RubyGems - aegis - Versions diffs - 1.1.3 - Mend

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

data/.gitignore +3 -0
data/MIT-LICENSE +20 -0
data/README.rdoc +176 -0
data/Rakefile +37 -0
data/VERSION +1 -0
data/aegis.gemspec +92 -0
data/lib/aegis.rb +9 -0
data/lib/aegis/constants.rb +6 -0
data/lib/aegis/has_role.rb +77 -0
data/lib/aegis/normalization.rb +26 -0
data/lib/aegis/permission_error.rb +5 -0
data/lib/aegis/permission_evaluator.rb +34 -0
data/lib/aegis/permissions.rb +108 -0
data/lib/aegis/role.rb +55 -0
data/lib/rails/active_record.rb +5 -0
data/test/app_root/app/controllers/application_controller.rb +2 -0
data/test/app_root/app/models/permissions.rb +49 -0
data/test/app_root/app/models/soldier.rb +5 -0
data/test/app_root/app/models/user.rb +6 -0
data/test/app_root/config/boot.rb +114 -0
data/test/app_root/config/database.yml +21 -0
data/test/app_root/config/environment.rb +14 -0
data/test/app_root/config/environments/in_memory.rb +0 -0
data/test/app_root/config/environments/mysql.rb +0 -0
data/test/app_root/config/environments/postgresql.rb +0 -0
data/test/app_root/config/environments/sqlite.rb +0 -0
data/test/app_root/config/environments/sqlite3.rb +0 -0
data/test/app_root/config/routes.rb +4 -0
data/test/app_root/db/migrate/20090408115228_create_users.rb +14 -0
data/test/app_root/db/migrate/20090429075648_create_soldiers.rb +16 -0
data/test/app_root/lib/console_with_fixtures.rb +4 -0
data/test/app_root/log/.gitignore +1 -0
data/test/app_root/script/console +7 -0
data/test/has_role_options_test.rb +28 -0
data/test/has_role_test.rb +39 -0
data/test/permissions_test.rb +92 -0
data/test/test_helper.rb +23 -0
data/test/validation_test.rb +49 -0
metadata +111 -0

data/lib/aegis/permission_error.rb ADDED Viewed

@@ -0,0 +1,5 @@
+module Aegis
+  class PermissionError < StandardError
+  end
+end

data/lib/aegis/permission_evaluator.rb ADDED Viewed

@@ -0,0 +1,34 @@
+module Aegis
+  class PermissionEvaluator
+	def initialize(role)
+	  @role = role
+	end
+	def evaluate(permissions, rule_args)
+	  @result = @role.allow_by_default?
+	  permissions.each do |permission|
+		instance_exec(*rule_args, &permission)
+	  end
+	  @result
+	end
+	def allow(*role_name_or_names, &block)
+	  rule_encountered(role_name_or_names, true, &block)
+	end
+	def deny(*role_name_or_names, &block)
+	  rule_encountered(role_name_or_names, false, &block)
+	end
+	def rule_encountered(role_name_or_names, is_allow, &block)
+	  role_names = Array(role_name_or_names)
+	  if role_names.include?(@role.name) || role_names.include?(Aegis::Constants::EVERYONE_ROLE_NAME)
+		@result = (block ? block.call : true)
+		@result = !@result unless is_allow
+	  end
+	end
+  end
+end

data/lib/aegis/permissions.rb ADDED Viewed

@@ -0,0 +1,108 @@
+module Aegis
+  class Permissions
+    def self.inherited(base)
+      base.class_eval do
+        @roles_by_name = {}
+        @permission_blocks = Hash.new { |hash, key| hash[key] = [] }
+        extend ClassMethods
+      end
+    end
+    module ClassMethods
+      def role(role_name, options = {})
+        role_name = role_name.to_sym
+        role_name != Aegis::Constants::EVERYONE_ROLE_NAME or raise "Cannot define a role named: #{Aegis::Constants::EVERYONE_ROLE_NAME}"
+        @roles_by_name[role_name] = Aegis::Role.new(role_name, self, options)
+      end
+      def find_all_role_names
+        @roles_by_name.keys
+      end
+      def find_all_roles
+        @roles_by_name.values.sort
+      end
+      def find_role_by_name(name)
+        # cannot call :to_sym on nil or an empty string
+        if name.blank?
+          nil
+        else
+          @roles_by_name[name.to_sym]
+        end
+      end
+      def find_role_by_name!(name)
+        find_role_by_name(name) or raise "Undefined role: #{name}"
+      end
+      def permission(*permission_name_or_names, &block)
+        permission_names = Array(permission_name_or_names).map(&:to_s)
+        permission_names.each do |permission_name|
+          add_split_crud_permission(permission_name, &block)
+        end
+      end
+      def may?(role_or_role_name, permission, *args)
+        role = role_or_role_name.is_a?(Aegis::Role) ? role_or_role_name : find_role_by_name(role_or_role_name)
+        blocks = @permission_blocks[permission.to_sym]
+        evaluate_permission_blocks(role, blocks, *args)
+      end
+      def evaluate_permission_blocks(role, blocks, *args)
+    evaluator = Aegis::PermissionEvaluator.new(role)
+    evaluator.evaluate(blocks, args)
+      end
+      def denied?(*args)
+        !allowed?(*args)
+      end
+      private
+      def add_split_crud_permission(permission_name, &block)
+        if permission_name =~ /^crud_(.+?)$/
+          target = $1
+          Aegis::Constants::CRUD_VERBS.each do |verb|
+            add_normalized_permission("#{verb}_#{target}", &block)
+          end
+        else
+          add_normalized_permission(permission_name, &block)
+        end
+      end
+      def add_normalized_permission(permission_name, &block)
+        normalized_permission_name = Aegis::Normalization.normalize_permission(permission_name)
+        add_singularized_permission(normalized_permission_name, &block)
+      end
+      def add_singularized_permission(permission_name, &block)
+        if permission_name =~ /^([^_]+?)_(.+?)$/
+          verb = $1
+          target = $2
+          singular_target = target.singularize
+          if singular_target.length < target.length
+            singular_block = lambda do |*args|
+        args.delete_at 1
+        instance_exec(*args, &block)
+            end
+            singular_permission_name = "#{verb}_#{singular_target}"
+            add_permission(singular_permission_name, &singular_block)
+          end
+        end
+        add_permission(permission_name, &block)
+      end
+      def add_permission(permission_name, &block)
+        permission_name = permission_name.to_sym
+        @permission_blocks[permission_name] << block
+      end
+    end # module ClassMethods
+  end # class Permissions
+end # module Aegis

data/lib/aegis/role.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module Aegis
+  class Role
+    attr_reader :name, :default_permission
+    # permissions is a hash like: permissions[:edit_user] = lambda { |user| ... }
+    def initialize(name, permissions, options)
+      @name = name
+      @permissions = permissions
+      @default_permission = options[:default_permission] == :allow ? :allow : :deny
+      freeze
+    end
+    def allow_by_default?
+      @default_permission == :allow
+    end
+    def may?(permission, *args)
+      # puts "may? #{permission}, #{args}"
+      @permissions.may?(self, permission, *args)
+    end
+    def <=>(other)
+      name.to_s <=> other.name.to_s
+    end
+    def to_s
+      name.to_s.humanize
+    end
+    def id
+      name.to_s
+    end
+    private
+    def method_missing(symb, *args)
+      method_name = symb.to_s
+      if method_name =~ /^may_(.+)(\?|\!)$/
+        permission, severity = $1, $2
+        permission = Aegis::Normalization.normalize_permission(permission)
+        may = may?(permission, *args)
+        if severity == '!' && !may
+          raise PermissionError, "Access denied: #{permission}"
+        else
+          may
+        end
+      else
+        super
+      end
+    end
+  end
+end

data/lib/rails/active_record.rb ADDED Viewed

@@ -0,0 +1,5 @@
+ActiveRecord::Base.class_eval do
+  extend Aegis::HasRole
+end

data/test/app_root/app/controllers/application_controller.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ class ApplicationController < ActionController::Base
2	+ end

data/test/app_root/app/models/permissions.rb ADDED Viewed

@@ -0,0 +1,49 @@
+class Permissions < Aegis::Permissions
+  role :guest
+  role :student
+  role :admin, :default_permission => :allow
+  permission :use_empty do
+  end
+  permission :use_simple do
+    allow :student
+    deny :admin
+  end
+  permission :update_users do
+    allow :student
+    deny :admin
+  end
+  permission :crud_projects do
+    allow :student
+  end
+  permission :edit_drinks do
+    allow :student
+    deny :admin
+  end
+  permission :hug do
+    allow :everyone
+  end
+  permission :divide do |user, left, right|
+    allow :student do
+      right != 0
+    end
+  end
+  permission :draw do
+    allow :everyone
+  end
+  permission :draw do
+    deny :student
+    deny :admin
+  end
+end

data/test/app_root/app/models/soldier.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class Soldier < ActiveRecord::Base
+  has_role :name_accessor => "rank"
+end

data/test/app_root/app/models/user.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class User < ActiveRecord::Base
+  has_role
+  validates_role_name
+end

data/test/app_root/config/boot.rb ADDED Viewed

@@ -0,0 +1,114 @@
+# Allow customization of the rails framework path
+RAILS_FRAMEWORK_ROOT = (ENV['RAILS_FRAMEWORK_ROOT'] || "#{File.dirname(__FILE__)}/../../../../../../vendor/rails") unless defined?(RAILS_FRAMEWORK_ROOT)
+# Don't change this file!
+# Configure your app in config/environment.rb and config/environments/*.rb
+RAILS_ROOT = "#{File.dirname(__FILE__)}/.." unless defined?(RAILS_ROOT)
+module Rails
+  class << self
+    def boot!
+      unless booted?
+        preinitialize
+        pick_boot.run
+      end
+    end
+    def booted?
+      defined? Rails::Initializer
+    end
+    def pick_boot
+      (vendor_rails? ? VendorBoot : GemBoot).new
+    end
+    def vendor_rails?
+      File.exist?(RAILS_FRAMEWORK_ROOT)
+    end
+    def preinitialize
+      load(preinitializer_path) if File.exist?(preinitializer_path)
+    end
+    def preinitializer_path
+      "#{RAILS_ROOT}/config/preinitializer.rb"
+    end
+  end
+  class Boot
+    def run
+      load_initializer
+      Rails::Initializer.run(:set_load_path)
+    end
+  end
+  class VendorBoot < Boot
+    def load_initializer
+      require "#{RAILS_FRAMEWORK_ROOT}/railties/lib/initializer"
+      Rails::Initializer.run(:install_gem_spec_stubs)
+    end
+  end
+  class GemBoot < Boot
+    def load_initializer
+      self.class.load_rubygems
+      load_rails_gem
+      require 'initializer'
+    end
+    def load_rails_gem
+      if version = self.class.gem_version
+        gem 'rails', version
+      else
+        gem 'rails'
+      end
+    rescue Gem::LoadError => load_error
+      $stderr.puts %(Missing the Rails #{version} gem. Please `gem install -v=#{version} rails`, update your RAILS_GEM_VERSION setting in config/environment.rb for the Rails version you do have installed, or comment out RAILS_GEM_VERSION to use the latest version installed.)
+      exit 1
+    end
+    class << self
+      def rubygems_version
+        Gem::RubyGemsVersion rescue nil
+      end
+      def gem_version
+        if defined? RAILS_GEM_VERSION
+          RAILS_GEM_VERSION
+        elsif ENV.include?('RAILS_GEM_VERSION')
+          ENV['RAILS_GEM_VERSION']
+        else
+          parse_gem_version(read_environment_rb)
+        end
+      end
+      def load_rubygems
+        require 'rubygems'
+        min_version = '1.1.1'
+        unless rubygems_version >= min_version
+          $stderr.puts %Q(Rails requires RubyGems >= #{min_version} (you have #{rubygems_version}). Please `gem update --system` and try again.)
+          exit 1
+        end
+      rescue LoadError
+        $stderr.puts %Q(Rails requires RubyGems >= #{min_version}. Please install RubyGems and try again: http://rubygems.rubyforge.org)
+        exit 1
+      end
+      def parse_gem_version(text)
+        $1 if text =~ /^[^#]*RAILS_GEM_VERSION\s*=\s*["']([!~<>=]*\s*[\d.]+)["']/
+      end
+      private
+        def read_environment_rb
+          environment_rb = "#{RAILS_ROOT}/config/environment.rb"
+          environment_rb = "#{HELPER_RAILS_ROOT}/config/environment.rb" unless File.exists?(environment_rb)
+          File.read(environment_rb)
+        end
+    end
+  end
+end
+# All that for this:
+Rails.boot!

data/test/app_root/config/database.yml ADDED Viewed

@@ -0,0 +1,21 @@
+in_memory:
+  adapter: sqlite3
+  database: ":memory:"
+  verbosity: quiet
+sqlite:
+  adapter: sqlite
+  dbfile: plugin_test.sqlite.db
+sqlite3:
+  adapter: sqlite3
+  dbfile: plugin_test.sqlite3.db
+postgresql:
+  adapter: postgresql
+  username: postgres
+  password: postgres
+  database: plugin_test
+mysql:
+  adapter: mysql
+  host: localhost
+  username: root
+  password:
+  database: plugin_test

data/test/app_root/config/environment.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require File.join(File.dirname(__FILE__), 'boot')
+Rails::Initializer.run do |config|
+  config.cache_classes = false
+  config.whiny_nils = true
+  config.action_controller.session = { :key => "_myapp_session", :secret => "gwirofjweroijger8924rt2zfwehfuiwehb1378rifowenfoqwphf23" }
+  config.plugin_locators.unshift(
+    Class.new(Rails::Plugin::Locator) do
+      def plugins
+        [Rails::Plugin.new(File.expand_path('.'))]
+      end
+    end
+  ) unless defined?(PluginTestHelper::PluginLocator)
+end

data/test/app_root/config/environments/in_memory.rb ADDED Viewed

File without changes

data/test/app_root/config/environments/mysql.rb ADDED Viewed

File without changes

data/test/app_root/config/environments/postgresql.rb ADDED Viewed

File without changes

aegis 1.1.3