acl9 0.12.0 → 0.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +7 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +47 -0
- data/README.textile +19 -1
- data/Rakefile +5 -27
- data/VERSION.yml +1 -1
- data/acl9.gemspec +32 -0
- data/init.rb +1 -0
- data/lib/acl9/controller_extensions/dsl_base.rb +14 -38
- data/lib/acl9/helpers.rb +12 -5
- data/lib/acl9/model_extensions/for_object.rb +20 -5
- data/lib/acl9/model_extensions/for_subject.rb +12 -11
- data/lib/acl9/model_extensions.rb +22 -16
- data/lib/acl9/version.rb +3 -0
- data/lib/acl9.rb +16 -12
- data/test/helpers_test.rb +2 -3
- data/test/roles_test.rb +16 -1
- data/test/support/schema.rb +1 -0
- data/test/test_helper.rb +4 -5
- data/test/version_test.rb +7 -0
- metadata +117 -56
- data/lib/acl9/config.rb +0 -11
data/.gitignore
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
PATH
|
|
2
|
+
remote: .
|
|
3
|
+
specs:
|
|
4
|
+
acl9 (0.12.0)
|
|
5
|
+
rails (= 2.3.12)
|
|
6
|
+
|
|
7
|
+
GEM
|
|
8
|
+
remote: http://rubygems.org/
|
|
9
|
+
specs:
|
|
10
|
+
actionmailer (2.3.12)
|
|
11
|
+
actionpack (= 2.3.12)
|
|
12
|
+
actionpack (2.3.12)
|
|
13
|
+
activesupport (= 2.3.12)
|
|
14
|
+
rack (~> 1.1.0)
|
|
15
|
+
activerecord (2.3.12)
|
|
16
|
+
activesupport (= 2.3.12)
|
|
17
|
+
activeresource (2.3.12)
|
|
18
|
+
activesupport (= 2.3.12)
|
|
19
|
+
activesupport (2.3.12)
|
|
20
|
+
ansi (1.3.0)
|
|
21
|
+
be9-context (0.5.5)
|
|
22
|
+
jnunemaker-matchy (0.4.0)
|
|
23
|
+
rack (1.1.3)
|
|
24
|
+
rails (2.3.12)
|
|
25
|
+
actionmailer (= 2.3.12)
|
|
26
|
+
actionpack (= 2.3.12)
|
|
27
|
+
activerecord (= 2.3.12)
|
|
28
|
+
activeresource (= 2.3.12)
|
|
29
|
+
activesupport (= 2.3.12)
|
|
30
|
+
rake (>= 0.8.3)
|
|
31
|
+
rake (0.9.2.2)
|
|
32
|
+
sqlite3 (1.3.5)
|
|
33
|
+
turn (0.8.3)
|
|
34
|
+
ansi
|
|
35
|
+
yard (0.7.5)
|
|
36
|
+
|
|
37
|
+
PLATFORMS
|
|
38
|
+
ruby
|
|
39
|
+
|
|
40
|
+
DEPENDENCIES
|
|
41
|
+
acl9!
|
|
42
|
+
be9-context (>= 0.5.5)
|
|
43
|
+
jnunemaker-matchy (>= 0.4.0)
|
|
44
|
+
rake
|
|
45
|
+
sqlite3
|
|
46
|
+
turn
|
|
47
|
+
yard
|
data/README.textile
CHANGED
|
@@ -53,6 +53,8 @@ h1. Installation
|
|
|
53
53
|
|
|
54
54
|
Acl9 can be installed as a gem from "gemcutter":http://gemcutter.org.
|
|
55
55
|
|
|
56
|
+
h2. in Rails 2.3
|
|
57
|
+
|
|
56
58
|
Add the following line to your @config/environment.rb@:
|
|
57
59
|
|
|
58
60
|
<pre><code>
|
|
@@ -67,6 +69,22 @@ Alternatively you can install Acl9 as a plugin:
|
|
|
67
69
|
script/plugin install git://github.com/be9/acl9.git
|
|
68
70
|
</pre></code>
|
|
69
71
|
|
|
72
|
+
h2. in Rails 3.0
|
|
73
|
+
|
|
74
|
+
Add the following line to your @Gemfile@:
|
|
75
|
+
|
|
76
|
+
<pre><code>
|
|
77
|
+
gem "acl9"
|
|
78
|
+
</pre></code>
|
|
79
|
+
|
|
80
|
+
Then run @bundle install@ and you're done!
|
|
81
|
+
|
|
82
|
+
Alternatively you can install Acl9 as a plugin:
|
|
83
|
+
|
|
84
|
+
<pre><code>
|
|
85
|
+
rails plugin install git://github.com/be9/acl9.git
|
|
86
|
+
</pre></code>
|
|
87
|
+
|
|
70
88
|
h1. Basics
|
|
71
89
|
|
|
72
90
|
h2. Authorization is not authentication!
|
|
@@ -158,7 +176,7 @@ h2. Subject model
|
|
|
158
176
|
|
|
159
177
|
<pre><code>
|
|
160
178
|
class User < ActiveRecord::Base
|
|
161
|
-
acts_as_authorization_subject
|
|
179
|
+
acts_as_authorization_subject :association_name => :roles
|
|
162
180
|
end
|
|
163
181
|
</code></pre>
|
|
164
182
|
|
data/Rakefile
CHANGED
|
@@ -1,40 +1,18 @@
|
|
|
1
|
-
|
|
1
|
+
#!/usr/bin/env rake
|
|
2
|
+
require 'bundler/gem_tasks'
|
|
2
3
|
require 'rake'
|
|
3
4
|
require 'rake/testtask'
|
|
5
|
+
require 'yard'
|
|
4
6
|
|
|
5
7
|
desc 'Default: run tests.'
|
|
6
8
|
task :default => :test
|
|
7
9
|
|
|
8
|
-
begin
|
|
9
|
-
require 'jeweler'
|
|
10
|
-
Jeweler::Tasks.new do |s|
|
|
11
|
-
s.name = "acl9"
|
|
12
|
-
s.summary = "Yet another role-based authorization system for Rails"
|
|
13
|
-
s.email = "olegdashevskii@gmail.com"
|
|
14
|
-
s.homepage = "http://github.com/be9/acl9"
|
|
15
|
-
s.description = "Role-based authorization system for Rails with a nice DSL for access control lists"
|
|
16
|
-
s.authors = ["oleg dashevskii"]
|
|
17
|
-
s.files = FileList["[A-Z]*", "{lib,test}/**/*.rb"]
|
|
18
|
-
s.add_development_dependency "jeremymcanally-context", ">= 0.5.5"
|
|
19
|
-
s.add_development_dependency "jnunemaker-matchy", ">= 0.4.0"
|
|
20
|
-
end
|
|
21
|
-
Jeweler::GemcutterTasks.new
|
|
22
|
-
rescue LoadError
|
|
23
|
-
puts "Jeweler not available. Install it with: sudo gem install jeweler"
|
|
24
|
-
end
|
|
25
|
-
|
|
26
10
|
Rake::TestTask.new(:test) do |test|
|
|
27
11
|
test.libs << 'lib' << 'test'
|
|
28
12
|
test.pattern = 'test/**/*_test.rb'
|
|
29
13
|
test.verbose = false
|
|
30
14
|
end
|
|
31
15
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
YARD::Rake::YardocTask.new do |t|
|
|
36
|
-
t.files = ['lib/**/*.rb']
|
|
37
|
-
#t.options = ['--any', '--extra', '--opts'] # optional
|
|
38
|
-
end
|
|
39
|
-
rescue LoadError
|
|
16
|
+
YARD::Rake::YardocTask.new do |t|
|
|
17
|
+
t.files = ['lib/**/*.rb']
|
|
40
18
|
end
|
data/VERSION.yml
CHANGED
data/acl9.gemspec
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
|
2
|
+
$:.unshift File.expand_path("../lib", __FILE__)
|
|
3
|
+
require "acl9/version"
|
|
4
|
+
|
|
5
|
+
Gem::Specification.new do |s|
|
|
6
|
+
s.authors = ["oleg dashevskii"]
|
|
7
|
+
s.email = ["olegdashevskii@gmail.com"]
|
|
8
|
+
s.description = %q{Role-based authorization system for Rails with a nice DSL for access control lists}
|
|
9
|
+
s.summary = %q{Yet another role-based authorization system for Rails}
|
|
10
|
+
s.homepage = "http://github.com/be9/acl9"
|
|
11
|
+
|
|
12
|
+
s.files = `git ls-files`.split($\)
|
|
13
|
+
s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
|
14
|
+
s.test_files = s.files.grep(%r{^(test|spec|features)/})
|
|
15
|
+
s.name = "acl9"
|
|
16
|
+
s.require_paths = ["lib"]
|
|
17
|
+
s.version = Acl9::VERSION
|
|
18
|
+
|
|
19
|
+
s.date = %q{2010-11-02}
|
|
20
|
+
s.extra_rdoc_files = %w/README.textile TODO/
|
|
21
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
|
22
|
+
|
|
23
|
+
s.add_dependency "rails", ">= 2.3.12"
|
|
24
|
+
|
|
25
|
+
s.add_development_dependency "be9-context", ">= 0.5.5"
|
|
26
|
+
s.add_development_dependency "jnunemaker-matchy", ">= 0.4.0"
|
|
27
|
+
s.add_development_dependency "rake"
|
|
28
|
+
s.add_development_dependency "yard"
|
|
29
|
+
s.add_development_dependency 'sqlite3'
|
|
30
|
+
s.add_development_dependency 'turn'
|
|
31
|
+
end
|
|
32
|
+
|
data/init.rb
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require 'acl9'
|
|
@@ -5,10 +5,8 @@ module Acl9
|
|
|
5
5
|
|
|
6
6
|
def initialize(*args)
|
|
7
7
|
@default_action = nil
|
|
8
|
-
|
|
9
8
|
@allows = []
|
|
10
|
-
@denys
|
|
11
|
-
|
|
9
|
+
@denys = []
|
|
12
10
|
@original_args = args
|
|
13
11
|
end
|
|
14
12
|
|
|
@@ -17,21 +15,12 @@ module Acl9
|
|
|
17
15
|
end
|
|
18
16
|
|
|
19
17
|
def default_action
|
|
20
|
-
|
|
18
|
+
@default_action.nil? ? :deny : @default_action
|
|
21
19
|
end
|
|
22
20
|
|
|
23
21
|
def allowance_expression
|
|
24
|
-
allowed_expr
|
|
25
|
-
|
|
26
|
-
else
|
|
27
|
-
"false"
|
|
28
|
-
end
|
|
29
|
-
|
|
30
|
-
not_denied_expr = if @denys.size > 0
|
|
31
|
-
@denys.map { |clause| "!(#{clause})" }.join(' && ')
|
|
32
|
-
else
|
|
33
|
-
"true"
|
|
34
|
-
end
|
|
22
|
+
allowed_expr = @allows.any? ? @allows.map { |clause| "(#{clause})" }.join(' || ') : 'false'
|
|
23
|
+
not_denied_expr = @denys.any? ? @denys.map { |clause| "!(#{clause})" }.join(' && ') : 'true'
|
|
35
24
|
|
|
36
25
|
[allowed_expr, not_denied_expr].
|
|
37
26
|
map { |expr| "(#{expr})" }.
|
|
@@ -82,12 +71,8 @@ module Acl9
|
|
|
82
71
|
end
|
|
83
72
|
|
|
84
73
|
subsidiary.acl_block!(&block)
|
|
85
|
-
|
|
86
74
|
action_check = _action_check_expression(args)
|
|
87
|
-
|
|
88
|
-
squash = lambda do |rules|
|
|
89
|
-
_either_of(rules) + ' && ' + action_check
|
|
90
|
-
end
|
|
75
|
+
squash = lambda { |rules| action_check + ' && ' + _either_of(rules) }
|
|
91
76
|
|
|
92
77
|
@allows << squash.call(subsidiary.allows) if subsidiary.allows.size > 0
|
|
93
78
|
@denys << squash.call(subsidiary.denys) if subsidiary.denys.size > 0
|
|
@@ -112,9 +97,9 @@ module Acl9
|
|
|
112
97
|
|
|
113
98
|
role_checks = args.map do |who|
|
|
114
99
|
case who
|
|
115
|
-
when anonymous
|
|
116
|
-
when logged_in
|
|
117
|
-
when all
|
|
100
|
+
when anonymous then "#{_subject_ref}.nil?"
|
|
101
|
+
when logged_in then "!#{_subject_ref}.nil?"
|
|
102
|
+
when all then "true"
|
|
118
103
|
else
|
|
119
104
|
"!#{_subject_ref}.nil? && #{_subject_ref}.has_role?('#{who.to_s.singularize}', #{object})"
|
|
120
105
|
end
|
|
@@ -156,18 +141,12 @@ module Acl9
|
|
|
156
141
|
def _set_action_clause(to, except)
|
|
157
142
|
raise ArgumentError, "both :to and :except cannot be specified in the rule" if to && except
|
|
158
143
|
|
|
159
|
-
@action_clause
|
|
160
|
-
|
|
161
|
-
action_list = to || except
|
|
144
|
+
@action_clause = nil
|
|
145
|
+
action_list = to || except
|
|
162
146
|
return unless action_list
|
|
163
147
|
|
|
164
148
|
expr = _action_check_expression(action_list)
|
|
165
|
-
|
|
166
|
-
@action_clause = if to
|
|
167
|
-
"#{expr}"
|
|
168
|
-
else
|
|
169
|
-
"!#{expr}"
|
|
170
|
-
end
|
|
149
|
+
@action_clause = to ? "#{expr}" : "!#{expr}"
|
|
171
150
|
end
|
|
172
151
|
|
|
173
152
|
def _action_check_expression(action_list)
|
|
@@ -199,12 +178,9 @@ module Acl9
|
|
|
199
178
|
end
|
|
200
179
|
|
|
201
180
|
case object
|
|
202
|
-
when Class
|
|
203
|
-
|
|
204
|
-
when
|
|
205
|
-
_object_ref object
|
|
206
|
-
when nil
|
|
207
|
-
"nil"
|
|
181
|
+
when Class then object.to_s
|
|
182
|
+
when Symbol then _object_ref object
|
|
183
|
+
when nil then "nil"
|
|
208
184
|
else
|
|
209
185
|
raise ArgumentError, "object specified by preposition can only be a Class or a Symbol"
|
|
210
186
|
end
|
data/lib/acl9/helpers.rb
CHANGED
|
@@ -19,13 +19,13 @@ module Acl9
|
|
|
19
19
|
|
|
20
20
|
# Usage:
|
|
21
21
|
#
|
|
22
|
-
#
|
|
22
|
+
# <%=show_to(:owner, :supervisor, :of => :account) do %>
|
|
23
23
|
# <%= 'hello' %>
|
|
24
|
-
#
|
|
24
|
+
# <% end %>
|
|
25
25
|
#
|
|
26
26
|
def show_to(*args, &block)
|
|
27
|
-
user =
|
|
28
|
-
return
|
|
27
|
+
user = send(Acl9.config[:default_subject_method])
|
|
28
|
+
return if user.nil?
|
|
29
29
|
|
|
30
30
|
has_any = false
|
|
31
31
|
|
|
@@ -36,7 +36,14 @@ module Acl9
|
|
|
36
36
|
has_any = args.detect { |role| user.has_role?(role) }
|
|
37
37
|
end
|
|
38
38
|
|
|
39
|
-
has_any
|
|
39
|
+
if has_any
|
|
40
|
+
begin
|
|
41
|
+
capture( &block )
|
|
42
|
+
rescue NoMethodError
|
|
43
|
+
yield( :block )
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
40
47
|
end
|
|
41
48
|
end
|
|
42
49
|
end
|
|
@@ -10,7 +10,10 @@ module Acl9
|
|
|
10
10
|
# @param [Subject] subject Subject to add role for
|
|
11
11
|
# @see Acl9::ModelExtensions::Subject#has_role?
|
|
12
12
|
def accepts_role?(role_name, subject)
|
|
13
|
-
subject.
|
|
13
|
+
if not subject.nil?
|
|
14
|
+
return subject.has_role? role_name, self
|
|
15
|
+
end
|
|
16
|
+
false
|
|
14
17
|
end
|
|
15
18
|
|
|
16
19
|
##
|
|
@@ -20,7 +23,10 @@ module Acl9
|
|
|
20
23
|
# @param [Subject] subject Subject to add role for
|
|
21
24
|
# @see Acl9::ModelExtensions::Subject#has_role!
|
|
22
25
|
def accepts_role!(role_name, subject)
|
|
23
|
-
subject.
|
|
26
|
+
if not subject.nil?
|
|
27
|
+
return subject.has_role! role_name, self
|
|
28
|
+
end
|
|
29
|
+
false
|
|
24
30
|
end
|
|
25
31
|
|
|
26
32
|
##
|
|
@@ -30,7 +36,10 @@ module Acl9
|
|
|
30
36
|
# @param [Subject] subject Subject to remove role from
|
|
31
37
|
# @see Acl9::ModelExtensions::Subject#has_no_role!
|
|
32
38
|
def accepts_no_role!(role_name, subject)
|
|
33
|
-
subject.
|
|
39
|
+
if not subject.nil?
|
|
40
|
+
return subject.has_no_role! role_name, self
|
|
41
|
+
end
|
|
42
|
+
false
|
|
34
43
|
end
|
|
35
44
|
|
|
36
45
|
##
|
|
@@ -40,7 +49,10 @@ module Acl9
|
|
|
40
49
|
# @return [Boolean] Returns true if +subject+ has any roles on this object.
|
|
41
50
|
# @see Acl9::ModelExtensions::Subject#has_roles_for?
|
|
42
51
|
def accepts_roles_by?(subject)
|
|
43
|
-
subject.
|
|
52
|
+
if not subject.nil?
|
|
53
|
+
return subject.has_roles_for? self
|
|
54
|
+
end
|
|
55
|
+
false
|
|
44
56
|
end
|
|
45
57
|
|
|
46
58
|
alias :accepts_role_by? :accepts_roles_by?
|
|
@@ -52,7 +64,10 @@ module Acl9
|
|
|
52
64
|
# @param [Subject] subject Subject to query roles
|
|
53
65
|
# @see Acl9::ModelExtensions::Subject#roles_for
|
|
54
66
|
def accepted_roles_by(subject)
|
|
55
|
-
subject.
|
|
67
|
+
if not subject.nil?
|
|
68
|
+
return subject.roles_for self
|
|
69
|
+
end
|
|
70
|
+
false
|
|
56
71
|
end
|
|
57
72
|
end
|
|
58
73
|
end
|
|
@@ -17,7 +17,7 @@ module Acl9
|
|
|
17
17
|
#
|
|
18
18
|
# In this case manager is anyone who "manages" at least one object.
|
|
19
19
|
#
|
|
20
|
-
# However, if protect_global_roles option set to +true+, you'll need to
|
|
20
|
+
# However, if protect_global_roles option set to +true+, you'll need to
|
|
21
21
|
# explicitly grant global role with same name.
|
|
22
22
|
#
|
|
23
23
|
# Acl9.config[:protect_global_roles] = true
|
|
@@ -26,7 +26,7 @@ module Acl9
|
|
|
26
26
|
# user.has_role!(:manager)
|
|
27
27
|
# user.has_role?(:manager) # => true
|
|
28
28
|
#
|
|
29
|
-
# protect_global_roles option is +false+ by default as for now, but this
|
|
29
|
+
# protect_global_roles option is +false+ by default as for now, but this
|
|
30
30
|
# may change in future!
|
|
31
31
|
#
|
|
32
32
|
# @return [Boolean] Whether +self+ has a role +role_name+ on +object+.
|
|
@@ -134,7 +134,8 @@ module Acl9
|
|
|
134
134
|
lambda { |role| role.authorizable.nil? }
|
|
135
135
|
else
|
|
136
136
|
lambda do |role|
|
|
137
|
-
role.
|
|
137
|
+
auth_id = role.authorizable_id.kind_of?(String) ? object.id.to_s : object.id
|
|
138
|
+
role.authorizable_type == object.class.base_class.to_s && role.authorizable_id == auth_id
|
|
138
139
|
end
|
|
139
140
|
end
|
|
140
141
|
end
|
|
@@ -154,31 +155,31 @@ module Acl9
|
|
|
154
155
|
]
|
|
155
156
|
end
|
|
156
157
|
|
|
157
|
-
self._auth_role_class.first
|
|
158
|
+
self._auth_role_class.where(cond).first
|
|
158
159
|
end
|
|
159
160
|
|
|
160
161
|
def delete_role(role)
|
|
161
162
|
if role
|
|
162
163
|
self.role_objects.delete role
|
|
163
|
-
|
|
164
|
-
|
|
164
|
+
if role.send(self._auth_subject_class_name.demodulize.tableize).empty?
|
|
165
|
+
role.destroy unless role.respond_to?(:system?) && role.system?
|
|
166
|
+
end
|
|
165
167
|
end
|
|
166
168
|
end
|
|
167
|
-
|
|
169
|
+
|
|
168
170
|
protected
|
|
169
171
|
|
|
170
172
|
def _auth_role_class
|
|
171
173
|
self.class._auth_role_class_name.constantize
|
|
172
174
|
end
|
|
173
|
-
|
|
175
|
+
|
|
174
176
|
def _auth_role_assoc
|
|
175
|
-
|
|
177
|
+
self.class._auth_role_assoc_name
|
|
176
178
|
end
|
|
177
179
|
|
|
178
180
|
def role_objects
|
|
179
|
-
|
|
181
|
+
send(self._auth_role_assoc)
|
|
180
182
|
end
|
|
181
|
-
|
|
182
183
|
end
|
|
183
184
|
end
|
|
184
185
|
end
|
|
@@ -33,10 +33,9 @@ module Acl9
|
|
|
33
33
|
# @see Acl9::ModelExtensions::Subject
|
|
34
34
|
#
|
|
35
35
|
def acts_as_authorization_subject(options = {})
|
|
36
|
-
|
|
36
|
+
assoc = options[:association_name] || Acl9::config[:default_association_name]
|
|
37
37
|
role = options[:role_class_name] || Acl9::config[:default_role_class_name]
|
|
38
|
-
join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] ||
|
|
39
|
-
join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(role))
|
|
38
|
+
join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] || self.table_name_prefix + [undecorated_table_name(self.to_s), undecorated_table_name(role)].sort.join("_") + self.table_name_suffix
|
|
40
39
|
|
|
41
40
|
has_and_belongs_to_many assoc, :class_name => role, :join_table => join_table
|
|
42
41
|
|
|
@@ -79,22 +78,27 @@ module Acl9
|
|
|
79
78
|
role = options[:role_class_name] || Acl9::config[:default_role_class_name]
|
|
80
79
|
role_table = role.constantize.table_name
|
|
81
80
|
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
EOS
|
|
81
|
+
join_table = options[:join_table_name]
|
|
82
|
+
join_table ||= ActiveRecord::Base.send(:join_table_name,
|
|
83
|
+
role_table, subj_table) if ActiveRecord::Base.private_methods \
|
|
84
|
+
.include?('join_table_name')
|
|
85
|
+
join_table ||= Acl9::config[:default_join_table_name]
|
|
86
|
+
join_table ||= self.table_name_prefix \
|
|
87
|
+
+ [undecorated_table_name(self.to_s),
|
|
88
|
+
undecorated_table_name(role)].sort.join("_") \
|
|
89
|
+
+ self.table_name_suffix
|
|
92
90
|
|
|
93
91
|
has_many :accepted_roles, :as => :authorizable, :class_name => role, :dependent => :destroy
|
|
94
92
|
|
|
95
93
|
has_many :"#{subj_table}",
|
|
96
|
-
:finder_sql
|
|
97
|
-
|
|
94
|
+
:finder_sql => proc { "SELECT DISTINCT #{subj_table}.* " +
|
|
95
|
+
"FROM #{subj_table} INNER JOIN #{join_table} ON #{subj_col}_id = #{subj_table}.id " +
|
|
96
|
+
"INNER JOIN #{role_table} ON #{role_table}.id = #{role.underscore}_id " +
|
|
97
|
+
"WHERE authorizable_type = '#{self.class.base_class.to_s}' AND authorizable_id = #{id} "},
|
|
98
|
+
:counter_sql => proc { "SELECT COUNT(DISTINCT #{subj_table}.id)" +
|
|
99
|
+
"FROM #{subj_table} INNER JOIN #{join_table} ON #{subj_col}_id = #{subj_table}.id " +
|
|
100
|
+
"INNER JOIN #{role_table} ON #{role_table}.id = #{role.underscore}_id " +
|
|
101
|
+
"WHERE authorizable_type = '#{self.class.base_class.to_s}' AND authorizable_id = #{id} "},
|
|
98
102
|
:readonly => true
|
|
99
103
|
|
|
100
104
|
include Acl9::ModelExtensions::ForObject
|
|
@@ -126,7 +130,9 @@ module Acl9
|
|
|
126
130
|
def acts_as_authorization_role(options = {})
|
|
127
131
|
subject = options[:subject_class_name] || Acl9::config[:default_subject_class_name]
|
|
128
132
|
join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] ||
|
|
129
|
-
|
|
133
|
+
self.table_name_prefix + [undecorated_table_name(self.to_s), undecorated_table_name(subject)].sort.join("_") + self.table_name_suffix
|
|
134
|
+
# comment out use deprecated API
|
|
135
|
+
#join_table_name(undecorated_table_name(self.to_s), undecorated_table_name(subject))
|
|
130
136
|
|
|
131
137
|
has_and_belongs_to_many subject.demodulize.tableize.to_sym,
|
|
132
138
|
:class_name => subject,
|
data/lib/acl9/version.rb
ADDED
data/lib/acl9.rb
CHANGED
|
@@ -1,16 +1,20 @@
|
|
|
1
|
-
require
|
|
1
|
+
require 'acl9/version'
|
|
2
|
+
require 'acl9/model_extensions'
|
|
3
|
+
require 'acl9/controller_extensions'
|
|
4
|
+
require 'acl9/helpers'
|
|
2
5
|
|
|
3
|
-
|
|
4
|
-
|
|
6
|
+
module Acl9
|
|
7
|
+
@@config = {
|
|
8
|
+
:default_role_class_name => 'Role',
|
|
9
|
+
:default_subject_class_name => 'User',
|
|
10
|
+
:default_subject_method => :current_user,
|
|
11
|
+
:default_association_name => :role_objects,
|
|
12
|
+
:protect_global_roles => false,
|
|
13
|
+
}
|
|
5
14
|
|
|
6
|
-
|
|
15
|
+
mattr_reader :config
|
|
7
16
|
end
|
|
8
17
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
require File.join(File.dirname(__FILE__), 'acl9', 'helpers')
|
|
13
|
-
|
|
14
|
-
ActionController::Base.send(:include, Acl9::ControllerExtensions)
|
|
15
|
-
Acl9Helpers = Acl9::Helpers unless defined?(Acl9Helpers)
|
|
16
|
-
end
|
|
18
|
+
ActiveRecord::Base.send(:include, Acl9::ModelExtensions)
|
|
19
|
+
ActionController::Base.send(:include, Acl9::ControllerExtensions)
|
|
20
|
+
Acl9Helpers = Acl9::Helpers unless defined?(Acl9Helpers)
|
data/test/helpers_test.rb
CHANGED
|
@@ -121,14 +121,13 @@ class HelperTest < Test::Unit::TestCase
|
|
|
121
121
|
obj = Object.new
|
|
122
122
|
def obj.name; 'persia'; end
|
|
123
123
|
|
|
124
|
-
k.show_to('hamlet', :of => obj) { 'hello my prince' }.should ==
|
|
124
|
+
k.show_to('hamlet', :of => obj) { 'hello my prince' }.should == nil
|
|
125
125
|
end
|
|
126
126
|
|
|
127
127
|
it "has :show_to nothing to NotLoggedIn" do
|
|
128
128
|
k = Klass2.new
|
|
129
129
|
k.action_name = 'be'
|
|
130
130
|
message = 'hello hamlet'
|
|
131
|
-
k.show_to(:hamlet) { message }.should ==
|
|
131
|
+
k.show_to(:hamlet) { message }.should == nil
|
|
132
132
|
end
|
|
133
|
-
|
|
134
133
|
end
|
data/test/roles_test.rb
CHANGED
|
@@ -5,6 +5,21 @@ require 'support/models'
|
|
|
5
5
|
#Logger = ActiveRecord::Base.logger
|
|
6
6
|
load 'support/schema.rb'
|
|
7
7
|
|
|
8
|
+
|
|
9
|
+
class SystemRolesTest < Test::Unit::TestCase
|
|
10
|
+
it "should not delete a system role" do
|
|
11
|
+
Role.destroy_all
|
|
12
|
+
@role=Role.create(:name=>"admin", :system=>true)
|
|
13
|
+
@role.system.should be_true
|
|
14
|
+
Role.count.should==1
|
|
15
|
+
@user = User.create!
|
|
16
|
+
@user.has_role!(:admin)
|
|
17
|
+
Role.count.should==1
|
|
18
|
+
@user.has_no_role!(:admin)
|
|
19
|
+
Role.count.should==1
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
8
23
|
class RolesTest < Test::Unit::TestCase
|
|
9
24
|
before do
|
|
10
25
|
Role.destroy_all
|
|
@@ -269,6 +284,7 @@ class RolesTest < Test::Unit::TestCase
|
|
|
269
284
|
end
|
|
270
285
|
end
|
|
271
286
|
|
|
287
|
+
|
|
272
288
|
class RolesWithCustomClassNamesTest < Test::Unit::TestCase
|
|
273
289
|
before do
|
|
274
290
|
AnotherRole.destroy_all
|
|
@@ -352,4 +368,3 @@ class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
|
|
|
352
368
|
@user2.has_no_roles!
|
|
353
369
|
end
|
|
354
370
|
end
|
|
355
|
-
|
data/test/support/schema.rb
CHANGED
data/test/test_helper.rb
CHANGED
|
@@ -1,8 +1,5 @@
|
|
|
1
1
|
require 'rubygems'
|
|
2
|
-
|
|
3
|
-
gem 'jnunemaker-matchy', '>= 0.4.0'
|
|
4
|
-
gem 'jeremymcanally-context', '>= 0.5.5'
|
|
5
|
-
|
|
2
|
+
require 'bundler/setup'
|
|
6
3
|
require 'test/unit'
|
|
7
4
|
require 'context'
|
|
8
5
|
require 'matchy'
|
|
@@ -10,8 +7,9 @@ require 'active_support'
|
|
|
10
7
|
require 'active_record'
|
|
11
8
|
require 'action_controller'
|
|
12
9
|
require 'action_controller/test_process'
|
|
10
|
+
require 'turn'
|
|
13
11
|
|
|
14
|
-
ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :
|
|
12
|
+
ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => 'test.sqlite3')
|
|
15
13
|
|
|
16
14
|
class Test::Unit::TestCase
|
|
17
15
|
custom_matcher :be_false do |receiver, matcher, args|
|
|
@@ -29,3 +27,4 @@ end
|
|
|
29
27
|
|
|
30
28
|
ActiveRecord::Base.logger = Logger.new(File.dirname(__FILE__) + "/debug.log")
|
|
31
29
|
ActionController::Base.logger = ActiveRecord::Base.logger
|
|
30
|
+
ActiveRecord::Base.silence { ActiveRecord::Migration.verbose = false }
|
metadata
CHANGED
|
@@ -1,55 +1,115 @@
|
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: acl9
|
|
3
|
-
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.12.
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.12.1
|
|
5
|
+
prerelease:
|
|
5
6
|
platform: ruby
|
|
6
|
-
authors:
|
|
7
|
+
authors:
|
|
7
8
|
- oleg dashevskii
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
12
|
+
date: 2010-11-02 00:00:00.000000000 Z
|
|
13
|
+
dependencies:
|
|
14
|
+
- !ruby/object:Gem::Dependency
|
|
15
|
+
name: rails
|
|
16
|
+
requirement: &25259300 !ruby/object:Gem::Requirement
|
|
17
|
+
none: false
|
|
18
|
+
requirements:
|
|
19
|
+
- - ! '>='
|
|
20
|
+
- !ruby/object:Gem::Version
|
|
21
|
+
version: 2.3.12
|
|
22
|
+
type: :runtime
|
|
23
|
+
prerelease: false
|
|
24
|
+
version_requirements: *25259300
|
|
25
|
+
- !ruby/object:Gem::Dependency
|
|
26
|
+
name: be9-context
|
|
27
|
+
requirement: &25258440 !ruby/object:Gem::Requirement
|
|
28
|
+
none: false
|
|
29
|
+
requirements:
|
|
30
|
+
- - ! '>='
|
|
31
|
+
- !ruby/object:Gem::Version
|
|
23
32
|
version: 0.5.5
|
|
24
|
-
version:
|
|
25
|
-
- !ruby/object:Gem::Dependency
|
|
26
|
-
name: jnunemaker-matchy
|
|
27
33
|
type: :development
|
|
28
|
-
|
|
29
|
-
version_requirements:
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
34
|
+
prerelease: false
|
|
35
|
+
version_requirements: *25258440
|
|
36
|
+
- !ruby/object:Gem::Dependency
|
|
37
|
+
name: jnunemaker-matchy
|
|
38
|
+
requirement: &25257700 !ruby/object:Gem::Requirement
|
|
39
|
+
none: false
|
|
40
|
+
requirements:
|
|
41
|
+
- - ! '>='
|
|
42
|
+
- !ruby/object:Gem::Version
|
|
33
43
|
version: 0.4.0
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
44
|
+
type: :development
|
|
45
|
+
prerelease: false
|
|
46
|
+
version_requirements: *25257700
|
|
47
|
+
- !ruby/object:Gem::Dependency
|
|
48
|
+
name: rake
|
|
49
|
+
requirement: &25257060 !ruby/object:Gem::Requirement
|
|
50
|
+
none: false
|
|
51
|
+
requirements:
|
|
52
|
+
- - ! '>='
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
55
|
+
type: :development
|
|
56
|
+
prerelease: false
|
|
57
|
+
version_requirements: *25257060
|
|
58
|
+
- !ruby/object:Gem::Dependency
|
|
59
|
+
name: yard
|
|
60
|
+
requirement: &25256200 !ruby/object:Gem::Requirement
|
|
61
|
+
none: false
|
|
62
|
+
requirements:
|
|
63
|
+
- - ! '>='
|
|
64
|
+
- !ruby/object:Gem::Version
|
|
65
|
+
version: '0'
|
|
66
|
+
type: :development
|
|
67
|
+
prerelease: false
|
|
68
|
+
version_requirements: *25256200
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: sqlite3
|
|
71
|
+
requirement: &25255240 !ruby/object:Gem::Requirement
|
|
72
|
+
none: false
|
|
73
|
+
requirements:
|
|
74
|
+
- - ! '>='
|
|
75
|
+
- !ruby/object:Gem::Version
|
|
76
|
+
version: '0'
|
|
77
|
+
type: :development
|
|
78
|
+
prerelease: false
|
|
79
|
+
version_requirements: *25255240
|
|
80
|
+
- !ruby/object:Gem::Dependency
|
|
81
|
+
name: turn
|
|
82
|
+
requirement: &25254560 !ruby/object:Gem::Requirement
|
|
83
|
+
none: false
|
|
84
|
+
requirements:
|
|
85
|
+
- - ! '>='
|
|
86
|
+
- !ruby/object:Gem::Version
|
|
87
|
+
version: '0'
|
|
88
|
+
type: :development
|
|
89
|
+
prerelease: false
|
|
90
|
+
version_requirements: *25254560
|
|
91
|
+
description: Role-based authorization system for Rails with a nice DSL for access
|
|
92
|
+
control lists
|
|
93
|
+
email:
|
|
94
|
+
- olegdashevskii@gmail.com
|
|
37
95
|
executables: []
|
|
38
|
-
|
|
39
96
|
extensions: []
|
|
40
|
-
|
|
41
|
-
extra_rdoc_files:
|
|
97
|
+
extra_rdoc_files:
|
|
42
98
|
- README.textile
|
|
43
99
|
- TODO
|
|
44
|
-
files:
|
|
100
|
+
files:
|
|
101
|
+
- .gitignore
|
|
45
102
|
- CHANGELOG.textile
|
|
103
|
+
- Gemfile
|
|
104
|
+
- Gemfile.lock
|
|
46
105
|
- MIT-LICENSE
|
|
47
106
|
- README.textile
|
|
48
107
|
- Rakefile
|
|
49
108
|
- TODO
|
|
50
109
|
- VERSION.yml
|
|
110
|
+
- acl9.gemspec
|
|
111
|
+
- init.rb
|
|
51
112
|
- lib/acl9.rb
|
|
52
|
-
- lib/acl9/config.rb
|
|
53
113
|
- lib/acl9/controller_extensions.rb
|
|
54
114
|
- lib/acl9/controller_extensions/dsl_base.rb
|
|
55
115
|
- lib/acl9/controller_extensions/generators.rb
|
|
@@ -57,6 +117,7 @@ files:
|
|
|
57
117
|
- lib/acl9/model_extensions.rb
|
|
58
118
|
- lib/acl9/model_extensions/for_object.rb
|
|
59
119
|
- lib/acl9/model_extensions/for_subject.rb
|
|
120
|
+
- lib/acl9/version.rb
|
|
60
121
|
- test/access_control_test.rb
|
|
61
122
|
- test/dsl_base_test.rb
|
|
62
123
|
- test/helpers_test.rb
|
|
@@ -65,40 +126,40 @@ files:
|
|
|
65
126
|
- test/support/models.rb
|
|
66
127
|
- test/support/schema.rb
|
|
67
128
|
- test/test_helper.rb
|
|
68
|
-
|
|
129
|
+
- test/version_test.rb
|
|
69
130
|
homepage: http://github.com/be9/acl9
|
|
70
131
|
licenses: []
|
|
71
|
-
|
|
72
132
|
post_install_message:
|
|
73
|
-
rdoc_options:
|
|
133
|
+
rdoc_options:
|
|
74
134
|
- --charset=UTF-8
|
|
75
|
-
require_paths:
|
|
135
|
+
require_paths:
|
|
76
136
|
- lib
|
|
77
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
137
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
138
|
+
none: false
|
|
139
|
+
requirements:
|
|
140
|
+
- - ! '>='
|
|
141
|
+
- !ruby/object:Gem::Version
|
|
142
|
+
version: '0'
|
|
143
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
144
|
+
none: false
|
|
145
|
+
requirements:
|
|
146
|
+
- - ! '>='
|
|
147
|
+
- !ruby/object:Gem::Version
|
|
148
|
+
version: '0'
|
|
89
149
|
requirements: []
|
|
90
|
-
|
|
91
150
|
rubyforge_project:
|
|
92
|
-
rubygems_version: 1.
|
|
151
|
+
rubygems_version: 1.8.11
|
|
93
152
|
signing_key:
|
|
94
153
|
specification_version: 3
|
|
95
154
|
summary: Yet another role-based authorization system for Rails
|
|
96
|
-
test_files:
|
|
155
|
+
test_files:
|
|
156
|
+
- test/access_control_test.rb
|
|
157
|
+
- test/dsl_base_test.rb
|
|
97
158
|
- test/helpers_test.rb
|
|
98
|
-
- test/
|
|
99
|
-
- test/support/models.rb
|
|
159
|
+
- test/roles_test.rb
|
|
100
160
|
- test/support/controllers.rb
|
|
101
|
-
- test/
|
|
102
|
-
- test/
|
|
161
|
+
- test/support/models.rb
|
|
162
|
+
- test/support/schema.rb
|
|
103
163
|
- test/test_helper.rb
|
|
104
|
-
- test/
|
|
164
|
+
- test/version_test.rb
|
|
165
|
+
has_rdoc:
|
data/lib/acl9/config.rb
DELETED
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
module Acl9
|
|
2
|
-
@@config = {
|
|
3
|
-
:default_role_class_name => 'Role',
|
|
4
|
-
:default_subject_class_name => 'User',
|
|
5
|
-
:default_subject_method => :current_user,
|
|
6
|
-
:default_association_name => :role_objects,
|
|
7
|
-
:protect_global_roles => false,
|
|
8
|
-
}
|
|
9
|
-
|
|
10
|
-
mattr_reader :config
|
|
11
|
-
end
|