forked from kristianmandrup/cancan-permits
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 163f0e3
Showing
23 changed files
with
568 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
README.rdoc | ||
lib/**/*.rb | ||
bin/* | ||
features/**/*.feature | ||
LICENSE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
## MAC OS | ||
.DS_Store | ||
|
||
## TEXTMATE | ||
*.tmproj | ||
tmtags | ||
|
||
## EMACS | ||
*~ | ||
\#* | ||
.\#* | ||
|
||
## VIM | ||
*.swp | ||
|
||
## PROJECT::GENERAL | ||
coverage | ||
rdoc | ||
pkg | ||
|
||
## PROJECT::SPECIFIC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
--format nested --color |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
Copyright (c) 2009 Kristian Mandrup | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining | ||
a copy of this software and associated documentation files (the | ||
"Software"), to deal in the Software without restriction, including | ||
without limitation the rights to use, copy, modify, merge, publish, | ||
distribute, sublicense, and/or sell copies of the Software, and to | ||
permit persons to whom the Software is furnished to do so, subject to | ||
the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be | ||
included in all copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | ||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
# CanCan Permits | ||
|
||
Adds the concept of centralized Permits for use with CanCan permission system. | ||
|
||
## Install | ||
|
||
<code>gem install cancan-permits</code> | ||
|
||
## Usage | ||
|
||
* Define Roles that Users can have | ||
* Define which Roles are available | ||
* Define a Permit for each Role. | ||
* For each Permit, define what that Role can do | ||
|
||
To add Roles to your app, you might consider using a *roles* gem such as *roles_generic* | ||
|
||
### Define which Roles are available | ||
|
||
You can override the default configuration here: | ||
|
||
<pre> | ||
module Permits::Roles | ||
def self.available | ||
# return symbols array of Roles available to users | ||
end | ||
end | ||
</pre> | ||
|
||
By default it returns User.roles if such exists, otherwise it returns [:guest, :admin] by default. | ||
|
||
### Define a Permit for each Role. | ||
|
||
_Note:_ You might consider using the Permits generator in order to generate your permits for you (see below) | ||
|
||
<pre> | ||
module RolePermit | ||
class Admin < Base | ||
def initialize(ability) | ||
super | ||
end | ||
|
||
def permit?(user, request=nil) | ||
super | ||
return if !role_match? user | ||
|
||
can :manage, :all | ||
end | ||
end | ||
end | ||
</pre> | ||
|
||
## Permits Generator | ||
|
||
Options | ||
* --orm : The ORM to use (active_record, data_mapper, mongoid, mongo_mapper) | ||
* --roles : The roles for which to generate permits ; default Guest (read all) and Admin (manage all) | ||
|
||
Note, by default the Permits generator will attempt to discover which roles are currently defined as available to the system | ||
and generate permits for those roles (using some conventions - TODO). Any roles specified in the --roles option are merged | ||
with the roles found to be available in the app. | ||
|
||
<code>$ rails g permits --orm active_record --roles guest author admin</code> | ||
|
||
## Note on Patches/Pull Requests | ||
|
||
* Fork the project. | ||
* Make your feature addition or bug fix. | ||
* Add tests for it. This is important so I don't break it in a | ||
future version unintentionally. | ||
* Commit, do not mess with rakefile, version, or history. | ||
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull) | ||
* Send me a pull request. Bonus points for topic branches. | ||
|
||
## Copyright | ||
|
||
Copyright (c) 2010 Kristian Mandrup. See LICENSE for details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
begin | ||
require 'jeweler' | ||
Jeweler::Tasks.new do |gem| | ||
gem.name = "cancan-permits" | ||
gem.summary = %Q{TODO: one-line summary of your gem} | ||
gem.description = %Q{TODO: longer description of your gem} | ||
gem.email = "kmandrup@gmail.com" | ||
gem.homepage = "http://github.com/kristianmandrup/cancan-permits" | ||
gem.authors = ["Kristian Mandrup"] | ||
gem.add_development_dependency "rspec", "~> 2.0.0" | ||
gem.add_dependency 'cancan', "~> 1.3" | ||
gem.add_dependency 'require_all', "~> 1.1" | ||
gem.add_dependency 'sugar-high', "~> 0.1" | ||
end | ||
Jeweler::GemcutterTasks.new | ||
rescue LoadError | ||
puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler" | ||
end | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
require 'cancan' | ||
require 'require_all' | ||
require_all File.dirname(__FILE__) + '/cancan-permits' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
module Permits | ||
modules :ability, :roles | ||
end | ||
|
||
module Permit | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
module Permit | ||
class Base | ||
attr_reader :ability | ||
|
||
def initialize(ability) | ||
@ability = ability | ||
end | ||
|
||
def permit?(user, request=nil) | ||
false | ||
end | ||
|
||
def can(action, subject, conditions = nil, &block) | ||
can_definitions << CanCan::CanDefinition.new(true, action, subject, conditions, block) | ||
end | ||
|
||
def cannot(action, subject, conditions = nil, &block) | ||
can_definitions << CanCan::CanDefinition.new(false, action, subject, conditions, block) | ||
end | ||
|
||
def owns(user, clazz, ownership_relation = :user_id, user_id_attribute = :id) | ||
begin | ||
user_id = user.send :"#{user_id_attribute}" | ||
rescue | ||
raise ArgumentError, "ERROR (owns) - The user of class #{user.class} does not respond to ##{user_id_attribute}" | ||
end | ||
can :manage, clazz, ownership_relation => user_id | ||
end | ||
|
||
protected | ||
|
||
def role_match? user | ||
user.has_role? self.class.last_name.downcase.to_sym | ||
end | ||
|
||
def can_definitions | ||
ability.send :can_definitions | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
module Permits | ||
class Ability | ||
include CanCan::Ability | ||
|
||
# set up each RolePermit instance to share this same Ability | ||
# so that the can and cannot operations work on the same permission collection! | ||
def self.role_permits ability | ||
@role_permits = Permits::Roles.available.inject([]) do |permits, role| | ||
permits << "Permit::#{role.to_s.camelize}".constantize.new(ability) | ||
end | ||
end | ||
|
||
def initialize(user, request=nil) | ||
# put ability logic here! | ||
user ||= Guest.new | ||
Ability.role_permits(self).each{|role_permit| role_permit.permit?(user, request) } | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
module Permits::Roles | ||
def self.available | ||
if Module.const_defined? :User | ||
User.roles if User.respond_to? roles | ||
else | ||
[:guest, :admin] | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
require 'sugar-high/array' | ||
|
||
class PermitsGenerator < Rails::Generators::Base | ||
desc "Creates a Permit for each role in 'app/permits' and ensures that the permit folder is added to Rails load path." | ||
|
||
class_option :roles, :type => :array, :default => [], :desc => "Roles to create permits for" | ||
# ORM to use | ||
class_option :orm, :type => :string, :desc => "ORM to use", :default => 'active_record' | ||
|
||
source_root File.dirname(__FILE__) + '/templates' | ||
|
||
def main_flow | ||
template_permit :admin, :admin_permit | ||
roles.each do |role| | ||
template_permit role if !role == :admin | ||
end | ||
end | ||
|
||
protected | ||
|
||
# TODO: merge with any registered roles in application | ||
def roles | ||
options[:roles].uniq.to_symbols | ||
end | ||
|
||
def template_permit name, template_name=nil | ||
template "#{template_name || :permit}.rb", "app/permits/#{name}_permit.rb" | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
module Permit | ||
class Admin < Base | ||
def initialize(ability) | ||
super | ||
end | ||
|
||
def permit?(user, request=nil) | ||
super | ||
return if !role_match? user | ||
|
||
can :manage, :all | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
module Permit | ||
class <%= permit_name %> < Base | ||
def initialize(ability) | ||
super | ||
end | ||
|
||
def permit?(user, request=nil) | ||
super | ||
return if !role_match? user | ||
|
||
# can :create, Comment | ||
# owns(user, Comment) | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
module AuthAssistant | ||
class Ability | ||
include CanCan::Ability | ||
|
||
# set up each RolePermit instance to share this same Ability | ||
# so that the can and cannot operations work on the same permission collection! | ||
def self.role_permits ability | ||
@role_permits = AuthAssistant::Roles.available.inject([]) do |permits, role| | ||
permits << "RolePermit::#{role.to_s.camelize}".constantize.new(ability) | ||
end | ||
end | ||
|
||
def initialize(user, request=nil) | ||
# put ability logic here! | ||
user ||= Guest.new | ||
Ability.role_permits(self).each{|role_permit| role_permit.permit?(user, request) } | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
module RolePermit | ||
class Admin < Base | ||
def initialize(ability) | ||
super | ||
end | ||
|
||
def permit?(user, request=nil) | ||
super | ||
return if !role_match? user | ||
|
||
can :manage, :all | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
module RolePermit | ||
class Editor < Base | ||
def initialize(ability) | ||
super | ||
end | ||
|
||
def permit?(user, request=nil) | ||
super | ||
return if !role_match? user | ||
|
||
# uses default user_id | ||
owns(user, Comment) | ||
# | ||
owns(user, Post, :writer) | ||
# | ||
owns(user, Article, :author, :name) | ||
|
||
# a user can manage comments he/she created | ||
# can :manage, Comment do |comment| | ||
# comment.try(:user) == user | ||
# end | ||
|
||
# can :create, Comment | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
module RolePermit | ||
class Guest < Base | ||
def initialize(ability) | ||
super | ||
end | ||
|
||
def permit?(user, request=nil) | ||
super | ||
return if !role_match? user | ||
|
||
can :read, [Comment, Post] | ||
can [:update, :destroy], [Comment] | ||
can :create, Article | ||
|
||
# owns(user, Comment) | ||
|
||
# a user can manage comments he/she created | ||
# can :manage, Comment do |comment| | ||
# comment.try(:user) == user | ||
# end | ||
|
||
# can :create, Comment | ||
end | ||
end | ||
end |
Oops, something went wrong.