annotation_security 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. data/CHANGELOG.md +14 -0
  2. data/HOW-TO.md +275 -0
  3. data/{MIT-LICENSE → LICENSE} +1 -1
  4. data/README.md +39 -0
  5. data/Rakefile +62 -55
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +13 -13
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security/exceptions.rb +124 -124
  12. data/lib/annotation_security/exec.rb +188 -188
  13. data/lib/annotation_security/filters.rb +37 -37
  14. data/lib/annotation_security/includes/action_controller.rb +144 -143
  15. data/lib/annotation_security/includes/active_record.rb +27 -27
  16. data/lib/annotation_security/includes/helper.rb +215 -215
  17. data/lib/annotation_security/includes/resource.rb +84 -84
  18. data/lib/annotation_security/includes/role.rb +30 -30
  19. data/lib/annotation_security/includes/user.rb +26 -26
  20. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  21. data/lib/annotation_security/manager/policy_manager.rb +79 -79
  22. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  23. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  24. data/lib/annotation_security/manager/right_loader.rb +87 -87
  25. data/lib/annotation_security/model_observer.rb +61 -61
  26. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  27. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  28. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  29. data/lib/annotation_security/policy/rule.rb +340 -340
  30. data/lib/annotation_security/policy/rule_set.rb +138 -138
  31. data/lib/annotation_security/rails.rb +38 -38
  32. data/lib/annotation_security/user_wrapper.rb +73 -73
  33. data/lib/annotation_security/utils.rb +141 -141
  34. data/lib/annotation_security/version.rb +10 -0
  35. data/lib/annotation_security.rb +102 -97
  36. data/lib/extensions/action_controller.rb +32 -32
  37. data/lib/extensions/active_record.rb +34 -34
  38. data/lib/extensions/filter.rb +133 -133
  39. data/lib/extensions/object.rb +10 -10
  40. data/lib/security_context.rb +589 -551
  41. data/spec/annotation_security/exceptions_spec.rb +16 -16
  42. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  43. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  44. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  45. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  46. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  47. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  48. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  49. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  50. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  51. data/spec/annotation_security/security_context_spec.rb +78 -78
  52. data/spec/annotation_security/utils_spec.rb +73 -73
  53. data/spec/helper/test_controller.rb +65 -65
  54. data/spec/helper/test_helper.rb +5 -5
  55. data/spec/helper/test_relations.rb +6 -6
  56. data/spec/helper/test_resource.rb +38 -38
  57. data/spec/helper/test_role.rb +21 -21
  58. data/spec/helper/test_user.rb +31 -31
  59. data/spec/rails_stub.rb +37 -37
  60. metadata +94 -72
  61. data/CHANGELOG +0 -2
  62. data/HOW-TO +0 -261
  63. data/README +0 -39
data/lib/extensions/filter.rb CHANGED
@@ -1,134 +1,134 @@
1
- #
2
- # = lib/extensions/filter.rb
3
- #
4
- # Adds security filters to the Rails filter mechanism.
5
- #
6
- # Modifies ActionController::Filter::FilterChain. Might not work with other
7
- # gems modifying this class.
8
- #
9
-
10
- # Extends ActiveRecord::Base and patches ActionController::Filters
11
- #
12
- # Performs additions to the rails filter chain. It basically adds two
13
- # filters which may not be removed:
14
- #
15
- # 1) Before Fiter to initialize SecurityContext
16
- # 2) Around Filter around actions
17
- #
18
- # The altered filter chain looks like this:
19
- #
20
- # * AnnotationSecurity::Filters::InitializeSecurity
21
- # * ... other before filters
22
- # * around filters ...
23
- # * AnnotationSecurity::Filters::ApplySecurity
24
- # * after filters
25
- #
26
- module ActionController # :nodoc:
27
- module Filters # :nodoc:
28
- class FilterChain # :nodoc:
29
- def self.new(&block)
30
- returning super do |filter_chain|
31
- filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::InitializeSecurity], :security, &block)
32
- filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::ApplySecurity], :action_security, &block)
33
- end
34
- end
35
-
36
- private
37
-
38
- def find_filter_append_position(filters, filter_type)
39
- # appending an after filter puts it at the end of the call chain
40
- # before and around filters go after security filters and
41
- # before the first after or action_security filter
42
- #
43
- return -1 if filter_type == :after
44
-
45
- if filter_type == :security
46
- #security filters are first filters in chain
47
- each_with_index do |f,i|
48
- return i unless f.security?
49
- end
50
- else
51
- each_with_index do |f,i|
52
- return i if f.after? or f.action_security?
53
- end
54
- end
55
- return -1
56
- end
57
-
58
- def find_filter_prepend_position(filters, filter_type)
59
- if filter_type == :after
60
- # after filters go before the first after filter in the chain
61
- each_with_index do |f,i|
62
- return i if f.after?
63
- end
64
- return -1
65
- elsif filter_type == :security
66
- return 0
67
- else
68
- # prepending a before or around filter puts it at the front of the call chain
69
- each_with_index do |f,i|
70
- return i unless f.security?
71
- end
72
- end
73
- return 0 # Since first filter is security initialization filter
74
- end
75
-
76
- def find_or_create_filter(filter, filter_type, options = {})
77
- update_filter_in_chain([filter], options)
78
-
79
- if found_filter = find(filter) { |f| f.type == filter_type }
80
- found_filter
81
- else
82
- filter_kind = case
83
- when filter.respond_to?(:before) && filter_type == :before
84
- :before
85
- when filter.respond_to?(:after) && filter_type == :after
86
- :after
87
- else
88
- :filter
89
- end
90
-
91
- case filter_type
92
- when :before
93
- BeforeFilter.new(filter_kind, filter, options)
94
- when :after
95
- AfterFilter.new(filter_kind, filter, options)
96
- when :security
97
- SecurityFilter.new(filter_kind, filter, options)
98
- when :action_security
99
- ActionSecurityFilter.new(filter_kind, filter, options)
100
- else
101
- AroundFilter.new(filter_kind, filter, options)
102
- end
103
- end
104
- end
105
- end
106
-
107
- class Filter # :nodoc:
108
-
109
- # override to return true in appropriate subclass
110
- def security?
111
- false
112
- end
113
-
114
- def action_security?
115
- false
116
- end
117
- end
118
-
119
- # the customized security filter that sets the current user
120
- # and catches security exceptions
121
- class SecurityFilter < AroundFilter # :nodoc:
122
- def security?
123
- true
124
- end
125
- end
126
-
127
- # filter used to activate security for actions
128
- class ActionSecurityFilter < AroundFilter # :nodoc:
129
- def action_security?
130
- true
131
- end
132
- end
133
- end
1
+ #
2
+ # = lib/extensions/filter.rb
3
+ #
4
+ # Adds security filters to the Rails filter mechanism.
5
+ #
6
+ # Modifies ActionController::Filter::FilterChain. Might not work with other
7
+ # gems modifying this class.
8
+ #
9
+
10
+ # Extends ActiveRecord::Base and patches ActionController::Filters
11
+ #
12
+ # Performs additions to the rails filter chain. It basically adds two
13
+ # filters which may not be removed:
14
+ #
15
+ # 1) Before Fiter to initialize SecurityContext
16
+ # 2) Around Filter around actions
17
+ #
18
+ # The altered filter chain looks like this:
19
+ #
20
+ # * AnnotationSecurity::Filters::InitializeSecurity
21
+ # * ... other before filters
22
+ # * around filters ...
23
+ # * AnnotationSecurity::Filters::ApplySecurity
24
+ # * after filters
25
+ #
26
+ module ActionController # :nodoc:
27
+ module Filters # :nodoc:
28
+ class FilterChain # :nodoc:
29
+ def self.new(&block)
30
+ super.tap do |filter_chain|
31
+ filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::InitializeSecurity], :security, &block)
32
+ filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::ApplySecurity], :action_security, &block)
33
+ end
34
+ end
35
+
36
+ private
37
+
38
+ def find_filter_append_position(filters, filter_type)
39
+ # appending an after filter puts it at the end of the call chain
40
+ # before and around filters go after security filters and
41
+ # before the first after or action_security filter
42
+ #
43
+ return -1 if filter_type == :after
44
+
45
+ if filter_type == :security
46
+ #security filters are first filters in chain
47
+ each_with_index do |f,i|
48
+ return i unless f.security?
49
+ end
50
+ else
51
+ each_with_index do |f,i|
52
+ return i if f.after? or f.action_security?
53
+ end
54
+ end
55
+ return -1
56
+ end
57
+
58
+ def find_filter_prepend_position(filters, filter_type)
59
+ if filter_type == :after
60
+ # after filters go before the first after filter in the chain
61
+ each_with_index do |f,i|
62
+ return i if f.after?
63
+ end
64
+ return -1
65
+ elsif filter_type == :security
66
+ return 0
67
+ else
68
+ # prepending a before or around filter puts it at the front of the call chain
69
+ each_with_index do |f,i|
70
+ return i unless f.security?
71
+ end
72
+ end
73
+ return 0 # Since first filter is security initialization filter
74
+ end
75
+
76
+ def find_or_create_filter(filter, filter_type, options = {})
77
+ update_filter_in_chain([filter], options)
78
+
79
+ if found_filter = find(filter) { |f| f.type == filter_type }
80
+ found_filter
81
+ else
82
+ filter_kind = case
83
+ when filter.respond_to?(:before) && filter_type == :before
84
+ :before
85
+ when filter.respond_to?(:after) && filter_type == :after
86
+ :after
87
+ else
88
+ :filter
89
+ end
90
+
91
+ case filter_type
92
+ when :before
93
+ BeforeFilter.new(filter_kind, filter, options)
94
+ when :after
95
+ AfterFilter.new(filter_kind, filter, options)
96
+ when :security
97
+ SecurityFilter.new(filter_kind, filter, options)
98
+ when :action_security
99
+ ActionSecurityFilter.new(filter_kind, filter, options)
100
+ else
101
+ AroundFilter.new(filter_kind, filter, options)
102
+ end
103
+ end
104
+ end
105
+ end
106
+
107
+ class Filter # :nodoc:
108
+
109
+ # override to return true in appropriate subclass
110
+ def security?
111
+ false
112
+ end
113
+
114
+ def action_security?
115
+ false
116
+ end
117
+ end
118
+
119
+ # the customized security filter that sets the current user
120
+ # and catches security exceptions
121
+ class SecurityFilter < AroundFilter # :nodoc:
122
+ def security?
123
+ true
124
+ end
125
+ end
126
+
127
+ # filter used to activate security for actions
128
+ class ActionSecurityFilter < AroundFilter # :nodoc:
129
+ def action_security?
130
+ true
131
+ end
132
+ end
133
+ end
134
134
  end
data/lib/extensions/object.rb CHANGED
@@ -1,11 +1,11 @@
1
- #
2
- # = lib/extensions/object.rb
3
- #
4
-
5
- class Object # :nodoc:
6
-
7
- def __is_resource? # :nodoc:
8
- false
9
- end
10
-
1
+ #
2
+ # = lib/extensions/object.rb
3
+ #
4
+
5
+ class Object # :nodoc:
6
+
7
+ def __is_resource? # :nodoc:
8
+ false
9
+ end
10
+
11
11
  end