aclatraz 0.0.1 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.rdoc +21 -0
- data/README.rdoc +221 -57
- data/Rakefile +9 -2
- data/TODO.rdoc +6 -0
- data/VERSION +1 -1
- data/aclatraz.gemspec +88 -0
- data/examples/dinner.rb +71 -0
- data/lib/aclatraz.rb +34 -12
- data/lib/aclatraz/acl.rb +82 -7
- data/lib/aclatraz/guard.rb +139 -57
- data/lib/aclatraz/helpers.rb +14 -6
- data/lib/aclatraz/store.rb +3 -7
- data/lib/aclatraz/store/redis.rb +11 -11
- data/lib/aclatraz/suspect.rb +157 -57
- data/spec/aclatraz/acl_spec.rb +8 -3
- data/spec/aclatraz/guard_spec.rb +178 -121
- data/spec/aclatraz/stores_spec.rb +1 -26
- data/spec/aclatraz/suspect_spec.rb +25 -25
- data/spec/aclatraz_spec.rb +16 -2
- data/spec/alcatraz_bm.rb +54 -0
- data/spec/spec_helper.rb +7 -0
- metadata +12 -5
@@ -30,16 +30,6 @@ STORE_SPECS = proc do
|
|
30
30
|
subject.check("bar", owner, target).should be_false
|
31
31
|
end
|
32
32
|
|
33
|
-
it "should allow to fetch list of permissions for current role" do
|
34
|
-
subject.set("bar", owner)
|
35
|
-
subject.set("bar", owner, target)
|
36
|
-
class << owner; def id; 20; end; end
|
37
|
-
subject.set("bar", owner, StubTarget)
|
38
|
-
|
39
|
-
(subject.permissions("bar") - ["15", "15/StubTarget/10", "20/StubTarget"]).should be_empty
|
40
|
-
subject.permissions("lala").should be_empty
|
41
|
-
end
|
42
|
-
|
43
33
|
it "should allow to fetch whole list of roles" do
|
44
34
|
subject.set("foo", owner)
|
45
35
|
subject.set("bar", owner)
|
@@ -59,28 +49,13 @@ STORE_SPECS = proc do
|
|
59
49
|
end
|
60
50
|
|
61
51
|
describe "Aclatraz" do
|
62
|
-
it "should raise InvalidStore error when given store doesn't exists" do
|
63
|
-
lambda { Aclatraz.store(:fooobar) }.should raise_error(Aclatraz::InvalidStore)
|
64
|
-
end
|
65
|
-
|
66
|
-
it "should raise StoreNotInitialized error when store has not been set yet" do
|
67
|
-
Aclatraz.instance_variable_set('@store', nil)
|
68
|
-
lambda { Aclatraz.store }.should raise_error(Aclatraz::StoreNotInitialized)
|
69
|
-
end
|
70
|
-
|
71
|
-
it "should properly set datastore when class given" do
|
72
|
-
class TestStore; end
|
73
|
-
lambda { Aclatraz.store(TestStore) }.should_not raise_error
|
74
|
-
Aclatraz.store.should be_kind_of(TestStore)
|
75
|
-
end
|
76
|
-
|
77
52
|
let(:owner) { StubOwner.new }
|
78
53
|
let(:target) { StubTarget.new }
|
79
54
|
|
80
55
|
describe "Redis store" do
|
81
56
|
before(:all) { @redis = Thread.new { `redis-server` } }
|
82
57
|
after(:all) { @redis.exit! }
|
83
|
-
subject { Aclatraz.
|
58
|
+
subject { Aclatraz.init(:redis, "redis://localhost:6379/0") }
|
84
59
|
before(:each) { subject.clear }
|
85
60
|
|
86
61
|
class_eval &STORE_SPECS
|
@@ -1,41 +1,41 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe "Aclatraz suspect" do
|
4
|
-
before(:all) { Aclatraz.
|
4
|
+
before(:all) { Aclatraz.init(:redis, "redis://localhost:6379/0") }
|
5
5
|
subject { StubSuspect.new }
|
6
6
|
let(:target) { StubTarget.new }
|
7
7
|
|
8
8
|
its(:acl_suspect?) { should be_true }
|
9
9
|
|
10
10
|
it "1: should properly set given role" do
|
11
|
-
subject.
|
12
|
-
subject.
|
13
|
-
subject.
|
11
|
+
subject.roles.assign(:foobar1)
|
12
|
+
subject.roles.assign(:foobar2, StubTarget)
|
13
|
+
subject.roles.assign(:foobar3, target)
|
14
14
|
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
subject.roles.has?(:foobar1).should be_true
|
16
|
+
subject.roles.has?(:foobar2, StubTarget).should be_true
|
17
|
+
subject.roles.has?(:foobar3, target).should be_true
|
18
18
|
end
|
19
19
|
|
20
20
|
it "2: should properly check given permissions" do
|
21
|
-
subject.
|
22
|
-
subject.
|
23
|
-
subject.
|
24
|
-
subject.
|
21
|
+
subject.roles.has?(:foobar1).should be_true
|
22
|
+
subject.roles.has?(:foobar2, StubTarget).should be_true
|
23
|
+
subject.roles.has?(:foobar3, target).should be_true
|
24
|
+
subject.roles.has?(:foobar1, StubTarget).should be_false
|
25
25
|
end
|
26
26
|
|
27
27
|
it "3: should allow to get list of roles assigned to user" do
|
28
|
-
(subject.roles - ["foobar1", "foobar2", "foobar3"]) .should be_empty
|
28
|
+
(subject.roles.all - ["foobar1", "foobar2", "foobar3"]) .should be_empty
|
29
29
|
end
|
30
30
|
|
31
31
|
it "4: should properly remove given permissions" do
|
32
|
-
subject.
|
33
|
-
subject.
|
34
|
-
subject.
|
32
|
+
subject.roles.delete(:foobar1)
|
33
|
+
subject.roles.delete(:foobar2, StubTarget)
|
34
|
+
subject.roles.delete(:foobar3, target)
|
35
35
|
|
36
|
-
subject.
|
37
|
-
subject.
|
38
|
-
subject.
|
36
|
+
subject.roles.has?(:foobar1).should be_false
|
37
|
+
subject.roles.has?(:foobar2, StubTarget).should be_false
|
38
|
+
subject.roles.has?(:foobar3, target).should be_false
|
39
39
|
end
|
40
40
|
|
41
41
|
describe "syntactic sugars" do
|
@@ -48,13 +48,13 @@ describe "Aclatraz suspect" do
|
|
48
48
|
subject.is.foobar6_by!(target)
|
49
49
|
subject.is.foobar7_in!(target)
|
50
50
|
|
51
|
-
subject.
|
52
|
-
subject.
|
53
|
-
subject.
|
54
|
-
subject.
|
55
|
-
subject.
|
56
|
-
subject.
|
57
|
-
subject.
|
51
|
+
subject.roles.has?(:foobar1).should be_true
|
52
|
+
subject.roles.has?(:foobar2_of, StubTarget).should be_true
|
53
|
+
subject.roles.has?(:foobar3_for, target).should be_true
|
54
|
+
subject.roles.has?(:foobar4_of, target).should be_true
|
55
|
+
subject.roles.has?(:foobar5_at, target).should be_true
|
56
|
+
subject.roles.has?(:foobar6_by, target).should be_true
|
57
|
+
subject.roles.has?(:foobar7_in, target).should be_true
|
58
58
|
end
|
59
59
|
|
60
60
|
it "2: should properly check given permissions" do
|
data/spec/aclatraz_spec.rb
CHANGED
@@ -1,6 +1,20 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe "Aclatraz" do
|
4
|
-
|
4
|
+
describe "on init" do
|
5
|
+
it "should raise InvalidStore error when given store doesn't exists" do
|
6
|
+
lambda { Aclatraz.init(:fooobar) }.should raise_error(Aclatraz::InvalidStore)
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should properly set datastore when class given" do
|
10
|
+
class TestStore; end
|
11
|
+
lambda { Aclatraz.init(TestStore) }.should_not raise_error
|
12
|
+
Aclatraz.store.should be_kind_of(TestStore)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should raise StoreNotInitialized error when store has not been set yet" do
|
17
|
+
Aclatraz.instance_variable_set('@store', nil)
|
18
|
+
lambda { Aclatraz.store }.should raise_error(Aclatraz::StoreNotInitialized)
|
19
|
+
end
|
5
20
|
end
|
6
|
-
|
data/spec/alcatraz_bm.rb
ADDED
@@ -0,0 +1,54 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
|
3
|
+
require "aclatraz"
|
4
|
+
|
5
|
+
Aclatraz.init :redis, "redis://localhost:6379/0"
|
6
|
+
|
7
|
+
class Account
|
8
|
+
include Aclatraz::Suspect
|
9
|
+
def id; 30; end
|
10
|
+
end
|
11
|
+
|
12
|
+
$account = Account.new
|
13
|
+
$account.is.bla_of!($account)
|
14
|
+
|
15
|
+
class Foo
|
16
|
+
include Aclatraz::Guard
|
17
|
+
|
18
|
+
suspects :account do
|
19
|
+
allow :foo
|
20
|
+
deny :bar
|
21
|
+
on :foo do
|
22
|
+
allow :bla_of => $account
|
23
|
+
allow :foo
|
24
|
+
end
|
25
|
+
on :bar do
|
26
|
+
allow :bar
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def account
|
31
|
+
$account
|
32
|
+
end
|
33
|
+
|
34
|
+
def test
|
35
|
+
guard!(:foo, :bar)
|
36
|
+
rescue
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
$foo = Foo.new
|
41
|
+
|
42
|
+
ns = [1000, 2000, 5000, 10000]
|
43
|
+
|
44
|
+
ns.each do |n|
|
45
|
+
puts "#{n} times:"
|
46
|
+
Benchmark.bm(10) do |bm|
|
47
|
+
bm.report("Assign:") { n.times {|x| $account.assign_role!("foo#{x}") } }
|
48
|
+
bm.report("Check:") { n.times {|x| $account.has_role?("foo#{x}") } }
|
49
|
+
bm.report("Guard:") { n.times {|x| $foo.test } }
|
50
|
+
bm.report("Delete:") { n.times {|x| $account.delete_role!("foo#{x}") } }
|
51
|
+
end
|
52
|
+
puts
|
53
|
+
end
|
54
|
+
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aclatraz
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 27
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
-
- 0
|
9
8
|
- 1
|
10
|
-
|
9
|
+
- 0
|
10
|
+
version: 0.1.0
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Kriss 'nu7hatch' Kowalik
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-09-
|
18
|
+
date: 2010-09-16 00:00:00 +02:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -79,7 +79,7 @@ dependencies:
|
|
79
79
|
version: "1.0"
|
80
80
|
type: :runtime
|
81
81
|
version_requirements: *id004
|
82
|
-
description: Extremaly fast and flexible access control mechanism inspired by *nix ACLs, powered by fast key value stores like Redis or TokyoCabinet
|
82
|
+
description: " Extremaly fast and flexible access control mechanism inspired by *nix ACLs, \n powered by fast key value stores like Redis or TokyoCabinet.\n"
|
83
83
|
email: kriss.kowalik@gmail.com
|
84
84
|
executables: []
|
85
85
|
|
@@ -91,10 +91,14 @@ extra_rdoc_files:
|
|
91
91
|
files:
|
92
92
|
- .document
|
93
93
|
- .gitignore
|
94
|
+
- CHANGELOG.rdoc
|
94
95
|
- LICENSE
|
95
96
|
- README.rdoc
|
96
97
|
- Rakefile
|
98
|
+
- TODO.rdoc
|
97
99
|
- VERSION
|
100
|
+
- aclatraz.gemspec
|
101
|
+
- examples/dinner.rb
|
98
102
|
- lib/aclatraz.rb
|
99
103
|
- lib/aclatraz/acl.rb
|
100
104
|
- lib/aclatraz/guard.rb
|
@@ -108,6 +112,7 @@ files:
|
|
108
112
|
- spec/aclatraz/stores_spec.rb
|
109
113
|
- spec/aclatraz/suspect_spec.rb
|
110
114
|
- spec/aclatraz_spec.rb
|
115
|
+
- spec/alcatraz_bm.rb
|
111
116
|
- spec/spec.opts
|
112
117
|
- spec/spec_helper.rb
|
113
118
|
has_rdoc: true
|
@@ -145,6 +150,7 @@ signing_key:
|
|
145
150
|
specification_version: 3
|
146
151
|
summary: Flexible access control that doesn't sucks!
|
147
152
|
test_files:
|
153
|
+
- spec/alcatraz_bm.rb
|
148
154
|
- spec/spec_helper.rb
|
149
155
|
- spec/aclatraz/guard_spec.rb
|
150
156
|
- spec/aclatraz/helpers_spec.rb
|
@@ -152,3 +158,4 @@ test_files:
|
|
152
158
|
- spec/aclatraz/stores_spec.rb
|
153
159
|
- spec/aclatraz/suspect_spec.rb
|
154
160
|
- spec/aclatraz_spec.rb
|
161
|
+
- examples/dinner.rb
|