annotation_security 1.0.1 → 1.0.2

data/lib/annotation_security/manager/right_loader.rb

@@ -1,88 +1,88 @@
-#
-# = lib/annotation_security/manager/right_loader.rb
-#
-
-# = AnnotationSecurity::RightLoader
-# Contains the right loader class, which is responsible for loading
-# right definitions for resources. Load rights from a yaml file or a hash.
-#
-# == Example YAML
-#
-# The file <tt>config/security/rights.yml</tt> inside a rails app
-# might look like this:
-#  picture:
-#    # a user may show a picture if he fulfils the 'related'-relation
-#    show: if related
-#  comment:
-#    # you have to be logged in to view comments
-#    show: if logged_in
-#  user:
-#    # like in ruby, 'unless' is equivalent to 'if not'
-#    register: unless logged_in
-#    delete: if administrator # comments are also possible behind a line
-#  user_content:
-#    # all rights of 'user_content' are defined for 'picture' and 'comment' too
-#    applies_to: picture, comment
-#    create: if logged_in
-#    edit: if owner
-#    delete: if owner or administrator
-# The file can be loaded via <code>AnnotationSecurity#load_rights('rights')</code>.
-#
-# A right's condition can use the keywords +if+, +unless+, +and+, +or+ and
-# +not+, brackets, other rights and all of the resource's relations
-# (see AnnotationSecurity::RelationLoader). For better readability you may
-# add the prefixes +may+, +is+, +can+ or +has+,
-# or append one of the suffixes +for+, +in+, +of+ or +to+.
-#
-#  user_content:
-#    edit: if is_owner_of
-#    delete: if may_edit or is_administrator
-#
-# However, it is recommended to use this feature sparingly.
-#
-class AnnotationSecurity::RightLoader
-
-  # Goes through all resources of +hash+ and load the defined rights.
-  #
-  def self.define_rights(hash) # :nodoc:
-    if hash
-      hash.each_pair do |resource_class, rights|
-        new(resource_class).define_rights(rights)
-      end
-    end
-  end
-
-  # An instance of RightLoader is responsible for loading the rights of a
-  # resource class.
-  #
-  def initialize(resource) # :nodoc:
-    @factory = AnnotationSecurity::PolicyManager.policy_factory(resource)
-  end
-
-  # Goes through all rights in +hash+ and creates rules for all policies these
-  # rights apply to.
-  #
-  def define_rights(hash) # :nodoc:
-    factories = extract_applies_to(hash) << @factory
-    hash.each_pair do |right,condition|
-      # Important: set the :right-flag to activate automatic detection of
-      # the other flags (static,dynamic,require_user)
-      factories.each { |f| f.add_rule(right,:right,condition) }
-    end
-  end
-
-  private
-
-  # Looks for the key 'applies_to', which is no right but a command to apply
-  # all rights of the current resource class to the resource classes listed
-  # in the value.
-  #
-  def extract_applies_to(hash)
-    applies_to = hash.delete('applies_to') || hash.delete(:applies_to)
-    return [] if applies_to.blank?
-    applies_to = [applies_to] if applies_to.is_a? String
-    applies_to.collect{ |r| r.split(',') }.flatten.
-               collect{ |r| AnnotationSecurity::PolicyManager.policy_factory(r.strip) }
-  end
-
+#
+# = lib/annotation_security/manager/right_loader.rb
+#
+
+# = AnnotationSecurity::RightLoader
+# Contains the right loader class, which is responsible for loading
+# right definitions for resources. Load rights from a yaml file or a hash.
+#
+# == Example YAML
+#
+# The file <tt>config/security/rights.yml</tt> inside a rails app
+# might look like this:
+#  picture:
+#    # a user may show a picture if he fulfils the 'related'-relation
+#    show: if related
+#  comment:
+#    # you have to be logged in to view comments
+#    show: if logged_in
+#  user:
+#    # like in ruby, 'unless' is equivalent to 'if not'
+#    register: unless logged_in
+#    delete: if administrator # comments are also possible behind a line
+#  user_content:
+#    # all rights of 'user_content' are defined for 'picture' and 'comment' too
+#    applies_to: picture, comment
+#    create: if logged_in
+#    edit: if owner
+#    delete: if owner or administrator
+# The file can be loaded via <code>AnnotationSecurity#load_rights('rights')</code>.
+#
+# A right's condition can use the keywords +if+, +unless+, +and+, +or+ and
+# +not+, brackets, other rights and all of the resource's relations
+# (see AnnotationSecurity::RelationLoader). For better readability you may
+# add the prefixes +may+, +is+, +can+ or +has+,
+# or append one of the suffixes +for+, +in+, +of+ or +to+.
+#
+#  user_content:
+#    edit: if is_owner_of
+#    delete: if may_edit or is_administrator
+#
+# However, it is recommended to use this feature sparingly.
+#
+class AnnotationSecurity::RightLoader
+
+  # Goes through all resources of +hash+ and load the defined rights.
+  #
+  def self.define_rights(hash) # :nodoc:
+    if hash
+      hash.each_pair do |resource_class, rights|
+        new(resource_class).define_rights(rights)
+      end
+    end
+  end
+
+  # An instance of RightLoader is responsible for loading the rights of a
+  # resource class.
+  #
+  def initialize(resource) # :nodoc:
+    @factory = AnnotationSecurity::PolicyManager.policy_factory(resource)
+  end
+
+  # Goes through all rights in +hash+ and creates rules for all policies these
+  # rights apply to.
+  #
+  def define_rights(hash) # :nodoc:
+    factories = extract_applies_to(hash) << @factory
+    hash.each_pair do |right,condition|
+      # Important: set the :right-flag to activate automatic detection of
+      # the other flags (static,dynamic,require_user)
+      factories.each { |f| f.add_rule(right,:right,condition) }
+    end
+  end
+
+  private
+
+  # Looks for the key 'applies_to', which is no right but a command to apply
+  # all rights of the current resource class to the resource classes listed
+  # in the value.
+  #
+  def extract_applies_to(hash)
+    applies_to = hash.delete('applies_to') || hash.delete(:applies_to)
+    return [] if applies_to.blank?
+    applies_to = [applies_to] if applies_to.is_a? String
+    applies_to.collect{ |r| r.split(',') }.flatten.
+               collect{ |r| AnnotationSecurity::PolicyManager.policy_factory(r.strip) }
+  end
+
 end

data/lib/annotation_security/model_observer.rb

@@ -1,61 +1,61 @@
-#
-# = lib/annotation_security/model_observer.rb
-#
-# Contains SecurityObserver which implements constraint checking for model
-# classes.
-#
-
-module AnnotationSecurity
-
-  # Observes changes in models and applies security policy to them
-  #
-  class ModelObserver < ::ActiveRecord::Observer # :nodoc:
-
-    # Sets the observed model classes
-    #
-    observe # will be set automatically. However, observe must not be removed
-    
-    def before_validation_on_create(record)
-      SecurityContext.observe record
-    end
-    
-    def before_validation_on_update(record)
-      SecurityContext.observe record
-    end
-
-    # after_find is removed in favour of after_initialize
-
-    def after_initialize(record)      
-      if record.new_record?
-        # The record is new
-      else
-        # The record came out of database
-        SecurityContext.observe record
-      end
-    end
-
-    def before_destroy(record)
-      SecurityContext.observe record
-    end
-
-    # Re-register on classes you are observing
-    # See http://riotprojects.com/2009/1/18/active-record-observers-in-gems-plugins
-    #
-    def reload_model_observer
-      observed_classes.each do |klass|
-        add_observer!(klass.name.constantize)
-      end
-    end
-
-    protected
-
-    def add_observer!(klass)
-      klass.delete_observer(self)      
-      super
-      
-      if respond_to?(:after_initialize) && !klass.method_defined?(:after_initialize)
-        klass.class_eval 'def after_initialize() end'
-      end
-    end
-  end
-end
+#
+# = lib/annotation_security/model_observer.rb
+#
+# Contains SecurityObserver which implements constraint checking for model
+# classes.
+#
+
+module AnnotationSecurity
+
+  # Observes changes in models and applies security policy to them
+  #
+  class ModelObserver < ::ActiveRecord::Observer # :nodoc:
+
+    # Sets the observed model classes
+    #
+    observe # will be set automatically. However, observe must not be removed
+    
+    def before_validation_on_create(record)
+      SecurityContext.observe record
+    end
+    
+    def before_validation_on_update(record)
+      SecurityContext.observe record
+    end
+
+    # after_find is removed in favour of after_initialize
+
+    def after_initialize(record)      
+      if record.new_record?
+        # The record is new
+      else
+        # The record came out of database
+        SecurityContext.observe record
+      end
+    end
+
+    def before_destroy(record)
+      SecurityContext.observe record
+    end
+
+    # Re-register on classes you are observing
+    # See http://riotprojects.com/2009/1/18/active-record-observers-in-gems-plugins
+    #
+    def reload_model_observer
+      observed_classes.each do |klass|
+        add_observer!(klass.name.constantize)
+      end
+    end
+
+    protected
+
+    def add_observer!(klass)
+      klass.delete_observer(self)      
+      super
+      
+      if respond_to?(:after_initialize) && !klass.method_defined?(:after_initialize)
+        klass.class_eval 'def after_initialize() end'
+      end
+    end
+  end
+end