annotation_security 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +14 -0
- data/HOW-TO.md +275 -0
- data/{MIT-LICENSE → LICENSE} +1 -1
- data/README.md +39 -0
- data/Rakefile +62 -55
- data/assets/app/helpers/annotation_security_helper.rb +8 -8
- data/assets/config/initializers/annotation_security.rb +11 -11
- data/assets/config/security/relations.rb +20 -20
- data/assets/vendor/plugins/annotation_security/init.rb +13 -13
- data/bin/annotation_security +7 -7
- data/lib/annotation_security/exceptions.rb +124 -124
- data/lib/annotation_security/exec.rb +188 -188
- data/lib/annotation_security/filters.rb +37 -37
- data/lib/annotation_security/includes/action_controller.rb +144 -143
- data/lib/annotation_security/includes/active_record.rb +27 -27
- data/lib/annotation_security/includes/helper.rb +215 -215
- data/lib/annotation_security/includes/resource.rb +84 -84
- data/lib/annotation_security/includes/role.rb +30 -30
- data/lib/annotation_security/includes/user.rb +26 -26
- data/lib/annotation_security/manager/policy_factory.rb +29 -29
- data/lib/annotation_security/manager/policy_manager.rb +79 -79
- data/lib/annotation_security/manager/relation_loader.rb +272 -272
- data/lib/annotation_security/manager/resource_manager.rb +36 -36
- data/lib/annotation_security/manager/right_loader.rb +87 -87
- data/lib/annotation_security/model_observer.rb +61 -61
- data/lib/annotation_security/policy/abstract_policy.rb +344 -344
- data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
- data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
- data/lib/annotation_security/policy/rule.rb +340 -340
- data/lib/annotation_security/policy/rule_set.rb +138 -138
- data/lib/annotation_security/rails.rb +38 -38
- data/lib/annotation_security/user_wrapper.rb +73 -73
- data/lib/annotation_security/utils.rb +141 -141
- data/lib/annotation_security/version.rb +10 -0
- data/lib/annotation_security.rb +102 -97
- data/lib/extensions/action_controller.rb +32 -32
- data/lib/extensions/active_record.rb +34 -34
- data/lib/extensions/filter.rb +133 -133
- data/lib/extensions/object.rb +10 -10
- data/lib/security_context.rb +589 -551
- data/spec/annotation_security/exceptions_spec.rb +16 -16
- data/spec/annotation_security/includes/helper_spec.rb +82 -82
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
- data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
- data/spec/annotation_security/policy/rule_spec.rb +77 -77
- data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
- data/spec/annotation_security/security_context_spec.rb +78 -78
- data/spec/annotation_security/utils_spec.rb +73 -73
- data/spec/helper/test_controller.rb +65 -65
- data/spec/helper/test_helper.rb +5 -5
- data/spec/helper/test_relations.rb +6 -6
- data/spec/helper/test_resource.rb +38 -38
- data/spec/helper/test_role.rb +21 -21
- data/spec/helper/test_user.rb +31 -31
- data/spec/rails_stub.rb +37 -37
- metadata +94 -72
- data/CHANGELOG +0 -2
- data/HOW-TO +0 -261
- data/README +0 -39
@@ -1,142 +1,142 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security/utils.rb
|
3
|
-
#
|
4
|
-
# Provides some methods that are needed at several locations in the plug-in.
|
5
|
-
#
|
6
|
-
|
7
|
-
class AnnotationSecurity::Utils # :nodoc:
|
8
|
-
|
9
|
-
PREFIXES = /\A(may|is|can|has)_/
|
10
|
-
SUFFIXES = /(_(for|in|of|to)|\?)\Z/
|
11
|
-
|
12
|
-
# Removes pre- and suffixes from +method+,
|
13
|
-
# returns +nil+ if no change was made.
|
14
|
-
#
|
15
|
-
def self.method_body(method)
|
16
|
-
body = method.to_s.gsub(PREFIXES,'').gsub(SUFFIXES,'')
|
17
|
-
method.to_s == body ? nil : body
|
18
|
-
end
|
19
|
-
|
20
|
-
# Parses a description string
|
21
|
-
# * +description+ description of a controller action
|
22
|
-
# * +allow_binding+ if false, an exception is raised if the description
|
23
|
-
# contains a variable
|
24
|
-
# Returns right, resource and binding
|
25
|
-
#
|
26
|
-
def self.parse_description(description,allow_binding=false)
|
27
|
-
ActionAnnotation::Utils.parse_description(description,allow_binding)
|
28
|
-
end
|
29
|
-
|
30
|
-
# Parses arguments provided to #apply_policy or #allowed? and returns
|
31
|
-
# [ [:action, :resource_type, resource || nil], ... ]
|
32
|
-
#
|
33
|
-
# See SecurityContext#allowed? for details.
|
34
|
-
#
|
35
|
-
# Each element of the result can be send to a policy using
|
36
|
-
# policy_of_res_type.allowed?(rule, resource)
|
37
|
-
# or
|
38
|
-
# policy_of_res_type.static_policy.allowed?(rule, nil)
|
39
|
-
#
|
40
|
-
# Raises ArgumentError if args could not be parsed.
|
41
|
-
#
|
42
|
-
def self.parse_policy_arguments(args)
|
43
|
-
if args.first.is_a? String
|
44
|
-
hash = AnnotationSecurity::Utils.parse_description(args.first)
|
45
|
-
elsif args.first.is_a? Hash
|
46
|
-
hash = args.first
|
47
|
-
end
|
48
|
-
if hash
|
49
|
-
action = hash.delete(:action) || hash.delete('action')
|
50
|
-
resource = hash.delete(:resource) || hash.delete('resource')
|
51
|
-
unless resource.__is_resource?
|
52
|
-
resource_type = resource
|
53
|
-
resource = nil
|
54
|
-
end
|
55
|
-
resource_type ||= hash.delete(:resource_type)
|
56
|
-
resource_type ||= resource ? resource.resource_type : nil
|
57
|
-
a = [action, resource_type]
|
58
|
-
a << resource if resource
|
59
|
-
args = a + args[1..-1]
|
60
|
-
end
|
61
|
-
|
62
|
-
args << :all_resources unless args.size > 1
|
63
|
-
|
64
|
-
action, resource = args
|
65
|
-
|
66
|
-
if resource.__is_resource?
|
67
|
-
args = [action, resource.resource_type] + args[1..-1]
|
68
|
-
end
|
69
|
-
# if args.size > 2 && args.third == nil
|
70
|
-
# raise ArgumentError, "Did not expect nil as resource"
|
71
|
-
# end
|
72
|
-
args
|
73
|
-
end
|
74
|
-
|
75
|
-
# returns resource type and resource object without action
|
76
|
-
# expects [resource object], [resource type], or both
|
77
|
-
def self.parse_resource_arguments(args)
|
78
|
-
parse_policy_arguments([:r]+args)[1..2]
|
79
|
-
end
|
80
|
-
|
81
|
-
# Returns controller, action, objects and parameters
|
82
|
-
def self.parse_action_args(args)
|
83
|
-
controller = parse_controller(args.first)
|
84
|
-
action = args.second.to_sym
|
85
|
-
|
86
|
-
objects = args.third || []
|
87
|
-
objects = [objects] unless objects.is_a? Array
|
88
|
-
prepare_objects_resources(controller, objects)
|
89
|
-
|
90
|
-
params = args.fourth || {}
|
91
|
-
prepare_params_resources(controller, params)
|
92
|
-
|
93
|
-
objects += params.values
|
94
|
-
|
95
|
-
objects = objects.select { |o| o and o.__is_resource? }
|
96
|
-
return [controller, action, objects, params]
|
97
|
-
end
|
98
|
-
|
99
|
-
# Try to find the controller class from a name.
|
100
|
-
# Looks for [name](s)Controller.
|
101
|
-
#
|
102
|
-
# parse_controller :welcome #=> WelcomeController
|
103
|
-
# parse_controller :user # => UsersController
|
104
|
-
#
|
105
|
-
def self.parse_controller(controller) # :nodoc:
|
106
|
-
begin
|
107
|
-
"#{controller.to_s.camelize}Controller".constantize
|
108
|
-
rescue NameError
|
109
|
-
"#{controller.to_s.pluralize.camelize}Controller".constantize
|
110
|
-
end
|
111
|
-
rescue NameError
|
112
|
-
raise NameError, "Controller '#{controller}' was not found"
|
113
|
-
end
|
114
|
-
|
115
|
-
# if there are non-resources in objects, use the values to get resources
|
116
|
-
# from the controllers default resource type
|
117
|
-
#
|
118
|
-
def self.prepare_objects_resources(controller, objects)
|
119
|
-
res_type = controller.default_resource
|
120
|
-
objects.collect! do |o|
|
121
|
-
if o.__is_resource?
|
122
|
-
o
|
123
|
-
else
|
124
|
-
AnnotationSecurity::ResourceManager.get_resource(res_type, o)
|
125
|
-
end
|
126
|
-
end
|
127
|
-
end
|
128
|
-
|
129
|
-
# if there are non-resources in objects, use the values to get resources
|
130
|
-
# assuming the keys are the resource types (:id is defalut resource)
|
131
|
-
#
|
132
|
-
def self.prepare_params_resources(controller, params)
|
133
|
-
params.each do |k, v|
|
134
|
-
unless v.__is_resource?
|
135
|
-
res_type = k == :id ? controller.default_resource : k
|
136
|
-
v = AnnotationSecurity::ResourceManager.get_resource(res_type, v)
|
137
|
-
params[k] = v
|
138
|
-
end
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/utils.rb
|
3
|
+
#
|
4
|
+
# Provides some methods that are needed at several locations in the plug-in.
|
5
|
+
#
|
6
|
+
|
7
|
+
class AnnotationSecurity::Utils # :nodoc:
|
8
|
+
|
9
|
+
PREFIXES = /\A(may|is|can|has)_/
|
10
|
+
SUFFIXES = /(_(for|in|of|to)|\?)\Z/
|
11
|
+
|
12
|
+
# Removes pre- and suffixes from +method+,
|
13
|
+
# returns +nil+ if no change was made.
|
14
|
+
#
|
15
|
+
def self.method_body(method)
|
16
|
+
body = method.to_s.gsub(PREFIXES,'').gsub(SUFFIXES,'')
|
17
|
+
method.to_s == body ? nil : body
|
18
|
+
end
|
19
|
+
|
20
|
+
# Parses a description string
|
21
|
+
# * +description+ description of a controller action
|
22
|
+
# * +allow_binding+ if false, an exception is raised if the description
|
23
|
+
# contains a variable
|
24
|
+
# Returns right, resource and binding
|
25
|
+
#
|
26
|
+
def self.parse_description(description,allow_binding=false)
|
27
|
+
ActionAnnotation::Utils.parse_description(description,allow_binding)
|
28
|
+
end
|
29
|
+
|
30
|
+
# Parses arguments provided to #apply_policy or #allowed? and returns
|
31
|
+
# [ [:action, :resource_type, resource || nil], ... ]
|
32
|
+
#
|
33
|
+
# See SecurityContext#allowed? for details.
|
34
|
+
#
|
35
|
+
# Each element of the result can be send to a policy using
|
36
|
+
# policy_of_res_type.allowed?(rule, resource)
|
37
|
+
# or
|
38
|
+
# policy_of_res_type.static_policy.allowed?(rule, nil)
|
39
|
+
#
|
40
|
+
# Raises ArgumentError if args could not be parsed.
|
41
|
+
#
|
42
|
+
def self.parse_policy_arguments(args)
|
43
|
+
if args.first.is_a? String
|
44
|
+
hash = AnnotationSecurity::Utils.parse_description(args.first)
|
45
|
+
elsif args.first.is_a? Hash
|
46
|
+
hash = args.first
|
47
|
+
end
|
48
|
+
if hash
|
49
|
+
action = hash.delete(:action) || hash.delete('action')
|
50
|
+
resource = hash.delete(:resource) || hash.delete('resource')
|
51
|
+
unless resource.__is_resource?
|
52
|
+
resource_type = resource
|
53
|
+
resource = nil
|
54
|
+
end
|
55
|
+
resource_type ||= hash.delete(:resource_type)
|
56
|
+
resource_type ||= resource ? resource.resource_type : nil
|
57
|
+
a = [action, resource_type]
|
58
|
+
a << resource if resource
|
59
|
+
args = a + args[1..-1]
|
60
|
+
end
|
61
|
+
|
62
|
+
args << :all_resources unless args.size > 1
|
63
|
+
|
64
|
+
action, resource = args
|
65
|
+
|
66
|
+
if resource.__is_resource?
|
67
|
+
args = [action, resource.resource_type] + args[1..-1]
|
68
|
+
end
|
69
|
+
# if args.size > 2 && args.third == nil
|
70
|
+
# raise ArgumentError, "Did not expect nil as resource"
|
71
|
+
# end
|
72
|
+
args
|
73
|
+
end
|
74
|
+
|
75
|
+
# returns resource type and resource object without action
|
76
|
+
# expects [resource object], [resource type], or both
|
77
|
+
def self.parse_resource_arguments(args)
|
78
|
+
parse_policy_arguments([:r]+args)[1..2]
|
79
|
+
end
|
80
|
+
|
81
|
+
# Returns controller, action, objects and parameters
|
82
|
+
def self.parse_action_args(args)
|
83
|
+
controller = parse_controller(args.first)
|
84
|
+
action = args.second.to_sym
|
85
|
+
|
86
|
+
objects = args.third || []
|
87
|
+
objects = [objects] unless objects.is_a? Array
|
88
|
+
prepare_objects_resources(controller, objects)
|
89
|
+
|
90
|
+
params = args.fourth || {}
|
91
|
+
prepare_params_resources(controller, params)
|
92
|
+
|
93
|
+
objects += params.values
|
94
|
+
|
95
|
+
objects = objects.select { |o| o and o.__is_resource? }
|
96
|
+
return [controller, action, objects, params]
|
97
|
+
end
|
98
|
+
|
99
|
+
# Try to find the controller class from a name.
|
100
|
+
# Looks for [name](s)Controller.
|
101
|
+
#
|
102
|
+
# parse_controller :welcome #=> WelcomeController
|
103
|
+
# parse_controller :user # => UsersController
|
104
|
+
#
|
105
|
+
def self.parse_controller(controller) # :nodoc:
|
106
|
+
begin
|
107
|
+
"#{controller.to_s.camelize}Controller".constantize
|
108
|
+
rescue NameError
|
109
|
+
"#{controller.to_s.pluralize.camelize}Controller".constantize
|
110
|
+
end
|
111
|
+
rescue NameError
|
112
|
+
raise NameError, "Controller '#{controller}' was not found"
|
113
|
+
end
|
114
|
+
|
115
|
+
# if there are non-resources in objects, use the values to get resources
|
116
|
+
# from the controllers default resource type
|
117
|
+
#
|
118
|
+
def self.prepare_objects_resources(controller, objects)
|
119
|
+
res_type = controller.default_resource
|
120
|
+
objects.collect! do |o|
|
121
|
+
if o.__is_resource?
|
122
|
+
o
|
123
|
+
else
|
124
|
+
AnnotationSecurity::ResourceManager.get_resource(res_type, o)
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
# if there are non-resources in objects, use the values to get resources
|
130
|
+
# assuming the keys are the resource types (:id is defalut resource)
|
131
|
+
#
|
132
|
+
def self.prepare_params_resources(controller, params)
|
133
|
+
params.each do |k, v|
|
134
|
+
unless v.__is_resource?
|
135
|
+
res_type = k == :id ? controller.default_resource : k
|
136
|
+
v = AnnotationSecurity::ResourceManager.get_resource(res_type, v)
|
137
|
+
params[k] = v
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
142
|
end
|
data/lib/annotation_security.rb
CHANGED
@@ -1,98 +1,103 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security.rb
|
3
|
-
#
|
4
|
-
# This modul provides the AnnotationSecurity security layer.
|
5
|
-
#
|
6
|
-
|
7
|
-
# = AnnotationSecurity
|
8
|
-
module AnnotationSecurity; end
|
9
|
-
|
10
|
-
# Load annotation security files
|
11
|
-
dir = File.dirname(__FILE__)
|
12
|
-
require dir + '/annotation_security/manager/policy_manager'
|
13
|
-
require dir + '/annotation_security/manager/policy_factory'
|
14
|
-
require dir + '/annotation_security/manager/relation_loader'
|
15
|
-
require dir + '/annotation_security/manager/right_loader'
|
16
|
-
require dir + '/annotation_security/manager/resource_manager'
|
17
|
-
require dir + '/annotation_security/policy/abstract_policy'
|
18
|
-
require dir + '/annotation_security/policy/abstract_static_policy'
|
19
|
-
require dir + '/annotation_security/policy/rule_set'
|
20
|
-
require dir + '/annotation_security/policy/rule'
|
21
|
-
require dir + '/annotation_security/includes/resource'
|
22
|
-
require dir + '/annotation_security/includes/action_controller'
|
23
|
-
require dir + '/annotation_security/includes/active_record'
|
24
|
-
require dir + '/annotation_security/includes/role'
|
25
|
-
require dir + '/annotation_security/includes/user'
|
26
|
-
require dir + '/annotation_security/includes/helper'
|
27
|
-
require dir + '/annotation_security/exceptions'
|
28
|
-
require dir + '/annotation_security/filters'
|
29
|
-
require dir + '/annotation_security/model_observer'
|
30
|
-
require dir + '/annotation_security/user_wrapper'
|
31
|
-
require dir + '/annotation_security/utils'
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
#
|
39
|
-
#
|
40
|
-
#
|
41
|
-
#
|
42
|
-
|
43
|
-
|
44
|
-
#
|
45
|
-
#
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
#
|
51
|
-
#
|
52
|
-
#
|
53
|
-
#
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
#
|
60
|
-
#
|
61
|
-
#
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
#
|
68
|
-
#
|
69
|
-
#
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
#
|
76
|
-
#
|
77
|
-
#
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
#
|
84
|
-
#
|
85
|
-
#
|
86
|
-
#
|
87
|
-
#
|
88
|
-
#
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
1
|
+
#
|
2
|
+
# = lib/annotation_security.rb
|
3
|
+
#
|
4
|
+
# This modul provides the AnnotationSecurity security layer.
|
5
|
+
#
|
6
|
+
|
7
|
+
# = AnnotationSecurity
|
8
|
+
module AnnotationSecurity; end
|
9
|
+
|
10
|
+
# Load annotation security files
|
11
|
+
dir = File.dirname(__FILE__)
|
12
|
+
require dir + '/annotation_security/manager/policy_manager'
|
13
|
+
require dir + '/annotation_security/manager/policy_factory'
|
14
|
+
require dir + '/annotation_security/manager/relation_loader'
|
15
|
+
require dir + '/annotation_security/manager/right_loader'
|
16
|
+
require dir + '/annotation_security/manager/resource_manager'
|
17
|
+
require dir + '/annotation_security/policy/abstract_policy'
|
18
|
+
require dir + '/annotation_security/policy/abstract_static_policy'
|
19
|
+
require dir + '/annotation_security/policy/rule_set'
|
20
|
+
require dir + '/annotation_security/policy/rule'
|
21
|
+
require dir + '/annotation_security/includes/resource'
|
22
|
+
require dir + '/annotation_security/includes/action_controller'
|
23
|
+
require dir + '/annotation_security/includes/active_record'
|
24
|
+
require dir + '/annotation_security/includes/role'
|
25
|
+
require dir + '/annotation_security/includes/user'
|
26
|
+
require dir + '/annotation_security/includes/helper'
|
27
|
+
require dir + '/annotation_security/exceptions'
|
28
|
+
require dir + '/annotation_security/filters'
|
29
|
+
require dir + '/annotation_security/model_observer'
|
30
|
+
require dir + '/annotation_security/user_wrapper'
|
31
|
+
require dir + '/annotation_security/utils'
|
32
|
+
require dir + '/annotation_security/version'
|
33
|
+
|
34
|
+
require dir + '/security_context'
|
35
|
+
|
36
|
+
module AnnotationSecurity
|
37
|
+
|
38
|
+
# Load the file specified by +fname+.
|
39
|
+
# The file will be reloaded automatically if reset is called.
|
40
|
+
#
|
41
|
+
# See AnnotationSecurity::RightLoader for details.
|
42
|
+
#
|
43
|
+
def self.load_rights(fname, ext = 'yml')
|
44
|
+
# The file is expected to be a yaml file.
|
45
|
+
# However, it is also possible to use a ruby file that uses
|
46
|
+
# AnnotationSecurity.define_rights. In this case, ext should be 'rb'.
|
47
|
+
PolicyManager.add_file(fname, ext)
|
48
|
+
end
|
49
|
+
|
50
|
+
# Load the file specified by +fname+.
|
51
|
+
# The file will be reloaded automatically if reset is called.
|
52
|
+
#
|
53
|
+
# See AnnotationSecurity::RelationLoader for details.
|
54
|
+
#
|
55
|
+
def self.load_relations(fname)
|
56
|
+
PolicyManager.add_file(fname, 'rb')
|
57
|
+
end
|
58
|
+
|
59
|
+
# Defines relations specified in +block+.
|
60
|
+
#
|
61
|
+
# See AnnotationSecurity::RelationLoader for details
|
62
|
+
#
|
63
|
+
def self.define_relations(*resources,&block)
|
64
|
+
RelationLoader.define_relations(*resources,&block)
|
65
|
+
end
|
66
|
+
|
67
|
+
# Defines rights specified in +hash+.
|
68
|
+
#
|
69
|
+
# See AnnotationSecurity::RightLoader for details
|
70
|
+
#
|
71
|
+
def self.define_rights(hash)
|
72
|
+
RightLoader.define_rights(hash)
|
73
|
+
end
|
74
|
+
|
75
|
+
# Reloads all files that were loaded with load_rights or load_relations.
|
76
|
+
#
|
77
|
+
# In development mode, reset is being executed before each request.
|
78
|
+
#
|
79
|
+
def self.reset
|
80
|
+
PolicyManager.reset
|
81
|
+
end
|
82
|
+
|
83
|
+
# Initializes AnnotationSecurity for a Rails application and loads
|
84
|
+
# Rails specific parts of the library.
|
85
|
+
#
|
86
|
+
# This method is called by `init.rb`,
|
87
|
+
# which is run by Rails on startup.
|
88
|
+
#
|
89
|
+
# * +config+ [Rails::Configuration] the rails configuration.
|
90
|
+
def self.init_rails(config)
|
91
|
+
puts "Initializing AnnotationSecurity (#{AnnotationSecurity::Version}) security layer"
|
92
|
+
|
93
|
+
# must load the extension files after we know rails is loaded
|
94
|
+
# :o)
|
95
|
+
|
96
|
+
dir = File.dirname(__FILE__)
|
97
|
+
|
98
|
+
%w{annotation_security/rails extensions/object extensions/action_controller
|
99
|
+
extensions/active_record extensions/filter }.each { |f| require "#{dir}/#{f}" }
|
100
|
+
|
101
|
+
AnnotationSecurity::Rails.init!(config)
|
102
|
+
end
|
98
103
|
end
|
@@ -1,33 +1,33 @@
|
|
1
|
-
#
|
2
|
-
# = lib/extensions/action_controller.rb
|
3
|
-
#
|
4
|
-
|
5
|
-
module ActionController # :nodoc:
|
6
|
-
|
7
|
-
# Extends ActionController::Base for security.
|
8
|
-
#
|
9
|
-
class Base # :nodoc:
|
10
|
-
|
11
|
-
# Include required security functionality
|
12
|
-
include AnnotationSecurity::ActionController
|
13
|
-
|
14
|
-
alias render_without_security render
|
15
|
-
|
16
|
-
# Before rendering, evaluates the bounded rules of the current action.
|
17
|
-
#
|
18
|
-
def render(*args, &block)
|
19
|
-
SecurityContext.apply_rules_after_action
|
20
|
-
render_without_security(*args, &block)
|
21
|
-
end
|
22
|
-
|
23
|
-
alias redirect_to_without_security redirect_to
|
24
|
-
|
25
|
-
# Before redirecting, evaluates the bounded rules of the current action.
|
26
|
-
#
|
27
|
-
def redirect_to(*args, &block)
|
28
|
-
SecurityContext.apply_rules_after_action
|
29
|
-
redirect_to_without_security(*args, &block)
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
1
|
+
#
|
2
|
+
# = lib/extensions/action_controller.rb
|
3
|
+
#
|
4
|
+
|
5
|
+
module ActionController # :nodoc:
|
6
|
+
|
7
|
+
# Extends ActionController::Base for security.
|
8
|
+
#
|
9
|
+
class Base # :nodoc:
|
10
|
+
|
11
|
+
# Include required security functionality
|
12
|
+
include AnnotationSecurity::ActionController
|
13
|
+
|
14
|
+
alias render_without_security render
|
15
|
+
|
16
|
+
# Before rendering, evaluates the bounded rules of the current action.
|
17
|
+
#
|
18
|
+
def render(*args, &block)
|
19
|
+
SecurityContext.apply_rules_after_action
|
20
|
+
render_without_security(*args, &block)
|
21
|
+
end
|
22
|
+
|
23
|
+
alias redirect_to_without_security redirect_to
|
24
|
+
|
25
|
+
# Before redirecting, evaluates the bounded rules of the current action.
|
26
|
+
#
|
27
|
+
def redirect_to(*args, &block)
|
28
|
+
SecurityContext.apply_rules_after_action
|
29
|
+
redirect_to_without_security(*args, &block)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
33
|
end
|
@@ -1,35 +1,35 @@
|
|
1
|
-
#
|
2
|
-
# = lib/extensions/active_record.rb
|
3
|
-
#
|
4
|
-
|
5
|
-
module ActiveRecord # :nodoc:
|
6
|
-
|
7
|
-
# Extends ActiveRecord::Base so that model classes
|
8
|
-
# can be tagged as resources.
|
9
|
-
#
|
10
|
-
# To associate a model class with a resource type, use #resource in the class
|
11
|
-
# definition.
|
12
|
-
#
|
13
|
-
# class MyResource < ActiveRecord::Base
|
14
|
-
# resource :my_resource
|
15
|
-
#
|
16
|
-
# # ...
|
17
|
-
# end
|
18
|
-
#
|
19
|
-
# If you don't pass an argument to #resource, the resource name will be
|
20
|
-
# the underscored class name.
|
21
|
-
#
|
22
|
-
# See AnnotationSecurity::Resource if you want to use non-model classes as resources.
|
23
|
-
#
|
24
|
-
class Base
|
25
|
-
|
26
|
-
# Declares a model class to be a resource.
|
27
|
-
# * +resource_type+ (optional) Symbol of the resource type (like :course)
|
28
|
-
def self.resource(resource_type = nil)
|
29
|
-
include ::AnnotationSecurity::ActiveRecord
|
30
|
-
self.resource_type = resource_type if resource_type
|
31
|
-
self.resource_type
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
1
|
+
#
|
2
|
+
# = lib/extensions/active_record.rb
|
3
|
+
#
|
4
|
+
|
5
|
+
module ActiveRecord # :nodoc:
|
6
|
+
|
7
|
+
# Extends ActiveRecord::Base so that model classes
|
8
|
+
# can be tagged as resources.
|
9
|
+
#
|
10
|
+
# To associate a model class with a resource type, use #resource in the class
|
11
|
+
# definition.
|
12
|
+
#
|
13
|
+
# class MyResource < ActiveRecord::Base
|
14
|
+
# resource :my_resource
|
15
|
+
#
|
16
|
+
# # ...
|
17
|
+
# end
|
18
|
+
#
|
19
|
+
# If you don't pass an argument to #resource, the resource name will be
|
20
|
+
# the underscored class name.
|
21
|
+
#
|
22
|
+
# See AnnotationSecurity::Resource if you want to use non-model classes as resources.
|
23
|
+
#
|
24
|
+
class Base
|
25
|
+
|
26
|
+
# Declares a model class to be a resource.
|
27
|
+
# * +resource_type+ (optional) Symbol of the resource type (like :course)
|
28
|
+
def self.resource(resource_type = nil)
|
29
|
+
include ::AnnotationSecurity::ActiveRecord
|
30
|
+
self.resource_type = resource_type if resource_type
|
31
|
+
self.resource_type
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
35
|
end
|