Unidom Authorization 授权领域模型引擎

Unidom (UNIfied Domain Object Model) is a series of domain model engines. The Authorization domain model engine includes the Permission and Authorizing models. Unidom (统一领域对象模型)是一系列的领域模型引擎。授权领域模型引擎包括权限、授权的模型。

Recent Update

Check out the Road Map to find out what's the next. Check out the Change Log to find out what's new.

Usage in Gemfile

gem 'unidom-authorization'

Run the Database Migration

rake db:migrate

The migration versions start with 200004.

Call the Model

Unidom::Authorization::Permission.valid_at.alive
Unidom::Authorization::Authorizing.valid_at.alive

permission = Unidom::Authorization::Permission.valid_at.alive.first

permission.authorized? user, at: Time.now # false
Unidom::Authorization::Authorizing.authorize! permission: permission, authorized: user
# or: permission.authorize! user, by: current_user, at: Time.now
# or: user.is_authorized! permission: permission, by: administrator, at: Time.now

permission.authorize? user, at: Time.now # true
user.is_authorized? permission: permission, at: Time.now # true

user.is_prohibted! permission: permission, at: Time.now
# or: permission.prohibit! user, at: Time.now

permission.authorize? user, at: Time.now # false
user.is_authorized? permission: permission, at: Time.now # false

Include the Concerns

include Unidom::Authorization::Concerns::AsAuthorized
include Unidom::Authorization::Concerns::AsPermission

As Authorized concern

The As Authorized concern do the following tasks for the includer automatically:

1. Define the has_many :authorizings macro as: has_many :authorizings, class_name: 'Unidom::Authorization::Authorizing', as: :authorized

2. Define the has_many :permissions macro as: has_many :permissions, through: :authorizings, source: :permission

3. Define the #is_authorized! method as: is_authorized!(permission: nil, by: nil, at: Time.now)

4. Define the #is_authorized? method as: is_authorized?(permission: nil, at: Time.now)

5. Define the #is_prohibited! method as: is_prohibited!(permission: nil, at: Time.now)

As Permission concern

The As Permission concern do the following tasks for the includer automatically:

1. Define the has_many :authorizings macro as: has_many :authorizings, class_name: 'Unidom::Authorization::Authorizing'

2. Define the #authorize! method as: authorize!(authorized, by: nil, at: Time.now)

3. Define the #authorize? method as: authorize?(authorized, at: Time.now)

4. Define the #prohibit! method as: prohibit!(authorized, at: Time.now)

Disable the Model & Migration

If you only need the app components other than models, the migrations should be neglected, and the models should not be loaded.

# config/initializers/unidom.rb
Unidom::Common.configure do |options|

  options[:neglected_namespaces] = %w{
    Unidom::Authorization
  }

end

RSpec examples

RSpec example manifest (run automatically)

# spec/models/unidom_spec.rb
require 'unidom/authorization/models_rspec'

# spec/types/unidom_spec.rb
require 'unidom/authorization/types_rspec'

# spec/validators/unidom_spec.rb
require 'unidom/authorization/validators_rspec'

RSpec shared examples (to be integrated)

# lib/unidom.rb
def initialize_unidom

  Unidom::Party::Person.class_eval do
    include Unidom::Authorization::Concerns::AsAuthorized
  end

  Unidom::Position::Post.class_eval do
    include Unidom::Authorization::Concerns::AsAuthorized
  end

end

# spec/rails_helper.rb
require 'unidom'
initialize_unidom

# spec/support/unidom_rspec_shared_examples.rb
require 'unidom/authorization/rspec_shared_examples'

# spec/models/unidom/party/person_spec.rb
describe Unidom::Party::Person do

  model_attribtues = {
    name: 'Tim'
  }

  permission_attributes = {
    path:      'administration/government_agency/create',
    name:      'Create Government Agency',
    opened_at: Time.now
  }
  permission = Unidom::Authorization::Permission.create! permission_attributes

  authorizer_attributes = {}
  authorizer = described_class.create! authorizer_attributes

  it_behaves_like 'Unidom::Authorization::Concerns::AsAuthorized', model_attribtues, permission, authorizer

end

# spec/models/unidom/position/post_spec.rb
describe Unidom::Position::Post do

  model_attribtues = {
    name:              'HR Manager',
    organization_id:   SecureRandom.uuid,
    organization_type: 'Unidom::Position::Organization::Mock',
    position_id:       SecureRandom.uuid
  }

  permission_attributes = {
    path:      'administration/government_agency/create',
    name:      'Create Government Agency',
    opened_at: Time.now
  }
  permission = Unidom::Authorization::Permission.create! permission_attributes

  authorizer_attributes = {}
  authorizer = described_class.create! authorizer_attributes

  it_behaves_like 'Unidom::Authorization::Concerns::AsAuthorized', model_attribtues, permission, authorizer

end

# spec/models/unidom/authorization/permission_spec.rb
describe Unidom::Authorization::Permission, type: :model do

  before :each do
  end

  after :each do
  end

  context do

    model_attributes = {
      name: 'User Management',
      path: 'users'
    }

    authorized_attributes = {}
    authorized = Unidom::Visitor::User.create! authorized_attributes

    authorizer_attributes = {}
    authorizer = Unidom::Visitor::User.create! authorizer_attributes

    it_behaves_like 'Unidom::Authorization::Permission', model_attributes, authorized, authorizer

  end

end

# spec/models/unidom/authorization/authorizing_spec.rb
describe Unidom::Authorization::Authorizing, type: :model do

  before :each do
  end

  after :each do
  end

  context do

    model_attributes = {
      authorizer_id:   SecureRandom.uuid,
      authorizer_type: 'Unidom::Authorization::Authorizer::Mock',
      authorized_id:   SecureRandom.uuid,
      authorized_type: 'Unidom::Authorization::Authorized::Mock',
      permission_id:   SecureRandom.uuid
    }
    authorizer_class_list = [ Unidom::Visitor::User, Unidom::Party::Person ]

    it_behaves_like 'Unidom::Authorization::Authorizing', model_attributes, authorizer_class_list, [ {}, { name: 'Tim' } ]

  end

end