scrivito_sdk 0.17.0 → 0.18.0

data/lib/scrivito/user_definition.rb

@@ -1,63 +1,67 @@
 module Scrivito
-  # @api beta
-  class UserDefinition < Struct.new(:user_id)
-    # Allows user to publish a workspace.
-    # @api beta
-    PUBLISH_WORKSPACE_ABILITY = 'publish_workspace'
-
-    # Allows user to do everything.
-    # @api beta
-    ADMINISTRATE_CMS_ABILITY = 'administrate_cms'
-
-    # @api beta
-    ABILITY_NAMES = [
-      ADMINISTRATE_CMS_ABILITY,
-      PUBLISH_WORKSPACE_ABILITY,
-    ]
+  # @api public
+  class UserDefinition
+    def initialize(user_id)
+      @user_id = user_id
+      @explicit_rules = {}
+    end
 
-    # Defines a user ability.
-    # @api beta
-    # @param [String, Symbol] ability_name name of the ability
-    # @param [Proc] ability_proc proc to check if the ability can be granted
-    # @raise [Scrivito::ScrivitoError] if the given ability name is unknown
-    # @raise [Scrivito::ScrivitoError] if no ability proc is given
-    # @yieldreturn If the block returns a "truthy" value, then the ability will be granted
-    # @yieldreturn If the block returns a "falsy" value, then the ability will be prohibited
-    # @see ABILITY_NAMES
-    # @see Scrivito::User.define
-    # @example
-    #   allowed_user = nil
-    #
-    #   alice = Scrivito::User.define('alice') do |user|
-    #     user.can(:publish_workspace) { allowed_user == 'alice' }
+    # Adds an explicit rule, that allows the user to _always_ execute an action.
+    # A rule consists of a verb of the action, the subject of the action and an optional message.
+    # @api public
+    # @param [Symbol] verb the verb of the action (see {Scrivito::User::VERBS}).
+    # @param [Symbol] subject the subject of the action. At the moment only +:workspace+ is supported.
+    # @param [String] message optional message to be displayed in the UI.
+    # @raise [Scrivito::ScrivitoError] if the given verb is invalid
+    # @raise [Scrivito::ScrivitoError] if the specified rule conflicts with a rule specified with
+    #   {Scrivito::UserDefinition#can_never}.
+    # @note Normally the memberships of a workspace decide whether a user is allowed or not to
+    #   execute a specific action. This method allows to add an exception to this logic and thus
+    #   should be used carefully.
+    # @see Scrivito::User::VERBS
+    # @see Scrivito::UserDefinition#can_never
+    # @example User can _always_ read, write and publish a workspace, ignoring the memberships.
+    #   Scrivito::User.define('alice') do |user|
+    #     user.can_always(:read, :workspace)
+    #     user.can_always(:write, :workspace)
+    #     user.can_always(:publish, :workspace, 'You can always publish a workspace.)
     #   end
-    #
-    #   bob = Scrivito::User.define('bob') do |user|
-    #     user.can(:publish_workspace) { allowed_user == 'bob' }
+    def can_always(verb, subject, message = nil)
+      assert_no_conflict(:can_never, verb, subject)
+      @explicit_rules[[:can_always, verb, subject]] = message
+    end
+
+    # Adds an explicit rule, that forbids the user to execute an action.
+    # A rule consists of a verb of the action, the subject of the action and an optional message.
+    # @api public
+    # @param [Symbol] verb the verb of the action (see {Scrivito::User::VERBS}).
+    # @param [Symbol] subject the subject of the action. At the moment only +:workspace+ is supported.
+    # @param [String] message optional message to be displayed in the UI.
+    # @raise [Scrivito::ScrivitoError] if the given verb is invalid
+    # @raise [Scrivito::ScrivitoError] if the specified rule conflicts with a rule specified with
+    #   {Scrivito::UserDefinition#can_always}.
+    # @note Normally the memberships of a workspace decide whether a user is allowed or not to
+    #   execute a specific action. This method allows to add an exception to this logic and thus
+    #   should be used carefully.
+    # @see Scrivito::User::VERBS
+    # @see Scrivito::UserDefinition#can_always
+    # @example User can _never_ publish a workspace, even if she's a workspace owner.
+    #   Scrivito::User.define('alice') do |user|
+    #     user.can_never(:publish, :workspace, 'You can not publish workspaces.')
     #   end
-    #
-    #   # The users `alice` and `bob` will both be not allowed to publish workspace.
-    #
-    #   allowed_user = 'alice'
-    #   # The user `alice` will now be allowed to publish workspace,
-    #   # but the user `bob` will still be not allowed.
-    #
-    #   allowed_user = 'bob'
-    #   # The user `bob` will now be allowed to publish workspace,
-    #   # but the user `alice` will be not allowed again.
-    def can(ability_name, &ability_proc)
-      assert_valid_ability(ability_name, ability_proc)
-      abilities[ability_name] = ability_proc
+    def can_never(verb, subject, message = nil)
+      assert_no_conflict(:can_always, verb, subject)
+      @explicit_rules[[:can_never, verb, subject]] = message
     end
 
     # Defines the user description to be displayed, when the user is shown in the in-place GUI.
-    # @api beta
+    # @api public
     # @param [Proc] description_proc proc to calculate the description. Defaults to the the user id.
     # @note The description is calculated "lazy".
     # @note The calculated description will be cached.
     # @see Scrivito::User.define
     # @example
-    #   alice = Scrivito::User.define('alice') {}
+    #   alice = Scrivito::User.define('alice')
     #   # User `alice` will be displayed as "alice" in the in-place GUI.
     #
     #   bob = Scrivito::User.define('bob') do |user|
@@ -70,7 +74,9 @@ module Scrivito
 
     # Defines the proc for fetching users for the user autocompletion of the in-place GUI.
     # The user autocompletion is for example used in the details dialog of a workspace.
-    # @api beta
+    # If the proc is not set, then {Scrivito::User.find} will be used to fetch the suggested users with input
+    # as the user id.
+    # @api public
     # @param [Proc] suggest_users_proc proc for fetching users to be suggested in the in-place GUI
     # @yieldparam [String] input an arbitrary string from the input field of a user autocompletion,
     #   e.g. the first letters of a user name
@@ -91,25 +97,25 @@ module Scrivito
       @suggest_users_proc = suggest_users_proc
     end
 
-    # Lets you restrict the ability of a user to publish a certain object. Each
+    # Lets you restrict the rule of a user to publish a certain object. Each
     # registered callback can access a certain attribute of an object. Multiple
     # callbacks are possible
     #
-    # @api beta
+    # @api public
     # @param [Hash] options
-    # @option options [Symbol] :uses the attribute you need in the callback
+    # @option options [Symbol] :using the attribute you need in the callback
     # @yield [attribute] the value of the specified attribute
     # @yieldreturn [String, false] either return a message for the user or false if
     #   no restriction is needed
     #
     # @note the callback is only called with {BasicObj Objs} that have the attribute
-    #   specified by the :uses option and if it is not a {BasicWidget Widget}-attribute
+    #   specified by the :using option and if it is not a {BasicWidget Widget}-attribute
     #
     # @example
     #   class MyUserModel
     #     def to_scrivito_user
     #       Scrivito::User.define(id) do |user|
-    #         user.restrict_obj_publish(uses: :_path) do |path|
+    #         user.restrict_obj_publish(using: :_path) do |path|
     #           if path.start_with?("/en")
     #             false
     #           else
@@ -117,11 +123,11 @@ module Scrivito
     #           end
     #         end
     #
-    #         user.restrict_obj_publish(uses: :_obj_class) do |obj_class|
-    #           if obj_class == "BlogPost"
+    #         user.restrict_obj_publish(using: :_obj_class) do |obj_class|
+    #           if obj_class.name == 'BlogPost'
     #             false
     #           else
-    #             "You are only allowed to edit Blog Posts"
+    #             'You are only allowed to edit Blog Posts'
     #           end
     #         end
     #       end
@@ -132,8 +138,13 @@ module Scrivito
     end
 
     def user
-      User.new(id: user_id, abilities: abilities, description_proc: @description_proc,
-        suggest_users_proc: @suggest_users_proc, restriction_set: restriction_set)
+      User.new(
+        id: @user_id,
+        explicit_rules: @explicit_rules,
+        description_proc: @description_proc,
+        suggest_users_proc: @suggest_users_proc,
+        restriction_set: restriction_set
+      )
     end
 
     private
@@ -142,17 +153,9 @@ module Scrivito
       @restriction_set ||= RestrictionSet.new
     end
 
-    def abilities
-      @abilities ||= Hash.new(-> { false }).with_indifferent_access
-    end
-
-    def assert_valid_ability(ability_name, ability_proc)
-      unless ABILITY_NAMES.include?(ability_name.to_s)
-        raise ScrivitoError.new("'#{ability_name}' is not a valid ability name")
-      end
-
-      unless ability_proc
-        raise ScrivitoError.new("No proc given for ability '#{ability_name}'")
+    def assert_no_conflict(type, verb, subject)
+      if @explicit_rules.has_key?([type, verb, subject])
+        raise ScrivitoError.new("Conflicting rules for verb '#{verb}' and subject '#{subject}'")
       end
     end
   end

data/lib/scrivito/workspace.rb

@@ -9,6 +9,8 @@ class Workspace
 
   include ModelIdentity
 
+  PublishPreventedDueToContentChange = Class.new(ScrivitoError)
+
   # Set the currently used workspace
   # @api public
   # @param [Scrivito::Workspace] workspace
@@ -108,7 +110,17 @@ class Workspace
   # @api public
   def reload
     @workspace_data = CmsBackend.instance.find_workspace_data_by_id(self.id)
-    @revision = @base_revision = @memberships = nil
+
+    # Clear all cached instance variables.
+    @base_revision = nil
+    @memberships   = nil
+    @revision      = nil
+  end
+
+  def api_request(verb, path, payload = nil)
+    response = CmsRestApi.public_send(verb, "#{backend_url}#{path}", payload)
+    reload if [:post, :put, :delete].include?(verb)
+    response
   end
 
   # Updates this workspace's attributes
@@ -117,8 +129,7 @@ class Workspace
   # @return [Scrivito::Workspace]
   def update(attributes)
     CmsRestApi.put(backend_url, workspace: attributes)
-
-    self.reload
+    reload
   end
 
   # Destroy this workspace
@@ -131,17 +142,24 @@ class Workspace
   # Publish the changes of this workspace
   # @api public
   def publish
-    CmsRestApi.put("#{backend_url}/publish", {})
+    internal_publish
+  end
 
-    reset_workspace_if_current
+  def conditional_publish
+    internal_publish(if_content_state_id_equals: content_state.content_state_id)
+  rescue Scrivito::ClientError => e
+    if e.message.starts_with?('The specified condition for content_state_id')
+      raise PublishPreventedDueToContentChange.new(e.message)
+    else
+      raise e
+    end
   end
 
   # Rebases the current workspace on the published content
   # @api public
   def rebase
     CmsRestApi.put("#{backend_url}/rebase", {})
-
-    self.reload
+    reload
   end
 
   # Returns the id of the workspace
@@ -162,7 +180,7 @@ class Workspace
     @workspace_data.title
   end
 
-  # @api beta
+  # @api public
   # Returns the members of this workspace and their roles
   #
   # @return [MembershipsCollection]
@@ -216,12 +234,38 @@ class Workspace
     @objs ||= ObjsCollection.new(self)
   end
 
+  # Returns all obj classes of this working copy.
+  #
+  # @api public
+  #
+  # @example Find the obj class named "Homepage" in the "rtc" {Workspace}.
+  #   Workspace.find('rtc').obj_classes['Homepage']
+  #
+  # @return {ObjClassCollection}
+  def obj_classes
+    @obj_classes ||= ObjClassCollection.new(self)
+  end
+
   def inspect
     "<#{self.class} id=\"#{id}\" title=\"#{title}\">"
   end
 
+  def as_json(options = {})
+    {
+      id: id,
+      title: title,
+      memberships: memberships,
+    }
+  end
+
   private
 
+  def internal_publish(data={})
+    CmsRestApi.put("#{backend_url}/publish", data)
+
+    reset_workspace_if_current
+  end
+
   def backend_url
     "/workspaces/#{id}"
   end

data/lib/scrivito/workspace/publish_checker.rb

@@ -0,0 +1,126 @@
+module Scrivito
+  class Workspace
+    class PublishChecker < Struct.new(:workspace, :user)
+      MAX_EXECUTION_TIME = (0.5).second
+
+      def passing_certificates?(certificates)
+        begin
+          responses = decrypt_responses(certificates).map do |response|
+            response.with_indifferent_access
+          end
+
+          return false unless responses.all? do |response|
+            raise_invalid_certificates_error if response[:content_state_id].nil?
+
+            response[:content_state_id] == workspace.content_state.content_state_id
+          end
+
+          assert_passing_result(responses)
+          true
+        rescue ActiveSupport::MessageVerifier::InvalidSignature
+          raise_invalid_certificates_error
+        end
+      end
+
+      def call(offset)
+        batch_size = Configuration.check_batch_size
+        objs, changed_obj_count = fetch_objs_and_count(offset, batch_size)
+        passed, objs = compute_publishable(objs)
+
+        if passed
+          passing_result(objs, changed_obj_count, offset)
+        else
+          failing_result
+        end
+      end
+
+      private
+
+      def decrypt_responses(certificates)
+        certificates.map(&message_verifier.method(:verify))
+      end
+
+      def fetch_objs_and_count(offset, batch_size)
+        enumerator = workspace.objs.changes(offset, batch_size)
+        [enumerator.take(batch_size), enumerator.size]
+      end
+
+      def passing_result(objs, changed_obj_count, offset)
+        until_element = offset + objs.size - 1
+        until_element = 'END' if until_element >= (changed_obj_count - 1)
+
+        pass_sub_hash = {
+          workspace_id: workspace.id,
+          content_state_id: workspace.content_state.content_state_id,
+          from: offset,
+          until: until_element,
+        }
+
+        { result: 'pass', pass: pass_sub_hash, certificate: sign(pass_sub_hash) }
+      end
+
+      def compute_publishable(objs)
+        start_time = Time.now
+        result = []
+
+        objs.each do |obj|
+          if publishable?(obj)
+            result << obj
+          else
+            return false, []
+          end
+
+          break if (Time.now - start_time) > MAX_EXECUTION_TIME
+        end
+
+        return true, result
+      end
+
+      def failing_result
+        {result: 'fail' }
+      end
+
+      def publishable?(obj)
+        obj.publishable? && user.can_publish?(obj)
+      end
+
+      def sign(object)
+        message_verifier.generate(object)
+      end
+
+      def message_verifier
+        @message_verifier ||= ActiveSupport::MessageVerifier.new(
+          Rails.application.secrets.secret_key_base, serializer: JSON
+        )
+      end
+
+      def assert_passing_result(responses)
+        sorted_responses = responses.sort_by do |response|
+          response[:from].to_i
+        end
+
+        last_until = sorted_responses.inject(-1) do |last_until, response|
+          if last_until == 'END'
+            raise_invalid_certificates_error
+          elsif (last_until + 1) == response[:from].to_i
+            if response[:until] == 'END'
+              'END'
+            else
+              response[:until].to_i
+            end
+          else
+            raise_invalid_certificates_error
+          end
+        end
+
+        if last_until != 'END'
+          raise_invalid_certificates_error
+        end
+      end
+
+      def raise_invalid_certificates_error
+        raise ScrivitoError, 'Invalid certificates'
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: scrivito_sdk
 version: !ruby/object:Gem::Version
-  version: 0.17.0
+  version: 0.18.0
 platform: ruby
 authors:
 - Infopark AG
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-22 00:00:00.000000000 Z
+date: 2014-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -149,6 +149,7 @@ files:
 - app/controllers/scrivito/default_cms_controller.rb
 - app/controllers/scrivito/objs_controller.rb
 - app/controllers/scrivito/tasks_controller.rb
+- app/controllers/scrivito/users_controller.rb
 - app/controllers/scrivito/webservice_controller.rb
 - app/controllers/scrivito/workspaces_controller.rb
 - app/helpers/cms_helper.rb
@@ -254,6 +255,8 @@ files:
 - lib/scrivito/named_link.rb
 - lib/scrivito/network_error.rb
 - lib/scrivito/obj_class.rb
+- lib/scrivito/obj_class_collection.rb
+- lib/scrivito/obj_class_data.rb
 - lib/scrivito/obj_data.rb
 - lib/scrivito/obj_data_from_hash.rb
 - lib/scrivito/obj_data_from_service.rb
@@ -273,6 +276,7 @@ files:
 - lib/scrivito/widget_field_params.rb
 - lib/scrivito/widget_garbage_collection.rb
 - lib/scrivito/workspace.rb
+- lib/scrivito/workspace/publish_checker.rb
 - lib/scrivito/workspace_data_from_service.rb
 - lib/scrivito/workspace_selection_middleware.rb
 - lib/scrivito_sdk.rb