rad_kit 0.0.8 → 0.0.9

data/lib/kit/models/authorized.rb

@@ -1,50 +1,50 @@
-module Mongoid::Authorized
-  extend ActiveSupport::Concern
-  
+module Models::Authorized
   class << self
     attr_writer :custom_permissions
-    def custom_permissions; @custom_permissions ||= {} end    
+    def custom_permissions; @custom_permissions ||= {} end
     def permissions
       @default_permissions ||= YAML.load_file("#{__FILE__.dirname}/default_permissions.yml").freeze
       @default_permissions.merge(rad.config.permissions).merge(custom_permissions)
     end
   end
-  
-  included do
+
+  rad.extension :model_authorization, self do
+    define_method(:roles){@roles ||= []}
+    attr_writer :roles
+    # field :roles, type: Array, protected: true, default: []
+
+    alias_method :mm_roles,  :roles
+    alias_method :mm_roles=, :roles=
+
+    attr_accessor :admin
+    # field :admin, type: Boolean, protected: true, default: false
+  end
+
+  inherited do
     validate :validate_anonymous
-    validates_exclusion_of :name, in: Role::PRESERVED_USER_NAMES, if: lambda{|u| u.new_record?}                    
-
-    rad.extension :model_authorization, self do
-      field :roles, type: Array, protected: true, default: []
-      alias_method :mm_roles,  :roles
-      alias_method :mm_roles=, :roles=          
-    
-      field :admin, type: Boolean, protected: true, default: false                        
-    end
-    
-    alias_method :roles, :handy_roles
+    validates_exclusion_of :name, in: Role::PRESERVED_USER_NAMES, if: lambda{|u| u.new_record?}
   end
-       
+
   module ClassMethods
     def anonymous
       Models::User.by_name('anonymous') || raise("You probably don't create Anonymous User!")
     end
   end
-  
-  # 
+
+  #
   # Owner
-  # 
+  #
   def owner_name; anonymous? ? nil : name end
-  
+
   def owner? object
     !object.blank? and !name.blank? and !anonymous? and object.respond_to(:owner_name) == self.name
   end
-  
-  # 
+
+  #
   # Roles
-  # 
+  #
   def self.anonymous? name; name == 'anonymous' end
-  def anonymous?; Mongoid::Authorized.anonymous?(name) end    
+  def anonymous?; Models::Authorized.anonymous?(name) end
 
   def registered?
     !anonymous?
@@ -55,11 +55,11 @@ module Mongoid::Authorized
     unless roles.include? role
       if role == 'admin'
         self.admin = true
-      else                      
+      else
         self.mm_roles -= Role.denormalize_to_lower_roles [role]
         self.mm_roles += [role]
-      end          
-      clear_cache
+      end
+      _cache.clear
     end
     roles
   end
@@ -72,18 +72,18 @@ module Mongoid::Authorized
       else
         self.mm_roles -= Role.denormalize_to_higher_roles [role]
       end
-      clear_cache
-    end    
+      _cache.clear
+    end
     roles
   end
-      
-  def handy_roles        
-    unless roles = cache[:roles]            
+
+  def handy_roles
+    unless roles = _cache[:roles]
       roles = if self.mm_roles.empty?
         ['user']
       else
         Role.denormalize_to_lower_roles self.mm_roles
-      end            
+      end
       if anonymous?
         roles << 'anonymous'
       else
@@ -94,77 +94,78 @@ module Mongoid::Authorized
         roles << 'admin'
         %w(manager member).each{|r| roles << r unless roles.include? r}
       end
-      
+
       roles.must_be == roles.uniq
-      
-      roles = HandyRoles.new roles.sort                                              
-      cache[:roles] = roles
+
+      roles = HandyRoles.new roles.sort
+      _cache[:roles] = roles
     end
     roles
   end
+  alias_method :roles, :handy_roles
 
   def major_roles
-    cache[:major_roles] ||= Role.major_roles roles
+    _cache[:major_roles] ||= Role.major_roles roles
   end
 
   def has_role? role
     roles.include? role
   end
-  
-  
-  # 
+
+
+  #
   # can?
-  #       
+  #
   def can? operation, object = nil
     operation = operation.to_s
-    
+
     return true if has_role?(:admin)
 
     custom_method = "able_#{operation}?"
     return object.send custom_method, self if object.respond_to? custom_method
-    
+
     (
-      effective_permissions[operation] or 
+      effective_permissions[operation] or
       (owner?(object) and effective_permissions_as_owner[operation])
     )
   end
-  
+
   def can_view? object
     can? :view, object
   end
-  
-  
-  # 
+
+
+  #
   # Effective Permissions
-  # 
+  #
   def effective_permissions
-    unless ep = cache[:effective_permissions]          
+    unless ep = _cache[:effective_permissions]
       ep = calculate_effective_roles_for roles
-      cache[:effective_permissions] = ep
+      _cache[:effective_permissions] = ep
     end
     ep
   end
 
   def effective_permissions_as_owner
-    unless epo = cache[:effective_permissions_as_owner]          
+    unless epo = _cache[:effective_permissions_as_owner]
       epo = calculate_effective_roles_for ['owner']
-      cache[:effective_permissions_as_owner] = epo
+      _cache[:effective_permissions_as_owner] = epo
     end
     epo
   end
 
-  protected                  
-    def calculate_effective_roles_for roles      
+  protected
+    def calculate_effective_roles_for roles
       effective_permissions = {}
-      permissions = ::Mongoid::Authorized.permissions      
+      permissions = ::Models::Authorized.permissions
       permissions.each do |operation, allowed_roles|
         operation = operation.to_s
         effective_permissions[operation.to_s] = roles.any?{|role| allowed_roles.include? role}
       end
       effective_permissions
     end
-  
-    def validate_anonymous          
+
+    def validate_anonymous
       errors.add :base, "Anonymous can't have any roles!" if anonymous? and !self.mm_roles.blank?
     end
 
@@ -173,7 +174,7 @@ module Mongoid::Authorized
         super role.to_s
       end
       alias_method :has?, :include?
-      
+
       protected
         def method_missing m, *args, &block
           m = m.to_s
@@ -182,5 +183,5 @@ module Mongoid::Authorized
           self.include? m[0..-2]
         end
     end
-      
+
 end

data/lib/kit/models/authorized_object.rb

@@ -1,166 +1,163 @@
-module Mongoid::AuthorizedObject
-  extend ActiveSupport::Concern
-  
-  included do
-    field :owner_name, 
-      type: String, 
-      default: lambda{rad.user? ? rad.user.name : nil}, 
-      protected: true
-    attr_protected :owner
-
-    field :collaborators, 
-      type: Array, 
-      default: [], 
-      protected: true
-    
-    # Contains the role and all upper roles. So complex becouse we need it in indexes.    
-    field :viewers, 
-      type: Array, 
-      default: lambda{(
-        (rad.user? ? ['manager', "user:#{rad.user.name}"] : ['manager']) +
-        Array.wrap(rad.config.default_viewers)
-      ).uniq.sort}, 
-      protected: true
-   
+module Models::AuthorizedObject
+  attr_writer :owner_name
+  def owner_name
+    @owner_name ||= rad.user? ? rad.user.name : nil
+  end
+
+  attr_writer :collaborators
+  def collaborators; @collaborators ||= [] end
+
+  attr_writer :viewers
+  def viewers
+    @viewers ||= (
+      (rad.user? ? ['manager', "user:#{rad.user.name}"] : ['manager']) +
+      Array.wrap(rad.config.default_viewers)
+    ).uniq.sort
+  end
+
+  inherited do
+    before_create :owner_name
     validates_presence_of :owner_name
+
+    before_create :viewers
     validate :validate_viewers
     validate :validate_collaborators
   end
-  
-  # 
+
+  #
   # Owner
-  # 
+  #
   def owner
     return nil if owner_name.blank?
-    cache[:owner] ||= Models::User.by_name!(owner_name)
-  end      
+    _cache[:owner] ||= Models::User.by_name!(owner_name)
+  end
 
   def owner= user
     user.must_be.an Models::User
-    cache[:owner] = user
+    _cache[:owner] = user
     self.owner_name = user.name
     user
   end
-      
-  # TODO3 update it later, MM uses public API to unmarshal object 
+
+  # TODO3 update it later, MM uses public API to unmarshal object
   # http://groups.google.com/group/mongomapper/browse_thread/thread/ab34457e0ba9c472#
-  def owner_name= name                    
+  def owner_name= name
     owner_role = "user:#{name}"
     old_owner_role = "user:#{owner_name}"
-    
+
     unless viewers.include? owner_role
       viewers.delete old_owner_role
       viewers << owner_role
       viewers.sort!
     end
-    
+
     # write_attribute :owner_name, name
-    super name
-    clear_cache
+    @owner_name = name
+    _cache.clear
     owner_name
   end
 
-  # 
+  #
   # Viewers and Collaborators
-  # 
+  #
   def add_viewer role
     role = role.to_s
-    should_be_valid_user_input_role role                    
-    
-    return if viewers.include? role          
-    
+    should_be_valid_user_input_role role
+
+    return if viewers.include? role
+
     roles = viewers
-    roles << role          
-    roles = Role.denormalize_to_higher_roles roles          
+    roles << role
+    roles = Role.denormalize_to_higher_roles roles
     roles << 'manager' unless roles.include? 'manager'
     self.viewers = roles.sort
     viewers
   end
-  
+
   def remove_viewer role
     role = role.to_s
-    should_be_valid_user_input_role role          
-    
+    should_be_valid_user_input_role role
+
     return unless viewers.include? role
-    
+
     roles = viewers
     Role.denormalize_to_higher_roles([role]).each do |r|
       roles.delete r
     end
     roles << 'manager' unless roles.include? 'manager'
     self.viewers = roles.sort
-    
+
     remove_collaborator role
-    
+
     viewers
   end
-  
+
   def minor_viewers
-    unless minor_viewers = cache[:minor_viewers]
+    unless minor_viewers = _cache[:minor_viewers]
       viewers = self.viewers.clone
       viewers.delete 'manager'
       minor_viewers = Role.minor_roles viewers
-      cache[:minor_viewers] = minor_viewers
+      _cache[:minor_viewers] = minor_viewers
     end
     minor_viewers
   end
-  
+
   def add_collaborator role
     role = role.to_s
     should_be_valid_user_input_role role
     return if collaborators.include? role
-    collaborators = self.collaborators.clone       
+    collaborators = self.collaborators.clone
     collaborators << role
     self.collaborators = collaborators
-    
+
     add_viewer role
-    
+
     collaborators
   end
-  
+
   def remove_collaborator role
     role = role.to_s
-    should_be_valid_user_input_role role                    
+    should_be_valid_user_input_role role
     collaborators.delete role
     collaborators
   end
-  
+
   def normalized_collaborators
-    unless normalized_collaborators = cache[:normalized_collaborators]
+    unless normalized_collaborators = _cache[:normalized_collaborators]
       normalized_collaborators = Role.denormalize_to_higher_roles collaborators
-      normalized_collaborators << "user:#{owner_name}" unless Mongoid::Authorized.anonymous?(owner_name)
+      normalized_collaborators << "user:#{owner_name}" unless Models::Authorized.anonymous?(owner_name)
       normalized_collaborators.sort!
-      cache[:normalized_collaborators] = normalized_collaborators
+      _cache[:normalized_collaborators] = normalized_collaborators
     end
     normalized_collaborators
   end
 
-  # 
+  #
   # Special Permissions
-  # 
+  #
   def able_view? user
     user.roles.any?{|role| viewers.include? role}
   end
-  
+
   def able_update? user
     user.roles.any?{|role| normalized_collaborators.include? role}
   end
-  
-  protected        
+
+  protected
     def should_be_valid_user_input_role role
       role.must_not ==  'manager'
       role.must_not == "user:#{owner_name}"
     end
-  
+
     def validate_viewers
       viewers.must == viewers.uniq
-                                  
+
       viewers.must.include 'manager' # always
       viewers.must.include "user:#{owner_name}"
     end
-    
+
     def validate_collaborators
       collaborators.must_not.include "user:#{owner_name}"
     end
-    
+
 end