aegis 1.1.8 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +4 -0
- data/README.rdoc +58 -165
- data/Rakefile +20 -12
- data/VERSION +1 -1
- data/aegis.gemspec +85 -56
- data/lib/aegis.rb +9 -6
- data/lib/aegis/access_denied.rb +4 -0
- data/lib/aegis/action.rb +99 -0
- data/lib/aegis/compiler.rb +113 -0
- data/lib/aegis/has_role.rb +89 -110
- data/lib/aegis/parser.rb +110 -0
- data/lib/aegis/permissions.rb +164 -107
- data/lib/aegis/resource.rb +158 -0
- data/lib/aegis/role.rb +25 -55
- data/lib/aegis/sieve.rb +39 -0
- data/lib/rails/action_controller.rb +38 -0
- data/lib/rails/active_record.rb +1 -5
- data/spec/action_controller_spec.rb +100 -0
- data/spec/app_root/app/controllers/application_controller.rb +7 -0
- data/spec/app_root/app/controllers/reviews_controller.rb +36 -0
- data/spec/app_root/app/models/permissions.rb +14 -0
- data/spec/app_root/app/models/property.rb +5 -0
- data/spec/app_root/app/models/review.rb +5 -0
- data/{test → spec}/app_root/app/models/user.rb +1 -2
- data/{test → spec}/app_root/config/boot.rb +0 -0
- data/{test → spec}/app_root/config/database.yml +0 -0
- data/{test → spec}/app_root/config/environment.rb +0 -0
- data/{test → spec}/app_root/config/environments/in_memory.rb +0 -0
- data/{test → spec}/app_root/config/environments/mysql.rb +0 -0
- data/{test → spec}/app_root/config/environments/postgresql.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite3.rb +0 -0
- data/spec/app_root/config/routes.rb +7 -0
- data/{test/app_root/db/migrate/20090408115228_create_users.rb → spec/app_root/db/migrate/001_create_users.rb} +2 -1
- data/spec/app_root/db/migrate/002_create_properties.rb +13 -0
- data/spec/app_root/db/migrate/003_create_reviews.rb +14 -0
- data/{test → spec}/app_root/lib/console_with_fixtures.rb +0 -0
- data/{test → spec}/app_root/log/.gitignore +0 -0
- data/{test → spec}/app_root/script/console +0 -0
- data/spec/controllers/reviews_controller_spec.rb +19 -0
- data/spec/has_role_spec.rb +177 -0
- data/spec/permissions_spec.rb +550 -0
- data/spec/rcov.opts +2 -0
- data/spec/spec.opts +4 -0
- data/{test/test_helper.rb → spec/spec_helper.rb} +6 -9
- metadata +73 -57
- data/lib/aegis/constants.rb +0 -6
- data/lib/aegis/normalization.rb +0 -26
- data/lib/aegis/permission_error.rb +0 -5
- data/lib/aegis/permission_evaluator.rb +0 -34
- data/test/app_root/app/controllers/application_controller.rb +0 -2
- data/test/app_root/app/models/old_soldier.rb +0 -6
- data/test/app_root/app/models/permissions.rb +0 -49
- data/test/app_root/app/models/soldier.rb +0 -5
- data/test/app_root/app/models/trust_fund_kid.rb +0 -5
- data/test/app_root/app/models/user_subclass.rb +0 -2
- data/test/app_root/app/models/veteran_soldier.rb +0 -6
- data/test/app_root/config/routes.rb +0 -4
- data/test/app_root/db/migrate/20090429075648_create_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075648_create_veteran_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075649_create_trust_fund_kids.rb +0 -15
- data/test/has_role_options_test.rb +0 -64
- data/test/has_role_test.rb +0 -54
- data/test/permissions_test.rb +0 -109
- data/test/validation_test.rb +0 -55
data/spec/rcov.opts
ADDED
data/spec/spec.opts
ADDED
@@ -1,13 +1,12 @@
|
|
1
|
+
$: << File.join(File.dirname(__FILE__), "/../lib" )
|
2
|
+
|
1
3
|
# Set the default environment to sqlite3's in_memory database
|
2
4
|
ENV['RAILS_ENV'] ||= 'in_memory'
|
3
5
|
|
4
6
|
# Load the Rails environment and testing framework
|
5
7
|
require "#{File.dirname(__FILE__)}/app_root/config/environment"
|
6
8
|
require "#{File.dirname(__FILE__)}/../lib/aegis"
|
7
|
-
require '
|
8
|
-
require 'action_view/test_case' # Load additional test classes not done automatically by < Rails 2.2.2
|
9
|
-
|
10
|
-
require "shoulda"
|
9
|
+
require 'spec/rails'
|
11
10
|
|
12
11
|
# Undo changes to RAILS_ENV
|
13
12
|
silence_warnings {RAILS_ENV = ENV['RAILS_ENV']}
|
@@ -15,9 +14,7 @@ silence_warnings {RAILS_ENV = ENV['RAILS_ENV']}
|
|
15
14
|
# Run the migrations
|
16
15
|
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
|
17
16
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
self.use_instantiated_fixtures = false
|
22
|
-
self.fixture_path = "#{File.dirname(__FILE__)}/fixtures"
|
17
|
+
Spec::Runner.configure do |config|
|
18
|
+
config.use_transactional_fixtures = true
|
19
|
+
config.use_instantiated_fixtures = false
|
23
20
|
end
|
metadata
CHANGED
@@ -1,25 +1,21 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aegis
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 1
|
8
|
-
- 1
|
9
|
-
- 8
|
10
|
-
version: 1.1.8
|
4
|
+
version: 2.0.0
|
11
5
|
platform: ruby
|
12
6
|
authors:
|
13
7
|
- Henning Koch
|
8
|
+
- Tobias Kraze
|
14
9
|
autorequire:
|
15
10
|
bindir: bin
|
16
11
|
cert_chain: []
|
17
12
|
|
18
|
-
date:
|
13
|
+
date: 2010-05-02 00:00:00 +02:00
|
14
|
+
default_executable:
|
19
15
|
dependencies: []
|
20
16
|
|
21
|
-
description: Aegis is
|
22
|
-
email:
|
17
|
+
description: Aegis is an authorization solution for Ruby on Rails that supports roles and a RESTish, resource-style declaration of permission rules.
|
18
|
+
email: henning.koch@makandra.de
|
23
19
|
executables: []
|
24
20
|
|
25
21
|
extensions: []
|
@@ -27,81 +23,101 @@ extensions: []
|
|
27
23
|
extra_rdoc_files:
|
28
24
|
- README.rdoc
|
29
25
|
files:
|
26
|
+
- .gitignore
|
30
27
|
- MIT-LICENSE
|
31
28
|
- README.rdoc
|
32
29
|
- Rakefile
|
33
30
|
- VERSION
|
34
31
|
- aegis.gemspec
|
35
32
|
- lib/aegis.rb
|
36
|
-
- lib/aegis/
|
33
|
+
- lib/aegis/access_denied.rb
|
34
|
+
- lib/aegis/action.rb
|
35
|
+
- lib/aegis/compiler.rb
|
37
36
|
- lib/aegis/has_role.rb
|
38
|
-
- lib/aegis/
|
39
|
-
- lib/aegis/permission_error.rb
|
40
|
-
- lib/aegis/permission_evaluator.rb
|
37
|
+
- lib/aegis/parser.rb
|
41
38
|
- lib/aegis/permissions.rb
|
39
|
+
- lib/aegis/resource.rb
|
42
40
|
- lib/aegis/role.rb
|
41
|
+
- lib/aegis/sieve.rb
|
42
|
+
- lib/rails/action_controller.rb
|
43
43
|
- lib/rails/active_record.rb
|
44
|
-
-
|
45
|
-
-
|
46
|
-
-
|
47
|
-
-
|
48
|
-
-
|
49
|
-
-
|
50
|
-
-
|
51
|
-
-
|
52
|
-
-
|
53
|
-
-
|
54
|
-
-
|
55
|
-
-
|
56
|
-
-
|
57
|
-
-
|
58
|
-
-
|
59
|
-
-
|
60
|
-
-
|
61
|
-
-
|
62
|
-
-
|
63
|
-
-
|
64
|
-
-
|
65
|
-
-
|
66
|
-
-
|
67
|
-
-
|
68
|
-
-
|
69
|
-
-
|
70
|
-
-
|
71
|
-
-
|
72
|
-
|
44
|
+
- spec/action_controller_spec.rb
|
45
|
+
- spec/app_root/app/controllers/application_controller.rb
|
46
|
+
- spec/app_root/app/controllers/reviews_controller.rb
|
47
|
+
- spec/app_root/app/models/permissions.rb
|
48
|
+
- spec/app_root/app/models/property.rb
|
49
|
+
- spec/app_root/app/models/review.rb
|
50
|
+
- spec/app_root/app/models/user.rb
|
51
|
+
- spec/app_root/config/boot.rb
|
52
|
+
- spec/app_root/config/database.yml
|
53
|
+
- spec/app_root/config/environment.rb
|
54
|
+
- spec/app_root/config/environments/in_memory.rb
|
55
|
+
- spec/app_root/config/environments/mysql.rb
|
56
|
+
- spec/app_root/config/environments/postgresql.rb
|
57
|
+
- spec/app_root/config/environments/sqlite.rb
|
58
|
+
- spec/app_root/config/environments/sqlite3.rb
|
59
|
+
- spec/app_root/config/routes.rb
|
60
|
+
- spec/app_root/db/migrate/001_create_users.rb
|
61
|
+
- spec/app_root/db/migrate/002_create_properties.rb
|
62
|
+
- spec/app_root/db/migrate/003_create_reviews.rb
|
63
|
+
- spec/app_root/lib/console_with_fixtures.rb
|
64
|
+
- spec/app_root/log/.gitignore
|
65
|
+
- spec/app_root/script/console
|
66
|
+
- spec/controllers/reviews_controller_spec.rb
|
67
|
+
- spec/has_role_spec.rb
|
68
|
+
- spec/permissions_spec.rb
|
69
|
+
- spec/rcov.opts
|
70
|
+
- spec/spec.opts
|
71
|
+
- spec/spec_helper.rb
|
72
|
+
has_rdoc: true
|
73
73
|
homepage: http://github.com/makandra/aegis
|
74
74
|
licenses: []
|
75
75
|
|
76
76
|
post_install_message:
|
77
|
-
rdoc_options:
|
78
|
-
|
77
|
+
rdoc_options:
|
78
|
+
- --charset=UTF-8
|
79
79
|
require_paths:
|
80
80
|
- lib
|
81
81
|
required_ruby_version: !ruby/object:Gem::Requirement
|
82
|
-
none: false
|
83
82
|
requirements:
|
84
83
|
- - ">="
|
85
84
|
- !ruby/object:Gem::Version
|
86
|
-
hash: 3
|
87
|
-
segments:
|
88
|
-
- 0
|
89
85
|
version: "0"
|
86
|
+
version:
|
90
87
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
91
|
-
none: false
|
92
88
|
requirements:
|
93
89
|
- - ">="
|
94
90
|
- !ruby/object:Gem::Version
|
95
|
-
hash: 3
|
96
|
-
segments:
|
97
|
-
- 0
|
98
91
|
version: "0"
|
92
|
+
version:
|
99
93
|
requirements: []
|
100
94
|
|
101
95
|
rubyforge_project:
|
102
|
-
rubygems_version: 1.
|
96
|
+
rubygems_version: 1.3.5
|
103
97
|
signing_key:
|
104
98
|
specification_version: 3
|
105
|
-
summary:
|
106
|
-
test_files:
|
107
|
-
|
99
|
+
summary: Complete authorization solution for Rails
|
100
|
+
test_files:
|
101
|
+
- spec/app_root/app/models/user.rb
|
102
|
+
- spec/app_root/app/models/property.rb
|
103
|
+
- spec/app_root/app/models/review.rb
|
104
|
+
- spec/app_root/app/models/permissions.rb
|
105
|
+
- spec/app_root/app/controllers/application_controller.rb
|
106
|
+
- spec/app_root/app/controllers/reviews_controller.rb
|
107
|
+
- spec/app_root/config/boot.rb
|
108
|
+
- spec/app_root/config/environment.rb
|
109
|
+
- spec/app_root/config/environments/in_memory.rb
|
110
|
+
- spec/app_root/config/environments/mysql.rb
|
111
|
+
- spec/app_root/config/environments/postgresql.rb
|
112
|
+
- spec/app_root/config/environments/sqlite.rb
|
113
|
+
- spec/app_root/config/environments/sqlite3.rb
|
114
|
+
- spec/app_root/config/routes.rb
|
115
|
+
- spec/app_root/db/migrate/001_create_users.rb
|
116
|
+
- spec/app_root/db/migrate/002_create_properties.rb
|
117
|
+
- spec/app_root/db/migrate/003_create_reviews.rb
|
118
|
+
- spec/app_root/lib/console_with_fixtures.rb
|
119
|
+
- spec/action_controller_spec.rb
|
120
|
+
- spec/has_role_spec.rb
|
121
|
+
- spec/permissions_spec.rb
|
122
|
+
- spec/spec_helper.rb
|
123
|
+
- spec/controllers/reviews_controller_spec.rb
|
data/lib/aegis/constants.rb
DELETED
data/lib/aegis/normalization.rb
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
module Aegis
|
2
|
-
class Normalization
|
3
|
-
|
4
|
-
VERB_NORMALIZATIONS = {
|
5
|
-
"edit" => "update",
|
6
|
-
"show" => "read",
|
7
|
-
"list" => "read",
|
8
|
-
"view" => "read",
|
9
|
-
"delete" => "destroy",
|
10
|
-
"remove" => "destroy"
|
11
|
-
}
|
12
|
-
|
13
|
-
def self.normalize_verb(verb)
|
14
|
-
VERB_NORMALIZATIONS[verb] || verb
|
15
|
-
end
|
16
|
-
|
17
|
-
def self.normalize_permission(permission)
|
18
|
-
if permission =~ /^([^_]+?)_(.+?)$/
|
19
|
-
verb, target = $1, $2
|
20
|
-
permission = normalize_verb(verb) + "_" + target
|
21
|
-
end
|
22
|
-
permission
|
23
|
-
end
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
module Aegis
|
2
|
-
class PermissionEvaluator
|
3
|
-
|
4
|
-
def initialize(role)
|
5
|
-
@role = role
|
6
|
-
end
|
7
|
-
|
8
|
-
def evaluate(permissions, rule_args)
|
9
|
-
@result = @role.allow_by_default?
|
10
|
-
permissions.each do |permission|
|
11
|
-
instance_exec(*rule_args, &permission)
|
12
|
-
end
|
13
|
-
@result
|
14
|
-
end
|
15
|
-
|
16
|
-
def allow(*role_name_or_names, &block)
|
17
|
-
rule_encountered(role_name_or_names, true, &block)
|
18
|
-
end
|
19
|
-
|
20
|
-
def deny(*role_name_or_names, &block)
|
21
|
-
rule_encountered(role_name_or_names, false, &block)
|
22
|
-
end
|
23
|
-
|
24
|
-
def rule_encountered(role_name_or_names, is_allow, &block)
|
25
|
-
role_names = Array(role_name_or_names)
|
26
|
-
if role_names.include?(@role.name) || role_names.include?(Aegis::Constants::EVERYONE_ROLE_NAME)
|
27
|
-
@result = (block ? block.call : true)
|
28
|
-
@result = !@result unless is_allow
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
@@ -1,49 +0,0 @@
|
|
1
|
-
|
2
|
-
class Permissions < Aegis::Permissions
|
3
|
-
|
4
|
-
role :guest
|
5
|
-
role :student
|
6
|
-
role :admin, :default_permission => :allow
|
7
|
-
|
8
|
-
permission :use_empty do
|
9
|
-
end
|
10
|
-
|
11
|
-
permission :use_simple do
|
12
|
-
allow :student
|
13
|
-
deny :admin
|
14
|
-
end
|
15
|
-
|
16
|
-
permission :update_users do
|
17
|
-
allow :student
|
18
|
-
deny :admin
|
19
|
-
end
|
20
|
-
|
21
|
-
permission :crud_projects do
|
22
|
-
allow :student
|
23
|
-
end
|
24
|
-
|
25
|
-
permission :edit_drinks do
|
26
|
-
allow :student
|
27
|
-
deny :admin
|
28
|
-
end
|
29
|
-
|
30
|
-
permission :hug do
|
31
|
-
allow :everyone
|
32
|
-
end
|
33
|
-
|
34
|
-
permission :divide do |user, left, right|
|
35
|
-
allow :student do
|
36
|
-
right != 0
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
permission :draw do
|
41
|
-
allow :everyone
|
42
|
-
end
|
43
|
-
|
44
|
-
permission :draw do
|
45
|
-
deny :student
|
46
|
-
deny :admin
|
47
|
-
end
|
48
|
-
|
49
|
-
end
|
@@ -1,15 +0,0 @@
|
|
1
|
-
class CreateTrustFundKids < ActiveRecord::Migration
|
2
|
-
|
3
|
-
def self.up
|
4
|
-
create_table :trust_fund_kids do |t|
|
5
|
-
t.string :role_name
|
6
|
-
t.integer :account_balance
|
7
|
-
t.timestamps
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
def self.down
|
12
|
-
drop_table :trust_fund_kids
|
13
|
-
end
|
14
|
-
|
15
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class HasRoleOptionsTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "A record with a custom role field" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@soldier = Soldier.new
|
9
|
-
end
|
10
|
-
|
11
|
-
should "allow its role to be written and read" do
|
12
|
-
@soldier.role = "guest"
|
13
|
-
assert_equal :guest, @soldier.role.name
|
14
|
-
end
|
15
|
-
|
16
|
-
should "store the role name in the custom field" do
|
17
|
-
@soldier.role = "guest"
|
18
|
-
assert_equal "guest", @soldier.rank
|
19
|
-
end
|
20
|
-
|
21
|
-
should "still work with permissions" do
|
22
|
-
@soldier.role = "guest"
|
23
|
-
assert @soldier.may_hug?
|
24
|
-
assert !@soldier.may_update_users?
|
25
|
-
end
|
26
|
-
|
27
|
-
end
|
28
|
-
|
29
|
-
context "A record wiring up its role using legacy parameter names" do
|
30
|
-
|
31
|
-
setup do
|
32
|
-
@vetaran_soldier = VeteranSoldier.new
|
33
|
-
end
|
34
|
-
|
35
|
-
should "allow its role to be written and read" do
|
36
|
-
@vetaran_soldier.role = "guest"
|
37
|
-
assert_equal :guest, @vetaran_soldier.role.name
|
38
|
-
end
|
39
|
-
|
40
|
-
end
|
41
|
-
|
42
|
-
context "A record with a default role" do
|
43
|
-
|
44
|
-
should "create new instances with that role" do
|
45
|
-
assert_equal :admin, TrustFundKid.new.role.name
|
46
|
-
end
|
47
|
-
|
48
|
-
should "set that role if the initial role name is blank" do
|
49
|
-
assert_equal :admin, TrustFundKid.new(:role_name => "").role.name
|
50
|
-
end
|
51
|
-
|
52
|
-
should "ignore the default if another role is given" do
|
53
|
-
assert_equal :student, TrustFundKid.new(:role_name => "student").role.name
|
54
|
-
end
|
55
|
-
|
56
|
-
should "not update existing records with the default role" do
|
57
|
-
kid = TrustFundKid.create!(:role_name => "student")
|
58
|
-
kid.update_attributes(:account_balance => 10_000_000)
|
59
|
-
assert_equal :student, kid.reload.role.name
|
60
|
-
end
|
61
|
-
|
62
|
-
end
|
63
|
-
|
64
|
-
end
|