annotation_security 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (63) hide show
  1. data/CHANGELOG.md +14 -0
  2. data/HOW-TO.md +275 -0
  3. data/{MIT-LICENSE → LICENSE} +1 -1
  4. data/README.md +39 -0
  5. data/Rakefile +62 -55
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +13 -13
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security/exceptions.rb +124 -124
  12. data/lib/annotation_security/exec.rb +188 -188
  13. data/lib/annotation_security/filters.rb +37 -37
  14. data/lib/annotation_security/includes/action_controller.rb +144 -143
  15. data/lib/annotation_security/includes/active_record.rb +27 -27
  16. data/lib/annotation_security/includes/helper.rb +215 -215
  17. data/lib/annotation_security/includes/resource.rb +84 -84
  18. data/lib/annotation_security/includes/role.rb +30 -30
  19. data/lib/annotation_security/includes/user.rb +26 -26
  20. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  21. data/lib/annotation_security/manager/policy_manager.rb +79 -79
  22. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  23. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  24. data/lib/annotation_security/manager/right_loader.rb +87 -87
  25. data/lib/annotation_security/model_observer.rb +61 -61
  26. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  27. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  28. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  29. data/lib/annotation_security/policy/rule.rb +340 -340
  30. data/lib/annotation_security/policy/rule_set.rb +138 -138
  31. data/lib/annotation_security/rails.rb +38 -38
  32. data/lib/annotation_security/user_wrapper.rb +73 -73
  33. data/lib/annotation_security/utils.rb +141 -141
  34. data/lib/annotation_security/version.rb +10 -0
  35. data/lib/annotation_security.rb +102 -97
  36. data/lib/extensions/action_controller.rb +32 -32
  37. data/lib/extensions/active_record.rb +34 -34
  38. data/lib/extensions/filter.rb +133 -133
  39. data/lib/extensions/object.rb +10 -10
  40. data/lib/security_context.rb +589 -551
  41. data/spec/annotation_security/exceptions_spec.rb +16 -16
  42. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  43. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  44. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  45. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  46. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  47. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  48. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  49. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  50. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  51. data/spec/annotation_security/security_context_spec.rb +78 -78
  52. data/spec/annotation_security/utils_spec.rb +73 -73
  53. data/spec/helper/test_controller.rb +65 -65
  54. data/spec/helper/test_helper.rb +5 -5
  55. data/spec/helper/test_relations.rb +6 -6
  56. data/spec/helper/test_resource.rb +38 -38
  57. data/spec/helper/test_role.rb +21 -21
  58. data/spec/helper/test_user.rb +31 -31
  59. data/spec/rails_stub.rb +37 -37
  60. metadata +94 -72
  61. data/CHANGELOG +0 -2
  62. data/HOW-TO +0 -261
  63. data/README +0 -39
data/lib/extensions/filter.rb CHANGED
@@ -1,134 +1,134 @@
1
- #
2
- # = lib/extensions/filter.rb
3
- #
4
- # Adds security filters to the Rails filter mechanism.
5
- #
6
- # Modifies ActionController::Filter::FilterChain. Might not work with other
7
- # gems modifying this class.
8
- #
9
-
10
- # Extends ActiveRecord::Base and patches ActionController::Filters
11
- #
12
- # Performs additions to the rails filter chain. It basically adds two
13
- # filters which may not be removed:
14
- #
15
- # 1) Before Fiter to initialize SecurityContext
16
- # 2) Around Filter around actions
17
- #
18
- # The altered filter chain looks like this:
19
- #
20
- # * AnnotationSecurity::Filters::InitializeSecurity
21
- # * ... other before filters
22
- # * around filters ...
23
- # * AnnotationSecurity::Filters::ApplySecurity
24
- # * after filters
25
- #
26
- module ActionController # :nodoc:
27
- module Filters # :nodoc:
28
- class FilterChain # :nodoc:
29
- def self.new(&block)
30
- returning super do |filter_chain|
31
- filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::InitializeSecurity], :security, &block)
32
- filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::ApplySecurity], :action_security, &block)
33
- end
34
- end
35
-
36
- private
37
-
38
- def find_filter_append_position(filters, filter_type)
39
- # appending an after filter puts it at the end of the call chain
40
- # before and around filters go after security filters and
41
- # before the first after or action_security filter
42
- #
43
- return -1 if filter_type == :after
44
-
45
- if filter_type == :security
46
- #security filters are first filters in chain
47
- each_with_index do |f,i|
48
- return i unless f.security?
49
- end
50
- else
51
- each_with_index do |f,i|
52
- return i if f.after? or f.action_security?
53
- end
54
- end
55
- return -1
56
- end
57
-
58
- def find_filter_prepend_position(filters, filter_type)
59
- if filter_type == :after
60
- # after filters go before the first after filter in the chain
61
- each_with_index do |f,i|
62
- return i if f.after?
63
- end
64
- return -1
65
- elsif filter_type == :security
66
- return 0
67
- else
68
- # prepending a before or around filter puts it at the front of the call chain
69
- each_with_index do |f,i|
70
- return i unless f.security?
71
- end
72
- end
73
- return 0 # Since first filter is security initialization filter
74
- end
75
-
76
- def find_or_create_filter(filter, filter_type, options = {})
77
- update_filter_in_chain([filter], options)
78
-
79
- if found_filter = find(filter) { |f| f.type == filter_type }
80
- found_filter
81
- else
82
- filter_kind = case
83
- when filter.respond_to?(:before) && filter_type == :before
84
- :before
85
- when filter.respond_to?(:after) && filter_type == :after
86
- :after
87
- else
88
- :filter
89
- end
90
-
91
- case filter_type
92
- when :before
93
- BeforeFilter.new(filter_kind, filter, options)
94
- when :after
95
- AfterFilter.new(filter_kind, filter, options)
96
- when :security
97
- SecurityFilter.new(filter_kind, filter, options)
98
- when :action_security
99
- ActionSecurityFilter.new(filter_kind, filter, options)
100
- else
101
- AroundFilter.new(filter_kind, filter, options)
102
- end
103
- end
104
- end
105
- end
106
-
107
- class Filter # :nodoc:
108
-
109
- # override to return true in appropriate subclass
110
- def security?
111
- false
112
- end
113
-
114
- def action_security?
115
- false
116
- end
117
- end
118
-
119
- # the customized security filter that sets the current user
120
- # and catches security exceptions
121
- class SecurityFilter < AroundFilter # :nodoc:
122
- def security?
123
- true
124
- end
125
- end
126
-
127
- # filter used to activate security for actions
128
- class ActionSecurityFilter < AroundFilter # :nodoc:
129
- def action_security?
130
- true
131
- end
132
- end
133
- end
1
+ #
2
+ # = lib/extensions/filter.rb
3
+ #
4
+ # Adds security filters to the Rails filter mechanism.
5
+ #
6
+ # Modifies ActionController::Filter::FilterChain. Might not work with other
7
+ # gems modifying this class.
8
+ #
9
+
10
+ # Extends ActiveRecord::Base and patches ActionController::Filters
11
+ #
12
+ # Performs additions to the rails filter chain. It basically adds two
13
+ # filters which may not be removed:
14
+ #
15
+ # 1) Before Fiter to initialize SecurityContext
16
+ # 2) Around Filter around actions
17
+ #
18
+ # The altered filter chain looks like this:
19
+ #
20
+ # * AnnotationSecurity::Filters::InitializeSecurity
21
+ # * ... other before filters
22
+ # * around filters ...
23
+ # * AnnotationSecurity::Filters::ApplySecurity
24
+ # * after filters
25
+ #
26
+ module ActionController # :nodoc:
27
+ module Filters # :nodoc:
28
+ class FilterChain # :nodoc:
29
+ def self.new(&block)
30
+ super.tap do |filter_chain|
31
+ filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::InitializeSecurity], :security, &block)
32
+ filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::ApplySecurity], :action_security, &block)
33
+ end
34
+ end
35
+
36
+ private
37
+
38
+ def find_filter_append_position(filters, filter_type)
39
+ # appending an after filter puts it at the end of the call chain
40
+ # before and around filters go after security filters and
41
+ # before the first after or action_security filter
42
+ #
43
+ return -1 if filter_type == :after
44
+
45
+ if filter_type == :security
46
+ #security filters are first filters in chain
47
+ each_with_index do |f,i|
48
+ return i unless f.security?
49
+ end
50
+ else
51
+ each_with_index do |f,i|
52
+ return i if f.after? or f.action_security?
53
+ end
54
+ end
55
+ return -1
56
+ end
57
+
58
+ def find_filter_prepend_position(filters, filter_type)
59
+ if filter_type == :after
60
+ # after filters go before the first after filter in the chain
61
+ each_with_index do |f,i|
62
+ return i if f.after?
63
+ end
64
+ return -1
65
+ elsif filter_type == :security
66
+ return 0
67
+ else
68
+ # prepending a before or around filter puts it at the front of the call chain
69
+ each_with_index do |f,i|
70
+ return i unless f.security?
71
+ end
72
+ end
73
+ return 0 # Since first filter is security initialization filter
74
+ end
75
+
76
+ def find_or_create_filter(filter, filter_type, options = {})
77
+ update_filter_in_chain([filter], options)
78
+
79
+ if found_filter = find(filter) { |f| f.type == filter_type }
80
+ found_filter
81
+ else
82
+ filter_kind = case
83
+ when filter.respond_to?(:before) && filter_type == :before
84
+ :before
85
+ when filter.respond_to?(:after) && filter_type == :after
86
+ :after
87
+ else
88
+ :filter
89
+ end
90
+
91
+ case filter_type
92
+ when :before
93
+ BeforeFilter.new(filter_kind, filter, options)
94
+ when :after
95
+ AfterFilter.new(filter_kind, filter, options)
96
+ when :security
97
+ SecurityFilter.new(filter_kind, filter, options)
98
+ when :action_security
99
+ ActionSecurityFilter.new(filter_kind, filter, options)
100
+ else
101
+ AroundFilter.new(filter_kind, filter, options)
102
+ end
103
+ end
104
+ end
105
+ end
106
+
107
+ class Filter # :nodoc:
108
+
109
+ # override to return true in appropriate subclass
110
+ def security?
111
+ false
112
+ end
113
+
114
+ def action_security?
115
+ false
116
+ end
117
+ end
118
+
119
+ # the customized security filter that sets the current user
120
+ # and catches security exceptions
121
+ class SecurityFilter < AroundFilter # :nodoc:
122
+ def security?
123
+ true
124
+ end
125
+ end
126
+
127
+ # filter used to activate security for actions
128
+ class ActionSecurityFilter < AroundFilter # :nodoc:
129
+ def action_security?
130
+ true
131
+ end
132
+ end
133
+ end
134
134
  end
data/lib/extensions/object.rb CHANGED
@@ -1,11 +1,11 @@
1
- #
2
- # = lib/extensions/object.rb
3
- #
4
-
5
- class Object # :nodoc:
6
-
7
- def __is_resource? # :nodoc:
8
- false
9
- end
10
-
1
+ #
2
+ # = lib/extensions/object.rb
3
+ #
4
+
5
+ class Object # :nodoc:
6
+
7
+ def __is_resource? # :nodoc:
8
+ false
9
+ end
10
+
11
11
  end