annotation_security 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (63) hide show
  1. data/CHANGELOG.md +14 -0
  2. data/HOW-TO.md +275 -0
  3. data/{MIT-LICENSE → LICENSE} +1 -1
  4. data/README.md +39 -0
  5. data/Rakefile +62 -55
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +13 -13
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security/exceptions.rb +124 -124
  12. data/lib/annotation_security/exec.rb +188 -188
  13. data/lib/annotation_security/filters.rb +37 -37
  14. data/lib/annotation_security/includes/action_controller.rb +144 -143
  15. data/lib/annotation_security/includes/active_record.rb +27 -27
  16. data/lib/annotation_security/includes/helper.rb +215 -215
  17. data/lib/annotation_security/includes/resource.rb +84 -84
  18. data/lib/annotation_security/includes/role.rb +30 -30
  19. data/lib/annotation_security/includes/user.rb +26 -26
  20. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  21. data/lib/annotation_security/manager/policy_manager.rb +79 -79
  22. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  23. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  24. data/lib/annotation_security/manager/right_loader.rb +87 -87
  25. data/lib/annotation_security/model_observer.rb +61 -61
  26. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  27. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  28. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  29. data/lib/annotation_security/policy/rule.rb +340 -340
  30. data/lib/annotation_security/policy/rule_set.rb +138 -138
  31. data/lib/annotation_security/rails.rb +38 -38
  32. data/lib/annotation_security/user_wrapper.rb +73 -73
  33. data/lib/annotation_security/utils.rb +141 -141
  34. data/lib/annotation_security/version.rb +10 -0
  35. data/lib/annotation_security.rb +102 -97
  36. data/lib/extensions/action_controller.rb +32 -32
  37. data/lib/extensions/active_record.rb +34 -34
  38. data/lib/extensions/filter.rb +133 -133
  39. data/lib/extensions/object.rb +10 -10
  40. data/lib/security_context.rb +589 -551
  41. data/spec/annotation_security/exceptions_spec.rb +16 -16
  42. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  43. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  44. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  45. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  46. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  47. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  48. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  49. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  50. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  51. data/spec/annotation_security/security_context_spec.rb +78 -78
  52. data/spec/annotation_security/utils_spec.rb +73 -73
  53. data/spec/helper/test_controller.rb +65 -65
  54. data/spec/helper/test_helper.rb +5 -5
  55. data/spec/helper/test_relations.rb +6 -6
  56. data/spec/helper/test_resource.rb +38 -38
  57. data/spec/helper/test_role.rb +21 -21
  58. data/spec/helper/test_user.rb +31 -31
  59. data/spec/rails_stub.rb +37 -37
  60. metadata +94 -72
  61. data/CHANGELOG +0 -2
  62. data/HOW-TO +0 -261
  63. data/README +0 -39
@@ -1,215 +1,215 @@
1
- #
2
- # = lib/annotation_security/includes/helper.rb
3
- #
4
-
5
- # = AnnotationSecurity::Helper
6
- #
7
- # This module adds some useful helper methods to your templates.
8
- #
9
- module AnnotationSecurity::Helper
10
-
11
- # Returns true if the operation defined by +policy_args+ is allowed.
12
- #
13
- # The following calls to #allowed? are possible:
14
- #
15
- # allowed? :show, :resource, @resource
16
- # # => true if the current user has the right to show @resource,
17
- # # which belongs to the :resource resource-class
18
- #
19
- # In case of model objects or other classes which implement a #resource_type
20
- # method the the second argument may be ommited
21
- #
22
- # allowed? :show, @resource
23
- # # equivalent to the above call if @resource.resource_type == :resource
24
- #
25
- # A policy description used as a controller annotation may also be used
26
- # to check a right
27
- #
28
- # allowed? "show resource", @resource
29
- # # => true if the current user has the right "show resource" for @resource
30
- #
31
- # A policy may also be applied without an object representing the context:
32
- #
33
- # allowed? :show, :resource
34
- # # => true if the current may show resources.
35
- #
36
- # This will only check system and pretest rules. The result +true+ does not
37
- # mean that the user may show all resources. However, a +false+ indicates
38
- # that the user is not allowed to show any resources.
39
- #
40
- # If the resource class is omitted as well, only rules defined for all
41
- # resources can be tested. See RelationLoader#all_resources for details.
42
- #
43
- # allowed? :administrate
44
- # # => true if the user is allowed to administrate all resources.
45
- #
46
- # See SecurityContext#allowed?.
47
- #
48
- def allowed?(*args)
49
- SecurityContext.allowed?(*args)
50
- end
51
-
52
- alias a? allowed?
53
-
54
- # Equivalent to allowed?; is? is provided for better readability.
55
- #
56
- # allowed? :logged_in
57
- # vs
58
- # is? :logged_in
59
- #
60
- def is?(*args)
61
- SecurityContext.is?(*args)
62
- end
63
-
64
- # Checks whether the user is allowed to access the action.
65
- #
66
- # Expects arguments like #link_to_if_allowed, just without name and block.
67
- #
68
- # Returns true if the action is allowed.
69
- #
70
- def action_allowed?(options, objects=nil, params=nil, html_options=nil)
71
-
72
- options, objects, params, html_options =
73
- parse_allow_action_args(options, objects, params, html_options)
74
-
75
- controller = params.delete :controller
76
- action = params.delete :action
77
- SecurityContext.allow_action?(controller, action, objects, params)
78
- end
79
-
80
- # Returns a link tag with the specified name to the specified resource if
81
- # the user is allowed to access it. See #link_to_unless and
82
- # SecurityContext#action_allowed? for more documentation.
83
- #
84
- # There are two ways of using #link_to_if_allowed
85
- #
86
- # === As #link_to with alternative
87
- # (or as #link_to_unless without explicit condition)
88
- # link_to_if_allowed(name, options={}, html_options=nil) { 'alternative' }
89
- # +options+ either is a hash, like
90
- # { :controller => :comments, :action => edit, :id => @comment }
91
- # a string, like
92
- # "comments/1/edit"
93
- # or
94
- # edit_comment_path(@comment)
95
- # or a single resource object.
96
- #
97
- # Notice that when providing a string, controller, action and parameters will
98
- # be parsed. After that, the resource types of the parameters are *guessed*,
99
- # the resources are retrieved and the rules of the action are evaluated.
100
- #
101
- # The block will be evaluated if the action is not allowed,
102
- # like in #link_to_unless.
103
- #
104
- # === As #link_to with alternative and explicit objects
105
- # link_to_if_allowed(name, options={}, objects=[], params={}, html_options=nil) { 'alternative' }
106
- # In this case, controller and action will be derived from +options+ unless
107
- # they are specified in +params+.
108
- # All items in +objects+ and all remaining items in +params+ will be used
109
- # for evaluating the rules of the action.
110
- #
111
- # If you want to specify +html_options+, provide at least an empty hash
112
- # for +params+.
113
- #
114
- # Unlike to #link_to, you can also provide a symbol as +options+ value.
115
- # In this case, the target url will be determined by sending symbol as
116
- # message, providing +objects+ and +params+ as arguments, e.g.
117
- # link_to_if_allowed("Show comment", :comment_path, [@article, @comment], {:details => true})
118
- # will call
119
- # comment_path(@article, @comment, {:details => true})
120
- #
121
- # === Examples
122
- # <%= link_to_if_allowed("Show", @course) { } %>
123
- # <%= link_to_if_allowed("New", new_course_path) { "You may not create a new course." } %>
124
- #
125
- # These two are equivalent, however, the second approach is more efficient:
126
- # <%= link_to_if_allowed("Edit", edit_course_path(@course)) { } %>
127
- # <%= link_to_if_allowed("Edit", :edit_course_path, @course) { } %>
128
- #
129
- # The HTML-options are taken into account when choosing the action.
130
- # <%= link_to_if_allowed("Delete", @course, {:method => :delete}) { } %>
131
- #
132
- # You can also define all values explicitly
133
- # <%= link_to_if_allowed("Edit comment", "articles/1/comments/5/edit", [@comment], {:article => @comment.article, :action => :edit, :controller => :comments}) { } %>
134
- #
135
- # === Parameters
136
- # - +name+ Text of the link
137
- # - +options+
138
- # - +objects+
139
- # - +params+
140
- # - +html_options+
141
- #
142
- def link_to_if_allowed(name, options, objects=nil, params=nil, html_options=nil, &block)
143
-
144
- options, objects, params, html_options =
145
- parse_allow_action_args(options, objects, params, html_options)
146
-
147
- controller = params.delete :controller
148
- action = params.delete :action
149
- allowed = SecurityContext.allow_action?(controller, action, objects, params)
150
-
151
- link_to_if(allowed, name, options, html_options, &block)
152
- end
153
-
154
- alias link_if_a link_to_if_allowed
155
-
156
- private
157
-
158
- def parse_allow_action_args(*args)
159
- if args.second && !(args.second.is_a? Hash)
160
- # objects and params are specified
161
- options, objects, params, html_options = args
162
- objects = [objects] unless objects.is_a? Array
163
- params ||= {}
164
- html_options ||= {}
165
- if options.is_a? Symbol
166
- # options is a symbol, send the message to get the link path
167
- path_args = objects + [params]
168
- options = send(options, *path_args)
169
- end
170
- else
171
- # retrieve objects and params from options
172
- options = args.first
173
- html_options = args.second || {}
174
- objects = [] # everything will be in the params
175
- if options.is_a? Hash
176
- params = options.dup
177
- else
178
- params = parse_action_params(options, html_options)
179
- end
180
- end
181
-
182
- unless params[:controller] && params[:action]
183
- # if controller and action are not given, parse from options
184
- params = parse_controller_action(options, params, html_options)
185
- end
186
-
187
- [options, objects, params, html_options]
188
- end
189
-
190
- # uses options and html_options to retrieve controller and action,
191
- # adds these values to params hash
192
- def parse_controller_action(options, params, html_options)
193
- path_info = get_path_info(options, html_options)
194
- params[:controller] ||= path_info[:controller]
195
- params[:action] ||= path_info[:action]
196
- params
197
- end
198
-
199
- # uses options and html_options to retrieve controller, action
200
- # and params
201
- def parse_action_params(options, html_options)
202
- get_path_info(options, html_options)
203
- end
204
-
205
- def get_path_info(options, html_options)
206
- if options.is_a? String
207
- path = options
208
- else
209
- path = url_for(options)
210
- end
211
- env = { :method => (html_options[:method] || :get ) }
212
- ActionController::Routing::Routes.recognize_path(path, env)
213
- end
214
-
215
- end
1
+ #
2
+ # = lib/annotation_security/includes/helper.rb
3
+ #
4
+
5
+ # = AnnotationSecurity::Helper
6
+ #
7
+ # This module adds some useful helper methods to your templates.
8
+ #
9
+ module AnnotationSecurity::Helper
10
+
11
+ # Returns true if the operation defined by +policy_args+ is allowed.
12
+ #
13
+ # The following calls to #allowed? are possible:
14
+ #
15
+ # allowed? :show, :resource, @resource
16
+ # # => true if the current user has the right to show @resource,
17
+ # # which belongs to the :resource resource-class
18
+ #
19
+ # In case of model objects or other classes which implement a #resource_type
20
+ # method the the second argument may be ommited
21
+ #
22
+ # allowed? :show, @resource
23
+ # # equivalent to the above call if @resource.resource_type == :resource
24
+ #
25
+ # A policy description used as a controller annotation may also be used
26
+ # to check a right
27
+ #
28
+ # allowed? "show resource", @resource
29
+ # # => true if the current user has the right "show resource" for @resource
30
+ #
31
+ # A policy may also be applied without an object representing the context:
32
+ #
33
+ # allowed? :show, :resource
34
+ # # => true if the current may show resources.
35
+ #
36
+ # This will only check system and pretest rules. The result +true+ does not
37
+ # mean that the user may show all resources. However, a +false+ indicates
38
+ # that the user is not allowed to show any resources.
39
+ #
40
+ # If the resource class is omitted as well, only rules defined for all
41
+ # resources can be tested. See RelationLoader#all_resources for details.
42
+ #
43
+ # allowed? :administrate
44
+ # # => true if the user is allowed to administrate all resources.
45
+ #
46
+ # See SecurityContext#allowed?.
47
+ #
48
+ def allowed?(*args)
49
+ SecurityContext.allowed?(*args)
50
+ end
51
+
52
+ alias a? allowed?
53
+
54
+ # Equivalent to allowed?; is? is provided for better readability.
55
+ #
56
+ # allowed? :logged_in
57
+ # vs
58
+ # is? :logged_in
59
+ #
60
+ def is?(*args)
61
+ SecurityContext.is?(*args)
62
+ end
63
+
64
+ # Checks whether the user is allowed to access the action.
65
+ #
66
+ # Expects arguments like #link_to_if_allowed, just without name and block.
67
+ #
68
+ # Returns true if the action is allowed.
69
+ #
70
+ def action_allowed?(options, objects=nil, params=nil, html_options=nil)
71
+
72
+ options, objects, params, html_options =
73
+ parse_allow_action_args(options, objects, params, html_options)
74
+
75
+ controller = params.delete :controller
76
+ action = params.delete :action
77
+ SecurityContext.allow_action?(controller, action, objects, params)
78
+ end
79
+
80
+ # Returns a link tag with the specified name to the specified resource if
81
+ # the user is allowed to access it. See #link_to_unless and
82
+ # SecurityContext#action_allowed? for more documentation.
83
+ #
84
+ # There are two ways of using #link_to_if_allowed
85
+ #
86
+ # === As #link_to with alternative
87
+ # (or as #link_to_unless without explicit condition)
88
+ # link_to_if_allowed(name, options={}, html_options=nil) { 'alternative' }
89
+ # +options+ either is a hash, like
90
+ # { :controller => :comments, :action => edit, :id => @comment }
91
+ # a string, like
92
+ # "comments/1/edit"
93
+ # or
94
+ # edit_comment_path(@comment)
95
+ # or a single resource object.
96
+ #
97
+ # Notice that when providing a string, controller, action and parameters will
98
+ # be parsed. After that, the resource types of the parameters are *guessed*,
99
+ # the resources are retrieved and the rules of the action are evaluated.
100
+ #
101
+ # The block will be evaluated if the action is not allowed,
102
+ # like in #link_to_unless.
103
+ #
104
+ # === As #link_to with alternative and explicit objects
105
+ # link_to_if_allowed(name, options={}, objects=[], params={}, html_options=nil) { 'alternative' }
106
+ # In this case, controller and action will be derived from +options+ unless
107
+ # they are specified in +params+.
108
+ # All items in +objects+ and all remaining items in +params+ will be used
109
+ # for evaluating the rules of the action.
110
+ #
111
+ # If you want to specify +html_options+, provide at least an empty hash
112
+ # for +params+.
113
+ #
114
+ # Unlike to #link_to, you can also provide a symbol as +options+ value.
115
+ # In this case, the target url will be determined by sending symbol as
116
+ # message, providing +objects+ and +params+ as arguments, e.g.
117
+ # link_to_if_allowed("Show comment", :comment_path, [@article, @comment], {:details => true})
118
+ # will call
119
+ # comment_path(@article, @comment, {:details => true})
120
+ #
121
+ # === Examples
122
+ # <%= link_to_if_allowed("Show", @course) { } %>
123
+ # <%= link_to_if_allowed("New", new_course_path) { "You may not create a new course." } %>
124
+ #
125
+ # These two are equivalent, however, the second approach is more efficient:
126
+ # <%= link_to_if_allowed("Edit", edit_course_path(@course)) { } %>
127
+ # <%= link_to_if_allowed("Edit", :edit_course_path, @course) { } %>
128
+ #
129
+ # The HTML-options are taken into account when choosing the action.
130
+ # <%= link_to_if_allowed("Delete", @course, {:method => :delete}) { } %>
131
+ #
132
+ # You can also define all values explicitly
133
+ # <%= link_to_if_allowed("Edit comment", "articles/1/comments/5/edit", [@comment], {:article => @comment.article, :action => :edit, :controller => :comments}) { } %>
134
+ #
135
+ # === Parameters
136
+ # - +name+ Text of the link
137
+ # - +options+
138
+ # - +objects+
139
+ # - +params+
140
+ # - +html_options+
141
+ #
142
+ def link_to_if_allowed(name, options, objects=nil, params=nil, html_options=nil, &block)
143
+
144
+ options, objects, params, html_options =
145
+ parse_allow_action_args(options, objects, params, html_options)
146
+
147
+ controller = params.delete :controller
148
+ action = params.delete :action
149
+ allowed = SecurityContext.allow_action?(controller, action, objects, params)
150
+
151
+ link_to_if(allowed, name, options, html_options, &block)
152
+ end
153
+
154
+ alias link_if_a link_to_if_allowed
155
+
156
+ private
157
+
158
+ def parse_allow_action_args(*args)
159
+ if args.second && !(args.second.is_a? Hash)
160
+ # objects and params are specified
161
+ options, objects, params, html_options = args
162
+ objects = [objects] unless objects.is_a? Array
163
+ params ||= {}
164
+ html_options ||= {}
165
+ if options.is_a? Symbol
166
+ # options is a symbol, send the message to get the link path
167
+ path_args = objects + [params]
168
+ options = send(options, *path_args)
169
+ end
170
+ else
171
+ # retrieve objects and params from options
172
+ options = args.first
173
+ html_options = args.second || {}
174
+ objects = [] # everything will be in the params
175
+ if options.is_a? Hash
176
+ params = options.dup
177
+ else
178
+ params = parse_action_params(options, html_options)
179
+ end
180
+ end
181
+
182
+ unless params[:controller] && params[:action]
183
+ # if controller and action are not given, parse from options
184
+ params = parse_controller_action(options, params, html_options)
185
+ end
186
+
187
+ [options, objects, params, html_options]
188
+ end
189
+
190
+ # uses options and html_options to retrieve controller and action,
191
+ # adds these values to params hash
192
+ def parse_controller_action(options, params, html_options)
193
+ path_info = get_path_info(options, html_options)
194
+ params[:controller] ||= path_info[:controller]
195
+ params[:action] ||= path_info[:action]
196
+ params
197
+ end
198
+
199
+ # uses options and html_options to retrieve controller, action
200
+ # and params
201
+ def parse_action_params(options, html_options)
202
+ get_path_info(options, html_options)
203
+ end
204
+
205
+ def get_path_info(options, html_options)
206
+ if options.is_a? String
207
+ path = options
208
+ else
209
+ path = url_for(options)
210
+ end
211
+ env = { :method => (html_options[:method] || :get ) }
212
+ ActionController::Routing::Routes.recognize_path(path, env)
213
+ end
214
+
215
+ end
@@ -1,85 +1,85 @@
1
- #
2
- # = lib/annotation_security/includes/resource.rb
3
- #
4
-
5
- # Must be included by all classes that are resource classes and do not extend
6
- # ActiveRecord::Base.
7
- #
8
- # class MailDispatcher
9
- # include AnnotationSecurity::Resource
10
- # resource_type = :email
11
- # ...
12
- #
13
- # See AnnotationSecurity::Resource::ClassMethods.
14
- #
15
- module AnnotationSecurity::Resource
16
-
17
- def self.included(base) # :nodoc:
18
- base.extend(ClassMethods)
19
- base.class_eval do
20
- include InstanceMethods
21
- end
22
- end
23
-
24
- # Provides class side methods for resource classes.
25
- module ClassMethods
26
-
27
- # Registers the class as a resource.
28
- #
29
- def resource_type=(symbol)
30
- @resource_type = symbol
31
- AnnotationSecurity::ResourceManager.add_resource_class(symbol,self)
32
- symbol
33
- end
34
-
35
- def resource_type # :nodoc:
36
- @resource_type || (self.resource_type = name.underscore.to_sym)
37
- end
38
-
39
- def policy_for(user,obj=nil) # :nodoc:
40
- policy_factory.create_policy(user,obj)
41
- end
42
-
43
- # If required, overwrite this method to return a resource object identified
44
- # by the argument.
45
- #
46
- # This might be necessary if you change the to_param method of an
47
- # ActiveRecord class.
48
- #
49
- # class Course < ActiveRecord::Base
50
- # ...
51
- # # each course has a unique name --> make better urls
52
- # def to_param
53
- # name
54
- # end
55
- #
56
- # def self.get_resource(name)
57
- # find_by_name(name)
58
- # end
59
- #
60
- def get_resource(arg)
61
- raise NoMethodError, "#{self} does not implement #get_resource"
62
- end
63
-
64
- private
65
-
66
- def policy_factory # :nodoc:
67
- @policy_factory ||= AnnotationSecurity::PolicyManager.policy_factory(resource_type)
68
- end
69
-
70
- end
71
-
72
- module InstanceMethods # :nodoc:
73
- def resource_type
74
- self.class.resource_type
75
- end
76
-
77
- def __is_resource?
78
- true
79
- end
80
-
81
- def policy_for(user)
82
- self.class.policy_for(user,self)
83
- end
84
- end
1
+ #
2
+ # = lib/annotation_security/includes/resource.rb
3
+ #
4
+
5
+ # Must be included by all classes that are resource classes and do not extend
6
+ # ActiveRecord::Base.
7
+ #
8
+ # class MailDispatcher
9
+ # include AnnotationSecurity::Resource
10
+ # resource_type = :email
11
+ # ...
12
+ #
13
+ # See AnnotationSecurity::Resource::ClassMethods.
14
+ #
15
+ module AnnotationSecurity::Resource
16
+
17
+ def self.included(base) # :nodoc:
18
+ base.extend(ClassMethods)
19
+ base.class_eval do
20
+ include InstanceMethods
21
+ end
22
+ end
23
+
24
+ # Provides class side methods for resource classes.
25
+ module ClassMethods
26
+
27
+ # Registers the class as a resource.
28
+ #
29
+ def resource_type=(symbol)
30
+ @resource_type = symbol
31
+ AnnotationSecurity::ResourceManager.add_resource_class(symbol,self)
32
+ symbol
33
+ end
34
+
35
+ def resource_type # :nodoc:
36
+ @resource_type || (self.resource_type = name.underscore.to_sym)
37
+ end
38
+
39
+ def policy_for(user,obj=nil) # :nodoc:
40
+ policy_factory.create_policy(user,obj)
41
+ end
42
+
43
+ # If required, overwrite this method to return a resource object identified
44
+ # by the argument.
45
+ #
46
+ # This might be necessary if you change the to_param method of an
47
+ # ActiveRecord class.
48
+ #
49
+ # class Course < ActiveRecord::Base
50
+ # ...
51
+ # # each course has a unique name --> make better urls
52
+ # def to_param
53
+ # name
54
+ # end
55
+ #
56
+ # def self.get_resource(name)
57
+ # find_by_name(name)
58
+ # end
59
+ #
60
+ def get_resource(arg)
61
+ raise NoMethodError, "#{self} does not implement #get_resource"
62
+ end
63
+
64
+ private
65
+
66
+ def policy_factory # :nodoc:
67
+ @policy_factory ||= AnnotationSecurity::PolicyManager.policy_factory(resource_type)
68
+ end
69
+
70
+ end
71
+
72
+ module InstanceMethods # :nodoc:
73
+ def resource_type
74
+ self.class.resource_type
75
+ end
76
+
77
+ def __is_resource?
78
+ true
79
+ end
80
+
81
+ def policy_for(user)
82
+ self.class.policy_for(user,self)
83
+ end
84
+ end
85
85
  end
@@ -1,31 +1,31 @@
1
- #
2
- # = lib/annotation_security/includes/role.rb
3
- #
4
-
5
- # = AnnotationSecurity::Role
6
- #
7
- # This module should be included by all role classes
8
- # to enable full support of all features.
9
- #
10
- # A role class is a domain class that represents user roles
11
- # and does not extend the user class. It should have the method #user that
12
- # returns the user object it belongs to.
13
- #
14
- module AnnotationSecurity::Role
15
-
16
- # Returns true if this belongs to the user given as parameter.
17
- #
18
- # Required to have a common interface with AnnotationSecurity::User.
19
- #
20
- def is_user?(user)
21
- self.user == user
22
- end
23
-
24
- # If +obj+ is a UserWrapper, extract the role before comparing
25
- #
26
- def ==(obj)
27
- obj = obj.__role__ if obj.is_a? AnnotationSecurity::UserWrapper
28
- super(obj)
29
- end
30
-
1
+ #
2
+ # = lib/annotation_security/includes/role.rb
3
+ #
4
+
5
+ # = AnnotationSecurity::Role
6
+ #
7
+ # This module should be included by all role classes
8
+ # to enable full support of all features.
9
+ #
10
+ # A role class is a domain class that represents user roles
11
+ # and does not extend the user class. It should have the method #user that
12
+ # returns the user object it belongs to.
13
+ #
14
+ module AnnotationSecurity::Role
15
+
16
+ # Returns true if this belongs to the user given as parameter.
17
+ #
18
+ # Required to have a common interface with AnnotationSecurity::User.
19
+ #
20
+ def is_user?(user)
21
+ self.user == user
22
+ end
23
+
24
+ # If +obj+ is a UserWrapper, extract the role before comparing
25
+ #
26
+ def ==(obj)
27
+ obj = obj.__role__ if obj.is_a? AnnotationSecurity::UserWrapper
28
+ super(obj)
29
+ end
30
+
31
31
  end