annotation_security 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +14 -0
- data/HOW-TO.md +275 -0
- data/{MIT-LICENSE → LICENSE} +1 -1
- data/README.md +39 -0
- data/Rakefile +62 -55
- data/assets/app/helpers/annotation_security_helper.rb +8 -8
- data/assets/config/initializers/annotation_security.rb +11 -11
- data/assets/config/security/relations.rb +20 -20
- data/assets/vendor/plugins/annotation_security/init.rb +13 -13
- data/bin/annotation_security +7 -7
- data/lib/annotation_security/exceptions.rb +124 -124
- data/lib/annotation_security/exec.rb +188 -188
- data/lib/annotation_security/filters.rb +37 -37
- data/lib/annotation_security/includes/action_controller.rb +144 -143
- data/lib/annotation_security/includes/active_record.rb +27 -27
- data/lib/annotation_security/includes/helper.rb +215 -215
- data/lib/annotation_security/includes/resource.rb +84 -84
- data/lib/annotation_security/includes/role.rb +30 -30
- data/lib/annotation_security/includes/user.rb +26 -26
- data/lib/annotation_security/manager/policy_factory.rb +29 -29
- data/lib/annotation_security/manager/policy_manager.rb +79 -79
- data/lib/annotation_security/manager/relation_loader.rb +272 -272
- data/lib/annotation_security/manager/resource_manager.rb +36 -36
- data/lib/annotation_security/manager/right_loader.rb +87 -87
- data/lib/annotation_security/model_observer.rb +61 -61
- data/lib/annotation_security/policy/abstract_policy.rb +344 -344
- data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
- data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
- data/lib/annotation_security/policy/rule.rb +340 -340
- data/lib/annotation_security/policy/rule_set.rb +138 -138
- data/lib/annotation_security/rails.rb +38 -38
- data/lib/annotation_security/user_wrapper.rb +73 -73
- data/lib/annotation_security/utils.rb +141 -141
- data/lib/annotation_security/version.rb +10 -0
- data/lib/annotation_security.rb +102 -97
- data/lib/extensions/action_controller.rb +32 -32
- data/lib/extensions/active_record.rb +34 -34
- data/lib/extensions/filter.rb +133 -133
- data/lib/extensions/object.rb +10 -10
- data/lib/security_context.rb +589 -551
- data/spec/annotation_security/exceptions_spec.rb +16 -16
- data/spec/annotation_security/includes/helper_spec.rb +82 -82
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
- data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
- data/spec/annotation_security/policy/rule_spec.rb +77 -77
- data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
- data/spec/annotation_security/security_context_spec.rb +78 -78
- data/spec/annotation_security/utils_spec.rb +73 -73
- data/spec/helper/test_controller.rb +65 -65
- data/spec/helper/test_helper.rb +5 -5
- data/spec/helper/test_relations.rb +6 -6
- data/spec/helper/test_resource.rb +38 -38
- data/spec/helper/test_role.rb +21 -21
- data/spec/helper/test_user.rb +31 -31
- data/spec/rails_stub.rb +37 -37
- metadata +94 -72
- data/CHANGELOG +0 -2
- data/HOW-TO +0 -261
- data/README +0 -39
@@ -1,27 +1,27 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security/includes/user.rb
|
3
|
-
#
|
4
|
-
|
5
|
-
# = AnnotationSecurity::User
|
6
|
-
#
|
7
|
-
# This module should be included by the user domain class to
|
8
|
-
# enable full support of all features.
|
9
|
-
#
|
10
|
-
module AnnotationSecurity::User
|
11
|
-
|
12
|
-
# Returns true if this is the user given as parameter.
|
13
|
-
#
|
14
|
-
# Required to have a common interface with AnnotationSecurity::Role.
|
15
|
-
#
|
16
|
-
def is_user?(user)
|
17
|
-
self == user
|
18
|
-
end
|
19
|
-
|
20
|
-
# If +obj+ is a UserWrapper, extract the user before comparing
|
21
|
-
#
|
22
|
-
def ==(obj)
|
23
|
-
obj = obj.__user__ if obj.is_a? AnnotationSecurity::UserWrapper
|
24
|
-
super(obj)
|
25
|
-
end
|
26
|
-
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/includes/user.rb
|
3
|
+
#
|
4
|
+
|
5
|
+
# = AnnotationSecurity::User
|
6
|
+
#
|
7
|
+
# This module should be included by the user domain class to
|
8
|
+
# enable full support of all features.
|
9
|
+
#
|
10
|
+
module AnnotationSecurity::User
|
11
|
+
|
12
|
+
# Returns true if this is the user given as parameter.
|
13
|
+
#
|
14
|
+
# Required to have a common interface with AnnotationSecurity::Role.
|
15
|
+
#
|
16
|
+
def is_user?(user)
|
17
|
+
self == user
|
18
|
+
end
|
19
|
+
|
20
|
+
# If +obj+ is a UserWrapper, extract the user before comparing
|
21
|
+
#
|
22
|
+
def ==(obj)
|
23
|
+
obj = obj.__user__ if obj.is_a? AnnotationSecurity::UserWrapper
|
24
|
+
super(obj)
|
25
|
+
end
|
26
|
+
|
27
27
|
end
|
@@ -1,30 +1,30 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security/manager/policy_factory.rb
|
3
|
-
#
|
4
|
-
|
5
|
-
# = AnnotationSecurity::PolicyFactory
|
6
|
-
# Builds the policy classes.
|
7
|
-
#
|
8
|
-
class AnnotationSecurity::PolicyFactory # :nodoc:
|
9
|
-
|
10
|
-
def initialize(resource_class)
|
11
|
-
@klass = AnnotationSecurity::AbstractPolicy.new_subclass(resource_class)
|
12
|
-
end
|
13
|
-
|
14
|
-
def policy_class
|
15
|
-
@klass
|
16
|
-
end
|
17
|
-
|
18
|
-
def add_rule(symbol,*args,&block)
|
19
|
-
@klass.add_rule(symbol,*args,&block)
|
20
|
-
end
|
21
|
-
|
22
|
-
def create_policy(*args)
|
23
|
-
@klass.new(*args)
|
24
|
-
end
|
25
|
-
|
26
|
-
def reset
|
27
|
-
@klass.reset
|
28
|
-
end
|
29
|
-
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/manager/policy_factory.rb
|
3
|
+
#
|
4
|
+
|
5
|
+
# = AnnotationSecurity::PolicyFactory
|
6
|
+
# Builds the policy classes.
|
7
|
+
#
|
8
|
+
class AnnotationSecurity::PolicyFactory # :nodoc:
|
9
|
+
|
10
|
+
def initialize(resource_class)
|
11
|
+
@klass = AnnotationSecurity::AbstractPolicy.new_subclass(resource_class)
|
12
|
+
end
|
13
|
+
|
14
|
+
def policy_class
|
15
|
+
@klass
|
16
|
+
end
|
17
|
+
|
18
|
+
def add_rule(symbol,*args,&block)
|
19
|
+
@klass.add_rule(symbol,*args,&block)
|
20
|
+
end
|
21
|
+
|
22
|
+
def create_policy(*args)
|
23
|
+
@klass.new(*args)
|
24
|
+
end
|
25
|
+
|
26
|
+
def reset
|
27
|
+
@klass.reset
|
28
|
+
end
|
29
|
+
|
30
30
|
end
|
@@ -1,80 +1,80 @@
|
|
1
|
-
#
|
2
|
-
# = lib/annotation_security/manager/policy_manager.rb
|
3
|
-
#
|
4
|
-
require 'yaml'
|
5
|
-
|
6
|
-
# = AnnotationSecurity::PolicyManager
|
7
|
-
#
|
8
|
-
# Manages loading and creation of all policy classes.
|
9
|
-
#
|
10
|
-
class AnnotationSecurity::PolicyManager # :nodoc:
|
11
|
-
|
12
|
-
# Get the policy factory for a resource class
|
13
|
-
def self.policy_factory(resource_type) # :nodoc:
|
14
|
-
policy_factories[resource_type.to_sym]
|
15
|
-
end
|
16
|
-
|
17
|
-
# Creates a policy object for a user and a resource type
|
18
|
-
#
|
19
|
-
# ==== Example
|
20
|
-
#
|
21
|
-
# picture = Picture.find_by_id(params[:picture])
|
22
|
-
# policy = PolicyManager.get_policy(:picture,@current_user)
|
23
|
-
# policy.allowed? :show, picture # => true or false
|
24
|
-
#
|
25
|
-
def self.create_policy(resource_type,*args)
|
26
|
-
policy_factory(resource_type).create_policy(*args)
|
27
|
-
end
|
28
|
-
|
29
|
-
def self.policy_class(resource_class) # :nodoc:
|
30
|
-
policy_factory(resource_class).policy_class
|
31
|
-
end
|
32
|
-
|
33
|
-
def self.config_files # :nodoc:
|
34
|
-
@files ||= []
|
35
|
-
end
|
36
|
-
|
37
|
-
# Adds a file that contains security configurations
|
38
|
-
# * +f+ file name
|
39
|
-
# * +ext+ 'yml' or 'rb'
|
40
|
-
def self.add_file(f,ext) # :nodoc:
|
41
|
-
unless config_files.include? [f,ext]
|
42
|
-
config_files.push [f,ext]
|
43
|
-
load_file(f,ext)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def self.reset
|
48
|
-
policy_factories.each_value(&:reset)
|
49
|
-
config_files.each { |f,ext| load_file(f,ext) }
|
50
|
-
end
|
51
|
-
|
52
|
-
private
|
53
|
-
|
54
|
-
def self.load_file(f,ext)
|
55
|
-
fname = get_file_name(f,ext)
|
56
|
-
case ext
|
57
|
-
when 'yml'
|
58
|
-
AnnotationSecurity::RightLoader.define_rights(YAML.load_file(fname))
|
59
|
-
when 'rb'
|
60
|
-
load fname
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
SEARCH_PATH = ['', RAILS_ROOT, RAILS_ROOT + '/config/security/',
|
65
|
-
RAILS_ROOT + '/config/', RAILS_ROOT + '/security/']
|
66
|
-
|
67
|
-
def self.get_file_name(f,ext)
|
68
|
-
SEARCH_PATH.each do |fname1|
|
69
|
-
[f, f+'.'+ext].each do |fname2|
|
70
|
-
return (fname1 + fname2) if File.exist?(fname1 + fname2)
|
71
|
-
end
|
72
|
-
end
|
73
|
-
raise "File not found: '#{f+'.'+ext}'"
|
74
|
-
end
|
75
|
-
|
76
|
-
def self.policy_factories
|
77
|
-
# Create a new factory if it is needed
|
78
|
-
@factories ||= Hash.new { |h,k| h[k] = AnnotationSecurity::PolicyFactory.new(k) }
|
79
|
-
end
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/manager/policy_manager.rb
|
3
|
+
#
|
4
|
+
require 'yaml'
|
5
|
+
|
6
|
+
# = AnnotationSecurity::PolicyManager
|
7
|
+
#
|
8
|
+
# Manages loading and creation of all policy classes.
|
9
|
+
#
|
10
|
+
class AnnotationSecurity::PolicyManager # :nodoc:
|
11
|
+
|
12
|
+
# Get the policy factory for a resource class
|
13
|
+
def self.policy_factory(resource_type) # :nodoc:
|
14
|
+
policy_factories[resource_type.to_sym]
|
15
|
+
end
|
16
|
+
|
17
|
+
# Creates a policy object for a user and a resource type
|
18
|
+
#
|
19
|
+
# ==== Example
|
20
|
+
#
|
21
|
+
# picture = Picture.find_by_id(params[:picture])
|
22
|
+
# policy = PolicyManager.get_policy(:picture,@current_user)
|
23
|
+
# policy.allowed? :show, picture # => true or false
|
24
|
+
#
|
25
|
+
def self.create_policy(resource_type,*args)
|
26
|
+
policy_factory(resource_type).create_policy(*args)
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.policy_class(resource_class) # :nodoc:
|
30
|
+
policy_factory(resource_class).policy_class
|
31
|
+
end
|
32
|
+
|
33
|
+
def self.config_files # :nodoc:
|
34
|
+
@files ||= []
|
35
|
+
end
|
36
|
+
|
37
|
+
# Adds a file that contains security configurations
|
38
|
+
# * +f+ file name
|
39
|
+
# * +ext+ 'yml' or 'rb'
|
40
|
+
def self.add_file(f,ext) # :nodoc:
|
41
|
+
unless config_files.include? [f,ext]
|
42
|
+
config_files.push [f,ext]
|
43
|
+
load_file(f,ext)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
def self.reset
|
48
|
+
policy_factories.each_value(&:reset)
|
49
|
+
config_files.each { |f,ext| load_file(f,ext) }
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def self.load_file(f,ext)
|
55
|
+
fname = get_file_name(f,ext)
|
56
|
+
case ext
|
57
|
+
when 'yml'
|
58
|
+
AnnotationSecurity::RightLoader.define_rights(YAML.load_file(fname))
|
59
|
+
when 'rb'
|
60
|
+
load fname
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
SEARCH_PATH = ['', RAILS_ROOT, RAILS_ROOT + '/config/security/',
|
65
|
+
RAILS_ROOT + '/config/', RAILS_ROOT + '/security/']
|
66
|
+
|
67
|
+
def self.get_file_name(f,ext)
|
68
|
+
SEARCH_PATH.each do |fname1|
|
69
|
+
[f, f+'.'+ext].each do |fname2|
|
70
|
+
return (fname1 + fname2) if File.exist?(fname1 + fname2)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
raise "File not found: '#{f+'.'+ext}'"
|
74
|
+
end
|
75
|
+
|
76
|
+
def self.policy_factories
|
77
|
+
# Create a new factory if it is needed
|
78
|
+
@factories ||= Hash.new { |h,k| h[k] = AnnotationSecurity::PolicyFactory.new(k) }
|
79
|
+
end
|
80
80
|
end
|