annotation_security 1.0.1 → 1.0.2

data/lib/annotation_security/policy/rule_set.rb

@@ -1,139 +1,139 @@
-#
-# = lib/annotation_security/policy/rule_set.rb
-#
-
-# = AnnotationSecurity::RuleSet
-# Contains all rule objects for a policy
-#
-class AnnotationSecurity::RuleSet # :nodoc:
-
-  # Initializes the rule set
-  # * +pclass+ Policy class this rule set belongs to
-  #
-  def initialize(pclass)
-    super()
-    @pclass = pclass
-    @rights = {}
-    @static = {}
-    @dynamic = {}
-  end
-
-  def to_s
-    "<RuleSet of #@pclass>"
-  end
-
-  # Returns a rule object or nil if the rule does not exist.
-  # * +symbol+ name of the rule
-  # * +static+ boolean specifing whether the rule is static or dynamic
-  def get_rule(symbol,static)
-    static ? get_static_rule(symbol) : get_dynamic_rule(symbol)
-  end
-
-  # Returns a dynamic rule or nil if the rule does not exist.
-  # * +symbol+ name of the rule
-  def get_dynamic_rule(symbol)
-    # If no rule is available, maybe there is a right that can be used
-    @dynamic[symbol] ||= get_dynamic_right(symbol)
-  end
-
-  # Returns a static rule or nil if the rule does not exist.
-  # * +symbol+ name of the rule
-  def get_static_rule(symbol)
-    # If no rule is available, maybe there is a right that can be used
-    @static[symbol] ||= get_static_right(symbol)
-  end
-
-  # Copies a rule from another rule set.
-  # Returns the newly created rule or nil if the operation had no effect.
-  # * +symbol+ name of the rule
-  # * +source+ rule set to copy from
-  # * +static+ boolean specifing whether the rule is static or dynamic
-  def copy_rule_from(symbol,source,static)
-    add_copy(source.get_rule(symbol,static))
-  end
-
-  # Creates a dynamic rule that redirects to a static rule with the same name.
-  # Returns the newly created rule or nil if the operation had no effect.
-  # * +symbol+ name of the rule
-  def create_dynamic_copy(symbol)
-    rule = get_static_rule(symbol)
-    if rule
-      add_rule(symbol,
-          "static_policy.#{symbol}(*args)",
-          :resource,
-          :require_credential => rule.requires_credential?)
-    end
-  end
-
-  # Adds a new rule to this rule set. The rule will be classified either
-  # as dynamic, static, both or right.
-  # Returns the newly create rule.
-  # For an explainition of the parameters see AnnotationSecurity::Rule#initialize.
-  def add_rule(symbol,*args,&block)
-    __add__ AnnotationSecurity::Rule.new(symbol,@pclass,*args,&block)
-  end
-
-  private
-
-  # Copies a rule object to this rule set.
-  # Returns the newly created rule or nil.
-  # * +rule+ rule object to copy or nil.
-  def add_copy(rule)
-    __add__(rule.copy(@pclass)) if rule
-  end
-
-  # Adds a new rule to this rule set. The rule will be classified either
-  # as dynamic, static, both or right.
-  # * +rule+ rule object
-  def __add__(rule)
-    if rule.right?
-      # if the rule is a right, its not clear yet whether
-      # it is static or dynamic. These rules will be analyzed later.
-      raise_if_forbidden_name 'right', rule
-      raise_if_exists 'right', @rights[rule.name]
-      @rights[rule.name] = rule
-    else
-      raise_if_forbidden_name 'relation', rule
-      if rule.dynamic?
-        raise_if_exists 'dynamic relation', @dynamic[rule.name]
-        @dynamic[rule.name] = rule
-      end
-      if rule.static?
-        raise_if_exists 'static relation', @static[rule.name]
-        @static[rule.name] = rule
-      end
-    end
-    rule
-  end
-
-  # Raises an error if +rule+ is not nil.
-  # * +type+ type of rule, like 'right' or 'dynamic relation'
-  # * +rule+ existing rule object or nil
-  def raise_if_exists(type,rule)
-    raise AnnotationSecurity::RuleError.defined_twice(type,rule) if rule
-  end
-
-  # Raises an error if +rule+ has a forbidden name.
-  # * +type+ type of rule, like 'right' or 'relation'
-  # * +rule+ rule object
-  def raise_if_forbidden_name(type,rule)
-    if AnnotationSecurity::AbstractPolicy.forbidden_rule_names.include? rule.name.to_s
-      raise AnnotationSecurity::RuleError.forbidden_name(type,rule)
-    end
-  end
-
-  # Returns a dynamic rule that was defined as right
-  # * +symbol+ name of the rule
-  def get_dynamic_right(symbol)
-    r = @rights[symbol]
-    r and r.dynamic? ? r : nil
-  end
-
-  # Returns a static rule that was defined as right
-  # * +symbol+ name of the rule
-  def get_static_right(symbol)
-    r = @rights[symbol]
-    r and r.static? ? r : nil
-  end
-
+#
+# = lib/annotation_security/policy/rule_set.rb
+#
+
+# = AnnotationSecurity::RuleSet
+# Contains all rule objects for a policy
+#
+class AnnotationSecurity::RuleSet # :nodoc:
+
+  # Initializes the rule set
+  # * +pclass+ Policy class this rule set belongs to
+  #
+  def initialize(pclass)
+    super()
+    @pclass = pclass
+    @rights = {}
+    @static = {}
+    @dynamic = {}
+  end
+
+  def to_s
+    "<RuleSet of #@pclass>"
+  end
+
+  # Returns a rule object or nil if the rule does not exist.
+  # * +symbol+ name of the rule
+  # * +static+ boolean specifing whether the rule is static or dynamic
+  def get_rule(symbol,static)
+    static ? get_static_rule(symbol) : get_dynamic_rule(symbol)
+  end
+
+  # Returns a dynamic rule or nil if the rule does not exist.
+  # * +symbol+ name of the rule
+  def get_dynamic_rule(symbol)
+    # If no rule is available, maybe there is a right that can be used
+    @dynamic[symbol] ||= get_dynamic_right(symbol)
+  end
+
+  # Returns a static rule or nil if the rule does not exist.
+  # * +symbol+ name of the rule
+  def get_static_rule(symbol)
+    # If no rule is available, maybe there is a right that can be used
+    @static[symbol] ||= get_static_right(symbol)
+  end
+
+  # Copies a rule from another rule set.
+  # Returns the newly created rule or nil if the operation had no effect.
+  # * +symbol+ name of the rule
+  # * +source+ rule set to copy from
+  # * +static+ boolean specifing whether the rule is static or dynamic
+  def copy_rule_from(symbol,source,static)
+    add_copy(source.get_rule(symbol,static))
+  end
+
+  # Creates a dynamic rule that redirects to a static rule with the same name.
+  # Returns the newly created rule or nil if the operation had no effect.
+  # * +symbol+ name of the rule
+  def create_dynamic_copy(symbol)
+    rule = get_static_rule(symbol)
+    if rule
+      add_rule(symbol,
+          "static_policy.#{symbol}(*args)",
+          :resource,
+          :require_credential => rule.requires_credential?)
+    end
+  end
+
+  # Adds a new rule to this rule set. The rule will be classified either
+  # as dynamic, static, both or right.
+  # Returns the newly create rule.
+  # For an explainition of the parameters see AnnotationSecurity::Rule#initialize.
+  def add_rule(symbol,*args,&block)
+    __add__ AnnotationSecurity::Rule.new(symbol,@pclass,*args,&block)
+  end
+
+  private
+
+  # Copies a rule object to this rule set.
+  # Returns the newly created rule or nil.
+  # * +rule+ rule object to copy or nil.
+  def add_copy(rule)
+    __add__(rule.copy(@pclass)) if rule
+  end
+
+  # Adds a new rule to this rule set. The rule will be classified either
+  # as dynamic, static, both or right.
+  # * +rule+ rule object
+  def __add__(rule)
+    if rule.right?
+      # if the rule is a right, its not clear yet whether
+      # it is static or dynamic. These rules will be analyzed later.
+      raise_if_forbidden_name 'right', rule
+      raise_if_exists 'right', @rights[rule.name]
+      @rights[rule.name] = rule
+    else
+      raise_if_forbidden_name 'relation', rule
+      if rule.dynamic?
+        raise_if_exists 'dynamic relation', @dynamic[rule.name]
+        @dynamic[rule.name] = rule
+      end
+      if rule.static?
+        raise_if_exists 'static relation', @static[rule.name]
+        @static[rule.name] = rule
+      end
+    end
+    rule
+  end
+
+  # Raises an error if +rule+ is not nil.
+  # * +type+ type of rule, like 'right' or 'dynamic relation'
+  # * +rule+ existing rule object or nil
+  def raise_if_exists(type,rule)
+    raise AnnotationSecurity::RuleError.defined_twice(type,rule) if rule
+  end
+
+  # Raises an error if +rule+ has a forbidden name.
+  # * +type+ type of rule, like 'right' or 'relation'
+  # * +rule+ rule object
+  def raise_if_forbidden_name(type,rule)
+    if AnnotationSecurity::AbstractPolicy.forbidden_rule_names.include? rule.name.to_s
+      raise AnnotationSecurity::RuleError.forbidden_name(type,rule)
+    end
+  end
+
+  # Returns a dynamic rule that was defined as right
+  # * +symbol+ name of the rule
+  def get_dynamic_right(symbol)
+    r = @rights[symbol]
+    r and r.dynamic? ? r : nil
+  end
+
+  # Returns a static rule that was defined as right
+  # * +symbol+ name of the rule
+  def get_static_right(symbol)
+    r = @rights[symbol]
+    r and r.static? ? r : nil
+  end
+
 end

data/lib/annotation_security/rails.rb

@@ -1,39 +1,39 @@
-#
-# = annotation_security/rails/init.rb
-#
-# Loads the annotation security layer for a rails app
-
-require "action_controller/dispatcher"
-require "action_controller/base"
-
-module AnnotationSecurity
-
-  # Contains rails specific initializer
-  class Rails
-    def self.init!(config)
-      
-      # Policy files are situated under RAILS_ROOT/config/security
-      # Default policy file is internal, load it
-      ::AnnotationSecurity.load_relations(File.dirname(__FILE__) + '/policy/all_resources_policy')
-
-      # Add AnnotationSecurity::ModelObserver to observe changes in models.
-      # See http://riotprojects.com/2009/1/18/active-record-observers-in-gems-plugins
-      #
-      config.after_initialize do
-        # Set up a dummy security context that does not interfer with script
-        ::SecurityContext.initialize nil
-
-        ::ActiveRecord::Base.observers << ::AnnotationSecurity::ModelObserver
-
-        # In development mode, the models we observe get reloaded with each request. Using
-        # this hook allows us to reload the observer relationships each time as well.
-        ::ActionController::Dispatcher.to_prepare(:cache_advance_reload) do
-          ::AnnotationSecurity.reset
-          ::AnnotationSecurity::ModelObserver.instance.reload_model_observer
-        end
-      end
-
-      puts "Security layer initialized"
-    end
-  end
+#
+# = annotation_security/rails/init.rb
+#
+# Loads the annotation security layer for a rails app
+
+require "action_controller/dispatcher"
+require "action_controller/base"
+
+module AnnotationSecurity
+
+  # Contains rails specific initializer
+  class Rails
+    def self.init!(config)
+      
+      # Policy files are situated under RAILS_ROOT/config/security
+      # Default policy file is internal, load it
+      ::AnnotationSecurity.load_relations(File.dirname(__FILE__) + '/policy/all_resources_policy')
+
+      # Add AnnotationSecurity::ModelObserver to observe changes in models.
+      # See http://riotprojects.com/2009/1/18/active-record-observers-in-gems-plugins
+      #
+      config.after_initialize do
+        # Set up a dummy security context that does not interfer with script
+        ::SecurityContext.initialize nil
+
+        ::ActiveRecord::Base.observers << ::AnnotationSecurity::ModelObserver
+
+        # In development mode, the models we observe get reloaded with each request. Using
+        # this hook allows us to reload the observer relationships each time as well.
+        ::ActionController::Dispatcher.to_prepare(:cache_advance_reload) do
+          ::AnnotationSecurity.reset
+          ::AnnotationSecurity::ModelObserver.instance.reload_model_observer
+        end
+      end
+
+      puts "Security layer initialized"
+    end
+  end
 end

data/lib/annotation_security/user_wrapper.rb

@@ -1,74 +1,74 @@
-#
-# = lib/annotation_security/user_wrapper.rb
-#
-
-# = AnnotationSecurity::UserWrapper
-#
-# This class is not in use!
-#
-# Needed for evaluating relations, especially if the :as-option is used.
-# 
-# Merges a user and a role. If a role is given,
-#
-class AnnotationSecurity::UserWrapper # :nodoc:
-
-  # Return user wrappers for the requested role. The role(s) will be
-  # determined with sending user.as_'role'.
-  # (Normally a user has a role only once, however it will work when he
-  # has many roles of the same kind as well)
-  def self.all_for_role(user,role_name)
-    return [] if user.nil?
-    user = user.__user__ if user.is_a? AnnotationSecurity::UserWrapper
-    return [new(user)] if role_name.nil?
-    roles = user.__send__("as_#{role_name}")
-    return [] if roles.blank?
-    roles = [roles] unless roles.is_a?(Array)
-    roles.compact.collect { |role| new(user,role) }
-  end
-
-  def initialize(user,role=nil)
-    @user = user
-    @role = role
-  end
-
-  def id
-    @role? @role.id : @user.id
-  end
-
-  def __user__
-    @user
-  end
-
-  def __role__
-    @role
-  end
-
-  def ==(obj)
-    @user == obj or (!@role.nil? and @role == obj)
-  end
-
-  # Try to send to role, user and policy of args[0]
-  #
-  def method_missing(symbol,*args,&block)
-    if @role && (@role.respond_to? symbol)
-      @role.__send__(symbol,*args,&block)
-    elsif @user.respond_to? symbol
-      @user.__send__(symbol,*args,&block)
-    elsif args.first.respond_to? :policy_for
-      args.first.policy_for(@user).__send__(symbol,*args[1..-1])
-    else
-      # This will raise a NoMethodError
-      @user.__send__(symbol,*args,&block)
-    end
-  end
-
-  def is_a?(klass)
-    return true if super(klass)
-    if @role
-      @role.is_a?(klass)
-    else
-      @user.is_a?(klass)
-    end
-  end
-
+#
+# = lib/annotation_security/user_wrapper.rb
+#
+
+# = AnnotationSecurity::UserWrapper
+#
+# This class is not in use!
+#
+# Needed for evaluating relations, especially if the :as-option is used.
+# 
+# Merges a user and a role. If a role is given,
+#
+class AnnotationSecurity::UserWrapper # :nodoc:
+
+  # Return user wrappers for the requested role. The role(s) will be
+  # determined with sending user.as_'role'.
+  # (Normally a user has a role only once, however it will work when he
+  # has many roles of the same kind as well)
+  def self.all_for_role(user,role_name)
+    return [] if user.nil?
+    user = user.__user__ if user.is_a? AnnotationSecurity::UserWrapper
+    return [new(user)] if role_name.nil?
+    roles = user.__send__("as_#{role_name}")
+    return [] if roles.blank?
+    roles = [roles] unless roles.is_a?(Array)
+    roles.compact.collect { |role| new(user,role) }
+  end
+
+  def initialize(user,role=nil)
+    @user = user
+    @role = role
+  end
+
+  def id
+    @role? @role.id : @user.id
+  end
+
+  def __user__
+    @user
+  end
+
+  def __role__
+    @role
+  end
+
+  def ==(obj)
+    @user == obj or (!@role.nil? and @role == obj)
+  end
+
+  # Try to send to role, user and policy of args[0]
+  #
+  def method_missing(symbol,*args,&block)
+    if @role && (@role.respond_to? symbol)
+      @role.__send__(symbol,*args,&block)
+    elsif @user.respond_to? symbol
+      @user.__send__(symbol,*args,&block)
+    elsif args.first.respond_to? :policy_for
+      args.first.policy_for(@user).__send__(symbol,*args[1..-1])
+    else
+      # This will raise a NoMethodError
+      @user.__send__(symbol,*args,&block)
+    end
+  end
+
+  def is_a?(klass)
+    return true if super(klass)
+    if @role
+      @role.is_a?(klass)
+    else
+      @user.is_a?(klass)
+    end
+  end
+
 end