removed unnecessary mutex

bmaland · May 29, 2009 · 3c6ea59 · 3c6ea59
1 parent 2c491ad
commit 3c6ea59
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 52 deletions.
diff --git a/Rakefile b/Rakefile
diff --git a/lib/aegis/constants.rb b/lib/aegis/constants.rb
@@ -0,0 +1,6 @@
+module Aegis
+  module Constants
+    EVERYONE_ROLE_NAME = :everyone
+    CRUD_VERBS = ["create", "read", "update", "destroy"]
+  end
+end
diff --git a/lib/aegis/permission_evaluator.rb b/lib/aegis/permission_evaluator.rb
@@ -0,0 +1,34 @@
+module Aegis
+  class PermissionEvaluator
+
+	def initialize(role)
+	  @role = role
+	end
+
+	def evaluate(permissions, rule_args)
+	  @result = @role.allow_by_default?
+	  permissions.each do |permission|
+		instance_exec(*rule_args, &permission)
+	  end
+	  @result
+	end
+
+	def allow(*role_name_or_names, &block)
+	  rule_encountered(role_name_or_names, true, &block)
+	end
+
+	def deny(*role_name_or_names, &block)
+	  rule_encountered(role_name_or_names, false, &block)
+	end
+
+	def rule_encountered(role_name_or_names, is_allow, &block)
+	  role_names = Array(role_name_or_names)
+	  if role_names.include?(@role.name) || role_names.include?(Aegis::Constants::EVERYONE_ROLE_NAME)
+		@result = (block ? block.call : true) 
+		@result = !@result unless is_allow
+	  end
+	end
+
+  end
+end
+
diff --git a/lib/aegis/permissions.rb b/lib/aegis/permissions.rb
@@ -10,17 +10,14 @@ def self.inherited(base)
     module ClassMethods
 
       @@roles_by_name = {}
-      @@permission_blocks = {}  # @@permission_blocks[:update_users] = [lambda { allow :admin; deny :guest }, lambda { deny :student }]
-      @@permission_block_mutex = Mutex.new
-      @@permission_block_result = nil
-      @@permission_block_role_name = nil
 
-      EVERYONE_ROLE_NAME = :everyone
-      CRUD_VERBS = ["create", "read", "update", "destroy"]
-
+      # Example: @@permission_blocks[:update_users] = 
+	  #         [proc { allow :admin; deny :guest }, proc { deny :student }]
+	  @@permission_blocks = Hash.new { |hash, key| hash[key] = [] }
+
       def role(role_name, options = {})
         role_name = role_name.to_sym
-        role_name != EVERYONE_ROLE_NAME or raise "Cannot define a role named: #{EVERYONE_ROLE_NAME}"
+        role_name != Aegis::Constants::EVERYONE_ROLE_NAME or raise "Cannot define a role named: #{Aegis::Constants::EVERYONE_ROLE_NAME}"
         @@roles_by_name[role_name] = Aegis::Role.new(role_name, self, options)
       end
 
@@ -55,52 +52,24 @@ def permission(*permission_name_or_names, &block)
       def may?(role_or_role_name, permission, *args)
         role = role_or_role_name.is_a?(Aegis::Role) ? role_or_role_name : find_role_by_name(role_or_role_name)
         blocks = @@permission_blocks[permission.to_sym]
-        if blocks
-          evaluate_permission_blocks(role, blocks, *args)
-        else
-          role.allow_by_default?
-          # raise Aegis::PermissionError, "Unknown permission: #{permission}"
-        end
+        evaluate_permission_blocks(role, blocks, *args)
       end
 
       def evaluate_permission_blocks(role, blocks, *args)
-        result = nil
-        @@permission_block_mutex.synchronize do
-          @@permission_block_role_name = role.name
-          @@permission_block_result = role.allow_by_default?
-          blocks.each { |block| block.call(*args) }
-          result = @@permission_block_result
-          @@permission_block_result = nil
-        end
-        result
-      end
-
-      def allow(*role_name_or_names, &block)
-        rule_encountered(role_name_or_names, true, &block)
-      end
-
-      def deny(*role_name_or_names, &block)
-        rule_encountered(role_name_or_names, false, &block)
+		evaluator = Aegis::PermissionEvaluator.new(role)
+		evaluator.evaluate(blocks, args)
       end
 
       def denied?(*args)
         !allowed?(*args)
       end
 
       private
-
-      def rule_encountered(role_name_or_names, is_allow, &block)
-        role_names = Array(role_name_or_names)
-        if role_names.include?(@@permission_block_role_name) || role_names.include?(EVERYONE_ROLE_NAME)
-          @@permission_block_result = block ? block.call : true
-          is_allow or @@permission_block_result = !@@permission_block_result
-        end
-      end
 
       def add_split_crud_permission(permission_name, &block)
         if permission_name =~ /^crud_(.+?)$/
           target = $1
-          CRUD_VERBS.each do |verb|
+          Aegis::Constants::CRUD_VERBS.each do |verb|
             add_normalized_permission("#{verb}_#{target}", &block)
           end
         else
@@ -120,8 +89,8 @@ def add_singularized_permission(permission_name, &block)
           singular_target = target.singularize
           if singular_target.length < target.length
             singular_block = lambda do |*args|
-              args = args[0, args.size - 1] if args.size > 1
-              block.call(*args)
+		      args.delete_at 1
+			  instance_exec(*args, &block)
             end
             singular_permission_name = "#{verb}_#{singular_target}"
             add_permission(singular_permission_name, &singular_block)
@@ -132,19 +101,11 @@ def add_singularized_permission(permission_name, &block)
 
       def add_permission(permission_name, &block)
         permission_name = permission_name.to_sym
-        @@permission_blocks[permission_name] ||= []
         @@permission_blocks[permission_name] << block
       end
-
-      def invert_block(block)
-        lambda { |*args| !block.call(*args) }
-      end
-
-      def constant_block(block, return_value)
-        lambda { |*args| return_value }
-      end
-
+
     end # module ClassMethods
 
   end # class Permissions
 end # module Aegis
+
diff --git a/lib/init.rb b/lib/init.rb
@@ -0,0 +1,9 @@
+# Include hook code here
+require 'aegis/constants'
+require 'aegis/normalization'
+require 'aegis/permission_error'
+require 'aegis/role'
+require 'aegis/permissions'
+require 'aegis/has_role'
+require 'rails/active_record'
+
diff --git a/pkg/aegis-0.0.0.gem b/pkg/aegis-0.0.0.gem