thwart 0.0.0

data/lib/thwart/role_builder.rb

@@ -0,0 +1,143 @@
+require 'active_support/core_ext/hash/deep_merge'
+
+module Thwart
+  class ActionOrGroupNotFoundError < StandardError; end
+  class OustideRoleDefinitionError < StandardError; end
+  
+  class RoleBuilder
+    include ActiveSupport::Callbacks
+    define_callbacks :build_role, :scope => [:kind, :name]
+    
+    attr_accessor :last_built_role
+    attr_reader :actionables_store
+    delegate :actionables, :to => :actionables_store
+    
+    def self.empty_role
+      Class.new do
+        include Thwart::Role
+      end
+    end
+    
+    def initialize(a_store)
+      @actionables_store = a_store
+    end
+    
+    def create_role(name, options = {}, &block)
+      @role = self.class.empty_role.new     # Start empty role
+      @current_response = true              # Assume the first permission definitions are allows
+      run_callbacks :build_role do
+        # Add parents
+        @role.name = name
+        @role.parents = options[:parents] if options[:parents]
+      
+        # Run DSL block
+        if block_given?
+          @dsl ||= Thwart::Dsl.new
+          @dsl.all = true
+          @dsl.evaluate(self, &block)
+        end
+        self.last_built_role = @role
+      end
+      # Unset the @role instance variable to disable DSL methods and return the role
+      r = @role
+      @role = nil
+      return r
+    end
+    
+    def define_permission(name, *resources, &block)
+      ensure_in_dsl! 
+      # Shift off first argument sent from method missing and convert any action groups to an array of actions
+      raise ArgumentError, "Unrecognized action or action group #{name}" if !self.actionables.has_key?(name)
+      names = self.actionables[name]
+      
+      # Pop of last hash argument from method missing and merge in default options and :if block
+      options = {:if => false, :unless => false}
+      options.merge!(resources.pop) if resources.last.respond_to?(:keys)
+      options[:if] = block if block_given?
+      # Allow :all or blank resource specifiers
+      if resources.nil? || resources.empty? || resources.any? {|r| r == :all}
+        resources = [:_other]
+      end
+      
+      # Generate response based on @current_response and optional procs
+      generated_response = generate_response(options)
+      response_hash = hash_with_value(resources, generated_response)
+      
+      # Merge into existing role definition
+      @role.responses.deep_merge!(hash_with_value(names) do |k|
+        response_hash
+      end)
+    end
+    
+    def default(bool)
+      ensure_in_dsl!
+      @role.default_response = bool
+    end
+    
+    def include(*args)
+      ensure_in_dsl!
+      @role.parents += args
+    end
+    
+    def allow(&block)
+      evaluate_with_response(true, &block)
+    end
+    
+    def deny(&block)
+      evaluate_with_response(false, &block)
+    end
+
+    def evaluate_with_response(response, &block)
+      ensure_in_dsl!
+      old = @current_response
+      @current_response = response
+      @dsl.evaluate(self, &block)
+      @current_response = old
+    end
+
+    def respond_to?(name)
+      return true if self.actionables.has_key?(name)
+      super
+    end
+    
+    def method_missing(name, *args, &block)
+      return define_permission(name, *args, &block) if self.respond_to?(name)
+      super
+    end
+    
+    private
+    def generate_response(options) 
+      # If a proc has been supplied
+      if(options[:if].respond_to?(:call) || options[:unless].respond_to?(:call)) 
+        # Copy variable for scope
+        check = @current_response
+        if options[:unless].respond_to?(:call)
+          check = !check 
+          options[:if] = options[:unless]
+        end
+        
+        return Proc.new do |*args|
+          check == options[:if].call(*args)
+        end
+      else
+        @current_response
+      end
+    end
+    
+    def hash_with_value(array, val = nil, &block) 
+      array.inject({}) do |acc, k|
+        acc[k] = if block_given?
+          yield k
+        else
+          val
+        end
+        acc
+      end
+    end
+    
+    def ensure_in_dsl!
+      raise OustideRoleDefinitionError, "You can only define role permissions inside a role defintion block!" if @role.nil?
+    end
+  end
+  
+end

data/lib/thwart/role_registry.rb

@@ -0,0 +1,75 @@
+module Thwart
+  class DuplicateRoleError < StandardError; end
+  class MissingRoleError < StandardError; end
+  
+  class RoleRegistry
+    def roles
+      @roles ||= []
+      @roles
+    end
+    
+    def add(role)
+      raise DuplicateRoleError, "Role #{role} already exists in the role registry!" if self.has_role?(role)
+      @roles << role
+    end
+    
+    def query(actor, resource, action)
+      role = self.find_actor_role(actor)
+      resource = self.find_resource_identifier(resource)
+      if role.nil? || !self.has_role?(role) 
+        raise MissingRoleError, "Role #{role} could not be found in the registry!" if Thwart.actor_must_play_role
+      else
+        q = [role]
+        while r = q.shift
+          resp = r.query(actor, resource, action)
+          if resp != nil 
+            return resp # positive/negative response from the role, a rule governs the role on this query
+          else
+            q = q | r.parents # add this roles parents to the query queue
+          end
+        end
+      end
+    
+      Thwart.default_query_response # return was not called above, return the default
+    end
+  
+    def has_role?(role)
+      self.roles.include?(role)
+    end
+  
+    def find_actor_role(actor)
+      r = actor.thwart_role if actor.respond_to?(:thwart_role)
+      r ||= r.to_sym if r.respond_to?(:to_sym)
+      if r.is_a?(Symbol)
+        r = self.roles.find {|a| a.name == r}
+      end
+      r
+    end
+  
+    def find_resource_identifier(resource)
+      r ||= resource.thwart_name if resource.respond_to?(:thwart_name)
+      if resource.class != Class
+        r ||= resource.class.thwart_name if resource.class.respond_to?(:thwart_name)
+        r ||= resource.class.name.downcase.to_sym if Thwart.all_classes_are_resources
+      end
+      r
+    end
+  
+    def initialize(role_creator = nil)
+      self.monitor_builder(role_creator) if !role_creator.nil?
+      self
+    end
+  
+    def monitor_builder(role_creator)
+      registry = self
+      unless role_creator.nil?
+        role_creator.class.set_callback :build_role, :after do |object|
+          registry.add(object.last_built_role)
+        end
+      else
+        @role_creator.class.reset_callbacks(:build_role)
+      end
+      @role_creator = role_creator
+    end
+  end
+end

data/lib/thwart.rb

@@ -0,0 +1,67 @@
+require 'active_support'
+require 'active_support/callbacks'
+require 'active_support/core_ext/module/attribute_accessors'
+require "active_support/core_ext/module/delegation"
+require "active_support/core_ext/array/wrap"
+
+
+require 'thwart/canable'
+require 'thwart/actions_store'
+require 'thwart/action_group_builder'
+require 'thwart/role_registry'
+require 'thwart/role_builder'
+require 'thwart/role'
+require 'thwart/resource'
+require 'thwart/actor'
+require 'thwart/enforcer'
+require 'thwart/dsl'
+
+module Thwart
+  # autoload :Cans, 'thwart/canable'
+  # autoload :Ables, 'thwart/canable'
+  # autoload :ActionsStore, 'thwart/actions_store'
+  # autoload :ActionGroupBuilder, 'thwart/action_group_builder'
+  # autoload :RoleRegistry, 'thwart/role_registry'
+  # autoload :RoleBuilder, 'thwart/role_builder'
+  # autoload :Role, 'thwart/role'
+  # autoload :DefaultRole, 'thwart/role'
+  # autoload :Resource, 'thwart/resource'
+  # autoload :Actor, 'thwart/actor'
+  # autoload :Dsl, 'thwart/dsl'
+  
+  # The default can => able methods for CRUD
+  CrudActions = {:create => :creatable, :view => :viewable, :update => :updatable, :destroy => :destroyable}
+  
+  Actions       = ActionsStore.new
+  Roles         = RoleRegistry.new
+  
+  class << self
+    attr_reader :actionables_dsl, :role_dsl
+    attr_accessor :default_query_response, :role_registry, :actor_must_play_role, :all_classes_are_resources
+    delegate :create_action, :to => "Thwart::Actions"
+    delegate :create_action_group, :to => :actionables_dsl
+    delegate :create_role, :to => :role_dsl
+    delegate :query, :to => "Thwart::Roles"
+    
+    def configure(&block)
+      # Create builder DSLs for this configuration block
+      @actionables_dsl = ActionGroupBuilder.new(Actions)
+      @role_dsl = RoleBuilder.new(@actionables_dsl)
+      Roles.monitor_builder(@role_dsl)
+      
+      # Configure
+      dsl = Thwart::Dsl.new(:role => :create_role, :action => :create_action, :action_group => :create_action_group)
+      dsl.all = false
+      dsl.evaluate(self, &block)
+      
+      # Unset and stop monitoring builder DSLs so they can be GC'd
+      @actionables_dsl = nil
+      @role_dsl = nil
+      Roles.monitor_builder(nil)
+      self
+    end
+  end
+  
+  class MissingAttributeError < StandardError; end
+  class NoPermissionError < StandardError; end
+end

data/spec/action_group_builder_spec.rb

@@ -0,0 +1,68 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart::ActionGroupBuilder do
+  before do
+    @store = double("Actions Store")
+    @store.class.stub(:set_callback)
+    @builder = Thwart::ActionGroupBuilder.new(@store)
+  end
+
+  it "should add some simple actionables" do
+    @builder.add_actionable(:sing)
+    @builder.add_actionable(:dance, [:laugh, :play])
+    @builder.actionables.should == {:sing => [:sing], :dance => [:laugh, :play]}      
+  end
+  it "should have the crud action group if added" do
+    @store.should_receive(:add_crud!)
+    Thwart::CrudActions.keys.each do |k|
+      @builder.add_actionable(k)
+    end
+    @builder.add_crud_group!
+    @builder.actionables.include?(:crud).should == true
+  end
+  it "should set an action group" do
+    @builder.add_actionable(:one)
+    @builder.add_actionable(:two)
+    @builder.create_action_group(:stuff, [:one, :two])
+    @builder.actionables[:stuff].should == [:one, :two]
+  end
+  
+  it "should initialize a callback on the action creator" do
+    store_class = Class.new do
+      include ActiveSupport::Callbacks
+    end
+    store_class.should_receive(:set_callback)
+    Thwart::ActionGroupBuilder.new(store_class.new)
+  end
+  
+  describe "action group resolution" do
+    it "should find existing actions" do 
+      @builder.stub(:actionables).and_return({:view => [:view]})
+      @builder.resolve_action_group(:view).should == [:view]
+    end
+
+    context "with crud and one group" do
+      before do
+        @actions = [:create, :update, :destroy]
+        @actionables = @actions.inject({}) {|acc, k| acc[k] = [k]; acc}.merge({:manage => @actions})
+        @builder.stub(:actionables).and_return(@actionables)
+      end
+      it "should find arrays of existing actions" do        
+        @builder.resolve_action_group(@actions).should == @actions
+      end
+      it "should build action groups of other action groups" do
+        @builder.resolve_action_group(:manage).should == @actions
+      end    
+
+      context "and extra actions" do
+        before do
+          @actionables = @actionables.merge([:one, :two, :three].inject({}) {|acc, k| acc[k] = [k]; acc}).merge({:another => [:one, :two]})
+          @builder.stub(:actionables).and_return(@actionables)
+        end
+        it "should build action groups of other action groups and other actions" do
+          @builder.resolve_action_group([:manage, :another, :three]).should include(:one, :two, :three, :create, :update, :destroy)
+        end
+      end
+    end    
+  end
+end

data/spec/actions_store_spec.rb

@@ -0,0 +1,74 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart::ActionsStore do
+  before do
+    @actions = Thwart::ActionsStore.new
+  end
+  describe "with no actions set up" do
+    before do
+      @actions.should_receive(:actions).and_return({})
+    end
+    it "shouldn't find any can methods" do
+      @actions.find_can(:can_view?).should == false
+    end
+    it "shouldn't find any able methods" do
+      @actions.find_able(:viewable_by?).should == false
+    end
+  end
+  describe "with a custom action" do
+    before do
+      @actions.create_action(:foo, :fooable)
+    end
+    it "should have the can and able present" do
+      @actions.has_can?(:foo).should == true
+      @actions.has_able?(:fooable).should == true
+    end
+    it "shouln't have any other cans or ables present" do
+      @actions.has_can?(:bar).should == false
+      @actions.has_able?(:barable).should == false
+    end
+    it "should find the can method" do
+      @actions.find_can(:can_foo?).should == :foo
+    end
+    it "should find the able method" do
+      @actions.find_able(:fooable_by?).should == :fooable
+    end
+    it "should get the can from the able" do
+      @actions.can_from_able(:fooable).should == :foo
+    end
+  end
+  it "should create several actions from an array" do
+    some_actions = {:bleh => :blehable, :beef => :beefable}
+    @actions.create_action(some_actions)
+    @actions.actions.should == some_actions
+  end
+  describe "with the crud actions" do
+    before do
+      @actions.add_crud!
+    end
+    # This isnt DRY at all but I want to know which one is failing
+    it "should have C for create" do
+      @actions.has_can?(:create).should == true
+    end
+    it "should have R for ...er... view" do
+      @actions.has_can?(:view).should == true
+    end
+    it "should have U for update" do
+      @actions.has_can?(:update).should == true
+    end
+    it "should have D for delete" do
+      @actions.has_can?(:destroy).should == true
+    end
+  end
+  
+  it "should fire the add callback and set the last added" do
+    klass = Thwart::ActionsStore.clone
+    actionz = klass.new
+    receiver = double('receiver')
+    receiver.should_receive(:before).with(actionz)
+    klass.set_callback :add, :before, receiver
+    
+    actionz.create_action(:do, :doable)
+    actionz.last_action.should == :do
+  end
+end

data/spec/actor_spec.rb

@@ -0,0 +1,45 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart::Actor do
+  it "should not add the thwart_role method until thwart_access is called" do
+    actor_class = generic_model("Generic Resource") do 
+      include Thwart::Actor
+    end
+    actor_class.new.should_not respond_to(:thwart_role)
+    actor_class.thwart_access
+    actor_class.new.should respond_to(:thwart_role)
+  end
+
+  context "thwart_role defining and finding" do
+    before do
+      @actor_class = generic_model("Generic Resource") do 
+        include Thwart::Actor
+        def arbitrary_attribute
+          :arb_return
+        end
+      end
+    end
+    it "should return a default role" do
+      @actor_class.thwart_access do
+        role :a_role
+      end
+      @actor_class.new.thwart_role.should == :a_role
+    end
+    it "should allow the specifcation of a method" do
+      @actor_class.thwart_access do
+        role_method :arbitrary_attribute
+      end
+      @actor_class.new.thwart_role.should == :arb_return
+    end
+    it "should allow the specification of a proc" do
+      @actor_class.thwart_access do
+        role_proc Proc.new { |a|
+          a.nil?.should == false
+          :proc_return
+        }
+      end
+      @actor_class.new.thwart_role.should == :proc_return
+    end
+  end
+    
+end

data/spec/canable_spec.rb

@@ -0,0 +1,41 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "with some inheriting models set up" do
+  before do
+    @with_cans = generic_model do 
+      include Thwart::Cans
+    end.new
+    @with_ables = generic_model do 
+      include Thwart::Ables
+    end.new
+  end
+  
+  describe Thwart::Cans do
+    it "shouldn't find non existant methods" do
+      Thwart::Actions.should_receive(:find_can).with(:can_view?).at_least(1).and_return(false)
+      lambda {@with_cans.can_view?(@with_ables) }.should raise_error(NoMethodError)
+    end
+    it "should find a method" do
+      # rspec seems to call respond_to which calls this and it needs to work        
+      # Thwart::Actions.should_receive(:find_can).with(:can_view?).at_least(1).and_return(:view) 
+      Thwart::Actions.should_receive(:actions).any_number_of_times.and_return({:view => :viewable})
+      Thwart.should_receive(:query).with(@with_cans, @with_ables, :view)
+      @with_cans.can_view?(@with_ables)
+    end
+  end
+  
+  describe Thwart::Ables do
+    it "shouldn't find any methods" do
+      Thwart::Actions.should_receive(:find_able).with(:viewable_by?).at_least(1).and_return(false)
+      lambda {@with_ables.viewable_by?(@with_cans) }.should raise_error(NoMethodError)
+    end
+    it "should find a method" do
+      # rspec seems to call respond_to which calls this and it needs to work properly
+      # Thwart::Actions.should_receive(:find_able).with(:viewable_by?).at_least(1).and_return(:viewable)
+      Thwart::Actions.should_receive(:actions).any_number_of_times.and_return({:view => :viewable})
+      Thwart::Actions.should_receive(:can_from_able).with(:viewable).and_return(:view)
+      Thwart.should_receive(:query).with(@with_cans, @with_ables, :view)
+      @with_ables.viewable_by?(@with_cans)
+    end
+  end
+end

data/spec/dsl_spec.rb

@@ -0,0 +1,103 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart::Dsl do
+  before do
+    @target = double("target")
+  end
+  describe "with no given map" do
+    before do
+      @dsl = Thwart::Dsl.new
+    end
+    
+    it "should pass methods on to the target" do
+      @target.should_receive(:foo)
+      @dsl.evaluate(@target) do
+        foo
+      end
+    end
+    
+    it "should pass writer methods on to the target" do
+      @target.should_receive(:foo=).with("bar")
+      @dsl.evaluate(@target) do
+        foo "bar"
+      end
+    end
+    
+    it "shouldn't find non existant methods" do
+      lambda { @dsl.evaluate(@target) do
+        foo "bar"
+      end }.should raise_error(NoMethodError)
+    end
+  end
+  
+  describe "with an extra map" do
+    before do
+      @dsl = Thwart::Dsl.new :imperative => :foo=
+    end
+    it "should map attributes on to the target" do 
+      @target.should_receive(:foo=).with("bar")
+      @dsl.evaluate(@target) do
+        imperative "bar"
+      end
+    end
+  end
+  
+  describe "with method_missing defined on the target" do
+    before do
+      target_class = Class.new do
+        def respond_to?(name)
+          return true if [:test1, :test2].include?(name)
+          super
+        end
+        def method_missing(name, *args)
+          return self.test_method_called(name, *args) if self.respond_to?(name)
+          super
+        end
+      end
+      @target = target_class.new
+    end
+    it "should have a proper target to test with" do
+      @target.should_receive(:test_method_called).with(:test1)
+      @target.should_receive(:test_method_called).with(:test2)
+      @target.should_receive(:test_method_called).with(:test1, :foo, :bar)
+      @target.respond_to?(:test1).should == true
+      @target.respond_to?(:test2).should == true
+      @target.test1
+      @target.test2
+      @target.test1 :foo, :bar
+    end
+    context "with a all = true DSL" do
+      before do 
+        @dsl = Thwart::Dsl.new :test2 => :something_else
+        @dsl.all = true
+      end
+      it "should call method missing on the target if the DSL doesn't have the method defined" do
+        @target.should_receive(:test_method_called).with(:test1)
+        @dsl.evaluate @target do
+          test1
+        end
+      end
+      it "should call the method in the method map if the DSL has the method in the map" do
+        @target.should_not_receive(:method_missing)
+        @target.should_receive(:something_else)
+        @dsl.evaluate @target do
+          test2
+        end
+      end
+      it "should properly pass arguments to the missing method" do
+        @target.should_receive(:test_method_called).with(:test1, :foo, :baz)
+        @dsl.evaluate @target do
+          test1 :foo, :baz
+        end
+      end
+    end
+    it "shouldn't call method missing on the target if the DSL doesn't have the method defined and all is false" do
+      @target.should_not_receive(:test_method_called).with(:test1)
+      @dsl = Thwart::Dsl.new
+      @dsl.all = false
+      lambda { @dsl.evaluate @target do
+        test1
+      end }.should raise_error(NameError)
+    end
+  end
+end

data/spec/enforcer_spec.rb

@@ -0,0 +1,17 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+
+describe Thwart::Enforcer do
+  context "access enforcment" do
+    it "should need the current user method defined on the controller" do
+      lambda { instance_with_module(Thwart::Enforcer).thwart_access }.should raise_error(ArgumentError)
+    end
+    it "should need the params hash to have an action key" do
+      class_with_module(Thwart::Enforcer)
+      lambda { @controller.thwart_access }.should raise_error(ArgumentError)
+    end
+    it "should need the params[:actions] to be a recognized action"
+    it "should thwart access by raising an error if the user doesn't have permission"
+    it "should return true if the user does have permission"
+  end
+end

data/spec/resource_spec.rb

@@ -0,0 +1,42 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart::Resource do
+  describe "without a special name" do
+    before do
+      resource_class = generic_model("Generic Resource") do 
+        include Thwart::Resource
+        thwart_access
+      end
+      @resource = resource_class.new
+    end
+    
+    it "should have set its own name" do
+      @resource.class.thwart_name.should == "generic"
+    end
+  end
+  
+  describe "with a special name" do
+    before do
+      resource_class = generic_model("Generic Resource") do 
+        include Thwart::Resource
+        thwart_access do
+          name "special"
+        end
+      end
+      @resource = resource_class.new
+    end
+    
+    it "should have a different name" do
+      @resource.class.thwart_name.should == "special"
+    end
+  end
+  
+  describe "without a name" do
+    it "should raise an error if no name could be found" do
+      lambda { @resource = Class.new do
+        include Thwart::Resource
+        thwart_access
+      end }.should raise_error(Thwart::MissingAttributeError)
+    end
+  end
+end