action-guard 0.0.2 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.autotest +11 -0
- data/.gitignore +1 -0
- data/VERSION +1 -1
- data/action-guard.gemspec +9 -9
- data/lib/action-guard/base.rb +4 -3
- data/lib/action-guard/role.rb +4 -0
- data/lib/action-guard/rules.rb +3 -1
- data/lib/action-guard/syntax.rb +1 -1
- data/spec/action-guard_spec.rb +41 -6
- metadata +37 -38
data/.autotest
ADDED
data/.gitignore
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0
|
|
1
|
+
0.1.0
|
data/action-guard.gemspec
CHANGED
|
@@ -4,18 +4,19 @@
|
|
|
4
4
|
# -*- encoding: utf-8 -*-
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
|
-
s.name =
|
|
8
|
-
s.version = "0.0
|
|
7
|
+
s.name = "action-guard"
|
|
8
|
+
s.version = "0.1.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Rob Westgeest"]
|
|
12
|
-
s.date =
|
|
13
|
-
s.description =
|
|
14
|
-
s.email =
|
|
12
|
+
s.date = "2012-03-01"
|
|
13
|
+
s.description = "authorisation module of actions based on url-paths for usage in Rails and possibly other ruby based web frameworks"
|
|
14
|
+
s.email = "rob.westgeest@qwan.it"
|
|
15
15
|
s.extra_rdoc_files = [
|
|
16
16
|
"README.md"
|
|
17
17
|
]
|
|
18
18
|
s.files = [
|
|
19
|
+
".autotest",
|
|
19
20
|
".document",
|
|
20
21
|
".gitignore",
|
|
21
22
|
".rspec",
|
|
@@ -37,15 +38,14 @@ Gem::Specification.new do |s|
|
|
|
37
38
|
"spec/action-guard_spec.rb",
|
|
38
39
|
"spec/spec_helper.rb"
|
|
39
40
|
]
|
|
40
|
-
s.homepage =
|
|
41
|
+
s.homepage = "http://github.com/rwestgeest/action-guard"
|
|
41
42
|
s.licenses = ["MIT"]
|
|
42
43
|
s.rdoc_options = ["--charset=UTF-8"]
|
|
43
44
|
s.require_paths = ["lib"]
|
|
44
|
-
s.rubygems_version =
|
|
45
|
-
s.summary =
|
|
45
|
+
s.rubygems_version = "1.8.10"
|
|
46
|
+
s.summary = "Action guard-0.1.0"
|
|
46
47
|
|
|
47
48
|
if s.respond_to? :specification_version then
|
|
48
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
|
49
49
|
s.specification_version = 3
|
|
50
50
|
|
|
51
51
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
data/lib/action-guard/base.rb
CHANGED
|
@@ -27,9 +27,10 @@ module ActionGuard
|
|
|
27
27
|
@roles.keys.map { |r| r.to_s }
|
|
28
28
|
end
|
|
29
29
|
|
|
30
|
-
def leveled_rule(path_matcher,
|
|
31
|
-
raise Error.new("undefined role '#{
|
|
32
|
-
|
|
30
|
+
def leveled_rule(path_matcher, from_role_value, to_role_value = nil, &block)
|
|
31
|
+
raise Error.new("undefined role '#{from_role_value}'") unless valid_role?(from_role_value)
|
|
32
|
+
raise Error.new("undefined role '#{to_role_value}'") if to_role_value && !valid_role?(to_role_value)
|
|
33
|
+
rules[path_matcher] = LevelRule.new(from_role_value, to_role_value, self, &block)
|
|
33
34
|
end
|
|
34
35
|
|
|
35
36
|
def allow_rule(path_matcher)
|
data/lib/action-guard/role.rb
CHANGED
data/lib/action-guard/rules.rb
CHANGED
|
@@ -10,15 +10,17 @@ module ActionGuard
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
class LevelRule
|
|
13
|
-
def initialize(allowed_level, role_leveler, &proc)
|
|
13
|
+
def initialize(allowed_level, to_allowed_level, role_leveler, &proc)
|
|
14
14
|
@role_leveler = role_leveler
|
|
15
15
|
@allowed_level = allowed_level
|
|
16
|
+
@to_allowed_level = to_allowed_level
|
|
16
17
|
@additional_rule = proc
|
|
17
18
|
end
|
|
18
19
|
|
|
19
20
|
def allows?(person)
|
|
20
21
|
return false unless person
|
|
21
22
|
return false unless @role_leveler.role(person.role) >= @role_leveler.role(@allowed_level)
|
|
23
|
+
return false if @to_allowed_level && @role_leveler.role(@to_allowed_level) < @role_leveler.role(person.role)
|
|
22
24
|
return true unless @additional_rule
|
|
23
25
|
return @additional_rule.call(person)
|
|
24
26
|
end
|
data/lib/action-guard/syntax.rb
CHANGED
|
@@ -8,7 +8,7 @@ module ActionGuard
|
|
|
8
8
|
end
|
|
9
9
|
def allow(path, options={}, &block)
|
|
10
10
|
if options.has_key? :at_least
|
|
11
|
-
@guard.leveled_rule(path, options[:at_least], &block)
|
|
11
|
+
@guard.leveled_rule(path, options[:at_least], options[:at_most], &block)
|
|
12
12
|
elsif options.has_key? :only_by
|
|
13
13
|
@guard.exact_role_rule(path, options[:only_by])
|
|
14
14
|
else
|
data/spec/action-guard_spec.rb
CHANGED
|
@@ -37,11 +37,12 @@ describe ActionGuard do
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
describe "role" do
|
|
40
|
+
before do
|
|
41
|
+
guard.define_role :god, 0
|
|
42
|
+
guard.define_role :admin, 1
|
|
43
|
+
end
|
|
44
|
+
|
|
40
45
|
describe ">=" do
|
|
41
|
-
before do
|
|
42
|
-
guard.define_role :god, 0
|
|
43
|
-
guard.define_role :admin, 1
|
|
44
|
-
end
|
|
45
46
|
it "should be true when role level is lower" do
|
|
46
47
|
guard.role(:god).should >= guard.role(:admin)
|
|
47
48
|
end
|
|
@@ -52,6 +53,17 @@ describe ActionGuard do
|
|
|
52
53
|
guard.role(:admin).should_not >= guard.role(:god)
|
|
53
54
|
end
|
|
54
55
|
end
|
|
56
|
+
describe "<" do
|
|
57
|
+
it "should be true when role level is higher" do
|
|
58
|
+
guard.role(:admin).should < guard.role(:god)
|
|
59
|
+
end
|
|
60
|
+
it "should be true when role level is equal" do
|
|
61
|
+
guard.role(:admin).should_not < guard.role(:admin)
|
|
62
|
+
end
|
|
63
|
+
it "should be false when role level is lower" do
|
|
64
|
+
guard.role(:god).should_not < guard.role(:admin)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
55
67
|
end
|
|
56
68
|
|
|
57
69
|
describe "defining a rule" do
|
|
@@ -60,6 +72,14 @@ describe ActionGuard do
|
|
|
60
72
|
guard.leveled_rule '/some_controller/some_action', :biker
|
|
61
73
|
}.should raise_error ActionGuard::Error
|
|
62
74
|
end
|
|
75
|
+
|
|
76
|
+
it "fails when role not defined" do
|
|
77
|
+
guard.define_role(:god, 0)
|
|
78
|
+
lambda {
|
|
79
|
+
guard.leveled_rule '/some_controller/some_action', :god, :biker
|
|
80
|
+
}.should raise_error ActionGuard::Error
|
|
81
|
+
end
|
|
82
|
+
|
|
63
83
|
it "passes when role defined" do
|
|
64
84
|
lambda {
|
|
65
85
|
guard.define_role :biker, 0
|
|
@@ -78,8 +98,10 @@ describe ActionGuard do
|
|
|
78
98
|
|
|
79
99
|
describe "authorization" do
|
|
80
100
|
before do
|
|
81
|
-
guard.define_role :
|
|
82
|
-
guard.define_role :
|
|
101
|
+
guard.define_role :god, 0
|
|
102
|
+
guard.define_role :king, 1
|
|
103
|
+
guard.define_role :admin, 2
|
|
104
|
+
guard.define_role :worker, 3
|
|
83
105
|
end
|
|
84
106
|
|
|
85
107
|
describe "on an allowance rule" do
|
|
@@ -116,17 +138,27 @@ describe ActionGuard do
|
|
|
116
138
|
describe "on a leveled action rule" do
|
|
117
139
|
before do
|
|
118
140
|
guard.leveled_rule '/some_controller/some_action', :admin
|
|
141
|
+
guard.leveled_rule '/some_controller/some_other_action', :admin, :king
|
|
119
142
|
end
|
|
120
143
|
|
|
121
144
|
it "disallows action when no account available" do
|
|
122
145
|
guard.should_not authorize(nil).to_perform_action('/some_controller/some_action')
|
|
146
|
+
guard.should_not authorize(nil).to_perform_action('/some_controller/some_other')
|
|
123
147
|
end
|
|
124
148
|
|
|
125
149
|
it "allows action for that level and higher" do
|
|
150
|
+
guard.should authorize(account_with_role(:god)).to_perform_action('/some_controller/some_action')
|
|
126
151
|
guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_action')
|
|
127
152
|
guard.should_not authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_action')
|
|
128
153
|
end
|
|
129
154
|
|
|
155
|
+
it "allows action for that level and higher until second level" do
|
|
156
|
+
guard.should authorize(account_with_role(:king)).to_perform_action('/some_controller/some_other_action')
|
|
157
|
+
guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_other_action')
|
|
158
|
+
guard.should_not authorize(account_with_role(:god)).to_perform_action('/some_controller/some_other_action')
|
|
159
|
+
guard.should_not authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_other_action')
|
|
160
|
+
end
|
|
161
|
+
|
|
130
162
|
it "does not allow the action for a account with an illegal role value" do
|
|
131
163
|
guard.should_not authorize(account_with_role(:biker)).to_perform_action('/some_controller/some_action')
|
|
132
164
|
end
|
|
@@ -200,6 +232,7 @@ describe ActionGuard do
|
|
|
200
232
|
allow '/some_controller', :at_least => :worker
|
|
201
233
|
allow '/some_controller/some_action', :at_least => :admin
|
|
202
234
|
allow '/some_controller/when_role_matches_exact', :only_by => :worker
|
|
235
|
+
allow '/some_controller/when_matches_exact_by_implication', :at_least => :worker, :at_most => :worker
|
|
203
236
|
allow '/'
|
|
204
237
|
}
|
|
205
238
|
guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_action')
|
|
@@ -208,6 +241,8 @@ describe ActionGuard do
|
|
|
208
241
|
guard.should authorize(account_with_role(:worker)).to_perform_action('/some_other_controller/some_other_action')
|
|
209
242
|
guard.should authorize(nil).to_perform_action('/some_other_controller/some_other_action')
|
|
210
243
|
guard.should_not authorize(account_with_role(:admin)).to_perform_action('/some_controller/when_role_matches_exact')
|
|
244
|
+
guard.should authorize(account_with_role(:worker)).to_perform_action('/some_controller/when_matches_exact_by_implication')
|
|
245
|
+
guard.should_not authorize(account_with_role(:admin)).to_perform_action('/some_controller/when_matches_exact_by_implication')
|
|
211
246
|
end
|
|
212
247
|
end
|
|
213
248
|
end
|
metadata
CHANGED
|
@@ -2,12 +2,12 @@
|
|
|
2
2
|
name: action-guard
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
4
|
hash: 27
|
|
5
|
-
prerelease:
|
|
5
|
+
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
+
- 1
|
|
8
9
|
- 0
|
|
9
|
-
|
|
10
|
-
version: 0.0.2
|
|
10
|
+
version: 0.1.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Rob Westgeest
|
|
@@ -15,14 +15,10 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date:
|
|
19
|
-
default_executable:
|
|
18
|
+
date: 2012-03-01 00:00:00 Z
|
|
20
19
|
dependencies:
|
|
21
20
|
- !ruby/object:Gem::Dependency
|
|
22
|
-
|
|
23
|
-
prerelease: false
|
|
24
|
-
name: rspec
|
|
25
|
-
version_requirements: &id001 !ruby/object:Gem::Requirement
|
|
21
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
26
22
|
none: false
|
|
27
23
|
requirements:
|
|
28
24
|
- - ~>
|
|
@@ -33,12 +29,12 @@ dependencies:
|
|
|
33
29
|
- 5
|
|
34
30
|
- 0
|
|
35
31
|
version: 2.5.0
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
type: :development
|
|
32
|
+
version_requirements: *id001
|
|
33
|
+
name: rspec
|
|
39
34
|
prerelease: false
|
|
40
|
-
|
|
41
|
-
|
|
35
|
+
type: :development
|
|
36
|
+
- !ruby/object:Gem::Dependency
|
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
42
38
|
none: false
|
|
43
39
|
requirements:
|
|
44
40
|
- - ~>
|
|
@@ -49,12 +45,12 @@ dependencies:
|
|
|
49
45
|
- 0
|
|
50
46
|
- 0
|
|
51
47
|
version: 1.0.0
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
type: :development
|
|
48
|
+
version_requirements: *id002
|
|
49
|
+
name: bundler
|
|
55
50
|
prerelease: false
|
|
56
|
-
|
|
57
|
-
|
|
51
|
+
type: :development
|
|
52
|
+
- !ruby/object:Gem::Dependency
|
|
53
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
|
58
54
|
none: false
|
|
59
55
|
requirements:
|
|
60
56
|
- - ~>
|
|
@@ -65,12 +61,12 @@ dependencies:
|
|
|
65
61
|
- 5
|
|
66
62
|
- 2
|
|
67
63
|
version: 1.5.2
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
type: :development
|
|
64
|
+
version_requirements: *id003
|
|
65
|
+
name: jeweler
|
|
71
66
|
prerelease: false
|
|
72
|
-
|
|
73
|
-
|
|
67
|
+
type: :development
|
|
68
|
+
- !ruby/object:Gem::Dependency
|
|
69
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
|
74
70
|
none: false
|
|
75
71
|
requirements:
|
|
76
72
|
- - ">="
|
|
@@ -79,12 +75,12 @@ dependencies:
|
|
|
79
75
|
segments:
|
|
80
76
|
- 0
|
|
81
77
|
version: "0"
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
type: :development
|
|
78
|
+
version_requirements: *id004
|
|
79
|
+
name: rcov
|
|
85
80
|
prerelease: false
|
|
86
|
-
|
|
87
|
-
|
|
81
|
+
type: :development
|
|
82
|
+
- !ruby/object:Gem::Dependency
|
|
83
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
|
88
84
|
none: false
|
|
89
85
|
requirements:
|
|
90
86
|
- - ">="
|
|
@@ -95,12 +91,12 @@ dependencies:
|
|
|
95
91
|
- 2
|
|
96
92
|
- 0
|
|
97
93
|
version: 4.2.0
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
type: :development
|
|
94
|
+
version_requirements: *id005
|
|
95
|
+
name: ZenTest
|
|
101
96
|
prerelease: false
|
|
102
|
-
|
|
103
|
-
|
|
97
|
+
type: :development
|
|
98
|
+
- !ruby/object:Gem::Dependency
|
|
99
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
|
104
100
|
none: false
|
|
105
101
|
requirements:
|
|
106
102
|
- - ">"
|
|
@@ -111,7 +107,10 @@ dependencies:
|
|
|
111
107
|
- 5
|
|
112
108
|
- 0
|
|
113
109
|
version: 2.5.0
|
|
114
|
-
|
|
110
|
+
version_requirements: *id006
|
|
111
|
+
name: rspec
|
|
112
|
+
prerelease: false
|
|
113
|
+
type: :development
|
|
115
114
|
description: authorisation module of actions based on url-paths for usage in Rails and possibly other ruby based web frameworks
|
|
116
115
|
email: rob.westgeest@qwan.it
|
|
117
116
|
executables: []
|
|
@@ -121,6 +120,7 @@ extensions: []
|
|
|
121
120
|
extra_rdoc_files:
|
|
122
121
|
- README.md
|
|
123
122
|
files:
|
|
123
|
+
- .autotest
|
|
124
124
|
- .document
|
|
125
125
|
- .gitignore
|
|
126
126
|
- .rspec
|
|
@@ -141,7 +141,6 @@ files:
|
|
|
141
141
|
- script/console
|
|
142
142
|
- spec/action-guard_spec.rb
|
|
143
143
|
- spec/spec_helper.rb
|
|
144
|
-
has_rdoc: true
|
|
145
144
|
homepage: http://github.com/rwestgeest/action-guard
|
|
146
145
|
licenses:
|
|
147
146
|
- MIT
|
|
@@ -171,9 +170,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
171
170
|
requirements: []
|
|
172
171
|
|
|
173
172
|
rubyforge_project:
|
|
174
|
-
rubygems_version: 1.
|
|
173
|
+
rubygems_version: 1.8.10
|
|
175
174
|
signing_key:
|
|
176
175
|
specification_version: 3
|
|
177
|
-
summary: Action guard-0.0
|
|
176
|
+
summary: Action guard-0.1.0
|
|
178
177
|
test_files: []
|
|
179
178
|
|