aegis 1.1.3 → 1.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. data/README.rdoc +16 -4
  2. data/VERSION +1 -1
  3. data/aegis.gemspec +4 -2
  4. data/lib/aegis/has_role.rb +7 -5
  5. data/lib/aegis.rb +3 -2
  6. data/test/app_root/app/models/user_subclass.rb +2 -0
  7. data/test/has_role_test.rb +5 -0
  8. data/test/permissions_test.rb +17 -0
  9. metadata +4 -2
data/README.rdoc CHANGED
@@ -5,13 +5,13 @@ Aegis allows you to manage fine-grained, complex permission for user accounts in
5
5
  == Installation
6
6
 
7
7
  Add the following to your <tt>Initializer.run</tt> block in your <tt>environment.rb</tt>:
8
- config.gem 'makandra-aegis', :lib => 'aegis', :source => 'http://gems.github.com'
8
+ config.gem 'aegis', :source => 'http://gemcutter.org'
9
9
  Then do a
10
10
  sudo rake gems:install
11
11
 
12
12
  Alternatively, use
13
- sudo gem sources -a http://gems.github.com
14
- sudo gem install makandra-aegis
13
+ sudo gem sources -a http://gemcutter.org
14
+ sudo gem install aegis
15
15
 
16
16
  == Example
17
17
 
@@ -169,8 +169,20 @@ role, the later one always wins. That is
169
169
  end
170
170
  will work as expected.
171
171
 
172
+ === Our stance on multiple roles per user
173
+
174
+ We believe that you should only distinguish roles that have different ways of resolving their permissions. A typical set of roles would be
175
+
176
+ * anonymous guest (has access to nothing with some exceptions)
177
+ * signed up user (has access to some things depending on its attributes and associations)
178
+ * administrator (has access to everything)
179
+
180
+ We don't do multiple, parametrized roles like "leader for project #2" and "author of post #7".
181
+ That would be reinventing associations. Just use a single :user role and let your permission block
182
+ query regular associations and attributes.
183
+
172
184
  === Credits
173
185
 
174
186
  Henning Koch, Tobias Kraze
175
187
 
176
- {link www.makandra.de}[http://www.makandra.de/]
188
+ {link www.makandra.de}[http://www.makandra.de/]
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.1.3
1
+ 1.1.4
data/aegis.gemspec CHANGED
@@ -2,11 +2,11 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = %q{aegis}
5
- s.version = "1.1.3"
5
+ s.version = "1.1.4"
6
6
 
7
7
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
8
8
  s.authors = ["Henning Koch"]
9
- s.date = %q{2009-10-15}
9
+ s.date = %q{2009-11-05}
10
10
  s.description = %q{Aegis is a role-based permission system, where all users are given a role. It is possible to define detailed and complex permissions for each role very easily.}
11
11
  s.email = %q{github@makandra.de}
12
12
  s.extra_rdoc_files = [
@@ -32,6 +32,7 @@ Gem::Specification.new do |s|
32
32
  "test/app_root/app/models/permissions.rb",
33
33
  "test/app_root/app/models/soldier.rb",
34
34
  "test/app_root/app/models/user.rb",
35
+ "test/app_root/app/models/user_subclass.rb",
35
36
  "test/app_root/config/boot.rb",
36
37
  "test/app_root/config/database.yml",
37
38
  "test/app_root/config/environment.rb",
@@ -60,6 +61,7 @@ Gem::Specification.new do |s|
60
61
  s.test_files = [
61
62
  "test/app_root/app/models/permissions.rb",
62
63
  "test/app_root/app/models/soldier.rb",
64
+ "test/app_root/app/models/user_subclass.rb",
63
65
  "test/app_root/app/models/user.rb",
64
66
  "test/app_root/app/controllers/application_controller.rb",
65
67
  "test/app_root/config/environment.rb",
data/lib/aegis/has_role.rb CHANGED
@@ -21,15 +21,17 @@ module Aegis
21
21
 
22
22
  self.class_eval do
23
23
 
24
- @aegis_role_name_reader = (options[:name_reader] || "role_name").to_sym
25
- @aegis_role_name_writer = (options[:name_writer] || "role_name=").to_sym
26
-
24
+ class_inheritable_accessor :aegis_role_name_reader, :aegis_role_name_writer
25
+
26
+ self.aegis_role_name_reader = (options[:name_reader] || "role_name").to_sym
27
+ self.aegis_role_name_writer = (options[:name_writer] || "role_name=").to_sym
28
+
27
29
  def aegis_role_name_reader
28
- self.class.class_eval{ @aegis_role_name_reader }
30
+ self.class.class_eval{ aegis_role_name_reader }
29
31
  end
30
32
 
31
33
  def aegis_role_name_writer
32
- self.class.class_eval{ @aegis_role_name_writer }
34
+ self.class.class_eval{ aegis_role_name_writer }
33
35
  end
34
36
 
35
37
  def aegis_role_name
data/lib/aegis.rb CHANGED
@@ -1,9 +1,10 @@
1
1
  # Include hook code here
2
2
  require 'aegis/constants'
3
+ require 'aegis/has_role'
3
4
  require 'aegis/normalization'
4
5
  require 'aegis/permission_error'
5
- require 'aegis/role'
6
+ require 'aegis/permission_evaluator'
6
7
  require 'aegis/permissions'
7
- require 'aegis/has_role'
8
+ require 'aegis/role'
8
9
  require 'rails/active_record'
9
10
 
data/test/app_root/app/models/user_subclass.rb ADDED
@@ -0,0 +1,2 @@
1
+ class UserSubclass < User
2
+ end
data/test/has_role_test.rb CHANGED
@@ -7,12 +7,14 @@ class HasRoleTest < ActiveSupport::TestCase
7
7
  setup do
8
8
  @guest = User.new(:role_name => "guest")
9
9
  @student = User.new(:role_name => "student")
10
+ @student_subclass = UserSubclass.new(:role_name => "student")
10
11
  @admin = User.new(:role_name => "admin")
11
12
  end
12
13
 
13
14
  should "know their role" do
14
15
  assert :guest, @guest.role.name
15
16
  assert :student, @student.role.name
17
+ assert :student_subclass, @student.role.name
16
18
  assert :admin, @admin.role.name
17
19
  end
18
20
 
@@ -21,8 +23,11 @@ class HasRoleTest < ActiveSupport::TestCase
21
23
  assert !@guest.student?
22
24
  assert !@guest.admin?
23
25
  assert !@student.guest?
26
+ assert !@student_subclass.guest?
24
27
  assert @student.student?
28
+ assert @student_subclass.student?
25
29
  assert !@student.admin?
30
+ assert !@student_subclass.admin?
26
31
  assert !@admin.guest?
27
32
  assert !@admin.student?
28
33
  assert @admin.admin?
data/test/permissions_test.rb CHANGED
@@ -7,18 +7,21 @@ class PermissionsTest < ActiveSupport::TestCase
7
7
  setup do
8
8
  @guest = User.new(:role_name => "guest")
9
9
  @student = User.new(:role_name => "student")
10
+ @student_subclass = UserSubclass.new(:role_name => "student")
10
11
  @admin = User.new(:role_name => "admin")
11
12
  end
12
13
 
13
14
  should "use the default permission for actions without any allow or grant directives" do
14
15
  assert !@guest.may_use_empty?
15
16
  assert !@student.may_use_empty?
17
+ assert !@student_subclass.may_use_empty?
16
18
  assert @admin.may_use_empty?
17
19
  end
18
20
 
19
21
  should "understand simple allow and deny directives" do
20
22
  assert !@guest.may_use_simple?
21
23
  assert @student.may_use_simple?
24
+ assert @student_subclass.may_use_simple?
22
25
  assert !@admin.may_use_simple?
23
26
  end
24
27
 
@@ -34,6 +37,7 @@ class PermissionsTest < ActiveSupport::TestCase
34
37
  should 'do nothing if an allowed action is queried with an exclamation mark' do
35
38
  assert_nothing_raised do
36
39
  @student.may_use_simple!
40
+ @student_subclass.may_use_simple!
37
41
  end
38
42
  end
39
43
 
@@ -41,49 +45,62 @@ class PermissionsTest < ActiveSupport::TestCase
41
45
  assert !@guest.may_update_users?
42
46
  assert !@guest.may_update_user?("foo")
43
47
  assert @student.may_update_users?
48
+ assert @student_subclass.may_update_users?
44
49
  assert @student.may_update_user?("foo")
50
+ assert @student_subclass.may_update_user?("foo")
45
51
  assert !@admin.may_update_users?
46
52
  assert !@admin.may_update_user?("foo")
47
53
  end
48
54
 
49
55
  should 'implicate create, read, update and destroy forms for actions named "crud_..."' do
50
56
  assert @student.may_create_projects?
57
+ assert @student_subclass.may_create_projects?
51
58
  assert @student.may_read_projects?
59
+ assert @student_subclass.may_read_projects?
52
60
  assert @student.may_update_projects?
61
+ assert @student_subclass.may_update_projects?
53
62
  assert @student.may_destroy_projects?
63
+ assert @student_subclass.may_destroy_projects?
54
64
  end
55
65
 
56
66
  should 'perform normalization of CRUD verbs (e.g. "edit" and "update")' do
57
67
  assert !@guest.may_edit_drinks?
58
68
  assert @student.may_edit_drinks?
69
+ assert @student_subclass.may_edit_drinks?
59
70
  assert !@admin.may_edit_drinks?
60
71
  assert !@guest.may_update_drinks?
61
72
  assert @student.may_update_drinks?
73
+ assert @student_subclass.may_update_drinks?
62
74
  assert !@admin.may_update_drinks?
63
75
  end
64
76
 
65
77
  should "be able to grant or deny actions to all roles using :everyone" do
66
78
  assert @guest.may_hug?
67
79
  assert @student.may_hug?
80
+ assert @student_subclass.may_hug?
68
81
  assert @admin.may_hug?
69
82
  end
70
83
 
71
84
  should "allow the definition of parametrized actions" do
72
85
  assert !@guest.may_divide?(10, 2)
73
86
  assert @student.may_divide?(10, 2)
87
+ assert @student_subclass.may_divide?(10, 2)
74
88
  assert !@student.may_divide?(10, 0)
89
+ assert !@student_subclass.may_divide?(10, 0)
75
90
  assert @admin.may_divide?(10, 2)
76
91
  assert @admin.may_divide?(10, 0)
77
92
  end
78
93
 
79
94
  should 'use default permissions for undefined actions' do
80
95
  !@student.may_do_undefined_stuff?("foo")
96
+ !@student_subclass.may_do_undefined_stuff?("foo")
81
97
  @admin.may_do_undefined_stuff?("foo")
82
98
  end
83
99
 
84
100
  should 'overshadow previous action definitions with the same name' do
85
101
  assert @guest.may_draw?
86
102
  assert !@student.may_draw?
103
+ assert !@student_subclass.may_draw?
87
104
  assert !@admin.may_draw?
88
105
  end
89
106
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aegis
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.3
4
+ version: 1.1.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Henning Koch
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-10-15 00:00:00 +02:00
12
+ date: 2009-11-05 00:00:00 +01:00
13
13
  default_executable:
14
14
  dependencies: []
15
15
 
@@ -41,6 +41,7 @@ files:
41
41
  - test/app_root/app/models/permissions.rb
42
42
  - test/app_root/app/models/soldier.rb
43
43
  - test/app_root/app/models/user.rb
44
+ - test/app_root/app/models/user_subclass.rb
44
45
  - test/app_root/config/boot.rb
45
46
  - test/app_root/config/database.yml
46
47
  - test/app_root/config/environment.rb
@@ -91,6 +92,7 @@ summary: Role-based permissions for your user models.
91
92
  test_files:
92
93
  - test/app_root/app/models/permissions.rb
93
94
  - test/app_root/app/models/soldier.rb
95
+ - test/app_root/app/models/user_subclass.rb
94
96
  - test/app_root/app/models/user.rb
95
97
  - test/app_root/app/controllers/application_controller.rb
96
98
  - test/app_root/config/environment.rb