righter 0.0.1

data/lib/injections/righter_for_user.rb

@@ -0,0 +1,186 @@
+module RighterForUser
+  include ActionView::Helpers::TextHelper
+  extend ActiveSupport::Concern
+
+  # when includes into an ActiveRecord::Model, creates associations for both model and RighterRole
+  # class RighterRoleModel must exist
+  included do
+    model_sym = model_name.human(count: :many).to_s.underscore.to_sym
+    model_plural_name = ActiveModel::Naming.plural(self)
+    relation = "righter_roles_#{model_plural_name}".to_sym
+    join_class = "RighterRoles#{self}".constantize
+
+    # associate me with RighterRole
+    has_many :righter_roles, -> { uniq }, through: relation
+    has_many relation, dependent: :destroy
+
+    # associate RighterRole with me
+    RighterRole.send :has_many, relation, dependent: :destroy
+    RighterRole.send :has_many, model_sym, through: relation, class_name: to_s
+    RighterRole.send :has_many, model_plural_name.to_sym, through: relation, source: model_sym
+
+    # associate _join_class_
+    # FIXME: check for existing reflections?
+    join_class.send :belongs_to, :righter_role
+    join_class.send :belongs_to, model_name.to_s.underscore.to_sym
+    join_class.send :has_many, model_plural_name.to_sym
+  end
+
+  # @return [Array<RighterRight>}
+  # scope returning associated RighterrRights
+  def righter_rights
+    @@users_id ||= self.class.arel_table[:id]
+    @@right_id ||= RighterRight.arel_table[:id]
+    @@righter_user_class ||= ActiveModel::Naming.singular(self)
+    right_ids = RighterRight.joins(righter_roles: @@righter_user_class).where(@@users_id.eq(id)).select(@@right_id).collect &:id
+    RighterRight.where id: right_ids.uniq
+  end
+
+  def add_role(role)
+    RighterRight.clear_cache
+    if role.class != RighterRole
+      fail RighterError.new("User.add_role accepts only RighterRole instance as input (provided :#{role.class.inspect})")
+    end
+    righter_roles << role
+    save!
+  end
+
+  def remove_role(role)
+    RighterRight.clear_cache
+    if role.class != RighterRole
+      fail RighterError.new("User.add_role accepts only RighterRole instance as input (provided :#{role.class.inspect})")
+    end
+    righter_roles.delete role
+  end
+
+  def righter_accessible?(opts = {})
+    if opts[:resource]
+      righter_accessible_resource? opts
+
+    elsif opts[:role]
+      righter_accessible_role? opts[:role]
+
+    elsif opts[:right]
+      righter_accessible_right? opts[:right]
+
+    elsif opts[:controller] && opts[:action]
+      righter_accessible_ca? opts[:controller], opts[:action]
+
+    else
+      fail RighterError.new("User.righter_accessible? expects as parameter role/right/controller+action. provided: #{opts.inspect}")
+    end
+  end
+
+  def grantable_roles
+    righter_roles.collect(&:grantable_roles).flatten
+  end
+
+  # should we raise RighterError when user is trying to break the grant rules ?
+  def update_roles_with_respect_to_grants(list_of_roles)
+    user_who_is_updating_roles = User.current_user
+    user_whom_roles_will_be_updated = self
+
+    RighterRight.clear_cache
+
+    User.transaction do
+      remove_all_roles_which_can_be_granted
+
+      grantable_roles = user_who_is_updating_roles.grantable_roles
+      list_of_roles.each do |role|
+        if grantable_roles.include? role
+          user_whom_roles_will_be_updated.add_role role
+        end
+      end
+    end
+  end
+
+  def can?(right_name, resource)
+    righter_accessible_resource?(right: right_name, resource: resource)
+  end
+
+  private
+
+  def remove_all_roles_which_can_be_granted
+    user_who_is_updating_roles = User.current_user
+    user_whom_roles_will_be_updated = self
+
+    user_who_is_updating_roles.grantable_roles.each do |grantable_role|
+      if user_whom_roles_will_be_updated.righter_roles.include? grantable_role
+        user_whom_roles_will_be_updated.remove_role grantable_role
+      end
+    end
+  end
+
+  def righter_accessible_resource?(opts)
+    resource = opts[:resource]
+    fail RighterError('cannot check rights for nil resource') unless resource
+
+    unless opts[:right]
+      fail RighterError.new('option :right is missing - which right should be checked on a resource?')
+    end
+
+    unless resource.respond_to?(:righter_right)
+      fail RighterError('cannot check rights for resource which does not respond to righter_right method')
+    end
+
+    right = resource.righter_right(opts[:right], opts)
+    fail RighterError.new("cannot find resource right #{opts[:right].inspect} for resource #{opts[:resource].inspect}") unless right
+
+    _righter_accessible_right?(right)
+  end
+
+  def righter_accessible_role?(role_name)
+    unless [String, Symbol].include?(role_name.class)
+      fail RighterError.new('User.righter_accessible? :role expects role_name as input')
+    end
+    all_user_role_names = righter_roles.collect { |r| r.name.to_sym }
+    all_user_role_names.include? role_name
+  end
+
+  def righter_accessible_right?(right_name)
+    unless [String, Symbol].include?(right_name.class)
+      fail RighterError.new('User.righter_accessible? :right expects right_name as input')
+    end
+
+    r = RighterRight.cached_find_by_name right_name
+    fail RighterError.new("cannot find righter_right with name #{right_name.inspect}") unless r
+
+    _righter_accessible_right?(r)
+  end
+
+  def _righter_accessible_right?(right)
+    fail RighterError.new('no right provided!') unless right
+
+    righter_role_ids = RighterRightsRighterRole.where(righter_right_id: right.id).collect &:righter_role_id
+    user_role_ids = righter_roles.collect &:id
+
+    righter_role_ids.each do |righter_role_id|
+      return true if user_role_ids.include?(righter_role_id)
+    end
+
+    false
+  end
+
+  def righter_accessible_ca?(controller, action)
+    all_user_rights = righter_rights.where(controller: controller.to_s)
+    all_user_rights.each do |user_right|
+      if user_right.controller && user_right.actions
+        if user_right.controller.to_sym == controller
+          right_actions = user_right.actions.collect(&:to_sym)
+          return true if right_actions.include?(action)
+
+          right_actions.each do |right_action| # wildcards
+            return true if right_action.to_s == '*'
+            if right_action.to_s.include?('*')
+              regex = right_action.to_s.gsub('*', '(.*)').gsub('/', '\/')
+              regex_match_result = (action.match /#{regex}/)
+              return true unless regex_match_result.nil?
+            end
+          end
+        end
+      end
+    end
+
+    false
+  end
+end

data/lib/righter.rb

@@ -0,0 +1,9 @@
+require "#{File.dirname(__FILE__)}/righter_error.rb"
+require "#{File.dirname(__FILE__)}/injections/righter_for_application_controller.rb"
+require "#{File.dirname(__FILE__)}/injections/righter_for_user.rb"
+require "#{File.dirname(__FILE__)}/injections/righter_for_resource.rb"
+
+module Righter
+  class Engine < Rails::Engine
+  end
+end

data/lib/righter/version.rb

@@ -0,0 +1,3 @@
+module Righter
+  VERSION = '0.0.1'
+end

data/lib/righter_error.rb

@@ -0,0 +1,8 @@
+class RighterError < StandardError
+end
+
+class RighterArgumentError < StandardError
+end
+
+class RighterNoUserError < RighterError
+end

data/lib/tasks/righter_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :righter do
+#   # Task goes here
+# end

data/test/dummy/README.rdoc

@@ -0,0 +1,28 @@
+== README
+
+This README would normally document whatever steps are necessary to get the
+application up and running.
+
+Things you may want to cover:
+
+* Ruby version
+
+* System dependencies
+
+* Configuration
+
+* Database creation
+
+* Database initialization
+
+* How to run the test suite
+
+* Services (job queues, cache servers, search engines, etc.)
+
+* Deployment instructions
+
+* ...
+
+
+Please feel free to use a different markup language if you do not plan to run
+<tt>rake doc:app</tt>.

data/test/dummy/Rakefile

@@ -0,0 +1,11 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Rails.application.load_tasks
+
+Rake::Task['db:migrate'].enhance do
+  ActiveRecord::Migrator.migrate File.expand_path('../../../db/migrate/', __FILE__)
+  Rake::Task['db:schema:dump'].invoke
+end

data/test/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require_tree .

data/test/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,6 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+  include RighterForApplicationController
+end

data/test/dummy/app/controllers/doors_controller.rb

@@ -0,0 +1,23 @@
+class DoorsController < ApplicationController
+  def show
+    @door = Door.find(params[:id])
+  end
+
+  def paint
+    @door = Door.find(params[:id])
+    enforce_resource_security(:paint, @door)
+    render :show
+  end
+
+  def change
+    @door = Door.find(params[:id])
+    enforce_resource_security(:change, @door)
+    render :show
+  end
+
+  def open
+    @door = Door.find(params[:id])
+    enforce_resource_security(:open, @door)
+    render :show
+  end
+end

data/test/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/test/dummy/app/models/door.rb

@@ -0,0 +1,10 @@
+class Door < ActiveRecord::Base
+  include RighterForResource
+
+  auto_manage_righter_right :paint
+  auto_manage_righter_right :change, auto_associate_roles: [:admin]
+  auto_manage_righter_right :open,   auto_associate_roles: [:admin, :user]
+  auto_manage_righter_right :close, parent_right: ->(door) { door.house.righter_right(:build).name }
+
+  belongs_to :house
+end

data/test/dummy/app/models/house.rb

@@ -0,0 +1,7 @@
+class House < ActiveRecord::Base
+  include RighterForResource
+
+  auto_manage_righter_right :build
+
+  has_many :doors
+end

data/test/dummy/app/models/player.rb

@@ -0,0 +1,7 @@
+class Player < ActiveRecord::Base
+  include RighterForResource
+
+  def side
+    'evil'
+  end
+end

data/test/dummy/app/models/righter_roles_player.rb

@@ -0,0 +1,2 @@
+class RighterRolesPlayer < ActiveRecord::Base
+end

data/test/dummy/app/models/user.rb

@@ -0,0 +1,4 @@
+class User < ActiveRecord::Base
+  include RighterForUser
+  cattr_accessor :current_user
+end

data/test/dummy/app/views/doors/show.html.erb

@@ -0,0 +1 @@
+<h1><%= @door.name %></h1>

data/test/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/test/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/test/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application', __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/test/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/test/dummy/bin/setup

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+require 'pathname'
+
+# path to your application root.
+APP_ROOT = Pathname.new File.expand_path('../../', __FILE__)
+
+Dir.chdir APP_ROOT do
+  # This script is a starting point to setup your application.
+  # Add necessary setup steps to this file:
+
+  puts '== Installing dependencies =='
+  system 'gem install bundler --conservative'
+  system 'bundle check || bundle install'
+
+  # puts "\n== Copying sample files =="
+  # unless File.exist?("config/database.yml")
+  #   system "cp config/database.yml.sample config/database.yml"
+  # end
+
+  puts "\n== Preparing database =="
+  system 'bin/rake db:setup'
+
+  puts "\n== Removing old logs and tempfiles =="
+  system 'rm -f log/*'
+  system 'rm -rf tmp/cache'
+
+  puts "\n== Restarting application server =="
+  system 'touch tmp/restart.txt'
+end

data/test/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment', __FILE__)
+run Rails.application

data/test/dummy/config/application.rb

@@ -0,0 +1,25 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+Bundler.require(*Rails.groups)
+require 'righter'
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Do not swallow errors in after_commit/after_rollback callbacks.
+    config.active_record.raise_in_transactional_callbacks = true
+  end
+end