aegis 1.1.8 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -0
- data/README.rdoc +58 -165
- data/Rakefile +20 -12
- data/VERSION +1 -1
- data/aegis.gemspec +85 -56
- data/lib/aegis.rb +9 -6
- data/lib/aegis/access_denied.rb +4 -0
- data/lib/aegis/action.rb +99 -0
- data/lib/aegis/compiler.rb +113 -0
- data/lib/aegis/has_role.rb +89 -110
- data/lib/aegis/parser.rb +110 -0
- data/lib/aegis/permissions.rb +164 -107
- data/lib/aegis/resource.rb +158 -0
- data/lib/aegis/role.rb +25 -55
- data/lib/aegis/sieve.rb +39 -0
- data/lib/rails/action_controller.rb +38 -0
- data/lib/rails/active_record.rb +1 -5
- data/spec/action_controller_spec.rb +100 -0
- data/spec/app_root/app/controllers/application_controller.rb +7 -0
- data/spec/app_root/app/controllers/reviews_controller.rb +36 -0
- data/spec/app_root/app/models/permissions.rb +14 -0
- data/spec/app_root/app/models/property.rb +5 -0
- data/spec/app_root/app/models/review.rb +5 -0
- data/{test → spec}/app_root/app/models/user.rb +1 -2
- data/{test → spec}/app_root/config/boot.rb +0 -0
- data/{test → spec}/app_root/config/database.yml +0 -0
- data/{test → spec}/app_root/config/environment.rb +0 -0
- data/{test → spec}/app_root/config/environments/in_memory.rb +0 -0
- data/{test → spec}/app_root/config/environments/mysql.rb +0 -0
- data/{test → spec}/app_root/config/environments/postgresql.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite3.rb +0 -0
- data/spec/app_root/config/routes.rb +7 -0
- data/{test/app_root/db/migrate/20090408115228_create_users.rb → spec/app_root/db/migrate/001_create_users.rb} +2 -1
- data/spec/app_root/db/migrate/002_create_properties.rb +13 -0
- data/spec/app_root/db/migrate/003_create_reviews.rb +14 -0
- data/{test → spec}/app_root/lib/console_with_fixtures.rb +0 -0
- data/{test → spec}/app_root/log/.gitignore +0 -0
- data/{test → spec}/app_root/script/console +0 -0
- data/spec/controllers/reviews_controller_spec.rb +19 -0
- data/spec/has_role_spec.rb +177 -0
- data/spec/permissions_spec.rb +550 -0
- data/spec/rcov.opts +2 -0
- data/spec/spec.opts +4 -0
- data/{test/test_helper.rb → spec/spec_helper.rb} +6 -9
- metadata +73 -57
- data/lib/aegis/constants.rb +0 -6
- data/lib/aegis/normalization.rb +0 -26
- data/lib/aegis/permission_error.rb +0 -5
- data/lib/aegis/permission_evaluator.rb +0 -34
- data/test/app_root/app/controllers/application_controller.rb +0 -2
- data/test/app_root/app/models/old_soldier.rb +0 -6
- data/test/app_root/app/models/permissions.rb +0 -49
- data/test/app_root/app/models/soldier.rb +0 -5
- data/test/app_root/app/models/trust_fund_kid.rb +0 -5
- data/test/app_root/app/models/user_subclass.rb +0 -2
- data/test/app_root/app/models/veteran_soldier.rb +0 -6
- data/test/app_root/config/routes.rb +0 -4
- data/test/app_root/db/migrate/20090429075648_create_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075648_create_veteran_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075649_create_trust_fund_kids.rb +0 -15
- data/test/has_role_options_test.rb +0 -64
- data/test/has_role_test.rb +0 -54
- data/test/permissions_test.rb +0 -109
- data/test/validation_test.rb +0 -55
data/spec/rcov.opts
ADDED
data/spec/spec.opts
ADDED
@@ -1,13 +1,12 @@
|
|
1
|
+
$: << File.join(File.dirname(__FILE__), "/../lib" )
|
2
|
+
|
1
3
|
# Set the default environment to sqlite3's in_memory database
|
2
4
|
ENV['RAILS_ENV'] ||= 'in_memory'
|
3
5
|
|
4
6
|
# Load the Rails environment and testing framework
|
5
7
|
require "#{File.dirname(__FILE__)}/app_root/config/environment"
|
6
8
|
require "#{File.dirname(__FILE__)}/../lib/aegis"
|
7
|
-
require '
|
8
|
-
require 'action_view/test_case' # Load additional test classes not done automatically by < Rails 2.2.2
|
9
|
-
|
10
|
-
require "shoulda"
|
9
|
+
require 'spec/rails'
|
11
10
|
|
12
11
|
# Undo changes to RAILS_ENV
|
13
12
|
silence_warnings {RAILS_ENV = ENV['RAILS_ENV']}
|
@@ -15,9 +14,7 @@ silence_warnings {RAILS_ENV = ENV['RAILS_ENV']}
|
|
15
14
|
# Run the migrations
|
16
15
|
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
|
17
16
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
self.use_instantiated_fixtures = false
|
22
|
-
self.fixture_path = "#{File.dirname(__FILE__)}/fixtures"
|
17
|
+
Spec::Runner.configure do |config|
|
18
|
+
config.use_transactional_fixtures = true
|
19
|
+
config.use_instantiated_fixtures = false
|
23
20
|
end
|
metadata
CHANGED
@@ -1,25 +1,21 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aegis
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 1
|
8
|
-
- 1
|
9
|
-
- 8
|
10
|
-
version: 1.1.8
|
4
|
+
version: 2.0.0
|
11
5
|
platform: ruby
|
12
6
|
authors:
|
13
7
|
- Henning Koch
|
8
|
+
- Tobias Kraze
|
14
9
|
autorequire:
|
15
10
|
bindir: bin
|
16
11
|
cert_chain: []
|
17
12
|
|
18
|
-
date:
|
13
|
+
date: 2010-05-02 00:00:00 +02:00
|
14
|
+
default_executable:
|
19
15
|
dependencies: []
|
20
16
|
|
21
|
-
description: Aegis is
|
22
|
-
email:
|
17
|
+
description: Aegis is an authorization solution for Ruby on Rails that supports roles and a RESTish, resource-style declaration of permission rules.
|
18
|
+
email: henning.koch@makandra.de
|
23
19
|
executables: []
|
24
20
|
|
25
21
|
extensions: []
|
@@ -27,81 +23,101 @@ extensions: []
|
|
27
23
|
extra_rdoc_files:
|
28
24
|
- README.rdoc
|
29
25
|
files:
|
26
|
+
- .gitignore
|
30
27
|
- MIT-LICENSE
|
31
28
|
- README.rdoc
|
32
29
|
- Rakefile
|
33
30
|
- VERSION
|
34
31
|
- aegis.gemspec
|
35
32
|
- lib/aegis.rb
|
36
|
-
- lib/aegis/
|
33
|
+
- lib/aegis/access_denied.rb
|
34
|
+
- lib/aegis/action.rb
|
35
|
+
- lib/aegis/compiler.rb
|
37
36
|
- lib/aegis/has_role.rb
|
38
|
-
- lib/aegis/
|
39
|
-
- lib/aegis/permission_error.rb
|
40
|
-
- lib/aegis/permission_evaluator.rb
|
37
|
+
- lib/aegis/parser.rb
|
41
38
|
- lib/aegis/permissions.rb
|
39
|
+
- lib/aegis/resource.rb
|
42
40
|
- lib/aegis/role.rb
|
41
|
+
- lib/aegis/sieve.rb
|
42
|
+
- lib/rails/action_controller.rb
|
43
43
|
- lib/rails/active_record.rb
|
44
|
-
-
|
45
|
-
-
|
46
|
-
-
|
47
|
-
-
|
48
|
-
-
|
49
|
-
-
|
50
|
-
-
|
51
|
-
-
|
52
|
-
-
|
53
|
-
-
|
54
|
-
-
|
55
|
-
-
|
56
|
-
-
|
57
|
-
-
|
58
|
-
-
|
59
|
-
-
|
60
|
-
-
|
61
|
-
-
|
62
|
-
-
|
63
|
-
-
|
64
|
-
-
|
65
|
-
-
|
66
|
-
-
|
67
|
-
-
|
68
|
-
-
|
69
|
-
-
|
70
|
-
-
|
71
|
-
-
|
72
|
-
|
44
|
+
- spec/action_controller_spec.rb
|
45
|
+
- spec/app_root/app/controllers/application_controller.rb
|
46
|
+
- spec/app_root/app/controllers/reviews_controller.rb
|
47
|
+
- spec/app_root/app/models/permissions.rb
|
48
|
+
- spec/app_root/app/models/property.rb
|
49
|
+
- spec/app_root/app/models/review.rb
|
50
|
+
- spec/app_root/app/models/user.rb
|
51
|
+
- spec/app_root/config/boot.rb
|
52
|
+
- spec/app_root/config/database.yml
|
53
|
+
- spec/app_root/config/environment.rb
|
54
|
+
- spec/app_root/config/environments/in_memory.rb
|
55
|
+
- spec/app_root/config/environments/mysql.rb
|
56
|
+
- spec/app_root/config/environments/postgresql.rb
|
57
|
+
- spec/app_root/config/environments/sqlite.rb
|
58
|
+
- spec/app_root/config/environments/sqlite3.rb
|
59
|
+
- spec/app_root/config/routes.rb
|
60
|
+
- spec/app_root/db/migrate/001_create_users.rb
|
61
|
+
- spec/app_root/db/migrate/002_create_properties.rb
|
62
|
+
- spec/app_root/db/migrate/003_create_reviews.rb
|
63
|
+
- spec/app_root/lib/console_with_fixtures.rb
|
64
|
+
- spec/app_root/log/.gitignore
|
65
|
+
- spec/app_root/script/console
|
66
|
+
- spec/controllers/reviews_controller_spec.rb
|
67
|
+
- spec/has_role_spec.rb
|
68
|
+
- spec/permissions_spec.rb
|
69
|
+
- spec/rcov.opts
|
70
|
+
- spec/spec.opts
|
71
|
+
- spec/spec_helper.rb
|
72
|
+
has_rdoc: true
|
73
73
|
homepage: http://github.com/makandra/aegis
|
74
74
|
licenses: []
|
75
75
|
|
76
76
|
post_install_message:
|
77
|
-
rdoc_options:
|
78
|
-
|
77
|
+
rdoc_options:
|
78
|
+
- --charset=UTF-8
|
79
79
|
require_paths:
|
80
80
|
- lib
|
81
81
|
required_ruby_version: !ruby/object:Gem::Requirement
|
82
|
-
none: false
|
83
82
|
requirements:
|
84
83
|
- - ">="
|
85
84
|
- !ruby/object:Gem::Version
|
86
|
-
hash: 3
|
87
|
-
segments:
|
88
|
-
- 0
|
89
85
|
version: "0"
|
86
|
+
version:
|
90
87
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
91
|
-
none: false
|
92
88
|
requirements:
|
93
89
|
- - ">="
|
94
90
|
- !ruby/object:Gem::Version
|
95
|
-
hash: 3
|
96
|
-
segments:
|
97
|
-
- 0
|
98
91
|
version: "0"
|
92
|
+
version:
|
99
93
|
requirements: []
|
100
94
|
|
101
95
|
rubyforge_project:
|
102
|
-
rubygems_version: 1.
|
96
|
+
rubygems_version: 1.3.5
|
103
97
|
signing_key:
|
104
98
|
specification_version: 3
|
105
|
-
summary:
|
106
|
-
test_files:
|
107
|
-
|
99
|
+
summary: Complete authorization solution for Rails
|
100
|
+
test_files:
|
101
|
+
- spec/app_root/app/models/user.rb
|
102
|
+
- spec/app_root/app/models/property.rb
|
103
|
+
- spec/app_root/app/models/review.rb
|
104
|
+
- spec/app_root/app/models/permissions.rb
|
105
|
+
- spec/app_root/app/controllers/application_controller.rb
|
106
|
+
- spec/app_root/app/controllers/reviews_controller.rb
|
107
|
+
- spec/app_root/config/boot.rb
|
108
|
+
- spec/app_root/config/environment.rb
|
109
|
+
- spec/app_root/config/environments/in_memory.rb
|
110
|
+
- spec/app_root/config/environments/mysql.rb
|
111
|
+
- spec/app_root/config/environments/postgresql.rb
|
112
|
+
- spec/app_root/config/environments/sqlite.rb
|
113
|
+
- spec/app_root/config/environments/sqlite3.rb
|
114
|
+
- spec/app_root/config/routes.rb
|
115
|
+
- spec/app_root/db/migrate/001_create_users.rb
|
116
|
+
- spec/app_root/db/migrate/002_create_properties.rb
|
117
|
+
- spec/app_root/db/migrate/003_create_reviews.rb
|
118
|
+
- spec/app_root/lib/console_with_fixtures.rb
|
119
|
+
- spec/action_controller_spec.rb
|
120
|
+
- spec/has_role_spec.rb
|
121
|
+
- spec/permissions_spec.rb
|
122
|
+
- spec/spec_helper.rb
|
123
|
+
- spec/controllers/reviews_controller_spec.rb
|
data/lib/aegis/constants.rb
DELETED
data/lib/aegis/normalization.rb
DELETED
@@ -1,26 +0,0 @@
|
|
1
|
-
module Aegis
|
2
|
-
class Normalization
|
3
|
-
|
4
|
-
VERB_NORMALIZATIONS = {
|
5
|
-
"edit" => "update",
|
6
|
-
"show" => "read",
|
7
|
-
"list" => "read",
|
8
|
-
"view" => "read",
|
9
|
-
"delete" => "destroy",
|
10
|
-
"remove" => "destroy"
|
11
|
-
}
|
12
|
-
|
13
|
-
def self.normalize_verb(verb)
|
14
|
-
VERB_NORMALIZATIONS[verb] || verb
|
15
|
-
end
|
16
|
-
|
17
|
-
def self.normalize_permission(permission)
|
18
|
-
if permission =~ /^([^_]+?)_(.+?)$/
|
19
|
-
verb, target = $1, $2
|
20
|
-
permission = normalize_verb(verb) + "_" + target
|
21
|
-
end
|
22
|
-
permission
|
23
|
-
end
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
module Aegis
|
2
|
-
class PermissionEvaluator
|
3
|
-
|
4
|
-
def initialize(role)
|
5
|
-
@role = role
|
6
|
-
end
|
7
|
-
|
8
|
-
def evaluate(permissions, rule_args)
|
9
|
-
@result = @role.allow_by_default?
|
10
|
-
permissions.each do |permission|
|
11
|
-
instance_exec(*rule_args, &permission)
|
12
|
-
end
|
13
|
-
@result
|
14
|
-
end
|
15
|
-
|
16
|
-
def allow(*role_name_or_names, &block)
|
17
|
-
rule_encountered(role_name_or_names, true, &block)
|
18
|
-
end
|
19
|
-
|
20
|
-
def deny(*role_name_or_names, &block)
|
21
|
-
rule_encountered(role_name_or_names, false, &block)
|
22
|
-
end
|
23
|
-
|
24
|
-
def rule_encountered(role_name_or_names, is_allow, &block)
|
25
|
-
role_names = Array(role_name_or_names)
|
26
|
-
if role_names.include?(@role.name) || role_names.include?(Aegis::Constants::EVERYONE_ROLE_NAME)
|
27
|
-
@result = (block ? block.call : true)
|
28
|
-
@result = !@result unless is_allow
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
@@ -1,49 +0,0 @@
|
|
1
|
-
|
2
|
-
class Permissions < Aegis::Permissions
|
3
|
-
|
4
|
-
role :guest
|
5
|
-
role :student
|
6
|
-
role :admin, :default_permission => :allow
|
7
|
-
|
8
|
-
permission :use_empty do
|
9
|
-
end
|
10
|
-
|
11
|
-
permission :use_simple do
|
12
|
-
allow :student
|
13
|
-
deny :admin
|
14
|
-
end
|
15
|
-
|
16
|
-
permission :update_users do
|
17
|
-
allow :student
|
18
|
-
deny :admin
|
19
|
-
end
|
20
|
-
|
21
|
-
permission :crud_projects do
|
22
|
-
allow :student
|
23
|
-
end
|
24
|
-
|
25
|
-
permission :edit_drinks do
|
26
|
-
allow :student
|
27
|
-
deny :admin
|
28
|
-
end
|
29
|
-
|
30
|
-
permission :hug do
|
31
|
-
allow :everyone
|
32
|
-
end
|
33
|
-
|
34
|
-
permission :divide do |user, left, right|
|
35
|
-
allow :student do
|
36
|
-
right != 0
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
permission :draw do
|
41
|
-
allow :everyone
|
42
|
-
end
|
43
|
-
|
44
|
-
permission :draw do
|
45
|
-
deny :student
|
46
|
-
deny :admin
|
47
|
-
end
|
48
|
-
|
49
|
-
end
|
@@ -1,15 +0,0 @@
|
|
1
|
-
class CreateTrustFundKids < ActiveRecord::Migration
|
2
|
-
|
3
|
-
def self.up
|
4
|
-
create_table :trust_fund_kids do |t|
|
5
|
-
t.string :role_name
|
6
|
-
t.integer :account_balance
|
7
|
-
t.timestamps
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
def self.down
|
12
|
-
drop_table :trust_fund_kids
|
13
|
-
end
|
14
|
-
|
15
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class HasRoleOptionsTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "A record with a custom role field" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@soldier = Soldier.new
|
9
|
-
end
|
10
|
-
|
11
|
-
should "allow its role to be written and read" do
|
12
|
-
@soldier.role = "guest"
|
13
|
-
assert_equal :guest, @soldier.role.name
|
14
|
-
end
|
15
|
-
|
16
|
-
should "store the role name in the custom field" do
|
17
|
-
@soldier.role = "guest"
|
18
|
-
assert_equal "guest", @soldier.rank
|
19
|
-
end
|
20
|
-
|
21
|
-
should "still work with permissions" do
|
22
|
-
@soldier.role = "guest"
|
23
|
-
assert @soldier.may_hug?
|
24
|
-
assert !@soldier.may_update_users?
|
25
|
-
end
|
26
|
-
|
27
|
-
end
|
28
|
-
|
29
|
-
context "A record wiring up its role using legacy parameter names" do
|
30
|
-
|
31
|
-
setup do
|
32
|
-
@vetaran_soldier = VeteranSoldier.new
|
33
|
-
end
|
34
|
-
|
35
|
-
should "allow its role to be written and read" do
|
36
|
-
@vetaran_soldier.role = "guest"
|
37
|
-
assert_equal :guest, @vetaran_soldier.role.name
|
38
|
-
end
|
39
|
-
|
40
|
-
end
|
41
|
-
|
42
|
-
context "A record with a default role" do
|
43
|
-
|
44
|
-
should "create new instances with that role" do
|
45
|
-
assert_equal :admin, TrustFundKid.new.role.name
|
46
|
-
end
|
47
|
-
|
48
|
-
should "set that role if the initial role name is blank" do
|
49
|
-
assert_equal :admin, TrustFundKid.new(:role_name => "").role.name
|
50
|
-
end
|
51
|
-
|
52
|
-
should "ignore the default if another role is given" do
|
53
|
-
assert_equal :student, TrustFundKid.new(:role_name => "student").role.name
|
54
|
-
end
|
55
|
-
|
56
|
-
should "not update existing records with the default role" do
|
57
|
-
kid = TrustFundKid.create!(:role_name => "student")
|
58
|
-
kid.update_attributes(:account_balance => 10_000_000)
|
59
|
-
assert_equal :student, kid.reload.role.name
|
60
|
-
end
|
61
|
-
|
62
|
-
end
|
63
|
-
|
64
|
-
end
|