annotation_security 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. data/CHANGELOG.md +14 -0
  2. data/HOW-TO.md +275 -0
  3. data/{MIT-LICENSE → LICENSE} +1 -1
  4. data/README.md +39 -0
  5. data/Rakefile +62 -55
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +13 -13
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security/exceptions.rb +124 -124
  12. data/lib/annotation_security/exec.rb +188 -188
  13. data/lib/annotation_security/filters.rb +37 -37
  14. data/lib/annotation_security/includes/action_controller.rb +144 -143
  15. data/lib/annotation_security/includes/active_record.rb +27 -27
  16. data/lib/annotation_security/includes/helper.rb +215 -215
  17. data/lib/annotation_security/includes/resource.rb +84 -84
  18. data/lib/annotation_security/includes/role.rb +30 -30
  19. data/lib/annotation_security/includes/user.rb +26 -26
  20. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  21. data/lib/annotation_security/manager/policy_manager.rb +79 -79
  22. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  23. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  24. data/lib/annotation_security/manager/right_loader.rb +87 -87
  25. data/lib/annotation_security/model_observer.rb +61 -61
  26. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  27. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  28. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  29. data/lib/annotation_security/policy/rule.rb +340 -340
  30. data/lib/annotation_security/policy/rule_set.rb +138 -138
  31. data/lib/annotation_security/rails.rb +38 -38
  32. data/lib/annotation_security/user_wrapper.rb +73 -73
  33. data/lib/annotation_security/utils.rb +141 -141
  34. data/lib/annotation_security/version.rb +10 -0
  35. data/lib/annotation_security.rb +102 -97
  36. data/lib/extensions/action_controller.rb +32 -32
  37. data/lib/extensions/active_record.rb +34 -34
  38. data/lib/extensions/filter.rb +133 -133
  39. data/lib/extensions/object.rb +10 -10
  40. data/lib/security_context.rb +589 -551
  41. data/spec/annotation_security/exceptions_spec.rb +16 -16
  42. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  43. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  44. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  45. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  46. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  47. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  48. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  49. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  50. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  51. data/spec/annotation_security/security_context_spec.rb +78 -78
  52. data/spec/annotation_security/utils_spec.rb +73 -73
  53. data/spec/helper/test_controller.rb +65 -65
  54. data/spec/helper/test_helper.rb +5 -5
  55. data/spec/helper/test_relations.rb +6 -6
  56. data/spec/helper/test_resource.rb +38 -38
  57. data/spec/helper/test_role.rb +21 -21
  58. data/spec/helper/test_user.rb +31 -31
  59. data/spec/rails_stub.rb +37 -37
  60. metadata +94 -72
  61. data/CHANGELOG +0 -2
  62. data/HOW-TO +0 -261
  63. data/README +0 -39
@@ -1,38 +1,38 @@
1
- #
2
- # = lib/annotation_security/filters.rb
3
- #
4
-
5
- require "active_record"
6
-
7
- module AnnotationSecurity # :nodoc:
8
-
9
- # Contains filters of the security layer which filter current requests,
10
- # set up security context and apply security rules.
11
- module Filters
12
- # This filter is a before filter and is executed as the first filter in the
13
- # filter chain. It initializes the security layer.
14
- class InitializeSecurity
15
-
16
- # Initialize current security context depending on logged_in user
17
- def self.filter(controller)
18
- SecurityContext.initialize(controller)
19
- yield
20
- end
21
- end
22
-
23
- # This filter is an around filter and is executed as the last filter before
24
- # execution of action. It applies the security mechanisms.
25
- class ApplySecurity
26
- # Applies security policies based on current user.
27
- def self.filter(controller)
28
- ::ActiveRecord::Base.transaction do
29
- rules = controller.class.descriptions_of(controller.action_name)
30
- SecurityContext.current.eval_with_security(rules){ yield }
31
- end
32
- rescue AnnotationSecurity::SecurityError
33
- SecurityContext.security_exception = $!
34
- raise $!
35
- end
36
- end
37
- end
1
+ #
2
+ # = lib/annotation_security/filters.rb
3
+ #
4
+
5
+ require "active_record"
6
+
7
+ module AnnotationSecurity # :nodoc:
8
+
9
+ # Contains filters of the security layer which filter current requests,
10
+ # set up security context and apply security rules.
11
+ module Filters
12
+ # This filter is a before filter and is executed as the first filter in the
13
+ # filter chain. It initializes the security layer.
14
+ class InitializeSecurity
15
+
16
+ # Initialize current security context depending on logged_in user
17
+ def self.filter(controller)
18
+ SecurityContext.initialize(controller)
19
+ yield
20
+ end
21
+ end
22
+
23
+ # This filter is an around filter and is executed as the last filter before
24
+ # execution of action. It applies the security mechanisms.
25
+ class ApplySecurity
26
+ # Applies security policies based on current user.
27
+ def self.filter(controller)
28
+ ::ActiveRecord::Base.transaction do
29
+ rules = controller.class.descriptions_of(controller.action_name)
30
+ SecurityContext.current.eval_with_security(rules){ yield }
31
+ end
32
+ rescue AnnotationSecurity::SecurityError
33
+ SecurityContext.security_exception = $!
34
+ raise $!
35
+ end
36
+ end
37
+ end
38
38
  end
@@ -1,144 +1,145 @@
1
- #
2
- # = lib/annotation_security/includes/action_controller.rb
3
- #
4
-
5
- # Provides security extensions for rails controllers.
6
- # Is included in ActionController::Base.
7
- #
8
- # See AnnotationSecurity::ActionController::ClassMethods.
9
- #
10
- module AnnotationSecurity::ActionController
11
-
12
- def self.included(base) # :nodoc:
13
- base.extend(ClassMethods)
14
- base.send :include, InstanceMethods
15
- end
16
-
17
- # Provides security extensions for rails controllers on the class side.
18
- #
19
- module ClassMethods
20
-
21
- # Filters are not affected by the security settings of the action.
22
- # If you want security checkings in your filters, activate them with
23
- # +apply_security+.
24
- #
25
- # apply_security :get_user
26
- #
27
- # private
28
- #
29
- # desc "shows a user"
30
- # def get_user
31
- # @user = User.find params[:id]
32
- # end
33
- #
34
- # You can use +apply_security+ to secure any methods, not only filters.
35
- # Notice that these rules are *not* taken into account when evaluating
36
- # AnnotationSecurity::Helper#link_to_if_allowed and similar methods.
37
- #
38
- def apply_security(*symbols)
39
- symbols.each { |s| pending_security_wrappers << s.to_sym }
40
- end
41
-
42
- # Filters are not affected by the security settings of the action.
43
- # If you want the security settings of the action applied to your filter,
44
- # use this method. It can be combined with #apply_security
45
- def apply_action_security(*symbols)
46
- symbols.each { |s| pending_action_security_wrappers << s.to_sym }
47
- end
48
-
49
- # AnnotationSecurity is using the +method_added+ callback. If this method
50
- # is overwritten without calling +super+, +apply_security+ will not work.
51
- #
52
- def method_added(method)
53
- super(method)
54
- if pending_security_wrappers.delete method
55
- build_security_wrapper(method)
56
- end
57
- if pending_action_security_wrappers.delete method
58
- build_action_security_wrapper(method)
59
- end
60
- end
61
-
62
- # If no resource type is provided in a description, the default resource
63
- # will be used. Once set the value cannot be changed.
64
- #
65
- # This is still experimental. You should not use it unless you have a
66
- # reason. It might be usefull for inheritance.
67
- #
68
- def default_resource(value=nil)
69
- @default_resource ||= value || compute_default_resource
70
- end
71
-
72
- # Creates a new security filter.
73
- #
74
- # Security filters are around filters that are evaluated before the first
75
- # before filter. Use security filters to set the credentials and to react
76
- # to security violations.
77
- # class ApplicationController < ActionController::Base
78
- #
79
- # security_filter :security_filter
80
- #
81
- # private
82
- #
83
- # def security_filter
84
- # SecurityContext.current_credential = session[:user]
85
- # yield
86
- # rescue SecurityViolationError
87
- # if SecurityContext.is? :logged_in
88
- # render :template => "welcome/not_allowed"
89
- # else
90
- # render :template => "welcome/please_login"
91
- # end
92
- # end
93
- #
94
- # See SecurityContext#current_credential= and SecurityViolationError.
95
- #
96
- def security_filter(symbol, &block)
97
- filter_chain.append_filter_to_chain([symbol], :security, &block)
98
- end
99
-
100
- private
101
-
102
- def pending_security_wrappers
103
- @pending_security_wrappers ||= []
104
- end
105
-
106
- def pending_action_security_wrappers
107
- @pending_action_security_wrappers ||= []
108
- end
109
-
110
- def build_security_wrapper(method)
111
- no_security = "#{method}_without_security".to_sym
112
- class_eval %{
113
- alias :#{no_security} :#{method}
114
- def #{method}(*args, &proc)
115
- rules = self.class.descriptions_of(:#{method})
116
- SecurityContext.current.send_with_security(rules, self, :#{no_security}, *args, &proc)
117
- end
118
- }
119
- end
120
-
121
- def build_action_security_wrapper(method)
122
- no_security = "#{method}_without_action_security".to_sym
123
- class_eval %{
124
- alias :#{no_security} :#{method}
125
- def #{method}(*args, &proc)
126
- rules = self.class.descriptions_of(action_name)
127
- SecurityContext.current.send_with_security(rules, self, :#{no_security}, *args, &proc)
128
- end
129
- }
130
- end
131
-
132
- def compute_default_resource
133
- name.first(-"Controller".length).singularize.underscore.to_sym
134
- end
135
-
136
- end
137
-
138
- module InstanceMethods # :nodoc:
139
-
140
- def security_exception=(ex)
141
- @security_exception = ex
142
- end
143
- end
1
+ #
2
+ # = lib/annotation_security/includes/action_controller.rb
3
+ #
4
+
5
+ # Provides security extensions for rails controllers.
6
+ # Is included in ActionController::Base.
7
+ #
8
+ # See AnnotationSecurity::ActionController::ClassMethods.
9
+ #
10
+ module AnnotationSecurity::ActionController
11
+
12
+ def self.included(base) # :nodoc:
13
+ base.extend(ClassMethods)
14
+ base.send :include, InstanceMethods
15
+ end
16
+
17
+ # Provides security extensions for rails controllers on the class side.
18
+ #
19
+ module ClassMethods
20
+
21
+ # Filters are not affected by the security settings of the action.
22
+ # If you want security checkings in your filters, activate them with
23
+ # +apply_security+.
24
+ #
25
+ # apply_security :get_user
26
+ #
27
+ # private
28
+ #
29
+ # desc "shows a user"
30
+ # def get_user
31
+ # @user = User.find params[:id]
32
+ # end
33
+ #
34
+ # You can use +apply_security+ to secure any methods, not only filters.
35
+ # Notice that these rules are *not* taken into account when evaluating
36
+ # AnnotationSecurity::Helper#link_to_if_allowed and similar methods.
37
+ #
38
+ def apply_security(*symbols)
39
+ symbols.each { |s| pending_security_wrappers << s.to_sym }
40
+ end
41
+
42
+ # Filters are not affected by the security settings of the action.
43
+ # If you want the security settings of the action applied to your filter,
44
+ # use this method. It can be combined with #apply_security
45
+ def apply_action_security(*symbols)
46
+ symbols.each { |s| pending_action_security_wrappers << s.to_sym }
47
+ end
48
+
49
+ # AnnotationSecurity is using the +method_added+ callback. If this method
50
+ # is overwritten without calling +super+, +apply_security+ will not work.
51
+ #
52
+ def method_added(method)
53
+ super(method)
54
+ if pending_security_wrappers.delete method
55
+ build_security_wrapper(method)
56
+ end
57
+ if pending_action_security_wrappers.delete method
58
+ build_action_security_wrapper(method)
59
+ end
60
+ end
61
+
62
+ # If no resource type is provided in a description, the default resource
63
+ # will be used. Once set the value cannot be changed.
64
+ #
65
+ # This is still experimental. You should not use it unless you have a
66
+ # reason. It might be useful for inheritance.
67
+ #
68
+ def default_resource(value=nil)
69
+ @default_resource ||= value || compute_default_resource
70
+ end
71
+
72
+ # Creates a new security filter.
73
+ #
74
+ # Security filters are around filters that are evaluated before the first
75
+ # before filter. Use security filters to set the credentials and to react
76
+ # to security violations.
77
+ #
78
+ # class ApplicationController < ActionController::Base
79
+ #
80
+ # security_filter :security_filter
81
+ #
82
+ # private
83
+ #
84
+ # def security_filter
85
+ # SecurityContext.current_credential = session[:user]
86
+ # yield
87
+ # rescue SecurityViolationError
88
+ # if SecurityContext.is? :logged_in
89
+ # render :template => "welcome/not_allowed"
90
+ # else
91
+ # render :template => "welcome/please_login"
92
+ # end
93
+ # end
94
+ #
95
+ # See SecurityContext#current_credential= and SecurityViolationError.
96
+ #
97
+ def security_filter(symbol, &block)
98
+ filter_chain.append_filter_to_chain([symbol], :security, &block)
99
+ end
100
+
101
+ private
102
+
103
+ def pending_security_wrappers
104
+ @pending_security_wrappers ||= []
105
+ end
106
+
107
+ def pending_action_security_wrappers
108
+ @pending_action_security_wrappers ||= []
109
+ end
110
+
111
+ def build_security_wrapper(method)
112
+ no_security = "#{method}_without_security".to_sym
113
+ class_eval %{
114
+ alias :#{no_security} :#{method}
115
+ def #{method}(*args, &proc)
116
+ rules = self.class.descriptions_of(:#{method})
117
+ SecurityContext.current.send_with_security(rules, self, :#{no_security}, *args, &proc)
118
+ end
119
+ }
120
+ end
121
+
122
+ def build_action_security_wrapper(method)
123
+ no_security = "#{method}_without_action_security".to_sym
124
+ class_eval %{
125
+ alias :#{no_security} :#{method}
126
+ def #{method}(*args, &proc)
127
+ rules = self.class.descriptions_of(action_name)
128
+ SecurityContext.current.send_with_security(rules, self, :#{no_security}, *args, &proc)
129
+ end
130
+ }
131
+ end
132
+
133
+ def compute_default_resource
134
+ name.first(-"Controller".length).singularize.underscore.to_sym
135
+ end
136
+
137
+ end
138
+
139
+ module InstanceMethods # :nodoc:
140
+
141
+ def security_exception=(ex)
142
+ @security_exception = ex
143
+ end
144
+ end
144
145
  end
@@ -1,28 +1,28 @@
1
- #
2
- # = lib/annotation_security/includes/active_record.rb
3
- #
4
-
5
- # = AnnotationSecurity::ActiveRecord
6
- #
7
- # Included by model classes if they are used as resources.
8
- # Includes AnnotationSecurity::Resource and sets up the model observer.
9
- #
10
- module AnnotationSecurity::ActiveRecord # :nodoc:
11
-
12
- def self.included(base)
13
- base.class_eval do
14
- include ::AnnotationSecurity::Resource
15
- end
16
- base.extend(ClassMethods)
17
- AnnotationSecurity::ModelObserver.observe base.name.underscore.to_sym
18
- AnnotationSecurity::ModelObserver.instance.reload_model_observer
19
- end
20
-
21
- module ClassMethods # :nodoc:
22
- def get_resource(object)
23
- return object if object.is_a? self
24
- # Object.const_get(name) needed because of a bug in Rails
25
- Object.const_get(name).find(object)
26
- end
27
- end
1
+ #
2
+ # = lib/annotation_security/includes/active_record.rb
3
+ #
4
+
5
+ # = AnnotationSecurity::ActiveRecord
6
+ #
7
+ # Included by model classes if they are used as resources.
8
+ # Includes AnnotationSecurity::Resource and sets up the model observer.
9
+ #
10
+ module AnnotationSecurity::ActiveRecord # :nodoc:
11
+
12
+ def self.included(base)
13
+ base.class_eval do
14
+ include ::AnnotationSecurity::Resource
15
+ end
16
+ base.extend(ClassMethods)
17
+ AnnotationSecurity::ModelObserver.observe base.name.underscore.to_sym
18
+ AnnotationSecurity::ModelObserver.instance.reload_model_observer
19
+ end
20
+
21
+ module ClassMethods # :nodoc:
22
+ def get_resource(object)
23
+ return object if object.is_a? self
24
+ # Object.const_get(name) needed because of a bug in Rails
25
+ Object.const_get(name).find(object)
26
+ end
27
+ end
28
28
  end