annotation_security 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. data/CHANGELOG.md +14 -0
  2. data/HOW-TO.md +275 -0
  3. data/{MIT-LICENSE → LICENSE} +1 -1
  4. data/README.md +39 -0
  5. data/Rakefile +62 -55
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +13 -13
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security/exceptions.rb +124 -124
  12. data/lib/annotation_security/exec.rb +188 -188
  13. data/lib/annotation_security/filters.rb +37 -37
  14. data/lib/annotation_security/includes/action_controller.rb +144 -143
  15. data/lib/annotation_security/includes/active_record.rb +27 -27
  16. data/lib/annotation_security/includes/helper.rb +215 -215
  17. data/lib/annotation_security/includes/resource.rb +84 -84
  18. data/lib/annotation_security/includes/role.rb +30 -30
  19. data/lib/annotation_security/includes/user.rb +26 -26
  20. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  21. data/lib/annotation_security/manager/policy_manager.rb +79 -79
  22. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  23. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  24. data/lib/annotation_security/manager/right_loader.rb +87 -87
  25. data/lib/annotation_security/model_observer.rb +61 -61
  26. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  27. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  28. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  29. data/lib/annotation_security/policy/rule.rb +340 -340
  30. data/lib/annotation_security/policy/rule_set.rb +138 -138
  31. data/lib/annotation_security/rails.rb +38 -38
  32. data/lib/annotation_security/user_wrapper.rb +73 -73
  33. data/lib/annotation_security/utils.rb +141 -141
  34. data/lib/annotation_security/version.rb +10 -0
  35. data/lib/annotation_security.rb +102 -97
  36. data/lib/extensions/action_controller.rb +32 -32
  37. data/lib/extensions/active_record.rb +34 -34
  38. data/lib/extensions/filter.rb +133 -133
  39. data/lib/extensions/object.rb +10 -10
  40. data/lib/security_context.rb +589 -551
  41. data/spec/annotation_security/exceptions_spec.rb +16 -16
  42. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  43. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  44. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  45. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  46. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  47. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  48. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  49. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  50. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  51. data/spec/annotation_security/security_context_spec.rb +78 -78
  52. data/spec/annotation_security/utils_spec.rb +73 -73
  53. data/spec/helper/test_controller.rb +65 -65
  54. data/spec/helper/test_helper.rb +5 -5
  55. data/spec/helper/test_relations.rb +6 -6
  56. data/spec/helper/test_resource.rb +38 -38
  57. data/spec/helper/test_role.rb +21 -21
  58. data/spec/helper/test_user.rb +31 -31
  59. data/spec/rails_stub.rb +37 -37
  60. metadata +94 -72
  61. data/CHANGELOG +0 -2
  62. data/HOW-TO +0 -261
  63. data/README +0 -39
@@ -1,215 +1,215 @@
1
- #
2
- # = lib/annotation_security/includes/helper.rb
3
- #
4
-
5
- # = AnnotationSecurity::Helper
6
- #
7
- # This module adds some useful helper methods to your templates.
8
- #
9
- module AnnotationSecurity::Helper
10
-
11
- # Returns true if the operation defined by +policy_args+ is allowed.
12
- #
13
- # The following calls to #allowed? are possible:
14
- #
15
- # allowed? :show, :resource, @resource
16
- # # => true if the current user has the right to show @resource,
17
- # # which belongs to the :resource resource-class
18
- #
19
- # In case of model objects or other classes which implement a #resource_type
20
- # method the the second argument may be ommited
21
- #
22
- # allowed? :show, @resource
23
- # # equivalent to the above call if @resource.resource_type == :resource
24
- #
25
- # A policy description used as a controller annotation may also be used
26
- # to check a right
27
- #
28
- # allowed? "show resource", @resource
29
- # # => true if the current user has the right "show resource" for @resource
30
- #
31
- # A policy may also be applied without an object representing the context:
32
- #
33
- # allowed? :show, :resource
34
- # # => true if the current may show resources.
35
- #
36
- # This will only check system and pretest rules. The result +true+ does not
37
- # mean that the user may show all resources. However, a +false+ indicates
38
- # that the user is not allowed to show any resources.
39
- #
40
- # If the resource class is omitted as well, only rules defined for all
41
- # resources can be tested. See RelationLoader#all_resources for details.
42
- #
43
- # allowed? :administrate
44
- # # => true if the user is allowed to administrate all resources.
45
- #
46
- # See SecurityContext#allowed?.
47
- #
48
- def allowed?(*args)
49
- SecurityContext.allowed?(*args)
50
- end
51
-
52
- alias a? allowed?
53
-
54
- # Equivalent to allowed?; is? is provided for better readability.
55
- #
56
- # allowed? :logged_in
57
- # vs
58
- # is? :logged_in
59
- #
60
- def is?(*args)
61
- SecurityContext.is?(*args)
62
- end
63
-
64
- # Checks whether the user is allowed to access the action.
65
- #
66
- # Expects arguments like #link_to_if_allowed, just without name and block.
67
- #
68
- # Returns true if the action is allowed.
69
- #
70
- def action_allowed?(options, objects=nil, params=nil, html_options=nil)
71
-
72
- options, objects, params, html_options =
73
- parse_allow_action_args(options, objects, params, html_options)
74
-
75
- controller = params.delete :controller
76
- action = params.delete :action
77
- SecurityContext.allow_action?(controller, action, objects, params)
78
- end
79
-
80
- # Returns a link tag with the specified name to the specified resource if
81
- # the user is allowed to access it. See #link_to_unless and
82
- # SecurityContext#action_allowed? for more documentation.
83
- #
84
- # There are two ways of using #link_to_if_allowed
85
- #
86
- # === As #link_to with alternative
87
- # (or as #link_to_unless without explicit condition)
88
- # link_to_if_allowed(name, options={}, html_options=nil) { 'alternative' }
89
- # +options+ either is a hash, like
90
- # { :controller => :comments, :action => edit, :id => @comment }
91
- # a string, like
92
- # "comments/1/edit"
93
- # or
94
- # edit_comment_path(@comment)
95
- # or a single resource object.
96
- #
97
- # Notice that when providing a string, controller, action and parameters will
98
- # be parsed. After that, the resource types of the parameters are *guessed*,
99
- # the resources are retrieved and the rules of the action are evaluated.
100
- #
101
- # The block will be evaluated if the action is not allowed,
102
- # like in #link_to_unless.
103
- #
104
- # === As #link_to with alternative and explicit objects
105
- # link_to_if_allowed(name, options={}, objects=[], params={}, html_options=nil) { 'alternative' }
106
- # In this case, controller and action will be derived from +options+ unless
107
- # they are specified in +params+.
108
- # All items in +objects+ and all remaining items in +params+ will be used
109
- # for evaluating the rules of the action.
110
- #
111
- # If you want to specify +html_options+, provide at least an empty hash
112
- # for +params+.
113
- #
114
- # Unlike to #link_to, you can also provide a symbol as +options+ value.
115
- # In this case, the target url will be determined by sending symbol as
116
- # message, providing +objects+ and +params+ as arguments, e.g.
117
- # link_to_if_allowed("Show comment", :comment_path, [@article, @comment], {:details => true})
118
- # will call
119
- # comment_path(@article, @comment, {:details => true})
120
- #
121
- # === Examples
122
- # <%= link_to_if_allowed("Show", @course) { } %>
123
- # <%= link_to_if_allowed("New", new_course_path) { "You may not create a new course." } %>
124
- #
125
- # These two are equivalent, however, the second approach is more efficient:
126
- # <%= link_to_if_allowed("Edit", edit_course_path(@course)) { } %>
127
- # <%= link_to_if_allowed("Edit", :edit_course_path, @course) { } %>
128
- #
129
- # The HTML-options are taken into account when choosing the action.
130
- # <%= link_to_if_allowed("Delete", @course, {:method => :delete}) { } %>
131
- #
132
- # You can also define all values explicitly
133
- # <%= link_to_if_allowed("Edit comment", "articles/1/comments/5/edit", [@comment], {:article => @comment.article, :action => :edit, :controller => :comments}) { } %>
134
- #
135
- # === Parameters
136
- # - +name+ Text of the link
137
- # - +options+
138
- # - +objects+
139
- # - +params+
140
- # - +html_options+
141
- #
142
- def link_to_if_allowed(name, options, objects=nil, params=nil, html_options=nil, &block)
143
-
144
- options, objects, params, html_options =
145
- parse_allow_action_args(options, objects, params, html_options)
146
-
147
- controller = params.delete :controller
148
- action = params.delete :action
149
- allowed = SecurityContext.allow_action?(controller, action, objects, params)
150
-
151
- link_to_if(allowed, name, options, html_options, &block)
152
- end
153
-
154
- alias link_if_a link_to_if_allowed
155
-
156
- private
157
-
158
- def parse_allow_action_args(*args)
159
- if args.second && !(args.second.is_a? Hash)
160
- # objects and params are specified
161
- options, objects, params, html_options = args
162
- objects = [objects] unless objects.is_a? Array
163
- params ||= {}
164
- html_options ||= {}
165
- if options.is_a? Symbol
166
- # options is a symbol, send the message to get the link path
167
- path_args = objects + [params]
168
- options = send(options, *path_args)
169
- end
170
- else
171
- # retrieve objects and params from options
172
- options = args.first
173
- html_options = args.second || {}
174
- objects = [] # everything will be in the params
175
- if options.is_a? Hash
176
- params = options.dup
177
- else
178
- params = parse_action_params(options, html_options)
179
- end
180
- end
181
-
182
- unless params[:controller] && params[:action]
183
- # if controller and action are not given, parse from options
184
- params = parse_controller_action(options, params, html_options)
185
- end
186
-
187
- [options, objects, params, html_options]
188
- end
189
-
190
- # uses options and html_options to retrieve controller and action,
191
- # adds these values to params hash
192
- def parse_controller_action(options, params, html_options)
193
- path_info = get_path_info(options, html_options)
194
- params[:controller] ||= path_info[:controller]
195
- params[:action] ||= path_info[:action]
196
- params
197
- end
198
-
199
- # uses options and html_options to retrieve controller, action
200
- # and params
201
- def parse_action_params(options, html_options)
202
- get_path_info(options, html_options)
203
- end
204
-
205
- def get_path_info(options, html_options)
206
- if options.is_a? String
207
- path = options
208
- else
209
- path = url_for(options)
210
- end
211
- env = { :method => (html_options[:method] || :get ) }
212
- ActionController::Routing::Routes.recognize_path(path, env)
213
- end
214
-
215
- end
1
+ #
2
+ # = lib/annotation_security/includes/helper.rb
3
+ #
4
+
5
+ # = AnnotationSecurity::Helper
6
+ #
7
+ # This module adds some useful helper methods to your templates.
8
+ #
9
+ module AnnotationSecurity::Helper
10
+
11
+ # Returns true if the operation defined by +policy_args+ is allowed.
12
+ #
13
+ # The following calls to #allowed? are possible:
14
+ #
15
+ # allowed? :show, :resource, @resource
16
+ # # => true if the current user has the right to show @resource,
17
+ # # which belongs to the :resource resource-class
18
+ #
19
+ # In case of model objects or other classes which implement a #resource_type
20
+ # method the the second argument may be ommited
21
+ #
22
+ # allowed? :show, @resource
23
+ # # equivalent to the above call if @resource.resource_type == :resource
24
+ #
25
+ # A policy description used as a controller annotation may also be used
26
+ # to check a right
27
+ #
28
+ # allowed? "show resource", @resource
29
+ # # => true if the current user has the right "show resource" for @resource
30
+ #
31
+ # A policy may also be applied without an object representing the context:
32
+ #
33
+ # allowed? :show, :resource
34
+ # # => true if the current may show resources.
35
+ #
36
+ # This will only check system and pretest rules. The result +true+ does not
37
+ # mean that the user may show all resources. However, a +false+ indicates
38
+ # that the user is not allowed to show any resources.
39
+ #
40
+ # If the resource class is omitted as well, only rules defined for all
41
+ # resources can be tested. See RelationLoader#all_resources for details.
42
+ #
43
+ # allowed? :administrate
44
+ # # => true if the user is allowed to administrate all resources.
45
+ #
46
+ # See SecurityContext#allowed?.
47
+ #
48
+ def allowed?(*args)
49
+ SecurityContext.allowed?(*args)
50
+ end
51
+
52
+ alias a? allowed?
53
+
54
+ # Equivalent to allowed?; is? is provided for better readability.
55
+ #
56
+ # allowed? :logged_in
57
+ # vs
58
+ # is? :logged_in
59
+ #
60
+ def is?(*args)
61
+ SecurityContext.is?(*args)
62
+ end
63
+
64
+ # Checks whether the user is allowed to access the action.
65
+ #
66
+ # Expects arguments like #link_to_if_allowed, just without name and block.
67
+ #
68
+ # Returns true if the action is allowed.
69
+ #
70
+ def action_allowed?(options, objects=nil, params=nil, html_options=nil)
71
+
72
+ options, objects, params, html_options =
73
+ parse_allow_action_args(options, objects, params, html_options)
74
+
75
+ controller = params.delete :controller
76
+ action = params.delete :action
77
+ SecurityContext.allow_action?(controller, action, objects, params)
78
+ end
79
+
80
+ # Returns a link tag with the specified name to the specified resource if
81
+ # the user is allowed to access it. See #link_to_unless and
82
+ # SecurityContext#action_allowed? for more documentation.
83
+ #
84
+ # There are two ways of using #link_to_if_allowed
85
+ #
86
+ # === As #link_to with alternative
87
+ # (or as #link_to_unless without explicit condition)
88
+ # link_to_if_allowed(name, options={}, html_options=nil) { 'alternative' }
89
+ # +options+ either is a hash, like
90
+ # { :controller => :comments, :action => edit, :id => @comment }
91
+ # a string, like
92
+ # "comments/1/edit"
93
+ # or
94
+ # edit_comment_path(@comment)
95
+ # or a single resource object.
96
+ #
97
+ # Notice that when providing a string, controller, action and parameters will
98
+ # be parsed. After that, the resource types of the parameters are *guessed*,
99
+ # the resources are retrieved and the rules of the action are evaluated.
100
+ #
101
+ # The block will be evaluated if the action is not allowed,
102
+ # like in #link_to_unless.
103
+ #
104
+ # === As #link_to with alternative and explicit objects
105
+ # link_to_if_allowed(name, options={}, objects=[], params={}, html_options=nil) { 'alternative' }
106
+ # In this case, controller and action will be derived from +options+ unless
107
+ # they are specified in +params+.
108
+ # All items in +objects+ and all remaining items in +params+ will be used
109
+ # for evaluating the rules of the action.
110
+ #
111
+ # If you want to specify +html_options+, provide at least an empty hash
112
+ # for +params+.
113
+ #
114
+ # Unlike to #link_to, you can also provide a symbol as +options+ value.
115
+ # In this case, the target url will be determined by sending symbol as
116
+ # message, providing +objects+ and +params+ as arguments, e.g.
117
+ # link_to_if_allowed("Show comment", :comment_path, [@article, @comment], {:details => true})
118
+ # will call
119
+ # comment_path(@article, @comment, {:details => true})
120
+ #
121
+ # === Examples
122
+ # <%= link_to_if_allowed("Show", @course) { } %>
123
+ # <%= link_to_if_allowed("New", new_course_path) { "You may not create a new course." } %>
124
+ #
125
+ # These two are equivalent, however, the second approach is more efficient:
126
+ # <%= link_to_if_allowed("Edit", edit_course_path(@course)) { } %>
127
+ # <%= link_to_if_allowed("Edit", :edit_course_path, @course) { } %>
128
+ #
129
+ # The HTML-options are taken into account when choosing the action.
130
+ # <%= link_to_if_allowed("Delete", @course, {:method => :delete}) { } %>
131
+ #
132
+ # You can also define all values explicitly
133
+ # <%= link_to_if_allowed("Edit comment", "articles/1/comments/5/edit", [@comment], {:article => @comment.article, :action => :edit, :controller => :comments}) { } %>
134
+ #
135
+ # === Parameters
136
+ # - +name+ Text of the link
137
+ # - +options+
138
+ # - +objects+
139
+ # - +params+
140
+ # - +html_options+
141
+ #
142
+ def link_to_if_allowed(name, options, objects=nil, params=nil, html_options=nil, &block)
143
+
144
+ options, objects, params, html_options =
145
+ parse_allow_action_args(options, objects, params, html_options)
146
+
147
+ controller = params.delete :controller
148
+ action = params.delete :action
149
+ allowed = SecurityContext.allow_action?(controller, action, objects, params)
150
+
151
+ link_to_if(allowed, name, options, html_options, &block)
152
+ end
153
+
154
+ alias link_if_a link_to_if_allowed
155
+
156
+ private
157
+
158
+ def parse_allow_action_args(*args)
159
+ if args.second && !(args.second.is_a? Hash)
160
+ # objects and params are specified
161
+ options, objects, params, html_options = args
162
+ objects = [objects] unless objects.is_a? Array
163
+ params ||= {}
164
+ html_options ||= {}
165
+ if options.is_a? Symbol
166
+ # options is a symbol, send the message to get the link path
167
+ path_args = objects + [params]
168
+ options = send(options, *path_args)
169
+ end
170
+ else
171
+ # retrieve objects and params from options
172
+ options = args.first
173
+ html_options = args.second || {}
174
+ objects = [] # everything will be in the params
175
+ if options.is_a? Hash
176
+ params = options.dup
177
+ else
178
+ params = parse_action_params(options, html_options)
179
+ end
180
+ end
181
+
182
+ unless params[:controller] && params[:action]
183
+ # if controller and action are not given, parse from options
184
+ params = parse_controller_action(options, params, html_options)
185
+ end
186
+
187
+ [options, objects, params, html_options]
188
+ end
189
+
190
+ # uses options and html_options to retrieve controller and action,
191
+ # adds these values to params hash
192
+ def parse_controller_action(options, params, html_options)
193
+ path_info = get_path_info(options, html_options)
194
+ params[:controller] ||= path_info[:controller]
195
+ params[:action] ||= path_info[:action]
196
+ params
197
+ end
198
+
199
+ # uses options and html_options to retrieve controller, action
200
+ # and params
201
+ def parse_action_params(options, html_options)
202
+ get_path_info(options, html_options)
203
+ end
204
+
205
+ def get_path_info(options, html_options)
206
+ if options.is_a? String
207
+ path = options
208
+ else
209
+ path = url_for(options)
210
+ end
211
+ env = { :method => (html_options[:method] || :get ) }
212
+ ActionController::Routing::Routes.recognize_path(path, env)
213
+ end
214
+
215
+ end
@@ -1,85 +1,85 @@
1
- #
2
- # = lib/annotation_security/includes/resource.rb
3
- #
4
-
5
- # Must be included by all classes that are resource classes and do not extend
6
- # ActiveRecord::Base.
7
- #
8
- # class MailDispatcher
9
- # include AnnotationSecurity::Resource
10
- # resource_type = :email
11
- # ...
12
- #
13
- # See AnnotationSecurity::Resource::ClassMethods.
14
- #
15
- module AnnotationSecurity::Resource
16
-
17
- def self.included(base) # :nodoc:
18
- base.extend(ClassMethods)
19
- base.class_eval do
20
- include InstanceMethods
21
- end
22
- end
23
-
24
- # Provides class side methods for resource classes.
25
- module ClassMethods
26
-
27
- # Registers the class as a resource.
28
- #
29
- def resource_type=(symbol)
30
- @resource_type = symbol
31
- AnnotationSecurity::ResourceManager.add_resource_class(symbol,self)
32
- symbol
33
- end
34
-
35
- def resource_type # :nodoc:
36
- @resource_type || (self.resource_type = name.underscore.to_sym)
37
- end
38
-
39
- def policy_for(user,obj=nil) # :nodoc:
40
- policy_factory.create_policy(user,obj)
41
- end
42
-
43
- # If required, overwrite this method to return a resource object identified
44
- # by the argument.
45
- #
46
- # This might be necessary if you change the to_param method of an
47
- # ActiveRecord class.
48
- #
49
- # class Course < ActiveRecord::Base
50
- # ...
51
- # # each course has a unique name --> make better urls
52
- # def to_param
53
- # name
54
- # end
55
- #
56
- # def self.get_resource(name)
57
- # find_by_name(name)
58
- # end
59
- #
60
- def get_resource(arg)
61
- raise NoMethodError, "#{self} does not implement #get_resource"
62
- end
63
-
64
- private
65
-
66
- def policy_factory # :nodoc:
67
- @policy_factory ||= AnnotationSecurity::PolicyManager.policy_factory(resource_type)
68
- end
69
-
70
- end
71
-
72
- module InstanceMethods # :nodoc:
73
- def resource_type
74
- self.class.resource_type
75
- end
76
-
77
- def __is_resource?
78
- true
79
- end
80
-
81
- def policy_for(user)
82
- self.class.policy_for(user,self)
83
- end
84
- end
1
+ #
2
+ # = lib/annotation_security/includes/resource.rb
3
+ #
4
+
5
+ # Must be included by all classes that are resource classes and do not extend
6
+ # ActiveRecord::Base.
7
+ #
8
+ # class MailDispatcher
9
+ # include AnnotationSecurity::Resource
10
+ # resource_type = :email
11
+ # ...
12
+ #
13
+ # See AnnotationSecurity::Resource::ClassMethods.
14
+ #
15
+ module AnnotationSecurity::Resource
16
+
17
+ def self.included(base) # :nodoc:
18
+ base.extend(ClassMethods)
19
+ base.class_eval do
20
+ include InstanceMethods
21
+ end
22
+ end
23
+
24
+ # Provides class side methods for resource classes.
25
+ module ClassMethods
26
+
27
+ # Registers the class as a resource.
28
+ #
29
+ def resource_type=(symbol)
30
+ @resource_type = symbol
31
+ AnnotationSecurity::ResourceManager.add_resource_class(symbol,self)
32
+ symbol
33
+ end
34
+
35
+ def resource_type # :nodoc:
36
+ @resource_type || (self.resource_type = name.underscore.to_sym)
37
+ end
38
+
39
+ def policy_for(user,obj=nil) # :nodoc:
40
+ policy_factory.create_policy(user,obj)
41
+ end
42
+
43
+ # If required, overwrite this method to return a resource object identified
44
+ # by the argument.
45
+ #
46
+ # This might be necessary if you change the to_param method of an
47
+ # ActiveRecord class.
48
+ #
49
+ # class Course < ActiveRecord::Base
50
+ # ...
51
+ # # each course has a unique name --> make better urls
52
+ # def to_param
53
+ # name
54
+ # end
55
+ #
56
+ # def self.get_resource(name)
57
+ # find_by_name(name)
58
+ # end
59
+ #
60
+ def get_resource(arg)
61
+ raise NoMethodError, "#{self} does not implement #get_resource"
62
+ end
63
+
64
+ private
65
+
66
+ def policy_factory # :nodoc:
67
+ @policy_factory ||= AnnotationSecurity::PolicyManager.policy_factory(resource_type)
68
+ end
69
+
70
+ end
71
+
72
+ module InstanceMethods # :nodoc:
73
+ def resource_type
74
+ self.class.resource_type
75
+ end
76
+
77
+ def __is_resource?
78
+ true
79
+ end
80
+
81
+ def policy_for(user)
82
+ self.class.policy_for(user,self)
83
+ end
84
+ end
85
85
  end
@@ -1,31 +1,31 @@
1
- #
2
- # = lib/annotation_security/includes/role.rb
3
- #
4
-
5
- # = AnnotationSecurity::Role
6
- #
7
- # This module should be included by all role classes
8
- # to enable full support of all features.
9
- #
10
- # A role class is a domain class that represents user roles
11
- # and does not extend the user class. It should have the method #user that
12
- # returns the user object it belongs to.
13
- #
14
- module AnnotationSecurity::Role
15
-
16
- # Returns true if this belongs to the user given as parameter.
17
- #
18
- # Required to have a common interface with AnnotationSecurity::User.
19
- #
20
- def is_user?(user)
21
- self.user == user
22
- end
23
-
24
- # If +obj+ is a UserWrapper, extract the role before comparing
25
- #
26
- def ==(obj)
27
- obj = obj.__role__ if obj.is_a? AnnotationSecurity::UserWrapper
28
- super(obj)
29
- end
30
-
1
+ #
2
+ # = lib/annotation_security/includes/role.rb
3
+ #
4
+
5
+ # = AnnotationSecurity::Role
6
+ #
7
+ # This module should be included by all role classes
8
+ # to enable full support of all features.
9
+ #
10
+ # A role class is a domain class that represents user roles
11
+ # and does not extend the user class. It should have the method #user that
12
+ # returns the user object it belongs to.
13
+ #
14
+ module AnnotationSecurity::Role
15
+
16
+ # Returns true if this belongs to the user given as parameter.
17
+ #
18
+ # Required to have a common interface with AnnotationSecurity::User.
19
+ #
20
+ def is_user?(user)
21
+ self.user == user
22
+ end
23
+
24
+ # If +obj+ is a UserWrapper, extract the role before comparing
25
+ #
26
+ def ==(obj)
27
+ obj = obj.__role__ if obj.is_a? AnnotationSecurity::UserWrapper
28
+ super(obj)
29
+ end
30
+
31
31
  end