klass), aliases: true)
+      else
+        YAML.load_file(permission_file_path(klass))
+      end
+    end
+
+    def permission_file_path(klass)
+      File.join(permissions_dir_path, "#{klass.name.underscore}.yml")
+    end
+  end
+end

data/lib/permission_settings/patcher.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'byebug'
+require_relative 'verify_instance'
+
+module PermissionSettings
+  # Class that defines core functionality
+  class Patcher
+    attr_reader :klass
+
+    def initialize(klass)
+      @klass = klass
+    end
+
+    def self.call(klass)
+      new(klass).call
+    end
+
+    def call
+      setup_settings_interface
+      setup_instance_verification
+    end
+
+    private
+
+    def setup_settings_interface
+      klass.class_eval do
+        has_settings do |s|
+          s.key PermissionSettings.configuration.scope_name(self),
+                defaults: PermissionSettings.configuration.load_permissions_file(self)
+        end
+      end
+    end
+
+    def setup_instance_verification
+      role_method = PermissionSettings.configuration.role_access_method
+
+      klass.class_eval do
+        define_method(:can?) do |*keys, resource: nil, &block|
+          PermissionSettings::VerifyInstance.call(keys,
+                                                  role: send(role_method),
+                                                  resource: resource,
+                                                  &block)
+        end
+      end
+    end
+  end
+end

data/lib/permission_settings/verify.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'byebug'
+require 'active_support/hash_with_indifferent_access'
+
+module PermissionSettings
+  class Verify
+    def initialize(permission_keys, role, resource, &block)
+      @permission_keys = permission_keys.map(&:to_s)
+      @role = role
+      @resource = resource
+      @block = block
+      @scope = PermissionSettings.configuration.scope_name(resource.class)
+    end
+
+    def self.call(permission_keys = [], role: nil, resource: nil, &block)
+      new(permission_keys, role, resource, &block).call
+    end
+
+    def call
+      extract_permission_value
+      raise_not_found_error if permission_value.nil?
+    end
+
+    private
+
+    attr_reader :permission_keys, :role, :resource, :block, :permission_value, :scope
+
+    def extract_permission_value
+      fetch_record_permission_value
+      fetch_default_permissions_value if @permission_value.nil?
+    end
+
+    def fetch_record_permission_value
+      @permission_value = action_permitted?(*permission_keys,
+                                            resource_permissions.presence || default_permissions)
+    end
+
+    def fetch_default_permissions_value
+      @permission_value = action_permitted?(*permission_keys, default_permissions)
+    end
+
+    def action_permitted?(*permission_keys, permissions)
+      permissions.dig(role, *permission_keys.reverse)
+    end
+
+    def resource_permissions
+      ActiveSupport::HashWithIndifferentAccess.new(resource.settings(scope).value)
+    end
+
+    def default_permissions
+      ActiveSupport::HashWithIndifferentAccess.new(resource.default_settings[scope])
+    end
+
+    def raise_not_found_error
+      keys = permission_keys.reverse.unshift(role).join('.')
+      raise NotFoundError, "You need to set #{keys} permission in #{resource.class} class"
+    end
+  end
+end

data/lib/permission_settings/verify_instance.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require_relative 'verify'
+
+module PermissionSettings
+  # comment
+  class VerifyInstance < PermissionSettings::Verify
+    def call
+      super
+      return permission_value unless block_given?
+
+      permission_value && block.call
+    end
+  end
+end

data/lib/permission_settings/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PermissionSettings
-  VERSION = '0.1.0'
+  VERSION = '1.0.0'
 end

data/lib/permission_settings.rb

@@ -1,8 +1,26 @@
 # frozen_string_literal: true
 
+require 'byebug'
+
 require_relative 'permission_settings/version'
+require_relative 'permission_settings/patcher'
+require_relative 'permission_settings/configuration'
 
+# Gem entrypoint
 module PermissionSettings
-  class Error < StandardError; end
-  # Your code goes here...
+  class NotFoundError < StandardError; end
+
+  class << self
+    def included(klass)
+      PermissionSettings::Patcher.call(klass)
+    end
+
+    def configuration
+      @configuration ||= Configuration.new
+    end
+
+    def configure
+      yield(configuration)
+    end
+  end
 end

data/permission_settings.gemspec

@@ -11,11 +11,11 @@ Gem::Specification.new do |spec|
   spec.summary = 'Allows to dynamically set, retrieve and check permissions of your resource model'
   spec.homepage = 'https://github.com/Misha7776/permission_settings'
   spec.license = 'MIT'
-  spec.required_ruby_version = '>= 2.6.0'
+  spec.required_ruby_version = '>= 3.0.0'
 
-  spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = spec.homepage
   spec.metadata['changelog_uri'] = 'https://github.com/Misha7776/permission_settings/main/CHANGELOG.md'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -30,8 +30,6 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   # Uncomment to register a new dependency of your gem
-  # spec.add_dependency "example-gem", "~> 1.0"
-
-  # For more information and examples about making a new gem, check out our
-  # guide at: https://bundler.io/guides/creating_gem.html
+  spec.add_dependency 'activesupport', '~> 7.0.0'
+  spec.add_dependency 'ledermann-rails-settings', '~> 2.6.1'
 end

metadata

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: permission_settings
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Misha Push
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-01-17 00:00:00.000000000 Z
-dependencies: []
+date: 2024-01-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+- !ruby/object:Gem::Dependency
+  name: ledermann-rails-settings
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.6.1
 description:
 email:
 - m.push@coaxsoft.com
@@ -17,7 +45,6 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".idea/.gitignore"
 - ".rspec"
 - ".rubocop.yml"
 - CHANGELOG.md
@@ -25,17 +52,23 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- config/custom_permissions/user.yml
+- config/initializers/permission_settings.rb
+- config/permissions/user.yml
 - lib/permission_settings.rb
+- lib/permission_settings/configuration.rb
+- lib/permission_settings/patcher.rb
+- lib/permission_settings/verify.rb
+- lib/permission_settings/verify_instance.rb
 - lib/permission_settings/version.rb
 - permission_settings.gemspec
-- sig/permission_settings.rbs
 homepage: https://github.com/Misha7776/permission_settings
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://github.com/Misha7776/permission_settings
   source_code_uri: https://github.com/Misha7776/permission_settings
   changelog_uri: https://github.com/Misha7776/permission_settings/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -44,7 +77,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="

data/.idea/.gitignore

@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Editor-based HTTP Client requests
-/httpRequests/
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml

data/sig/permission_settings.rbs

@@ -1,4 +0,0 @@
-module PermissionSettings
-  VERSION: String
-  # See the writing guide of rbs: https://github.com/ruby/rbs#guides
-end