aegis 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. data/README.rdoc +16 -4
  2. data/VERSION +1 -1
  3. data/aegis.gemspec +4 -2
  4. data/lib/aegis/has_role.rb +7 -5
  5. data/lib/aegis.rb +3 -2
  6. data/test/app_root/app/models/user_subclass.rb +2 -0
  7. data/test/has_role_test.rb +5 -0
  8. data/test/permissions_test.rb +17 -0
  9. metadata +4 -2
data/README.rdoc CHANGED
@@ -5,13 +5,13 @@ Aegis allows you to manage fine-grained, complex permission for user accounts in
5
5
  == Installation
6
6
 
7
7
  Add the following to your <tt>Initializer.run</tt> block in your <tt>environment.rb</tt>:
8
- config.gem 'makandra-aegis', :lib => 'aegis', :source => 'http://gems.github.com'
8
+ config.gem 'aegis', :source => 'http://gemcutter.org'
9
9
  Then do a
10
10
  sudo rake gems:install
11
11
 
12
12
  Alternatively, use
13
- sudo gem sources -a http://gems.github.com
14
- sudo gem install makandra-aegis
13
+ sudo gem sources -a http://gemcutter.org
14
+ sudo gem install aegis
15
15
 
16
16
  == Example
17
17
 
@@ -169,8 +169,20 @@ role, the later one always wins. That is
169
169
  end
170
170
  will work as expected.
171
171
 
172
+ === Our stance on multiple roles per user
173
+
174
+ We believe that you should only distinguish roles that have different ways of resolving their permissions. A typical set of roles would be
175
+
176
+ * anonymous guest (has access to nothing with some exceptions)
177
+ * signed up user (has access to some things depending on its attributes and associations)
178
+ * administrator (has access to everything)
179
+
180
+ We don't do multiple, parametrized roles like "leader for project #2" and "author of post #7".
181
+ That would be reinventing associations. Just use a single :user role and let your permission block
182
+ query regular associations and attributes.
183
+
172
184
  === Credits
173
185
 
174
186
  Henning Koch, Tobias Kraze
175
187
 
176
- {link www.makandra.de}[http://www.makandra.de/]
188
+ {link www.makandra.de}[http://www.makandra.de/]
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.1.3
1
+ 1.1.4
data/aegis.gemspec CHANGED
@@ -2,11 +2,11 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{aegis}
5
- s.version = "1.1.3"
5
+ s.version = "1.1.4"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Henning Koch"]
9
- s.date = %q{2009-10-15}
9
+ s.date = %q{2009-11-05}
10
10
  s.description = %q{Aegis is a role-based permission system, where all users are given a role. It is possible to define detailed and complex permissions for each role very easily.}
11
11
  s.email = %q{github@makandra.de}
12
12
  s.extra_rdoc_files = [
@@ -32,6 +32,7 @@ Gem::Specification.new do |s|
32
32
  "test/app_root/app/models/permissions.rb",
33
33
  "test/app_root/app/models/soldier.rb",
34
34
  "test/app_root/app/models/user.rb",
35
+ "test/app_root/app/models/user_subclass.rb",
35
36
  "test/app_root/config/boot.rb",
36
37
  "test/app_root/config/database.yml",
37
38
  "test/app_root/config/environment.rb",
@@ -60,6 +61,7 @@ Gem::Specification.new do |s|
60
61
  s.test_files = [
61
62
  "test/app_root/app/models/permissions.rb",
62
63
  "test/app_root/app/models/soldier.rb",
64
+ "test/app_root/app/models/user_subclass.rb",
63
65
  "test/app_root/app/models/user.rb",
64
66
  "test/app_root/app/controllers/application_controller.rb",
65
67
  "test/app_root/config/environment.rb",
data/lib/aegis/has_role.rb CHANGED
@@ -21,15 +21,17 @@ module Aegis
21
21
 
22
22
  self.class_eval do
23
23
 
24
- @aegis_role_name_reader = (options[:name_reader] || "role_name").to_sym
25
- @aegis_role_name_writer = (options[:name_writer] || "role_name=").to_sym
26
-
24
+ class_inheritable_accessor :aegis_role_name_reader, :aegis_role_name_writer
25
+
26
+ self.aegis_role_name_reader = (options[:name_reader] || "role_name").to_sym
27
+ self.aegis_role_name_writer = (options[:name_writer] || "role_name=").to_sym
28
+
27
29
  def aegis_role_name_reader
28
- self.class.class_eval{ @aegis_role_name_reader }
30
+ self.class.class_eval{ aegis_role_name_reader }
29
31
  end
30
32
 
31
33
  def aegis_role_name_writer
32
- self.class.class_eval{ @aegis_role_name_writer }
34
+ self.class.class_eval{ aegis_role_name_writer }
33
35
  end
34
36
 
35
37
  def aegis_role_name
data/lib/aegis.rb CHANGED
@@ -1,9 +1,10 @@
1
1
  # Include hook code here
2
2
  require 'aegis/constants'
3
+ require 'aegis/has_role'
3
4
  require 'aegis/normalization'
4
5
  require 'aegis/permission_error'
5
- require 'aegis/role'
6
+ require 'aegis/permission_evaluator'
6
7
  require 'aegis/permissions'
7
- require 'aegis/has_role'
8
+ require 'aegis/role'
8
9
  require 'rails/active_record'
9
10
 
data/test/app_root/app/models/user_subclass.rb ADDED
@@ -0,0 +1,2 @@
1
+ class UserSubclass < User
2
+ end
data/test/has_role_test.rb CHANGED
@@ -7,12 +7,14 @@ class HasRoleTest < ActiveSupport::TestCase
7
7
  setup do
8
8
  @guest = User.new(:role_name => "guest")
9
9
  @student = User.new(:role_name => "student")
10
+ @student_subclass = UserSubclass.new(:role_name => "student")
10
11
  @admin = User.new(:role_name => "admin")
11
12
  end
12
13
 
13
14
  should "know their role" do
14
15
  assert :guest, @guest.role.name
15
16
  assert :student, @student.role.name
17
+ assert :student_subclass, @student.role.name
16
18
  assert :admin, @admin.role.name
17
19
  end
18
20
 
@@ -21,8 +23,11 @@ class HasRoleTest < ActiveSupport::TestCase
21
23
  assert !@guest.student?
22
24
  assert !@guest.admin?
23
25
  assert !@student.guest?
26
+ assert !@student_subclass.guest?
24
27
  assert @student.student?
28
+ assert @student_subclass.student?
25
29
  assert !@student.admin?
30
+ assert !@student_subclass.admin?
26
31
  assert !@admin.guest?
27
32
  assert !@admin.student?
28
33
  assert @admin.admin?
data/test/permissions_test.rb CHANGED
@@ -7,18 +7,21 @@ class PermissionsTest < ActiveSupport::TestCase
7
7
  setup do
8
8
  @guest = User.new(:role_name => "guest")
9
9
  @student = User.new(:role_name => "student")
10
+ @student_subclass = UserSubclass.new(:role_name => "student")
10
11
  @admin = User.new(:role_name => "admin")
11
12
  end
12
13
 
13
14
  should "use the default permission for actions without any allow or grant directives" do
14
15
  assert !@guest.may_use_empty?
15
16
  assert !@student.may_use_empty?
17
+ assert !@student_subclass.may_use_empty?
16
18
  assert @admin.may_use_empty?
17
19
  end
18
20
 
19
21
  should "understand simple allow and deny directives" do
20
22
  assert !@guest.may_use_simple?
21
23
  assert @student.may_use_simple?
24
+ assert @student_subclass.may_use_simple?
22
25
  assert !@admin.may_use_simple?
23
26
  end
24
27
 
@@ -34,6 +37,7 @@ class PermissionsTest < ActiveSupport::TestCase
34
37
  should 'do nothing if an allowed action is queried with an exclamation mark' do
35
38
  assert_nothing_raised do
36
39
  @student.may_use_simple!
40
+ @student_subclass.may_use_simple!
37
41
  end
38
42
  end
39
43
 
@@ -41,49 +45,62 @@ class PermissionsTest < ActiveSupport::TestCase
41
45
  assert !@guest.may_update_users?
42
46
  assert !@guest.may_update_user?("foo")
43
47
  assert @student.may_update_users?
48
+ assert @student_subclass.may_update_users?
44
49
  assert @student.may_update_user?("foo")
50
+ assert @student_subclass.may_update_user?("foo")
45
51
  assert !@admin.may_update_users?
46
52
  assert !@admin.may_update_user?("foo")
47
53
  end
48
54
 
49
55
  should 'implicate create, read, update and destroy forms for actions named "crud_..."' do
50
56
  assert @student.may_create_projects?
57
+ assert @student_subclass.may_create_projects?
51
58
  assert @student.may_read_projects?
59
+ assert @student_subclass.may_read_projects?
52
60
  assert @student.may_update_projects?
61
+ assert @student_subclass.may_update_projects?
53
62
  assert @student.may_destroy_projects?
63
+ assert @student_subclass.may_destroy_projects?
54
64
  end
55
65
 
56
66
  should 'perform normalization of CRUD verbs (e.g. "edit" and "update")' do
57
67
  assert !@guest.may_edit_drinks?
58
68
  assert @student.may_edit_drinks?
69
+ assert @student_subclass.may_edit_drinks?
59
70
  assert !@admin.may_edit_drinks?
60
71
  assert !@guest.may_update_drinks?
61
72
  assert @student.may_update_drinks?
73
+ assert @student_subclass.may_update_drinks?
62
74
  assert !@admin.may_update_drinks?
63
75
  end
64
76
 
65
77
  should "be able to grant or deny actions to all roles using :everyone" do
66
78
  assert @guest.may_hug?
67
79
  assert @student.may_hug?
80
+ assert @student_subclass.may_hug?
68
81
  assert @admin.may_hug?
69
82
  end
70
83
 
71
84
  should "allow the definition of parametrized actions" do
72
85
  assert !@guest.may_divide?(10, 2)
73
86
  assert @student.may_divide?(10, 2)
87
+ assert @student_subclass.may_divide?(10, 2)
74
88
  assert !@student.may_divide?(10, 0)
89
+ assert !@student_subclass.may_divide?(10, 0)
75
90
  assert @admin.may_divide?(10, 2)
76
91
  assert @admin.may_divide?(10, 0)
77
92
  end
78
93
 
79
94
  should 'use default permissions for undefined actions' do
80
95
  !@student.may_do_undefined_stuff?("foo")
96
+ !@student_subclass.may_do_undefined_stuff?("foo")
81
97
  @admin.may_do_undefined_stuff?("foo")
82
98
  end
83
99
 
84
100
  should 'overshadow previous action definitions with the same name' do
85
101
  assert @guest.may_draw?
86
102
  assert !@student.may_draw?
103
+ assert !@student_subclass.may_draw?
87
104
  assert !@admin.may_draw?
88
105
  end
89
106
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aegis
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.3
4
+ version: 1.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Henning Koch
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-10-15 00:00:00 +02:00
12
+ date: 2009-11-05 00:00:00 +01:00
13
13
  default_executable:
14
14
  dependencies: []
15
15
 
@@ -41,6 +41,7 @@ files:
41
41
  - test/app_root/app/models/permissions.rb
42
42
  - test/app_root/app/models/soldier.rb
43
43
  - test/app_root/app/models/user.rb
44
+ - test/app_root/app/models/user_subclass.rb
44
45
  - test/app_root/config/boot.rb
45
46
  - test/app_root/config/database.yml
46
47
  - test/app_root/config/environment.rb
@@ -91,6 +92,7 @@ summary: Role-based permissions for your user models.
91
92
  test_files:
92
93
  - test/app_root/app/models/permissions.rb
93
94
  - test/app_root/app/models/soldier.rb
95
+ - test/app_root/app/models/user_subclass.rb
94
96
  - test/app_root/app/models/user.rb
95
97
  - test/app_root/app/controllers/application_controller.rb
96
98
  - test/app_root/config/environment.rb