alberich 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +18 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +37 -0
- data/Rakefile +34 -0
- data/alberich.gemspec +34 -0
- data/app/assets/javascripts/alberich/application.js +15 -0
- data/app/assets/javascripts/alberich/permissions.js +2 -0
- data/app/assets/javascripts/alberich/privileges.js +2 -0
- data/app/assets/javascripts/alberich/roles.js +2 -0
- data/app/assets/stylesheets/alberich/application.css +13 -0
- data/app/assets/stylesheets/alberich/permissions.css +4 -0
- data/app/assets/stylesheets/alberich/privileges.css +4 -0
- data/app/assets/stylesheets/alberich/roles.css +4 -0
- data/app/assets/stylesheets/scaffold.css +56 -0
- data/app/controllers/alberich/application_controller.rb +4 -0
- data/app/controllers/alberich/application_controller_helper.rb +118 -0
- data/app/controllers/alberich/permissions_controller.rb +211 -0
- data/app/controllers/alberich/privileges_controller.rb +105 -0
- data/app/controllers/alberich/roles_controller.rb +97 -0
- data/app/helpers/alberich/application_helper.rb +4 -0
- data/app/helpers/alberich/permissions_helper.rb +4 -0
- data/app/helpers/alberich/privileges_helper.rb +4 -0
- data/app/helpers/alberich/roles_helper.rb +4 -0
- data/app/models/alberich/base_permission_object.rb +42 -0
- data/app/models/alberich/derived_permission.rb +25 -0
- data/app/models/alberich/entity.rb +27 -0
- data/app/models/alberich/entity_target_observer.rb +16 -0
- data/app/models/alberich/permission.rb +59 -0
- data/app/models/alberich/permission_session.rb +33 -0
- data/app/models/alberich/permissioned_object.rb +139 -0
- data/app/models/alberich/privilege.rb +29 -0
- data/app/models/alberich/role.rb +37 -0
- data/app/models/alberich/session_entity.rb +15 -0
- data/app/views/alberich/permissions/_form.html.haml +27 -0
- data/app/views/alberich/permissions/_list.html.haml +1 -0
- data/app/views/alberich/permissions/_objects.html.haml +38 -0
- data/app/views/alberich/permissions/_permissions.html.haml +45 -0
- data/app/views/alberich/permissions/index.html.haml +2 -0
- data/app/views/alberich/permissions/new.html.haml +5 -0
- data/app/views/alberich/permissions/show.html.haml +12 -0
- data/app/views/alberich/privileges/_form.html.haml +19 -0
- data/app/views/alberich/privileges/_list.html.haml +17 -0
- data/app/views/alberich/privileges/create.html.haml +2 -0
- data/app/views/alberich/privileges/destroy.html.haml +2 -0
- data/app/views/alberich/privileges/edit.html.haml +5 -0
- data/app/views/alberich/privileges/index.html.haml +5 -0
- data/app/views/alberich/privileges/new.html.haml +5 -0
- data/app/views/alberich/privileges/show.html.haml +12 -0
- data/app/views/alberich/privileges/update.html.haml +2 -0
- data/app/views/alberich/roles/_form.html.haml +24 -0
- data/app/views/alberich/roles/edit.html.haml +7 -0
- data/app/views/alberich/roles/index.html.haml +23 -0
- data/app/views/alberich/roles/new.html.haml +5 -0
- data/app/views/alberich/roles/show.html.haml +16 -0
- data/app/views/layouts/alberich/application.html.erb +14 -0
- data/config/initializers/haml.rb +1 -0
- data/config/routes.rb +17 -0
- data/db/migrate/20120925162242_create_alberich_roles.rb +12 -0
- data/db/migrate/20121022223626_create_alberich_privileges.rb +12 -0
- data/db/migrate/20121023051301_create_alberich_base_permission_objects.rb +9 -0
- data/db/migrate/20121023233648_create_alberich_permission_sessions.rb +11 -0
- data/db/migrate/20121027023136_create_alberich_entities.rb +34 -0
- data/db/migrate/20121204205213_create_alberich_session_entities.rb +12 -0
- data/db/migrate/20121205180518_create_alberich_permissions.rb +13 -0
- data/db/migrate/20130107043252_create_alberich_derived_permissions.rb +18 -0
- data/lib/alberich.rb +10 -0
- data/lib/alberich/#version.rb# +3 -0
- data/lib/alberich/engine.rb +10 -0
- data/lib/alberich/version.rb +3 -0
- data/lib/generators/alberich/install_generator.rb +15 -0
- data/lib/generators/alberich/templates/README +6 -0
- data/lib/generators/alberich/templates/alberich.rb +11 -0
- data/lib/tasks/alberich_tasks.rake +4 -0
- data/spec/controllers/alberich/permissions_controller_spec.rb +112 -0
- data/spec/controllers/alberich/privileges_controller_spec.rb +131 -0
- data/spec/controllers/alberich/roles_controller_spec.rb +130 -0
- data/spec/factories/alberich/permission.rb +51 -0
- data/spec/factories/alberich/permission_session.rb +7 -0
- data/spec/factories/alberich/privilege.rb +6 -0
- data/spec/factories/alberich/role.rb +103 -0
- data/spec/factories/child_resource.rb +14 -0
- data/spec/factories/child_resource.rb~ +7 -0
- data/spec/factories/global_resource.rb +11 -0
- data/spec/factories/global_resource.rb~ +25 -0
- data/spec/factories/parent_resource.rb +12 -0
- data/spec/factories/parent_resource.rb~ +7 -0
- data/spec/factories/standalone_resource.rb +7 -0
- data/spec/factories/standalone_resource.rb~ +11 -0
- data/spec/factories/user.rb +30 -0
- data/spec/factories/user_group.rb +8 -0
- data/spec/models/alberich/derived_permission_spec.rb +34 -0
- data/spec/models/alberich/entity_spec.rb +15 -0
- data/spec/models/alberich/permission_spec.rb +133 -0
- data/spec/models/alberich/privilege_spec.rb +39 -0
- data/spec/models/alberich/role_spec.rb +33 -0
- data/spec/models/alberich/session_entity_spec.rb +24 -0
- data/spec/spec_helper.rb +81 -0
- data/spec/support/routes.rb +41 -0
- data/test/dummy/README.rdoc +261 -0
- data/test/dummy/Rakefile +7 -0
- data/test/dummy/app/assets/javascripts/application.js +15 -0
- data/test/dummy/app/assets/javascripts/child_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/global_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/parent_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/standalone_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/user_groups.js +2 -0
- data/test/dummy/app/assets/javascripts/users.js +2 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/assets/stylesheets/child_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/global_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/parent_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/scaffold.css +56 -0
- data/test/dummy/app/assets/stylesheets/standalone_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/user_groups.css +4 -0
- data/test/dummy/app/assets/stylesheets/users.css +4 -0
- data/test/dummy/app/controllers/application_controller.rb +73 -0
- data/test/dummy/app/controllers/child_resources_controller.rb +99 -0
- data/test/dummy/app/controllers/child_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/global_resources_controller.rb +95 -0
- data/test/dummy/app/controllers/global_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/user_groups_controller.rb +131 -0
- data/test/dummy/app/controllers/user_sessions_controller.rb +38 -0
- data/test/dummy/app/controllers/users_controller.rb +87 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/helpers/child_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/global_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/parent_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/standalone_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/user_groups_helper.rb +2 -0
- data/test/dummy/app/helpers/users_helper.rb +2 -0
- data/test/dummy/app/models/child_resource.rb +25 -0
- data/test/dummy/app/models/child_resource.rb~ +4 -0
- data/test/dummy/app/models/global_resource.rb +3 -0
- data/test/dummy/app/models/parent_resource.rb +32 -0
- data/test/dummy/app/models/parent_resource.rb~ +3 -0
- data/test/dummy/app/models/standalone_resource.rb +22 -0
- data/test/dummy/app/models/standalone_resource.rb~ +3 -0
- data/test/dummy/app/models/user.rb +80 -0
- data/test/dummy/app/models/user_group.rb +12 -0
- data/test/dummy/app/views/child_resources/_form.html.erb +30 -0
- data/test/dummy/app/views/child_resources/_form.html.erb~ +29 -0
- data/test/dummy/app/views/child_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/child_resources/index.html.erb +25 -0
- data/test/dummy/app/views/child_resources/index.html.erb~ +27 -0
- data/test/dummy/app/views/child_resources/new.html.erb +5 -0
- data/test/dummy/app/views/child_resources/show.html.erb +20 -0
- data/test/dummy/app/views/child_resources/show.html.erb~ +20 -0
- data/test/dummy/app/views/global_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/global_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/global_resources/index.html.erb +25 -0
- data/test/dummy/app/views/global_resources/new.html.erb +5 -0
- data/test/dummy/app/views/global_resources/show.html.erb +15 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/app/views/parent_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/parent_resources/index.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/index.html.erb~ +25 -0
- data/test/dummy/app/views/parent_resources/new.html.erb +5 -0
- data/test/dummy/app/views/parent_resources/show.html.erb +44 -0
- data/test/dummy/app/views/parent_resources/show.html.erb~ +15 -0
- data/test/dummy/app/views/standalone_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/standalone_resources/index.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/new.html.erb +5 -0
- data/test/dummy/app/views/standalone_resources/show.html.erb +15 -0
- data/test/dummy/app/views/user_groups/_form.html.haml +9 -0
- data/test/dummy/app/views/user_groups/add_members.html.haml +18 -0
- data/test/dummy/app/views/user_groups/edit.html.haml +13 -0
- data/test/dummy/app/views/user_groups/index.html.haml +20 -0
- data/test/dummy/app/views/user_groups/new.html.haml +11 -0
- data/test/dummy/app/views/user_groups/show.html.haml +42 -0
- data/test/dummy/app/views/user_sessions/new.html.haml +26 -0
- data/test/dummy/app/views/users/_form.html.haml +25 -0
- data/test/dummy/app/views/users/edit.html.haml +14 -0
- data/test/dummy/app/views/users/index.html.haml +26 -0
- data/test/dummy/app/views/users/new.html.haml +11 -0
- data/test/dummy/app/views/users/show.html.haml +56 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +59 -0
- data/test/dummy/config/boot.rb +10 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +37 -0
- data/test/dummy/config/environments/production.rb +67 -0
- data/test/dummy/config/environments/test.rb +37 -0
- data/test/dummy/config/initializers/alberich.rb +13 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/inflections.rb +15 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +7 -0
- data/test/dummy/config/initializers/session_store.rb +8 -0
- data/test/dummy/config/initializers/warden.rb +79 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +5 -0
- data/test/dummy/config/routes.rb +33 -0
- data/test/dummy/db/migrate/20120801010101_create_users.rb +20 -0
- data/test/dummy/db/migrate/20121121054319_create_user_groups.rb +16 -0
- data/test/dummy/db/migrate/20130220160811_create_global_resources.rb +10 -0
- data/test/dummy/db/migrate/20130220175258_create_standalone_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226145412_create_parent_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb +12 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb~ +12 -0
- data/test/dummy/db/schema.rb +151 -0
- data/test/dummy/db/seeds.rb +65 -0
- data/test/dummy/lib/password.rb +58 -0
- data/test/dummy/public/404.html +26 -0
- data/test/dummy/public/422.html +26 -0
- data/test/dummy/public/500.html +25 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/script/rails +6 -0
- data/test/dummy/test/fixtures/child_resources.yml +11 -0
- data/test/dummy/test/fixtures/global_resources.yml +9 -0
- data/test/dummy/test/fixtures/parent_resources.yml +9 -0
- data/test/dummy/test/fixtures/standalone_resources.yml +9 -0
- data/test/dummy/test/fixtures/user_groups.yml +9 -0
- data/test/dummy/test/fixtures/users.yml +37 -0
- data/test/dummy/test/functional/child_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/global_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/parent_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/standalone_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/user_groups_controller_test.rb +49 -0
- data/test/dummy/test/functional/users_controller_test.rb +39 -0
- data/test/dummy/test/unit/child_resource_test.rb +7 -0
- data/test/dummy/test/unit/global_resource_test.rb +7 -0
- data/test/dummy/test/unit/helpers/child_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/global_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/parent_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/standalone_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/user_groups_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/users_helper_test.rb +4 -0
- data/test/dummy/test/unit/parent_resource_test.rb +7 -0
- data/test/dummy/test/unit/standalone_resource_test.rb +7 -0
- data/test/dummy/test/unit/user_group_test.rb +7 -0
- data/test/dummy/test/unit/user_test.rb +7 -0
- data/test/integration/alberich/permission_test.rb +7 -0
- data/test/integration/alberich/privilege_test.rb +7 -0
- data/test/integration/alberich/role_test.rb +7 -0
- metadata +639 -0
@@ -0,0 +1,105 @@
|
|
1
|
+
require_dependency "alberich/application_controller"
|
2
|
+
|
3
|
+
module Alberich
|
4
|
+
class PrivilegesController < Alberich::ApplicationController
|
5
|
+
# GET /privileges
|
6
|
+
# GET /privileges.json
|
7
|
+
def index
|
8
|
+
require_privilege(Privilege::PERM_VIEW)
|
9
|
+
@privileges = Privilege.all
|
10
|
+
|
11
|
+
respond_to do |format|
|
12
|
+
format.html # index.html.erb
|
13
|
+
format.json { render json: @privileges }
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
# GET /privileges/1
|
18
|
+
# GET /privileges/1.json
|
19
|
+
def show
|
20
|
+
require_privilege(Privilege::PERM_VIEW)
|
21
|
+
@privilege = Privilege.find(params[:id])
|
22
|
+
|
23
|
+
respond_to do |format|
|
24
|
+
format.html # show.html.erb
|
25
|
+
format.json { render json: @role }
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
# GET /privileges/new
|
30
|
+
# GET /privileges/new.json
|
31
|
+
def new
|
32
|
+
require_privilege(Privilege::PERM_SET)
|
33
|
+
@privilege = Privilege.new(:role_id => params[:role_id])
|
34
|
+
@target_type_list = Privilege::TARGET_TYPES
|
35
|
+
@action_list = Privilege::ACTIONS
|
36
|
+
respond_to do |format|
|
37
|
+
format.html # new.html.erb
|
38
|
+
format.json { render json: @privilege }
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
# POST /privileges
|
43
|
+
# POST /privileges.json
|
44
|
+
def create
|
45
|
+
require_privilege(Privilege::PERM_SET)
|
46
|
+
@privilege = Privilege.new(params[:privilege])
|
47
|
+
@target_type_list = Privilege::TARGET_TYPES
|
48
|
+
@action_list = Privilege::ACTIONS
|
49
|
+
|
50
|
+
respond_to do |format|
|
51
|
+
if @privilege.save
|
52
|
+
format.html { redirect_to @privilege.role, notice: "New privilege added" }
|
53
|
+
format.json { render json: @privilege, status: :created, location: @privilege }
|
54
|
+
else
|
55
|
+
format.html { render action: "new" }
|
56
|
+
format.json { render json: @privilege.errors, status: :unprocessable_entity }
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
# GET /privileges/1/edit
|
62
|
+
def edit
|
63
|
+
require_privilege(Privilege::PERM_SET)
|
64
|
+
@privilege = Privilege.find(params[:id])
|
65
|
+
@target_type_list = Privilege::TARGET_TYPES
|
66
|
+
@action_list = Privilege::ACTIONS
|
67
|
+
respond_to do |format|
|
68
|
+
format.html # new.html.erb
|
69
|
+
format.json { render json: @privilege }
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
# PUT /privileges/1
|
74
|
+
# PUT /privileges/1.json
|
75
|
+
def update
|
76
|
+
require_privilege(Privilege::PERM_SET)
|
77
|
+
@privilege = Privilege.find(params[:id])
|
78
|
+
@target_type_list = Privilege::TARGET_TYPES
|
79
|
+
@action_list = Privilege::ACTIONS
|
80
|
+
respond_to do |format|
|
81
|
+
if @privilege.update_attributes(params[:privilege])
|
82
|
+
format.html { redirect_to @privilege.role, notice: "New privilege added"}
|
83
|
+
format.json { head :no_content }
|
84
|
+
else
|
85
|
+
format.html { render action: "edit" }
|
86
|
+
format.json { render json: @privilege.errors, status: :unprocessable_entity }
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
# DELETE /privileges/1
|
92
|
+
# DELETE /privileges/1.json
|
93
|
+
def destroy
|
94
|
+
require_privilege(Privilege::PERM_SET)
|
95
|
+
@privilege = Privilege.find(params[:id])
|
96
|
+
role = @privilege.role
|
97
|
+
@privilege.destroy
|
98
|
+
|
99
|
+
respond_to do |format|
|
100
|
+
format.html { redirect_to role }
|
101
|
+
format.json { head :no_content }
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
@@ -0,0 +1,97 @@
|
|
1
|
+
require_dependency "alberich/application_controller"
|
2
|
+
|
3
|
+
module Alberich
|
4
|
+
class RolesController < Alberich::ApplicationController
|
5
|
+
|
6
|
+
before_filter :require_user
|
7
|
+
# GET /roles
|
8
|
+
# GET /roles.json
|
9
|
+
def index
|
10
|
+
require_privilege(Privilege::PERM_VIEW)
|
11
|
+
@roles = Role.all
|
12
|
+
|
13
|
+
respond_to do |format|
|
14
|
+
format.html # index.html.erb
|
15
|
+
format.json { render json: @roles }
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
# GET /roles/1
|
20
|
+
# GET /roles/1.json
|
21
|
+
def show
|
22
|
+
require_privilege(Privilege::PERM_VIEW)
|
23
|
+
@role = Role.find(params[:id])
|
24
|
+
|
25
|
+
respond_to do |format|
|
26
|
+
format.html # show.html.erb
|
27
|
+
format.json { render json: @role }
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
# GET /roles/new
|
32
|
+
# GET /roles/new.json
|
33
|
+
def new
|
34
|
+
require_privilege(Privilege::PERM_SET)
|
35
|
+
@role = Role.new
|
36
|
+
@scope_list = Role::VALID_SCOPES
|
37
|
+
respond_to do |format|
|
38
|
+
format.html # new.html.erb
|
39
|
+
format.json { render json: @role }
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
# GET /roles/1/edit
|
44
|
+
def edit
|
45
|
+
require_privilege(Privilege::PERM_SET)
|
46
|
+
@role = Role.find(params[:id])
|
47
|
+
@scope_list = Role::VALID_SCOPES
|
48
|
+
end
|
49
|
+
|
50
|
+
# POST /roles
|
51
|
+
# POST /roles.json
|
52
|
+
def create
|
53
|
+
require_privilege(Privilege::PERM_SET)
|
54
|
+
@role = Role.new(params[:role])
|
55
|
+
|
56
|
+
respond_to do |format|
|
57
|
+
if @role.save
|
58
|
+
format.html { redirect_to @role, notice: "New role added"}
|
59
|
+
format.json { render json: @role, status: :created, location: @role }
|
60
|
+
else
|
61
|
+
format.html { render action: "new" }
|
62
|
+
format.json { render json: @role.errors, status: :unprocessable_entity }
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
# PUT /roles/1
|
68
|
+
# PUT /roles/1.json
|
69
|
+
def update
|
70
|
+
require_privilege(Privilege::PERM_SET)
|
71
|
+
@role = Role.find(params[:id])
|
72
|
+
|
73
|
+
respond_to do |format|
|
74
|
+
if @role.update_attributes(params[:role])
|
75
|
+
format.html { redirect_to @role, notice: "Role updated successfully"}
|
76
|
+
format.json { head :no_content }
|
77
|
+
else
|
78
|
+
format.html { render action: "edit" }
|
79
|
+
format.json { render json: @role.errors, status: :unprocessable_entity }
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
# DELETE /roles/1
|
85
|
+
# DELETE /roles/1.json
|
86
|
+
def destroy
|
87
|
+
require_privilege(Privilege::PERM_SET)
|
88
|
+
@role = Role.find(params[:id])
|
89
|
+
@role.destroy
|
90
|
+
|
91
|
+
respond_to do |format|
|
92
|
+
format.html { redirect_to roles_url }
|
93
|
+
format.json { head :no_content }
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
module Alberich
|
2
|
+
class BasePermissionObject < ActiveRecord::Base
|
3
|
+
attr_accessible :name
|
4
|
+
|
5
|
+
include Alberich::PermissionedObject
|
6
|
+
validates_presence_of :name
|
7
|
+
validates_uniqueness_of :name
|
8
|
+
|
9
|
+
GENERAL_PERMISSION_SCOPE = "general_permission_scope"
|
10
|
+
|
11
|
+
def self.general_permission_scope
|
12
|
+
base_permission = self.find_by_name(GENERAL_PERMISSION_SCOPE)
|
13
|
+
unless base_permission
|
14
|
+
base_permission = self.create!(:name => GENERAL_PERMISSION_SCOPE)
|
15
|
+
end
|
16
|
+
base_permission
|
17
|
+
end
|
18
|
+
|
19
|
+
def permissions_for_type(obj_type)
|
20
|
+
role_ids = Role.where(:scope => "BasePermissionObject").
|
21
|
+
select { |role| role.privilege_target_match(obj_type)}.collect {|r| r.id}
|
22
|
+
permissions.where("role_id in (:role_ids)", {:role_ids => role_ids})
|
23
|
+
end
|
24
|
+
|
25
|
+
def self.additional_privilege_target_types
|
26
|
+
Alberich.permissioned_object_classes.collect {|x| Kernel.const_get(x)}
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.global_admin_permission_count
|
30
|
+
self.general_permission_scope.permissions.includes(:role => :privileges).
|
31
|
+
where("alberich_privileges.target_type" => "Alberich::BasePermissionObject",
|
32
|
+
"alberich_privileges.action" => Privilege::PERM_SET).size
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.is_global_admin_perm(permission)
|
36
|
+
permission.role.privileges.where("alberich_privileges.target_type" =>
|
37
|
+
"Alberich::BasePermissionObject",
|
38
|
+
"alberich_privileges.action" =>
|
39
|
+
Privilege::PERM_SET).size > 0
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module Alberich
|
2
|
+
class DerivedPermission < ActiveRecord::Base
|
3
|
+
attr_accessible :entity_id, :permission_id, :role_id, :permission_object
|
4
|
+
attr_accessible :permission
|
5
|
+
|
6
|
+
# the source permission for the denormalized object
|
7
|
+
belongs_to :permission
|
8
|
+
validates_presence_of :permission_id
|
9
|
+
|
10
|
+
# this is the object used for permission checks
|
11
|
+
belongs_to :permission_object, :polymorphic => true
|
12
|
+
|
13
|
+
belongs_to :role
|
14
|
+
validates_presence_of :role_id
|
15
|
+
|
16
|
+
# entity is copied from source permission
|
17
|
+
belongs_to :entity
|
18
|
+
validates_presence_of :entity_id
|
19
|
+
|
20
|
+
validates_uniqueness_of :permission_id, :scope => [:permission_object_id,
|
21
|
+
:permission_object_type]
|
22
|
+
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Alberich
|
2
|
+
class Entity < ActiveRecord::Base
|
3
|
+
attr_accessible :entity_target, :entity_target_id, :name
|
4
|
+
|
5
|
+
belongs_to :entity_target, :polymorphic => true
|
6
|
+
validates_presence_of :entity_target_id
|
7
|
+
has_many :session_entities, :dependent => :destroy
|
8
|
+
has_many :permissions, :dependent => :destroy
|
9
|
+
has_many :derived_permissions, :dependent => :destroy
|
10
|
+
|
11
|
+
# type-specific associations
|
12
|
+
belongs_to :user, :class_name => Alberich.user_class, :foreign_key => "entity_target_id"
|
13
|
+
belongs_to :user_group, :class_name => Alberich.user_group_class,
|
14
|
+
:foreign_key => "entity_target_id"
|
15
|
+
|
16
|
+
def self.for_target(obj)
|
17
|
+
self.find_by_entity_target_id_and_entity_target_type(obj.id,
|
18
|
+
obj.class.name)
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.find_or_create_for_target(obj)
|
22
|
+
self.find_or_create_by_entity_target_id_and_entity_target_type(obj.id,
|
23
|
+
obj.class.name)
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module Alberich
|
2
|
+
class EntityTargetObserver < ActiveRecord::Observer
|
3
|
+
observe Alberich.user_class.underscore.to_sym, Alberich.user_group_class.underscore.to_sym
|
4
|
+
|
5
|
+
def after_save(obj)
|
6
|
+
entity = Entity.find_or_create_for_target(obj)
|
7
|
+
entity.name = obj.to_s
|
8
|
+
entity.save!
|
9
|
+
end
|
10
|
+
|
11
|
+
def after_destroy(obj)
|
12
|
+
entity = Entity.for_target(obj)
|
13
|
+
entity.destroy if entity
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module Alberich
|
2
|
+
class Permission < ActiveRecord::Base
|
3
|
+
attr_accessible :entity, :role, :entity_id, :role_id, :permission_object
|
4
|
+
|
5
|
+
belongs_to :role
|
6
|
+
belongs_to :entity
|
7
|
+
|
8
|
+
validates_presence_of :role_id
|
9
|
+
|
10
|
+
validates_presence_of :entity_id
|
11
|
+
validates_uniqueness_of :entity_id, :scope => [:permission_object_id,
|
12
|
+
:permission_object_type,
|
13
|
+
:role_id]
|
14
|
+
|
15
|
+
belongs_to :permission_object, :polymorphic => true
|
16
|
+
# type-specific associations (FIXME: do we still need this?
|
17
|
+
belongs_to :base_permission_object, :class_name => "BasePermissionObject",
|
18
|
+
:foreign_key => "permission_object_id"
|
19
|
+
|
20
|
+
has_many :derived_permissions, :dependent => :destroy
|
21
|
+
|
22
|
+
after_save :update_derived_permissions
|
23
|
+
|
24
|
+
def user
|
25
|
+
entity.user
|
26
|
+
end
|
27
|
+
def user_group
|
28
|
+
entity.user_group
|
29
|
+
end
|
30
|
+
|
31
|
+
def update_derived_permissions
|
32
|
+
new_derived_permission_objects = permission_object.derived_subtree(role)
|
33
|
+
old_derived_permissions = derived_permissions
|
34
|
+
old_derived_permissions.each do |derived_perm|
|
35
|
+
if new_derived_permission_objects.delete(derived_perm.permission_object)
|
36
|
+
# object is in both old and new list -- update as necessary
|
37
|
+
derived_perm.role = role
|
38
|
+
derived_perm.entity_id = entity_id
|
39
|
+
derived_perm.save!
|
40
|
+
else
|
41
|
+
# object is in old but not new list -- remove it
|
42
|
+
derived_perm.destroy
|
43
|
+
end
|
44
|
+
end
|
45
|
+
new_derived_permission_objects.each do |perm_obj|
|
46
|
+
unless DerivedPermission.where(:permission_id => id,
|
47
|
+
:permission_object_id => perm_obj.id,
|
48
|
+
:permission_object_type =>
|
49
|
+
perm_obj.class.name).any?
|
50
|
+
derived_perm = DerivedPermission.new(:entity_id => entity_id,
|
51
|
+
:role_id => role_id,
|
52
|
+
:permission_object => perm_obj,
|
53
|
+
:permission => self)
|
54
|
+
derived_perm.save!
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module Alberich
|
2
|
+
class PermissionSession < ActiveRecord::Base
|
3
|
+
attr_accessible :session_id, :user_id, :user
|
4
|
+
|
5
|
+
belongs_to :user, :class_name => Alberich.user_class
|
6
|
+
has_many :session_entities
|
7
|
+
|
8
|
+
validates_presence_of :user_id
|
9
|
+
validates_presence_of :session_id
|
10
|
+
|
11
|
+
def update_session_entities(user)
|
12
|
+
SessionEntity.transaction do
|
13
|
+
# skips callbacks, which should be fine here
|
14
|
+
SessionEntity.delete_all(:permission_session_id => self.id)
|
15
|
+
add_to_session(user)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
def add_to_session(user)
|
20
|
+
return unless user
|
21
|
+
# create mapping for user-level permissions
|
22
|
+
SessionEntity.create!(:permission_session_id => self.id,
|
23
|
+
:user => user,
|
24
|
+
:entity => Entity.for_target(user))
|
25
|
+
# create mappings for groups
|
26
|
+
user.send(Alberich.groups_for_user_method).each do |ug|
|
27
|
+
SessionEntity.create!(:permission_session_id => self.id,
|
28
|
+
:user => user,
|
29
|
+
:entity => Entity.for_target(ug))
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,139 @@
|
|
1
|
+
module Alberich
|
2
|
+
module PermissionedObject
|
3
|
+
extend ActiveSupport::Concern
|
4
|
+
included do
|
5
|
+
has_many :permissions, :as => :permission_object,
|
6
|
+
:class_name => 'Alberich::Permission',
|
7
|
+
:dependent => :destroy,
|
8
|
+
:include => [:role],
|
9
|
+
:order => "alberich_permissions.id ASC"
|
10
|
+
|
11
|
+
has_many :derived_permissions, :as => :permission_object,
|
12
|
+
:class_name => 'Alberich::DerivedPermission',
|
13
|
+
:dependent => :destroy,
|
14
|
+
:include => [:role],
|
15
|
+
:order => "alberich_derived_permissions.id ASC"
|
16
|
+
end
|
17
|
+
|
18
|
+
def has_privilege(permission_session, user, action, target_type=nil)
|
19
|
+
return false if permission_session.nil? or user.nil? or action.nil?
|
20
|
+
target_type = self.class.default_privilege_target_type if target_type.nil?
|
21
|
+
if derived_permissions.includes(:role => :privileges,
|
22
|
+
:entity => :session_entities).where(
|
23
|
+
["alberich_session_entities.user_id=:user and
|
24
|
+
alberich_session_entities.permission_session_id=:permission_session_id and
|
25
|
+
alberich_privileges.target_type=:target_type and
|
26
|
+
alberich_privileges.action=:action",
|
27
|
+
{ :user => user.id,
|
28
|
+
:permission_session_id => permission_session.id,
|
29
|
+
:target_type => target_type.name,
|
30
|
+
:action => action}]).any?
|
31
|
+
return true
|
32
|
+
else
|
33
|
+
BasePermissionObject.general_permission_scope.permissions.
|
34
|
+
includes(:role => :privileges,
|
35
|
+
:entity => :session_entities).where(
|
36
|
+
["alberich_session_entities.user_id=:user and
|
37
|
+
alberich_session_entities.permission_session_id=:permission_session_id and
|
38
|
+
alberich_privileges.target_type=:target_type and
|
39
|
+
alberich_privileges.action=:action",
|
40
|
+
{ :user => user.id,
|
41
|
+
:permission_session_id => permission_session,
|
42
|
+
:target_type => target_type.name,
|
43
|
+
:action => action}]).any?
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
# Returns the list of objects to check for permissions on -- by default
|
48
|
+
# this is empty (we don't denormalize Global permissions as they're
|
49
|
+
# handled as a separate case.)
|
50
|
+
def perm_ancestors
|
51
|
+
[]
|
52
|
+
end
|
53
|
+
# Returns the list of objects to generate derived permissions for
|
54
|
+
# -- by default just this object
|
55
|
+
def derived_subtree(role = nil)
|
56
|
+
[self]
|
57
|
+
end
|
58
|
+
# on obj creation, set inherited permissions for new object
|
59
|
+
def update_derived_permissions_for_ancestors
|
60
|
+
# for create hook this should normally be empty
|
61
|
+
old_derived_permissions = Hash[derived_permissions.map{|p| [p.permission.id,p]}]
|
62
|
+
perm_ancestors.each do |perm_obj|
|
63
|
+
perm_obj.permissions.each do |permission|
|
64
|
+
if permission.role.privilege_target_match(self.class.default_privilege_target_type)
|
65
|
+
unless old_derived_permissions.delete(permission.id)
|
66
|
+
derived_permissions.create(:entity_id => permission.entity_id,
|
67
|
+
:role_id => permission.role_id,
|
68
|
+
:permission => permission)
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
# anything remaining in old_derived_permissions should be removed,
|
74
|
+
# as would be expected if this hook is triggered by removing a
|
75
|
+
# catalog entry for a deployable
|
76
|
+
old_derived_permissions.each do |id, derived_perm|
|
77
|
+
derived_perm.destroy
|
78
|
+
end
|
79
|
+
#reload
|
80
|
+
end
|
81
|
+
# assign owner role so that the creating user has permissions on the object
|
82
|
+
# Any roles defined on default_privilege_target_type with assign_to_owner==true
|
83
|
+
# will be assigned to the passed-in user on this object
|
84
|
+
def assign_owner_roles(user)
|
85
|
+
roles = Role.find(:all, :conditions => ["assign_to_owner =:assign and scope=:scope",
|
86
|
+
{ :assign => true,
|
87
|
+
:scope => self.class.default_privilege_target_type.name}])
|
88
|
+
roles.each do |role|
|
89
|
+
Permission.create!(:role => role, :entity => Entity.for_target(user),
|
90
|
+
:permission_object => self)
|
91
|
+
end
|
92
|
+
self.reload
|
93
|
+
end
|
94
|
+
|
95
|
+
# Any methods here will be able to use the context of the
|
96
|
+
# ActiveRecord model the module is included in.
|
97
|
+
def self.included(base)
|
98
|
+
base.class_eval do
|
99
|
+
after_create :update_derived_permissions_for_ancestors
|
100
|
+
|
101
|
+
# Returns the list of privilege target types that are relevant for
|
102
|
+
# permission checking purposes. This is used in setting derived
|
103
|
+
# permissions -- there's no need to create denormalized permissions
|
104
|
+
# for a role which only grants Provider privileges on a Pool
|
105
|
+
# object. By default, this is just the current object's type
|
106
|
+
def self.active_privilege_target_types
|
107
|
+
[self.default_privilege_target_type] + self.additional_privilege_target_types
|
108
|
+
end
|
109
|
+
def self.additional_privilege_target_types
|
110
|
+
[]
|
111
|
+
end
|
112
|
+
def self.default_privilege_target_type
|
113
|
+
self
|
114
|
+
end
|
115
|
+
def self.list_for_user(permission_session, user, action,
|
116
|
+
target_type=self.default_privilege_target_type)
|
117
|
+
if permission_session.nil? or user.nil? or action.nil? or target_type.nil?
|
118
|
+
return where("1=0")
|
119
|
+
end
|
120
|
+
if BasePermissionObject.general_permission_scope.
|
121
|
+
has_privilege(permission_session, user, action, target_type)
|
122
|
+
scoped
|
123
|
+
else
|
124
|
+
includes([:derived_permissions => {:role => :privileges,
|
125
|
+
:entity => :session_entities}]).
|
126
|
+
where("alberich_session_entities.user_id=:user and
|
127
|
+
alberich_session_entities.permission_session_id=:permission_session_id and
|
128
|
+
alberich_privileges.target_type=:target_type and
|
129
|
+
alberich_privileges.action=:action",
|
130
|
+
{:user => user.id,
|
131
|
+
:permission_session_id => permission_session.id,
|
132
|
+
:target_type => target_type.name,
|
133
|
+
:action => action})
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|