acl9 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +2 -1
- data/Appraisals +1 -1
- data/Gemfile.lock +61 -36
- data/README.md +76 -6
- data/gemfiles/rails_4.2.gemfile +1 -1
- data/lib/acl9.rb +20 -2
- data/lib/acl9/controller_extensions/dsl_base.rb +1 -1
- data/lib/acl9/model_extensions.rb +11 -1
- data/lib/acl9/model_extensions/for_subject.rb +8 -1
- data/lib/acl9/version.rb +1 -1
- data/lib/generators/acl9/setup/USAGE +35 -0
- data/lib/generators/acl9/setup/setup_generator.rb +115 -0
- data/lib/generators/acl9/setup/templates/create_role_tables.rb +22 -0
- data/lib/generators/acl9/setup/templates/role.rb +3 -0
- data/test/config_test.rb +55 -0
- data/test/dummy/config/environments/production.rb +1 -1
- data/test/dummy/config/environments/test.rb +1 -1
- data/test/models/roles_test.rb +52 -2
- metadata +8 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f04f136959818b774a8a07d3317348bfae2ff653
|
4
|
+
data.tar.gz: cad678253e611fefcb70c0716e717e458720e571
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5e6cdf549284877a10421026d96868e9c74069cad37d1a0ac5cac1e171ddf4d9b75d529013935c4716b80fd091908087a2e4a4af77dc9a0dd9fe3f948ad4e5c9
|
7
|
+
data.tar.gz: a0b5a3c792b5253bdda4edc6bbcb00b61ca0f92a9c268c6d773e5359dd70c4aa6db907960d5bf5baa0d0c5981d459ea537817c59935d31044ba508b3440f515c
|
data/.travis.yml
CHANGED
data/Appraisals
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,82 +1,107 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
acl9 (1.
|
4
|
+
acl9 (1.2.0)
|
5
5
|
rails (~> 4.0)
|
6
6
|
|
7
7
|
GEM
|
8
8
|
remote: http://rubygems.org/
|
9
9
|
specs:
|
10
|
-
actionmailer (4.
|
11
|
-
actionpack (= 4.
|
12
|
-
actionview (= 4.
|
10
|
+
actionmailer (4.2.0)
|
11
|
+
actionpack (= 4.2.0)
|
12
|
+
actionview (= 4.2.0)
|
13
|
+
activejob (= 4.2.0)
|
13
14
|
mail (~> 2.5, >= 2.5.4)
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
rails-dom-testing (~> 1.0, >= 1.0.5)
|
16
|
+
actionpack (4.2.0)
|
17
|
+
actionview (= 4.2.0)
|
18
|
+
activesupport (= 4.2.0)
|
19
|
+
rack (~> 1.6.0)
|
18
20
|
rack-test (~> 0.6.2)
|
19
|
-
|
20
|
-
|
21
|
+
rails-dom-testing (~> 1.0, >= 1.0.5)
|
22
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
23
|
+
actionview (4.2.0)
|
24
|
+
activesupport (= 4.2.0)
|
21
25
|
builder (~> 3.1)
|
22
26
|
erubis (~> 2.7.0)
|
23
|
-
|
24
|
-
|
27
|
+
rails-dom-testing (~> 1.0, >= 1.0.5)
|
28
|
+
rails-html-sanitizer (~> 1.0, >= 1.0.1)
|
29
|
+
activejob (4.2.0)
|
30
|
+
activesupport (= 4.2.0)
|
31
|
+
globalid (>= 0.3.0)
|
32
|
+
activemodel (4.2.0)
|
33
|
+
activesupport (= 4.2.0)
|
25
34
|
builder (~> 3.1)
|
26
|
-
activerecord (4.
|
27
|
-
activemodel (= 4.
|
28
|
-
activesupport (= 4.
|
29
|
-
arel (~>
|
30
|
-
activesupport (4.
|
31
|
-
i18n (~> 0.
|
35
|
+
activerecord (4.2.0)
|
36
|
+
activemodel (= 4.2.0)
|
37
|
+
activesupport (= 4.2.0)
|
38
|
+
arel (~> 6.0)
|
39
|
+
activesupport (4.2.0)
|
40
|
+
i18n (~> 0.7)
|
32
41
|
json (~> 1.7, >= 1.7.7)
|
33
42
|
minitest (~> 5.1)
|
34
|
-
thread_safe (~> 0.
|
43
|
+
thread_safe (~> 0.3, >= 0.3.4)
|
35
44
|
tzinfo (~> 1.1)
|
36
45
|
ansi (1.4.3)
|
37
46
|
appraisal (1.0.2)
|
38
47
|
bundler
|
39
48
|
rake
|
40
49
|
thor (>= 0.14.0)
|
41
|
-
arel (
|
50
|
+
arel (6.0.0)
|
42
51
|
builder (3.2.2)
|
43
52
|
codeclimate-test-reporter (0.4.1)
|
44
53
|
simplecov (>= 0.7.1, < 1.0.0)
|
45
54
|
docile (1.1.5)
|
46
55
|
erubis (2.7.0)
|
56
|
+
globalid (0.3.0)
|
57
|
+
activesupport (>= 4.1.0)
|
47
58
|
hike (1.2.3)
|
48
|
-
i18n (0.
|
59
|
+
i18n (0.7.0)
|
49
60
|
json (1.8.1)
|
61
|
+
loofah (2.0.1)
|
62
|
+
nokogiri (>= 1.5.9)
|
50
63
|
mail (2.6.3)
|
51
64
|
mime-types (>= 1.16, < 3)
|
52
65
|
mime-types (2.4.3)
|
66
|
+
mini_portile (0.6.2)
|
53
67
|
minitap (0.5.3)
|
54
68
|
minitest (~> 5.0)
|
55
69
|
minitest-reporter-api (>= 0.0.2)
|
56
70
|
tapout (>= 0.3.0)
|
57
|
-
minitest (5.
|
71
|
+
minitest (5.5.0)
|
58
72
|
minitest-reporter-api (0.0.5)
|
59
73
|
minitest (~> 5.0)
|
60
74
|
multi_json (1.10.1)
|
61
|
-
|
75
|
+
nokogiri (1.6.5)
|
76
|
+
mini_portile (~> 0.6.0)
|
77
|
+
rack (1.6.0)
|
62
78
|
rack-test (0.6.2)
|
63
79
|
rack (>= 1.0)
|
64
|
-
rails (4.
|
65
|
-
actionmailer (= 4.
|
66
|
-
actionpack (= 4.
|
67
|
-
actionview (= 4.
|
68
|
-
|
69
|
-
|
70
|
-
|
80
|
+
rails (4.2.0)
|
81
|
+
actionmailer (= 4.2.0)
|
82
|
+
actionpack (= 4.2.0)
|
83
|
+
actionview (= 4.2.0)
|
84
|
+
activejob (= 4.2.0)
|
85
|
+
activemodel (= 4.2.0)
|
86
|
+
activerecord (= 4.2.0)
|
87
|
+
activesupport (= 4.2.0)
|
71
88
|
bundler (>= 1.3.0, < 2.0)
|
72
|
-
railties (= 4.
|
73
|
-
sprockets-rails
|
74
|
-
|
75
|
-
|
76
|
-
|
89
|
+
railties (= 4.2.0)
|
90
|
+
sprockets-rails
|
91
|
+
rails-deprecated_sanitizer (1.0.3)
|
92
|
+
activesupport (>= 4.2.0.alpha)
|
93
|
+
rails-dom-testing (1.0.5)
|
94
|
+
activesupport (>= 4.2.0.beta, < 5.0)
|
95
|
+
nokogiri (~> 1.6.0)
|
96
|
+
rails-deprecated_sanitizer (>= 1.0.1)
|
97
|
+
rails-html-sanitizer (1.0.1)
|
98
|
+
loofah (~> 2.0)
|
99
|
+
railties (4.2.0)
|
100
|
+
actionpack (= 4.2.0)
|
101
|
+
activesupport (= 4.2.0)
|
77
102
|
rake (>= 0.8.7)
|
78
103
|
thor (>= 0.18.1, < 2.0)
|
79
|
-
rake (10.
|
104
|
+
rake (10.4.2)
|
80
105
|
simplecov (0.9.1)
|
81
106
|
docile (~> 1.1.0)
|
82
107
|
multi_json (~> 1.0)
|
data/README.md
CHANGED
@@ -99,12 +99,32 @@ user.has_no_role! :support, School
|
|
99
99
|
You can see more about all this stuff in the wiki under [Role
|
100
100
|
Subsystem](//github.com/be9/acl9/wiki/Role-Subsystem)
|
101
101
|
|
102
|
+
## Database Setup
|
103
|
+
|
104
|
+
As mentioned in [Role Subsystem](//github.com/be9/acl9/wiki/Role-Subsystem) you
|
105
|
+
don't have to use these, if your role system is very simple all you need is a
|
106
|
+
`has_role?` method in your subject model that returns a boolean and the Access
|
107
|
+
Control part of Acl9 will work from that.
|
108
|
+
|
109
|
+
However, most commonly, the roles and role assignments are stored in two new
|
110
|
+
tables that you create specifically for Acl9. There's a rails generator for
|
111
|
+
creating the migrations, role model and updating the subject model and
|
112
|
+
optionally any number of object models.
|
113
|
+
|
114
|
+
You can view the USAGE for this generator by running the following in your app
|
115
|
+
directory:
|
116
|
+
|
117
|
+
```sh
|
118
|
+
bin/rails g acl9:setup -h
|
119
|
+
```
|
120
|
+
|
102
121
|
## Configuration
|
103
122
|
|
104
123
|
There are five configurable settings. These all have sensible defaults which can
|
105
|
-
be easily overridden
|
106
|
-
|
107
|
-
|
124
|
+
be easily overridden in `config/initializers/acl9.rb`
|
125
|
+
|
126
|
+
You can also override each of the `:default_*` settings (dropping the "default_"
|
127
|
+
prefix) in your models/controllers - see below for more detail:
|
108
128
|
|
109
129
|
### :default_role_class_name
|
110
130
|
|
@@ -127,10 +147,24 @@ Set to `'User'` and can be overridden in your
|
|
127
147
|
Set to `:current_user` and can be overridden in
|
128
148
|
your controllers, [see the wiki for more](//github.com/be9/acl9/wiki/Access-Control-Subsystem#subject_method).
|
129
149
|
|
150
|
+
### :default_join_table_name
|
151
|
+
|
152
|
+
This is set to `nil` by default, which will mean it will use the Rails method of
|
153
|
+
calculating the join table name for a `has_and_belongs_to_many` (eg.
|
154
|
+
`users_roles`). Remember that if you override this value, either do it before
|
155
|
+
you run `rails g acl9:setup` or be sure to update your migration or database.
|
156
|
+
|
157
|
+
### :normalize_role_names
|
158
|
+
|
159
|
+
Set to `true` (see "Upgrade Notes" below if you're upgrading) and can only be
|
160
|
+
changed by setting it in `Acl9.config`. When true this causes Acl9 to normalize
|
161
|
+
your role names, normalization is `.to_s.underscore.singularize`. This is done
|
162
|
+
on both the setter and getter.
|
163
|
+
|
130
164
|
### :protect_global_roles
|
131
165
|
|
132
166
|
Set to `true` (see "Upgrade Notes" below if you're upgrading) and can only be
|
133
|
-
changed by merging into `Acl9
|
167
|
+
changed by merging into `Acl9.config`. This setting changes how global roles
|
134
168
|
(ie. roles with no object) are treated.
|
135
169
|
|
136
170
|
Say we set a role like so:
|
@@ -160,14 +194,27 @@ all be granted a privilege by allowing the global `:admin` role.
|
|
160
194
|
|
161
195
|
```ruby
|
162
196
|
# config/initializers/acl9.rb
|
163
|
-
Acl9
|
197
|
+
Acl9.config.default_association_name = :roles
|
164
198
|
|
165
199
|
# or...
|
166
|
-
Acl9
|
200
|
+
Acl9.configure do |c|
|
201
|
+
c.default_association_name = :roles
|
202
|
+
end
|
203
|
+
```
|
204
|
+
|
205
|
+
### Reset Defaults
|
206
|
+
|
207
|
+
On the off chance that you ever need to reset the config back to its default you
|
208
|
+
can use:
|
209
|
+
|
210
|
+
```ruby
|
211
|
+
Acl9.config.reset!
|
167
212
|
```
|
168
213
|
|
169
214
|
## Upgrade Notes
|
170
215
|
|
216
|
+
### Acl9 now protects global roles by default
|
217
|
+
|
171
218
|
Please, PLEASE, **PLEASE** note. If you're upgrading from the `0.x` series of acl9
|
172
219
|
then there's an important change in one of the defaults for `1.x`. We flipped
|
173
220
|
the default value of `:protect_global_roles` from `false` to `true`.
|
@@ -203,6 +250,29 @@ user.has_role? :manager # => false
|
|
203
250
|
In words, in 1.x just because you're the `:manager` of a `department` that
|
204
251
|
doesn't make you a global `:manager` (anymore).
|
205
252
|
|
253
|
+
### Acl9 now normalizes role names by default
|
254
|
+
|
255
|
+
So basically we downcase, underscore, and singularize your role names, so:
|
256
|
+
|
257
|
+
```ruby
|
258
|
+
user.has_role! 'FooBars'
|
259
|
+
|
260
|
+
user.has_role? 'FooBars' # => true
|
261
|
+
user.has_role? :foo_bar # => true
|
262
|
+
|
263
|
+
user.has_role! :foo_bar # => nil, because it was already set above
|
264
|
+
```
|
265
|
+
|
266
|
+
If you're upgrading then you will want to do something like this:
|
267
|
+
|
268
|
+
```ruby
|
269
|
+
Role.all.each do |role|
|
270
|
+
role.update! name: role.name.underscore.singularize
|
271
|
+
end
|
272
|
+
```
|
273
|
+
|
274
|
+
**Then check for any duplicates** and resolve those manually.
|
275
|
+
|
206
276
|
## Community
|
207
277
|
|
208
278
|
**IRC:** Please drop in for a chat on #acl9 on Freenode, [use
|
data/gemfiles/rails_4.2.gemfile
CHANGED
data/lib/acl9.rb
CHANGED
@@ -4,15 +4,33 @@ require 'acl9/controller_extensions'
|
|
4
4
|
require 'acl9/helpers'
|
5
5
|
|
6
6
|
module Acl9
|
7
|
-
|
7
|
+
CONFIG = {
|
8
8
|
:default_role_class_name => 'Role',
|
9
9
|
:default_subject_class_name => 'User',
|
10
10
|
:default_subject_method => :current_user,
|
11
11
|
:default_association_name => :role_objects,
|
12
|
+
:default_join_table_name => nil,
|
12
13
|
:protect_global_roles => true,
|
13
|
-
|
14
|
+
:normalize_role_names => true,
|
15
|
+
}.freeze
|
16
|
+
|
17
|
+
class Config < Struct.new(*CONFIG.keys )
|
18
|
+
def [] k; send k.to_sym; end
|
19
|
+
def []= k, v; send "#{k}=", v; end
|
20
|
+
def reset!
|
21
|
+
Acl9::CONFIG.each do |k,v|
|
22
|
+
send "#{k}=", v
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
@@config = Config.new( *CONFIG.values_at(*Config.members))
|
14
28
|
|
15
29
|
mattr_reader :config
|
30
|
+
|
31
|
+
def self.configure
|
32
|
+
yield config
|
33
|
+
end
|
16
34
|
end
|
17
35
|
|
18
36
|
ActiveRecord::Base.send(:include, Acl9::ModelExtensions)
|
@@ -101,7 +101,7 @@ module Acl9
|
|
101
101
|
when logged_in then "!#{_subject_ref}.nil?"
|
102
102
|
when all then "true"
|
103
103
|
else
|
104
|
-
"!#{_subject_ref}.nil? && #{_subject_ref}.has_role?('#{who
|
104
|
+
"!#{_subject_ref}.nil? && #{_subject_ref}.has_role?('#{who}', #{object})"
|
105
105
|
end
|
106
106
|
end
|
107
107
|
|
@@ -80,7 +80,17 @@ module Acl9
|
|
80
80
|
|
81
81
|
has_many :accepted_roles, :as => :authorizable, :class_name => role, :dependent => :destroy
|
82
82
|
|
83
|
-
|
83
|
+
subj_assoc = "assoc_#{subj_table}".to_sym
|
84
|
+
has_many subj_assoc, -> { distinct.readonly }, source: subj_table.to_sym, through: :accepted_roles
|
85
|
+
|
86
|
+
define_method subj_table.to_sym do |role_name=nil|
|
87
|
+
rel = send subj_assoc
|
88
|
+
|
89
|
+
if role_name
|
90
|
+
rel = rel.where role.constantize.table_name.to_sym => { name: role_name }
|
91
|
+
end
|
92
|
+
rel
|
93
|
+
end
|
84
94
|
|
85
95
|
include Acl9::ModelExtensions::ForObject
|
86
96
|
end
|
@@ -35,6 +35,7 @@ module Acl9
|
|
35
35
|
#
|
36
36
|
# @see Acl9::ModelExtensions::Object#accepts_role?
|
37
37
|
def has_role?(role_name, object = nil)
|
38
|
+
role_name = normalize role_name
|
38
39
|
!! if object.nil? && !::Acl9.config[:protect_global_roles]
|
39
40
|
self._role_objects.find_by_name(role_name.to_s) ||
|
40
41
|
self._role_objects.member?(get_role(role_name, nil))
|
@@ -51,6 +52,7 @@ module Acl9
|
|
51
52
|
# @param [Object] object Object to add a role for
|
52
53
|
# @see Acl9::ModelExtensions::Object#accepts_role!
|
53
54
|
def has_role!(role_name, object = nil)
|
55
|
+
role_name = normalize role_name
|
54
56
|
role = get_role(role_name, object)
|
55
57
|
|
56
58
|
if role.nil?
|
@@ -73,6 +75,7 @@ module Acl9
|
|
73
75
|
# @param [Object] object Object to remove a role on
|
74
76
|
# @see Acl9::ModelExtensions::Object#accepts_no_role!
|
75
77
|
def has_no_role!(role_name, object = nil)
|
78
|
+
role_name = normalize role_name
|
76
79
|
delete_role(get_role(role_name, object))
|
77
80
|
end
|
78
81
|
|
@@ -141,7 +144,7 @@ module Acl9
|
|
141
144
|
end
|
142
145
|
|
143
146
|
def get_role(role_name, object)
|
144
|
-
role_name = role_name
|
147
|
+
role_name = normalize role_name
|
145
148
|
|
146
149
|
cond = case object
|
147
150
|
when Class
|
@@ -173,6 +176,10 @@ module Acl9
|
|
173
176
|
end
|
174
177
|
end
|
175
178
|
|
179
|
+
def normalize role_name
|
180
|
+
Acl9.config[:normalize_role_names] ? role_name.to_s.underscore.singularize : role_name.to_s
|
181
|
+
end
|
182
|
+
|
176
183
|
protected
|
177
184
|
|
178
185
|
def _auth_role_class
|
data/lib/acl9/version.rb
CHANGED
@@ -0,0 +1,35 @@
|
|
1
|
+
Description:
|
2
|
+
Installs the basic framework for Acl9. Creates the necessary migration for
|
3
|
+
your new roles table and the join table for associating roles with users.
|
4
|
+
|
5
|
+
The optional arguments are as follows:
|
6
|
+
|
7
|
+
subject: if you want something other than 'User'
|
8
|
+
role: if you want something other than 'Role'
|
9
|
+
objects: space separated list of class names of objects that you can
|
10
|
+
attach roles to (see the docs)
|
11
|
+
|
12
|
+
Examples:
|
13
|
+
`rails g acl9:setup`
|
14
|
+
|
15
|
+
This will create:
|
16
|
+
Migration: db/migrate/XXX_create_role_tables.rb
|
17
|
+
Role Model: app/models/role.rb
|
18
|
+
Config: config/initializers/acl9.rb
|
19
|
+
|
20
|
+
And it will update (or create a skeleton):
|
21
|
+
Subject Model: app/models/user.rb
|
22
|
+
|
23
|
+
`rails g acl9:setup account permission school classroom department`
|
24
|
+
|
25
|
+
This will create:
|
26
|
+
Migration: db/migrate/XXX_create_permission_tables.rb
|
27
|
+
Role Model: app/models/permission.rb
|
28
|
+
Config: config/initializers/acl9.rb
|
29
|
+
|
30
|
+
And it will update (or create a skeleton):
|
31
|
+
Subject Model: app/models/account.rb
|
32
|
+
Object Models: app/models/school.rb
|
33
|
+
app/models/classroom.rb
|
34
|
+
app/models/department.rb
|
35
|
+
|
@@ -0,0 +1,115 @@
|
|
1
|
+
require "rails/generators/active_record"
|
2
|
+
|
3
|
+
module Acl9
|
4
|
+
class SetupGenerator < Rails::Generators::Base
|
5
|
+
include ActiveRecord::Generators::Migration
|
6
|
+
|
7
|
+
source_root File.expand_path('../templates', __FILE__)
|
8
|
+
|
9
|
+
argument :arg_subject, type: :string, default: 'user', banner: "subject"
|
10
|
+
argument :arg_role, type: :string, default: 'role', banner: "role"
|
11
|
+
argument :arg_objects, type: :array, default: [], banner: "objects..."
|
12
|
+
|
13
|
+
def create_migration
|
14
|
+
next_migration_number = self.class.next_migration_number( File.expand_path( '../db/migrate', __FILE__))
|
15
|
+
template "create_role_tables.rb", "db/migrate/#{next_migration_number}_create_#{role_name}_tables.rb"
|
16
|
+
end
|
17
|
+
|
18
|
+
def create_models
|
19
|
+
template "role.rb", "app/models/#{role_name}.rb"
|
20
|
+
|
21
|
+
objects.each do |object|
|
22
|
+
my_inject "app/models/#{object}.rb", object.classify, " #{object_helper}\n"
|
23
|
+
end
|
24
|
+
|
25
|
+
my_inject "app/models/#{subject_name}.rb", subject_class_name, " #{subject_helper}\n"
|
26
|
+
end
|
27
|
+
|
28
|
+
def create_initializer
|
29
|
+
initializer "acl9.rb" do
|
30
|
+
<<-RUBY.strip_heredoc
|
31
|
+
# See https://github.com/be9/acl9#configuration for details
|
32
|
+
#
|
33
|
+
# Acl9.configure do |c|
|
34
|
+
# c.default_role_class_name = 'Role'
|
35
|
+
# c.default_subject_class_name = 'User'
|
36
|
+
# c.default_subject_method = :current_user
|
37
|
+
# c.default_association_name = :role_objects
|
38
|
+
# c.default_join_table_name = nil
|
39
|
+
# c.protect_global_roles = true
|
40
|
+
# c.normalize_role_names = true
|
41
|
+
# end
|
42
|
+
RUBY
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
private
|
47
|
+
def role_name
|
48
|
+
arg_role.underscore.singularize
|
49
|
+
end
|
50
|
+
|
51
|
+
def role_table_name
|
52
|
+
role_name.tableize
|
53
|
+
end
|
54
|
+
|
55
|
+
def role_class_name
|
56
|
+
role_name.classify
|
57
|
+
end
|
58
|
+
|
59
|
+
def habtm_table
|
60
|
+
Acl9.config.default_join_table_name || [ subject_name, role_name ].map(&:pluralize).sort.join('_')
|
61
|
+
end
|
62
|
+
|
63
|
+
def subject_helper
|
64
|
+
"acts_as_authorization_subject" + ( subject_options ? " #{subject_options}" : '' )
|
65
|
+
end
|
66
|
+
|
67
|
+
def object_helper
|
68
|
+
"acts_as_authorization_object" + ( object_options ? " #{object_options}" : '' )
|
69
|
+
end
|
70
|
+
|
71
|
+
def role_helper
|
72
|
+
"acts_as_authorization_role" + ( role_options ? " #{role_options}" : '' )
|
73
|
+
end
|
74
|
+
|
75
|
+
def my_inject file_name, class_name, string
|
76
|
+
inject_into_class file_name, class_name, string
|
77
|
+
rescue Errno::ENOENT
|
78
|
+
create_file file_name do
|
79
|
+
<<-RUBY.strip_heredoc
|
80
|
+
class #{class_name} < ActiveRecord::Base
|
81
|
+
#{string}
|
82
|
+
end
|
83
|
+
RUBY
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
def role_options
|
88
|
+
if defined?(Acl9::config) && Acl9::config[:default_subject_class_name].to_s.classify != subject_class_name
|
89
|
+
"subject_class_name: #{subject_class_name}"
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
def subject_options
|
94
|
+
if defined?(Acl9::config) && Acl9::config[:default_role_class_name].to_s.classify != role_class_name
|
95
|
+
"role_class_name: #{role_class_name}"
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
def object_options
|
100
|
+
[ role_options, subject_options ].compact.join ', '
|
101
|
+
end
|
102
|
+
|
103
|
+
def subject_name
|
104
|
+
@subject_name ||= arg_subject.underscore.singularize
|
105
|
+
end
|
106
|
+
|
107
|
+
def objects
|
108
|
+
@objects ||= arg_objects.map{|o|o.underscore.singularize}
|
109
|
+
end
|
110
|
+
|
111
|
+
def subject_class_name
|
112
|
+
subject_name.classify
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class Create<%= role_class_name %>Tables < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :<%= role_table_name %> do |t|
|
4
|
+
t.string :name, null: false
|
5
|
+
t.string :authorizable_type, null: true
|
6
|
+
t.integer :authorizable_id, null: true
|
7
|
+
t.boolean :system, default: false, null: false
|
8
|
+
t.timestamps null: false
|
9
|
+
end
|
10
|
+
|
11
|
+
add_index :<%= role_table_name %>, :name
|
12
|
+
add_index :<%= role_table_name %>, [:authorizable_type, :authorizable_id]
|
13
|
+
|
14
|
+
create_table :<%= habtm_table %>, id: false do |t|
|
15
|
+
t.references :<%= subject_name %>, null: false
|
16
|
+
t.references :<%= role_name %>, null: false
|
17
|
+
end
|
18
|
+
|
19
|
+
add_index :<%= habtm_table %>, :<%= subject_name %>_id
|
20
|
+
add_index :<%= habtm_table %>, :<%= role_name %>_id
|
21
|
+
end
|
22
|
+
end
|
data/test/config_test.rb
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class ConfigTest < ActiveSupport::TestCase
|
4
|
+
teardown do
|
5
|
+
Acl9.config.reset!
|
6
|
+
end
|
7
|
+
|
8
|
+
test "configure block API" do
|
9
|
+
assert new_method = :fruitcake
|
10
|
+
Acl9.configure do |c|
|
11
|
+
assert c.default_subject_method = new_method
|
12
|
+
end
|
13
|
+
|
14
|
+
assert_equal new_method, Acl9.config.default_subject_method
|
15
|
+
assert_equal new_method, Acl9.config[:default_subject_method]
|
16
|
+
assert_equal new_method, Acl9::config[:default_subject_method]
|
17
|
+
end
|
18
|
+
|
19
|
+
test "method API" do
|
20
|
+
assert new_method = :seesaw
|
21
|
+
Acl9.config.default_subject_method = new_method
|
22
|
+
|
23
|
+
assert_equal new_method, Acl9.config.default_subject_method
|
24
|
+
assert_equal new_method, Acl9.config[:default_subject_method]
|
25
|
+
assert_equal new_method, Acl9::config[:default_subject_method]
|
26
|
+
end
|
27
|
+
|
28
|
+
test "hash API" do
|
29
|
+
assert new_method = :sandcastle
|
30
|
+
assert Acl9.config[:default_subject_method] = new_method
|
31
|
+
|
32
|
+
assert_equal new_method, Acl9.config.default_subject_method
|
33
|
+
assert_equal new_method, Acl9.config[:default_subject_method]
|
34
|
+
assert_equal new_method, Acl9::config[:default_subject_method]
|
35
|
+
end
|
36
|
+
|
37
|
+
test "reset!" do
|
38
|
+
assert new_method = :bluesky
|
39
|
+
assert Acl9.config.default_subject_method = new_method
|
40
|
+
|
41
|
+
assert Acl9.config.reset!
|
42
|
+
|
43
|
+
refute_equal new_method, Acl9.config.default_subject_method
|
44
|
+
end
|
45
|
+
|
46
|
+
test "errors when missing option" do
|
47
|
+
assert_raises NoMethodError do
|
48
|
+
Acl9.config[:does_not_exist] = :foo
|
49
|
+
end
|
50
|
+
|
51
|
+
assert_raises NoMethodError do
|
52
|
+
Acl9.config[:does_not_exist]
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
@@ -20,7 +20,7 @@ Dummy::Application.configure do
|
|
20
20
|
# config.action_dispatch.rack_cache = true
|
21
21
|
|
22
22
|
# Disable Rails's static asset server (Apache or nginx will already do this).
|
23
|
-
config.
|
23
|
+
config.serve_static_files = false
|
24
24
|
|
25
25
|
# Compress JavaScripts and CSS.
|
26
26
|
config.assets.js_compressor = :uglifier
|
@@ -13,7 +13,7 @@ Dummy::Application.configure do
|
|
13
13
|
config.eager_load = false
|
14
14
|
|
15
15
|
# Configure static asset server for tests with Cache-Control for performance.
|
16
|
-
config.
|
16
|
+
config.serve_static_files = true
|
17
17
|
config.static_cache_control = 'public, max-age=3600'
|
18
18
|
|
19
19
|
# Show full error reports and disable caching.
|
data/test/models/roles_test.rb
CHANGED
@@ -8,6 +8,11 @@ class RolesTest < ActiveSupport::TestCase
|
|
8
8
|
assert @bar = Bar.create
|
9
9
|
end
|
10
10
|
|
11
|
+
teardown do
|
12
|
+
Acl9.config[:normalize_role_names] = true
|
13
|
+
Acl9.config[:protect_global_roles] = true
|
14
|
+
end
|
15
|
+
|
11
16
|
test "should not have any roles by default" do
|
12
17
|
%w(user manager admin owner).each do |role|
|
13
18
|
refute @user.has_role? role
|
@@ -62,8 +67,6 @@ class RolesTest < ActiveSupport::TestCase
|
|
62
67
|
|
63
68
|
assert @user.has_role! :manager, @foo
|
64
69
|
assert @user.has_role? :manager
|
65
|
-
|
66
|
-
Acl9.config[:protect_global_roles] = true
|
67
70
|
end
|
68
71
|
|
69
72
|
test "should not count object role as object class role" do
|
@@ -271,6 +274,53 @@ class RolesTest < ActiveSupport::TestCase
|
|
271
274
|
refute @foo.accepts_role? :admin, @user
|
272
275
|
end
|
273
276
|
|
277
|
+
test "roles ignore pluralization" do
|
278
|
+
assert @user.has_role! :manager
|
279
|
+
assert @user.has_role? :manager
|
280
|
+
|
281
|
+
assert @user.has_role? :managers
|
282
|
+
assert @user.has_role? 'Manager'
|
283
|
+
assert @user.has_role? 'Managers'
|
284
|
+
|
285
|
+
assert_nil @user.has_role! :managers
|
286
|
+
assert_nil @user.has_role! 'Manager'
|
287
|
+
assert_nil @user.has_role! 'Managers'
|
288
|
+
|
289
|
+
assert @user2.has_role! :managers
|
290
|
+
assert @user2.has_role? :managers
|
291
|
+
assert @user2.has_role? :manager
|
292
|
+
|
293
|
+
assert_nil @user2.has_role! :manager
|
294
|
+
end
|
295
|
+
|
296
|
+
test "non-normalized roles work properly" do
|
297
|
+
Acl9.config[:normalize_role_names] = false
|
298
|
+
assert @user.has_role! :manager
|
299
|
+
assert @user.has_role? :manager
|
300
|
+
refute @user.has_role? :managers
|
301
|
+
|
302
|
+
assert @user.has_role! :managers
|
303
|
+
assert @user.has_role! 'Manager'
|
304
|
+
assert @user.has_role! 'Managers'
|
305
|
+
|
306
|
+
assert_equal 4, @user.role_objects.count
|
307
|
+
|
308
|
+
assert @user2.has_role! :managers
|
309
|
+
assert @user2.has_role? :managers
|
310
|
+
refute @user2.has_role? :manager
|
311
|
+
|
312
|
+
assert @user2.has_role! :manager
|
313
|
+
end
|
314
|
+
|
315
|
+
test "subjects by role" do
|
316
|
+
assert @user.has_role! :admin, @foo
|
317
|
+
assert @user2.has_role! :manager, @foo
|
318
|
+
|
319
|
+
assert_equal_elements [ @user, @user2 ], @foo.users
|
320
|
+
assert_equal_elements [ @user ], @foo.users(:admin)
|
321
|
+
assert_equal_elements [ @user2 ], @foo.users(:manager)
|
322
|
+
end
|
323
|
+
|
274
324
|
private
|
275
325
|
|
276
326
|
def set_some_roles
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: acl9
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- oleg dashevskii
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2015-01-12 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -118,6 +118,11 @@ files:
|
|
118
118
|
- lib/acl9/model_extensions/for_object.rb
|
119
119
|
- lib/acl9/model_extensions/for_subject.rb
|
120
120
|
- lib/acl9/version.rb
|
121
|
+
- lib/generators/acl9/setup/USAGE
|
122
|
+
- lib/generators/acl9/setup/setup_generator.rb
|
123
|
+
- lib/generators/acl9/setup/templates/create_role_tables.rb
|
124
|
+
- lib/generators/acl9/setup/templates/role.rb
|
125
|
+
- test/config_test.rb
|
121
126
|
- test/controller_extensions/actions_test.rb
|
122
127
|
- test/controller_extensions/anon_test.rb
|
123
128
|
- test/controller_extensions/base.rb
|
@@ -229,6 +234,7 @@ specification_version: 4
|
|
229
234
|
summary: Role-based authorization system for Rails with a concise DSL for securing
|
230
235
|
your Rails application.
|
231
236
|
test_files:
|
237
|
+
- test/config_test.rb
|
232
238
|
- test/controller_extensions/actions_test.rb
|
233
239
|
- test/controller_extensions/anon_test.rb
|
234
240
|
- test/controller_extensions/base.rb
|