annotation_security 1.0.1 → 1.0.2

data/lib/annotation_security/utils.rb

@@ -1,142 +1,142 @@
-#
-# = lib/annotation_security/utils.rb
-#
-# Provides some methods that are needed at several locations in the plug-in.
-#
-
-class AnnotationSecurity::Utils # :nodoc:
-
-  PREFIXES = /\A(may|is|can|has)_/
-  SUFFIXES = /(_(for|in|of|to)|\?)\Z/
-
-  # Removes pre- and suffixes from +method+,
-  # returns +nil+ if no change was made.
-  #
-  def self.method_body(method)
-    body = method.to_s.gsub(PREFIXES,'').gsub(SUFFIXES,'')
-    method.to_s == body ? nil : body
-  end
-
-  # Parses a description string
-  # * +description+ description of a controller action
-  # * +allow_binding+ if false, an exception is raised if the description
-  #                   contains a variable
-  # Returns right, resource and binding
-  #
-  def self.parse_description(description,allow_binding=false)
-    ActionAnnotation::Utils.parse_description(description,allow_binding)
-  end
-
-  # Parses arguments provided to #apply_policy or #allowed? and returns
-  # [ [:action, :resource_type, resource || nil], ... ]
-  #
-  # See SecurityContext#allowed? for details.
-  #
-  # Each element of the result can be send to a policy using
-  #  policy_of_res_type.allowed?(rule, resource)
-  # or
-  #   policy_of_res_type.static_policy.allowed?(rule, nil)
-  #
-  # Raises ArgumentError if args could not be parsed.
-  #
-  def self.parse_policy_arguments(args)
-    if args.first.is_a? String
-      hash = AnnotationSecurity::Utils.parse_description(args.first)
-    elsif args.first.is_a? Hash
-      hash = args.first
-    end
-    if hash
-      action = hash.delete(:action) || hash.delete('action')
-      resource = hash.delete(:resource) || hash.delete('resource')
-      unless resource.__is_resource?
-        resource_type = resource
-        resource = nil
-      end
-      resource_type ||= hash.delete(:resource_type) 
-      resource_type ||= resource ? resource.resource_type : nil
-      a = [action, resource_type]
-      a << resource if resource
-      args = a + args[1..-1]
-    end
-
-    args << :all_resources unless args.size > 1
-
-    action, resource = args
-
-    if resource.__is_resource?
-      args = [action, resource.resource_type] + args[1..-1]
-    end
-#      if args.size > 2 && args.third == nil
-#        raise ArgumentError, "Did not expect nil as resource"
-#      end
-    args
-  end
-
-  # returns resource type and resource object without action
-  # expects [resource object], [resource type], or both
-  def self.parse_resource_arguments(args)
-    parse_policy_arguments([:r]+args)[1..2]
-  end
-
-  # Returns controller, action, objects and parameters
-  def self.parse_action_args(args)
-    controller = parse_controller(args.first)
-    action = args.second.to_sym
-
-    objects = args.third || []
-    objects = [objects] unless objects.is_a? Array
-    prepare_objects_resources(controller, objects)
-
-    params = args.fourth || {}
-    prepare_params_resources(controller, params)
-
-    objects += params.values
-
-    objects = objects.select { |o| o and o.__is_resource? }
-    return [controller, action, objects, params]
-  end
-
-  # Try to find the controller class from a name.
-  # Looks for [name](s)Controller.
-  #
-  #  parse_controller :welcome #=> WelcomeController
-  #  parse_controller :user # => UsersController
-  #
-  def self.parse_controller(controller) # :nodoc:
-    begin
-      "#{controller.to_s.camelize}Controller".constantize
-    rescue NameError
-      "#{controller.to_s.pluralize.camelize}Controller".constantize
-    end
-  rescue NameError
-    raise NameError, "Controller '#{controller}' was not found"
-  end
-
-  # if there are non-resources in objects, use the values to get resources
-  # from the controllers default resource type
-  #
-  def self.prepare_objects_resources(controller, objects)
-    res_type = controller.default_resource
-    objects.collect! do |o|
-      if o.__is_resource?
-        o
-      else
-        AnnotationSecurity::ResourceManager.get_resource(res_type, o)
-      end
-    end
-  end
-
-  # if there are non-resources in objects, use the values to get resources
-  # assuming the keys are the resource types (:id is defalut resource)
-  #
-  def self.prepare_params_resources(controller, params)
-    params.each do |k, v|
-      unless v.__is_resource?
-        res_type = k == :id ? controller.default_resource : k
-        v = AnnotationSecurity::ResourceManager.get_resource(res_type, v)
-        params[k] = v
-      end
-    end
-  end
-
+#
+# = lib/annotation_security/utils.rb
+#
+# Provides some methods that are needed at several locations in the plug-in.
+#
+
+class AnnotationSecurity::Utils # :nodoc:
+
+  PREFIXES = /\A(may|is|can|has)_/
+  SUFFIXES = /(_(for|in|of|to)|\?)\Z/
+
+  # Removes pre- and suffixes from +method+,
+  # returns +nil+ if no change was made.
+  #
+  def self.method_body(method)
+    body = method.to_s.gsub(PREFIXES,'').gsub(SUFFIXES,'')
+    method.to_s == body ? nil : body
+  end
+
+  # Parses a description string
+  # * +description+ description of a controller action
+  # * +allow_binding+ if false, an exception is raised if the description
+  #                   contains a variable
+  # Returns right, resource and binding
+  #
+  def self.parse_description(description,allow_binding=false)
+    ActionAnnotation::Utils.parse_description(description,allow_binding)
+  end
+
+  # Parses arguments provided to #apply_policy or #allowed? and returns
+  # [ [:action, :resource_type, resource || nil], ... ]
+  #
+  # See SecurityContext#allowed? for details.
+  #
+  # Each element of the result can be send to a policy using
+  #  policy_of_res_type.allowed?(rule, resource)
+  # or
+  #   policy_of_res_type.static_policy.allowed?(rule, nil)
+  #
+  # Raises ArgumentError if args could not be parsed.
+  #
+  def self.parse_policy_arguments(args)
+    if args.first.is_a? String
+      hash = AnnotationSecurity::Utils.parse_description(args.first)
+    elsif args.first.is_a? Hash
+      hash = args.first
+    end
+    if hash
+      action = hash.delete(:action) || hash.delete('action')
+      resource = hash.delete(:resource) || hash.delete('resource')
+      unless resource.__is_resource?
+        resource_type = resource
+        resource = nil
+      end
+      resource_type ||= hash.delete(:resource_type) 
+      resource_type ||= resource ? resource.resource_type : nil
+      a = [action, resource_type]
+      a << resource if resource
+      args = a + args[1..-1]
+    end
+
+    args << :all_resources unless args.size > 1
+
+    action, resource = args
+
+    if resource.__is_resource?
+      args = [action, resource.resource_type] + args[1..-1]
+    end
+#      if args.size > 2 && args.third == nil
+#        raise ArgumentError, "Did not expect nil as resource"
+#      end
+    args
+  end
+
+  # returns resource type and resource object without action
+  # expects [resource object], [resource type], or both
+  def self.parse_resource_arguments(args)
+    parse_policy_arguments([:r]+args)[1..2]
+  end
+
+  # Returns controller, action, objects and parameters
+  def self.parse_action_args(args)
+    controller = parse_controller(args.first)
+    action = args.second.to_sym
+
+    objects = args.third || []
+    objects = [objects] unless objects.is_a? Array
+    prepare_objects_resources(controller, objects)
+
+    params = args.fourth || {}
+    prepare_params_resources(controller, params)
+
+    objects += params.values
+
+    objects = objects.select { |o| o and o.__is_resource? }
+    return [controller, action, objects, params]
+  end
+
+  # Try to find the controller class from a name.
+  # Looks for [name](s)Controller.
+  #
+  #  parse_controller :welcome #=> WelcomeController
+  #  parse_controller :user # => UsersController
+  #
+  def self.parse_controller(controller) # :nodoc:
+    begin
+      "#{controller.to_s.camelize}Controller".constantize
+    rescue NameError
+      "#{controller.to_s.pluralize.camelize}Controller".constantize
+    end
+  rescue NameError
+    raise NameError, "Controller '#{controller}' was not found"
+  end
+
+  # if there are non-resources in objects, use the values to get resources
+  # from the controllers default resource type
+  #
+  def self.prepare_objects_resources(controller, objects)
+    res_type = controller.default_resource
+    objects.collect! do |o|
+      if o.__is_resource?
+        o
+      else
+        AnnotationSecurity::ResourceManager.get_resource(res_type, o)
+      end
+    end
+  end
+
+  # if there are non-resources in objects, use the values to get resources
+  # assuming the keys are the resource types (:id is defalut resource)
+  #
+  def self.prepare_params_resources(controller, params)
+    params.each do |k, v|
+      unless v.__is_resource?
+        res_type = k == :id ? controller.default_resource : k
+        v = AnnotationSecurity::ResourceManager.get_resource(res_type, v)
+        params[k] = v
+      end
+    end
+  end
+
 end

data/lib/annotation_security/version.rb

@@ -0,0 +1,10 @@
+#
+# = lib/annotation_security/version.rb
+#
+# Defines the version of this lib
+#
+
+module AnnotationSecurity 
+
+  Version = '1.0.2'
+end

data/lib/annotation_security.rb

@@ -1,98 +1,103 @@
-#
-# = lib/annotation_security.rb
-#
-# This modul provides the AnnotationSecurity security layer. 
-#
-
-# = AnnotationSecurity
-module AnnotationSecurity; end
-
-# Load annotation security files
-dir = File.dirname(__FILE__)
-require dir + '/annotation_security/manager/policy_manager'
-require dir + '/annotation_security/manager/policy_factory'
-require dir + '/annotation_security/manager/relation_loader'
-require dir + '/annotation_security/manager/right_loader'
-require dir + '/annotation_security/manager/resource_manager'
-require dir + '/annotation_security/policy/abstract_policy'
-require dir + '/annotation_security/policy/abstract_static_policy'
-require dir + '/annotation_security/policy/rule_set'
-require dir + '/annotation_security/policy/rule'
-require dir + '/annotation_security/includes/resource'
-require dir + '/annotation_security/includes/action_controller'
-require dir + '/annotation_security/includes/active_record'
-require dir + '/annotation_security/includes/role'
-require dir + '/annotation_security/includes/user'
-require dir + '/annotation_security/includes/helper'
-require dir + '/annotation_security/exceptions'
-require dir + '/annotation_security/filters'
-require dir + '/annotation_security/model_observer'
-require dir + '/annotation_security/user_wrapper'
-require dir + '/annotation_security/utils'
-
-require dir + '/security_context'
-
-module AnnotationSecurity
-
-  # Load the file specified by +fname+.
-  # The file will be reloaded automatically if reset is called.
-  #
-  # See AnnotationSecurity::RightLoader for details.
-  #
-  def self.load_rights(fname, ext = 'yml')
-    # The file is expected to be a yaml file.
-    # However, it is also possible to use a ruby file that uses
-    # AnnotationSecurity.define_rights. In this case, ext should be 'rb'.
-    PolicyManager.add_file(fname, ext)
-  end
-
-  # Load the file specified by +fname+.
-  # The file will be reloaded automatically if reset is called.
-  #
-  # See AnnotationSecurity::RelationLoader for details.
-  #
-  def self.load_relations(fname)
-    PolicyManager.add_file(fname, 'rb')
-  end
-
-  # Defines relations specified in +block+.
-  #
-  # See AnnotationSecurity::RelationLoader for details
-  #
-  def self.define_relations(*resources,&block)
-    RelationLoader.define_relations(*resources,&block)
-  end
-
-  # Defines rights specified in +hash+.
-  #
-  # See AnnotationSecurity::RightLoader for details
-  #
-  def self.define_rights(hash)
-    RightLoader.define_rights(hash)
-  end
-
-  # Reloads all files that were loaded with load_rights or load_relations.
-  #
-  # In development mode, reset is being executed before each request.
-  #
-  def self.reset
-    PolicyManager.reset
-  end
-
-  # Initializes AnnotationSecurity for a Rails application and loads
-  # Rails specific parts of the library.
-  #
-  # This method is called by `init.rb`,
-  # which is run by Rails on startup.
-  #
-  # * +binding+ [Binding] The context of the `init.rb` file.
-  def self.init_rails(binding)
-    puts "Initializing AnnotationSecurity security layer"
-
-    %w{annotation_security/rails extensions/object extensions/action_controller
-       extensions/active_record extensions/filter }.each { |f| require f }
-    
-    config = eval("config", binding)
-    AnnotationSecurity::Rails.init!(config)
-  end
+#
+# = lib/annotation_security.rb
+#
+# This modul provides the AnnotationSecurity security layer. 
+#
+
+# = AnnotationSecurity
+module AnnotationSecurity; end
+
+# Load annotation security files
+dir = File.dirname(__FILE__)
+require dir + '/annotation_security/manager/policy_manager'
+require dir + '/annotation_security/manager/policy_factory'
+require dir + '/annotation_security/manager/relation_loader'
+require dir + '/annotation_security/manager/right_loader'
+require dir + '/annotation_security/manager/resource_manager'
+require dir + '/annotation_security/policy/abstract_policy'
+require dir + '/annotation_security/policy/abstract_static_policy'
+require dir + '/annotation_security/policy/rule_set'
+require dir + '/annotation_security/policy/rule'
+require dir + '/annotation_security/includes/resource'
+require dir + '/annotation_security/includes/action_controller'
+require dir + '/annotation_security/includes/active_record'
+require dir + '/annotation_security/includes/role'
+require dir + '/annotation_security/includes/user'
+require dir + '/annotation_security/includes/helper'
+require dir + '/annotation_security/exceptions'
+require dir + '/annotation_security/filters'
+require dir + '/annotation_security/model_observer'
+require dir + '/annotation_security/user_wrapper'
+require dir + '/annotation_security/utils'
+require dir + '/annotation_security/version'
+
+require dir + '/security_context'
+
+module AnnotationSecurity
+  
+  # Load the file specified by +fname+.
+  # The file will be reloaded automatically if reset is called.
+  #
+  # See AnnotationSecurity::RightLoader for details.
+  #
+  def self.load_rights(fname, ext = 'yml')
+    # The file is expected to be a yaml file.
+    # However, it is also possible to use a ruby file that uses
+    # AnnotationSecurity.define_rights. In this case, ext should be 'rb'.
+    PolicyManager.add_file(fname, ext)
+  end
+
+  # Load the file specified by +fname+.
+  # The file will be reloaded automatically if reset is called.
+  #
+  # See AnnotationSecurity::RelationLoader for details.
+  #
+  def self.load_relations(fname)
+    PolicyManager.add_file(fname, 'rb')
+  end
+
+  # Defines relations specified in +block+.
+  #
+  # See AnnotationSecurity::RelationLoader for details
+  #
+  def self.define_relations(*resources,&block)
+    RelationLoader.define_relations(*resources,&block)
+  end
+
+  # Defines rights specified in +hash+.
+  #
+  # See AnnotationSecurity::RightLoader for details
+  #
+  def self.define_rights(hash)
+    RightLoader.define_rights(hash)
+  end
+
+  # Reloads all files that were loaded with load_rights or load_relations.
+  #
+  # In development mode, reset is being executed before each request.
+  #
+  def self.reset
+    PolicyManager.reset
+  end
+
+  # Initializes AnnotationSecurity for a Rails application and loads
+  # Rails specific parts of the library.
+  #
+  # This method is called by `init.rb`,
+  # which is run by Rails on startup.
+  #
+  # * +config+ [Rails::Configuration] the rails configuration.
+  def self.init_rails(config)
+    puts "Initializing AnnotationSecurity (#{AnnotationSecurity::Version}) security layer"
+
+    # must load the extension files after we know rails is loaded
+    # :o)
+    
+    dir = File.dirname(__FILE__)
+    
+    %w{annotation_security/rails extensions/object extensions/action_controller
+       extensions/active_record extensions/filter }.each { |f| require "#{dir}/#{f}" }
+    
+    AnnotationSecurity::Rails.init!(config)
+  end
 end

data/lib/extensions/action_controller.rb

@@ -1,33 +1,33 @@
-#
-# = lib/extensions/action_controller.rb
-#
-
-module ActionController # :nodoc:
-  
-  # Extends ActionController::Base for security.
-  #
-  class Base # :nodoc:
-
-    # Include required security functionality
-    include AnnotationSecurity::ActionController
-
-    alias render_without_security render
-
-    # Before rendering, evaluates the bounded rules of the current action.
-    #
-    def render(*args, &block)
-      SecurityContext.apply_rules_after_action
-      render_without_security(*args, &block)
-    end
-
-    alias redirect_to_without_security redirect_to
-
-    # Before redirecting, evaluates the bounded rules of the current action.
-    #
-    def redirect_to(*args, &block)
-      SecurityContext.apply_rules_after_action
-      redirect_to_without_security(*args, &block)
-    end
-  end
-
+#
+# = lib/extensions/action_controller.rb
+#
+
+module ActionController # :nodoc:
+  
+  # Extends ActionController::Base for security.
+  #
+  class Base # :nodoc:
+
+    # Include required security functionality
+    include AnnotationSecurity::ActionController
+
+    alias render_without_security render
+
+    # Before rendering, evaluates the bounded rules of the current action.
+    #
+    def render(*args, &block)
+      SecurityContext.apply_rules_after_action
+      render_without_security(*args, &block)
+    end
+
+    alias redirect_to_without_security redirect_to
+
+    # Before redirecting, evaluates the bounded rules of the current action.
+    #
+    def redirect_to(*args, &block)
+      SecurityContext.apply_rules_after_action
+      redirect_to_without_security(*args, &block)
+    end
+  end
+
 end

data/lib/extensions/active_record.rb

@@ -1,35 +1,35 @@
-#
-# = lib/extensions/active_record.rb
-#
-
-module ActiveRecord # :nodoc: 
-
-  # Extends ActiveRecord::Base so that model classes 
-  # can be tagged as resources.
-  #
-  # To associate a model class with a resource type, use #resource in the class
-  # definition.
-  #
-  #  class MyResource < ActiveRecord::Base
-  #    resource :my_resource
-  #
-  #    # ...
-  #  end
-  #
-  # If you don't pass an argument to #resource, the resource name will be
-  # the underscored class name.
-  #
-  # See AnnotationSecurity::Resource if you want to use non-model classes as resources.
-  #
-  class Base
-
-    # Declares a model class to be a resource.
-    # * +resource_type+ (optional) Symbol of the resource type (like :course)
-    def self.resource(resource_type = nil)
-      include ::AnnotationSecurity::ActiveRecord
-      self.resource_type = resource_type if resource_type
-      self.resource_type
-    end
-  end
-
+#
+# = lib/extensions/active_record.rb
+#
+
+module ActiveRecord # :nodoc: 
+
+  # Extends ActiveRecord::Base so that model classes 
+  # can be tagged as resources.
+  #
+  # To associate a model class with a resource type, use #resource in the class
+  # definition.
+  #
+  #  class MyResource < ActiveRecord::Base
+  #    resource :my_resource
+  #
+  #    # ...
+  #  end
+  #
+  # If you don't pass an argument to #resource, the resource name will be
+  # the underscored class name.
+  #
+  # See AnnotationSecurity::Resource if you want to use non-model classes as resources.
+  #
+  class Base
+
+    # Declares a model class to be a resource.
+    # * +resource_type+ (optional) Symbol of the resource type (like :course)
+    def self.resource(resource_type = nil)
+      include ::AnnotationSecurity::ActiveRecord
+      self.resource_type = resource_type if resource_type
+      self.resource_type
+    end
+  end
+
 end