annotation_security 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.md +14 -0
- data/HOW-TO.md +275 -0
- data/{MIT-LICENSE → LICENSE} +1 -1
- data/README.md +39 -0
- data/Rakefile +62 -55
- data/assets/app/helpers/annotation_security_helper.rb +8 -8
- data/assets/config/initializers/annotation_security.rb +11 -11
- data/assets/config/security/relations.rb +20 -20
- data/assets/vendor/plugins/annotation_security/init.rb +13 -13
- data/bin/annotation_security +7 -7
- data/lib/annotation_security/exceptions.rb +124 -124
- data/lib/annotation_security/exec.rb +188 -188
- data/lib/annotation_security/filters.rb +37 -37
- data/lib/annotation_security/includes/action_controller.rb +144 -143
- data/lib/annotation_security/includes/active_record.rb +27 -27
- data/lib/annotation_security/includes/helper.rb +215 -215
- data/lib/annotation_security/includes/resource.rb +84 -84
- data/lib/annotation_security/includes/role.rb +30 -30
- data/lib/annotation_security/includes/user.rb +26 -26
- data/lib/annotation_security/manager/policy_factory.rb +29 -29
- data/lib/annotation_security/manager/policy_manager.rb +79 -79
- data/lib/annotation_security/manager/relation_loader.rb +272 -272
- data/lib/annotation_security/manager/resource_manager.rb +36 -36
- data/lib/annotation_security/manager/right_loader.rb +87 -87
- data/lib/annotation_security/model_observer.rb +61 -61
- data/lib/annotation_security/policy/abstract_policy.rb +344 -344
- data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
- data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
- data/lib/annotation_security/policy/rule.rb +340 -340
- data/lib/annotation_security/policy/rule_set.rb +138 -138
- data/lib/annotation_security/rails.rb +38 -38
- data/lib/annotation_security/user_wrapper.rb +73 -73
- data/lib/annotation_security/utils.rb +141 -141
- data/lib/annotation_security/version.rb +10 -0
- data/lib/annotation_security.rb +102 -97
- data/lib/extensions/action_controller.rb +32 -32
- data/lib/extensions/active_record.rb +34 -34
- data/lib/extensions/filter.rb +133 -133
- data/lib/extensions/object.rb +10 -10
- data/lib/security_context.rb +589 -551
- data/spec/annotation_security/exceptions_spec.rb +16 -16
- data/spec/annotation_security/includes/helper_spec.rb +82 -82
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
- data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
- data/spec/annotation_security/policy/rule_spec.rb +77 -77
- data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
- data/spec/annotation_security/security_context_spec.rb +78 -78
- data/spec/annotation_security/utils_spec.rb +73 -73
- data/spec/helper/test_controller.rb +65 -65
- data/spec/helper/test_helper.rb +5 -5
- data/spec/helper/test_relations.rb +6 -6
- data/spec/helper/test_resource.rb +38 -38
- data/spec/helper/test_role.rb +21 -21
- data/spec/helper/test_user.rb +31 -31
- data/spec/rails_stub.rb +37 -37
- metadata +94 -72
- data/CHANGELOG +0 -2
- data/HOW-TO +0 -261
- data/README +0 -39
@@ -1,215 +1,215 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security/includes/helper.rb
|
3
|
-
#
|
4
|
-
|
5
|
-
# = AnnotationSecurity::Helper
|
6
|
-
#
|
7
|
-
# This module adds some useful helper methods to your templates.
|
8
|
-
#
|
9
|
-
module AnnotationSecurity::Helper
|
10
|
-
|
11
|
-
# Returns true if the operation defined by +policy_args+ is allowed.
|
12
|
-
#
|
13
|
-
# The following calls to #allowed? are possible:
|
14
|
-
#
|
15
|
-
# allowed? :show, :resource, @resource
|
16
|
-
# # => true if the current user has the right to show @resource,
|
17
|
-
# # which belongs to the :resource resource-class
|
18
|
-
#
|
19
|
-
# In case of model objects or other classes which implement a #resource_type
|
20
|
-
# method the the second argument may be ommited
|
21
|
-
#
|
22
|
-
# allowed? :show, @resource
|
23
|
-
# # equivalent to the above call if @resource.resource_type == :resource
|
24
|
-
#
|
25
|
-
# A policy description used as a controller annotation may also be used
|
26
|
-
# to check a right
|
27
|
-
#
|
28
|
-
# allowed? "show resource", @resource
|
29
|
-
# # => true if the current user has the right "show resource" for @resource
|
30
|
-
#
|
31
|
-
# A policy may also be applied without an object representing the context:
|
32
|
-
#
|
33
|
-
# allowed? :show, :resource
|
34
|
-
# # => true if the current may show resources.
|
35
|
-
#
|
36
|
-
# This will only check system and pretest rules. The result +true+ does not
|
37
|
-
# mean that the user may show all resources. However, a +false+ indicates
|
38
|
-
# that the user is not allowed to show any resources.
|
39
|
-
#
|
40
|
-
# If the resource class is omitted as well, only rules defined for all
|
41
|
-
# resources can be tested. See RelationLoader#all_resources for details.
|
42
|
-
#
|
43
|
-
# allowed? :administrate
|
44
|
-
# # => true if the user is allowed to administrate all resources.
|
45
|
-
#
|
46
|
-
# See SecurityContext#allowed?.
|
47
|
-
#
|
48
|
-
def allowed?(*args)
|
49
|
-
SecurityContext.allowed?(*args)
|
50
|
-
end
|
51
|
-
|
52
|
-
alias a? allowed?
|
53
|
-
|
54
|
-
# Equivalent to allowed?; is? is provided for better readability.
|
55
|
-
#
|
56
|
-
# allowed? :logged_in
|
57
|
-
# vs
|
58
|
-
# is? :logged_in
|
59
|
-
#
|
60
|
-
def is?(*args)
|
61
|
-
SecurityContext.is?(*args)
|
62
|
-
end
|
63
|
-
|
64
|
-
# Checks whether the user is allowed to access the action.
|
65
|
-
#
|
66
|
-
# Expects arguments like #link_to_if_allowed, just without name and block.
|
67
|
-
#
|
68
|
-
# Returns true if the action is allowed.
|
69
|
-
#
|
70
|
-
def action_allowed?(options, objects=nil, params=nil, html_options=nil)
|
71
|
-
|
72
|
-
options, objects, params, html_options =
|
73
|
-
parse_allow_action_args(options, objects, params, html_options)
|
74
|
-
|
75
|
-
controller = params.delete :controller
|
76
|
-
action = params.delete :action
|
77
|
-
SecurityContext.allow_action?(controller, action, objects, params)
|
78
|
-
end
|
79
|
-
|
80
|
-
# Returns a link tag with the specified name to the specified resource if
|
81
|
-
# the user is allowed to access it. See #link_to_unless and
|
82
|
-
# SecurityContext#action_allowed? for more documentation.
|
83
|
-
#
|
84
|
-
# There are two ways of using #link_to_if_allowed
|
85
|
-
#
|
86
|
-
# === As #link_to with alternative
|
87
|
-
# (or as #link_to_unless without explicit condition)
|
88
|
-
# link_to_if_allowed(name, options={}, html_options=nil) { 'alternative' }
|
89
|
-
# +options+ either is a hash, like
|
90
|
-
# { :controller => :comments, :action => edit, :id => @comment }
|
91
|
-
# a string, like
|
92
|
-
# "comments/1/edit"
|
93
|
-
# or
|
94
|
-
# edit_comment_path(@comment)
|
95
|
-
# or a single resource object.
|
96
|
-
#
|
97
|
-
# Notice that when providing a string, controller, action and parameters will
|
98
|
-
# be parsed. After that, the resource types of the parameters are *guessed*,
|
99
|
-
# the resources are retrieved and the rules of the action are evaluated.
|
100
|
-
#
|
101
|
-
# The block will be evaluated if the action is not allowed,
|
102
|
-
# like in #link_to_unless.
|
103
|
-
#
|
104
|
-
# === As #link_to with alternative and explicit objects
|
105
|
-
# link_to_if_allowed(name, options={}, objects=[], params={}, html_options=nil) { 'alternative' }
|
106
|
-
# In this case, controller and action will be derived from +options+ unless
|
107
|
-
# they are specified in +params+.
|
108
|
-
# All items in +objects+ and all remaining items in +params+ will be used
|
109
|
-
# for evaluating the rules of the action.
|
110
|
-
#
|
111
|
-
# If you want to specify +html_options+, provide at least an empty hash
|
112
|
-
# for +params+.
|
113
|
-
#
|
114
|
-
# Unlike to #link_to, you can also provide a symbol as +options+ value.
|
115
|
-
# In this case, the target url will be determined by sending symbol as
|
116
|
-
# message, providing +objects+ and +params+ as arguments, e.g.
|
117
|
-
# link_to_if_allowed("Show comment", :comment_path, [@article, @comment], {:details => true})
|
118
|
-
# will call
|
119
|
-
# comment_path(@article, @comment, {:details => true})
|
120
|
-
#
|
121
|
-
# === Examples
|
122
|
-
# <%= link_to_if_allowed("Show", @course) { } %>
|
123
|
-
# <%= link_to_if_allowed("New", new_course_path) { "You may not create a new course." } %>
|
124
|
-
#
|
125
|
-
# These two are equivalent, however, the second approach is more efficient:
|
126
|
-
# <%= link_to_if_allowed("Edit", edit_course_path(@course)) { } %>
|
127
|
-
# <%= link_to_if_allowed("Edit", :edit_course_path, @course) { } %>
|
128
|
-
#
|
129
|
-
# The HTML-options are taken into account when choosing the action.
|
130
|
-
# <%= link_to_if_allowed("Delete", @course, {:method => :delete}) { } %>
|
131
|
-
#
|
132
|
-
# You can also define all values explicitly
|
133
|
-
# <%= link_to_if_allowed("Edit comment", "articles/1/comments/5/edit", [@comment], {:article => @comment.article, :action => :edit, :controller => :comments}) { } %>
|
134
|
-
#
|
135
|
-
# === Parameters
|
136
|
-
# - +name+ Text of the link
|
137
|
-
# - +options+
|
138
|
-
# - +objects+
|
139
|
-
# - +params+
|
140
|
-
# - +html_options+
|
141
|
-
#
|
142
|
-
def link_to_if_allowed(name, options, objects=nil, params=nil, html_options=nil, &block)
|
143
|
-
|
144
|
-
options, objects, params, html_options =
|
145
|
-
parse_allow_action_args(options, objects, params, html_options)
|
146
|
-
|
147
|
-
controller = params.delete :controller
|
148
|
-
action = params.delete :action
|
149
|
-
allowed = SecurityContext.allow_action?(controller, action, objects, params)
|
150
|
-
|
151
|
-
link_to_if(allowed, name, options, html_options, &block)
|
152
|
-
end
|
153
|
-
|
154
|
-
alias link_if_a link_to_if_allowed
|
155
|
-
|
156
|
-
private
|
157
|
-
|
158
|
-
def parse_allow_action_args(*args)
|
159
|
-
if args.second && !(args.second.is_a? Hash)
|
160
|
-
# objects and params are specified
|
161
|
-
options, objects, params, html_options = args
|
162
|
-
objects = [objects] unless objects.is_a? Array
|
163
|
-
params ||= {}
|
164
|
-
html_options ||= {}
|
165
|
-
if options.is_a? Symbol
|
166
|
-
# options is a symbol, send the message to get the link path
|
167
|
-
path_args = objects + [params]
|
168
|
-
options = send(options, *path_args)
|
169
|
-
end
|
170
|
-
else
|
171
|
-
# retrieve objects and params from options
|
172
|
-
options = args.first
|
173
|
-
html_options = args.second || {}
|
174
|
-
objects = [] # everything will be in the params
|
175
|
-
if options.is_a? Hash
|
176
|
-
params = options.dup
|
177
|
-
else
|
178
|
-
params = parse_action_params(options, html_options)
|
179
|
-
end
|
180
|
-
end
|
181
|
-
|
182
|
-
unless params[:controller] && params[:action]
|
183
|
-
# if controller and action are not given, parse from options
|
184
|
-
params = parse_controller_action(options, params, html_options)
|
185
|
-
end
|
186
|
-
|
187
|
-
[options, objects, params, html_options]
|
188
|
-
end
|
189
|
-
|
190
|
-
# uses options and html_options to retrieve controller and action,
|
191
|
-
# adds these values to params hash
|
192
|
-
def parse_controller_action(options, params, html_options)
|
193
|
-
path_info = get_path_info(options, html_options)
|
194
|
-
params[:controller] ||= path_info[:controller]
|
195
|
-
params[:action] ||= path_info[:action]
|
196
|
-
params
|
197
|
-
end
|
198
|
-
|
199
|
-
# uses options and html_options to retrieve controller, action
|
200
|
-
# and params
|
201
|
-
def parse_action_params(options, html_options)
|
202
|
-
get_path_info(options, html_options)
|
203
|
-
end
|
204
|
-
|
205
|
-
def get_path_info(options, html_options)
|
206
|
-
if options.is_a? String
|
207
|
-
path = options
|
208
|
-
else
|
209
|
-
path = url_for(options)
|
210
|
-
end
|
211
|
-
env = { :method => (html_options[:method] || :get ) }
|
212
|
-
ActionController::Routing::Routes.recognize_path(path, env)
|
213
|
-
end
|
214
|
-
|
215
|
-
end
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/includes/helper.rb
|
3
|
+
#
|
4
|
+
|
5
|
+
# = AnnotationSecurity::Helper
|
6
|
+
#
|
7
|
+
# This module adds some useful helper methods to your templates.
|
8
|
+
#
|
9
|
+
module AnnotationSecurity::Helper
|
10
|
+
|
11
|
+
# Returns true if the operation defined by +policy_args+ is allowed.
|
12
|
+
#
|
13
|
+
# The following calls to #allowed? are possible:
|
14
|
+
#
|
15
|
+
# allowed? :show, :resource, @resource
|
16
|
+
# # => true if the current user has the right to show @resource,
|
17
|
+
# # which belongs to the :resource resource-class
|
18
|
+
#
|
19
|
+
# In case of model objects or other classes which implement a #resource_type
|
20
|
+
# method the the second argument may be ommited
|
21
|
+
#
|
22
|
+
# allowed? :show, @resource
|
23
|
+
# # equivalent to the above call if @resource.resource_type == :resource
|
24
|
+
#
|
25
|
+
# A policy description used as a controller annotation may also be used
|
26
|
+
# to check a right
|
27
|
+
#
|
28
|
+
# allowed? "show resource", @resource
|
29
|
+
# # => true if the current user has the right "show resource" for @resource
|
30
|
+
#
|
31
|
+
# A policy may also be applied without an object representing the context:
|
32
|
+
#
|
33
|
+
# allowed? :show, :resource
|
34
|
+
# # => true if the current may show resources.
|
35
|
+
#
|
36
|
+
# This will only check system and pretest rules. The result +true+ does not
|
37
|
+
# mean that the user may show all resources. However, a +false+ indicates
|
38
|
+
# that the user is not allowed to show any resources.
|
39
|
+
#
|
40
|
+
# If the resource class is omitted as well, only rules defined for all
|
41
|
+
# resources can be tested. See RelationLoader#all_resources for details.
|
42
|
+
#
|
43
|
+
# allowed? :administrate
|
44
|
+
# # => true if the user is allowed to administrate all resources.
|
45
|
+
#
|
46
|
+
# See SecurityContext#allowed?.
|
47
|
+
#
|
48
|
+
def allowed?(*args)
|
49
|
+
SecurityContext.allowed?(*args)
|
50
|
+
end
|
51
|
+
|
52
|
+
alias a? allowed?
|
53
|
+
|
54
|
+
# Equivalent to allowed?; is? is provided for better readability.
|
55
|
+
#
|
56
|
+
# allowed? :logged_in
|
57
|
+
# vs
|
58
|
+
# is? :logged_in
|
59
|
+
#
|
60
|
+
def is?(*args)
|
61
|
+
SecurityContext.is?(*args)
|
62
|
+
end
|
63
|
+
|
64
|
+
# Checks whether the user is allowed to access the action.
|
65
|
+
#
|
66
|
+
# Expects arguments like #link_to_if_allowed, just without name and block.
|
67
|
+
#
|
68
|
+
# Returns true if the action is allowed.
|
69
|
+
#
|
70
|
+
def action_allowed?(options, objects=nil, params=nil, html_options=nil)
|
71
|
+
|
72
|
+
options, objects, params, html_options =
|
73
|
+
parse_allow_action_args(options, objects, params, html_options)
|
74
|
+
|
75
|
+
controller = params.delete :controller
|
76
|
+
action = params.delete :action
|
77
|
+
SecurityContext.allow_action?(controller, action, objects, params)
|
78
|
+
end
|
79
|
+
|
80
|
+
# Returns a link tag with the specified name to the specified resource if
|
81
|
+
# the user is allowed to access it. See #link_to_unless and
|
82
|
+
# SecurityContext#action_allowed? for more documentation.
|
83
|
+
#
|
84
|
+
# There are two ways of using #link_to_if_allowed
|
85
|
+
#
|
86
|
+
# === As #link_to with alternative
|
87
|
+
# (or as #link_to_unless without explicit condition)
|
88
|
+
# link_to_if_allowed(name, options={}, html_options=nil) { 'alternative' }
|
89
|
+
# +options+ either is a hash, like
|
90
|
+
# { :controller => :comments, :action => edit, :id => @comment }
|
91
|
+
# a string, like
|
92
|
+
# "comments/1/edit"
|
93
|
+
# or
|
94
|
+
# edit_comment_path(@comment)
|
95
|
+
# or a single resource object.
|
96
|
+
#
|
97
|
+
# Notice that when providing a string, controller, action and parameters will
|
98
|
+
# be parsed. After that, the resource types of the parameters are *guessed*,
|
99
|
+
# the resources are retrieved and the rules of the action are evaluated.
|
100
|
+
#
|
101
|
+
# The block will be evaluated if the action is not allowed,
|
102
|
+
# like in #link_to_unless.
|
103
|
+
#
|
104
|
+
# === As #link_to with alternative and explicit objects
|
105
|
+
# link_to_if_allowed(name, options={}, objects=[], params={}, html_options=nil) { 'alternative' }
|
106
|
+
# In this case, controller and action will be derived from +options+ unless
|
107
|
+
# they are specified in +params+.
|
108
|
+
# All items in +objects+ and all remaining items in +params+ will be used
|
109
|
+
# for evaluating the rules of the action.
|
110
|
+
#
|
111
|
+
# If you want to specify +html_options+, provide at least an empty hash
|
112
|
+
# for +params+.
|
113
|
+
#
|
114
|
+
# Unlike to #link_to, you can also provide a symbol as +options+ value.
|
115
|
+
# In this case, the target url will be determined by sending symbol as
|
116
|
+
# message, providing +objects+ and +params+ as arguments, e.g.
|
117
|
+
# link_to_if_allowed("Show comment", :comment_path, [@article, @comment], {:details => true})
|
118
|
+
# will call
|
119
|
+
# comment_path(@article, @comment, {:details => true})
|
120
|
+
#
|
121
|
+
# === Examples
|
122
|
+
# <%= link_to_if_allowed("Show", @course) { } %>
|
123
|
+
# <%= link_to_if_allowed("New", new_course_path) { "You may not create a new course." } %>
|
124
|
+
#
|
125
|
+
# These two are equivalent, however, the second approach is more efficient:
|
126
|
+
# <%= link_to_if_allowed("Edit", edit_course_path(@course)) { } %>
|
127
|
+
# <%= link_to_if_allowed("Edit", :edit_course_path, @course) { } %>
|
128
|
+
#
|
129
|
+
# The HTML-options are taken into account when choosing the action.
|
130
|
+
# <%= link_to_if_allowed("Delete", @course, {:method => :delete}) { } %>
|
131
|
+
#
|
132
|
+
# You can also define all values explicitly
|
133
|
+
# <%= link_to_if_allowed("Edit comment", "articles/1/comments/5/edit", [@comment], {:article => @comment.article, :action => :edit, :controller => :comments}) { } %>
|
134
|
+
#
|
135
|
+
# === Parameters
|
136
|
+
# - +name+ Text of the link
|
137
|
+
# - +options+
|
138
|
+
# - +objects+
|
139
|
+
# - +params+
|
140
|
+
# - +html_options+
|
141
|
+
#
|
142
|
+
def link_to_if_allowed(name, options, objects=nil, params=nil, html_options=nil, &block)
|
143
|
+
|
144
|
+
options, objects, params, html_options =
|
145
|
+
parse_allow_action_args(options, objects, params, html_options)
|
146
|
+
|
147
|
+
controller = params.delete :controller
|
148
|
+
action = params.delete :action
|
149
|
+
allowed = SecurityContext.allow_action?(controller, action, objects, params)
|
150
|
+
|
151
|
+
link_to_if(allowed, name, options, html_options, &block)
|
152
|
+
end
|
153
|
+
|
154
|
+
alias link_if_a link_to_if_allowed
|
155
|
+
|
156
|
+
private
|
157
|
+
|
158
|
+
def parse_allow_action_args(*args)
|
159
|
+
if args.second && !(args.second.is_a? Hash)
|
160
|
+
# objects and params are specified
|
161
|
+
options, objects, params, html_options = args
|
162
|
+
objects = [objects] unless objects.is_a? Array
|
163
|
+
params ||= {}
|
164
|
+
html_options ||= {}
|
165
|
+
if options.is_a? Symbol
|
166
|
+
# options is a symbol, send the message to get the link path
|
167
|
+
path_args = objects + [params]
|
168
|
+
options = send(options, *path_args)
|
169
|
+
end
|
170
|
+
else
|
171
|
+
# retrieve objects and params from options
|
172
|
+
options = args.first
|
173
|
+
html_options = args.second || {}
|
174
|
+
objects = [] # everything will be in the params
|
175
|
+
if options.is_a? Hash
|
176
|
+
params = options.dup
|
177
|
+
else
|
178
|
+
params = parse_action_params(options, html_options)
|
179
|
+
end
|
180
|
+
end
|
181
|
+
|
182
|
+
unless params[:controller] && params[:action]
|
183
|
+
# if controller and action are not given, parse from options
|
184
|
+
params = parse_controller_action(options, params, html_options)
|
185
|
+
end
|
186
|
+
|
187
|
+
[options, objects, params, html_options]
|
188
|
+
end
|
189
|
+
|
190
|
+
# uses options and html_options to retrieve controller and action,
|
191
|
+
# adds these values to params hash
|
192
|
+
def parse_controller_action(options, params, html_options)
|
193
|
+
path_info = get_path_info(options, html_options)
|
194
|
+
params[:controller] ||= path_info[:controller]
|
195
|
+
params[:action] ||= path_info[:action]
|
196
|
+
params
|
197
|
+
end
|
198
|
+
|
199
|
+
# uses options and html_options to retrieve controller, action
|
200
|
+
# and params
|
201
|
+
def parse_action_params(options, html_options)
|
202
|
+
get_path_info(options, html_options)
|
203
|
+
end
|
204
|
+
|
205
|
+
def get_path_info(options, html_options)
|
206
|
+
if options.is_a? String
|
207
|
+
path = options
|
208
|
+
else
|
209
|
+
path = url_for(options)
|
210
|
+
end
|
211
|
+
env = { :method => (html_options[:method] || :get ) }
|
212
|
+
ActionController::Routing::Routes.recognize_path(path, env)
|
213
|
+
end
|
214
|
+
|
215
|
+
end
|
@@ -1,85 +1,85 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security/includes/resource.rb
|
3
|
-
#
|
4
|
-
|
5
|
-
# Must be included by all classes that are resource classes and do not extend
|
6
|
-
# ActiveRecord::Base.
|
7
|
-
#
|
8
|
-
# class MailDispatcher
|
9
|
-
# include AnnotationSecurity::Resource
|
10
|
-
# resource_type = :email
|
11
|
-
# ...
|
12
|
-
#
|
13
|
-
# See AnnotationSecurity::Resource::ClassMethods.
|
14
|
-
#
|
15
|
-
module AnnotationSecurity::Resource
|
16
|
-
|
17
|
-
def self.included(base) # :nodoc:
|
18
|
-
base.extend(ClassMethods)
|
19
|
-
base.class_eval do
|
20
|
-
include InstanceMethods
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
# Provides class side methods for resource classes.
|
25
|
-
module ClassMethods
|
26
|
-
|
27
|
-
# Registers the class as a resource.
|
28
|
-
#
|
29
|
-
def resource_type=(symbol)
|
30
|
-
@resource_type = symbol
|
31
|
-
AnnotationSecurity::ResourceManager.add_resource_class(symbol,self)
|
32
|
-
symbol
|
33
|
-
end
|
34
|
-
|
35
|
-
def resource_type # :nodoc:
|
36
|
-
@resource_type || (self.resource_type = name.underscore.to_sym)
|
37
|
-
end
|
38
|
-
|
39
|
-
def policy_for(user,obj=nil) # :nodoc:
|
40
|
-
policy_factory.create_policy(user,obj)
|
41
|
-
end
|
42
|
-
|
43
|
-
# If required, overwrite this method to return a resource object identified
|
44
|
-
# by the argument.
|
45
|
-
#
|
46
|
-
# This might be necessary if you change the to_param method of an
|
47
|
-
# ActiveRecord class.
|
48
|
-
#
|
49
|
-
# class Course < ActiveRecord::Base
|
50
|
-
# ...
|
51
|
-
# # each course has a unique name --> make better urls
|
52
|
-
# def to_param
|
53
|
-
# name
|
54
|
-
# end
|
55
|
-
#
|
56
|
-
# def self.get_resource(name)
|
57
|
-
# find_by_name(name)
|
58
|
-
# end
|
59
|
-
#
|
60
|
-
def get_resource(arg)
|
61
|
-
raise NoMethodError, "#{self} does not implement #get_resource"
|
62
|
-
end
|
63
|
-
|
64
|
-
private
|
65
|
-
|
66
|
-
def policy_factory # :nodoc:
|
67
|
-
@policy_factory ||= AnnotationSecurity::PolicyManager.policy_factory(resource_type)
|
68
|
-
end
|
69
|
-
|
70
|
-
end
|
71
|
-
|
72
|
-
module InstanceMethods # :nodoc:
|
73
|
-
def resource_type
|
74
|
-
self.class.resource_type
|
75
|
-
end
|
76
|
-
|
77
|
-
def __is_resource?
|
78
|
-
true
|
79
|
-
end
|
80
|
-
|
81
|
-
def policy_for(user)
|
82
|
-
self.class.policy_for(user,self)
|
83
|
-
end
|
84
|
-
end
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/includes/resource.rb
|
3
|
+
#
|
4
|
+
|
5
|
+
# Must be included by all classes that are resource classes and do not extend
|
6
|
+
# ActiveRecord::Base.
|
7
|
+
#
|
8
|
+
# class MailDispatcher
|
9
|
+
# include AnnotationSecurity::Resource
|
10
|
+
# resource_type = :email
|
11
|
+
# ...
|
12
|
+
#
|
13
|
+
# See AnnotationSecurity::Resource::ClassMethods.
|
14
|
+
#
|
15
|
+
module AnnotationSecurity::Resource
|
16
|
+
|
17
|
+
def self.included(base) # :nodoc:
|
18
|
+
base.extend(ClassMethods)
|
19
|
+
base.class_eval do
|
20
|
+
include InstanceMethods
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
# Provides class side methods for resource classes.
|
25
|
+
module ClassMethods
|
26
|
+
|
27
|
+
# Registers the class as a resource.
|
28
|
+
#
|
29
|
+
def resource_type=(symbol)
|
30
|
+
@resource_type = symbol
|
31
|
+
AnnotationSecurity::ResourceManager.add_resource_class(symbol,self)
|
32
|
+
symbol
|
33
|
+
end
|
34
|
+
|
35
|
+
def resource_type # :nodoc:
|
36
|
+
@resource_type || (self.resource_type = name.underscore.to_sym)
|
37
|
+
end
|
38
|
+
|
39
|
+
def policy_for(user,obj=nil) # :nodoc:
|
40
|
+
policy_factory.create_policy(user,obj)
|
41
|
+
end
|
42
|
+
|
43
|
+
# If required, overwrite this method to return a resource object identified
|
44
|
+
# by the argument.
|
45
|
+
#
|
46
|
+
# This might be necessary if you change the to_param method of an
|
47
|
+
# ActiveRecord class.
|
48
|
+
#
|
49
|
+
# class Course < ActiveRecord::Base
|
50
|
+
# ...
|
51
|
+
# # each course has a unique name --> make better urls
|
52
|
+
# def to_param
|
53
|
+
# name
|
54
|
+
# end
|
55
|
+
#
|
56
|
+
# def self.get_resource(name)
|
57
|
+
# find_by_name(name)
|
58
|
+
# end
|
59
|
+
#
|
60
|
+
def get_resource(arg)
|
61
|
+
raise NoMethodError, "#{self} does not implement #get_resource"
|
62
|
+
end
|
63
|
+
|
64
|
+
private
|
65
|
+
|
66
|
+
def policy_factory # :nodoc:
|
67
|
+
@policy_factory ||= AnnotationSecurity::PolicyManager.policy_factory(resource_type)
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|
71
|
+
|
72
|
+
module InstanceMethods # :nodoc:
|
73
|
+
def resource_type
|
74
|
+
self.class.resource_type
|
75
|
+
end
|
76
|
+
|
77
|
+
def __is_resource?
|
78
|
+
true
|
79
|
+
end
|
80
|
+
|
81
|
+
def policy_for(user)
|
82
|
+
self.class.policy_for(user,self)
|
83
|
+
end
|
84
|
+
end
|
85
85
|
end
|
@@ -1,31 +1,31 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security/includes/role.rb
|
3
|
-
#
|
4
|
-
|
5
|
-
# = AnnotationSecurity::Role
|
6
|
-
#
|
7
|
-
# This module should be included by all role classes
|
8
|
-
# to enable full support of all features.
|
9
|
-
#
|
10
|
-
# A role class is a domain class that represents user roles
|
11
|
-
# and does not extend the user class. It should have the method #user that
|
12
|
-
# returns the user object it belongs to.
|
13
|
-
#
|
14
|
-
module AnnotationSecurity::Role
|
15
|
-
|
16
|
-
# Returns true if this belongs to the user given as parameter.
|
17
|
-
#
|
18
|
-
# Required to have a common interface with AnnotationSecurity::User.
|
19
|
-
#
|
20
|
-
def is_user?(user)
|
21
|
-
self.user == user
|
22
|
-
end
|
23
|
-
|
24
|
-
# If +obj+ is a UserWrapper, extract the role before comparing
|
25
|
-
#
|
26
|
-
def ==(obj)
|
27
|
-
obj = obj.__role__ if obj.is_a? AnnotationSecurity::UserWrapper
|
28
|
-
super(obj)
|
29
|
-
end
|
30
|
-
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/includes/role.rb
|
3
|
+
#
|
4
|
+
|
5
|
+
# = AnnotationSecurity::Role
|
6
|
+
#
|
7
|
+
# This module should be included by all role classes
|
8
|
+
# to enable full support of all features.
|
9
|
+
#
|
10
|
+
# A role class is a domain class that represents user roles
|
11
|
+
# and does not extend the user class. It should have the method #user that
|
12
|
+
# returns the user object it belongs to.
|
13
|
+
#
|
14
|
+
module AnnotationSecurity::Role
|
15
|
+
|
16
|
+
# Returns true if this belongs to the user given as parameter.
|
17
|
+
#
|
18
|
+
# Required to have a common interface with AnnotationSecurity::User.
|
19
|
+
#
|
20
|
+
def is_user?(user)
|
21
|
+
self.user == user
|
22
|
+
end
|
23
|
+
|
24
|
+
# If +obj+ is a UserWrapper, extract the role before comparing
|
25
|
+
#
|
26
|
+
def ==(obj)
|
27
|
+
obj = obj.__role__ if obj.is_a? AnnotationSecurity::UserWrapper
|
28
|
+
super(obj)
|
29
|
+
end
|
30
|
+
|
31
31
|
end
|