ae_declarative_authorization 0.7.1 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (56) hide show
  1. checksums.yaml +5 -5
  2. data/Appraisals +31 -21
  3. data/CHANGELOG +189 -189
  4. data/Gemfile +7 -7
  5. data/Gemfile.lock +68 -60
  6. data/LICENSE.txt +20 -20
  7. data/README.md +620 -620
  8. data/README.rdoc +597 -597
  9. data/Rakefile +35 -33
  10. data/authorization_rules.dist.rb +20 -20
  11. data/declarative_authorization.gemspec +24 -24
  12. data/gemfiles/rails4252.gemfile +10 -10
  13. data/gemfiles/rails4252.gemfile.lock +126 -0
  14. data/gemfiles/rails4271.gemfile +10 -10
  15. data/gemfiles/rails4271.gemfile.lock +126 -0
  16. data/gemfiles/rails507.gemfile +11 -11
  17. data/gemfiles/rails507.gemfile.lock +136 -0
  18. data/gemfiles/rails516.gemfile +11 -0
  19. data/gemfiles/rails516.gemfile.lock +136 -0
  20. data/gemfiles/rails521.gemfile +11 -0
  21. data/gemfiles/rails521.gemfile.lock +144 -0
  22. data/init.rb +5 -5
  23. data/lib/declarative_authorization.rb +18 -18
  24. data/lib/declarative_authorization/authorization.rb +821 -821
  25. data/lib/declarative_authorization/helper.rb +78 -78
  26. data/lib/declarative_authorization/in_controller.rb +713 -713
  27. data/lib/declarative_authorization/in_model.rb +156 -156
  28. data/lib/declarative_authorization/maintenance.rb +215 -215
  29. data/lib/declarative_authorization/obligation_scope.rb +348 -345
  30. data/lib/declarative_authorization/railsengine.rb +5 -5
  31. data/lib/declarative_authorization/reader.rb +549 -549
  32. data/lib/declarative_authorization/test/helpers.rb +261 -261
  33. data/lib/declarative_authorization/version.rb +3 -3
  34. data/lib/generators/authorization/install/install_generator.rb +77 -77
  35. data/lib/generators/authorization/rules/rules_generator.rb +13 -13
  36. data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
  37. data/lib/tasks/authorization_tasks.rake +89 -89
  38. data/log/test.log +15246 -0
  39. data/pkg/ae_declarative_authorization-0.7.1.gem +0 -0
  40. data/pkg/ae_declarative_authorization-0.8.0.gem +0 -0
  41. data/test/authorization_test.rb +1121 -1121
  42. data/test/controller_filter_resource_access_test.rb +573 -573
  43. data/test/controller_test.rb +478 -478
  44. data/test/database.yml +3 -3
  45. data/test/dsl_reader_test.rb +178 -178
  46. data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
  47. data/test/functional/no_filter_access_to_test.rb +79 -79
  48. data/test/functional/params_block_arity_test.rb +39 -39
  49. data/test/helper_test.rb +248 -248
  50. data/test/maintenance_test.rb +46 -46
  51. data/test/model_test.rb +1840 -1840
  52. data/test/profiles/access_checking +20 -0
  53. data/test/schema.sql +60 -60
  54. data/test/test_helper.rb +174 -174
  55. data/test/test_support/minitest_compatibility.rb +26 -26
  56. metadata +17 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: d154bd06e272d4e570722690dffd08ee0d9a3c3c
4
- data.tar.gz: e5987932a1c42640b75de15346af47f47fe35446
2
+ SHA256:
3
+ metadata.gz: 8e62642cf9fe998ece4ba143412287594b4a1d2f6e04dbc7f0eaf81a46f618ec
4
+ data.tar.gz: 1929dd4c3e60164a8ec16031a74e75f72737f0befbb989b5c9f17efc4f210f2c
5
5
  SHA512:
6
- metadata.gz: c6b7f2f53546e7b3ca256ea7f53bf7dbea174b2be312ce3eb6d353a53767933fbc5f4e157efbf0f9a263de75f1d606d8b15e75b853113e88dcf13507226db3f9
7
- data.tar.gz: 5c4af1333c8f53d9ec898c2b807d868d923cd7de9f5cbaaafe0e05f4ebbce92290df33c62a2f9ba96d23ecd3573057a1e08e23454bc77ccc32f90e942fc9a903
6
+ metadata.gz: 0a5a7bbc9d574269bd472d9831b160fe5f41749a0353b9141139c956d53424d20c213bc4cd3570cb066e6fc19dde495a05c80f6d0eaaa320ad4536b71ebb8b22
7
+ data.tar.gz: f7f119805d0ebedabc85b981f0bca3fa11c46e2feebea0a51a114244c3d3bdf2007a8ec0c825d5d4d95b8833c1661d358a4a4c916a5ca7e02667e7dcb7312435
data/Appraisals CHANGED
@@ -1,21 +1,31 @@
1
- case RUBY_VERSION
2
-
3
- when '2.3.3' then
4
-
5
- appraise 'rails4252' do
6
- gem 'rails', '4.2.5.2'
7
- end
8
-
9
- appraise 'rails4271' do
10
- gem 'rails', '4.2.7.1'
11
- end
12
-
13
- appraise 'rails507' do
14
- gem 'rails', '5.0.7'
15
- gem 'rails-controller-testing'
16
- end
17
-
18
- else
19
- raise "Unsupported Ruby version #{RUBY_VERSION}"
20
-
21
- end
1
+ case RUBY_VERSION
2
+
3
+ when '2.3.3' then
4
+
5
+ appraise 'rails4252' do
6
+ gem 'rails', '4.2.5.2'
7
+ end
8
+
9
+ appraise 'rails4271' do
10
+ gem 'rails', '4.2.7.1'
11
+ end
12
+
13
+ appraise 'rails507' do
14
+ gem 'rails', '5.0.7'
15
+ gem 'rails-controller-testing'
16
+ end
17
+
18
+ appraise 'rails516' do
19
+ gem 'rails', '5.1.6'
20
+ gem 'rails-controller-testing'
21
+ end
22
+
23
+ appraise 'rails521' do
24
+ gem 'rails', '5.2.1'
25
+ gem 'rails-controller-testing'
26
+ end
27
+
28
+ else
29
+ raise "Unsupported Ruby version #{RUBY_VERSION}"
30
+
31
+ end
data/CHANGELOG CHANGED
@@ -1,189 +1,189 @@
1
- ** RELEASE 0.5.7 (Mar 10, 2013)
2
-
3
- * Ruby 2.0 compatibility [jhawthorn]
4
-
5
- ** RELEASE 0.5.6 (Sep 23, 2012)
6
-
7
- * Fix handling of stray object associations [jhawthorn]
8
-
9
- * Improve test infrastructure [jhawthorn]
10
-
11
- * Allow decl_auth to be used without ActiveRecord [bterkuile]
12
-
13
- * Rule reloading in development based on changes [urkle/sb]
14
-
15
- ** RELEASE 0.5.5 (Jan 10, 2012)
16
-
17
- * Update of handling of association proxies for Rails 3.2
18
-
19
- ** RELEASE 0.5.4 (Nov 30, 2011)
20
-
21
- * Cumulative loading of authorization rules [Damian Curso/sb]
22
-
23
- * Improved used_privileges rake task [urkle]
24
-
25
- * Performance improvements [John Hawthorn]
26
-
27
- ** RELEASE 0.5.3 (May 25, 2011)
28
-
29
- * Bugfixes and documentation cleanup
30
-
31
- * Rails 3.1.rc1 compatibility [sb]
32
-
33
- * Added has_any_role?, has_any_role_with_hierarchy? [t.pickett66]
34
-
35
- * Allow changing the default role [dbloete]
36
-
37
- ** RELEASE 0.5.2 (Dec 31, 2010) **
38
-
39
- * Bugfixes and documentation updates
40
-
41
- ** RELEASE 0.5.1 (Sep 12, 2010) **
42
-
43
- ** RELEASE 0.5 (July 21, 2010) **
44
-
45
- * Ruby 1.9.2 compatibility [sb]
46
-
47
- * Comparisons in authorization roles: lt, lte, gt, gte [aepstein,hollownest]
48
-
49
- * DSL optimization: allow array being passed to to
50
-
51
- * Omnipotent roles [timcharper]
52
-
53
- * Meaningful error in case of missing authorization rules file [timcharper]
54
-
55
- * Rails 3 support [sb]
56
-
57
- * Support shallow nested resources [jjb]
58
-
59
- * Allow multiple authorization rules files [kaichen]
60
-
61
- ** RELEASE 0.4 (November 15, 2009) **
62
-
63
- * Implemented controller namespace handling [sb]
64
-
65
- * Improved if_attribute to allow nesting of has_many associations [sb]
66
-
67
- * Improved if_permitted_to: allow has_many associations and improved context inference [sb]
68
-
69
- * Added option on handling non-existant auto-loaded object [sb]
70
-
71
- * Added with_user as module method [sb]
72
-
73
- * Change support i18n [sb]
74
-
75
- ** RELEASE 0.3.2.3 (October 12, 2009) **
76
-
77
- * Switched to gemcutter [sb]
78
-
79
- * Fixed has_role? for guest user. Closes #8 [sb]
80
-
81
- * Fixed unnecessary DB query with named scopes [sb, ledermann]
82
-
83
- * Change support: suggestions: grouping, sorting by affected users [sb]
84
-
85
- * Fixed context inference from AR objects for STI by switching to #class.name.tableize [sb]
86
-
87
- * Allow multiple contexts as arguments to has_permission_on [Jeroen van Dijk]
88
-
89
- ** RELEASE 0.3.2.2 (August 27, 2009) **
90
-
91
- * Fix without_access_control test cases [sb]
92
-
93
- * Fixed error on debug logging (Closes #6) [sb]
94
-
95
- * Fixed without_access_control instance method in TestHelper [sb]
96
-
97
- ** RELEASE 0.3.2.1 (August 14, 2009) **
98
-
99
- * Fix gemspec for Rdoc generation [sb]
100
-
101
- ** RELEASE 0.3.2 (August 13, 2009) **
102
-
103
- * Fix for model-level permitted_to?/! [sb]
104
-
105
- ** RELEASE 0.3.1 (August 12, 2009) **
106
-
107
- * Change Support: Suggestion grouping, sort by affected users [sb]
108
-
109
- * Changed context derived from objects to #class.name.tableize to fix STI [sb]
110
-
111
- * Simplified controller authorization with filter_resource_access [sb]
112
-
113
- * Allow passing explicit context in addition to object in permitted_to? [Olly Lylo, sb]
114
-
115
- * Change Supporter: suggest changes to authorization rules [sb]
116
-
117
- * Added permitted_to!/? in model [Eike Carls]
118
-
119
- * New test helper: should_(not_)_be_allowed_to(privilege, object_or_context) [sb]
120
-
121
- ** RELEASE 0.3 (April 20, 2009) **
122
-
123
- * New option :join_by for has_permission_on to allow AND'ing of statements in one has_permission_on block [sb]
124
-
125
- * Allow using_access_control to be called directly on ActiveRecord::Base, globally enabling model security [sb]
126
-
127
- * New operator: intersects_with, comparing two Enumerables in if_attribute [sb]
128
-
129
- * Improved if_permitted_to syntax: if the attribute is left out, permissions are checked on for the current object [sb]
130
-
131
- * Added #has_role_with_hierarchy? method to retrieve explicit and calculated roles [jeremyf]
132
-
133
- * Added a simple rules analyzer to help improve authorization rules [sb]
134
-
135
- * Gemified plugin. Needed to restructure the lib path contents [sb]
136
-
137
- * Added handling of Authorization::AuthorizationInController::ClassMethods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]
138
-
139
- * Added authorization usage helper for checking filter_access_to usage in controllers [sb]
140
-
141
- * Added a authorization rules browser. See README for more information [sb]
142
-
143
- * Added Model.using_access_control? to check if a model has model security activated [sb]
144
-
145
- * Changed Authorization::ObligationScope#map_table_alias_for [Brian Langenfeld]
146
- * Fixed to prevent bad aliases from being produced.
147
-
148
- * Changed Authorization::Attribute#validate? [Brian Langenfeld]
149
- * Encountering a nil value when evaluating an attribute now raises a NilAttributeValueError, instead of an AuthorizationError. We leave it to the caller to decide what to do about it.
150
-
151
- * Changed Authorization::Engine#permit! [Brian Langenfeld]
152
- * We now convert incoming privileges to symbols (e.g. 'read' is made equivalent to :read). This ensures the privileges will match those defined in the authorization rules file.
153
- * The method now properly infers context when checking against an association (e.g. user.posts). We do this by leveraging ActiveRecord builder method 'new' to instantiate a proper object we can work with.
154
- * When testing rules for positive results (via Authorization::Attribute#validate?), we now rescue NilAttributeValueError exceptions, simply causing the rule to return a negative result (instead of barfing).
155
-
156
- * Changed Authorization::ObligationScope#rebuild_join_options! [Brian Langenfeld]
157
- * If we're dealing with multiple obligations we have to check (i.e. ones that result in OR'd conditions), we now use :include instead of :joins for our generated scope. This does seem like a kludge, but until ActiveRecord scopes support unions (for checking obligations individually and consolidating the results), we don't have much choice. Something to revisit later, for sure.
158
-
159
- ** RELEASE 0.2 (February 2, 2009) **
160
-
161
- * added negative operators: is_not, not_in, does_not_contain [sb]
162
-
163
- * changed user.roles to user.role_symbols to reduce interferance with associations [sb]
164
-
165
- * Ruby 1.9 and Rails 2.3 compatibility [sb]
166
-
167
- * if_permitted_to for has_permission_on blocks for DRYer auth rules [sb]
168
-
169
- * ObligationScope rewrite of query rewriting [Brian Langenfeld]
170
-
171
- * changed exception hierarchy to begin at StandardError [sb]
172
-
173
- * :is_in operator [sb]
174
-
175
- * added has_role? helper [sb]
176
-
177
- * made plugin thread-safe [sb]
178
-
179
- * added maintenance and test helpers [sb]
180
-
181
- * changed default permission denied response to 403 Forbidden [sb]
182
-
183
- * descriptions for titles and roles [sb]
184
-
185
- * fixed for PostgreSQL [Mark Mansour]
186
-
187
- * improved DSL syntax: allow for array of contexts in has_permission_on [sb]
188
-
189
- ** RELEASE 0.1 (August 22, 2008) **
1
+ ** RELEASE 0.5.7 (Mar 10, 2013)
2
+
3
+ * Ruby 2.0 compatibility [jhawthorn]
4
+
5
+ ** RELEASE 0.5.6 (Sep 23, 2012)
6
+
7
+ * Fix handling of stray object associations [jhawthorn]
8
+
9
+ * Improve test infrastructure [jhawthorn]
10
+
11
+ * Allow decl_auth to be used without ActiveRecord [bterkuile]
12
+
13
+ * Rule reloading in development based on changes [urkle/sb]
14
+
15
+ ** RELEASE 0.5.5 (Jan 10, 2012)
16
+
17
+ * Update of handling of association proxies for Rails 3.2
18
+
19
+ ** RELEASE 0.5.4 (Nov 30, 2011)
20
+
21
+ * Cumulative loading of authorization rules [Damian Curso/sb]
22
+
23
+ * Improved used_privileges rake task [urkle]
24
+
25
+ * Performance improvements [John Hawthorn]
26
+
27
+ ** RELEASE 0.5.3 (May 25, 2011)
28
+
29
+ * Bugfixes and documentation cleanup
30
+
31
+ * Rails 3.1.rc1 compatibility [sb]
32
+
33
+ * Added has_any_role?, has_any_role_with_hierarchy? [t.pickett66]
34
+
35
+ * Allow changing the default role [dbloete]
36
+
37
+ ** RELEASE 0.5.2 (Dec 31, 2010) **
38
+
39
+ * Bugfixes and documentation updates
40
+
41
+ ** RELEASE 0.5.1 (Sep 12, 2010) **
42
+
43
+ ** RELEASE 0.5 (July 21, 2010) **
44
+
45
+ * Ruby 1.9.2 compatibility [sb]
46
+
47
+ * Comparisons in authorization roles: lt, lte, gt, gte [aepstein,hollownest]
48
+
49
+ * DSL optimization: allow array being passed to to
50
+
51
+ * Omnipotent roles [timcharper]
52
+
53
+ * Meaningful error in case of missing authorization rules file [timcharper]
54
+
55
+ * Rails 3 support [sb]
56
+
57
+ * Support shallow nested resources [jjb]
58
+
59
+ * Allow multiple authorization rules files [kaichen]
60
+
61
+ ** RELEASE 0.4 (November 15, 2009) **
62
+
63
+ * Implemented controller namespace handling [sb]
64
+
65
+ * Improved if_attribute to allow nesting of has_many associations [sb]
66
+
67
+ * Improved if_permitted_to: allow has_many associations and improved context inference [sb]
68
+
69
+ * Added option on handling non-existant auto-loaded object [sb]
70
+
71
+ * Added with_user as module method [sb]
72
+
73
+ * Change support i18n [sb]
74
+
75
+ ** RELEASE 0.3.2.3 (October 12, 2009) **
76
+
77
+ * Switched to gemcutter [sb]
78
+
79
+ * Fixed has_role? for guest user. Closes #8 [sb]
80
+
81
+ * Fixed unnecessary DB query with named scopes [sb, ledermann]
82
+
83
+ * Change support: suggestions: grouping, sorting by affected users [sb]
84
+
85
+ * Fixed context inference from AR objects for STI by switching to #class.name.tableize [sb]
86
+
87
+ * Allow multiple contexts as arguments to has_permission_on [Jeroen van Dijk]
88
+
89
+ ** RELEASE 0.3.2.2 (August 27, 2009) **
90
+
91
+ * Fix without_access_control test cases [sb]
92
+
93
+ * Fixed error on debug logging (Closes #6) [sb]
94
+
95
+ * Fixed without_access_control instance method in TestHelper [sb]
96
+
97
+ ** RELEASE 0.3.2.1 (August 14, 2009) **
98
+
99
+ * Fix gemspec for Rdoc generation [sb]
100
+
101
+ ** RELEASE 0.3.2 (August 13, 2009) **
102
+
103
+ * Fix for model-level permitted_to?/! [sb]
104
+
105
+ ** RELEASE 0.3.1 (August 12, 2009) **
106
+
107
+ * Change Support: Suggestion grouping, sort by affected users [sb]
108
+
109
+ * Changed context derived from objects to #class.name.tableize to fix STI [sb]
110
+
111
+ * Simplified controller authorization with filter_resource_access [sb]
112
+
113
+ * Allow passing explicit context in addition to object in permitted_to? [Olly Lylo, sb]
114
+
115
+ * Change Supporter: suggest changes to authorization rules [sb]
116
+
117
+ * Added permitted_to!/? in model [Eike Carls]
118
+
119
+ * New test helper: should_(not_)_be_allowed_to(privilege, object_or_context) [sb]
120
+
121
+ ** RELEASE 0.3 (April 20, 2009) **
122
+
123
+ * New option :join_by for has_permission_on to allow AND'ing of statements in one has_permission_on block [sb]
124
+
125
+ * Allow using_access_control to be called directly on ActiveRecord::Base, globally enabling model security [sb]
126
+
127
+ * New operator: intersects_with, comparing two Enumerables in if_attribute [sb]
128
+
129
+ * Improved if_permitted_to syntax: if the attribute is left out, permissions are checked on for the current object [sb]
130
+
131
+ * Added #has_role_with_hierarchy? method to retrieve explicit and calculated roles [jeremyf]
132
+
133
+ * Added a simple rules analyzer to help improve authorization rules [sb]
134
+
135
+ * Gemified plugin. Needed to restructure the lib path contents [sb]
136
+
137
+ * Added handling of Authorization::AuthorizationInController::ClassMethods.filter_access_to parameters that are of the form [:show, :update] instead of just :show, :update. [jeremyf]
138
+
139
+ * Added authorization usage helper for checking filter_access_to usage in controllers [sb]
140
+
141
+ * Added a authorization rules browser. See README for more information [sb]
142
+
143
+ * Added Model.using_access_control? to check if a model has model security activated [sb]
144
+
145
+ * Changed Authorization::ObligationScope#map_table_alias_for [Brian Langenfeld]
146
+ * Fixed to prevent bad aliases from being produced.
147
+
148
+ * Changed Authorization::Attribute#validate? [Brian Langenfeld]
149
+ * Encountering a nil value when evaluating an attribute now raises a NilAttributeValueError, instead of an AuthorizationError. We leave it to the caller to decide what to do about it.
150
+
151
+ * Changed Authorization::Engine#permit! [Brian Langenfeld]
152
+ * We now convert incoming privileges to symbols (e.g. 'read' is made equivalent to :read). This ensures the privileges will match those defined in the authorization rules file.
153
+ * The method now properly infers context when checking against an association (e.g. user.posts). We do this by leveraging ActiveRecord builder method 'new' to instantiate a proper object we can work with.
154
+ * When testing rules for positive results (via Authorization::Attribute#validate?), we now rescue NilAttributeValueError exceptions, simply causing the rule to return a negative result (instead of barfing).
155
+
156
+ * Changed Authorization::ObligationScope#rebuild_join_options! [Brian Langenfeld]
157
+ * If we're dealing with multiple obligations we have to check (i.e. ones that result in OR'd conditions), we now use :include instead of :joins for our generated scope. This does seem like a kludge, but until ActiveRecord scopes support unions (for checking obligations individually and consolidating the results), we don't have much choice. Something to revisit later, for sure.
158
+
159
+ ** RELEASE 0.2 (February 2, 2009) **
160
+
161
+ * added negative operators: is_not, not_in, does_not_contain [sb]
162
+
163
+ * changed user.roles to user.role_symbols to reduce interferance with associations [sb]
164
+
165
+ * Ruby 1.9 and Rails 2.3 compatibility [sb]
166
+
167
+ * if_permitted_to for has_permission_on blocks for DRYer auth rules [sb]
168
+
169
+ * ObligationScope rewrite of query rewriting [Brian Langenfeld]
170
+
171
+ * changed exception hierarchy to begin at StandardError [sb]
172
+
173
+ * :is_in operator [sb]
174
+
175
+ * added has_role? helper [sb]
176
+
177
+ * made plugin thread-safe [sb]
178
+
179
+ * added maintenance and test helpers [sb]
180
+
181
+ * changed default permission denied response to 403 Forbidden [sb]
182
+
183
+ * descriptions for titles and roles [sb]
184
+
185
+ * fixed for PostgreSQL [Mark Mansour]
186
+
187
+ * improved DSL syntax: allow for array of contexts in has_permission_on [sb]
188
+
189
+ ** RELEASE 0.1 (August 22, 2008) **
data/Gemfile CHANGED
@@ -1,7 +1,7 @@
1
- source 'http://rubygems.org'
2
-
3
- gemspec
4
-
5
- gem 'appraisal', '~> 2.1'
6
- gem 'mocha', '~> 1.0', require: false
7
- gem 'sqlite3'
1
+ source 'http://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ gem 'appraisal', '~> 2.1'
6
+ gem 'mocha', '~> 1.0', require: false
7
+ gem 'sqlite3'