action-guard 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.gitignore +42 -0
- data/.rspec +1 -0
- data/Gemfile +14 -0
- data/Gemfile.lock +30 -0
- data/LICENSE.txt +20 -0
- data/README.md +37 -0
- data/Rakefile +59 -0
- data/VERSION +1 -0
- data/action_guard.gemspec +24 -0
- data/lib/action-guard.rb +26 -0
- data/lib/action-guard/base.rb +56 -0
- data/lib/action-guard/role.rb +17 -0
- data/lib/action-guard/rules.rb +38 -0
- data/lib/action-guard/syntax.rb +19 -0
- data/lib/action-guard/version.rb +5 -0
- data/script/authorization.rules +10 -0
- data/script/console +8 -0
- data/spec/action-guard_spec.rb +214 -0
- data/spec/spec_helper.rb +13 -0
- metadata +179 -0
data/.document
ADDED
data/.gitignore
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
# rcov generated
|
2
|
+
coverage
|
3
|
+
|
4
|
+
# rdoc generated
|
5
|
+
rdoc
|
6
|
+
|
7
|
+
# yard generated
|
8
|
+
doc
|
9
|
+
.yardoc
|
10
|
+
|
11
|
+
# bundler
|
12
|
+
.bundle
|
13
|
+
|
14
|
+
# jeweler generated
|
15
|
+
pkg
|
16
|
+
|
17
|
+
# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore:
|
18
|
+
#
|
19
|
+
# * Create a file at ~/.gitignore
|
20
|
+
# * Include files you want ignored
|
21
|
+
# * Run: git config --global core.excludesfile ~/.gitignore
|
22
|
+
#
|
23
|
+
# After doing this, these files will be ignored in all your git projects,
|
24
|
+
# saving you from having to 'pollute' every project you touch with them
|
25
|
+
#
|
26
|
+
# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
|
27
|
+
#
|
28
|
+
# For MacOS:
|
29
|
+
#
|
30
|
+
#.DS_Store
|
31
|
+
#
|
32
|
+
# For TextMate
|
33
|
+
#*.tmproj
|
34
|
+
#tmtags
|
35
|
+
#
|
36
|
+
# For emacs:
|
37
|
+
#*~
|
38
|
+
#\#*
|
39
|
+
#.\#*
|
40
|
+
#
|
41
|
+
# For vim:
|
42
|
+
#*.swp
|
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color
|
data/Gemfile
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
source "http://rubygems.org"
|
2
|
+
# Add dependencies required to use your gem here.
|
3
|
+
# Example:
|
4
|
+
# gem "activesupport", ">= 2.3.5"
|
5
|
+
|
6
|
+
# Add dependencies to develop your gem here.
|
7
|
+
# Include everything needed to run rake, tests, features, etc.
|
8
|
+
group :development do
|
9
|
+
gem "rspec", "~> 2.5.0"
|
10
|
+
gem "bundler", "~> 1.0.0"
|
11
|
+
gem "jeweler", "~> 1.5.2"
|
12
|
+
gem "rcov", ">= 0"
|
13
|
+
gem "ZenTest", ">= 4.2.0"
|
14
|
+
end
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
GEM
|
2
|
+
remote: http://rubygems.org/
|
3
|
+
specs:
|
4
|
+
ZenTest (4.4.2)
|
5
|
+
diff-lcs (1.1.2)
|
6
|
+
git (1.2.5)
|
7
|
+
jeweler (1.5.2)
|
8
|
+
bundler (~> 1.0.0)
|
9
|
+
git (>= 1.2.5)
|
10
|
+
rake
|
11
|
+
rake (0.8.7)
|
12
|
+
rcov (0.9.9)
|
13
|
+
rspec (2.5.0)
|
14
|
+
rspec-core (~> 2.5.0)
|
15
|
+
rspec-expectations (~> 2.5.0)
|
16
|
+
rspec-mocks (~> 2.5.0)
|
17
|
+
rspec-core (2.5.1)
|
18
|
+
rspec-expectations (2.5.0)
|
19
|
+
diff-lcs (~> 1.1.2)
|
20
|
+
rspec-mocks (2.5.0)
|
21
|
+
|
22
|
+
PLATFORMS
|
23
|
+
ruby
|
24
|
+
|
25
|
+
DEPENDENCIES
|
26
|
+
ZenTest (>= 4.2.0)
|
27
|
+
bundler (~> 1.0.0)
|
28
|
+
jeweler (~> 1.5.2)
|
29
|
+
rcov
|
30
|
+
rspec (~> 2.5.0)
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2011 Rob Westgeest
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
ActionGuard is a simple authorization module to be used in rails
|
2
|
+
applications. It well be usable for any other ruby based web framework.
|
3
|
+
|
4
|
+
It's been developed as part of some of my own rails application with the
|
5
|
+
following design principles in mind:
|
6
|
+
|
7
|
+
* roles are string values, and role definitions reside in program code,
|
8
|
+
not in a database.
|
9
|
+
* authorisation rules are collected in one configuration file, rather
|
10
|
+
than spreading them out over controller definitions.
|
11
|
+
* authorisations are on url path matches. In rails' case, you pass
|
12
|
+
'fullpath' to the authorization which is then matched against a set of
|
13
|
+
authorisation rules.
|
14
|
+
|
15
|
+
# Installing
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
# Usage
|
20
|
+
|
21
|
+
Assuming a Rails application you specify an initializer with the
|
22
|
+
following content
|
23
|
+
|
24
|
+
|
25
|
+
|
26
|
+
role :god , 0
|
27
|
+
role :admin, 1
|
28
|
+
role :worker, 2
|
29
|
+
|
30
|
+
allow '/'
|
31
|
+
allow '/tracking', :at_least => :admin
|
32
|
+
allow '/maintenance', :at_least => :worker
|
33
|
+
allow '/maintenance/[0-9]*/edit', :at_least => :admin
|
34
|
+
allow '/maintenance/[0-9]*$', :at_least => :admin
|
35
|
+
|
36
|
+
|
37
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,59 @@
|
|
1
|
+
$LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
|
2
|
+
require 'rubygems'
|
3
|
+
require 'bundler'
|
4
|
+
require 'action-guard/version'
|
5
|
+
|
6
|
+
begin
|
7
|
+
Bundler.setup(:default, :development)
|
8
|
+
rescue Bundler::BundlerError => e
|
9
|
+
$stderr.puts e.message
|
10
|
+
$stderr.puts "Run `bundle install` to install missing gems"
|
11
|
+
exit e.status_code
|
12
|
+
end
|
13
|
+
|
14
|
+
require 'rake'
|
15
|
+
|
16
|
+
require 'jeweler'
|
17
|
+
|
18
|
+
Jeweler::Tasks.new do |gem|
|
19
|
+
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
20
|
+
gem.name = "action-guard"
|
21
|
+
gem.homepage = "http://github.com/rwestgeest/action-guard"
|
22
|
+
gem.license = "MIT"
|
23
|
+
gem.summary = %Q{Action guard-#{ActionGuard::Version::STRING}}
|
24
|
+
gem.description = %Q{authorisation module of actions based on url-paths for usage in Rails and possibly other ruby based web frameworks}
|
25
|
+
gem.email = "rob.westgeest@qwan.it"
|
26
|
+
gem.authors = ["Rob Westgeest"]
|
27
|
+
# Include your dependencies below. Runtime dependencies are required when using your gem,
|
28
|
+
# and development dependencies are only needed for development (ie running rake tasks, tests, etc)
|
29
|
+
# gem.add_runtime_dependency 'jabber4r', '> 0.1'
|
30
|
+
gem.add_development_dependency 'rspec', '> 2.5.0'
|
31
|
+
gem.files = `git ls-files`.split("\n")
|
32
|
+
gem.test_files = `git ls-files -- {spec}/*`.split("\n")
|
33
|
+
gem.extra_rdoc_files = [ "README.md" ]
|
34
|
+
gem.rdoc_options = ["--charset=UTF-8"]
|
35
|
+
gem.require_path = "lib"
|
36
|
+
end
|
37
|
+
|
38
|
+
Jeweler::RubygemsDotOrgTasks.new
|
39
|
+
|
40
|
+
require 'rspec/core'
|
41
|
+
require 'rspec/core/rake_task'
|
42
|
+
RSpec::Core::RakeTask.new(:spec) do |spec|
|
43
|
+
spec.pattern = FileList['spec/**/*_spec.rb']
|
44
|
+
end
|
45
|
+
|
46
|
+
RSpec::Core::RakeTask.new(:rcov) do |spec|
|
47
|
+
spec.pattern = 'spec/**/*_spec.rb'
|
48
|
+
spec.rcov = true
|
49
|
+
end
|
50
|
+
|
51
|
+
task :default => :spec
|
52
|
+
|
53
|
+
require 'rake/rdoctask'
|
54
|
+
Rake::RDocTask.new do |rdoc|
|
55
|
+
rdoc.rdoc_dir = 'rdoc'
|
56
|
+
rdoc.title = "action-guard #{ActionGuard::Version::STRING}"
|
57
|
+
rdoc.rdoc_files.include('README*')
|
58
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
59
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.0.1
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
|
3
|
+
require "action_guard/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "action_guard"
|
7
|
+
s.version = ActionGuard::Version::STRING
|
8
|
+
s.platform = Gem::Platform::RUBY
|
9
|
+
s.authors = ["Rob Westgeest"]
|
10
|
+
s.email = "rob.westgeest@gmail.com"
|
11
|
+
s.homepage = "http://github.com/actionguard"
|
12
|
+
s.summary = "actionguard-#{ActionGuard::Version::STRING}"
|
13
|
+
s.description = "authorisation of actions based on url-paths"
|
14
|
+
|
15
|
+
s.rubygems_version = "1.3.7"
|
16
|
+
s.rubyforge_project = "actionguard"
|
17
|
+
|
18
|
+
s.files = `git ls-files`.split("\n")
|
19
|
+
s.test_files = `git ls-files -- {spec}/*`.split("\n")
|
20
|
+
s.extra_rdoc_files = [ "README.md" ]
|
21
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
22
|
+
s.require_path = "lib"
|
23
|
+
end
|
24
|
+
|
data/lib/action-guard.rb
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'action-guard/syntax'
|
2
|
+
require 'action-guard/rules'
|
3
|
+
require 'action-guard/role'
|
4
|
+
require 'action-guard/base'
|
5
|
+
|
6
|
+
module ActionGuard
|
7
|
+
class Error < StandardError; end
|
8
|
+
|
9
|
+
def self.flush
|
10
|
+
@action_guard = ActionGuard::Guard.new
|
11
|
+
end
|
12
|
+
|
13
|
+
def self.load_from_file(file_path)
|
14
|
+
raise "authorization file #{file_path} not found" unless File.file?(file_path)
|
15
|
+
@action_guard = ActionGuard::Guard.new
|
16
|
+
@action_guard.load_from_string(File.read(file_path), file_path)
|
17
|
+
end
|
18
|
+
|
19
|
+
def self.authorized?(person, path)
|
20
|
+
@action_guard.authorized?(person, path)
|
21
|
+
end
|
22
|
+
|
23
|
+
def self.valid_roles
|
24
|
+
@action_guard.valid_roles
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
module ActionGuard
|
2
|
+
class Guard
|
3
|
+
def initialize
|
4
|
+
@rules = {}
|
5
|
+
@rules.default = DisallowRule.new
|
6
|
+
@roles = {}
|
7
|
+
@roles.default = Role.new(:illegal_role, 100000)
|
8
|
+
end
|
9
|
+
|
10
|
+
def load_from_string(configuration, name = nil)
|
11
|
+
Syntax.new(self).instance_eval(configuration, name || 'unknown')
|
12
|
+
end
|
13
|
+
|
14
|
+
def define_role(role, level)
|
15
|
+
@roles[role.to_sym] = Role.new(role, level)
|
16
|
+
end
|
17
|
+
|
18
|
+
def role(role_value)
|
19
|
+
@roles[role_value.to_sym]
|
20
|
+
end
|
21
|
+
|
22
|
+
def valid_role?(role)
|
23
|
+
@roles.has_key?(role.to_sym)
|
24
|
+
end
|
25
|
+
|
26
|
+
def valid_roles
|
27
|
+
@roles.keys.map { |r| r.to_s }
|
28
|
+
end
|
29
|
+
|
30
|
+
def leveled_rule(path_matcher, role_value, &block)
|
31
|
+
raise Error.new("undefined role '#{role_value}'") unless valid_role?(role_value)
|
32
|
+
rules[path_matcher] = LevelRule.new(role_value, self, &block)
|
33
|
+
end
|
34
|
+
|
35
|
+
def allow_rule(path_matcher)
|
36
|
+
rules[path_matcher] = AllowRule.new
|
37
|
+
end
|
38
|
+
|
39
|
+
def refuse_rule(path_matcher)
|
40
|
+
rules[path_matcher] = DisallowRule.new
|
41
|
+
end
|
42
|
+
|
43
|
+
def exact_role_rule(path_matcher, role_value)
|
44
|
+
rules[path_matcher] = ExactRoleRule.new(role_value)
|
45
|
+
end
|
46
|
+
|
47
|
+
def authorized?(person, path)
|
48
|
+
raise Error.new("no configuration loaded") if rules.empty?
|
49
|
+
rule_key = rules.keys.sort{|x,y| y <=> x }.select {|k| path =~ /^#{k}/}.first
|
50
|
+
rules[rule_key].allows?(person)
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
attr_reader :rules
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module ActionGuard
|
2
|
+
class ExactRoleRule
|
3
|
+
def initialize(role)
|
4
|
+
@allowed_role = role.to_s
|
5
|
+
end
|
6
|
+
def allows?(person)
|
7
|
+
return false unless person
|
8
|
+
return person.role.to_s == @allowed_role
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
class LevelRule
|
13
|
+
def initialize(allowed_level, role_leveler, &proc)
|
14
|
+
@role_leveler = role_leveler
|
15
|
+
@allowed_level = allowed_level
|
16
|
+
@additional_rule = proc
|
17
|
+
end
|
18
|
+
|
19
|
+
def allows?(person)
|
20
|
+
return false unless person
|
21
|
+
return false unless @role_leveler.role(person.role) >= @role_leveler.role(@allowed_level)
|
22
|
+
return true unless @additional_rule
|
23
|
+
return @additional_rule.call(person)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
class AllowRule
|
28
|
+
def allows?(person)
|
29
|
+
true
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
class DisallowRule
|
34
|
+
def allows?(person)
|
35
|
+
false
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module ActionGuard
|
2
|
+
class Syntax
|
3
|
+
def initialize(action_guard)
|
4
|
+
@guard = action_guard
|
5
|
+
end
|
6
|
+
def role(role_value, role_level)
|
7
|
+
@guard.define_role(role_value, role_level)
|
8
|
+
end
|
9
|
+
def allow(path, options={}, &block)
|
10
|
+
if options.has_key? :at_least
|
11
|
+
@guard.leveled_rule(path, options[:at_least], &block)
|
12
|
+
elsif options.has_key? :only_by
|
13
|
+
@guard.exact_role_rule(path, options[:only_by])
|
14
|
+
else
|
15
|
+
@guard.allow_rule path
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
data/script/console
ADDED
@@ -0,0 +1,214 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
RSpec::Matchers.define :authorize do |account|
|
4
|
+
chain :to_perform_action do |action|
|
5
|
+
@action = action
|
6
|
+
end
|
7
|
+
match do |actual_guard|
|
8
|
+
actual_guard.authorized?(account, @action)
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
describe ActionGuard do
|
13
|
+
let (:guard) { ActionGuard::Guard.new }
|
14
|
+
|
15
|
+
|
16
|
+
def account_with_role(role)
|
17
|
+
return stub(:account,:role => role)
|
18
|
+
end
|
19
|
+
|
20
|
+
describe "valid_role" do
|
21
|
+
before do
|
22
|
+
guard.define_role :god, 0
|
23
|
+
end
|
24
|
+
|
25
|
+
it "is true when the roles is defined" do
|
26
|
+
guard.valid_role?(:god).should be_true
|
27
|
+
guard.valid_role?('god').should be_true
|
28
|
+
|
29
|
+
end
|
30
|
+
it "is fals when the role is not defined" do
|
31
|
+
guard.valid_role?(:biker).should_not be_true
|
32
|
+
end
|
33
|
+
|
34
|
+
it "returns the valid roles on request" do
|
35
|
+
guard.valid_roles.should == ['god']
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
describe "role" do
|
40
|
+
describe ">=" do
|
41
|
+
before do
|
42
|
+
guard.define_role :god, 0
|
43
|
+
guard.define_role :admin, 1
|
44
|
+
end
|
45
|
+
it "should be true when role level is lower" do
|
46
|
+
guard.role(:god).should >= guard.role(:admin)
|
47
|
+
end
|
48
|
+
it "should be true when role level is equal" do
|
49
|
+
guard.role(:god).should >= guard.role(:god)
|
50
|
+
end
|
51
|
+
it "should be false when role level is higher" do
|
52
|
+
guard.role(:admin).should_not >= guard.role(:god)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
describe "defining a rule" do
|
58
|
+
it "fails when role not defined" do
|
59
|
+
lambda {
|
60
|
+
guard.leveled_rule '/some_controller/some_action', :biker
|
61
|
+
}.should raise_error ActionGuard::Error
|
62
|
+
end
|
63
|
+
it "passes when role defined" do
|
64
|
+
lambda {
|
65
|
+
guard.define_role :biker, 0
|
66
|
+
guard.leveled_rule '/some_controller/some_action', :biker
|
67
|
+
}.should_not raise_error ActionGuard::Error
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
describe "authorization when no rules defined" do
|
72
|
+
it "raises error on trying to authorize" do
|
73
|
+
lambda {
|
74
|
+
guard.authorized?(account_with_role(:admin), '/some_controller/some_action')
|
75
|
+
}.should raise_error ActionGuard::Error
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
describe "authorization" do
|
80
|
+
before do
|
81
|
+
guard.define_role :admin, 0
|
82
|
+
guard.define_role :worker, 1
|
83
|
+
end
|
84
|
+
|
85
|
+
describe "on an allowance rule" do
|
86
|
+
before do
|
87
|
+
guard.allow_rule '/'
|
88
|
+
end
|
89
|
+
it "allows" do
|
90
|
+
guard.should authorize(account_with_role(:worker)).to_perform_action('/')
|
91
|
+
end
|
92
|
+
it "allows regardless of account" do
|
93
|
+
guard.should authorize(nil).to_perform_action( '/')
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
describe "on an exact rule" do
|
98
|
+
before do
|
99
|
+
guard.exact_role_rule '/', :admin
|
100
|
+
end
|
101
|
+
it "allows if role matches" do
|
102
|
+
guard.should authorize(account_with_role(:admin)).to_perform_action( '/')
|
103
|
+
end
|
104
|
+
it "allows if role is a string" do
|
105
|
+
guard.should authorize(account_with_role('admin')).to_perform_action('/')
|
106
|
+
end
|
107
|
+
it "does not allow action if role does not match" do
|
108
|
+
guard.should_not authorize(account_with_role(:worker)).to_perform_action('/')
|
109
|
+
guard.should_not authorize(account_with_role(:god)).to_perform_action('/')
|
110
|
+
end
|
111
|
+
it "does not allow action if person not passed" do
|
112
|
+
guard.should_not authorize(nil).to_perform_action('/')
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
describe "on a leveled action rule" do
|
117
|
+
before do
|
118
|
+
guard.leveled_rule '/some_controller/some_action', :admin
|
119
|
+
end
|
120
|
+
|
121
|
+
it "disallows action when no account available" do
|
122
|
+
guard.should_not authorize(nil).to_perform_action('/some_controller/some_action')
|
123
|
+
end
|
124
|
+
|
125
|
+
it "allows action for that level and higher" do
|
126
|
+
guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_action')
|
127
|
+
guard.should_not authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_action')
|
128
|
+
end
|
129
|
+
|
130
|
+
it "does not allow the action for a account with an illegal role value" do
|
131
|
+
guard.should_not authorize(account_with_role(:biker)).to_perform_action('/some_controller/some_action')
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
describe "on a leveled action rule with a block" do
|
136
|
+
let(:mock_block_body) { mock }
|
137
|
+
|
138
|
+
before do
|
139
|
+
guard.leveled_rule('/some_controller/some_action', :admin) do |accnt|
|
140
|
+
mock_block_body.block_called(accnt)
|
141
|
+
end
|
142
|
+
end
|
143
|
+
|
144
|
+
it "does not authorize action if the rule disallows the action" do
|
145
|
+
account = account_with_role(:worker)
|
146
|
+
mock_block_body.should_receive(:block_called).with(account).never
|
147
|
+
guard.should_not authorize(account).to_perform_action('/some_controller/some_action')
|
148
|
+
end
|
149
|
+
|
150
|
+
it "does not authorize action if role sufices and block returns false" do
|
151
|
+
account = account_with_role(:admin)
|
152
|
+
mock_block_body.should_receive(:block_called).with(account).and_return false
|
153
|
+
guard.should_not be_authorized(account,'/some_controller/some_action')
|
154
|
+
end
|
155
|
+
|
156
|
+
it "authorizes action is role sufices and block returns true" do
|
157
|
+
account = account_with_role(:admin)
|
158
|
+
mock_block_body.should_receive(:block_called).with(account).and_return true
|
159
|
+
guard.should be_authorized(account,'/some_controller/some_action')
|
160
|
+
end
|
161
|
+
end
|
162
|
+
|
163
|
+
describe "matching rules" do
|
164
|
+
before do
|
165
|
+
guard.allow_rule('/home')
|
166
|
+
guard.refuse_rule('/maintenance')
|
167
|
+
end
|
168
|
+
it "does not authorize if path does not match any rule" do
|
169
|
+
guard.authorized?(nil, '/unmatched/path').should be_false
|
170
|
+
end
|
171
|
+
it "matches a rule on exact path" do
|
172
|
+
guard.should authorize(nil).to_perform_action('/home')
|
173
|
+
end
|
174
|
+
it "matches a rule on part of a path" do
|
175
|
+
guard.should authorize(nil).to_perform_action('/home/contact')
|
176
|
+
end
|
177
|
+
it "preferres a longer path" do
|
178
|
+
guard.allow_rule('/maintenance/show')
|
179
|
+
guard.authorized?(nil, '/maintenance/edit/1').should be_false
|
180
|
+
guard.should authorize(nil).to_perform_action('/maintenance/show/1')
|
181
|
+
end
|
182
|
+
it "preferres a longer path regardless off order of appearance" do
|
183
|
+
guard.allow_rule('/some_path/show')
|
184
|
+
guard.refuse_rule('/some_path')
|
185
|
+
guard.authorized?(nil, '/some_path/edit/1').should be_false
|
186
|
+
guard.should authorize(nil).to_perform_action('/some_path/show/1')
|
187
|
+
end
|
188
|
+
it "matches all rules from the beginnning of the path" do
|
189
|
+
# /home/maintenance is evaluated by /home, not by /maintenance
|
190
|
+
guard.should authorize(nil).to_perform_action('/home/maintenance')
|
191
|
+
end
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
describe "load configuration" do
|
196
|
+
it "loads rules from string" do
|
197
|
+
guard.load_from_string %q{
|
198
|
+
role :worker, 1
|
199
|
+
role :admin, 0
|
200
|
+
allow '/some_controller', :at_least => :worker
|
201
|
+
allow '/some_controller/some_action', :at_least => :admin
|
202
|
+
allow '/some_controller/when_role_matches_exact', :only_by => :worker
|
203
|
+
allow '/'
|
204
|
+
}
|
205
|
+
guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_action')
|
206
|
+
guard.should_not authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_action')
|
207
|
+
guard.should authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_other_action')
|
208
|
+
guard.should authorize(account_with_role(:worker)).to_perform_action('/some_other_controller/some_other_action')
|
209
|
+
guard.should authorize(nil).to_perform_action('/some_other_controller/some_other_action')
|
210
|
+
guard.should_not authorize(account_with_role(:admin)).to_perform_action('/some_controller/when_role_matches_exact')
|
211
|
+
end
|
212
|
+
end
|
213
|
+
end
|
214
|
+
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
+
require 'rspec'
|
4
|
+
require 'action-guard'
|
5
|
+
|
6
|
+
# Requires supporting files with custom matchers and macros, etc,
|
7
|
+
# in ./support/ and its subdirectories.
|
8
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
9
|
+
|
10
|
+
RSpec.configure do |config|
|
11
|
+
config.filter_run :focus => true
|
12
|
+
config.run_all_when_everything_filtered = true
|
13
|
+
end
|
metadata
ADDED
@@ -0,0 +1,179 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: action-guard
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 29
|
5
|
+
prerelease: false
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 0
|
9
|
+
- 1
|
10
|
+
version: 0.0.1
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Rob Westgeest
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2011-06-26 00:00:00 +02:00
|
19
|
+
default_executable:
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
name: rspec
|
25
|
+
version_requirements: &id001 !ruby/object:Gem::Requirement
|
26
|
+
none: false
|
27
|
+
requirements:
|
28
|
+
- - ~>
|
29
|
+
- !ruby/object:Gem::Version
|
30
|
+
hash: 27
|
31
|
+
segments:
|
32
|
+
- 2
|
33
|
+
- 5
|
34
|
+
- 0
|
35
|
+
version: 2.5.0
|
36
|
+
requirement: *id001
|
37
|
+
- !ruby/object:Gem::Dependency
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
name: bundler
|
41
|
+
version_requirements: &id002 !ruby/object:Gem::Requirement
|
42
|
+
none: false
|
43
|
+
requirements:
|
44
|
+
- - ~>
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
hash: 23
|
47
|
+
segments:
|
48
|
+
- 1
|
49
|
+
- 0
|
50
|
+
- 0
|
51
|
+
version: 1.0.0
|
52
|
+
requirement: *id002
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
name: jeweler
|
57
|
+
version_requirements: &id003 !ruby/object:Gem::Requirement
|
58
|
+
none: false
|
59
|
+
requirements:
|
60
|
+
- - ~>
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
hash: 7
|
63
|
+
segments:
|
64
|
+
- 1
|
65
|
+
- 5
|
66
|
+
- 2
|
67
|
+
version: 1.5.2
|
68
|
+
requirement: *id003
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
type: :development
|
71
|
+
prerelease: false
|
72
|
+
name: rcov
|
73
|
+
version_requirements: &id004 !ruby/object:Gem::Requirement
|
74
|
+
none: false
|
75
|
+
requirements:
|
76
|
+
- - ">="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
hash: 3
|
79
|
+
segments:
|
80
|
+
- 0
|
81
|
+
version: "0"
|
82
|
+
requirement: *id004
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
type: :development
|
85
|
+
prerelease: false
|
86
|
+
name: ZenTest
|
87
|
+
version_requirements: &id005 !ruby/object:Gem::Requirement
|
88
|
+
none: false
|
89
|
+
requirements:
|
90
|
+
- - ">="
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
hash: 55
|
93
|
+
segments:
|
94
|
+
- 4
|
95
|
+
- 2
|
96
|
+
- 0
|
97
|
+
version: 4.2.0
|
98
|
+
requirement: *id005
|
99
|
+
- !ruby/object:Gem::Dependency
|
100
|
+
type: :development
|
101
|
+
prerelease: false
|
102
|
+
name: rspec
|
103
|
+
version_requirements: &id006 !ruby/object:Gem::Requirement
|
104
|
+
none: false
|
105
|
+
requirements:
|
106
|
+
- - ">"
|
107
|
+
- !ruby/object:Gem::Version
|
108
|
+
hash: 27
|
109
|
+
segments:
|
110
|
+
- 2
|
111
|
+
- 5
|
112
|
+
- 0
|
113
|
+
version: 2.5.0
|
114
|
+
requirement: *id006
|
115
|
+
description: authorisation module of actions based on url-paths for usage in Rails and possibly other ruby based web frameworks
|
116
|
+
email: rob.westgeest@qwan.it
|
117
|
+
executables: []
|
118
|
+
|
119
|
+
extensions: []
|
120
|
+
|
121
|
+
extra_rdoc_files:
|
122
|
+
- README.md
|
123
|
+
files:
|
124
|
+
- .document
|
125
|
+
- .gitignore
|
126
|
+
- .rspec
|
127
|
+
- Gemfile
|
128
|
+
- Gemfile.lock
|
129
|
+
- LICENSE.txt
|
130
|
+
- README.md
|
131
|
+
- Rakefile
|
132
|
+
- VERSION
|
133
|
+
- action_guard.gemspec
|
134
|
+
- lib/action-guard.rb
|
135
|
+
- lib/action-guard/base.rb
|
136
|
+
- lib/action-guard/role.rb
|
137
|
+
- lib/action-guard/rules.rb
|
138
|
+
- lib/action-guard/syntax.rb
|
139
|
+
- lib/action-guard/version.rb
|
140
|
+
- script/authorization.rules
|
141
|
+
- script/console
|
142
|
+
- spec/action-guard_spec.rb
|
143
|
+
- spec/spec_helper.rb
|
144
|
+
has_rdoc: true
|
145
|
+
homepage: http://github.com/rwestgeest/action-guard
|
146
|
+
licenses:
|
147
|
+
- MIT
|
148
|
+
post_install_message:
|
149
|
+
rdoc_options:
|
150
|
+
- --charset=UTF-8
|
151
|
+
require_paths:
|
152
|
+
- lib
|
153
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
154
|
+
none: false
|
155
|
+
requirements:
|
156
|
+
- - ">="
|
157
|
+
- !ruby/object:Gem::Version
|
158
|
+
hash: 3
|
159
|
+
segments:
|
160
|
+
- 0
|
161
|
+
version: "0"
|
162
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
163
|
+
none: false
|
164
|
+
requirements:
|
165
|
+
- - ">="
|
166
|
+
- !ruby/object:Gem::Version
|
167
|
+
hash: 3
|
168
|
+
segments:
|
169
|
+
- 0
|
170
|
+
version: "0"
|
171
|
+
requirements: []
|
172
|
+
|
173
|
+
rubyforge_project:
|
174
|
+
rubygems_version: 1.3.7
|
175
|
+
signing_key:
|
176
|
+
specification_version: 3
|
177
|
+
summary: Action guard-0.0.1
|
178
|
+
test_files: []
|
179
|
+
|