skill_tree 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: d43026f65f8d1a50f6786da7a0dec94a57490768
+  data.tar.gz: 6bbca9232d594cac271824154e1785cb9d19c724
+SHA512:
+  metadata.gz: 34f067818105a52dc4bd6e8ecba08ec800d2e8f67361cecf6c45fa9ddc6e6af6e8e72ee27d8c5cf2505093d6268de65b18af3e7f568cab136474596b288903c1
+  data.tar.gz: 3d75bde0f7769690cfb213ce3f07e96b3355042d423ecb84575019982ead06482af86d519fadebe63e42697b120f6fadc85104c7f8e9ba81e1ef57b73a716493

data/lib/generators/skill_tree/install_generator.rb

@@ -0,0 +1,20 @@
+require 'rails/generators'
+require 'rails/generators/migration'
+
+module SkillTree
+  class InstallGenerator < Rails::Generators::Base
+    include Rails::Generators::Migration
+    source_root File.expand_path('../templates', __FILE__)
+
+    def self.next_migration_number(_path)
+      Time.now.utc.strftime('%Y%m%d%H%M%S')
+    end
+
+    def create_model_file
+      copy_file 'initializer.rb', 'config/initializers/skill_tree.rb'
+      copy_file 'acl.rb', 'config/acl.rb'
+      migration_template 'create_skill_tree_acl_system.rb',
+                         'db/migrate/create_skill_tree_acl_system.rb'
+    end
+  end
+end

data/lib/generators/skill_tree/orm_helpers.rb

@@ -0,0 +1,14 @@
+module SkillTree
+  module Generators
+    module OrmHelpers
+      def migration_exists?
+        Dir.glob("#{File.join(destination_root, migration_path)}/[0-9]*_*.rb")
+          .grep(/\d+_create_skill_tree_acl_system.rb$/).first
+      end
+
+      def migration_path
+        @migration_path ||= File.join('db', 'migrate')
+      end
+    end
+  end
+end

data/lib/generators/skill_tree/templates/acl.rb

@@ -0,0 +1,42 @@
+#
+# Example acl.rb file
+#
+
+# acl :posts_acl, default_for: :posts do |a|
+#   a.role :guest do |r|
+#     r.can :read
+#   end
+
+#   a.role :user do |r|
+#     r.can :create, :read
+#   end
+
+#   a.role :editor do |r|
+#     r.inherit :user
+#     r.can :write
+#   end
+
+#   a.role :admin do |r|
+#     r.inherit :editor
+#     r.can :update, :delete
+#   end
+# end
+
+# acl :private_post do |a|
+#   a.role :guest do |r|
+#   end
+
+#   a.role :user do |r|
+#     r.can :create, :read
+#   end
+
+#   a.role :editor do |r|
+#     r.inherit :user
+#     r.can :read, :write
+#   end
+
+#   a.role :admin do |r|
+#     r.inherit :editor
+#     r.can :update, :delete
+#   end
+# end

data/lib/generators/skill_tree/templates/create_skill_tree_acl_system.rb

@@ -0,0 +1,48 @@
+class CreateSkillTreeAclSystem < ActiveRecord::Migration
+  def change
+    create_table :acls do |t|
+      t.string :name, null: false
+      t.integer :version, null: false
+    end
+    add_index :acls, :name, unique: true
+
+    create_table :roles do |t|
+      t.string :name, null: false
+    end
+    add_index :roles, :name, unique: true
+
+    create_table :permissions do |t|
+      t.string :name, null: false
+    end
+    add_index :permissions, :name, unique: true
+
+    create_table :acl_mappings do |t|
+      t.references :acl, null: false
+      t.references :role, null: false
+      t.references :permission, null: true
+
+      t.timestamps null: false
+    end
+
+    add_index :acl_mappings, [:acl_id, :role_id, :permission_id], unique: true
+
+    create_table :user_roles do |t|
+      t.references :user
+      t.references :role, null: false
+      t.references :resource, polymorphic: true
+
+      t.timestamps null: false
+    end
+    add_index :user_roles, [:resource_type, :resource_id]
+    # Only can't be admin of a resource multiple times
+    add_index :user_roles, [:user_id, :role_id, :resource_type, :resource_id],
+              unique: true, name: :user_roles_avoid_duplicate_roles
+
+    create_table :acl_ownerships do |t|
+      t.references :acl, null: false
+      t.references :resource, polymorphic: true
+    end
+    # There can be only one-to-many relationship with a resource
+    add_index :acl_ownerships, [:resource_type, :resource_id], unique: true
+  end
+end

data/lib/generators/skill_tree/templates/initializer.rb

@@ -0,0 +1 @@
+SkillTree.init!

data/lib/skill_tree.rb

@@ -0,0 +1,15 @@
+require 'skill_tree/controller.rb'
+require 'skill_tree/errors.rb'
+require 'skill_tree/models.rb'
+require 'skill_tree/parser.rb'
+require 'skill_tree/resource.rb'
+require 'skill_tree/subject.rb'
+require 'skill_tree/version.rb'
+
+module SkillTree
+  class <<self
+    def init!
+      SkillTree::Parser::Initializer.parse!
+    end
+  end
+end

data/lib/skill_tree/controller.rb

@@ -0,0 +1,57 @@
+module SkillTree
+  module Controller
+    def self.included(base)
+      base.send :extend, ClassMethods
+      base.send :include, InstanceMethods
+    end
+
+    module InstanceMethods
+      def self.included(base)
+        base.send :before_filter, :check_allow_filter!
+      end
+
+      def can?(action, resource)
+        if current_user
+          current_user.can?(action, resource)
+        else
+          resource.default_permission?(action, :guest)
+        end
+      end
+
+      private
+
+      def check_allow_filter!
+        fail SkillTree::NotAuthorizedError unless can_access?
+      end
+
+      def can_access?
+        acl = current_acl[action_name.to_sym]
+        if acl.respond_to? :call
+          instance_eval(&acl)
+        elsif default_acl.respond_to? :call
+          instance_eval(&default_acl)
+        end
+      end
+
+      private
+
+      def default_acl
+        current_acl[:all]
+      end
+
+      def current_acl
+        self.class.current_acl
+      end
+    end
+
+    module ClassMethods
+      def current_acl
+        @current_acl ||= {}
+      end
+
+      def allow(*args, &block)
+        args.each { |key| current_acl[key] = block }
+      end
+    end
+  end
+end

data/lib/skill_tree/errors.rb

@@ -0,0 +1,5 @@
+module SkillTree
+  class Error < ::StandardError; end
+  class AclAlreadySet < Error; end
+  class NotAuthorizedError < Error; end
+end

data/lib/skill_tree/models.rb

@@ -0,0 +1,10 @@
+module SkillTree
+  module Model
+  end
+end
+require 'skill_tree/models/acl.rb'
+require 'skill_tree/models/acl_mapping.rb'
+require 'skill_tree/models/acl_ownership.rb'
+require 'skill_tree/models/permission.rb'
+require 'skill_tree/models/role.rb'
+require 'skill_tree/models/user_role.rb'

data/lib/skill_tree/models/acl.rb

@@ -0,0 +1,13 @@
+module SkillTree
+  module Models
+    class Acl < ActiveRecord::Base
+      has_many :acl_ownerships
+      has_many :acl_mappings
+
+      has_many :roles, -> { uniq }, through: :acl_mappings
+
+      validates :name, presence: true, uniqueness: true
+      validates :version, presence: true
+    end
+  end
+end

data/lib/skill_tree/models/acl_mapping.rb

@@ -0,0 +1,16 @@
+module SkillTree
+  module Models
+    class AclMapping < ActiveRecord::Base
+      belongs_to :acl
+      belongs_to :role
+      belongs_to :permission
+
+      validates :acl, presence: true
+      validates :role, presence: true
+      validates :permission, presence: true
+      validates :acl_id, uniqueness: {
+        scope: [:permission_id, :role_id]
+      }
+    end
+  end
+end

data/lib/skill_tree/models/acl_ownership.rb

@@ -0,0 +1,11 @@
+module SkillTree
+  module Models
+    class AclOwnership < ActiveRecord::Base
+      belongs_to :acl
+      belongs_to :resource, polymorphic: true
+
+      validates :acl, presence: true
+      validates :resource_id, uniqueness: { scope: [:resource_type] }
+    end
+  end
+end

data/lib/skill_tree/models/permission.rb

@@ -0,0 +1,10 @@
+module SkillTree
+  module Models
+    class Permission < ActiveRecord::Base
+      has_many :acl_mappings
+      validates :name, presence: true, uniqueness: true
+
+      scope :names, -> { pluck(:name).map(&:to_sym) }
+    end
+  end
+end

data/lib/skill_tree/models/role.rb

@@ -0,0 +1,22 @@
+module SkillTree
+  module Models
+    class Role < ActiveRecord::Base
+      has_many :user_roles
+      has_many :acl_mappings
+      validates :name, presence: true, uniqueness: true
+
+      def self.find_for(user, resource)
+        if user
+          user_role = user.user_roles.where(resource: resource).first
+          if user_role
+            user_role.role
+          else
+            find_by_name!('user')
+          end
+        else
+          find_by_name!('guest')
+        end
+      end
+    end
+  end
+end

data/lib/skill_tree/models/user_role.rb

@@ -0,0 +1,14 @@
+module SkillTree
+  module Models
+    class UserRole < ActiveRecord::Base
+      belongs_to :user
+      belongs_to :role
+      belongs_to :resource, polymorphic: true
+
+      validates :user_id, uniqueness: {
+        scope: [:resource_id, :resource_type, :role_id],
+        message: 'Duplicate role.'
+      }
+    end
+  end
+end

data/lib/skill_tree/parser.rb

@@ -0,0 +1,44 @@
+require 'skill_tree/parser/acl_parser.rb'
+require 'skill_tree/parser/role_parser.rb'
+
+module SkillTree
+  module Parser
+    class Initializer
+      class <<self
+        def parse!
+          @parser = Initializer.new
+          @parser.setup if SkillTree::Models::Acl.table_exists?
+        end
+
+        def default_acl_for(model)
+          @parser.acls.each do |acl|
+            return acl.model if acl.default_for.to_s == model.class.table_name
+          end if @parser
+          nil
+        end
+      end
+
+      attr_reader :acls
+      def initialize
+        @acls = []
+      end
+
+      def setup(filename = 'config/acl.rb')
+        instance_eval(File.read(Rails.root.join(filename)))
+        save_db!
+      end
+
+      def acl(*args)
+        acl = AclParser.new(*args)
+        yield acl
+        @acls << acl
+      end
+
+      private
+
+      def save_db!
+        @acls.map(&:sync_model)
+      end
+    end
+  end
+end

data/lib/skill_tree/parser/acl_parser.rb

@@ -0,0 +1,42 @@
+module SkillTree
+  module Parser
+    class AclParser
+      attr_reader :roles, :default_for
+      def initialize(name, options = {})
+        @name = name.to_s
+        @default_for = options[:default_for]
+        @roles = []
+        @version = options[:version]
+      end
+
+      def role(*args)
+        parser = RoleParser.new(*args)
+        parser.parent = self
+        yield parser
+        @roles << parser
+      end
+
+      def sync_model
+        acl = SkillTree::Models::Acl.find_or_initialize_by(name: @name)
+        return if version_match? acl
+        update_version acl
+        @roles.each { |role| role.sync_model acl }
+        acl.save!
+      end
+
+      def model
+        SkillTree::Models::Acl.find_by(name: @name)
+      end
+
+      private
+
+      def version_match?(acl)
+        !acl.new_record? && acl.version == @version
+      end
+
+      def update_version(acl)
+        acl.version = @version || 0
+      end
+    end
+  end
+end

data/lib/skill_tree/parser/role_parser.rb

@@ -0,0 +1,57 @@
+module SkillTree
+  module Parser
+    class RoleParser
+      attr_reader :permissions, :name
+      attr_writer :parent
+      def initialize(name)
+        @name = name.to_s
+        @permissions = []
+      end
+
+      def can(*args)
+        @permissions += args
+      end
+
+      def inherit(name)
+        element = @parent.roles.select { |e| e.name == name.to_s }.first
+        fail "There is no #{name} role" if element.nil?
+        @permissions += element.permissions
+      end
+
+      def sync_model(acl)
+        role = SkillTree::Models::Role.find_or_initialize_by(name: @name)
+        role.save!
+        sync_permissions(acl, role)
+      end
+
+      private
+
+      def sync_permissions(acl, role)
+        permission_models = create_permissions!
+        permission_models.each do |permission|
+          SkillTree::Models::AclMapping.find_or_initialize_by(
+            role: role,
+            acl: acl,
+            permission: permission
+          ).save!
+        end
+        purge_old! acl, role, permission_models
+      end
+
+      def create_permissions!
+        @permissions.map do |name|
+          model = SkillTree::Models::Permission.find_or_initialize_by(name: name)
+          model.save!
+          model
+        end
+      end
+
+      def purge_old!(acl, role, permissions)
+        SkillTree::Models::AclMapping.where(
+          role: role,
+          acl: acl
+        ).where.not(permission: permissions).destroy_all
+      end
+    end
+  end
+end