alberich 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +18 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +37 -0
- data/Rakefile +34 -0
- data/alberich.gemspec +34 -0
- data/app/assets/javascripts/alberich/application.js +15 -0
- data/app/assets/javascripts/alberich/permissions.js +2 -0
- data/app/assets/javascripts/alberich/privileges.js +2 -0
- data/app/assets/javascripts/alberich/roles.js +2 -0
- data/app/assets/stylesheets/alberich/application.css +13 -0
- data/app/assets/stylesheets/alberich/permissions.css +4 -0
- data/app/assets/stylesheets/alberich/privileges.css +4 -0
- data/app/assets/stylesheets/alberich/roles.css +4 -0
- data/app/assets/stylesheets/scaffold.css +56 -0
- data/app/controllers/alberich/application_controller.rb +4 -0
- data/app/controllers/alberich/application_controller_helper.rb +118 -0
- data/app/controllers/alberich/permissions_controller.rb +211 -0
- data/app/controllers/alberich/privileges_controller.rb +105 -0
- data/app/controllers/alberich/roles_controller.rb +97 -0
- data/app/helpers/alberich/application_helper.rb +4 -0
- data/app/helpers/alberich/permissions_helper.rb +4 -0
- data/app/helpers/alberich/privileges_helper.rb +4 -0
- data/app/helpers/alberich/roles_helper.rb +4 -0
- data/app/models/alberich/base_permission_object.rb +42 -0
- data/app/models/alberich/derived_permission.rb +25 -0
- data/app/models/alberich/entity.rb +27 -0
- data/app/models/alberich/entity_target_observer.rb +16 -0
- data/app/models/alberich/permission.rb +59 -0
- data/app/models/alberich/permission_session.rb +33 -0
- data/app/models/alberich/permissioned_object.rb +139 -0
- data/app/models/alberich/privilege.rb +29 -0
- data/app/models/alberich/role.rb +37 -0
- data/app/models/alberich/session_entity.rb +15 -0
- data/app/views/alberich/permissions/_form.html.haml +27 -0
- data/app/views/alberich/permissions/_list.html.haml +1 -0
- data/app/views/alberich/permissions/_objects.html.haml +38 -0
- data/app/views/alberich/permissions/_permissions.html.haml +45 -0
- data/app/views/alberich/permissions/index.html.haml +2 -0
- data/app/views/alberich/permissions/new.html.haml +5 -0
- data/app/views/alberich/permissions/show.html.haml +12 -0
- data/app/views/alberich/privileges/_form.html.haml +19 -0
- data/app/views/alberich/privileges/_list.html.haml +17 -0
- data/app/views/alberich/privileges/create.html.haml +2 -0
- data/app/views/alberich/privileges/destroy.html.haml +2 -0
- data/app/views/alberich/privileges/edit.html.haml +5 -0
- data/app/views/alberich/privileges/index.html.haml +5 -0
- data/app/views/alberich/privileges/new.html.haml +5 -0
- data/app/views/alberich/privileges/show.html.haml +12 -0
- data/app/views/alberich/privileges/update.html.haml +2 -0
- data/app/views/alberich/roles/_form.html.haml +24 -0
- data/app/views/alberich/roles/edit.html.haml +7 -0
- data/app/views/alberich/roles/index.html.haml +23 -0
- data/app/views/alberich/roles/new.html.haml +5 -0
- data/app/views/alberich/roles/show.html.haml +16 -0
- data/app/views/layouts/alberich/application.html.erb +14 -0
- data/config/initializers/haml.rb +1 -0
- data/config/routes.rb +17 -0
- data/db/migrate/20120925162242_create_alberich_roles.rb +12 -0
- data/db/migrate/20121022223626_create_alberich_privileges.rb +12 -0
- data/db/migrate/20121023051301_create_alberich_base_permission_objects.rb +9 -0
- data/db/migrate/20121023233648_create_alberich_permission_sessions.rb +11 -0
- data/db/migrate/20121027023136_create_alberich_entities.rb +34 -0
- data/db/migrate/20121204205213_create_alberich_session_entities.rb +12 -0
- data/db/migrate/20121205180518_create_alberich_permissions.rb +13 -0
- data/db/migrate/20130107043252_create_alberich_derived_permissions.rb +18 -0
- data/lib/alberich.rb +10 -0
- data/lib/alberich/#version.rb# +3 -0
- data/lib/alberich/engine.rb +10 -0
- data/lib/alberich/version.rb +3 -0
- data/lib/generators/alberich/install_generator.rb +15 -0
- data/lib/generators/alberich/templates/README +6 -0
- data/lib/generators/alberich/templates/alberich.rb +11 -0
- data/lib/tasks/alberich_tasks.rake +4 -0
- data/spec/controllers/alberich/permissions_controller_spec.rb +112 -0
- data/spec/controllers/alberich/privileges_controller_spec.rb +131 -0
- data/spec/controllers/alberich/roles_controller_spec.rb +130 -0
- data/spec/factories/alberich/permission.rb +51 -0
- data/spec/factories/alberich/permission_session.rb +7 -0
- data/spec/factories/alberich/privilege.rb +6 -0
- data/spec/factories/alberich/role.rb +103 -0
- data/spec/factories/child_resource.rb +14 -0
- data/spec/factories/child_resource.rb~ +7 -0
- data/spec/factories/global_resource.rb +11 -0
- data/spec/factories/global_resource.rb~ +25 -0
- data/spec/factories/parent_resource.rb +12 -0
- data/spec/factories/parent_resource.rb~ +7 -0
- data/spec/factories/standalone_resource.rb +7 -0
- data/spec/factories/standalone_resource.rb~ +11 -0
- data/spec/factories/user.rb +30 -0
- data/spec/factories/user_group.rb +8 -0
- data/spec/models/alberich/derived_permission_spec.rb +34 -0
- data/spec/models/alberich/entity_spec.rb +15 -0
- data/spec/models/alberich/permission_spec.rb +133 -0
- data/spec/models/alberich/privilege_spec.rb +39 -0
- data/spec/models/alberich/role_spec.rb +33 -0
- data/spec/models/alberich/session_entity_spec.rb +24 -0
- data/spec/spec_helper.rb +81 -0
- data/spec/support/routes.rb +41 -0
- data/test/dummy/README.rdoc +261 -0
- data/test/dummy/Rakefile +7 -0
- data/test/dummy/app/assets/javascripts/application.js +15 -0
- data/test/dummy/app/assets/javascripts/child_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/global_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/parent_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/standalone_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/user_groups.js +2 -0
- data/test/dummy/app/assets/javascripts/users.js +2 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/assets/stylesheets/child_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/global_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/parent_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/scaffold.css +56 -0
- data/test/dummy/app/assets/stylesheets/standalone_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/user_groups.css +4 -0
- data/test/dummy/app/assets/stylesheets/users.css +4 -0
- data/test/dummy/app/controllers/application_controller.rb +73 -0
- data/test/dummy/app/controllers/child_resources_controller.rb +99 -0
- data/test/dummy/app/controllers/child_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/global_resources_controller.rb +95 -0
- data/test/dummy/app/controllers/global_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/user_groups_controller.rb +131 -0
- data/test/dummy/app/controllers/user_sessions_controller.rb +38 -0
- data/test/dummy/app/controllers/users_controller.rb +87 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/helpers/child_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/global_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/parent_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/standalone_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/user_groups_helper.rb +2 -0
- data/test/dummy/app/helpers/users_helper.rb +2 -0
- data/test/dummy/app/models/child_resource.rb +25 -0
- data/test/dummy/app/models/child_resource.rb~ +4 -0
- data/test/dummy/app/models/global_resource.rb +3 -0
- data/test/dummy/app/models/parent_resource.rb +32 -0
- data/test/dummy/app/models/parent_resource.rb~ +3 -0
- data/test/dummy/app/models/standalone_resource.rb +22 -0
- data/test/dummy/app/models/standalone_resource.rb~ +3 -0
- data/test/dummy/app/models/user.rb +80 -0
- data/test/dummy/app/models/user_group.rb +12 -0
- data/test/dummy/app/views/child_resources/_form.html.erb +30 -0
- data/test/dummy/app/views/child_resources/_form.html.erb~ +29 -0
- data/test/dummy/app/views/child_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/child_resources/index.html.erb +25 -0
- data/test/dummy/app/views/child_resources/index.html.erb~ +27 -0
- data/test/dummy/app/views/child_resources/new.html.erb +5 -0
- data/test/dummy/app/views/child_resources/show.html.erb +20 -0
- data/test/dummy/app/views/child_resources/show.html.erb~ +20 -0
- data/test/dummy/app/views/global_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/global_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/global_resources/index.html.erb +25 -0
- data/test/dummy/app/views/global_resources/new.html.erb +5 -0
- data/test/dummy/app/views/global_resources/show.html.erb +15 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/app/views/parent_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/parent_resources/index.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/index.html.erb~ +25 -0
- data/test/dummy/app/views/parent_resources/new.html.erb +5 -0
- data/test/dummy/app/views/parent_resources/show.html.erb +44 -0
- data/test/dummy/app/views/parent_resources/show.html.erb~ +15 -0
- data/test/dummy/app/views/standalone_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/standalone_resources/index.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/new.html.erb +5 -0
- data/test/dummy/app/views/standalone_resources/show.html.erb +15 -0
- data/test/dummy/app/views/user_groups/_form.html.haml +9 -0
- data/test/dummy/app/views/user_groups/add_members.html.haml +18 -0
- data/test/dummy/app/views/user_groups/edit.html.haml +13 -0
- data/test/dummy/app/views/user_groups/index.html.haml +20 -0
- data/test/dummy/app/views/user_groups/new.html.haml +11 -0
- data/test/dummy/app/views/user_groups/show.html.haml +42 -0
- data/test/dummy/app/views/user_sessions/new.html.haml +26 -0
- data/test/dummy/app/views/users/_form.html.haml +25 -0
- data/test/dummy/app/views/users/edit.html.haml +14 -0
- data/test/dummy/app/views/users/index.html.haml +26 -0
- data/test/dummy/app/views/users/new.html.haml +11 -0
- data/test/dummy/app/views/users/show.html.haml +56 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +59 -0
- data/test/dummy/config/boot.rb +10 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +37 -0
- data/test/dummy/config/environments/production.rb +67 -0
- data/test/dummy/config/environments/test.rb +37 -0
- data/test/dummy/config/initializers/alberich.rb +13 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/inflections.rb +15 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +7 -0
- data/test/dummy/config/initializers/session_store.rb +8 -0
- data/test/dummy/config/initializers/warden.rb +79 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +5 -0
- data/test/dummy/config/routes.rb +33 -0
- data/test/dummy/db/migrate/20120801010101_create_users.rb +20 -0
- data/test/dummy/db/migrate/20121121054319_create_user_groups.rb +16 -0
- data/test/dummy/db/migrate/20130220160811_create_global_resources.rb +10 -0
- data/test/dummy/db/migrate/20130220175258_create_standalone_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226145412_create_parent_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb +12 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb~ +12 -0
- data/test/dummy/db/schema.rb +151 -0
- data/test/dummy/db/seeds.rb +65 -0
- data/test/dummy/lib/password.rb +58 -0
- data/test/dummy/public/404.html +26 -0
- data/test/dummy/public/422.html +26 -0
- data/test/dummy/public/500.html +25 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/script/rails +6 -0
- data/test/dummy/test/fixtures/child_resources.yml +11 -0
- data/test/dummy/test/fixtures/global_resources.yml +9 -0
- data/test/dummy/test/fixtures/parent_resources.yml +9 -0
- data/test/dummy/test/fixtures/standalone_resources.yml +9 -0
- data/test/dummy/test/fixtures/user_groups.yml +9 -0
- data/test/dummy/test/fixtures/users.yml +37 -0
- data/test/dummy/test/functional/child_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/global_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/parent_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/standalone_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/user_groups_controller_test.rb +49 -0
- data/test/dummy/test/functional/users_controller_test.rb +39 -0
- data/test/dummy/test/unit/child_resource_test.rb +7 -0
- data/test/dummy/test/unit/global_resource_test.rb +7 -0
- data/test/dummy/test/unit/helpers/child_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/global_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/parent_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/standalone_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/user_groups_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/users_helper_test.rb +4 -0
- data/test/dummy/test/unit/parent_resource_test.rb +7 -0
- data/test/dummy/test/unit/standalone_resource_test.rb +7 -0
- data/test/dummy/test/unit/user_group_test.rb +7 -0
- data/test/dummy/test/unit/user_test.rb +7 -0
- data/test/integration/alberich/permission_test.rb +7 -0
- data/test/integration/alberich/privilege_test.rb +7 -0
- data/test/integration/alberich/role_test.rb +7 -0
- metadata +639 -0
data/Gemfile
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
source "http://rubygems.org"
|
2
|
+
|
3
|
+
# Declare your gem's dependencies in alberich.gemspec.
|
4
|
+
# Bundler will treat runtime dependencies like base dependencies, and
|
5
|
+
# development dependencies will be added by default to the :development group.
|
6
|
+
gemspec
|
7
|
+
|
8
|
+
# jquery-rails is used by the dummy application
|
9
|
+
gem "jquery-rails"
|
10
|
+
|
11
|
+
# Declare any dependencies that are still in development here instead of in
|
12
|
+
# your gemspec. These might include edge Rails or gems from your path or
|
13
|
+
# Git. Remember to move these dependencies to your gemspec before releasing
|
14
|
+
# your gem to rubygems.org.
|
15
|
+
|
16
|
+
# To use debugger
|
17
|
+
# gem 'debugger'
|
18
|
+
gem 'rails_warden'
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright 2013 Red Hat, Inc.
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
= Alberich
|
2
|
+
|
3
|
+
Alberich is a model-integrated permissions engine that allows access
|
4
|
+
control, and list filtering based on user and group-assigned
|
5
|
+
permissions both globally and at an individual resouce level.
|
6
|
+
|
7
|
+
== Running Tests
|
8
|
+
|
9
|
+
Tests are run from the project root directory. But are run in the
|
10
|
+
context of the dummy app located under test/dummy. In order to run
|
11
|
+
the tests you must first setup dummy app database.
|
12
|
+
|
13
|
+
rake db:setup; rake -f test/dummy/Rakefile test:prepare
|
14
|
+
|
15
|
+
Once you have done this cd to the project root and run the following:
|
16
|
+
|
17
|
+
rake spec
|
18
|
+
|
19
|
+
== Running the Dummy app
|
20
|
+
|
21
|
+
This will allow you to run the commands below to test out the engine
|
22
|
+
in isolation (if mounted in another application, the main difference
|
23
|
+
will just be where the engine gets mounted, so adjust your url
|
24
|
+
accordingly).
|
25
|
+
|
26
|
+
cd test/dummy; rails s
|
27
|
+
|
28
|
+
== Installation notes
|
29
|
+
|
30
|
+
When alberich is installed, an 'entity' object will be created for
|
31
|
+
each user and user group in your system. This is a placeholder object
|
32
|
+
which is used as the target for permission grants that can be applied
|
33
|
+
to either a user or a group.
|
34
|
+
|
35
|
+
== License
|
36
|
+
|
37
|
+
Alberich is released under the MIT license.
|
data/Rakefile
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
begin
|
3
|
+
require 'bundler/setup'
|
4
|
+
rescue LoadError
|
5
|
+
puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
|
6
|
+
end
|
7
|
+
begin
|
8
|
+
require 'rdoc/task'
|
9
|
+
rescue LoadError
|
10
|
+
require 'rdoc/rdoc'
|
11
|
+
require 'rake/rdoctask'
|
12
|
+
RDoc::Task = Rake::RDocTask
|
13
|
+
end
|
14
|
+
|
15
|
+
RDoc::Task.new(:rdoc) do |rdoc|
|
16
|
+
rdoc.rdoc_dir = 'rdoc'
|
17
|
+
rdoc.title = 'Alberich'
|
18
|
+
rdoc.options << '--line-numbers'
|
19
|
+
rdoc.rdoc_files.include('README.rdoc')
|
20
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
21
|
+
end
|
22
|
+
|
23
|
+
APP_RAKEFILE = File.expand_path("../test/dummy/Rakefile", __FILE__)
|
24
|
+
load 'rails/tasks/engine.rake'
|
25
|
+
|
26
|
+
|
27
|
+
Bundler::GemHelper.install_tasks
|
28
|
+
|
29
|
+
|
30
|
+
require 'rspec/core/rake_task'
|
31
|
+
|
32
|
+
RSpec::Core::RakeTask.new('spec')
|
33
|
+
|
34
|
+
task :default => :spec
|
data/alberich.gemspec
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
$:.push File.expand_path("../lib", __FILE__)
|
2
|
+
|
3
|
+
# Maintain your gem's version:
|
4
|
+
require "alberich/version"
|
5
|
+
|
6
|
+
# Describe your gem and declare its dependencies:
|
7
|
+
Gem::Specification.new do |s|
|
8
|
+
s.name = "alberich"
|
9
|
+
s.version = Alberich::VERSION
|
10
|
+
s.authors = ["Scott Seago"]
|
11
|
+
s.email = ["aeolus-devel@lists.fedorahosted.org"]
|
12
|
+
s.homepage = "https://github.com/aeolus-incubator/alberich"
|
13
|
+
s.license = 'MIT'
|
14
|
+
s.summary = "Model-integrated permissions infrastructure for Rails projects."
|
15
|
+
s.description = "Alberich is a model-integrated permissions engine that allows access control, and list filtering based on user and group-assigned permissions both globally and at an individual resouce level."
|
16
|
+
|
17
|
+
s.files = Dir["{app,config,db,lib}/**/*"] + ["MIT-LICENSE", "Rakefile", "README.rdoc", "alberich.gemspec", "Gemfile"]
|
18
|
+
s.test_files = Dir["{spec,test}/**/*"]
|
19
|
+
s.test_files.reject! { |fn| fn.match(/sqlite|tmp|log/) }
|
20
|
+
|
21
|
+
s.add_dependency "rails", "~> 3.2.11"
|
22
|
+
s.add_dependency "haml"
|
23
|
+
s.add_dependency "haml-rails"
|
24
|
+
s.add_dependency "nokogiri"
|
25
|
+
s.add_dependency "jquery-rails"
|
26
|
+
s.add_dependency "rails_warden"
|
27
|
+
|
28
|
+
s.add_development_dependency "sqlite3"
|
29
|
+
s.add_development_dependency "rspec-rails"
|
30
|
+
s.add_development_dependency "database_cleaner"
|
31
|
+
s.add_development_dependency "factory_girl_rails", "~> 4.1.0"
|
32
|
+
s.add_development_dependency "minitest"
|
33
|
+
|
34
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
// This is a manifest file that'll be compiled into application.js, which will include all the files
|
2
|
+
// listed below.
|
3
|
+
//
|
4
|
+
// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
|
5
|
+
// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
|
6
|
+
//
|
7
|
+
// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
|
8
|
+
// the compiled file.
|
9
|
+
//
|
10
|
+
// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
|
11
|
+
// GO AFTER THE REQUIRES BELOW.
|
12
|
+
//
|
13
|
+
//= require jquery
|
14
|
+
//= require jquery_ujs
|
15
|
+
//= require_tree .
|
@@ -0,0 +1,13 @@
|
|
1
|
+
/*
|
2
|
+
* This is a manifest file that'll be compiled into application.css, which will include all the files
|
3
|
+
* listed below.
|
4
|
+
*
|
5
|
+
* Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
|
6
|
+
* or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
|
7
|
+
*
|
8
|
+
* You're free to add application-wide styles to this file and they'll appear at the top of the
|
9
|
+
* compiled file, but it's generally better to create a new file per style scope.
|
10
|
+
*
|
11
|
+
*= require_self
|
12
|
+
*= require_tree .
|
13
|
+
*/
|
@@ -0,0 +1,56 @@
|
|
1
|
+
body { background-color: #fff; color: #333; }
|
2
|
+
|
3
|
+
body, p, ol, ul, td {
|
4
|
+
font-family: verdana, arial, helvetica, sans-serif;
|
5
|
+
font-size: 13px;
|
6
|
+
line-height: 18px;
|
7
|
+
}
|
8
|
+
|
9
|
+
pre {
|
10
|
+
background-color: #eee;
|
11
|
+
padding: 10px;
|
12
|
+
font-size: 11px;
|
13
|
+
}
|
14
|
+
|
15
|
+
a { color: #000; }
|
16
|
+
a:visited { color: #666; }
|
17
|
+
a:hover { color: #fff; background-color:#000; }
|
18
|
+
|
19
|
+
div.field, div.actions {
|
20
|
+
margin-bottom: 10px;
|
21
|
+
}
|
22
|
+
|
23
|
+
#notice {
|
24
|
+
color: green;
|
25
|
+
}
|
26
|
+
|
27
|
+
.field_with_errors {
|
28
|
+
padding: 2px;
|
29
|
+
background-color: red;
|
30
|
+
display: table;
|
31
|
+
}
|
32
|
+
|
33
|
+
#error_explanation {
|
34
|
+
width: 450px;
|
35
|
+
border: 2px solid red;
|
36
|
+
padding: 7px;
|
37
|
+
padding-bottom: 0;
|
38
|
+
margin-bottom: 20px;
|
39
|
+
background-color: #f0f0f0;
|
40
|
+
}
|
41
|
+
|
42
|
+
#error_explanation h2 {
|
43
|
+
text-align: left;
|
44
|
+
font-weight: bold;
|
45
|
+
padding: 5px 5px 5px 15px;
|
46
|
+
font-size: 12px;
|
47
|
+
margin: -7px;
|
48
|
+
margin-bottom: 0px;
|
49
|
+
background-color: #c00;
|
50
|
+
color: #fff;
|
51
|
+
}
|
52
|
+
|
53
|
+
#error_explanation ul li {
|
54
|
+
font-size: 12px;
|
55
|
+
list-style: square;
|
56
|
+
}
|
@@ -0,0 +1,118 @@
|
|
1
|
+
module Alberich
|
2
|
+
module ApplicationControllerHelper
|
3
|
+
class PermissionError < RuntimeError; end
|
4
|
+
def self.included(c)
|
5
|
+
c.helper_method :current_session, :current_user, :check_privilege
|
6
|
+
end
|
7
|
+
|
8
|
+
def current_session
|
9
|
+
@current_session ||= Alberich::PermissionSession.
|
10
|
+
find_by_id(session[:permission_session_id])
|
11
|
+
end
|
12
|
+
|
13
|
+
def add_profile_permissions_inline(entity, path_prefix = '')
|
14
|
+
@entity = entity
|
15
|
+
@path_prefix = path_prefix
|
16
|
+
@roles = Role.all_by_scope
|
17
|
+
@inline = true
|
18
|
+
set_permissions_header(@entity)
|
19
|
+
# filter permissions if method provided
|
20
|
+
@permissions = filter_permissions_for_profile(@permissions)
|
21
|
+
end
|
22
|
+
# Override this in application_controller if application does filtering
|
23
|
+
# on permissions list for profile UI
|
24
|
+
def filter_permissions_for_profile(perms)
|
25
|
+
perms
|
26
|
+
end
|
27
|
+
# Override this in application_controller if application does filtering
|
28
|
+
# on permissions list
|
29
|
+
def filter_permissions(perms)
|
30
|
+
perms
|
31
|
+
end
|
32
|
+
def add_permissions_common(inline, perm_obj, path_prefix = '',
|
33
|
+
polymorphic_path_extras = {})
|
34
|
+
@permission_object = perm_obj
|
35
|
+
# FIXME find a way to remove the @inline bit here
|
36
|
+
@inline = inline
|
37
|
+
@path_prefix = path_prefix
|
38
|
+
@polymorphic_path_extras = polymorphic_path_extras
|
39
|
+
if check_privilege(Privilege::PERM_VIEW, perm_obj)
|
40
|
+
@roles = Role.find_all_by_scope(@permission_object.class.name)
|
41
|
+
end
|
42
|
+
set_permissions_header
|
43
|
+
@permissions = filter_permissions(@permissions)
|
44
|
+
end
|
45
|
+
def add_permissions_inline(perm_obj, path_prefix = '',
|
46
|
+
polymorphic_path_extras = {})
|
47
|
+
add_permissions_common(true, perm_obj, path_prefix,
|
48
|
+
polymorphic_path_extras)
|
49
|
+
require_privilege(Privilege::VIEW, @permission_object)
|
50
|
+
end
|
51
|
+
|
52
|
+
def set_permissions_header(perm_obj = @permission_object)
|
53
|
+
unless perm_obj == BasePermissionObject.general_permission_scope
|
54
|
+
@show_inherited = params[:show_inherited]
|
55
|
+
@show_global = params[:show_global]
|
56
|
+
end
|
57
|
+
if @show_inherited
|
58
|
+
@permissions = perm_obj.derived_permissions
|
59
|
+
elsif @show_global
|
60
|
+
@permissions = BasePermissionObject.general_permission_scope.
|
61
|
+
permissions_for_type(perm_obj.class)
|
62
|
+
else
|
63
|
+
@permissions = perm_obj.permissions
|
64
|
+
end
|
65
|
+
|
66
|
+
@permission_list_header = []
|
67
|
+
unless (@show_inherited or @show_global)
|
68
|
+
@permission_list_header <<
|
69
|
+
{ :name => 'checkbox', :class => 'checkbox', :sortable => false }
|
70
|
+
end
|
71
|
+
@permission_list_header += [
|
72
|
+
{ :name => "Type"},
|
73
|
+
{ :name => "Name"},
|
74
|
+
{ :name => "Role", :sort_attr => :role},
|
75
|
+
]
|
76
|
+
if @show_inherited
|
77
|
+
@permission_list_header <<
|
78
|
+
{ :name => "Inherited from", :sortable => false }
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
def check_privilege(action, *type_and_perm_obj)
|
83
|
+
target_type = nil
|
84
|
+
perm_obj = nil
|
85
|
+
type_and_perm_obj.each do |obj|
|
86
|
+
target_type=obj if obj.class==Class
|
87
|
+
perm_obj=obj if obj.is_a?(ActiveRecord::Base)
|
88
|
+
end
|
89
|
+
perm_obj=@perm_obj if perm_obj.nil?
|
90
|
+
perm_obj=BasePermissionObject.general_permission_scope if perm_obj.nil?
|
91
|
+
perm_obj.has_privilege(current_session, current_user, action, target_type)
|
92
|
+
end
|
93
|
+
|
94
|
+
# Require a given privilege level to view this page
|
95
|
+
# 1. action is required -- what action to check (in Privilege::ACTIONS)
|
96
|
+
# 2. perm_obj is optional -- This is the resource on which to look for
|
97
|
+
# permission records. If omitted, check for site-wide permissions on
|
98
|
+
# BasePermissionObject
|
99
|
+
# 3. type is also optional -- if omitted it's taken from perm_obj.
|
100
|
+
# For example, if action is 'view', perm_obj is a Pool and type is
|
101
|
+
# omitted, then check for current user's "view pool" permission on
|
102
|
+
# this pool. if action is 'view', perm_obj is a Pool and type is
|
103
|
+
# Quota, then check for current user's "view quota" permission on
|
104
|
+
# this pool.
|
105
|
+
def require_privilege(action, *type_and_perm_obj)
|
106
|
+
perm_obj = nil
|
107
|
+
type_and_perm_obj.each do |obj|
|
108
|
+
perm_obj=obj if obj.is_a?(ActiveRecord::Base)
|
109
|
+
end
|
110
|
+
@perm_obj = perm_obj
|
111
|
+
unless check_privilege(action, *type_and_perm_obj)
|
112
|
+
raise PermissionError.new(
|
113
|
+
"You do not have permission to access this resource")
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
end
|
118
|
+
end
|
@@ -0,0 +1,211 @@
|
|
1
|
+
require_dependency "alberich/application_controller"
|
2
|
+
|
3
|
+
module Alberich
|
4
|
+
class PermissionsController < ApplicationController
|
5
|
+
# GET /permissions
|
6
|
+
# GET /permissions.json
|
7
|
+
def index
|
8
|
+
set_permission_object(Privilege::PERM_VIEW)
|
9
|
+
@roles = Role.find_all_by_scope(@permission_object.class.name)
|
10
|
+
respond_to do |format|
|
11
|
+
format.html
|
12
|
+
format.json { render :json => @permission_object.as_json }
|
13
|
+
format.js { render :partial => 'permissions' }
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
# GET /permissions/new
|
18
|
+
# GET /permissions/new.json
|
19
|
+
def new
|
20
|
+
set_permission_object
|
21
|
+
@users = Alberich.user_class.constantize.all
|
22
|
+
@roles = Role.find_all_by_scope(@permission_object.class.name)
|
23
|
+
if @permission_object == BasePermissionObject.general_permission_scope
|
24
|
+
@return_text = "Global Role Grants"
|
25
|
+
@summary_text = "Choose Global Role"
|
26
|
+
else
|
27
|
+
@return_text = "#{@permission_object.name} " +
|
28
|
+
@permission_object.class.model_name.human
|
29
|
+
@summary_text = "Choose roles for " +
|
30
|
+
@permission_object.class.model_name.human
|
31
|
+
end
|
32
|
+
load_headers
|
33
|
+
load_entities
|
34
|
+
respond_to do |format|
|
35
|
+
format.html
|
36
|
+
format.js { render :partial => 'new' }
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
# POST /permissions
|
41
|
+
# POST /permissions.json
|
42
|
+
def create
|
43
|
+
set_permission_object
|
44
|
+
added=[]
|
45
|
+
not_added=[]
|
46
|
+
params[:entity_role_selected].each do |entity_role|
|
47
|
+
entity_id,role_id = entity_role.split(",")
|
48
|
+
unless role_id.nil?
|
49
|
+
permission = Permission.new(:entity_id => entity_id,
|
50
|
+
:role_id => role_id,
|
51
|
+
:permission_object => @permission_object)
|
52
|
+
if permission.save
|
53
|
+
added << "#{permission.entity.name} (#{permission.role.name})"
|
54
|
+
else
|
55
|
+
not_added << "#{permission.entity.name} (#{permission.role.name})"
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
unless added.empty?
|
60
|
+
flash[:notice] = "Added the following permission grants: #{added.to_sentence}"
|
61
|
+
end
|
62
|
+
unless not_added.empty?
|
63
|
+
flash[:error] = "Could not add the following permission grants: #{not_added.to_sentence}"
|
64
|
+
end
|
65
|
+
if added.empty? and not_added.empty?
|
66
|
+
flash[:error] = "No users or groups selected"
|
67
|
+
end
|
68
|
+
respond_to do |format|
|
69
|
+
format.html { redirect_to @return_path }
|
70
|
+
format.js { render :partial => 'index',
|
71
|
+
:permission_object_type => @permission_object.class.name,
|
72
|
+
:permission_object_id => @permission_object.id }
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def multi_update
|
77
|
+
set_permission_object
|
78
|
+
modified=[]
|
79
|
+
not_modified=[]
|
80
|
+
params[:permission_role_selected].each do |permission_role|
|
81
|
+
permission_id,role_id = permission_role.split(",")
|
82
|
+
unless role_id.nil?
|
83
|
+
permission = Permission.find(permission_id)
|
84
|
+
role = Role.find(role_id)
|
85
|
+
old_role = permission.role
|
86
|
+
unless permission.role == role
|
87
|
+
permission.role = role
|
88
|
+
if permission.save
|
89
|
+
modified << "%{permission.entity.name} (from %{old_role.name} to %{permission.role.name})"
|
90
|
+
else
|
91
|
+
not_modified << "%{permission.entity.name} (from %{old_role.name} to %{permission.role.name})"
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
unless modified.empty?
|
97
|
+
flash[:notice] = "Successfully modified the following permission records #{modified.to_sentence}"
|
98
|
+
end
|
99
|
+
unless not_modified.empty?
|
100
|
+
flash[:error] = "Could not add these permission records #{not_modified.to_sentence}"
|
101
|
+
end
|
102
|
+
if modified.empty? and not_modified.empty?
|
103
|
+
flash[:notice] = "All permission records already set; no changes needed"
|
104
|
+
end
|
105
|
+
respond_to do |format|
|
106
|
+
format.html { redirect_to @return_path }
|
107
|
+
format.js { render :partial => 'index',
|
108
|
+
:permission_object_type => @permission_object.class.name,
|
109
|
+
:permission_object_id => @permission_object.id }
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
def multi_destroy
|
114
|
+
set_permission_object
|
115
|
+
deleted=[]
|
116
|
+
not_deleted=[]
|
117
|
+
|
118
|
+
Permission.find(params[:permission_selected]).each do |p|
|
119
|
+
if check_privilege(Privilege::PERM_SET, p.permission_object) && p.destroy
|
120
|
+
deleted << "#{p.entity.name} #{p.role.name}"
|
121
|
+
else
|
122
|
+
not_deleted << "#{p.entity.name} #{p.role.name}"
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
126
|
+
unless deleted.empty?
|
127
|
+
flash[:notice] = "Deleted the following Permission Grants: #{deleted.to_sentence}"
|
128
|
+
end
|
129
|
+
unless not_deleted.empty?
|
130
|
+
flash[:error] = "Could not delete these Permission Grants: #{not_deleted.to_sentence}"
|
131
|
+
end
|
132
|
+
respond_to do |format|
|
133
|
+
format.html { redirect_to @return_path }
|
134
|
+
format.js { render :partial => 'index',
|
135
|
+
:permission_object_type => @permission_object.class.name,
|
136
|
+
:permission_object_id => @permission_object.id }
|
137
|
+
format.json { render :json => @permission, :status => :created }
|
138
|
+
end
|
139
|
+
|
140
|
+
end
|
141
|
+
|
142
|
+
# DELETE /permissions/1
|
143
|
+
# DELETE /permissions/1.json
|
144
|
+
def destroy
|
145
|
+
if request.delete?
|
146
|
+
p = Permission.find(params[:id])
|
147
|
+
ptype, pid = [p.permission_object_type, p.permission_object_id]
|
148
|
+
require_privilege(Privilege::PERM_SET, p.permission_object)
|
149
|
+
p.destroy
|
150
|
+
end
|
151
|
+
redirect_to :action => "index",
|
152
|
+
:permission_object_type => ptype,
|
153
|
+
:permission_object_id => pid
|
154
|
+
end
|
155
|
+
|
156
|
+
def load_entities
|
157
|
+
@entities = Entity.order("name")
|
158
|
+
end
|
159
|
+
|
160
|
+
def load_headers
|
161
|
+
@header = [{ :name => '', :sortable => false },
|
162
|
+
{ :name => "Name"},
|
163
|
+
{ :name => "Role", :sortable => false }]
|
164
|
+
end
|
165
|
+
|
166
|
+
# this allows any controller actions needed in the application
|
167
|
+
# to set up additional elements for global permissions UI view
|
168
|
+
def global_permission_ui_hook
|
169
|
+
end
|
170
|
+
def set_permission_object (required_role=Privilege::PERM_SET)
|
171
|
+
obj_type = params[:permission_object_type]
|
172
|
+
id = params[:permission_object_id]
|
173
|
+
@return_path = params[:return_path]
|
174
|
+
@path_prefix = params[:path_prefix]
|
175
|
+
@polymorphic_path_extras = params[:polymorphic_path_extras]
|
176
|
+
@use_tabs = params[:use_tabs]
|
177
|
+
unless obj_type or id
|
178
|
+
@permission_object = BasePermissionObject.general_permission_scope
|
179
|
+
end
|
180
|
+
if obj_type && id
|
181
|
+
if klass = ActiveRecord::Base.send(:subclasses).
|
182
|
+
find{|c| c.name == obj_type}
|
183
|
+
@permission_object = klass.find(id)
|
184
|
+
else
|
185
|
+
raise RuntimeError, "invalid permission object type #{obj_type}"
|
186
|
+
end
|
187
|
+
end
|
188
|
+
raise RuntimeError, "invalid permission object" if @permission_object.nil?
|
189
|
+
unless @return_path
|
190
|
+
if @permission_object == BasePermissionObject.general_permission_scope
|
191
|
+
@return_path = permissions_path(:return_from_permission_change => true)
|
192
|
+
global_permission_ui_hook
|
193
|
+
else
|
194
|
+
@return_path = main_app.send("#{@path_prefix}polymorphic_path",
|
195
|
+
@permission_object.respond_to?(
|
196
|
+
:to_polymorphic_path_param) ?
|
197
|
+
@permission_object.to_polymorphic_path_param(
|
198
|
+
@polymorphic_path_extras) :
|
199
|
+
@permission_object,
|
200
|
+
@use_tabs == "yes" ? {:details_tab => :permissions,
|
201
|
+
:only_tab => true,
|
202
|
+
:return_from_permission_change => true} :
|
203
|
+
{:return_from_permission_change => true})
|
204
|
+
end
|
205
|
+
end
|
206
|
+
require_privilege(required_role, @permission_object)
|
207
|
+
set_permissions_header
|
208
|
+
end
|
209
|
+
|
210
|
+
end
|
211
|
+
end
|