zuul 0.1.1 → 0.2.0

data/lib/zuul/configuration.rb

@@ -0,0 +1,149 @@
+module Zuul
+  class Configuration
+    PRIMARY_AUTHORIZATION_CLASSES = {
+      :subject_class => :user,
+      :role_class => :role,
+      :permission_class => :permission
+    }
+    AUTHORIZATION_JOIN_CLASSES = {
+      :role_subject_class => :role_user,
+      :permission_role_class => :permission_role,
+      :permission_subject_class => :permission_user
+    }
+    DEFAULT_AUTHORIZATION_CLASSES = PRIMARY_AUTHORIZATION_CLASSES.merge(AUTHORIZATION_JOIN_CLASSES)
+    
+    DEFAULT_CONFIGURATION_OPTIONS = {
+      :acl_default => :deny, # :allow, :deny
+      :acl_mode => :raise, # :raise, :quiet
+      :acl_collect_results => false,
+      :subject_method => :current_user,
+      :force_context => false,
+      :scope => :default,
+      :with_permissions => true
+    }
+
+    attr_reader *DEFAULT_AUTHORIZATION_CLASSES.keys
+    attr_reader *DEFAULT_CONFIGURATION_OPTIONS.keys
+
+    DEFAULT_AUTHORIZATION_CLASSES.keys.concat(DEFAULT_CONFIGURATION_OPTIONS.keys).each do |key|
+      define_method "#{key.to_s}=" do |val|
+        @changed[key] = [send(key), val]
+        instance_variable_set "@#{key.to_s}", val
+      end
+    end
+
+    def changed
+      @changed = {}
+      to_hash.each { |key,val| @changed[key] = [@saved_state[key], val] if @saved_state[key] != val }
+      @changed
+    end
+
+    def changed?(key)
+      changed.has_key?(key)
+    end
+
+    def configure(args={}, &block)
+      save_state
+      configure_with_args args
+      configure_with_block &block
+      configure_join_classes if PRIMARY_AUTHORIZATION_CLASSES.keys.any? { |key| changed?(key) }
+      self
+    end
+
+    def configure_with_args(args)
+      args.select { |k,v| DEFAULT_AUTHORIZATION_CLASSES.keys.concat(DEFAULT_CONFIGURATION_OPTIONS.keys).include?(k) }.each do |key,val|
+        instance_variable_set "@#{key.to_s}", val
+      end
+    end
+
+    def configure_with_block(&block)
+      self.instance_eval(&block) if block_given?
+    end
+
+    def configure_join_classes
+      [[:role, :subject], [:permission, :subject], [:permission, :role]].each do |join_types|
+        join_key = "#{join_types.sort[0].to_s}_#{join_types.sort[1].to_s}_class".to_sym
+        next if changed?(join_key) # don't override join table if it was provided
+
+        namespaces = []
+        join_class = join_types.map do |class_type|
+          type_class = instance_variable_get "@#{class_type.to_s}_class"
+          namespace = (type_class.is_a?(Class) ? type_class.name : type_class.to_s.camelize).split("::")
+          class_name = namespace.slice!(namespace.length-1)
+          namespaces << namespace.join("::") if namespace.length > 0
+          class_name
+        end.sort!.join("")
+        
+        join_class = "#{namespaces[0]}::#{join_class}" if namespaces.length > 0 && namespaces.all? { |ns| ns == namespaces[0] }
+        instance_variable_set "@#{join_key.to_s}", join_class
+      end
+    end
+
+    def save_state
+      @saved_state = clone.to_hash
+      @changed = {}
+    end
+
+
+    def to_hash
+      h = {}
+      DEFAULT_AUTHORIZATION_CLASSES.keys.concat(DEFAULT_CONFIGURATION_OPTIONS.keys).each do |key|
+        h[key] = instance_variable_get "@#{key.to_s}"
+      end
+      h
+    end
+    alias_method :to_h, :to_hash
+
+    def classes
+      cstruct = ClassStruct.new(*DEFAULT_AUTHORIZATION_CLASSES.keys).new
+      DEFAULT_AUTHORIZATION_CLASSES.keys.each do |key|
+        cstruct.send("#{key.to_s}=", instance_variable_get("@#{key.to_s}"))
+      end
+      cstruct
+    end
+    
+    def primary_classes
+      cstruct = ClassStruct.new(*PRIMARY_AUTHORIZATION_CLASSES.keys).new
+      PRIMARY_AUTHORIZATION_CLASSES.keys.each do |key|
+        cstruct.send("#{key.to_s}=", instance_variable_get("@#{key.to_s}"))
+      end
+      cstruct
+    end
+
+    def join_classes
+      cstruct = ClassStruct.new(*AUTHORIZATION_JOIN_CLASSES.keys).new
+      AUTHORIZATION_JOIN_CLASSES.keys.each do |key|
+        cstruct.send("#{key.to_s}=", instance_variable_get("@#{key.to_s}"))
+      end
+      cstruct
+    end
+
+    protected
+
+    def initialize
+      [DEFAULT_AUTHORIZATION_CLASSES, DEFAULT_CONFIGURATION_OPTIONS].each do |opts|
+        opts.each do |key,val|
+          instance_variable_set "@#{key.to_s}", val
+        end
+      end
+      save_state
+      super
+    end
+
+    class ClassStruct < Struct
+      def keys
+        each_pair.collect { |key,val| key }.to_a
+      end
+
+      def to_array
+        each_pair.collect { |key,val| val }.to_a
+      end
+      alias_method :to_a, :to_array
+
+      def to_hash
+        Hash[each_pair.to_a]
+      end
+      alias_method :to_h, :to_hash
+    end
+  end
+end

data/lib/zuul/context.rb

@@ -0,0 +1,53 @@
+module Zuul
+  class Context < Struct.new(:class_name, :id)
+
+    def self.parse(*args)
+      if args.length >= 2
+        new(*args)
+      elsif args[0].is_a?(self)
+        return args[0]
+      elsif args[0].is_a?(Class)
+        new(args[0].name)
+      elsif args[0].class.ancestors.include?(::ActiveRecord::Base) && args[0].respond_to?(:id)
+        new(args[0].class.name, args[0].id)
+      else
+        new
+      end
+    end
+    
+    def instance?
+      !class_name.nil? && !id.nil?
+    end
+    alias_method :object?, :instance?
+
+    def class?
+      !class_name.nil? && id.nil?
+    end
+
+    def nil?
+      class_name.nil? && id.nil?
+    end
+
+    def type
+      return :nil if class_name.nil?
+      return :class if id.nil?
+      :instance
+    end
+
+    def to_context
+      return nil if class_name.nil?
+      return class_name.constantize if id.nil?
+      class_name.constantize.find(id)
+    end
+    alias_method :context, :to_context
+    
+    protected
+
+    def initialize(class_name=nil, id=nil)
+      raise Exceptions::InvalidContext, "Invalid Context Class" unless class_name.nil? || class_name.is_a?(String)
+      raise Exceptions::InvalidContext, "Invalid Context ID" unless id.nil? || id.is_a?(Integer)
+      raise Exceptions::InvalidContext if !id.nil? && class_name.nil?
+      super
+    end
+  end
+end

data/lib/zuul/exceptions.rb

@@ -0,0 +1,3 @@
+require 'zuul/exceptions/access_denied'
+require 'zuul/exceptions/invalid_context'
+require 'zuul/exceptions/undefined_scope'

data/lib/zuul/exceptions/access_denied.rb

@@ -0,0 +1,9 @@
+module Zuul
+  module Exceptions
+    class AccessDenied < StandardError
+      def initialize(msg = "Access Denied")
+        super
+      end
+    end
+  end
+end

data/lib/zuul/exceptions/invalid_context.rb

@@ -0,0 +1,9 @@
+module Zuul
+  module Exceptions
+    class InvalidContext < StandardError
+      def initialize(msg = "Invalid Context")
+        super
+      end
+    end
+  end
+end

data/lib/zuul/exceptions/undefined_scope.rb

@@ -0,0 +1,9 @@
+module Zuul
+  module Exceptions
+    class UndefinedScope < StandardError
+      def initialize(msg = "The requested scope does not exist")
+        super
+      end
+    end
+  end
+end

data/lib/zuul/railtie.rb

@@ -0,0 +1,5 @@
+class ZuulTasks < Rails::Railtie
+  rake_tasks do
+    Dir[File.join(File.dirname(__FILE__), '../tasks/*.rake')].each { |f| load f }
+  end
+end

data/lib/zuul/version.rb

@@ -0,0 +1,3 @@
+module Zuul
+  VERSION = '0.2.0'
+end

data/lib/zuul_viz.rb

@@ -0,0 +1,195 @@
+class ZuulViz
+
+  def graph(*args)
+    opts = {:subject_class => Zuul.configuration.subject_class.to_s.camelize.singularize.constantize}
+    opts = opts.merge(args[0]) if args.length > 0
+    subject_class = opts[:subject_class]
+
+    g = GraphViz.new(:G, :type => :graph)
+    g["compound"] = true
+    g.edge["lhead"] = ""
+    g.edge["ltail"] = ""
+    #g["splines"] = "line"
+    #g["rankdir"] = "LR"
+    #g["nodesep"] = "2"
+    #g["ranksep"] = "2"
+
+    roles = subject_class.auth_scope.role_class.all
+    raise "No roles to graph" if roles.length == 0
+
+    ug = g.add_graph("cluster0")
+    ug["label"] = "Assigned #{subject_class.name.pluralize}"
+    rg = g.add_graph("cluster1")
+    rg["label"] = subject_class.auth_scope.role_class_name.pluralize
+    
+    graph_roles = {}
+    roles.each do |role|
+      graph_roles[role.id] = rg.add_nodes(node_str(role))
+    
+      subject_class.auth_scope.role_subject_class.where(subject_class.auth_scope.role_foreign_key.to_sym => role.id).group(:context_type, :context_id).each do |role_subject|
+        g.add_edges(graph_roles[role.id], ug.add_nodes("#{subject_class.auth_scope.role_subject_class.where(subject_class.auth_scope.role_foreign_key.to_sym => role.id, :context_type => role_subject.context_type, :context_id => role_subject.context_id).count} #{subject_class.name.pluralize}"), :label => context_str(role_subject.context), :color => context_color(role_subject.context), :fontcolor => context_color(role_subject.context))
+      end
+    end
+    
+    permissions = subject_class.auth_scope.permission_class.all
+    if permissions.length > 0
+      graph_permissions = {}
+      pg = g.add_graph("cluster2")
+      pg["label"] = subject_class.auth_scope.permission_class_name.pluralize
+      
+      permissions.each do |permission|
+        graph_permissions[permission.id] = pg.add_nodes(node_str(permission))
+        
+        subject_class.auth_scope.permission_role_class.where(subject_class.auth_scope.permission_foreign_key.to_sym => permission.id).each do |permission_role|
+          g.add_edges(graph_roles[permission_role.send(subject_class.auth_scope.role_foreign_key.to_sym)], graph_permissions[permission.id], :label => context_str(permission_role.context), :color => context_color(permission_role.context), :fontcolor => context_color(permission_role.context))
+        end
+        
+        subject_class.auth_scope.permission_subject_class.where(subject_class.auth_scope.permission_foreign_key.to_sym => permission.id).group(:context_type, :context_id).each do |permission_subject|
+          g.add_edges(graph_permissions[permission.id], ug.add_nodes("#{subject_class.auth_scope.permission_subject_class.where(subject_class.auth_scope.permission_foreign_key.to_sym => permission.id, :context_type => permission_subject.context_type, :context_id => permission_subject.context_id).count} #{subject_class.name.pluralize}"), :label => context_str(permission_subject.context), :color => context_color(permission_subject.context), :fontcolor => context_color(permission_subject.context))
+        end
+      end
+    end
+  
+    g
+  end
+
+  def graph_subject(subject, *args)
+    opts = {:subject_class => Zuul.configuration.subject_class.to_s.camelize.singularize.constantize}
+    opts = opts.merge(args[0]) if args.length > 0
+    if subject.is_a?(Integer)
+      subject = opts[:subject_class].find(subject)
+    else
+      opts[:subject_class] = subject.class
+    end
+    
+    g = GraphViz.new(:G, :type => :graph)
+    g["compound"] = true
+    g.edge["lhead"] = ""
+    g.edge["ltail"] = ""
+    #g["splines"] = "line"
+
+    rg = g.add_graph("cluster0")
+    rg["label"] = subject.auth_scope.role_class_name.pluralize
+    pg = g.add_graph("cluster1")
+    pg["label"] = subject.auth_scope.permission_class_name.pluralize
+    
+    subject_node = g.add_nodes("#{subject.class.name} #{subject.id}")
+    
+    subject.send(subject.auth_scope.role_subjects_table_name).each do |role_subject|
+      role = role_subject.send(subject.auth_scope.role_class_name.underscore)
+      role_node = rg.add_nodes(node_str(role))
+      g.add_edges(subject_node, role_node, :label => context_str(role_subject.context), :color => context_color(role_subject.context), :fontcolor => context_color(role_subject.context))
+      
+      role.send(subject.auth_scope.permission_roles_table_name).each do |permission_role|
+        permission = permission_role.send(subject.auth_scope.permission_class_name.underscore)
+        g.add_edges(role_node, pg.add_nodes(node_str(permission)), :label => context_str(permission_role.context), :color => context_color(permission_role.context), :fontcolor => context_color(permission_role.context))
+      end
+    end
+    
+    subject.send(subject.auth_scope.permission_subjects_table_name).each do |permission_subject|
+        permission = permission_subject.send(subject.auth_scope.permission_class_name.underscore)
+        g.add_edges(subject_node, pg.add_nodes(node_str(permission)), :label => context_str(permission_subject.context), :color => context_color(permission_subject.context), :fontcolor => context_color(permission_subject.context))
+    end
+
+    g
+  end
+
+  def graph_role(role, *args)
+    opts = {:role_class => Zuul.configuration.role_class.to_s.camelize.singularize.constantize}
+    opts = opts.merge(args[0]) if args.length > 0
+    if role.is_a?(Integer)
+      role = opts[:role_class].find(role)
+    else
+      opts[:role_class] = role.class
+    end
+    
+    g = GraphViz.new(:G, :type => :graph)
+    g["compound"] = true
+    g.edge["lhead"] = ""
+    g.edge["ltail"] = ""
+    #g["splines"] = "line"
+    
+    pg = g.add_graph("cluster0")
+    pg["label"] = role.auth_scope.permission_class_name.pluralize
+    ug = g.add_graph("cluster1")
+    ug["label"] = role.auth_scope.subject_class_name.pluralize
+
+    role_node = g.add_nodes(node_str(role))
+      
+    role.send(role.auth_scope.permission_roles_table_name).each do |permission_role|
+      permission = permission_role.send(role.auth_scope.permission_class_name.underscore)
+      g.add_edges(role_node, pg.add_nodes(node_str(permission)), :label => context_str(permission_role.context), :color => context_color(permission_role.context), :fontcolor => context_color(permission_role.context))
+    end
+    
+    role.auth_scope.role_subject_class.where(role.auth_scope.role_foreign_key.to_sym => role.id).group(:context_type, :context_id).each do |role_subject|
+      g.add_edges(role_node, ug.add_nodes("#{role.auth_scope.role_subject_class.where(role.auth_scope.role_foreign_key.to_sym => role.id, :context_type => role_subject.context_type, :context_id => role_subject.context_id).count} #{role.auth_scope.subject_class_name.pluralize}"), :label => context_str(role_subject.context), :color => context_color(role_subject.context), :fontcolor => context_color(role_subject.context))
+    end
+
+    g
+  end
+
+  def graph_permission(permission, *args)
+    opts = {:permission_class => Zuul.configuration.permission_class.to_s.camelize.singularize.constantize}
+    opts = opts.merge(args[0]) if args.length > 0
+    if permission.is_a?(Integer)
+      permission = opts[:permission_class].find(permission)
+    else
+      opts[:permission_class] = permission.class
+    end
+    
+    g = GraphViz.new(:G, :type => :graph)
+    g["compound"] = true
+    g.edge["lhead"] = ""
+    g.edge["ltail"] = ""
+    #g["splines"] = "line"
+    
+    rg = g.add_graph("cluster0")
+    rg["label"] = permission.auth_scope.role_class_name.pluralize
+    ug = g.add_graph("cluster1")
+    ug["label"] = permission.auth_scope.subject_class_name.pluralize
+
+    permission_node = g.add_nodes(node_str(permission))
+      
+    permission.send(permission.auth_scope.permission_roles_table_name).each do |permission_role|
+      role = permission_role.send(permission.auth_scope.role_class_name.underscore)
+      g.add_edges(permission_node, rg.add_nodes(node_str(role)), :label => context_str(permission_role.context), :color => context_color(permission_role.context), :fontcolor => context_color(permission_role.context))
+    end
+    
+    permission.auth_scope.permission_subject_class.where(permission.auth_scope.permission_foreign_key.to_sym => permission.id).group(:context_type, :context_id).each do |permission_subject|
+      g.add_edges(permission_node, ug.add_nodes("#{permission.auth_scope.permission_subject_class.where(permission.auth_scope.permission_foreign_key.to_sym => permission.id, :context_type => permission_subject.context_type, :context_id => permission_subject.context_id).count} #{permission.auth_scope.subject_class_name.pluralize}"), :label => context_str(permission_subject.context), :color => context_color(permission_subject.context), :fontcolor => context_color(permission_subject.context))
+    end
+
+    g
+  end
+
+  protected
+
+  def initialize
+    # set some configuration args here to control colors, whether edges are labeled, etc.
+    super
+  end
+
+  def context_color(context)
+    if context.nil?
+      "black"
+    elsif context.id.nil?
+      "#0000ff"
+    else
+      "#00aa00"
+    end
+  end
+
+  def context_str(context)
+    if context.nil?
+      "global"
+    elsif context.id.nil?
+      context.class_name.pluralize
+    else
+      "#{context.class_name.underscore}_#{context.id}"
+    end
+  end
+
+  def node_str(obj)
+    "#{obj.slug}\n#{context_str(obj.context)}"
+  end
+end