rails-canhaz 0.0.0 → 0.1.1

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+Gemfile.lock
+*.sqlite3
+

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+gem "activerecord", :require => "active_record"
+gem "sqlite3"

data/README.md

@@ -0,0 +1,74 @@
+# Rails-Canhaz
+
+This gem is a simple activerecord extention that allows any application using activerecord to manage permissions based roles.
+
+## Installation
+
+Standard gem installation :
+
+```
+gem install rails-canhaz
+```
+
+Or in your Gemfile if you use bundler
+
+```ruby
+gem 'rails-canhaz'
+```
+
+You then need to create a single table in order to make this gem to work
+
+Here is the schema of this table, if you're using ruby on rails, you should create a migration :
+
+```ruby
+create_table :can_haz_permissions do |t|
+  t.integer :csubject_id
+  t.string :csubject_type
+
+  t.integer :cobject_id
+  t.string :cobject_type
+
+  t.string :permission_name
+end
+
+add_index :can_haz_permissions, :csubject_id, :name => 'subject_id_ix'
+add_index :can_haz_permissions, :cobject_id, :name => 'object_id_ix'
+```
+
+## How to use it ?
+
+The rails-canhaz gem defines two static functions for ActiveRecord models which allow them to act as a subject or an object.
+
+A subject has roles on objects.
+
+Here is an example
+
+```ruby
+class User < ActiveRecord::Base
+  acts_as_canhaz_subject
+end
+
+class Article < ActiveRecord::Base
+  acts_as_canhaz_object
+end
+```
+
+Now our models are marked as canhaz subjects and objects, we have access to some handy functions :
+
+
+```ruby
+user = User.find(42)
+article = Article.find(1337)
+
+user.can?(:read, article) # Can the user read this article? false for now
+
+user.can(:read, article) # Ok, so the user can read this article
+
+user.can?(:read, article) # Will be true
+
+user.objects_with_permission(Article, :read) # Will return all the articles w/ read permissions for this user
+
+artice.subjects_with_permission(User, :read) # Will return all the users hat are able to read this article
+```
+
+More coming soon ...

data/Rakefile

@@ -0,0 +1,8 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/lib/rails-canhaz/canhaz_permission.rb

@@ -0,0 +1,27 @@
+require 'active_record'
+
+class CanHazPermission < ActiveRecord::Base
+
+  validates :cobject_id, :uniqueness => {:scope => [:permission_name, :csubject_id]}
+
+  # Gets the permission row between two objects
+  #
+  # @param subject [ActiveRecord::Base] The subject
+  # @param object [ActiveRecord::Base] The object
+  # @param permission [String, Symbol] The permission identifier
+  # @return [CanHazPermission, nil] The corresponding permission if found or nil
+  def self.find_permission(subject, object, permission)
+    raise NotACanHazSubject unless subject.canhaz_subject?
+    raise NotACanHazObject unless object.canhaz_object?
+
+    results = CanHazPermission.where(
+      :csubject_id      => subject.id,
+      :csubject_type    => subject.class.to_s,
+      :cobject_id       => object.id,
+      :cobject_type     => object.class.to_s,
+      :permission_name  => permission
+    )
+    results.first
+  end
+
+end

data/lib/rails-canhaz/exceptions.rb

@@ -0,0 +1,6 @@
+module CanHaz
+  module Exceptions
+    class NotACanHazSubject < StandardError; end
+    class NotACanHazObject < StandardError; end
+  end
+end

data/lib/rails-canhaz/extensions_all.rb

@@ -0,0 +1,21 @@
+module CanHaz
+  module ModelExtensions
+    module All
+
+      # Returns if a model is registered as a canhaz subject
+      #
+      # @return [Bool] Whether or not the model is a canhaz subject
+      def canhaz_subject?
+        false
+      end
+
+      # Returns if a model is registered as a canhaz object
+      #
+      # @return [Bool] Whether or not the model is a canhaz object
+      def canhaz_object?
+        false
+      end
+
+    end
+  end
+end

data/lib/rails-canhaz/extensions_object.rb

@@ -0,0 +1,33 @@
+module CanHaz
+  module ModelExtensions
+    module Object
+
+      # Checks if the model is accessible by a given subject and a given permission
+      # This is a proxy to subject.can?(permission, subject)
+      #
+      # @param subject [ActiveRecord::Base] The subject we are testing
+      # @param permission [String, Symbol] The permission we want to test the subject on
+      # @return [Boolean] True if the subject has the permission on this object, false otherwise
+      def accessible_by?(subject, permission)
+        subject.can?(permission, self)
+      end
+
+      # Gets the subjects that have the corresponding permission and type on this model
+      #
+      # @param type [Class] The type of the subjects we're looking for
+      # @param permission [String, Symbol] The permission
+      def subjects_with_permission(type, permission)
+        results = CanHazPermission.where('cobject_id = ? AND cobject_type = ?', self.id, self.class.to_s).where('csubject_type = ?', type.to_s).where('permission_name = ?', permission)
+
+        ids = results.collect { |r| r.csubject_id }
+
+        type.where('id IN (?)', ids)
+      end
+
+      def canhaz_object?
+        true
+      end
+
+    end
+  end
+end

data/lib/rails-canhaz/extensions_subject.rb

@@ -0,0 +1,71 @@
+module CanHaz
+  module ModelExtensions
+    module Subject
+
+      # Creates a permission on a given object
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [ActiveRecord::Base] The model on which the permission is effective
+      # @return [Bool] True if the role was successfully created, false if it was already present
+      def can(permission, object)
+        raise Exceptions::NotACanHazObject unless object.canhaz_object?
+        CanHazPermission.new({
+          :csubject_id       => self.id,
+          :csubject_type     => self.class.to_s,
+          :cobject_type      => object.class.to_s,
+          :cobject_id        => object.id,
+          :permission_name  => permission
+          }).save
+      end
+
+      # Checks if the subject has a given permission on a given object
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [ActiveRecord::Base] The model we are testing the permission on
+      # @return [Bool] True if the user has the given permission, false otherwise
+      def can?(permission, object)
+        raise Exceptions::NotACanHazObject unless object.canhaz_object?
+        CanHazPermission.find_permission(self, object, permission) != nil
+      end
+
+      # Removes a permission on a given object
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [ActiveRecord::Base] The model on which the permission is effective
+      # @return [Bool] True if the role was successfully removed, false if it did not exist
+      def cannot(permission, object)
+        permission = CanHazPermission.find_permission(self, object, permission)
+        return false if permission.nil?
+        permission.destroy and return true
+      end
+
+      # Checks if the subject does not have a given permission on a given object
+      # Acts as a proxy of !subject.can?(permission, object)
+      #
+      # @param permission [String, Symbol] The identifier of the permission
+      # @param object [ActiveRecord::Base] The model we are testing the permission on
+      # @return [Bool] True if the user has not the given permission, false otherwise
+      def cannot?(permission, object)
+        !self.can?(permission, object)
+      end
+
+      # Gets All objects that match a given type and permission
+      #
+      # @param type [Class] The type of the objects
+      # @param permission [String, Symbol] The name of the permission
+      # @return The macthing objects in an array
+      def objects_with_permission(type, permission = nil)
+        results = CanHazPermission.where('csubject_id = ? AND csubject_type = ?', self.id, self.class.to_s).where('cobject_type = ?', type.to_s).where('permission_name = ?', permission)
+
+        ids = results.collect { |r| r.cobject_id }
+
+        type.where('id IN (?)', ids)
+      end
+
+      def canhaz_subject?
+        true
+      end
+
+    end
+  end
+end

data/lib/rails-canhaz/model_extensions.rb

@@ -0,0 +1,30 @@
+require 'rails-canhaz/extensions_subject'
+require 'rails-canhaz/extensions_object'
+require 'rails-canhaz/extensions_all'
+
+module CanHaz
+  module ModelExtensions
+    def self.included(base)
+      base.send(:extend, ClassMethods)
+      base.send(:include, CanHaz::ModelExtensions::All)
+    end
+  end
+
+  module ClassMethods
+
+    ##
+    # Marks the current model as a canhaz object for authorizations
+    #
+    def acts_as_canhaz_object
+      include CanHaz::ModelExtensions::Object
+    end
+
+    ##
+    # Marks the current model as a canhaz subject for authorizations
+    #
+    def acts_as_canhaz_subject
+      include CanHaz::ModelExtensions::Subject
+    end
+
+  end
+end

data/lib/rails-canhaz.rb

@@ -1,5 +1,7 @@
-class CanHaz
-  def self.hi
-    puts "Hello world, this is WIP :)"
-  end
+require 'rails-canhaz/exceptions'
+require 'rails-canhaz/model_extensions'
+require 'rails-canhaz/canhaz_permission'
+
+if defined? ActiveRecord::Base
+  ActiveRecord::Base.send(:include, CanHaz::ModelExtensions)
 end

data/rails-canhaz.gemspec

@@ -0,0 +1,13 @@
+Gem::Specification.new do |s|
+  s.name        = 'rails-canhaz'
+  s.version     = '0.1.1'
+  s.date        = '2012-04-16'
+  s.summary     = "A simple gem for managing permissions between rails models"
+  s.description = "A simple gem for managing permissions between rails models"
+  s.authors     = ["Adrien Siami (Intrepidd)"]
+  s.email       = 'adrien@siami.fr'
+  s.files       = `git ls-files`.split("\n")
+
+  s.homepage    =
+    'http://github.com/Intrepidd/rails-canhaz'
+end

data/test/init_tests.rb

@@ -0,0 +1,6 @@
+require 'rubygems'
+require 'active_record'
+require 'active_support'
+
+ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => 'test.sqlite3')
+

data/test/models/foo_model.rb

@@ -0,0 +1,5 @@
+require 'active_record'
+require 'rails-canhaz'
+
+class FooModel < ActiveRecord::Base
+end

data/test/models/object_model.rb

@@ -0,0 +1,8 @@
+require 'active_record'
+require 'rails-canhaz'
+
+class ObjectModel < ActiveRecord::Base
+
+  acts_as_canhaz_object
+
+end

data/test/models/subject_model.rb

@@ -0,0 +1,8 @@
+require 'active_record'
+require 'rails-canhaz'
+
+class SubjectModel < ActiveRecord::Base
+
+  acts_as_canhaz_subject
+
+end

data/test/schema.rb

@@ -0,0 +1,33 @@
+
+ActiveRecord::Base.connection.execute("DROP TABLE IF EXISTS 'object_models'")
+ActiveRecord::Base.connection.execute("DROP TABLE IF EXISTS 'subject_models'")
+ActiveRecord::Base.connection.execute("DROP TABLE IF EXISTS 'can_haz_permissions'")
+ActiveRecord::Base.connection.execute("DROP TABLE IF EXISTS 'foo_models'")
+
+ActiveRecord::Schema.define(:version => 0) do
+
+  create_table :object_models do |t|
+
+  end
+
+  create_table :subject_models do |t|
+
+  end
+
+  create_table :can_haz_permissions do |t|
+    t.integer :csubject_id
+    t.string :csubject_type
+
+    t.integer :cobject_id
+    t.string :cobject_type
+
+    t.string :permission_name
+  end
+
+  add_index :can_haz_permissions, :csubject_id, :name => 'subject_id_ix'
+  add_index :can_haz_permissions, :cobject_id, :name => 'object_id_ix'
+
+  create_table :foo_models do |t|
+  end
+
+end

data/test/test_canhaz.rb

@@ -0,0 +1,155 @@
+require 'init_tests'
+require 'rails-canhaz'
+require 'test/unit'
+require 'models/object_model'
+require 'models/subject_model'
+require 'models/foo_model'
+
+load 'schema.rb'
+
+class CanHazTest < Test::Unit::TestCase
+
+  def test_methods
+    assert ActiveRecord::Base.respond_to? :acts_as_canhaz_object
+    assert ActiveRecord::Base.respond_to? :acts_as_canhaz_subject
+
+
+    foo = FooModel.new
+
+    assert foo.canhaz_object? == false
+    assert foo.canhaz_subject? == false
+
+    object = ObjectModel.new
+
+    assert object.canhaz_object?
+    assert object.canhaz_subject? == false
+
+    subject = SubjectModel.new
+
+    assert subject.canhaz_subject?
+    assert subject.canhaz_object? == false
+
+  end
+
+  def test_exceptions
+    foo = FooModel.new
+
+    subject = SubjectModel.new
+
+    object = ObjectModel.new
+
+    assert_raise CanHaz::Exceptions::NotACanHazObject do
+        subject.can(:whatever, foo)
+    end
+
+    assert_nothing_raised RuntimeError do
+        subject.can(:whatever, object)
+    end
+
+    assert_raise CanHaz::Exceptions::NotACanHazObject do
+        subject.can?(:whatever, foo)
+    end
+
+    assert_nothing_raised RuntimeError do
+        subject.can?(:whatever, object)
+    end
+
+  end
+
+  def test_can
+    subject = SubjectModel.new
+    subject.save
+
+    object = ObjectModel.new
+    object.save
+
+    assert subject.can?(:foo, object) == false
+    assert subject.can?(:bar, object) == false
+
+    assert object.accessible_by?(subject, :foo) == false
+    assert object.accessible_by?(subject, :bar) == false
+
+    assert subject.can(:foo, object)
+    assert subject.can(:bar, object)
+
+    assert subject.can(:foo, object) == false
+    assert subject.can(:bar, object) == false
+
+    assert subject.can?(:foo, object)
+    assert subject.can?(:bar, object)
+
+    assert object.accessible_by?(subject, :foo)
+    assert object.accessible_by?(subject, :bar)
+
+    assert subject.objects_with_permission(ObjectModel, :foo).count == 1
+    assert subject.objects_with_permission(ObjectModel, :foo).first == object
+
+    assert subject.objects_with_permission(ObjectModel, :bar).count == 1
+    assert subject.objects_with_permission(ObjectModel, :bar).first == object
+
+    assert subject.objects_with_permission(ObjectModel, :foobar).count == 0
+
+  end
+
+  def test_can_cannot
+    subject = SubjectModel.new
+    subject.save
+
+    object = ObjectModel.new
+    object.save
+
+    assert subject.can?(:foo, object) == false
+    assert subject.cannot(:foo, object) == false
+
+    subject.can(:foo, object)
+    subject.can(:bar, object)
+
+    assert subject.can?(:foo, object)
+    assert subject.can?(:bar, object)
+
+    assert subject.cannot(:foo, object) == true
+
+    assert subject.can?(:foo, object) == false
+    assert subject.can?(:bar, object) == true
+  end
+
+  def test_subjects_from_object
+    object = ObjectModel.new
+    object.save
+
+    s1 = SubjectModel.new
+    s2 = SubjectModel.new
+    s3 = SubjectModel.new
+
+    s1.save
+    s2.save
+    s3.save
+
+    s1.can(:foo, object)
+    s2.can(:bar, object)
+    s3.can(:foo, object)
+
+    foo = object.subjects_with_permission(SubjectModel, :foo)
+
+    assert foo.include?(s1) == true
+    assert foo.include?(s2) == false
+    assert foo.include?(s3) == true
+
+    s3.cannot(:foo, object)
+
+    foo = object.subjects_with_permission(SubjectModel, :foo)
+
+    assert foo.include?(s1) == true
+    assert foo.include?(s2) == false
+    assert foo.include?(s3) == false
+
+    bar = object.subjects_with_permission(SubjectModel, :bar)
+
+    assert bar.include?(s1) == false
+    assert bar.include?(s2) == true
+    assert bar.include?(s3) == false
+
+  end
+
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails-canhaz
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.1.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-03-30 00:00:00.000000000 Z
+date: 2012-04-16 00:00:00.000000000 Z
 dependencies: []
 description: A simple gem for managing permissions between rails models
 email: adrien@siami.fr
@@ -17,8 +17,26 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
 - lib/rails-canhaz.rb
-homepage: http://rubygems.org/gems/rails-canhaz
+- lib/rails-canhaz/canhaz_permission.rb
+- lib/rails-canhaz/exceptions.rb
+- lib/rails-canhaz/extensions_all.rb
+- lib/rails-canhaz/extensions_object.rb
+- lib/rails-canhaz/extensions_subject.rb
+- lib/rails-canhaz/model_extensions.rb
+- rails-canhaz.gemspec
+- test/.gitkeep
+- test/init_tests.rb
+- test/models/foo_model.rb
+- test/models/object_model.rb
+- test/models/subject_model.rb
+- test/schema.rb
+- test/test_canhaz.rb
+homepage: http://github.com/Intrepidd/rails-canhaz
 licenses: []
 post_install_message: 
 rdoc_options: []
@@ -38,8 +56,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.17
+rubygems_version: 1.8.21
 signing_key: 
 specification_version: 3
 summary: A simple gem for managing permissions between rails models
 test_files: []
+has_rdoc: