shark-permissions-core 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: c8fe97d4806a76b363e8b8654cda1df78b26c2a81272d8592f2e457e203a2b34
+  data.tar.gz: 7e50f496ab65ca30fabbea8f2bf69b3a98ca65f0ec2a159ae353075a5cddd36e
+SHA512:
+  metadata.gz: 24a28fc4b1420a52f9b0083b92b704c28cb957f23248014d1f989385e5c97569373d902477f80924e819439e388bfa2cbeff238feb3de40f3ca391493a222de2
+  data.tar.gz: 9ae791ae0f3766df9a0d0e96839104ce10097b70f002fe8e5ad6d5f53d8fa56483b6a1cfcb0c649f68634317cf5f00c1ecd364815368a33c1c1060fd9a9850ae

data/.gitignore

@@ -0,0 +1,10 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+gems.locked

data/.rspec

@@ -0,0 +1,4 @@
+--color
+--require spec_helper
+--format progress
+--profile

data/.rubocop.yml

@@ -0,0 +1,37 @@
+# RuboCop will start looking for the configuration file in the directory
+# where the inspected file is and continue its way up to the root directory.
+#
+# See https://docs.rubocop.org/rubocop/configuration
+
+AllCops:
+  TargetRubyVersion: 2.3
+  Exclude:
+    - 'bin/*'
+    - 'spec/**/*'
+
+Layout/LineLength:
+  Max: 100
+
+Lint/RaiseException:
+  Enabled: true
+Lint/StructNewOverride:
+  Enabled: true
+
+Metrics/AbcSize:
+  Enabled: true
+  Max: 20
+Metrics/ClassLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/ModuleLength:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+Style/HashEachMethods:
+  Enabled: true
+Style/HashTransformKeys:
+  Enabled: true
+Style/HashTransformValues:
+  Enabled: true

data/CHANGELOG.md

@@ -0,0 +1,4 @@
+## Changelog
+
+#### 0.1.0
+- initial

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 Jörgen Dahlke
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1 @@
+# shark-permissions-core

data/Rakefile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)

data/gems.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in shark-permissions-core.gemspec
+gemspec

data/lib/shark/permissions/changes.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Shark
+  module Permissions
+    class Changes
+      attr_reader :effect
+      attr_reader :privileges
+
+      def initialize
+        @privileges = {}
+        @effect = {}
+      end
+
+      def add(field, old_value, new_value)
+        return if old_value == new_value
+
+        instance_variable_set("@#{field}", { old: old_value, new: old_value })
+      end
+
+      def add_privilege(key, old_value, new_value)
+        @privileges[:old] ||= {}
+        @privileges[:new] ||= {}
+        @privileges[:old][key] = old_value
+        @privileges[:new][key] = new_value
+      end
+
+      def present?
+        @effect.present? || privileges.present?
+      end
+    end
+  end
+end

data/lib/shark/permissions/list.rb

@@ -0,0 +1,266 @@
+# frozen_string_literal: true
+
+module Shark
+  module Permissions
+    class List
+      delegate :[], :[]=, :empty?, :size, to: :rules
+      delegate :key?, :keys, :values, :each, :each_with_object, to: :rules
+
+      attr_reader :rules
+
+      def initialize(rules = {})
+        case rules
+        when Shark::Permissions::List
+          @rules = to_permission_rules(rules.as_json)
+        when Hash
+          @rules = to_permission_rules(rules)
+        else
+          raise ArgumentError, 'Rules must be a subtype of Hash'
+        end
+      end
+
+      # @return [Boolean]
+      # @api public
+      def ==(other)
+        rules == other.rules
+      end
+
+      # @api public
+      def <<(rule)
+        @rules[rule.resource] = rule
+      end
+
+      # @return [Array]
+      # @api public
+      def map(&block)
+        rules.values.map(&block)
+      end
+
+      def changes
+        changed_rules = rules.select { |_key, rule| rule.changed? }.to_h
+        self.class.new(changed_rules)
+      end
+
+      # Returns a new Permissions::List with same rules.
+      #
+      # @return [Permissions::List]
+      # @api public
+      def clone
+        cloned_rules = {}
+        rules.each { |k, rule| cloned_rules[k] = rule.clone }
+
+        self.class.new(cloned_rules)
+      end
+
+      # Returns a new Permissions::List without any rules that have no privileges.
+      #
+      # @return [Permissions::List]
+      # @api public
+      def compact
+        new_rules = {}
+
+        rules.keys.sort.each do |k|
+          rule = rules[k].clone
+          new_rules[k] = rule unless rule.empty?
+        end
+
+        self.class.new(new_rules)
+      end
+
+      def delete(key)
+        case key
+        when String
+          rules.delete(key)
+        when Permissions::Rule
+          rules.delete(key.resource)
+        else
+          raise ArgumentError, 'Argument must be a String or Permissions::Rule'
+        end
+      end
+
+      def select(names)
+        filtered_rules = {}
+
+        Array(names).each do |filter_name|
+          filter_resource = Permissions::Resource.new(filter_name)
+          rules.each do |name, rule|
+            next unless filter_resource.super_resource_of?(name)
+
+            filtered_rules[rule.resource] = rule.clone
+          end
+        end
+
+        self.class.new(filtered_rules)
+      end
+      alias filter select
+
+      def reject(names)
+        filtered_rules = {}
+
+        rejected_keys = select(names).keys
+        rules.each do |name, rule|
+          next if rejected_keys.include?(name)
+
+          filtered_rules[rule.resource] = rule.clone
+        end
+
+        self.class.new(filtered_rules)
+      end
+
+      def merge(other_list)
+        clone.merge!(other_list)
+      end
+
+      def merge!(other_list)
+        other_list.each do |key, other_rule|
+          rules[key] = Permissions::Rule.new(resource: key) unless rules.key?(key)
+          rules[key].update(other_rule)
+        end
+
+        self
+      end
+
+      # @example:
+      #   list.privileges(:paragraph, :contracts)
+      #   # => { 'admin' => true, 'edit' => true }
+      #
+      # @return [Hash]
+      # @api public
+      def privileges(*resources)
+        matching_resources = matching_resources(*resources)
+        privileges_set = Set.new
+
+        matching_resources.each do |name|
+          rule = rules[name]
+
+          next unless rule
+
+          case rule.effect
+          when 'ALLOW'
+            privileges_set.merge(rule.privileges_as_array)
+          when 'DENY'
+            privileges.subtract(rule.privileges_as_array)
+          end
+        end
+
+        privileges_set.map { |k| [k, true] }.to_h
+      end
+
+      # @example:
+      #   list.authorized?(:admin, :paragraph, :contracts)
+      #   # => true
+      #   list.authorized?([:read, :write], :datenraum, :berlin)
+      #   # => false
+      #
+      # @return [Boolean]
+      # @api public
+      def authorized?(privilege, *resources)
+        if privilege == Shark::Permissions.any_matcher
+          privileges(*resources).present?
+        else
+          privilege_array = Array(privilege).map(&:to_s)
+          privileges_for_resource = privileges(*resources)
+          privilege_array.any? { |p| privileges_for_resource.fetch(p, false) }
+        end
+      end
+
+      # @example:
+      #   list.subresource_authorized?(:admin, :paragraph, :contracts)
+      #   # => true
+      #
+      # @return [Boolean]
+      # @api public
+      def subresource_authorized?(privilege, *resources)
+        authorized?(privilege, *resources, Shark::Permissions.any_matcher)
+      end
+
+      # Correctly set privileges for subresources.
+      #
+      # @return [Permissions::List]
+      # @api public
+      def set_inherited_privileges!
+        rules.each do |resource, rule|
+          privileges = privileges(resource)
+          privileges.each { |k, v| rule.privileges[k] = v if rule.privileges.key?(k) }
+        end
+
+        self
+      end
+
+      # Returns new list without inherited privileges and empty rules.
+      #
+      # @return [Permissions::List]
+      # @api public
+      def remove_inherited_rules
+        new_list = self.class.new({})
+
+        rules.keys.sort.each do |name|
+          new_rule = Permissions::Rule.new(resource: name)
+          parent = new_rule.parent
+
+          rules[name].privileges.each do |k, v|
+            new_rule.privileges[k] = v if v && !new_list.authorized?(k, parent)
+          end
+
+          new_list << new_rule unless new_rule.empty?
+        end
+
+        new_list
+      end
+
+      # @return [Hash]
+      # @api public
+      def as_json(*args)
+        rules.as_json(*args)
+      end
+
+      # For Deserializaton
+      #
+      # @return [Shark::Permissions::List]
+      # @api public
+      def self.load(json)
+        if json.nil?
+          new
+        else
+          new(JSON.parse(json))
+        end
+      end
+
+      # For Serializaton
+      #
+      # @return [String]
+      # @api public
+      def self.dump(list)
+        list&.to_json
+      end
+
+      private
+
+      def to_permission_rules(rules)
+        return {} if rules.blank?
+
+        if rules.values.first.is_a?(Permissions::Rule)
+          # do nothing
+        else
+          rules = rules.map { |k, v| [k.to_s, Permissions::Rule.new(v)] }
+          rules = Hash[rules]
+        end
+
+        rules
+      end
+
+      def matching_resources(*resources)
+        resource = Resource.new(resources)
+        result = resource.ancestors_and_self
+
+        if resource.wildcard?
+          result = resource.ancestors
+          subresources = rules.keys.select { |name| resource.super_resource_of?(name) }
+          result.concat(subresources)
+        end
+
+        result
+      end
+    end
+  end
+end

data/lib/shark/permissions/resource.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Shark
+  module Permissions
+    class Resource
+      attr_reader :name, :parts
+
+      def initialize(value)
+        @name = case value
+                when String
+                  value
+                when Array
+                  value.map(&:to_s).join(Shark::Permissions.delimiter)
+                end
+        @parts = @name.split(Shark::Permissions.delimiter)
+      end
+
+      def ancestors_and_self
+        names = []
+        parts.each_with_index do |_, i|
+          names << parts[0..i].join(Shark::Permissions.delimiter)
+        end
+
+        names
+      end
+
+      def ancestors
+        ancestors_and_self[0..-2]
+      end
+
+      def parent
+        parent_name = parts[0..-2].join(Shark::Permissions.delimiter)
+        parent_name.presence
+      end
+
+      def subresource_of?(value)
+        return true if name == value
+
+        regexp = value.gsub('*', '[a-z\-_0-9]*')
+        "#{name}::".match(/\A#{regexp}::/).present?
+      end
+
+      def super_resource_of?(value)
+        return true if name == value
+
+        regexp = name.gsub('*', '[a-z\-_0-9]*')
+        "#{value}::".match(/\A#{regexp}::/).present?
+      end
+
+      def wildcard?
+        parts.last == Shark::Permissions.any_matcher
+      end
+
+      def to_s
+        name
+      end
+    end
+  end
+end

data/lib/shark/permissions/rule.rb

@@ -0,0 +1,102 @@
+# frozen_string_literal: true
+
+module Shark
+  module Permissions
+    class Rule
+      attr_accessor :resource, :effect, :privileges, :title
+      attr_reader :changes
+
+      delegate :parent, to: :resource_model
+
+      def initialize(args)
+        symbol_args = args.symbolize_keys
+
+        @resource = symbol_args.fetch(:resource)
+        @privileges = symbol_args[:privileges] || {}
+        normalize_privileges(@privileges)
+        @effect = symbol_args[:effect] || 'ALLOW'
+        @title = symbol_args[:title]
+        @changes = Changes.new
+      end
+
+      def update(other)
+        if resource != other.resource
+          raise ArgumentError, "Trying to update different resource: got #{other.resource}, " \
+            "but expected #{resource}"
+        end
+
+        other.privileges.each do |k, v|
+          next if privileges[k] == v
+
+          old = privileges[k]
+          privileges[k] = v
+
+          next if old == 'inherited'
+
+          changes.add_privilege(k, old || false, v)
+        end
+
+        self
+      end
+
+      def changed?
+        changes.present?
+      end
+
+      def clone
+        self.class.new(as_json)
+      end
+
+      def empty?
+        privileges.blank?
+      end
+
+      def resource_model
+        Resource.new(resource)
+      end
+
+      def privileges_as_array
+        privileges.select { |_, v| v == true }.keys
+      end
+
+      # @return Boolean
+      # @api public
+      def ==(other)
+        resource == other.resource &&
+          effect == other.effect &&
+          privileges == other.privileges
+      end
+
+      def as_json(*_args)
+        json = {
+          'resource' => resource,
+          'privileges' => privileges,
+          'effect' => effect,
+          'parent' => parent
+        }
+        json['title'] = title if title.present?
+
+        json
+      end
+
+      private
+
+      def normalize_privileges(privileges)
+        privileges.each do |k, v|
+          privileges[k] = case v
+                          when 'inherited'
+                            'inherited'
+                          when true, 'true', 1
+                            true
+                          when false, 'false', 0
+                            false
+                          else
+                            false
+                          end
+        end
+
+        @privileges = privileges.stringify_keys
+      end
+    end
+  end
+end

data/lib/shark/version.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Shark
+  module Permissions
+    module Core
+      VERSION = '0.1.0'
+    end
+  end
+end

data/lib/shark-permissions-core.rb

@@ -0,0 +1,6 @@
+# rubocop:disable Naming/FileName
+# frozen_string_literal: true
+
+# rubocop:enable Naming/FileName
+
+require 'shark_permissions_core'

data/lib/shark_permissions_core.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'active_support/all'
+
+require 'shark/permissions/changes'
+require 'shark/permissions/resource'
+require 'shark/permissions/rule'
+require 'shark/permissions/list'
+
+module Shark
+  module Permissions
+    mattr_accessor :any_matcher, :delimiter
+
+    def self.configure
+      yield self
+    end
+
+    configure do |config|
+      config.delimiter   = '::'
+      config.any_matcher = '*'
+    end
+  end
+end

data/shark-permissions-core.gemspec

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'shark/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'shark-permissions-core'
+  spec.version = Shark::Permissions::Core::VERSION
+  spec.authors = ['Joergen Dahlke']
+  spec.email = ['joergen.dahlke@gmail.com']
+
+  spec.summary = 'Core classes for Shark permissions'
+  spec.description = 'Basic functionality to work with shark permissions'
+  spec.homepage = 'https://github.com/jdahlke/shark-permissions-core'
+  spec.license = 'MIT'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/jdahlke/shark-permissions-core'
+  spec.metadata['changelog_uri'] = 'https://github.com/jdahlke/shark-permissions-core/blob/develop/CHANGELOG.md'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(.github|bin|spec)/}) }
+  end
+  spec.bindir = 'exe'
+  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+  spec.required_ruby_version = '>= 2.3'
+
+  spec.add_dependency 'activesupport'
+
+  spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec', '~> 3.9.0'
+  spec.add_development_dependency 'rubocop', '0.81.0'
+end

metadata

@@ -0,0 +1,132 @@
+--- !ruby/object:Gem::Specification
+name: shark-permissions-core
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Joergen Dahlke
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-09-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.81.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.81.0
+description: Basic functionality to work with shark permissions
+email:
+- joergen.dahlke@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- CHANGELOG.md
+- LICENSE
+- README.md
+- Rakefile
+- gems.rb
+- lib/shark-permissions-core.rb
+- lib/shark/permissions/changes.rb
+- lib/shark/permissions/list.rb
+- lib/shark/permissions/resource.rb
+- lib/shark/permissions/rule.rb
+- lib/shark/version.rb
+- lib/shark_permissions_core.rb
+- shark-permissions-core.gemspec
+homepage: https://github.com/jdahlke/shark-permissions-core
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/jdahlke/shark-permissions-core
+  source_code_uri: https://github.com/jdahlke/shark-permissions-core
+  changelog_uri: https://github.com/jdahlke/shark-permissions-core/blob/develop/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '2.3'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.6
+signing_key: 
+specification_version: 4
+summary: Core classes for Shark permissions
+test_files: []