Unidom Authorization 授权领域模型引擎
Unidom (UNIfied Domain Object Model) is a series of domain model engines. The Authorization domain model engine includes the Permission and Authorizing models. Unidom (统一领域对象模型)是一系列的领域模型引擎。授权领域模型引擎包括权限、授权的模型。
Recent Update
Check out the Road Map to find out what's the next. Check out the Change Log to find out what's new.
Usage in Gemfile
gem 'unidom-authorization'Run the Database Migration
rake db:migrateThe migration versions start with 200004.
Call the Model
Unidom::Authorization::Permission.valid_at.alive
Unidom::Authorization::Authorizing.valid_at.alive
permission = Unidom::Authorization::Permission.valid_at.alive.first
permission.authorized? user, at: Time.now # false
Unidom::Authorization::Authorizing.authorize! permission: permission, authorized: user
# or: permission.authorize! user, by: current_user, at: Time.now
# or: user.is_authorized! permission: permission, by: administrator, at: Time.now
permission.authorize? user, at: Time.now # true
user.is_authorized? permission: permission, at: Time.now # true
user.is_prohibted! permission: permission, at: Time.now
# or: permission.prohibit! user, at: Time.now
permission.authorize? user, at: Time.now # false
user.is_authorized? permission: permission, at: Time.now # falseInclude the Concerns
include Unidom::Authorization::Concerns::AsAuthorized
include Unidom::Authorization::Concerns::AsPermissionAs Authorized concern
The As Authorized concern do the following tasks for the includer automatically:
-
Define the has_many :authorizings macro as:
has_many :authorizings, class_name: 'Unidom::Authorization::Authorizing', as: :authorized -
Define the has_many :permissions macro as:
has_many :permissions, through: :authorizings, source: :permission -
Define the #is_authorized! method as:
is_authorized!(permission: nil, by: nil, at: Time.now) -
Define the #is_authorized? method as:
is_authorized?(permission: nil, at: Time.now) -
Define the #is_prohibited! method as:
is_prohibited!(permission: nil, at: Time.now)
As Permission concern
The As Permission concern do the following tasks for the includer automatically:
-
Define the has_many :authorizings macro as:
has_many :authorizings, class_name: 'Unidom::Authorization::Authorizing' -
Define the #authorize! method as:
authorize!(authorized, by: nil, at: Time.now) -
Define the #authorize? method as:
authorize?(authorized, at: Time.now) -
Define the #prohibit! method as:
prohibit!(authorized, at: Time.now)
Disable the Model & Migration
If you only need the app components other than models, the migrations should be neglected, and the models should not be loaded.
# config/initializers/unidom.rb
Unidom::Common.configure do |options|
options[:neglected_namespaces] = %w{
Unidom::Authorization
}
endRSpec examples
RSpec example manifest (run automatically)
# spec/models/unidom_spec.rb
require 'unidom/authorization/models_rspec'
# spec/types/unidom_spec.rb
require 'unidom/authorization/types_rspec'
# spec/validators/unidom_spec.rb
require 'unidom/authorization/validators_rspec'RSpec shared examples (to be integrated)
# lib/unidom.rb
def initialize_unidom
Unidom::Party::Person.class_eval do
include Unidom::Authorization::Concerns::AsAuthorized
end
Unidom::Position::Post.class_eval do
include Unidom::Authorization::Concerns::AsAuthorized
end
end
# spec/rails_helper.rb
require 'unidom'
initialize_unidom
# spec/support/unidom_rspec_shared_examples.rb
require 'unidom/authorization/rspec_shared_examples'
# spec/models/unidom/party/person_spec.rb
describe Unidom::Party::Person do
model_attribtues = {
name: 'Tim'
}
permission_attributes = {
path: 'administration/government_agency/create',
name: 'Create Government Agency',
opened_at: Time.now
}
permission = Unidom::Authorization::Permission.create! permission_attributes
authorizer_attributes = {}
authorizer = described_class.create! authorizer_attributes
it_behaves_like 'Unidom::Authorization::Concerns::AsAuthorized', model_attribtues, permission, authorizer
end
# spec/models/unidom/position/post_spec.rb
describe Unidom::Position::Post do
model_attribtues = {
name: 'HR Manager',
organization_id: SecureRandom.uuid,
organization_type: 'Unidom::Position::Organization::Mock',
position_id: SecureRandom.uuid
}
permission_attributes = {
path: 'administration/government_agency/create',
name: 'Create Government Agency',
opened_at: Time.now
}
permission = Unidom::Authorization::Permission.create! permission_attributes
authorizer_attributes = {}
authorizer = described_class.create! authorizer_attributes
it_behaves_like 'Unidom::Authorization::Concerns::AsAuthorized', model_attribtues, permission, authorizer
end
# spec/models/unidom/authorization/permission_spec.rb
describe Unidom::Authorization::Permission, type: :model do
before :each do
end
after :each do
end
context do
model_attributes = {
name: 'User Management',
path: 'users'
}
authorized_attributes = {}
authorized = Unidom::Visitor::User.create! authorized_attributes
authorizer_attributes = {}
authorizer = Unidom::Visitor::User.create! authorizer_attributes
it_behaves_like 'Unidom::Authorization::Permission', model_attributes, authorized, authorizer
end
end
# spec/models/unidom/authorization/authorizing_spec.rb
describe Unidom::Authorization::Authorizing, type: :model do
before :each do
end
after :each do
end
context do
model_attributes = {
authorizer_id: SecureRandom.uuid,
authorizer_type: 'Unidom::Authorization::Authorizer::Mock',
authorized_id: SecureRandom.uuid,
authorized_type: 'Unidom::Authorization::Authorized::Mock',
permission_id: SecureRandom.uuid
}
authorizer_class_list = [ Unidom::Visitor::User, Unidom::Party::Person ]
it_behaves_like 'Unidom::Authorization::Authorizing', model_attributes, authorizer_class_list, [ {}, { name: 'Tim' } ]
end
end