the_role 0.9.9

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in the_role.gemspec
+gem 'slim'

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 [name of plugin creator]
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,104 @@
+## TheRole
+
+Gem for providing simple, but powerful and flexible role system for ROR3 applications.
+Based on Hashes.
+
+* Based on MVC semantik (easy to understand what's happening)
+* Realtime dynamically management with simple interface
+* Customizable
+
+##  Installing
+
+Gemfile
+
+``` ruby
+  gem 'the_role'
+```
+
+``` ruby
+  bundle
+```
+
+``` ruby
+rake the_role_engine:install:migrations
+  >> Copied migration 20111028145956_create_roles.rb from the_role_engine
+```
+
+``` ruby
+rake db:roles:create
+  >> Administrator, Moderator of pages, User, Demo
+```
+
+When gem initialize, **User**, **Role**, **ApplicationController** classes are extending with next methods:
+
+## User
+
+``` ruby
+# will be include into User.rb automaticaly
+belongs_to :role
+attr_accessible :role
+after_save { |user| user.instance_variable_set(:@the_role, nil) }
+
+# methods
+the_role
+admin?
+moderator?(section)
+has_role?(section, policy)
+owner?(obj)
+
+# instance variables
+@the_role
+```
+
+## Role
+
+``` ruby
+# will be include into Role.rb automaticaly
+has_many :users
+validates :name,  :presence => {:message => I18n.translate('the_role.name_presence')}
+validates :title, :presence => {:message => I18n.translate('the_role.title_presence')}
+```
+
+## ApplicationController
+
+``` ruby
+# private methods (should be define as before filters)
+the_role_access_denied
+the_role_object
+the_role_require
+the_owner_require
+```
+## Routes
+
+method **the_role_access_denied** needs **root_path** for redirect
+
+### Now try to use into console
+
+``` ruby
+rails g scaffold article title:string content:text user_id:integer
+rails g scaffold page title:string content:text user_id:integer
+rails c
+  >> User.new(:login => 'cosmo', :username => 'John Black').save
+  >> u = User.first
+  >> u.role = Role.first # admin
+  >> u.save
+  >> u.has_role? :x, :y
+    => true
+  >> u.role = Role.last # demo
+  >> u.save
+  >> u.has_role? :pages, :show
+    => true
+  >> u.has_role? :pages, :delete
+    => flase
+```
+
+## Example
+
+``` ruby
+- if curent_user.has_role? :pages, :show
+  Page content
+- else
+  Access denied
+```
+
+Copyright (c) 2011 [Ilya N. Zykin Github.com/the-teacher], released under the MIT license

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/app/assets/stylesheets/the_role/form.css

@@ -0,0 +1,55 @@
+.form{
+  background:#EEE;
+  padding:5px;
+  margin:0 0 15px 0;
+  border:2px solid gray;
+  -moz-border-radius:5px;
+}
+.form label{
+  display:block;
+}
+.form .input{
+  border:1px solid #000;
+  padding:2px 0 2px 5px;
+  font-size:13pt;
+  color:DarkBlue;
+}
+.form .textarea{
+  font-size:13pt;
+  padding:2px;
+}
+.form .message_textarea{
+  font-size:13pt;
+  padding:2px;
+  border:1px solid black;
+  height: 200px;
+}
+.form .submit{
+  font-size:16pt;
+}
+.article_buttons{
+  margin:0 0 10px 0;
+  padding:0 0 5px 0;
+  border-bottom:1px dashed gray;
+}
+.article_buttons input{
+  margin-right:10px;
+}
+.submit_button{
+  margin-bottom:10px;
+}
+.moderation_buttons{
+  background:silver;
+  margin:3px 3px 10px 3px;
+  padding:5px;
+  border:2px solid blue;
+}
+.delete_button{
+  background: none repeat scroll 0 0 lightGrey;
+  border: 1px dashed gray;
+  padding: 5px 0;
+  text-align: right;
+}
+.delete_button input{
+  color:Crimson;
+}

data/app/assets/stylesheets/the_role/headers.css.scss

@@ -0,0 +1,13 @@
+h1,h2,h3,h4,h5,h6{
+  font-family: Verdana, Arial;
+  color:#333;
+  font-weight:normal;
+  line-height:100%;
+  margin-bottom:15px;
+}
+h1{font-size:3em;}
+h2{font-size:2.8em;}
+h3{font-size:2.6em;}
+h4{font-size:2.4em;}
+h5{font-size:2.2em;}
+h6{font-size:2em;}

data/app/assets/stylesheets/the_role/reset.css.scss

@@ -0,0 +1,63 @@
+/*18 aug 2011 */
+html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6,
+p, img, font, pre, blockquote, i, b, u, s, strike, sub, sup, tt, big, small,
+center, abbr, em, code, acronym, address, ins, del, strong, var, cite,
+dfn, kbd, samp, dd, dl, dt, ol, ul, li, caption,
+table, tbody, tfoot, thead, tr, th, td,
+form, fieldset, legend, label,
+article, aside, canvas, details, embed, figure, figcaption,
+footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video{
+  margin:0;
+  padding:0;
+  border:0;
+  outline:0;
+  font-size:10px; /*zero-point*/
+  vertical-align:baseline;
+  background:transparent;
+  line-height:100%;
+}
+html, body, div, applet, object, iframe, img, p, pre, blockquote,
+dd, dl, dt, ol, ul, li, caption, table, tbody, tfoot, thead, tr, th, td,
+form, fieldset, legend, label{
+  font-weight:normal;
+}
+
+img, p, pre, blockquote, dd, dt, li, caption, legend, label{line-height:100%;}
+table, tr, td{
+  vertical-align:top;
+  border-collapse:collapse;
+  border-spacing:0;
+}
+img{vertical-align:top;}
+ol, ul{list-style:none; margin:0;}
+li{list-style-position:outside;}
+
+a{text-decoration:none;}
+a:hover{text-decoration:none;}
+
+sup, sub{font-size:85%; zoom:1;}
+sup{vertical-align:40%;}
+sub{vertical-align:-40%;}
+:focus{outline:0;}
+.overblock{overflow:hidden; zoom:1;}
+.nobr{white-space:nowrap;}
+.u{text-decoration:underline;}
+noscript{color:red;}
+/*basic LIST styles*/
+.numered_list, .marked_list{margin-left:20px;}
+.numered_list li, .marked_list li{
+  list-style-position: outside;
+  margin-left: 15px;
+  padding-left: 5px;
+}
+.numered_list li{list-style-type:decimal;}
+.marked_list  li{list-style-type:disc;}
+/*Inherit*/
+a, span, font, i, b, u, s, strike{ font-size: inherit; }
+/*CUSTOM*/
+img, p, pre, blockquote, dd, dt, caption, legend, label{
+  line-height:150%;
+}
+p, pre, blockquote{margin-bottom:15px;}
+a{color:#8CA357;}
+a:hover{text-decoration:underline;}

data/app/assets/stylesheets/the_role/style.css.scss

@@ -0,0 +1,76 @@
+.body{
+  width: 900px;
+  margin:auto;
+  font:Tahoma;
+  font-family:Tahoma,Trebuchet MS,Times New Roman;
+}
+img, p, pre, blockquote, dd, dt, caption, legend, label{
+  font-size: 2em;
+}
+ul.index{
+  p{
+    padding: 5px;
+    &:hover{
+      background: #DDD;
+
+    }
+    a.delete{
+      float: right;
+    }
+  }
+}//ul.index
+
+h4{
+  position: relative;
+  padding: 5px;
+  background: LightBlue;
+  .controls{
+    a{
+      color: blue;
+    }
+  }
+}
+
+.controls{
+  position:absolute;
+  right:10px;
+  top:10%;
+  zoom:1;
+  padding-bottom:6px;
+}
+.controls a{
+  margin:0 10px;
+  font-size:10pt;
+  color:#CCC;
+  border:1px solid transparent;
+  padding:3px;
+  text-decoration:none;
+}
+.controls a:hover{
+  color:#999;
+  border:1px solid #999;
+}
+ul.rights{
+  margin:0 0 20px;
+}
+ul.rights li{
+  margin:0 0 5px 20px;
+  position:relative;
+  zoom:1;
+  border-bottom:1px solid #EEE;
+  padding: 5px 0;
+  font-size:9pt;
+}
+ul.rights li .controls{
+  top:10%;
+  right:5px;
+  padding:5px;
+}
+form.new_action{
+  padding:15px;
+  background:#EEE;
+  margin:0 0 50px 0;
+}
+form{
+  margin:0 0 50px 0;
+}

data/app/controllers/admin/role_section_controller.rb

@@ -0,0 +1,37 @@
+class Admin::RoleSectionController < ApplicationController
+  # before_filter :login_required
+  before_filter :find_role, :only=>[:destroy, :delete_policy]
+  
+  def destroy
+    section_name = params[:id]
+    role = TheRole.get(@role.the_role)
+    role.delete(section_name.to_sym)
+
+    if @role.update_attributes({:the_role => role.to_yaml})
+      flash[:notice] = t('the_role.section_deleted')
+      redirect_to edit_admin_role_path(@role)
+    else
+      render :action => :edit
+    end   
+  end#destroy
+  
+  def delete_policy
+    section_name = params[:id]
+    policy_name = params[:name]
+    role = TheRole.get(@role.the_role)
+    role[section_name.to_sym].delete(policy_name.to_sym)
+    
+    if @role.update_attributes({:the_role => role.to_yaml})
+      flash[:notice] = t('the_role.section_policy_deleted')
+      redirect_to edit_admin_role_path(@role)
+    else
+      render :action => :edit
+    end
+  end#delete_policy
+
+  protected
+
+  def find_role
+    @role = Role.find(params[:role_id])
+  end
+end

data/app/controllers/admin/roles_controller.rb

@@ -0,0 +1,106 @@
+require 'the_role'
+
+class Admin::RolesController < ApplicationController
+  layout 'the_role'
+  # before_filter :login_required
+  # before_filter :role_require
+  before_filter :find_role, :only => [:show, :edit, :update, :destroy, :new_role_section, :new_role_policy]
+
+  def index
+    @roles = Role.all(:order => "created_at ASC")
+  end
+
+  def new
+    @role = Role.new
+  end
+
+  def edit; end
+
+  def create
+    @role = Role.new(params[:role])
+
+    if @role.save
+      flash[:notice] = t('the_role.role_created')
+      redirect_to edit_admin_role_path(@role)
+    else
+      render :action => :new
+    end
+  end
+
+  def update
+    role = TheRole.get(@role.the_role).the_reset!
+    role.the_merge!(params[:role][:the_role])
+
+    if @role.update_attribute(:the_role, role.to_yaml)
+      flash[:notice] = t('the_role.role_updated')
+      redirect_to edit_admin_role_path(@role)
+    else
+      render :action => :edit
+    end
+  end
+  
+  def new_role_section
+    # validate 1
+    if params[:section_name].blank?
+      flash[:error] = t('the_role.section_name_is_blank')
+      redirect_to edit_admin_role_path(@role) and return
+    end
+
+    # validate 2
+    section_name = params[:section_name]
+    unless section_name.match(TheRole::NAME_SYMBOLS)
+      flash[:error] = t('the_role.section_name_is_wrong')
+      redirect_to edit_admin_role_path(@role) and return
+    end
+
+    section_name.downcase!
+    role = TheRole.get(@role.the_role)
+
+    # validate 3
+    if role[section_name.to_sym]
+      flash[:error] = t('the_role.section_exists')
+      redirect_to edit_admin_role_path(@role) and return
+    end
+
+    role[section_name.to_sym] = Hash.new
+    
+    if @role.update_attributes({:the_role => role.to_yaml})
+      flash[:notice] = t('the_role.section_created')
+      redirect_to edit_admin_role_path(@role)
+    else
+      render :action => :edit
+    end
+  end#new_role_section
+  
+  def new_role_policy
+    params[:section_policy].downcase!
+    
+    # validate 1
+    unless params[:section_policy].match(TheRole::NAME_SYMBOLS)
+      flash[:error] = t('the_role.section_policy_wrong_name')
+      redirect_to edit_admin_role_path(@role)
+    end
+
+    role = TheRole.get(@role.the_role)
+    role[params[:section_name].to_sym][params[:section_policy].to_sym] = true 
+
+    if @role.update_attributes({:the_role => role.to_yaml})
+      flash[:notice] = t('the_role.section_policy_created')
+      redirect_to edit_admin_role_path(@role)
+    else
+      render :action => :edit
+    end
+  end#new_role_policy
+
+  def destroy
+    @role.destroy
+    redirect_to admin_roles_url
+  end
+
+  protected
+
+  def find_role
+    @role = Role.find(params[:id])
+  end
+  
+end

data/app/views/admin/roles/_form.slim

@@ -0,0 +1,26 @@
+- role = TheRole.get(@role.the_role)
+
+- if role.blank?
+  h3  
+    = t('.empty')
+- else
+  -role.each do |name, set|
+    h4
+      = name
+      span.controls
+        = link_to(t('.delete'), admin_role_section_url(@role, name), :method => :delete, :confirm => t('.destroy_section_confirm'))
+
+    - if set.is_a?(Hash)
+      ul.rights
+        - set.each do |n, v|
+          li
+            = check_box_tag "role[the_role][#{name}][#{n}]", true, v
+            = n
+            .controls
+              = link_to t('.delete'), delete_policy_admin_role_section_path(@role, name, :name => n), :method => :delete, :confirm => t('.delete_policy_confirm')
+
+  = f.submit button
+
+
+
+  

data/app/views/admin/roles/edit.slim

@@ -0,0 +1,37 @@
+- content_for :title do
+  = t('.title')
+
+p= flash[:notice]
+
+h1= t('.title')
+
+p= link_to raw(t('.back')), admin_roles_path
+
+h2
+  == t('.name')
+  = @role.title
+
+= form_for :role, :url => {:action=> :update }, :html => {:method => :put, :class => :form } do |f|
+  = render :partial => 'form', :locals => {:f => f, :button => t('.update')}
+
+h4= t('.create_section')
+- role = TheRole.get(@role.the_role)
+  
+= form_tag(new_role_section_admin_role_path, :method => :post, :class => :new_action) do
+  = text_field_tag :section_name
+  = submit_tag t('.create_section')
+
+h4= t('.create_access_policy')
+
+- unless role.empty?
+  = form_tag(new_role_policy_admin_role_path(@role), :method => :post, :class => :new_action) do
+    = text_field_tag :section_policy
+
+    select name=:section_name
+      -role.each do |name, set|
+        option value=name
+          = name
+        
+      input type=:submit value=t('.create_policy')
+- else
+  p= t('.section_needs')

data/app/views/admin/roles/index.slim

@@ -0,0 +1,9 @@
+h3= t('.list')
+ul.index
+  - @roles.each do |role|
+    li
+      p
+        = link_to role.title, edit_admin_role_url(role)
+        = link_to t('.delete') + role.title , admin_role_url(role), :method => :delete, :class => :delete
+
+p= link_to t('.new'),  new_admin_role_path

data/app/views/admin/roles/new.slim

@@ -0,0 +1,12 @@
+p= link_to raw(t('.back')),  admin_roles_path
+- @role.errors.each do |f, m|
+  p= m
+
+.form
+  h5= t('.create')
+  = form_for(@role, :url => admin_roles_path) do |f|
+    label= t('.name')
+    p= f.text_field :name
+    label= t('.title')
+    p= f.text_field :title
+    = f.submit t('.new')

data/app/views/layouts/the_role.slim

@@ -0,0 +1,15 @@
+doctype html
+html
+  head
+    title= yield(:title)
+    = stylesheet_link_tag    'the_role/reset'
+    = stylesheet_link_tag    'the_role/style'
+    = stylesheet_link_tag    'the_role/headers'
+    = stylesheet_link_tag    'the_role/form'
+
+    = javascript_include_tag :jquery
+    = javascript_include_tag :jquery_ujs
+    = csrf_meta_tags
+
+  body
+    .body= yield

data/config/locales/ru.yml

@@ -0,0 +1,42 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+ru:
+  the_role:
+    name_presence: Установите имя роли
+    title_presence: Установите название роли
+    section_created: Правовая группа успешно создана
+    section_policy_created: В заданной группе успешно создана политика доступа
+    section_deleted: Политика доступа удалена
+    section_policy_deleted: Политика доступа удалена
+    section_name_is_wrong: Ошибочное название правовой группы
+    section_policy_wrong_name: Ошибочное название правовой политики
+    section_name_is_blank: Имя правовой группы оказалось пустым
+    section_exists: Правовая группа уже существует
+    role_created: Роль успешно создана
+    role_updated: Роль успешно обновлена
+  admin:
+    roles:
+      index:
+        list: Список ролей
+        delete: 'Удалить роль '
+        new: Создать новую роль
+      edit:
+        title: Редактирование роли
+        back: '← К списку ролей'
+        name: 'Название роли — '
+        create_section: Создать правовую группу
+        create_access_policy: Создать политику доступа
+        create_policy: Создать политику
+        section_needs: Создайте хотя бы одну правовую группу
+        update: Обновить
+      form:
+        destroy_section_confirm: Удалить правовую группу?
+        empty: Нет ни одной правовой группы
+        delete_policy_confirm: Удалить политику доступа?
+        delete: Удалить
+      new:
+        back: '← К списку ролей'
+        create: Создать новую роль
+        name: Имя роли (латиницей)
+        title: Название роли
+        new: Создать

data/config/routes.rb

@@ -0,0 +1,18 @@
+Rails.application.routes.draw do
+  namespace :admin do
+    resources :roles do
+      member do
+        get  :new
+        get  :index
+        post :new_role_section
+        post :new_role_policy
+      end
+      resources :sections, :controller => :role_section do
+        member do
+          get :new_policy
+          delete :delete_policy
+        end
+      end#sections
+    end#policy
+  end#admin
+end

data/db/migrate/20111025025129_create_roles.rb

@@ -0,0 +1,17 @@
+class CreateRoles < ActiveRecord::Migration
+  def self.up
+    create_table :roles do |t|
+
+      t.string :name
+      t.string :title
+      t.text :description
+      t.text :the_role, :null => false
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    drop_table :roles
+  end
+end

data/lib/tasks/roles.rake

@@ -0,0 +1,120 @@
+namespace :db do
+  namespace :roles do
+    # rake db:roles:create
+    desc 'create roles'
+    task :create => :environment do
+      # ADMIN
+      role = {
+        :system => {
+          :administrator => true
+        }
+      }
+      Role.new(
+        :name => :administrator,
+        :title => 'Administrator',
+        :description => 'Role for administrator',
+        :the_role => role.to_yaml
+      ).save!
+      puts 'Administrator'
+
+      # MODERATOR
+      role = {
+        :moderator => {
+          :pages => true
+        },
+        :markup => {
+          :html => true
+        }
+      }
+      Role.new(
+        :name => :user,
+        :title => 'Moderator of pages',
+        :description => "Moderator #1",
+        :the_role => role.to_yaml
+      ).save!
+      puts 'Moderator of pages'
+
+      # USER
+      role = {
+        :users => {
+          :cabinet => true,
+          :update => true,
+          :avatar_upload => true
+        },
+        :profiles => {
+          :edit => true,
+          :update => true
+        },
+        :articles => {
+          :new => true,
+          :create => true,
+          :edit => true,
+          :update => true,
+          :destroy => true,
+          :tags => false
+        },
+        :pages => {
+          :new => true,
+          :create => true,
+          :edit => true,
+          :update => true,
+          :destroy => true,
+          :tags => true
+        },
+        :markup => {
+          :html => false
+        }
+      }
+      Role.new(
+        :name => :user,
+        :title => 'User',
+        :description => "Role for User",
+        :the_role => role.to_yaml
+      ).save!
+      puts 'User'
+
+      # DEMO
+      role = {
+        :users => {
+          :cabinet => true,
+          :update => false,
+          :avatar_upload => false
+        },
+        :profiles => {
+          :edit => true,
+          :update => false
+        },
+        :articles => {
+          :new => true,
+          :show => true,
+          :create => false,
+          :edit => true,
+          :update => false,
+          :destroy => false,
+          :tags => false
+        },
+        :pages => {
+          :new => true,
+          :show => true,
+          :create => false,
+          :edit => true,
+          :update => false,
+          :destroy => false,
+          :tags => false
+        },
+        :markup => {
+          :html => false
+        }
+      }
+      Role.new(
+        :name => :user,
+        :title => 'Demo',
+        :description => "Demo user",
+        :the_role => role.to_yaml
+      ).save!
+      puts 'Demo'
+
+      puts 'Roles created'
+    end#create
+  end#roles
+end#db

data/lib/the_role/engine.rb

@@ -0,0 +1,12 @@
+require 'the_role'
+require 'rails'
+
+module TheRole
+  class Engine < Rails::Engine
+    config.to_prepare do
+      Role.send :include, TheRole::RoleModel if the_class_exists? :Role
+      User.send :include, TheRole::UserModel if the_class_exists? :User
+      ApplicationController.send :include, TheRole::Requires if the_class_exists? :ApplicationController
+    end
+  end#Engine
+end#TheRole

data/lib/the_role/hash.rb

@@ -0,0 +1,25 @@
+class Hash
+  def the_reset!(default_value= false)
+    base= self
+    base.each do |key, v|
+      if base[key.to_sym].is_a?(Hash)
+        base[key.to_sym]= base[key.to_sym].the_reset!(default_value)
+      else
+        base[key.to_sym]= default_value
+      end
+    end
+  end
+
+  def the_merge!(hash= nil, default_value= true)
+    return self unless hash.is_a?(Hash)
+    base= self
+    hash.each do |key, v|
+      if base[key.to_sym].is_a?(Hash) && hash[key.to_sym].is_a?(Hash)
+        base[key.to_sym]= base[key.to_sym].the_merge!(hash[key.to_sym], default_value)
+      else
+        base[key.to_sym]= default_value
+      end
+    end
+    base.to_hash
+  end
+end

data/lib/the_role/the_class_exists.rb

@@ -0,0 +1,8 @@
+# the_class_exists? :User => true | flase
+# the_class_exists? :Role => true | flase
+def the_class_exists?(class_name)
+  klass = Module.const_get(class_name)
+  return klass.is_a?(Class)
+rescue NameError
+  return false
+end

data/lib/the_role/version.rb

@@ -0,0 +1,3 @@
+module TheRole
+  VERSION = "0.9.9"
+end

data/lib/the_role.rb

@@ -0,0 +1,107 @@
+require "the_role/version"
+require "the_role/hash"
+require "the_role/engine"
+require "the_role/the_class_exists"
+
+module TheRole
+  # include TheRole::Requires
+  # include TheRole::UserModel
+  # include TheRole::RoleModel
+
+  NAME_SYMBOLS = /^[a-zA-Z][a-zA-Z0-9_\-]*[a-zA-Z0-9]$/
+
+  # TheRole.get(@role.the_role)
+  def self.get str
+    hash = YAML::load(str)
+    hash ? hash : Hash.new
+  end
+
+  module UserModel
+    def self.included(base)
+      base.class_eval do
+        belongs_to :role
+        attr_accessible :role
+        # when user changed - @the_role should be reload
+        after_save { |user| user.instance_variable_set(:@the_role, nil) }
+      end
+    end
+    
+    def the_role
+      @the_role ||= self.role ? TheRole.get(self.role.the_role) : Hash.new
+    end
+
+    def admin?
+      role = self.the_role[:system] ? self.the_role[:system][:administrator] : false
+      role && role.is_a?(TrueClass)
+    end
+    
+    def moderator? section
+      role = self.the_role[:system] ? self.the_role[:moderator][section.to_sym] : false
+      role && role.is_a?(TrueClass)
+    end
+
+    # TRUE if user has role - administartor of system
+    # TRUE if user is moderator of this section (controller_name)
+    # FALSE when this section (or role) is nil
+    # return current value of role (TRUE|FALSE) if it exists
+    def has_role?(section, policy)
+      return true   if self.admin?
+      return true   if self.moderator? section 
+      self.the_role[section.to_sym][policy.to_sym].is_a?(TrueClass) if self.the_role[section.to_sym] && self.the_role[section.to_sym][policy.to_sym]
+    end
+
+    # FALSE if object is nil
+    # If object is a USER - check for youself
+    # Check for owner field - :user_id
+    # Check for owner _object_ if owner field is not :user_id
+    def owner?(obj)
+      return false unless obj
+      return true if self.admin?
+      return true if self.moderator? obj.class.to_s.tableize # moderator? 'pages'
+      return self.id == obj.id          if obj.is_a?(User)
+      return self.id == obj[:user_id]   if obj[:user_id]
+      return self.id == obj[:user][:id] if obj[:user]
+      false
+    end
+  end#UserModel
+
+  module RoleModel
+    def self.included(base)
+      base.class_eval do
+        has_many :users
+        validates :name,  :presence => {:message => I18n.translate('the_role.name_presence')}
+        validates :title, :presence => {:message => I18n.translate('the_role.title_presence')}
+      end
+    end
+  end#RoleModel
+
+  # for application controller
+  # @the_role_object should be defined with before_filter
+  # @the_role_object = @page
+  module Requires
+    private
+    
+      def the_role_access_denied
+        flash[:error] = t('the_role.access_denied')
+        redirect_to root_path
+      end
+      
+      # before_filter :role_require
+      def the_role_require
+        the_role_access_denied unless current_user.has_role?(controller_name, action_name)
+      end
+
+      # before_filter :the_role_object
+      # define class variable for *the_owner_require* filter with Controller class name
+      # @the_role_object = @article
+      def the_role_object
+        variable_name   = "@" + self.class.to_s.underscore.split('_').first.singularize
+        @the_role_object = self.instance_variable_get("@#{variable_name}")
+      end
+
+      # before_filter :owner_and_role_require
+      def the_owner_require
+        the_role_access_denied unless current_user.owner?(@the_role_object)
+      end
+  end#Requires
+end#TheRole

data/the_role.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "the_role/version"
+
+Gem::Specification.new do |s|
+  s.name        = "the_role"
+  s.version     = TheRole::VERSION
+  s.authors     = ["Ilya N. Zykin"]
+  s.email       = ["zykin-ilya@ya.ru"]
+  s.homepage    = "https://github.com/the-teacher/the_role"
+  s.summary     = %q{TheRole - simple, but powerful role system}
+  s.description = %q{TheRole - simple, but powerful role system for ROR applications}
+
+  s.rubyforge_project = "the_role"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  # specify any dependencies here; for example:
+  # s.add_development_dependency "rspec"
+  # s.add_runtime_dependency "rest-client"
+end

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: the_role
+version: !ruby/object:Gem::Version
+  version: 0.9.9
+  prerelease: 
+platform: ruby
+authors:
+- Ilya N. Zykin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2011-10-29 00:00:00.000000000Z
+dependencies: []
+description: TheRole - simple, but powerful role system for ROR applications
+email:
+- zykin-ilya@ya.ru
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/stylesheets/the_role/form.css
+- app/assets/stylesheets/the_role/headers.css.scss
+- app/assets/stylesheets/the_role/reset.css.scss
+- app/assets/stylesheets/the_role/style.css.scss
+- app/controllers/admin/role_section_controller.rb
+- app/controllers/admin/roles_controller.rb
+- app/views/admin/roles/_form.slim
+- app/views/admin/roles/edit.slim
+- app/views/admin/roles/index.slim
+- app/views/admin/roles/new.slim
+- app/views/layouts/the_role.slim
+- config/locales/ru.yml
+- config/routes.rb
+- db/migrate/20111025025129_create_roles.rb
+- lib/tasks/roles.rake
+- lib/the_role.rb
+- lib/the_role/engine.rb
+- lib/the_role/hash.rb
+- lib/the_role/the_class_exists.rb
+- lib/the_role/version.rb
+- the_role.gemspec
+homepage: https://github.com/the-teacher/the_role
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: the_role
+rubygems_version: 1.8.6
+signing_key: 
+specification_version: 3
+summary: TheRole - simple, but powerful role system
+test_files: []