acl9 0.12.0 → 0.12.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +7 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +47 -0
- data/README.textile +19 -1
- data/Rakefile +5 -27
- data/VERSION.yml +1 -1
- data/acl9.gemspec +32 -0
- data/init.rb +1 -0
- data/lib/acl9/controller_extensions/dsl_base.rb +14 -38
- data/lib/acl9/helpers.rb +12 -5
- data/lib/acl9/model_extensions/for_object.rb +20 -5
- data/lib/acl9/model_extensions/for_subject.rb +12 -11
- data/lib/acl9/model_extensions.rb +22 -16
- data/lib/acl9/version.rb +3 -0
- data/lib/acl9.rb +16 -12
- data/test/helpers_test.rb +2 -3
- data/test/roles_test.rb +16 -1
- data/test/support/schema.rb +1 -0
- data/test/test_helper.rb +4 -5
- data/test/version_test.rb +7 -0
- metadata +117 -56
- data/lib/acl9/config.rb +0 -11
data/.gitignore
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
acl9 (0.12.0)
|
|
5
|
+
rails (= 2.3.12)
|
|
6
|
+
|
|
7
|
+
GEM
|
|
8
|
+
remote: http://rubygems.org/
|
|
9
|
+
specs:
|
|
10
|
+
actionmailer (2.3.12)
|
|
11
|
+
actionpack (= 2.3.12)
|
|
12
|
+
actionpack (2.3.12)
|
|
13
|
+
activesupport (= 2.3.12)
|
|
14
|
+
rack (~> 1.1.0)
|
|
15
|
+
activerecord (2.3.12)
|
|
16
|
+
activesupport (= 2.3.12)
|
|
17
|
+
activeresource (2.3.12)
|
|
18
|
+
activesupport (= 2.3.12)
|
|
19
|
+
activesupport (2.3.12)
|
|
20
|
+
ansi (1.3.0)
|
|
21
|
+
be9-context (0.5.5)
|
|
22
|
+
jnunemaker-matchy (0.4.0)
|
|
23
|
+
rack (1.1.3)
|
|
24
|
+
rails (2.3.12)
|
|
25
|
+
actionmailer (= 2.3.12)
|
|
26
|
+
actionpack (= 2.3.12)
|
|
27
|
+
activerecord (= 2.3.12)
|
|
28
|
+
activeresource (= 2.3.12)
|
|
29
|
+
activesupport (= 2.3.12)
|
|
30
|
+
rake (>= 0.8.3)
|
|
31
|
+
rake (0.9.2.2)
|
|
32
|
+
sqlite3 (1.3.5)
|
|
33
|
+
turn (0.8.3)
|
|
34
|
+
ansi
|
|
35
|
+
yard (0.7.5)
|
|
36
|
+
|
|
37
|
+
PLATFORMS
|
|
38
|
+
ruby
|
|
39
|
+
|
|
40
|
+
DEPENDENCIES
|
|
41
|
+
acl9!
|
|
42
|
+
be9-context (>= 0.5.5)
|
|
43
|
+
jnunemaker-matchy (>= 0.4.0)
|
|
44
|
+
rake
|
|
45
|
+
sqlite3
|
|
46
|
+
turn
|
|
47
|
+
yard
|
data/README.textile
CHANGED
|
@@ -53,6 +53,8 @@ h1. Installation
|
|
|
53
53
|
|
|
54
54
|
Acl9 can be installed as a gem from "gemcutter":http://gemcutter.org.
|
|
55
55
|
|
|
56
|
+
h2. in Rails 2.3
|
|
57
|
+
|
|
56
58
|
Add the following line to your @config/environment.rb@:
|
|
57
59
|
|
|
58
60
|
<pre><code>
|
|
@@ -67,6 +69,22 @@ Alternatively you can install Acl9 as a plugin:
|
|
|
67
69
|
script/plugin install git://github.com/be9/acl9.git
|
|
68
70
|
</pre></code>
|
|
69
71
|
|
|
72
|
+
h2. in Rails 3.0
|
|
73
|
+
|
|
74
|
+
Add the following line to your @Gemfile@:
|
|
75
|
+
|
|
76
|
+
<pre><code>
|
|
77
|
+
gem "acl9"
|
|
78
|
+
</pre></code>
|
|
79
|
+
|
|
80
|
+
Then run @bundle install@ and you're done!
|
|
81
|
+
|
|
82
|
+
Alternatively you can install Acl9 as a plugin:
|
|
83
|
+
|
|
84
|
+
<pre><code>
|
|
85
|
+
rails plugin install git://github.com/be9/acl9.git
|
|
86
|
+
</pre></code>
|
|
87
|
+
|
|
70
88
|
h1. Basics
|
|
71
89
|
|
|
72
90
|
h2. Authorization is not authentication!
|
|
@@ -158,7 +176,7 @@ h2. Subject model
|
|
|
158
176
|
|
|
159
177
|
<pre><code>
|
|
160
178
|
class User < ActiveRecord::Base
|
|
161
|
-
acts_as_authorization_subject
|
|
179
|
+
acts_as_authorization_subject :association_name => :roles
|
|
162
180
|
end
|
|
163
181
|
</code></pre>
|
|
164
182
|
|
data/Rakefile
CHANGED
|
@@ -1,40 +1,18 @@
|
|
|
1
|
-
|
|
1
|
+
#!/usr/bin/env rake
|
|
2
|
+
require 'bundler/gem_tasks'
|
|
2
3
|
require 'rake'
|
|
3
4
|
require 'rake/testtask'
|
|
5
|
+
require 'yard'
|
|
4
6
|
|
|
5
7
|
desc 'Default: run tests.'
|
|
6
8
|
task :default => :test
|
|
7
9
|
|
|
8
|
-
begin
|
|
9
|
-
require 'jeweler'
|
|
10
|
-
Jeweler::Tasks.new do |s|
|
|
11
|
-
s.name = "acl9"
|
|
12
|
-
s.summary = "Yet another role-based authorization system for Rails"
|
|
13
|
-
s.email = "olegdashevskii@gmail.com"
|
|
14
|
-
s.homepage = "http://github.com/be9/acl9"
|
|
15
|
-
s.description = "Role-based authorization system for Rails with a nice DSL for access control lists"
|
|
16
|
-
s.authors = ["oleg dashevskii"]
|
|
17
|
-
s.files = FileList["[A-Z]*", "{lib,test}/**/*.rb"]
|
|
18
|
-
s.add_development_dependency "jeremymcanally-context", ">= 0.5.5"
|
|
19
|
-
s.add_development_dependency "jnunemaker-matchy", ">= 0.4.0"
|
|
20
|
-
end
|
|
21
|
-
Jeweler::GemcutterTasks.new
|
|
22
|
-
rescue LoadError
|
|
23
|
-
puts "Jeweler not available. Install it with: sudo gem install jeweler"
|
|
24
|
-
end
|
|
25
|
-
|
|
26
10
|
Rake::TestTask.new(:test) do |test|
|
|
27
11
|
test.libs << 'lib' << 'test'
|
|
28
12
|
test.pattern = 'test/**/*_test.rb'
|
|
29
13
|
test.verbose = false
|
|
30
14
|
end
|
|
31
15
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
YARD::Rake::YardocTask.new do |t|
|
|
36
|
-
t.files = ['lib/**/*.rb']
|
|
37
|
-
#t.options = ['--any', '--extra', '--opts'] # optional
|
|
38
|
-
end
|
|
39
|
-
rescue LoadError
|
|
16
|
+
YARD::Rake::YardocTask.new do |t|
|
|
17
|
+
t.files = ['lib/**/*.rb']
|
|
40
18
|
end
|
data/VERSION.yml
CHANGED
data/acl9.gemspec
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
|
2
|
+
$:.unshift File.expand_path("../lib", __FILE__)
|
|
3
|
+
require "acl9/version"
|
|
4
|
+
|
|
5
|
+
Gem::Specification.new do |s|
|
|
6
|
+
s.authors = ["oleg dashevskii"]
|
|
7
|
+
s.email = ["olegdashevskii@gmail.com"]
|
|
8
|
+
s.description = %q{Role-based authorization system for Rails with a nice DSL for access control lists}
|
|
9
|
+
s.summary = %q{Yet another role-based authorization system for Rails}
|
|
10
|
+
s.homepage = "http://github.com/be9/acl9"
|
|
11
|
+
|
|
12
|
+
s.files = `git ls-files`.split($\)
|
|
13
|
+
s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
|
14
|
+
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
15
|
+
s.name = "acl9"
|
|
16
|
+
s.require_paths = ["lib"]
|
|
17
|
+
s.version = Acl9::VERSION
|
|
18
|
+
|
|
19
|
+
s.date = %q{2010-11-02}
|
|
20
|
+
s.extra_rdoc_files = %w/README.textile TODO/
|
|
21
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
|
22
|
+
|
|
23
|
+
s.add_dependency "rails", ">= 2.3.12"
|
|
24
|
+
|
|
25
|
+
s.add_development_dependency "be9-context", ">= 0.5.5"
|
|
26
|
+
s.add_development_dependency "jnunemaker-matchy", ">= 0.4.0"
|
|
27
|
+
s.add_development_dependency "rake"
|
|
28
|
+
s.add_development_dependency "yard"
|
|
29
|
+
s.add_development_dependency 'sqlite3'
|
|
30
|
+
s.add_development_dependency 'turn'
|
|
31
|
+
end
|
|
32
|
+
|
data/init.rb
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require 'acl9'
|
|
@@ -5,10 +5,8 @@ module Acl9
|
|
|
5
5
|
|
|
6
6
|
def initialize(*args)
|
|
7
7
|
@default_action = nil
|
|
8
|
-
|
|
9
8
|
@allows = []
|
|
10
|
-
@denys
|
|
11
|
-
|
|
9
|
+
@denys = []
|
|
12
10
|
@original_args = args
|
|
13
11
|
end
|
|
14
12
|
|
|
@@ -17,21 +15,12 @@ module Acl9
|
|
|
17
15
|
end
|
|
18
16
|
|
|
19
17
|
def default_action
|
|
20
|
-
|
|
18
|
+
@default_action.nil? ? :deny : @default_action
|
|
21
19
|
end
|
|
22
20
|
|
|
23
21
|
def allowance_expression
|
|
24
|
-
allowed_expr
|
|
25
|
-
|
|
26
|
-
else
|
|
27
|
-
"false"
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
not_denied_expr = if @denys.size > 0
|
|
31
|
-
@denys.map { |clause| "!(#{clause})" }.join(' && ')
|
|
32
|
-
else
|
|
33
|
-
"true"
|
|
34
|
-
end
|
|
22
|
+
allowed_expr = @allows.any? ? @allows.map { |clause| "(#{clause})" }.join(' || ') : 'false'
|
|
23
|
+
not_denied_expr = @denys.any? ? @denys.map { |clause| "!(#{clause})" }.join(' && ') : 'true'
|
|
35
24
|
|
|
36
25
|
[allowed_expr, not_denied_expr].
|
|
37
26
|
map { |expr| "(#{expr})" }.
|
|
@@ -82,12 +71,8 @@ module Acl9
|
|
|
82
71
|
end
|
|
83
72
|
|
|
84
73
|
subsidiary.acl_block!(&block)
|
|
85
|
-
|
|
86
74
|
action_check = _action_check_expression(args)
|
|
87
|
-
|
|
88
|
-
squash = lambda do |rules|
|
|
89
|
-
_either_of(rules) + ' && ' + action_check
|
|
90
|
-
end
|
|
75
|
+
squash = lambda { |rules| action_check + ' && ' + _either_of(rules) }
|
|
91
76
|
|
|
92
77
|
@allows << squash.call(subsidiary.allows) if subsidiary.allows.size > 0
|
|
93
78
|
@denys << squash.call(subsidiary.denys) if subsidiary.denys.size > 0
|
|
@@ -112,9 +97,9 @@ module Acl9
|
|
|
112
97
|
|
|
113
98
|
role_checks = args.map do |who|
|
|
114
99
|
case who
|
|
115
|
-
when anonymous
|
|
116
|
-
when logged_in
|
|
117
|
-
when all
|
|
100
|
+
when anonymous then "#{_subject_ref}.nil?"
|
|
101
|
+
when logged_in then "!#{_subject_ref}.nil?"
|
|
102
|
+
when all then "true"
|
|
118
103
|
else
|
|
119
104
|
"!#{_subject_ref}.nil? && #{_subject_ref}.has_role?('#{who.to_s.singularize}', #{object})"
|
|
120
105
|
end
|
|
@@ -156,18 +141,12 @@ module Acl9
|
|
|
156
141
|
def _set_action_clause(to, except)
|
|
157
142
|
raise ArgumentError, "both :to and :except cannot be specified in the rule" if to && except
|
|
158
143
|
|
|
159
|
-
@action_clause
|
|
160
|
-
|
|
161
|
-
action_list = to || except
|
|
144
|
+
@action_clause = nil
|
|
145
|
+
action_list = to || except
|
|
162
146
|
return unless action_list
|
|
163
147
|
|
|
164
148
|
expr = _action_check_expression(action_list)
|
|
165
|
-
|
|
166
|
-
@action_clause = if to
|
|
167
|
-
"#{expr}"
|
|
168
|
-
else
|
|
169
|
-
"!#{expr}"
|
|
170
|
-
end
|
|
149
|
+
@action_clause = to ? "#{expr}" : "!#{expr}"
|
|
171
150
|
end
|
|
172
151
|
|
|
173
152
|
def _action_check_expression(action_list)
|
|
@@ -199,12 +178,9 @@ module Acl9
|
|
|
199
178
|
end
|
|
200
179
|
|
|
201
180
|
case object
|
|
202
|
-
when Class
|
|
203
|
-
|
|
204
|
-
when
|
|
205
|
-
_object_ref object
|
|
206
|
-
when nil
|
|
207
|
-
"nil"
|
|
181
|
+
when Class then object.to_s
|
|
182
|
+
when Symbol then _object_ref object
|
|
183
|
+
when nil then "nil"
|
|
208
184
|
else
|
|
209
185
|
raise ArgumentError, "object specified by preposition can only be a Class or a Symbol"
|
|
210
186
|
end
|
data/lib/acl9/helpers.rb
CHANGED
|
@@ -19,13 +19,13 @@ module Acl9
|
|
|
19
19
|
|
|
20
20
|
# Usage:
|
|
21
21
|
#
|
|
22
|
-
#
|
|
22
|
+
# <%=show_to(:owner, :supervisor, :of => :account) do %>
|
|
23
23
|
# <%= 'hello' %>
|
|
24
|
-
#
|
|
24
|
+
# <% end %>
|
|
25
25
|
#
|
|
26
26
|
def show_to(*args, &block)
|
|
27
|
-
user =
|
|
28
|
-
return
|
|
27
|
+
user = send(Acl9.config[:default_subject_method])
|
|
28
|
+
return if user.nil?
|
|
29
29
|
|
|
30
30
|
has_any = false
|
|
31
31
|
|
|
@@ -36,7 +36,14 @@ module Acl9
|
|
|
36
36
|
has_any = args.detect { |role| user.has_role?(role) }
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
has_any
|
|
39
|
+
if has_any
|
|
40
|
+
begin
|
|
41
|
+
capture( &block )
|
|
42
|
+
rescue NoMethodError
|
|
43
|
+
yield( :block )
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
40
47
|
end
|
|
41
48
|
end
|
|
42
49
|
end
|
|
@@ -10,7 +10,10 @@ module Acl9
|
|
|
10
10
|
# @param [Subject] subject Subject to add role for
|
|
11
11
|
# @see Acl9::ModelExtensions::Subject#has_role?
|
|
12
12
|
def accepts_role?(role_name, subject)
|
|
13
|
-
subject.
|
|
13
|
+
if not subject.nil?
|
|
14
|
+
return subject.has_role? role_name, self
|
|
15
|
+
end
|
|
16
|
+
false
|
|
14
17
|
end
|
|
15
18
|
|
|
16
19
|
##
|
|
@@ -20,7 +23,10 @@ module Acl9
|
|
|
20
23
|
# @param [Subject] subject Subject to add role for
|
|
21
24
|
# @see Acl9::ModelExtensions::Subject#has_role!
|
|
22
25
|
def accepts_role!(role_name, subject)
|
|
23
|
-
subject.
|
|
26
|
+
if not subject.nil?
|
|
27
|
+
return subject.has_role! role_name, self
|
|
28
|
+
end
|
|
29
|
+
false
|
|
24
30
|
end
|
|
25
31
|
|
|
26
32
|
##
|
|
@@ -30,7 +36,10 @@ module Acl9
|
|
|
30
36
|
# @param [Subject] subject Subject to remove role from
|
|
31
37
|
# @see Acl9::ModelExtensions::Subject#has_no_role!
|
|
32
38
|
def accepts_no_role!(role_name, subject)
|
|
33
|
-
subject.
|
|
39
|
+
if not subject.nil?
|
|
40
|
+
return subject.has_no_role! role_name, self
|
|
41
|
+
end
|
|
42
|
+
false
|
|
34
43
|
end
|
|
35
44
|
|
|
36
45
|
##
|
|
@@ -40,7 +49,10 @@ module Acl9
|
|
|
40
49
|
# @return [Boolean] Returns true if +subject+ has any roles on this object.
|
|
41
50
|
# @see Acl9::ModelExtensions::Subject#has_roles_for?
|
|
42
51
|
def accepts_roles_by?(subject)
|
|
43
|
-
subject.
|
|
52
|
+
if not subject.nil?
|
|
53
|
+
return subject.has_roles_for? self
|
|
54
|
+
end
|
|
55
|
+
false
|
|
44
56
|
end
|
|
45
57
|
|
|
46
58
|
alias :accepts_role_by? :accepts_roles_by?
|
|
@@ -52,7 +64,10 @@ module Acl9
|
|
|
52
64
|
# @param [Subject] subject Subject to query roles
|
|
53
65
|
# @see Acl9::ModelExtensions::Subject#roles_for
|
|
54
66
|
def accepted_roles_by(subject)
|
|
55
|
-
subject.
|
|
67
|
+
if not subject.nil?
|
|
68
|
+
return subject.roles_for self
|
|
69
|
+
end
|
|
70
|
+
false
|
|
56
71
|
end
|
|
57
72
|
end
|
|
58
73
|
end
|
|
@@ -17,7 +17,7 @@ module Acl9
|
|
|
17
17
|
#
|
|
18
18
|
# In this case manager is anyone who "manages" at least one object.
|
|
19
19
|
#
|
|
20
|
-
# However, if protect_global_roles option set to +true+, you'll need to
|
|
20
|
+
# However, if protect_global_roles option set to +true+, you'll need to
|
|
21
21
|
# explicitly grant global role with same name.
|
|
22
22
|
#
|
|
23
23
|
# Acl9.config[:protect_global_roles] = true
|
|
@@ -26,7 +26,7 @@ module Acl9
|
|
|
26
26
|
# user.has_role!(:manager)
|
|
27
27
|
# user.has_role?(:manager) # => true
|
|
28
28
|
#
|
|
29
|
-
# protect_global_roles option is +false+ by default as for now, but this
|
|
29
|
+
# protect_global_roles option is +false+ by default as for now, but this
|
|
30
30
|
# may change in future!
|
|
31
31
|
#
|
|
32
32
|
# @return [Boolean] Whether +self+ has a role +role_name+ on +object+.
|
|
@@ -134,7 +134,8 @@ module Acl9
|
|
|
134
134
|
lambda { |role| role.authorizable.nil? }
|
|
135
135
|
else
|
|
136
136
|
lambda do |role|
|
|
137
|
-
role.
|
|
137
|
+
auth_id = role.authorizable_id.kind_of?(String) ? object.id.to_s : object.id
|
|
138
|
+
role.authorizable_type == object.class.base_class.to_s && role.authorizable_id == auth_id
|
|
138
139
|
end
|
|
139
140
|
end
|
|
140
141
|
end
|
|
@@ -154,31 +155,31 @@ module Acl9
|
|
|
154
155
|
]
|
|
155
156
|
end
|
|
156
157
|
|
|
157
|
-
self._auth_role_class.first
|
|
158
|
+
self._auth_role_class.where(cond).first
|
|
158
159
|
end
|
|
159
160
|
|
|
160
161
|
def delete_role(role)
|
|
161
162
|
if role
|
|
162
163
|
self.role_objects.delete role
|
|
163
|
-
|
|
164
|
-
|
|
164
|
+
if role.send(self._auth_subject_class_name.demodulize.tableize).empty?
|
|
165
|
+
role.destroy unless role.respond_to?(:system?) && role.system?
|
|
166
|
+
end
|
|
165
167
|
end
|
|
166
168
|
end
|
|
167
|
-
|
|
169
|
+
|
|
168
170
|
protected
|
|
169
171
|
|
|
170
172
|
def _auth_role_class
|
|
171
173
|
self.class._auth_role_class_name.constantize
|
|
172
174
|
end
|
|
173
|
-
|
|
175
|
+
|
|
174
176
|
def _auth_role_assoc
|
|
175
|
-
|
|
177
|
+
self.class._auth_role_assoc_name
|
|
176
178
|
end
|
|
177
179
|
|
|
178
180
|
def role_objects
|
|
179
|
-
|
|
181
|
+
send(self._auth_role_assoc)
|
|
180
182
|
end
|
|
181
|
-
|
|
182
183
|
end
|
|
183
184
|
end
|
|
184
185
|
end
|
|
@@ -33,10 +33,9 @@ module Acl9
|
|
|
33
33
|
# @see Acl9::ModelExtensions::Subject
|
|
34
34
|
#
|
|
35
35
|
def acts_as_authorization_subject(options = {})
|
|
36
|
-
|
|
36
|
+
assoc = options[:association_name] || Acl9::config[:default_association_name]
|
|
37
37
|
role = options[:role_class_name] || Acl9::config[:default_role_class_name]
|
|
38
|
-
join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] ||
|
|
39
|
-
join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(role))
|
|
38
|
+
join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] || self.table_name_prefix + [undecorated_table_name(self.to_s), undecorated_table_name(role)].sort.join("_") + self.table_name_suffix
|
|
40
39
|
|
|
41
40
|
has_and_belongs_to_many assoc, :class_name => role, :join_table => join_table
|
|
42
41
|
|
|
@@ -79,22 +78,27 @@ module Acl9
|
|
|
79
78
|
role = options[:role_class_name] || Acl9::config[:default_role_class_name]
|
|
80
79
|
role_table = role.constantize.table_name
|
|
81
80
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
EOS
|
|
81
|
+
join_table = options[:join_table_name]
|
|
82
|
+
join_table ||= ActiveRecord::Base.send(:join_table_name,
|
|
83
|
+
role_table, subj_table) if ActiveRecord::Base.private_methods \
|
|
84
|
+
.include?('join_table_name')
|
|
85
|
+
join_table ||= Acl9::config[:default_join_table_name]
|
|
86
|
+
join_table ||= self.table_name_prefix \
|
|
87
|
+
+ [undecorated_table_name(self.to_s),
|
|
88
|
+
undecorated_table_name(role)].sort.join("_") \
|
|
89
|
+
+ self.table_name_suffix
|
|
92
90
|
|
|
93
91
|
has_many :accepted_roles, :as => :authorizable, :class_name => role, :dependent => :destroy
|
|
94
92
|
|
|
95
93
|
has_many :"#{subj_table}",
|
|
96
|
-
:finder_sql
|
|
97
|
-
|
|
94
|
+
:finder_sql => proc { "SELECT DISTINCT #{subj_table}.* " +
|
|
95
|
+
"FROM #{subj_table} INNER JOIN #{join_table} ON #{subj_col}_id = #{subj_table}.id " +
|
|
96
|
+
"INNER JOIN #{role_table} ON #{role_table}.id = #{role.underscore}_id " +
|
|
97
|
+
"WHERE authorizable_type = '#{self.class.base_class.to_s}' AND authorizable_id = #{id} "},
|
|
98
|
+
:counter_sql => proc { "SELECT COUNT(DISTINCT #{subj_table}.id)" +
|
|
99
|
+
"FROM #{subj_table} INNER JOIN #{join_table} ON #{subj_col}_id = #{subj_table}.id " +
|
|
100
|
+
"INNER JOIN #{role_table} ON #{role_table}.id = #{role.underscore}_id " +
|
|
101
|
+
"WHERE authorizable_type = '#{self.class.base_class.to_s}' AND authorizable_id = #{id} "},
|
|
98
102
|
:readonly => true
|
|
99
103
|
|
|
100
104
|
include Acl9::ModelExtensions::ForObject
|
|
@@ -126,7 +130,9 @@ module Acl9
|
|
|
126
130
|
def acts_as_authorization_role(options = {})
|
|
127
131
|
subject = options[:subject_class_name] || Acl9::config[:default_subject_class_name]
|
|
128
132
|
join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] ||
|
|
129
|
-
|
|
133
|
+
self.table_name_prefix + [undecorated_table_name(self.to_s), undecorated_table_name(subject)].sort.join("_") + self.table_name_suffix
|
|
134
|
+
# comment out use deprecated API
|
|
135
|
+
#join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(subject))
|
|
130
136
|
|
|
131
137
|
has_and_belongs_to_many subject.demodulize.tableize.to_sym,
|
|
132
138
|
:class_name => subject,
|
data/lib/acl9/version.rb
ADDED
data/lib/acl9.rb
CHANGED
|
@@ -1,16 +1,20 @@
|
|
|
1
|
-
require
|
|
1
|
+
require 'acl9/version'
|
|
2
|
+
require 'acl9/model_extensions'
|
|
3
|
+
require 'acl9/controller_extensions'
|
|
4
|
+
require 'acl9/helpers'
|
|
2
5
|
|
|
3
|
-
|
|
4
|
-
|
|
6
|
+
module Acl9
|
|
7
|
+
@@config = {
|
|
8
|
+
:default_role_class_name => 'Role',
|
|
9
|
+
:default_subject_class_name => 'User',
|
|
10
|
+
:default_subject_method => :current_user,
|
|
11
|
+
:default_association_name => :role_objects,
|
|
12
|
+
:protect_global_roles => false,
|
|
13
|
+
}
|
|
5
14
|
|
|
6
|
-
|
|
15
|
+
mattr_reader :config
|
|
7
16
|
end
|
|
8
17
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
require File.join(File.dirname(__FILE__), 'acl9', 'helpers')
|
|
13
|
-
|
|
14
|
-
ActionController::Base.send(:include, Acl9::ControllerExtensions)
|
|
15
|
-
Acl9Helpers = Acl9::Helpers unless defined?(Acl9Helpers)
|
|
16
|
-
end
|
|
18
|
+
ActiveRecord::Base.send(:include, Acl9::ModelExtensions)
|
|
19
|
+
ActionController::Base.send(:include, Acl9::ControllerExtensions)
|
|
20
|
+
Acl9Helpers = Acl9::Helpers unless defined?(Acl9Helpers)
|
data/test/helpers_test.rb
CHANGED
|
@@ -121,14 +121,13 @@ class HelperTest < Test::Unit::TestCase
|
|
|
121
121
|
obj = Object.new
|
|
122
122
|
def obj.name; 'persia'; end
|
|
123
123
|
|
|
124
|
-
k.show_to('hamlet', :of => obj) { 'hello my prince' }.should ==
|
|
124
|
+
k.show_to('hamlet', :of => obj) { 'hello my prince' }.should == nil
|
|
125
125
|
end
|
|
126
126
|
|
|
127
127
|
it "has :show_to nothing to NotLoggedIn" do
|
|
128
128
|
k = Klass2.new
|
|
129
129
|
k.action_name = 'be'
|
|
130
130
|
message = 'hello hamlet'
|
|
131
|
-
k.show_to(:hamlet) { message }.should ==
|
|
131
|
+
k.show_to(:hamlet) { message }.should == nil
|
|
132
132
|
end
|
|
133
|
-
|
|
134
133
|
end
|
data/test/roles_test.rb
CHANGED
|
@@ -5,6 +5,21 @@ require 'support/models'
|
|
|
5
5
|
#Logger = ActiveRecord::Base.logger
|
|
6
6
|
load 'support/schema.rb'
|
|
7
7
|
|
|
8
|
+
|
|
9
|
+
class SystemRolesTest < Test::Unit::TestCase
|
|
10
|
+
it "should not delete a system role" do
|
|
11
|
+
Role.destroy_all
|
|
12
|
+
@role=Role.create(:name=>"admin", :system=>true)
|
|
13
|
+
@role.system.should be_true
|
|
14
|
+
Role.count.should==1
|
|
15
|
+
@user = User.create!
|
|
16
|
+
@user.has_role!(:admin)
|
|
17
|
+
Role.count.should==1
|
|
18
|
+
@user.has_no_role!(:admin)
|
|
19
|
+
Role.count.should==1
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
8
23
|
class RolesTest < Test::Unit::TestCase
|
|
9
24
|
before do
|
|
10
25
|
Role.destroy_all
|
|
@@ -269,6 +284,7 @@ class RolesTest < Test::Unit::TestCase
|
|
|
269
284
|
end
|
|
270
285
|
end
|
|
271
286
|
|
|
287
|
+
|
|
272
288
|
class RolesWithCustomClassNamesTest < Test::Unit::TestCase
|
|
273
289
|
before do
|
|
274
290
|
AnotherRole.destroy_all
|
|
@@ -352,4 +368,3 @@ class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
|
|
|
352
368
|
@user2.has_no_roles!
|
|
353
369
|
end
|
|
354
370
|
end
|
|
355
|
-
|
data/test/support/schema.rb
CHANGED
data/test/test_helper.rb
CHANGED
|
@@ -1,8 +1,5 @@
|
|
|
1
1
|
require 'rubygems'
|
|
2
|
-
|
|
3
|
-
gem 'jnunemaker-matchy', '>= 0.4.0'
|
|
4
|
-
gem 'jeremymcanally-context', '>= 0.5.5'
|
|
5
|
-
|
|
2
|
+
require 'bundler/setup'
|
|
6
3
|
require 'test/unit'
|
|
7
4
|
require 'context'
|
|
8
5
|
require 'matchy'
|
|
@@ -10,8 +7,9 @@ require 'active_support'
|
|
|
10
7
|
require 'active_record'
|
|
11
8
|
require 'action_controller'
|
|
12
9
|
require 'action_controller/test_process'
|
|
10
|
+
require 'turn'
|
|
13
11
|
|
|
14
|
-
ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :
|
|
12
|
+
ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => 'test.sqlite3')
|
|
15
13
|
|
|
16
14
|
class Test::Unit::TestCase
|
|
17
15
|
custom_matcher :be_false do |receiver, matcher, args|
|
|
@@ -29,3 +27,4 @@ end
|
|
|
29
27
|
|
|
30
28
|
ActiveRecord::Base.logger = Logger.new(File.dirname(__FILE__) + "/debug.log")
|
|
31
29
|
ActionController::Base.logger = ActiveRecord::Base.logger
|
|
30
|
+
ActiveRecord::Base.silence { ActiveRecord::Migration.verbose = false }
|
metadata
CHANGED
|
@@ -1,55 +1,115 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acl9
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.12.
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.12.1
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
|
-
authors:
|
|
7
|
+
authors:
|
|
7
8
|
- oleg dashevskii
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
12
|
+
date: 2010-11-02 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: rails
|
|
16
|
+
requirement: &25259300 !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: 2.3.12
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: *25259300
|
|
25
|
+
- !ruby/object:Gem::Dependency
|
|
26
|
+
name: be9-context
|
|
27
|
+
requirement: &25258440 !ruby/object:Gem::Requirement
|
|
28
|
+
none: false
|
|
29
|
+
requirements:
|
|
30
|
+
- - ! '>='
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
23
32
|
version: 0.5.5
|
|
24
|
-
version:
|
|
25
|
-
- !ruby/object:Gem::Dependency
|
|
26
|
-
name: jnunemaker-matchy
|
|
27
33
|
type: :development
|
|
28
|
-
|
|
29
|
-
version_requirements:
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: *25258440
|
|
36
|
+
- !ruby/object:Gem::Dependency
|
|
37
|
+
name: jnunemaker-matchy
|
|
38
|
+
requirement: &25257700 !ruby/object:Gem::Requirement
|
|
39
|
+
none: false
|
|
40
|
+
requirements:
|
|
41
|
+
- - ! '>='
|
|
42
|
+
- !ruby/object:Gem::Version
|
|
33
43
|
version: 0.4.0
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
44
|
+
type: :development
|
|
45
|
+
prerelease: false
|
|
46
|
+
version_requirements: *25257700
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
name: rake
|
|
49
|
+
requirement: &25257060 !ruby/object:Gem::Requirement
|
|
50
|
+
none: false
|
|
51
|
+
requirements:
|
|
52
|
+
- - ! '>='
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
55
|
+
type: :development
|
|
56
|
+
prerelease: false
|
|
57
|
+
version_requirements: *25257060
|
|
58
|
+
- !ruby/object:Gem::Dependency
|
|
59
|
+
name: yard
|
|
60
|
+
requirement: &25256200 !ruby/object:Gem::Requirement
|
|
61
|
+
none: false
|
|
62
|
+
requirements:
|
|
63
|
+
- - ! '>='
|
|
64
|
+
- !ruby/object:Gem::Version
|
|
65
|
+
version: '0'
|
|
66
|
+
type: :development
|
|
67
|
+
prerelease: false
|
|
68
|
+
version_requirements: *25256200
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: sqlite3
|
|
71
|
+
requirement: &25255240 !ruby/object:Gem::Requirement
|
|
72
|
+
none: false
|
|
73
|
+
requirements:
|
|
74
|
+
- - ! '>='
|
|
75
|
+
- !ruby/object:Gem::Version
|
|
76
|
+
version: '0'
|
|
77
|
+
type: :development
|
|
78
|
+
prerelease: false
|
|
79
|
+
version_requirements: *25255240
|
|
80
|
+
- !ruby/object:Gem::Dependency
|
|
81
|
+
name: turn
|
|
82
|
+
requirement: &25254560 !ruby/object:Gem::Requirement
|
|
83
|
+
none: false
|
|
84
|
+
requirements:
|
|
85
|
+
- - ! '>='
|
|
86
|
+
- !ruby/object:Gem::Version
|
|
87
|
+
version: '0'
|
|
88
|
+
type: :development
|
|
89
|
+
prerelease: false
|
|
90
|
+
version_requirements: *25254560
|
|
91
|
+
description: Role-based authorization system for Rails with a nice DSL for access
|
|
92
|
+
control lists
|
|
93
|
+
email:
|
|
94
|
+
- olegdashevskii@gmail.com
|
|
37
95
|
executables: []
|
|
38
|
-
|
|
39
96
|
extensions: []
|
|
40
|
-
|
|
41
|
-
extra_rdoc_files:
|
|
97
|
+
extra_rdoc_files:
|
|
42
98
|
- README.textile
|
|
43
99
|
- TODO
|
|
44
|
-
files:
|
|
100
|
+
files:
|
|
101
|
+
- .gitignore
|
|
45
102
|
- CHANGELOG.textile
|
|
103
|
+
- Gemfile
|
|
104
|
+
- Gemfile.lock
|
|
46
105
|
- MIT-LICENSE
|
|
47
106
|
- README.textile
|
|
48
107
|
- Rakefile
|
|
49
108
|
- TODO
|
|
50
109
|
- VERSION.yml
|
|
110
|
+
- acl9.gemspec
|
|
111
|
+
- init.rb
|
|
51
112
|
- lib/acl9.rb
|
|
52
|
-
- lib/acl9/config.rb
|
|
53
113
|
- lib/acl9/controller_extensions.rb
|
|
54
114
|
- lib/acl9/controller_extensions/dsl_base.rb
|
|
55
115
|
- lib/acl9/controller_extensions/generators.rb
|
|
@@ -57,6 +117,7 @@ files:
|
|
|
57
117
|
- lib/acl9/model_extensions.rb
|
|
58
118
|
- lib/acl9/model_extensions/for_object.rb
|
|
59
119
|
- lib/acl9/model_extensions/for_subject.rb
|
|
120
|
+
- lib/acl9/version.rb
|
|
60
121
|
- test/access_control_test.rb
|
|
61
122
|
- test/dsl_base_test.rb
|
|
62
123
|
- test/helpers_test.rb
|
|
@@ -65,40 +126,40 @@ files:
|
|
|
65
126
|
- test/support/models.rb
|
|
66
127
|
- test/support/schema.rb
|
|
67
128
|
- test/test_helper.rb
|
|
68
|
-
|
|
129
|
+
- test/version_test.rb
|
|
69
130
|
homepage: http://github.com/be9/acl9
|
|
70
131
|
licenses: []
|
|
71
|
-
|
|
72
132
|
post_install_message:
|
|
73
|
-
rdoc_options:
|
|
133
|
+
rdoc_options:
|
|
74
134
|
- --charset=UTF-8
|
|
75
|
-
require_paths:
|
|
135
|
+
require_paths:
|
|
76
136
|
- lib
|
|
77
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
137
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
138
|
+
none: false
|
|
139
|
+
requirements:
|
|
140
|
+
- - ! '>='
|
|
141
|
+
- !ruby/object:Gem::Version
|
|
142
|
+
version: '0'
|
|
143
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
144
|
+
none: false
|
|
145
|
+
requirements:
|
|
146
|
+
- - ! '>='
|
|
147
|
+
- !ruby/object:Gem::Version
|
|
148
|
+
version: '0'
|
|
89
149
|
requirements: []
|
|
90
|
-
|
|
91
150
|
rubyforge_project:
|
|
92
|
-
rubygems_version: 1.
|
|
151
|
+
rubygems_version: 1.8.11
|
|
93
152
|
signing_key:
|
|
94
153
|
specification_version: 3
|
|
95
154
|
summary: Yet another role-based authorization system for Rails
|
|
96
|
-
test_files:
|
|
155
|
+
test_files:
|
|
156
|
+
- test/access_control_test.rb
|
|
157
|
+
- test/dsl_base_test.rb
|
|
97
158
|
- test/helpers_test.rb
|
|
98
|
-
- test/
|
|
99
|
-
- test/support/models.rb
|
|
159
|
+
- test/roles_test.rb
|
|
100
160
|
- test/support/controllers.rb
|
|
101
|
-
- test/
|
|
102
|
-
- test/
|
|
161
|
+
- test/support/models.rb
|
|
162
|
+
- test/support/schema.rb
|
|
103
163
|
- test/test_helper.rb
|
|
104
|
-
- test/
|
|
164
|
+
- test/version_test.rb
|
|
165
|
+
has_rdoc:
|
data/lib/acl9/config.rb
DELETED
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
module Acl9
|
|
2
|
-
@@config = {
|
|
3
|
-
:default_role_class_name => 'Role',
|
|
4
|
-
:default_subject_class_name => 'User',
|
|
5
|
-
:default_subject_method => :current_user,
|
|
6
|
-
:default_association_name => :role_objects,
|
|
7
|
-
:protect_global_roles => false,
|
|
8
|
-
}
|
|
9
|
-
|
|
10
|
-
mattr_reader :config
|
|
11
|
-
end
|