can_camel

CanCamel

This project uses WTFPL license, requires postgresql db adapter and rocks
Upstream have not been tested in production, take a lot of care What is CanCamel?

CanCamel is a ruby gem for access control. For example, we can want to know can camel write a poem? We can write it as can?(camel, :write, :poem) This code calls function with 3 arguments: user (actor), action and subject and returns hash or nil For example, we can grant camel full poem access (but only for actions that exists). We can let camel write poems only in fridays midnight, why not? Any optional params can be passed to a filter. Any custom filters could be made and any additional data (e.g. maximal poem length allowed) can be passed back

Step 1. Installation

run rails g can_camel:install
Then visit generated initializer at config/initializers/can_camel.rb

CanCamel::TABLE_NAME = "can_camel_nodes"
CanCamel::GROUP_METHOD = :group

In first line you can specify table name or use default. Second line describes a symbol, which references for user model method, returning user group. Group should be a symbol. Visit spec/dummy/app/models/user.rb for example. When you sure with this file, run generated migrations. Remember, that migrations installs 'hstore' plugin, on which relies, but does not remove it. If you want to revert it, you may want to remove plugin too

Step 2. Database structure

Database consists of nodes. Primary nodes (WHERE parent_id IS NULL) are called subjects, Their children are called actions, and actions' children are called groups. Groups' children are called garbage and never used. Any node can have conditions and results. Conditions' syntax is

 { at_day: { wdays: [6] } }

It means, that :at_day will be called with wdays: [6] argument

Step 3. Linting

I suggest to call CanCamel.lint each time you modifying can_camel objects because it is beta
If you are working primary with database (e.g. in migration), you can call CanCamel.lint to check is database correct. Best way is to call CanCamel.lint! in transaction with all changes done and enjoy your exception if need.

Step 4. Custom filters and Constrains

Filters subsystem relies on a CanCamel::Filter module, which automatically inserts register_filter method when included. This method can take as first argument high variety of things

1. If it takes a symbol and lambda, it will define a simple filter without argument filtering
2. If it takes a method or symbol referencing a method, it will register that method as in previous api: as a simple filter
3. If it takes a class respond to invoke! and name methods, it will register its element
4. If it takes something else respond to invoke and name methods, it will register it as is

You can use old style validation or use validate! method in objects passed

Old Style Validation

Include CanCamel::Validators to use validates method. You can add custom validators extending this class in initializer. Validation syntax is validates filter [field] validator: params

validate! method

define validate! method for you filters and place your validators here (mostly for semantic) you can access improved validates method in classes inherited from CanCamel::Filters::Base this method requires to specify only validators and optionally field name

Step 5. Human interface (NIY)

Nodes supports some usefull methods to work with them

• Node#aviable_filters returns all filters available
• Node#handling_params returns list of all results available