strongbolt 0.3.12 → 0.3.13

data/lib/strongbolt/tenantable.rb

@@ -1,8 +1,9 @@
 module Strongbolt
   module Tenantable
     module ClassMethods
-
-      def tenant?() (@tenant.present? && @tenant) || Strongbolt.tenants.include?(name); end
+      def tenant?
+        (@tenant.present? && @tenant) || Strongbolt.tenants.include?(name)
+      end
 
       private
 
@@ -12,6 +13,7 @@ module Strongbolt
       def singular_association_name
         @singular_association_name ||= self.name.demodulize.underscore.to_sym
       end
+
       def plural_association_name
         @plural_association_name ||= self.name.demodulize.underscore.pluralize.to_sym
       end
@@ -21,21 +23,21 @@ module Strongbolt
       # It will traverse all the has_many relationships
       # and add a has_one :tenant if not specified
       #
-      def tenant opts = {}
+      def tenant(_opts = {})
         # Stops if already configured
         return if tenant?
 
-        Strongbolt.logger.debug "-------------------------------------------------------------------\n" +
-          "Configuring tenant #{self.name}\n" +
-          "-------------------------------------------------------------------\n\n"
+        Strongbolt.logger.debug "-------------------------------------------------------------------\n" \
+                                "Configuring tenant #{self.name}\n" \
+                                "-------------------------------------------------------------------\n\n"
         #
         # We're traversing using BFS the relationships
         #
         # Keep track of traversed models and their relationship to the tenant
-        @models_traversed = {self.name => self}
+        @models_traversed = { self.name => self }
         # File of models/associations to traverse
         models_to_traverse = reflect_on_all_associations
-        while models_to_traverse.size > 0
+        until models_to_traverse.empty?
           # BFS search, shiftin first elt of array (older)
           current_association = models_to_traverse.shift
           # We don't check has_many :through association,
@@ -46,15 +48,14 @@ module Strongbolt
           # So unless we've already traversed this model, or that's a through relationship
           # or a polymorphic association
           # Also we don't go following belongs_to relationship, it becomes crazy
-          if should_visit? current_association
-            # We setup the model using the association given
-            method = setup_model(current_association)
-            # We flag the model, storing the name of the method used to link to tenant
-            @models_traversed[current_association.klass.name] = method
-            # And add its relationships into the array, at the end, if method not nil
-            if method.present?
-              models_to_traverse.concat current_association.klass.reflect_on_all_associations
-            end
+          next unless should_visit? current_association
+          # We setup the model using the association given
+          method = setup_model(current_association)
+          # We flag the model, storing the name of the method used to link to tenant
+          @models_traversed[current_association.klass.name] = method
+          # And add its relationships into the array, at the end, if method not nil
+          if method.present?
+            models_to_traverse.concat current_association.klass.reflect_on_all_associations
           end
         end
 
@@ -71,7 +72,7 @@ module Strongbolt
       # Setup a model and returns the method name in symbol of the
       # implemented link to the tenant
       #
-      def setup_model association
+      def setup_model(association)
         # Source class
         original_class = association.active_record
         # Current class
@@ -104,11 +105,10 @@ module Strongbolt
           # If no inverse, we cannot go further
           if inverse.nil?
             raise InverseAssociationNotConfigured, "Assocation #{association.name} on #{association.klass.name} could not be configured correctly as no inverse has been found"
-          elsif inverse.options.has_key? :polymorphic
+          elsif inverse.options.key? :polymorphic
             return nil
           end
 
-
           # Common options
           options = {
             through: inverse.name,
@@ -145,22 +145,21 @@ module Strongbolt
           scope "with_#{plur}", -> { includes assoc }
 
           scope "where_#{plur}_among", ->(values) do
-              if values.is_a? Array
-                # If objects
-                values = values.map(&:id) if values.first.respond_to? :id
-              else
-                # If object
-                values = values.id if values.respond_to?(:id)
-              end
-
-              includes(assoc).where(table_name => {id: values})
-            end
+                                         if values.is_a? Array
+                                           # If objects
+                                           values = values.map(&:id) if values.first.respond_to? :id
+                                         elsif values.respond_to?(:id)
+                                           # If object
+                                           values = values.id
+                                         end
+
+                                         includes(assoc).where(table_name => { id: values })
+                                       end
         end
 
         # And return name of association
-        return assoc
-      end #/setup_model
-
+        assoc
+      end # /setup_model
 
       #
       # The initial idea of using a polymorphic association on UsersTenant
@@ -196,50 +195,48 @@ module Strongbolt
           RUBY
           Strongbolt.const_set users_tenants_subclass_name, users_tenant_subclass
         end
-      end #/create_users_tenant_subclass
+      end # /create_users_tenant_subclass
 
       #
       # Setups the has_many thru association on the User class
       #
       def setup_association_on_user
-        begin
-          user_class = Configuration.user_class.constantize
-
-          # Setup the association
-          # The first one should never be there before
-          user_class.has_many :"users_#{plural_association_name}",
-            :class_name => "Strongbolt::#{users_tenants_subclass_name}",
-            :inverse_of => :user,
-            :dependent => :delete_all,
-            :foreign_key => :user_id
-
-          # This one may have been overriden by the developer
-          unless user_class.respond_to? plural_association_name
-            user_class.has_many plural_association_name,
-              :source => :"#{singular_association_name}",
-              :class_name => self.name,
-              :through => :"users_#{plural_association_name}"
-          end
+        user_class = Configuration.user_class.constantize
+
+        # Setup the association
+        # The first one should never be there before
+        user_class.has_many :"users_#{plural_association_name}",
+                            class_name: "Strongbolt::#{users_tenants_subclass_name}",
+                            inverse_of: :user,
+                            dependent: :delete_all,
+                            foreign_key: :user_id
+
+        # This one may have been overriden by the developer
+        unless user_class.respond_to? plural_association_name
+          user_class.has_many plural_association_name,
+                              source: :"#{singular_association_name}",
+                              class_name: self.name,
+                              through: :"users_#{plural_association_name}"
+        end
 
-          # Setup a quick method to get accessible clients directly
-          unless user_class.respond_to? "accessible_#{plural_association_name}"
-            user_class.class_exec(self, plural_association_name) do |klass, plur|
-              define_method "accessible_#{plur}" do
-                # If can find ALL the tenants
-                if can? :find, klass, :any, true
-                  # Then it can access all of them
-                  klass.all
-                else
-                  # Otherwise, only the ones he manages
-                  send plur
-                end
+        # Setup a quick method to get accessible clients directly
+        unless user_class.respond_to? "accessible_#{plural_association_name}"
+          user_class.class_exec(self, plural_association_name) do |klass, plur|
+            define_method "accessible_#{plur}" do
+              # If can find ALL the tenants
+              if can? :find, klass, :any, true
+                # Then it can access all of them
+                klass.all
+              else
+                # Otherwise, only the ones he manages
+                send plur
               end
             end
           end
-        rescue NameError => e
-          Strongbolt.logger.error "User #{Configuration.user_class} could not have his association to tenant #{name} created"
         end
-      end #/setup_association_on_user
+      rescue NameError
+        Strongbolt.logger.error "User #{Configuration.user_class} could not have his association to tenant #{name} created"
+      end # /setup_association_on_user
 
       #
       # returns the name of the subclass of Strongbolt::UsersTenant, containing
@@ -251,13 +248,13 @@ module Strongbolt
         # The module name is left in the name, so that we won't have any collisions
         # with the same class names in different modules.
         "Users#{self.name.gsub('::', '')}"
-      end #/users_tenants_subclass_name
+      end # /users_tenants_subclass_name
 
       #
       # Returns the inverse of specified association, using what's given
       # as inverse_of or trying to guess it
       #
-      def inverse_of association
+      def inverse_of(association)
         # If specified in association configuration
         return association.inverse_of if association.has_inverse?
 
@@ -266,15 +263,17 @@ module Strongbolt
         # Else we need to find it, using the class as reference
         association.klass.reflect_on_all_associations.each do |assoc|
           # If the association is polymorphic
-          if assoc.options.has_key? :polymorphic
+          if assoc.options.key? :polymorphic
+            if association.options && association.options[:as] == assoc.name
+              return assoc
+            end
             polymorphic_associations << assoc
-
           # If same class than the original source of the association
           elsif assoc.klass == association.active_record
 
-            Strongbolt.logger.debug "Selected inverse of #{association.name} between #{association.active_record} " +
-              "and #{association.klass} is #{assoc.name}.\n " +
-              "If not, please configure manually the inverse of #{association.name}\n"
+            Strongbolt.logger.debug "Selected inverse of #{association.name} between #{association.active_record} " \
+                                    "and #{association.klass} is #{assoc.name}.\n " \
+                                    "If not, please configure manually the inverse of #{association.name}\n"
 
             return assoc
           end
@@ -284,7 +283,7 @@ module Strongbolt
           return polymorphic_associations.first
         end
 
-        return nil
+        nil
       end
 
       #
@@ -296,13 +295,12 @@ module Strongbolt
       # and not HasManyThrough, unless it's AR v >= 4.1.0 && < 4.2.0 where
       # they define a HasManyAndBelongsTo as a HasManyThrough in the reflections
       #
-      def should_visit? association
-        ! (association.is_a?(ActiveRecord::Reflection::ThroughReflection) ||
+      def should_visit?(association)
+        !(association.is_a?(ActiveRecord::Reflection::ThroughReflection) ||
             association.macro == :belongs_to ||
-            (@models_traversed.has_key?(association.klass.name) &&
-              @models_traversed[association.klass.name].present?) )
+            (@models_traversed.key?(association.klass.name) &&
+              @models_traversed[association.klass.name].present?))
       end
-
     end
 
     module InstanceMethods

data/lib/strongbolt/user_abilities.rb

@@ -1,7 +1,6 @@
 module Strongbolt
   module UserAbilities
     module ClassMethods
-
     end
 
     module InstanceMethods
@@ -12,16 +11,16 @@ module Strongbolt
       #----------------------------------------------------------#
       def capabilities
         @capabilities_cache ||= Strongbolt::Capability.unscoped.joins(:roles)
-          .joins('INNER JOIN strongbolt_roles as children_roles ON strongbolt_roles.lft <= children_roles.lft AND children_roles.rgt <= strongbolt_roles.rgt')
-          .joins('INNER JOIN strongbolt_roles_user_groups rug ON rug.role_id = children_roles.id')
-          .joins('INNER JOIN strongbolt_user_groups_users ugu ON ugu.user_group_id = rug.user_group_id')
-          .where('ugu.user_id = ?', self.id).distinct.to_a.concat(Strongbolt.default_capabilities)
+                                                      .joins('INNER JOIN strongbolt_roles as children_roles ON strongbolt_roles.lft <= children_roles.lft AND children_roles.rgt <= strongbolt_roles.rgt')
+                                                      .joins('INNER JOIN strongbolt_roles_user_groups rug ON rug.role_id = children_roles.id')
+                                                      .joins('INNER JOIN strongbolt_user_groups_users ugu ON ugu.user_group_id = rug.user_group_id')
+                                                      .where('ugu.user_id = ?', self.id).distinct.to_a.concat(Strongbolt.default_capabilities)
       end
 
       #
       # Adds a managed tenant to the user
       #
-      def add_tenant tenant
+      def add_tenant(tenant)
         sing_tenant_name = tenant.class.name.demodulize.underscore
         send("users_#{sing_tenant_name.pluralize}").create! sing_tenant_name => tenant
         # users_tenants.create! tenant: tenant
@@ -31,17 +30,16 @@ module Strongbolt
       # Main method for user, used to check whether the user
       # is authorized to perform a certain action on an instance/class
       #
-      def can? action, instance, attrs = :any, all_instance = false
+      def can?(action, instance, attrs = :any, all_instance = false)
         without_grant do
-
           # Get the actual instance if we were given AR
           instance = instance.try(:first) if instance.is_a?(ActiveRecord::Relation)
           return false if instance.nil?
 
           # We require this to be an *existing* user, that the action and attribute be symbols
           # and that the instance is a class or a String
-          raise ArgumentError, "Action must be a symbol and instance must be Class, String, Symbol or AR" unless self.id.present? && action.is_a?(Symbol) &&
-             (instance.is_a?(ActiveRecord::Base) || instance.is_a?(Class) || instance.is_a?(String)) && attrs.is_a?(Symbol)
+          raise ArgumentError, 'Action must be a symbol and instance must be Class, String, Symbol or AR' unless self.id.present? && action.is_a?(Symbol) &&
+                                                                                                                 (instance.is_a?(ActiveRecord::Base) || instance.is_a?(Class) || instance.is_a?(String)) && attrs.is_a?(Symbol)
 
           # Pre-populate all the capabilities into a results cache for quick lookup. Permissions for all "non-owned" objects are
           # immediately available; additional lookups are required for owned objects (e.g. User, CheckoutBag, etc.).
@@ -58,35 +56,33 @@ module Strongbolt
             model_name = model.send(:name_for_authorization)
           else
             model = nil # We could do model_name.constantize, but there's a big cost to doing this
-                        # if we don't need it, so just defer until we determine there's an actual need
+            # if we don't need it, so just defer until we determine there's an actual need
             model_name = instance
           end
 
           # Look up the various possible valid entries in the cache that would allow us to see this
           return capability_in_cache?(action, instance, model_name, attrs, all_instance)
-
-        end #end w/o grant
+        end # end w/o grant
       end
 
       #
       # Convenient method
       #
-      def cannot? *args
-        !can? *args
+      def cannot?(*args)
+        !can?(*args)
       end
 
       #
       # Checks if the user owns the instance given
       #
-      def owns? instance
+      def owns?(instance)
         raise ArgumentError unless instance.is_a?(Object) && !instance.is_a?(Class)
         # If the user id is set, does this (a) user id match the user_id field of the instance
         # or (b) if this is a User instance, does the user id match the instance id?
         key = instance.is_a?(User) ? :id : :user_id
-        return !id.nil? && instance.try(key) == id
+        !id.nil? && instance.try(key) == id
       end
 
-
       private
 
       #
@@ -99,14 +95,13 @@ module Strongbolt
         @model_ancestor_cache ||= {}
 
         # User can find itself by default
-        @results_cache["findUserany-any"] = true
+        @results_cache['findUserany-any'] = true
         @results_cache["findUserany-#{id}"] = true
 
         #
         # Store every capability fetched
         #
         capabilities.each do |capability|
-
           k = "#{capability.action}#{capability.model}"
           attr_k = capability.attr || 'all'
 
@@ -137,14 +132,11 @@ module Strongbolt
           end
         end # End each capability
 
-        Strongbolt.logger.info "Populated capabilities in #{(Time.now - beginning)*1000}ms"
+        Strongbolt.logger.info "Populated capabilities in #{(Time.now - beginning) * 1000}ms"
 
         @results_cache
       end # End Populate capabilities Cache
 
-
-
-
       #----------------------------------------------------------#
       #                                                          #
       #  Checks if the user can perform 'action' on 'instance'   #
@@ -154,20 +146,20 @@ module Strongbolt
       def capability_in_cache?(action, instance, model_name, attrs = :any, all_instance = false)
         action_model = "#{action}#{model_name}"
 
-        Strongbolt.logger.warn "User has no results cache" if @results_cache.empty?
+        Strongbolt.logger.warn 'User has no results cache' if @results_cache.empty?
         Strongbolt.logger.debug { "Authorizing user to perform #{action} on #{instance.inspect}" }
 
         # we don't know or care about tenants or if this is a new record
         if instance.is_a?(ActiveRecord::Base) && !instance.new_record?
           # First, check if we have a hash/cache hit for User being able to do this action to every instance of the model/class
-          return true if @results_cache["#{action_model}all-all"]  #Access to all attributes on ENTIRE class?
-          return true if @results_cache["#{action_model}#{attrs}-all"]  #Access to this specific attribute on ENTIRE class?
+          return true if @results_cache["#{action_model}all-all"] # Access to all attributes on ENTIRE class?
+          return true if @results_cache["#{action_model}#{attrs}-all"] # Access to this specific attribute on ENTIRE class?
 
           # If we're checking on a specific instance of the class, not the general model,
           # append the id to the key
           id = instance.try(:id)
           return true if @results_cache["#{action_model}all-#{id}"] # Access to all this instance's attributes?
-          return true if @results_cache["#{action_model}#{attrs}-#{id}"] #Access to this instance's attribute?
+          return true if @results_cache["#{action_model}#{attrs}-#{id}"] # Access to this instance's attribute?
 
           # Checking ownership and tenant access
           # Block access for non tenanted instance
@@ -187,30 +179,30 @@ module Strongbolt
           end
 
           # Finally we check for tenanted instances
-          @results_cache["#{action_model}all-#{id}"] = @results_cache["#{action_model}all-tenanted"] && valid_tenants  #Access to all attributes on tenanted class?
-          @results_cache["#{action_model}#{attrs}-#{id}"] =  @results_cache["#{action_model}#{attrs}-tenanted"] && valid_tenants #Access to this specific attribute on tenanted class?
+          @results_cache["#{action_model}all-#{id}"] = @results_cache["#{action_model}all-tenanted"] && valid_tenants # Access to all attributes on tenanted class?
+          @results_cache["#{action_model}#{attrs}-#{id}"] = @results_cache["#{action_model}#{attrs}-tenanted"] && valid_tenants # Access to this specific attribute on tenanted class?
           return true if @results_cache["#{action_model}all-#{id}"] || @results_cache["#{action_model}#{attrs}-#{id}"]
         elsif instance.is_a?(ActiveRecord::Base) && instance.new_record?
-          return true if @results_cache["#{action_model}all-all"]  #Access to all attributes on ENTIRE class?
-          return true if @results_cache["#{action_model}#{attrs}-all"]  #Access to this specific attribute on ENTIRE class?
+          return true if @results_cache["#{action_model}all-all"] # Access to all attributes on ENTIRE class?
+          return true if @results_cache["#{action_model}#{attrs}-all"] # Access to this specific attribute on ENTIRE class?
           # Checking if the instance is from valid tenants (if necessary)
           valid_tenants = has_access_to_tenants?(instance)
-          return true if @results_cache["#{action_model}all-tenanted"] && valid_tenants  #Access to all attributes on tenanted class?
-          return true if @results_cache["#{action_model}#{attrs}-tenanted"] && valid_tenants #Access to this specific attribute on tenanted class?
+          return true if @results_cache["#{action_model}all-tenanted"] && valid_tenants # Access to all attributes on tenanted class?
+          return true if @results_cache["#{action_model}#{attrs}-tenanted"] && valid_tenants # Access to this specific attribute on tenanted class?
 
           # Finally, in the case where it's a non tenanted model (it still need to have valid_tenants == true)
           return true if @results_cache["#{action_model}all-any"] && valid_tenants
           return true if @results_cache["#{action_model}#{attrs}-any"] && valid_tenants
         else
           # First, check if we have a hash/cache hit for User being able to do this action to every instance of the model/class
-          return true if @results_cache["#{action_model}all-all"]  #Access to all attributes on ENTIRE class?
-          return true if @results_cache["#{action_model}#{attrs}-all"]  #Access to this specific attribute on ENTIRE class?
-          return true if @results_cache["#{action_model}all-any"] && ! all_instance  #Access to all attributes on at least once instance?
-          return true if @results_cache["#{action_model}#{attrs}-any"] && ! all_instance  #Access to this specific attribute on at least once instance?
+          return true if @results_cache["#{action_model}all-all"] # Access to all attributes on ENTIRE class?
+          return true if @results_cache["#{action_model}#{attrs}-all"] # Access to this specific attribute on ENTIRE class?
+          return true if @results_cache["#{action_model}all-any"] && !all_instance # Access to all attributes on at least once instance?
+          return true if @results_cache["#{action_model}#{attrs}-any"] && !all_instance # Access to this specific attribute on at least once instance?
         end
-        #logger.info "Cache miss for checking access to #{key}"
+        # logger.info "Cache miss for checking access to #{key}"
 
-        return false
+        false
       end
 
       #
@@ -218,7 +210,7 @@ module Strongbolt
       #
       # returns true even if instance has no relationship to any tenant
       #
-      def has_access_to_tenants? instance, tenants = nil
+      def has_access_to_tenants?(instance, tenants = nil)
         # If no tenants list given, we take all
         tenants ||= Strongbolt.tenants
         # Populate the cache if needed
@@ -232,11 +224,11 @@ module Strongbolt
             if instance.class == tenant
               tenant_ids = [instance.id]
             elsif instance.respond_to?(tenant.send(:singular_association_name))
-              if instance.send(tenant.send(:singular_association_name)).present?
-                tenant_ids = [instance.send(tenant.send(:singular_association_name)).id]
-              else
-                tenant_ids = []
-              end
+              tenant_ids = if instance.send(tenant.send(:singular_association_name)).present?
+                             [instance.send(tenant.send(:singular_association_name)).id]
+                           else
+                             []
+                           end
             elsif instance.respond_to?(tenant.send(:plural_association_name))
               tenant_ids = instance.send("#{tenant.send(:singular_association_name)}_ids")
             else
@@ -249,7 +241,7 @@ module Strongbolt
             tenant_ids = []
           end
           found_any_tenant_relationship = true unless tenant_ids.empty?
-          has_access_to_current_tenant = (tenant_ids.size > 0 && (@tenants_cache[tenant.name] & tenant_ids).present?)
+          has_access_to_current_tenant = (!tenant_ids.empty? && (@tenants_cache[tenant.name] & tenant_ids).present?)
           result || has_access_to_current_tenant
         end
         has_access_to_any_tenant || !found_any_tenant_relationship
@@ -270,8 +262,6 @@ module Strongbolt
           Strongbolt.logger.debug "#{@tenants_cache[tenant.name].size} #{tenant.name}"
         end
       end
-
-
     end # End InstanceMethods
 
     def self.included(receiver)
@@ -280,11 +270,11 @@ module Strongbolt
 
       receiver.class_eval do
         has_many :user_groups_users,
-          :class_name => "Strongbolt::UserGroupsUser",
-          :dependent => :delete_all,
-          :inverse_of => :user,
-          :foreign_key => :user_id
-        has_many :user_groups, :through => :user_groups_users
+                 class_name: 'Strongbolt::UserGroupsUser',
+                 dependent: :delete_all,
+                 inverse_of: :user,
+                 foreign_key: :user_id
+        has_many :user_groups, through: :user_groups_users
 
         has_many :roles, through: :user_groups
       end