acl9 0.11.0 → 0.12.0

data/CHANGELOG.textile

@@ -1,3 +1,17 @@
+h2. 0.12.0 (04-Jan-2010)
+
+An anniversary release of fixes and hacks, introduced by venerable users of the plugin.
+
+* Allow for inheritance of subject (Jeff Jaco)
+* Renamed "Object" module in extensions, since it caused some breakage inside activesupport
+  (invisiblelama).
+* @show_to@ helper for usage in views (Antono Vasiljev)
+* @:association_name@ config option, now you can change Subject#role_objects to whatever
+  you want (Jeff Tucker).
+* Fix bug when Subject#id is a string, e.g. UUID (Julien Bachmann)
+* Bug with action blocks when using anonymous and another role (Franck)
+
+
 h2. 0.11.0 (16-Sep-2009)
 
 * :protect_global_roles

data/README.textile

@@ -51,12 +51,12 @@ If you have questions, please post to the
 
 h1. Installation
 
-Acl9 can be installed as a gem from "GitHub":http://github.com.
+Acl9 can be installed as a gem from "gemcutter":http://gemcutter.org.
 
 Add the following line to your @config/environment.rb@:
 
 <pre><code>
-  config.gem "be9-acl9", :source => "http://gems.github.com", :lib => "acl9"
+  config.gem "acl9", :source => "http://gemcutter.org", :lib => "acl9"
 </pre></code>
 
 Then run @rake gems:install@ (with possible @rake gems:unpack@ thereafter) and you're done!
@@ -145,11 +145,10 @@ The structure of @roles@ table is as follows:
 
 <pre><code>
   create_table "roles", :force => true do |t|
-    t.string   "name",              :limit => 40
-    t.string   "authorizable_type", :limit => 40
-    t.integer  "authorizable_id"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.string   :name,              :limit => 40
+    t.string   :authorizable_type, :limit => 40
+    t.integer  :authorizable_id
+    t.timestamps
   end
 </code></pre>
 
@@ -168,10 +167,9 @@ there should be a join table:
 
 <pre><code>
   create_table "roles_users", :id => false, :force => true do |t|
-    t.integer  "user_id"
-    t.integer  "role_id"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.references  :user
+    t.references  :role
+    t.timestamps
   end
 </code></pre>
 
@@ -280,18 +278,16 @@ Note that you'll need to change your database structure appropriately:
 
 <pre><code>
   create_table "account_roles", :force => true do |t|
-    t.string   "name",              :limit => 40
-    t.string   "authorizable_type", :limit => 40
-    t.integer  "authorizable_id"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.string   :name,              :limit => 40
+    t.string   :authorizable_type, :limit => 40
+    t.integer  :authorizable_id
+    t.timestamps
   end
   
   create_table "account_roles_accounts", :id => false, :force => true do |t|
-    t.integer  "account_id"
-    t.integer  "account_role_id"
-    t.datetime "created_at"
-    t.datetime "updated_at"
+    t.references  :account
+    t.references  :account_role
+    t.timestamps
   end
 </code></pre>
 
@@ -885,4 +881,23 @@ An imaginary view:
   <% end %>
 </code></pre>
 
-Copyright (c) 2009 Oleg Dashevskii, released under the MIT license.
+h2. show_to in your views
+
+@show_to@ is predefined helper for your views:
+
+<pre><code>
+  <% show_to :admin, :supervisor do %>
+    <%= link_to 'destroy', destroy_path %>
+  <% end %>
+</code></pre>
+
+or even
+
+<pre><code>
+  <% show_to :prince, :of => :persia do %>
+    <%= link_to 'Princess', princess_path %>
+  <% end %>
+</code></pre>
+
+
+Copyright (c) 2009, 2010 Oleg Dashevskii, released under the MIT license.

data/VERSION.yml

@@ -1,4 +1,5 @@
 --- 
-:minor: 11
+:build: 
+:minor: 12
 :patch: 0
 :major: 0

data/lib/acl9/config.rb

@@ -3,6 +3,7 @@ module Acl9
     :default_role_class_name => 'Role',
     :default_subject_class_name => 'User',
     :default_subject_method => :current_user,
+    :default_association_name => :role_objects,
     :protect_global_roles => false,
   }
 

data/lib/acl9/controller_extensions/dsl_base.rb

@@ -142,7 +142,8 @@ module Acl9
       end
 
       def _either_of(exprs)
-        exprs.map { |expr| "(#{expr})" }.join(' || ')
+        clause = exprs.map { |expr| "(#{expr})" }.join(' || ')
+        return "(#{clause})"
       end
 
       def _add_rule(what, condition)

data/lib/acl9/helpers.rb

@@ -14,6 +14,29 @@ module Acl9
         generator.acl_block!(&block)
         generator.install_on(self, opts)
       end
+
+    end
+
+    # Usage:
+    #
+    #     <% show_to(:owner, :supervisor, :of => :account) do -%>
+    #       <%= 'hello' %>
+    #     <%- end -%>
+    #
+    def show_to(*args, &block)
+      user = eval(Acl9.config[:default_subject_method].to_s)
+      return '' if user.nil?
+
+      has_any = false
+
+      if args.last.is_a?(Hash)
+        an_obj  = args.pop.values.first
+        has_any = args.detect { |role| user.has_role?(role, an_obj) }
+      else
+        has_any = args.detect { |role| user.has_role?(role) }
+      end
+
+      has_any ? yield(:block) : ''
     end
   end
 end

data/lib/acl9/model_extensions.rb

@@ -1,5 +1,5 @@
-require File.join(File.dirname(__FILE__), 'model_extensions', 'subject')
-require File.join(File.dirname(__FILE__), 'model_extensions', 'object')
+require File.join(File.dirname(__FILE__), 'model_extensions', 'for_subject')
+require File.join(File.dirname(__FILE__), 'model_extensions', 'for_object')
 
 module Acl9
   module ModelExtensions  #:nodoc:
@@ -16,6 +16,8 @@ module Acl9
       #                           Class name of the role class (e.g. 'AccountRole')
       # @option options [String] :join_table_name (Acl9::config[:default_join_table_name])
       #                           Join table name (e.g. 'accounts_account_roles')
+      # @option options [String] :association_name (Acl9::config[:default_association_name])
+      #                           Association name (e.g. ':roles')
       # @example
       #   class User < ActiveRecord::Base
       #     acts_as_authorization_subject
@@ -31,17 +33,21 @@ module Acl9
       # @see Acl9::ModelExtensions::Subject
       #
       def acts_as_authorization_subject(options = {})
+      	assoc = options[:association_name] || Acl9::config[:default_association_name]
         role = options[:role_class_name] || Acl9::config[:default_role_class_name]
         join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] ||
                     join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(role))
 
-        has_and_belongs_to_many :role_objects, :class_name => role, :join_table => join_table
+        has_and_belongs_to_many assoc, :class_name => role, :join_table => join_table
+
+        cattr_accessor :_auth_role_class_name, :_auth_subject_class_name,
+                       :_auth_role_assoc_name
 
-        cattr_accessor :_auth_role_class_name, :_auth_subject_class_name
         self._auth_role_class_name = role
         self._auth_subject_class_name = self.to_s
+        self._auth_role_assoc_name = assoc
 
-        include Acl9::ModelExtensions::Subject
+        include Acl9::ModelExtensions::ForSubject
       end
 
       # Add role query and set methods to the class (making it an auth object class).
@@ -81,7 +87,7 @@ module Acl9
 
         sql_where = <<-'EOS'
           WHERE authorizable_type = '#{self.class.base_class.to_s}'
-          AND authorizable_id = #{id}
+          AND authorizable_id = #{column_for_attribute(self.class.primary_key).text? ? "'#{id}'": id}
         EOS
 
         has_many :accepted_roles, :as => :authorizable, :class_name => role, :dependent => :destroy
@@ -91,7 +97,7 @@ module Acl9
           :counter_sql => ("SELECT COUNT(DISTINCT #{subj_table}.id)" + sql_tables + sql_where),
           :readonly => true
 
-        include Acl9::ModelExtensions::Object
+        include Acl9::ModelExtensions::ForObject
       end
 
       # Make a class an auth role class.

data/lib/acl9/model_extensions/{object.rb → for_object.rb}

@@ -1,6 +1,6 @@
 module Acl9
   module ModelExtensions
-    module Object
+    module ForObject
       ##
       # Role check.
       #

data/lib/acl9/model_extensions/{subject.rb → for_subject.rb}

@@ -1,6 +1,6 @@
 module Acl9
   module ModelExtensions
-    module Subject
+    module ForSubject
       ##
       # Role check.
       #
@@ -164,12 +164,21 @@ module Acl9
           role.destroy if role.send(self._auth_subject_class_name.demodulize.tableize).empty?
         end
       end
-
+      
       protected
 
       def _auth_role_class
         self.class._auth_role_class_name.constantize
       end
+      
+      def _auth_role_assoc
+      	self.class._auth_role_assoc_name
+      end
+
+      def role_objects
+      	send(self._auth_role_assoc)
+      end
+
     end
   end
 end

data/test/dsl_base_test.rb

@@ -753,6 +753,43 @@ class DslBaseTest < Test::Unit::TestCase
       permit_some(list, @user2, %w(show index delete destroy))
       permit_some(list, @user3, %w(show index delete destroy), :object => @foo)
     end
+    
+    it "should work with anonymous" do
+      @user << :superadmin
+      
+      list = acl do
+        allow :superadmin
+        
+        action :index, :show do
+          allow anonymous
+        end
+      end
+
+      @all_actions = %w(show index edit update delete destroy)
+
+      permit_some(list, @user, @all_actions)
+      permit_some(list, nil, %w(index show))
+    end
+    
+    it "should work with anonymous and other role inside" do
+      @user << :superadmin
+      @user2 << :member
+      
+      list = acl do
+        allow :superadmin
+        
+        action :index, :show do
+          allow anonymous
+          allow :member
+        end
+      end
+
+      @all_actions = %w(show index edit update delete destroy)
+
+      permit_some(list, @user, @all_actions)
+      permit_some(list, @user2, %w(index show))
+      permit_some(list, nil, %w(index show))
+    end
   end
 end
 

data/test/helpers_test.rb

@@ -17,8 +17,12 @@ class HelperTest < Test::Unit::TestCase
       user = Object.new
 
       class <<user
-        def has_role?(role, obj=nil)
-          role == 'hamlet'
+        def has_role?(role, object=nil)
+          if object
+            return (role == 'hamlet' && object.name == 'castle')
+          else
+            return role == 'hamlet'
+          end
         end
       end
 
@@ -29,7 +33,7 @@ class HelperTest < Test::Unit::TestCase
   module NotLoggedIn
     def current_user; nil end
   end
-  
+
   module Noone
     def current_user
       user = Object.new
@@ -54,11 +58,11 @@ class HelperTest < Test::Unit::TestCase
   class Klass1 < Base
     include Hamlet
   end
-  
+
   class Klass2 < Base
     include NotLoggedIn
   end
-  
+
   class Klass3 < Base
     include Noone
   end
@@ -66,28 +70,65 @@ class HelperTest < Test::Unit::TestCase
   it "has :the_question method" do
     Base.new.should respond_to(:the_question)
   end
-  
+
   it "role :hamlet is allowed to be" do
     k = Klass1.new
     k.action_name = 'be'
     k.the_question.should be_true
   end
-  
+
   it "role :hamlet is allowed to not_be" do
     k = Klass1.new
     k.action_name = 'not_be'
     k.the_question.should be_true
   end
-  
+
   it "not logged in is not allowed to be" do
     k = Klass2.new
     k.action_name = 'be'
     k.the_question.should == false
   end
-  
+
   it "noone is not allowed to be" do
     k = Klass3.new
     k.action_name = 'be'
     k.the_question.should == false
   end
+
+  it "has :show_to method" do
+    Base.new.should respond_to(:show_to)
+  end
+
+  it "has :show_to hamlet 'hello hamlet' message" do
+    k = Klass1.new
+    message = 'hello hamlet'
+    k.show_to('hamlet') { message }.should == message
+  end
+
+  it "has to show message if user has hamlet role on object" do
+    k = Klass1.new
+    message = 'hello hamlet'
+
+    obj = Object.new
+    def obj.name; 'castle'; end
+
+    k.show_to('hamlet', :of => obj) { message }.should == message
+  end
+
+  it "has not to show message if user has no hamlet role on object" do
+    k = Klass1.new
+
+    obj = Object.new
+    def obj.name; 'persia'; end
+
+    k.show_to('hamlet', :of => obj) { 'hello my prince' }.should == ''
+  end
+
+  it "has :show_to nothing to NotLoggedIn" do
+    k = Klass2.new
+    k.action_name = 'be'
+    message = 'hello hamlet'
+    k.show_to(:hamlet) { message }.should == ''
+  end
+
 end

data/test/roles_test.rb

@@ -14,6 +14,10 @@ class RolesTest < Test::Unit::TestCase
     @user2 = User.create!
     @foo = Foo.create!
     @bar = Bar.create!
+    #create authorized object that has a string primary key
+    @uuid = Uuid.new
+    @uuid.uuid = "C41642EE-2780-0001-189F-17F3101B26E0"
+    @uuid.save
   end
 
   it "should not have any roles by default" do
@@ -221,6 +225,20 @@ class RolesTest < Test::Unit::TestCase
     Role.count.should == 0
   end
 
+  it "should be able to get users that have a role on a authorized object" do
+    @user.has_role!('owner', @bar)
+    @user2.has_role!('owner', @bar)
+
+    @bar.users.count.should == 2
+  end
+
+  it "should be able to get users that have a role on a authorized object with text primary key" do
+    @user.has_role!('owner', @uuid)
+    @user2.has_role!('owner', @uuid)
+
+    @uuid.users.count.should == 2
+  end
+
   it "should accept :symbols as role names" do
     @user.has_role! :admin
     @user.has_role! :_3133t
@@ -278,6 +296,33 @@ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
   end
 end
 
+class RolesWithCustomAssociationNamesTest < Test::Unit::TestCase
+  before do
+    DifferentAssociationNameRole.destroy_all
+    [DifferentAssociationNameSubject, FooBar].each { |model| model.delete_all }
+
+    @subj = DifferentAssociationNameSubject.create!
+    @subj2 = DifferentAssociationNameSubject.create!
+    @foobar = FooBar.create!
+  end
+
+  it "should basically work" do
+    lambda do
+      @subj.has_role!('admin')
+      @subj.has_role!('user', @foobar)
+    end.should change { DifferentAssociationNameRole.count }.from(0).to(2)
+
+    @subj.has_role?('admin').should be_true
+    @subj2.has_role?('admin').should be_false
+
+    @subj.has_role?(:user, @foobar).should be_true
+    @subj2.has_role?(:user, @foobar).should be_false
+
+    @subj.has_no_roles!
+    @subj2.has_no_roles!
+  end
+end
+
 class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
   before do
     Other::Role.destroy_all

data/test/support/models.rb

@@ -10,6 +10,11 @@ class Foo < ActiveRecord::Base
   acts_as_authorization_object
 end
 
+class Uuid < ActiveRecord::Base
+  set_primary_key "uuid"  
+  acts_as_authorization_object
+end
+
 class Bar < ActiveRecord::Base
   acts_as_authorization_object
 end
@@ -26,6 +31,13 @@ class FooBar < ActiveRecord::Base
   acts_as_authorization_object :role_class_name => 'AnotherRole', :subject_class_name => "AnotherSubject"
 end
 
+class DifferentAssociationNameSubject < ActiveRecord::Base
+	acts_as_authorization_subject :association_name => 'roles', :role_class_name => "DifferentAssociationNameRole"
+end
+
+class DifferentAssociationNameRole < ActiveRecord::Base
+	acts_as_authorization_role :subject_class_name => "DifferentAssociationNameSubject"
+end
 
 module Other
 
@@ -44,4 +56,4 @@ module Other
     acts_as_authorization_object :role_class_name => 'Other::Role', :subject_class_name => "Other::User"
   end
 
-end
+end

data/test/support/schema.rb

@@ -2,7 +2,7 @@ ActiveRecord::Schema.define(:version => 0) do
   create_table "roles", :force => true do |t|
     t.string   "name",              :limit => 40
     t.string   "authorizable_type", :limit => 40
-    t.integer  "authorizable_id"
+    t.string  "authorizable_id"
     t.datetime "created_at"
     t.datetime "updated_at"
   end
@@ -15,8 +15,17 @@ ActiveRecord::Schema.define(:version => 0) do
     t.datetime "updated_at"
   end
 
+  create_table "different_association_name_roles", :force => true do |t|
+    t.string   "name",              :limit => 40
+    t.string   "authorizable_type", :limit => 40
+    t.integer  "authorizable_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
   create_table "users", :force => true do |t| end
   create_table "another_subjects", :force => true do |t| end
+  create_table "different_association_name_subjects", :force => true do |t| end
 
   create_table "roles_users", :id => false, :force => true do |t|
     t.integer  "user_id"
@@ -31,11 +40,25 @@ ActiveRecord::Schema.define(:version => 0) do
     t.datetime "created_at"
     t.datetime "updated_at"
   end
+  
+  create_table "different_association_name_roles_different_association_name_subjects", :id => false, :force => true do |t|
+    t.integer  "different_association_name_subject_id"
+    t.integer  "different_association_name_role_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
   create_table "foos", :force => true do |t|
     t.datetime "created_at"
     t.datetime "updated_at"
   end
 
+  create_table "uuids", :id => false, :force => true do |t|
+    t.string "uuid"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  
   create_table "bars", :force => true do |t|
     t.datetime "created_at"
     t.datetime "updated_at"

data/test/test_helper.rb

@@ -17,7 +17,7 @@ class Test::Unit::TestCase
   custom_matcher :be_false do |receiver, matcher, args|
     !receiver
   end
-  
+
   custom_matcher :be_true do |receiver, matcher, args|
     !!receiver
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: acl9
 version: !ruby/object:Gem::Version 
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors: 
 - oleg dashevskii
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-10 00:00:00 +07:00
+date: 2010-01-04 00:00:00 +06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -40,6 +40,7 @@ extensions: []
 
 extra_rdoc_files: 
 - README.textile
+- TODO
 files: 
 - CHANGELOG.textile
 - MIT-LICENSE
@@ -54,8 +55,8 @@ files:
 - lib/acl9/controller_extensions/generators.rb
 - lib/acl9/helpers.rb
 - lib/acl9/model_extensions.rb
-- lib/acl9/model_extensions/object.rb
-- lib/acl9/model_extensions/subject.rb
+- lib/acl9/model_extensions/for_object.rb
+- lib/acl9/model_extensions/for_subject.rb
 - test/access_control_test.rb
 - test/dsl_base_test.rb
 - test/helpers_test.rb