store_agent 1.0.0

data/lib/store_agent/node/object/virtual_object.rb

@@ -0,0 +1,25 @@
+#--
+# Copyright 2015 realglobe, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#++
+
+module StoreAgent
+  module Node
+    class VirtualObject < Object # :nodoc:
+      def exists?
+        false
+      end
+    end
+  end
+end

data/lib/store_agent/node/prepend_module/locker.rb

@@ -0,0 +1,125 @@
+#--
+# Copyright 2015 realglobe, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#++
+
+module StoreAgent
+  module Node
+    # オブジェクトの読み書き時にファイルをロックするモジュール
+    module Locker
+      def create(*)
+        lock!(lock_mode: File::LOCK_EX, recursive: true) do
+          super
+        end
+      end
+
+      def read(*)
+        lock!(lock_mode: File::LOCK_SH, recursive: true) do
+          super
+        end
+      end
+
+      def update(*)
+        lock!(lock_mode: File::LOCK_EX, recursive: true) do
+          super
+        end
+      end
+
+      def delete(*, recursive: true)
+        lock!(lock_mode: File::LOCK_EX, recursive: recursive) do
+          super
+        end
+      end
+
+      def touch(*)
+        lock!(lock_mode: File::LOCK_SH, recursive: true) do
+          super
+        end
+      end
+
+      # TODO
+      # コピー元を共有ロック、コピー先を排他ロックする
+      def copy(dest_path = nil, *)
+        super
+      end
+
+      # TODO
+      # 移動元と移動先を排他ロックする
+      def move(dest_path = nil, *)
+        super
+      end
+
+      def get_metadata(*) # :nodoc:
+        lock!(lock_mode: File::LOCK_SH, recursive: true) do
+          super
+        end
+      end
+
+      def get_permissions(*) # :nodoc:
+        lock!(lock_mode: File::LOCK_SH, recursive: true) do
+          super
+        end
+      end
+
+      def chown(*)
+        lock!(lock_mode: File::LOCK_EX, recursive: false) do
+          super
+        end
+      end
+
+      # TODO recursive_to_root, recursive_to_leaf
+      # TODO lock_shared recursive_to_root
+      # 親階層のファイルをロックしていないので、同時にファイル削除などが実行されると問題が発生する可能性がある
+      def set_permission(*)
+        lock!(lock_mode: File::LOCK_EX, recursive: false) do
+          super
+        end
+      end
+
+      # TODO
+      def unset_permission(*)
+        lock!(lock_mode: File::LOCK_EX, recursive: false) do
+          super
+        end
+      end
+
+      protected
+
+      # TODO
+      def lock_file_path
+        "#{metadata.file_path}.lock"
+      end
+
+      def lock!(lock_mode: File::LOCK_SH, recursive: false, &block)
+        proc = Proc.new do
+          if !File.exists?(dirname = File.dirname(lock_file_path))
+            FileUtils.mkdir(dirname)
+          end
+          open(lock_file_path, File::RDWR | File::CREAT) do |f|
+            timeout(StoreAgent.config.lock_timeout) do
+              f.flock(lock_mode)
+            end
+            f.truncate(0)
+            yield
+          end
+        end
+        if recursive && !root?
+          parent_directory.lock!(lock_mode: lock_mode, recursive: recursive, &proc)
+        else
+          proc.call
+        end
+      end
+    end
+  end
+end

data/lib/store_agent/node/prepend_module/path_validator.rb

@@ -0,0 +1,138 @@
+#--
+# Copyright 2015 realglobe, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#++
+
+module StoreAgent
+  module Node
+    # オブジェクトの操作時に、パスが不正でないかをチェックするモジュール
+    module PathValidator
+      def create(*)
+        if !root?
+          parent_directory.be_present!
+        end
+        be_absent!
+        be_not_reserved!
+        super
+      end
+
+      def read(*, revision: nil)
+        if revision.nil?
+          be_present!
+        end
+        be_not_reserved!
+        super
+      end
+
+      def update(*)
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      def delete(*)
+        be_present!
+        be_not_root!
+        be_not_reserved!
+        super
+      end
+
+      def touch(*)
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      # TODO
+      def copy(dest_path = nil, *)
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      # TODO
+      def move(dest_path = nil, *)
+        be_present!
+        be_not_root!
+        be_not_reserved!
+        super
+      end
+
+      def get_metadata(*) # :nodoc:
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      def get_permissions(*) # :nodoc:
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      def chown(*)
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      def set_permission(*)
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      def unset_permission(*)
+        be_present!
+        be_not_reserved!
+        super
+      end
+
+      protected
+
+      def be_present!
+        if !exists?
+          raise StoreAgent::InvalidPathError, "object not found: #{path}"
+        end
+      end
+
+      def be_absent!
+        if exists?
+          raise StoreAgent::InvalidPathError, "object already exists: #{path}"
+        end
+      end
+
+      def be_not_root!
+        if root?
+          raise StoreAgent::InvalidPathError, "can't delete root node"
+        end
+      end
+
+      def be_not_reserved!
+        basename = File.basename(path)
+        reserved_extensions = [] <<
+          StoreAgent.config.metadata_extension <<
+          StoreAgent.config.permission_extension
+        reserved_extensions.each do |extension|
+          if basename.end_with?(extension)
+            raise StoreAgent::InvalidPathError, "extension '#{extension}' is reserved"
+          end
+        end
+        if StoreAgent.reserved_filenames.include?(basename)
+          raise StoreAgent::InvalidPathError, "filename '#{basename}' is reserved"
+        end
+      end
+    end
+  end
+end

data/lib/store_agent/node/prepend_module/permission_checker.rb

@@ -0,0 +1,96 @@
+#--
+# Copyright 2015 realglobe, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#++
+
+module StoreAgent
+  module Node
+    # オブジェクトの操作時に権限があるかどうかをチェックするモジュール
+    module PermissionChecker
+      def create(*)
+        if !root?
+          parent_directory.authorize!("write")
+        end
+        super
+      end
+
+      def read(*)
+        authorize!("read")
+        super
+      end
+
+      def update(*)
+        authorize!("write")
+        super
+      end
+
+      def delete(*)
+        authorize!("write")
+        super
+      end
+
+      def touch(*)
+        authorize!("read")
+        super
+      end
+
+      # TODO
+      # コピー先のwrite権限をチェックする
+      def copy(dest_path = nil, *)
+        authorize!("read")
+        super
+      end
+
+      # TODO
+      # コピー先のwrite権限をチェックする
+      def move(dest_path = nil, *)
+        authorize!("write")
+        super
+      end
+
+      def get_metadata(*) # :nodoc:
+        authorize!("read")
+        super
+      end
+
+      def get_permissions(*) # :nodoc:
+        authorize!("read")
+        super
+      end
+
+      def chown(*)
+        authorize!("chown")
+        super
+      end
+
+      def set_permission(*)
+        authorize!("chmod")
+        super
+      end
+
+      def unset_permission(*)
+        authorize!("chmod")
+        super
+      end
+
+      protected
+
+      def authorize!(permission_name)
+        if !permission.allow?(permission_name)
+          raise StoreAgent::PermissionDeniedError.new(object: self, permission: permission_name)
+        end
+      end
+    end
+  end
+end

data/lib/store_agent/user.rb

@@ -0,0 +1,111 @@
+#--
+# Copyright 2015 realglobe, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#++
+
+module StoreAgent
+  # オブジェクトの操作を行うユーザー
+  class User
+    include StoreAgent::Validator
+
+    attr_reader :identifiers
+
+    # ユーザーの初期化は以下のようにして行う
+    #   StoreAgent::User.new("foo")
+    #   StoreAgent::User.new("foo", "bar")
+    #   StoreAgent::User.new(["foo", "bar", "baz"])
+    #   StoreAgent::User.new("foo", ["bar", "hoge"], "fuga")
+    def initialize(*identifiers)
+      identifiers.compact!
+      if identifiers.empty?
+        raise ArgumentError, "identifier(s) is required"
+      end
+      @identifiers = identifiers.map do |identifier|
+        if identifier.is_a?(Array)
+          stringify_map_identifier(identifier)
+        else
+          stringify_identifier(identifier)
+        end
+      end
+    end
+
+    def identifier_array # :nodoc:
+      [identifiers.last].flatten
+    end
+
+    def identifier
+      identifier_array.first
+    end
+
+    def super_user?
+      false
+    end
+
+    def guest?
+      false
+    end
+
+    # 操作対象のワークスペースを指定する
+    def workspace(namespace)
+      StoreAgent::Workspace.new(current_user: self, namespace: namespace)
+    end
+
+    private
+
+    def stringify_identifier(identifier)
+      validates_to_be_string_or_symbol!(identifier)
+      validates_to_be_excluded_slash!(identifier)
+      validates_to_be_not_superuser_identifier!(identifier)
+      validates_to_be_not_guest_identifier!(identifier)
+      identifier.to_s
+    end
+
+    def stringify_map_identifier(identifiers_array)
+      case identifiers_array.length
+      when 0
+        raise ArgumentError, "identifier(s) contains empty array"
+      when 1
+        stringify_identifier(identifiers_array.first)
+      else
+        identifiers_array.map{|id| stringify_identifier(id)}
+      end
+    end
+  end
+
+  # スーパーユーザーは全オブジェクトに対して全権限を持つ
+  #   super_user = StoreAgent::Superuser.new
+  #   super_user.workspace("ws").file("file.txt").create
+  class Superuser < User
+    def initialize(*)
+      @identifiers = [StoreAgent.config.superuser_identifier]
+    end
+
+    def super_user? # :nodoc:
+      true
+    end
+  end
+
+  # ゲストユーザーはデフォルトの設定では何の権限も持たない
+  #   guest = StoreAgent::Guest.new
+  #   guest.workspace("ws").file("file.txt").read
+  class Guest < User
+    def initialize(*)
+      @identifiers = [StoreAgent.config.guest_identifier]
+    end
+
+    def guest? # :nodoc:
+      true
+    end
+  end
+end