acl9 0.12.3 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (112) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +21 -7
  3. data/.travis.yml +19 -0
  4. data/Appraisals +8 -0
  5. data/CONTRIBUTING.md +58 -0
  6. data/Gemfile +2 -0
  7. data/Gemfile.lock +88 -32
  8. data/LICENSE +9 -0
  9. data/README.md +156 -0
  10. data/Rakefile +6 -3
  11. data/acl9.gemspec +10 -13
  12. data/gemfiles/rails_4.0.gemfile +8 -0
  13. data/gemfiles/rails_4.1.gemfile +8 -0
  14. data/lib/acl9/model_extensions/for_subject.rb +5 -1
  15. data/lib/acl9/model_extensions.rb +3 -24
  16. data/lib/acl9/version.rb +1 -1
  17. data/lib/acl9.rb +1 -1
  18. data/test/controller_extensions/actions_test.rb +167 -0
  19. data/test/controller_extensions/anon_test.rb +39 -0
  20. data/test/controller_extensions/base.rb +96 -0
  21. data/test/controller_extensions/basics_test.rb +44 -0
  22. data/test/controller_extensions/conditions_test.rb +48 -0
  23. data/test/controller_extensions/method_test.rb +50 -0
  24. data/test/controller_extensions/multi_match_test.rb +142 -0
  25. data/test/controller_extensions/multiple_role_arguments_test.rb +135 -0
  26. data/test/controller_extensions/prepositions_test.rb +99 -0
  27. data/test/controller_extensions/pseudo_role_test.rb +26 -0
  28. data/test/controller_extensions/role_test.rb +75 -0
  29. data/test/controllers/acl_action_override_test.rb +24 -0
  30. data/test/controllers/acl_arguments_test.rb +5 -0
  31. data/test/controllers/acl_block_test.rb +5 -0
  32. data/test/controllers/acl_boolean_method_test.rb +5 -0
  33. data/test/controllers/acl_helper_method_test.rb +26 -0
  34. data/test/controllers/acl_ivars_test.rb +15 -0
  35. data/test/controllers/acl_method2_test.rb +6 -0
  36. data/test/controllers/acl_method_test.rb +6 -0
  37. data/test/controllers/acl_object_hash_test.rb +18 -0
  38. data/test/controllers/acl_query_method_named_test.rb +9 -0
  39. data/test/controllers/acl_query_method_test.rb +9 -0
  40. data/test/controllers/acl_query_method_with_lambda_test.rb +9 -0
  41. data/test/controllers/acl_query_mixin.rb +51 -0
  42. data/test/controllers/acl_subject_method_test.rb +15 -0
  43. data/test/controllers/arguments_checking_test.rb +43 -0
  44. data/test/dummy/app/controllers/acl_action_override.rb +15 -0
  45. data/test/dummy/app/controllers/acl_arguments.rb +10 -0
  46. data/test/dummy/app/controllers/acl_block.rb +6 -0
  47. data/test/dummy/app/controllers/acl_boolean_method.rb +23 -0
  48. data/test/dummy/app/controllers/acl_helper_method.rb +11 -0
  49. data/test/dummy/app/controllers/acl_ivars.rb +17 -0
  50. data/test/dummy/app/controllers/acl_method.rb +6 -0
  51. data/test/dummy/app/controllers/acl_method2.rb +6 -0
  52. data/test/dummy/app/controllers/acl_objects_hash.rb +10 -0
  53. data/test/dummy/app/controllers/acl_query_method.rb +9 -0
  54. data/test/dummy/app/controllers/acl_query_method_named.rb +13 -0
  55. data/test/dummy/app/controllers/acl_query_method_with_lambda.rb +9 -0
  56. data/test/dummy/app/controllers/acl_subject_method.rb +16 -0
  57. data/test/dummy/app/controllers/application_controller.rb +7 -0
  58. data/test/dummy/app/controllers/empty_controller.rb +5 -0
  59. data/test/dummy/app/helpers/application_helper.rb +2 -0
  60. data/test/dummy/app/helpers/some_helper.rb +8 -0
  61. data/test/dummy/app/models/.keep +0 -0
  62. data/test/dummy/app/models/access.rb +3 -0
  63. data/test/dummy/app/models/account.rb +3 -0
  64. data/test/dummy/app/models/bar.rb +3 -0
  65. data/test/dummy/app/models/concerns/.keep +0 -0
  66. data/test/dummy/app/models/foo.rb +3 -0
  67. data/test/dummy/app/models/foo_bar.rb +3 -0
  68. data/test/dummy/app/models/other/foo.rb +5 -0
  69. data/test/dummy/app/models/other/role.rb +5 -0
  70. data/test/dummy/app/models/other/user.rb +5 -0
  71. data/test/dummy/app/models/role.rb +3 -0
  72. data/test/dummy/app/models/user.rb +3 -0
  73. data/test/dummy/app/models/uuid.rb +4 -0
  74. data/test/dummy/config/application.rb +23 -0
  75. data/test/dummy/config/boot.rb +4 -0
  76. data/test/dummy/config/database.yml +25 -0
  77. data/test/dummy/config/environment.rb +5 -0
  78. data/test/dummy/config/environments/development.rb +37 -0
  79. data/test/dummy/config/environments/production.rb +78 -0
  80. data/test/dummy/config/environments/test.rb +39 -0
  81. data/test/dummy/config/initializers/assets.rb +8 -0
  82. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  83. data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
  84. data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  85. data/test/dummy/config/initializers/inflections.rb +16 -0
  86. data/test/dummy/config/initializers/mime_types.rb +4 -0
  87. data/test/dummy/config/initializers/secrets.rb +1 -0
  88. data/test/dummy/config/initializers/session_store.rb +3 -0
  89. data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
  90. data/test/dummy/config/locales/en.yml +23 -0
  91. data/test/dummy/config/routes.rb +3 -0
  92. data/test/dummy/config.ru +4 -0
  93. data/test/dummy/db/migrate/20141117132218_create_tables.rb +102 -0
  94. data/test/helpers/helper_test.rb +89 -0
  95. data/test/models/roles_test.rb +251 -0
  96. data/test/models/roles_with_custom_association_names_test.rb +28 -0
  97. data/test/models/roles_with_custom_class_names_test.rb +28 -0
  98. data/test/models/system_roles_test.rb +16 -0
  99. data/test/models/users_roles_and_subjects_with_namespaced_class_names_test.rb +30 -0
  100. data/test/test_helper.rb +76 -23
  101. data/test/version_test.rb +2 -2
  102. metadata +190 -74
  103. data/README.textile +0 -921
  104. data/VERSION.yml +0 -5
  105. data/init.rb +0 -1
  106. data/test/access_control_test.rb +0 -338
  107. data/test/dsl_base_test.rb +0 -795
  108. data/test/helpers_test.rb +0 -133
  109. data/test/roles_test.rb +0 -370
  110. data/test/support/controllers.rb +0 -207
  111. data/test/support/models.rb +0 -59
  112. data/test/support/schema.rb +0 -93
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9cf5698a2cdcb08b487fcf12489cd1c81ad11632
4
- data.tar.gz: 6bc6c991ab649844d121a7d6cb44c1cbfe2cbed9
3
+ metadata.gz: d257d3fbf2e9facce72082825fae4bf4ab77245c
4
+ data.tar.gz: bb2d0e3c004d4c426f55893adf342abaa28f822c
5
5
  SHA512:
6
- metadata.gz: 6de6962b498a7a45b816adf1af36d899e353394995d448aea35fc66de34f12fd5f5bf94c259ed7a8a8154b727b46eca552b91e3db3f5b48f4e8dbcd297ade3f7
7
- data.tar.gz: 4519cbc997338a70ab3d1c1083ef9ae1f2fa7496883c4b7e5af9621d2d126c6a286f3d22d7a01f193fd9ef96a36d1cd5fdffe67c25f076b0d06b3df438f68c46
6
+ metadata.gz: 67dbfd73321644d1a4758100ca477233f4c07eee3f0e3c0effc02be909c166d62f2a763e8b68e12d04e9c1d64b9bbe93b1d588960a45a3fad0e5667395ac72c3
7
+ data.tar.gz: 165cf932d81dd5fbf2d37499f6a43429a118285d0fd3e91db72f253ec603279cf35f92764a944f2816f88265258e2db86d459db7e0ed1137e32d7845a54ae92a
data/.gitignore CHANGED
@@ -1,7 +1,21 @@
1
- *.sqlite3
2
- *.html
3
- pkg
4
- *.sw?
5
- *.log
6
- .yardoc
7
- doc
1
+ # See https://help.github.com/articles/ignoring-files for more about ignoring files.
2
+ #
3
+ # If you find yourself ignoring temporary files generated by your text editor
4
+ # or operating system, you probably want to add a global ignore instead:
5
+ # git config --global core.excludesfile '~/.gitignore_global'
6
+
7
+ # Ignore bundler config.
8
+ /.bundle
9
+
10
+ # Ignore the default SQLite database.
11
+ /db/*.sqlite3
12
+ /db/*.sqlite3-journal
13
+
14
+ # Ignore all logfiles and tempfiles.
15
+ **/log/*.log
16
+ **/tmp
17
+
18
+ /gemfiles/*.lock
19
+
20
+ /doc
21
+ /.yardoc
data/.travis.yml ADDED
@@ -0,0 +1,19 @@
1
+ cache: bundler
2
+ language: ruby
3
+ rvm:
4
+ - 2.0.0
5
+ - 2.1.2
6
+ - ruby-head
7
+
8
+ gemfile:
9
+ - gemfiles/rails_4.0.gemfile
10
+ - gemfiles/rails_4.1.gemfile
11
+
12
+ matrix:
13
+ fast_finish: true
14
+ allow_failures:
15
+ - rvm: ruby-head
16
+
17
+ addons:
18
+ code_climate:
19
+ repo_token: 6701faf591ff926cd9b3ea7f07c5e72984d2b1e26b33caba26114a6bfe859a11
data/Appraisals ADDED
@@ -0,0 +1,8 @@
1
+ appraise "rails-4.0" do
2
+ gem "rails", "~> 4.0.0"
3
+ end
4
+
5
+ appraise "rails-4.1" do
6
+ gem "rails", "~> 4.1.0"
7
+ end
8
+
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,58 @@
1
+ # Contributing
2
+
3
+ Hi, I'm Jason, my online nickname is "smathy" which I use on IRC, twitter,
4
+ StackOverflow, here on github, and a few other places on the internet.
5
+
6
+ Oleg is the creator of acl9, but other commitments have meant that he's had
7
+ very little time to maintain this project and so I've basically taken over as
8
+ the primary maintainer.
9
+
10
+ I like to start by introducing myself so that you know that I'm just a human
11
+ being, a normal guy, and that if you have something you want to contribute to
12
+ acl9 then I'm more than happy to hear from you.
13
+
14
+ There really aren't any hard and fast rules here for contributing. Feel free to
15
+ raise issues, you can even just ask questions in an issue if you'd like,
16
+ although IRC or StackOverflow is probably a much better forum for that. You can
17
+ ping me on twitter, or even email me at jk@handle.it
18
+
19
+ Also see the README for information on getting in contact with the rest of the
20
+ community.
21
+
22
+ ## Dev Stuff
23
+
24
+ If you're going to contribute code then just fork our repo, write your thing,
25
+ and submit a pull request.
26
+
27
+ ### Setup
28
+
29
+ You should be able to just fork the repo and run `bundle && rake` to see the
30
+ tests running.
31
+
32
+ We use [Appraisal](//github.com/thoughtbot/appraisal) to test against multiple versions of
33
+ Rails, so you can read up on that and use it to test against all the Rails
34
+ versions we support or against a specific one.
35
+
36
+ ### How to
37
+
38
+ If you're fixing a bug then please arrange your pull request in two commits, the
39
+ first one will be a test that demonstrates the bug, that test will be failing
40
+ when you create it. The second commit will be the code change that fixes the
41
+ bug.
42
+
43
+ Don't let this be a blocker for you, I'm not saying you have to do TDD. I don't
44
+ care whether you actually write the test first, or the code first, I just care
45
+ about the order of the commits. Those with experience in reviewing PRs will know
46
+ why. I can grab your PR, roll it back to `HEAD^` and run the test, seeing it
47
+ fail and confirming that your test works, then roll it back to the head of your
48
+ branch and see your code fixing the test. It makes it very easy to review a PR.
49
+
50
+ You _can_ submit a bugfix without a test, although those take **MUCH** longer to
51
+ review because it's often hard to work out what problem you're solving.
52
+
53
+ Also, it's up to you whether you want to create an issue in github first. I'd
54
+ recommend that you do because it gives a good place to discuss the details of
55
+ the issue.
56
+
57
+ Also, feel free to submit ideas as PRs, just make sure you put it clearly in the
58
+ text that this is not ready for merge yet.
data/Gemfile CHANGED
@@ -2,3 +2,5 @@ source "http://rubygems.org"
2
2
 
3
3
  # Specify your gem's dependencies in csvision.gemspec
4
4
  gemspec
5
+
6
+ gem 'appraisal'
data/Gemfile.lock CHANGED
@@ -1,47 +1,103 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- acl9 (0.12.0)
5
- rails (= 2.3.12)
4
+ acl9 (1.0.0)
5
+ rails (~> 4.0)
6
6
 
7
7
  GEM
8
8
  remote: http://rubygems.org/
9
9
  specs:
10
- actionmailer (2.3.12)
11
- actionpack (= 2.3.12)
12
- actionpack (2.3.12)
13
- activesupport (= 2.3.12)
14
- rack (~> 1.1.0)
15
- activerecord (2.3.12)
16
- activesupport (= 2.3.12)
17
- activeresource (2.3.12)
18
- activesupport (= 2.3.12)
19
- activesupport (2.3.12)
20
- ansi (1.3.0)
21
- be9-context (0.5.5)
22
- jnunemaker-matchy (0.4.0)
23
- rack (1.1.3)
24
- rails (2.3.12)
25
- actionmailer (= 2.3.12)
26
- actionpack (= 2.3.12)
27
- activerecord (= 2.3.12)
28
- activeresource (= 2.3.12)
29
- activesupport (= 2.3.12)
30
- rake (>= 0.8.3)
31
- rake (0.9.2.2)
32
- sqlite3 (1.3.5)
33
- turn (0.8.3)
34
- ansi
35
- yard (0.7.5)
10
+ actionmailer (4.1.7)
11
+ actionpack (= 4.1.7)
12
+ actionview (= 4.1.7)
13
+ mail (~> 2.5, >= 2.5.4)
14
+ actionpack (4.1.7)
15
+ actionview (= 4.1.7)
16
+ activesupport (= 4.1.7)
17
+ rack (~> 1.5.2)
18
+ rack-test (~> 0.6.2)
19
+ actionview (4.1.7)
20
+ activesupport (= 4.1.7)
21
+ builder (~> 3.1)
22
+ erubis (~> 2.7.0)
23
+ activemodel (4.1.7)
24
+ activesupport (= 4.1.7)
25
+ builder (~> 3.1)
26
+ activerecord (4.1.7)
27
+ activemodel (= 4.1.7)
28
+ activesupport (= 4.1.7)
29
+ arel (~> 5.0.0)
30
+ activesupport (4.1.7)
31
+ i18n (~> 0.6, >= 0.6.9)
32
+ json (~> 1.7, >= 1.7.7)
33
+ minitest (~> 5.1)
34
+ thread_safe (~> 0.1)
35
+ tzinfo (~> 1.1)
36
+ appraisal (1.0.2)
37
+ bundler
38
+ rake
39
+ thor (>= 0.14.0)
40
+ arel (5.0.1.20140414130214)
41
+ builder (3.2.2)
42
+ codeclimate-test-reporter (0.4.1)
43
+ simplecov (>= 0.7.1, < 1.0.0)
44
+ docile (1.1.5)
45
+ erubis (2.7.0)
46
+ hike (1.2.3)
47
+ i18n (0.6.11)
48
+ json (1.8.1)
49
+ mail (2.6.3)
50
+ mime-types (>= 1.16, < 3)
51
+ mime-types (2.4.3)
52
+ minitest (5.4.3)
53
+ multi_json (1.10.1)
54
+ rack (1.5.2)
55
+ rack-test (0.6.2)
56
+ rack (>= 1.0)
57
+ rails (4.1.7)
58
+ actionmailer (= 4.1.7)
59
+ actionpack (= 4.1.7)
60
+ actionview (= 4.1.7)
61
+ activemodel (= 4.1.7)
62
+ activerecord (= 4.1.7)
63
+ activesupport (= 4.1.7)
64
+ bundler (>= 1.3.0, < 2.0)
65
+ railties (= 4.1.7)
66
+ sprockets-rails (~> 2.0)
67
+ railties (4.1.7)
68
+ actionpack (= 4.1.7)
69
+ activesupport (= 4.1.7)
70
+ rake (>= 0.8.7)
71
+ thor (>= 0.18.1, < 2.0)
72
+ rake (10.3.2)
73
+ simplecov (0.9.1)
74
+ docile (~> 1.1.0)
75
+ multi_json (~> 1.0)
76
+ simplecov-html (~> 0.8.0)
77
+ simplecov-html (0.8.0)
78
+ sprockets (2.12.3)
79
+ hike (~> 1.2)
80
+ multi_json (~> 1.0)
81
+ rack (~> 1.0)
82
+ tilt (~> 1.1, != 1.3.0)
83
+ sprockets-rails (2.2.0)
84
+ actionpack (>= 3.0)
85
+ activesupport (>= 3.0)
86
+ sprockets (>= 2.8, < 4.0)
87
+ sqlite3 (1.3.10)
88
+ thor (0.19.1)
89
+ thread_safe (0.3.4)
90
+ tilt (1.4.1)
91
+ tzinfo (1.2.2)
92
+ thread_safe (~> 0.1)
93
+ yard (0.8.7.6)
36
94
 
37
95
  PLATFORMS
38
96
  ruby
39
97
 
40
98
  DEPENDENCIES
41
99
  acl9!
42
- be9-context (>= 0.5.5)
43
- jnunemaker-matchy (>= 0.4.0)
44
- rake
100
+ appraisal
101
+ codeclimate-test-reporter
45
102
  sqlite3
46
- turn
47
103
  yard
data/LICENSE ADDED
@@ -0,0 +1,9 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2014 Oleg Dashevskii
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
6
+
7
+ The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
8
+
9
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,156 @@
1
+ # acl9
2
+
3
+ [![Travis-CI](https://travis-ci.org/be9/acl9.svg?branch=master)](https://travis-ci.org/be9/acl9) [![Code Climate](https://codeclimate.com/github/be9/acl9/badges/gpa.svg)](https://codeclimate.com/github/be9/acl9) [![Test Coverage](https://codeclimate.com/github/be9/acl9/badges/coverage.svg)](https://codeclimate.com/github/be9/acl9)
4
+
5
+ Acl9 is a role-based authorization system that provides a concise DSL for
6
+ securing your Rails application.
7
+
8
+ Access control is pointless if you're not sure you've done it right. The
9
+ fundamental goal of acl9 is to ensure that your rules are easy to understand and
10
+ easy to test - in other words acl9 makes it easy to ensure you've got your
11
+ permissions correct.
12
+
13
+ ## Installation
14
+
15
+ Acl9 is [Semantically Versioned](http://semver.org/), so just add this to your
16
+ `Gemfile`:
17
+
18
+ ```ruby
19
+ gem 'acl9', '~> 1.0'
20
+ ```
21
+
22
+ We dropped support for Rails < 4 in the 1.x releases, so if you're still using
23
+ Rails 2.x or 3.x then you'll want this:
24
+
25
+ ```ruby
26
+ gem 'acl9', '~> 0.12'
27
+ ```
28
+
29
+ ## Getting Started
30
+
31
+ The simplest way to demonstrate this is with some examples.
32
+
33
+ ### Access Control
34
+
35
+ You declare the access control directly in your controller, so it's visible and
36
+ obvious for any developer looking at the controller:
37
+
38
+ ```ruby
39
+ class Admin::SchoolsController < ApplicationController
40
+ access_control do
41
+ allow :support, School
42
+ allow :admins, :managers, :teachers, :of => :school
43
+ deny :teachers, :to => :destroy
44
+
45
+ action :index do
46
+ allow anonymous, logged_in
47
+ end
48
+
49
+ allow logged_in, :to => :show
50
+ deny :students
51
+ end
52
+
53
+ def index
54
+ # ...
55
+ end
56
+
57
+ # ...
58
+ end
59
+ ```
60
+
61
+ You can see more about all this stuff in the wiki under [Access Control
62
+ Subsystem](//github.com/be9/acl9/wiki/Access-Control-Subsystem)
63
+
64
+ ### Roles
65
+
66
+ The other side of acl9 is where you give and remove roles to and from a user. As
67
+ you're looking through these examples refer back to the [Access
68
+ Control](#access-control) example and you should be able to see which access
69
+ control rule each role corresponds to.
70
+
71
+ Let's say we want to create an admin of a given school, not a global admin, just
72
+ the admin for a particular school:
73
+
74
+ ```ruby
75
+ user.has_role! :admin, school
76
+ ```
77
+
78
+ Then let's say we have some support people in our organization who are dedicated
79
+ to supporting all the schools. We could do two things, either we could come up
80
+ with a new role name like `:school_support` or we can use the fact that we can
81
+ assign roles to any object, including a class, and do this:
82
+
83
+ ```ruby
84
+ user.has_role! :support, School
85
+ ```
86
+
87
+ You can see the `allow` line in our `access_control` block that this corresponds
88
+ with. If we had used `:school_support` instead then that line would have to be:
89
+ `allow :school_support`
90
+
91
+ Now, when a support person leaves that team, we need to remove that role:
92
+
93
+ ```ruby
94
+ user.has_no_role! :support, School
95
+ ```
96
+
97
+ You can see more about all this stuff in the wiki under [Role
98
+ Subsystem](//github.com/be9/acl9/wiki/Role-Subsystem)
99
+
100
+ ## Upgrade Notes
101
+
102
+ Please, PLEASE, **PLEASE** note. If you're upgrading from the `0.x` series of acl9
103
+ then there's an important change in one of the defaults for `1.x`. We flipped
104
+ the default value of `:protect_global_roles` from `false` to `true`.
105
+
106
+ Say you had a role on an object:
107
+
108
+ ```ruby
109
+ user.has_role! :manager, department
110
+ ```
111
+
112
+ We all know that this means:
113
+
114
+ ```ruby
115
+ user.has_role? :manager, department # => true
116
+ ```
117
+
118
+ With `:protect_global_roles` set to `false`, as it was in `0.x` then the above
119
+ role would mean that the global `:manager` role would also be `true`.
120
+
121
+ Ie. this is how `0.x` behaved:
122
+
123
+ ```ruby
124
+ user.has_role? :manager # => true
125
+ ```
126
+
127
+ Now in `1.x` we default `:protect_global_roles` to `true` which means that the
128
+ global `:manager` role is protected, ie:
129
+
130
+ ```ruby
131
+ user.has_role? :manager # => false
132
+ ```
133
+
134
+ In words, in 1.x just because you're the `:manager` of a `department` that
135
+ doesn't make you a global `:manager` (anymore).
136
+
137
+ ## Community
138
+
139
+ **IRC:** Please drop in for a chat on #acl9 on Freenode, [use
140
+ this](http://webchat.freenode.net/) if you have no other option.
141
+
142
+ **docs:** Rdocs are available [here](http://rdoc.info/projects/be9/acl9).
143
+
144
+ **StackOverflow:** Go ask (or answer) a question [on
145
+ StackOverflow](http://stackoverflow.com/questions/tagged/acl9)
146
+
147
+ **Mailing list:** We have an old skule mailing list as well [acl9-discuss
148
+ group](http://groups.google.com/group/acl9-discuss)
149
+
150
+ **Contributing:** Last but not least, check out the [Contributing
151
+ Guide](./CONTRIBUTING.md) if you want to get even more involved
152
+
153
+ ## Acknowledgements
154
+
155
+ [All these people are awesome!](//github.com/be9/acl9/graphs/contributors) as are all the
156
+ people who have raised or investigated issues.
data/Rakefile CHANGED
@@ -1,18 +1,21 @@
1
1
  #!/usr/bin/env rake
2
+ require 'bundler/setup'
2
3
  require 'bundler/gem_tasks'
3
- require 'rake'
4
- require 'rake/testtask'
5
- require 'yard'
6
4
 
7
5
  desc 'Default: run tests.'
8
6
  task :default => :test
9
7
 
8
+ require 'rake/testtask'
9
+
10
10
  Rake::TestTask.new(:test) do |test|
11
11
  test.libs << 'lib' << 'test'
12
12
  test.pattern = 'test/**/*_test.rb'
13
13
  test.verbose = false
14
14
  end
15
15
 
16
+ require 'yard'
17
+
16
18
  YARD::Rake::YardocTask.new do |t|
17
19
  t.files = ['lib/**/*.rb']
18
20
  end
21
+
data/acl9.gemspec CHANGED
@@ -3,30 +3,27 @@ $:.unshift File.expand_path("../lib", __FILE__)
3
3
  require "acl9/version"
4
4
 
5
5
  Gem::Specification.new do |s|
6
- s.authors = ["oleg dashevskii"]
7
- s.email = ["olegdashevskii@gmail.com"]
8
- s.description = %q{Role-based authorization system for Rails with a nice DSL for access control lists}
9
- s.summary = %q{Yet another role-based authorization system for Rails}
6
+ s.authors = ["oleg dashevskii", "Jason King"]
7
+ s.email = ["olegdashevskii@gmail.com", "jk@handle.it"]
8
+ s.description = "Role-based authorization system for Rails with a concise DSL for securing your Rails application. Acl9 makes it easy to get security right for your app, the access control code sits right in your controller, the syntax is very easy to understand, and acl9 makes it easy to test your access rules."
9
+ s.summary = "Role-based authorization system for Rails with a concise DSL for securing your Rails application."
10
10
  s.homepage = "http://github.com/be9/acl9"
11
11
 
12
12
  s.files = `git ls-files`.split($\)
13
- s.executables = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
14
- s.test_files = s.files.grep(%r{^(test|spec|features)/})
13
+ s.test_files = s.files.grep(%r{^test/})
15
14
  s.name = "acl9"
16
15
  s.require_paths = ["lib"]
17
16
  s.version = Acl9::VERSION
17
+ s.license = 'MIT'
18
+
19
+ s.required_ruby_version = ">= 2"
18
20
 
19
- s.date = %q{2010-11-02}
20
- s.extra_rdoc_files = %w/README.textile TODO/
21
21
  s.rdoc_options = ["--charset=UTF-8"]
22
22
 
23
- s.add_dependency "rails", ">= 2.3.12"
23
+ s.add_dependency "rails", '~> 4.0'
24
24
 
25
- s.add_development_dependency "be9-context", ">= 0.5.5"
26
- s.add_development_dependency "jnunemaker-matchy", ">= 0.4.0"
27
- s.add_development_dependency "rake"
25
+ s.add_development_dependency "codeclimate-test-reporter"
28
26
  s.add_development_dependency "yard"
29
27
  s.add_development_dependency 'sqlite3'
30
- s.add_development_dependency 'turn'
31
28
  end
32
29
 
@@ -0,0 +1,8 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "http://rubygems.org"
4
+
5
+ gem "appraisal"
6
+ gem "rails", "~> 4.0.0"
7
+
8
+ gemspec :path => "../"
@@ -0,0 +1,8 @@
1
+ # This file was generated by Appraisal
2
+
3
+ source "http://rubygems.org"
4
+
5
+ gem "appraisal"
6
+ gem "rails", "~> 4.1.0"
7
+
8
+ gemspec :path => "../"
@@ -155,7 +155,11 @@ module Acl9
155
155
  ]
156
156
  end
157
157
 
158
- self._auth_role_class.where(cond).first
158
+ if self._auth_role_class.respond_to?(:where)
159
+ self._auth_role_class.where(cond).first
160
+ else
161
+ self._auth_role_class.find(:first, :conditions => cond)
162
+ end
159
163
  end
160
164
 
161
165
  def delete_role(role)
@@ -37,7 +37,7 @@ module Acl9
37
37
  role = options[:role_class_name] || Acl9::config[:default_role_class_name]
38
38
  join_table = options[:join_table_name] || Acl9::config[:default_join_table_name] || self.table_name_prefix + [undecorated_table_name(self.to_s), undecorated_table_name(role)].sort.join("_") + self.table_name_suffix
39
39
 
40
- has_and_belongs_to_many assoc, :class_name => role, :join_table => join_table
40
+ has_and_belongs_to_many assoc.to_sym, :class_name => role, :join_table => join_table
41
41
 
42
42
  cattr_accessor :_auth_role_class_name, :_auth_subject_class_name,
43
43
  :_auth_role_assoc_name
@@ -73,33 +73,12 @@ module Acl9
73
73
  def acts_as_authorization_object(options = {})
74
74
  subject = options[:subject_class_name] || Acl9::config[:default_subject_class_name]
75
75
  subj_table = subject.constantize.table_name
76
- subj_col = subject.underscore
77
76
 
78
- role = options[:role_class_name] || Acl9::config[:default_role_class_name]
79
- role_table = role.constantize.table_name
80
-
81
- join_table = options[:join_table_name]
82
- join_table ||= ActiveRecord::Base.send(:join_table_name,
83
- role_table, subj_table) if ActiveRecord::Base.private_methods \
84
- .include?('join_table_name')
85
- join_table ||= Acl9::config[:default_join_table_name]
86
- join_table ||= self.table_name_prefix \
87
- + [undecorated_table_name(self.to_s),
88
- undecorated_table_name(role)].sort.join("_") \
89
- + self.table_name_suffix
77
+ role = options[:role_class_name] || Acl9::config[:default_role_class_name]
90
78
 
91
79
  has_many :accepted_roles, :as => :authorizable, :class_name => role, :dependent => :destroy
92
80
 
93
- has_many :"#{subj_table}",
94
- :finder_sql => proc { "SELECT DISTINCT #{subj_table}.* " +
95
- "FROM #{subj_table} INNER JOIN #{join_table} ON #{subj_col}_id = #{subj_table}.id " +
96
- "INNER JOIN #{role_table} ON #{role_table}.id = #{role.underscore}_id " +
97
- "WHERE authorizable_type = '#{self.class.base_class.to_s}' AND authorizable_id = #{id} "},
98
- :counter_sql => proc { "SELECT COUNT(DISTINCT #{subj_table}.id)" +
99
- "FROM #{subj_table} INNER JOIN #{join_table} ON #{subj_col}_id = #{subj_table}.id " +
100
- "INNER JOIN #{role_table} ON #{role_table}.id = #{role.underscore}_id " +
101
- "WHERE authorizable_type = '#{self.class.base_class.to_s}' AND authorizable_id = #{id} "},
102
- :readonly => true
81
+ has_many :"#{subj_table}", -> { distinct.readonly }, through: :accepted_roles
103
82
 
104
83
  include Acl9::ModelExtensions::ForObject
105
84
  end
data/lib/acl9/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Acl9
2
- VERSION = "0.12.3"
2
+ VERSION = "1.0.0"
3
3
  end
data/lib/acl9.rb CHANGED
@@ -9,7 +9,7 @@ module Acl9
9
9
  :default_subject_class_name => 'User',
10
10
  :default_subject_method => :current_user,
11
11
  :default_association_name => :role_objects,
12
- :protect_global_roles => false,
12
+ :protect_global_roles => true,
13
13
  }
14
14
 
15
15
  mattr_reader :config