annotation_security 1.0.1 → 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (63) hide show
  1. data/CHANGELOG.md +14 -0
  2. data/HOW-TO.md +275 -0
  3. data/{MIT-LICENSE → LICENSE} +1 -1
  4. data/README.md +39 -0
  5. data/Rakefile +62 -55
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +13 -13
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security/exceptions.rb +124 -124
  12. data/lib/annotation_security/exec.rb +188 -188
  13. data/lib/annotation_security/filters.rb +37 -37
  14. data/lib/annotation_security/includes/action_controller.rb +144 -143
  15. data/lib/annotation_security/includes/active_record.rb +27 -27
  16. data/lib/annotation_security/includes/helper.rb +215 -215
  17. data/lib/annotation_security/includes/resource.rb +84 -84
  18. data/lib/annotation_security/includes/role.rb +30 -30
  19. data/lib/annotation_security/includes/user.rb +26 -26
  20. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  21. data/lib/annotation_security/manager/policy_manager.rb +79 -79
  22. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  23. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  24. data/lib/annotation_security/manager/right_loader.rb +87 -87
  25. data/lib/annotation_security/model_observer.rb +61 -61
  26. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  27. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  28. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  29. data/lib/annotation_security/policy/rule.rb +340 -340
  30. data/lib/annotation_security/policy/rule_set.rb +138 -138
  31. data/lib/annotation_security/rails.rb +38 -38
  32. data/lib/annotation_security/user_wrapper.rb +73 -73
  33. data/lib/annotation_security/utils.rb +141 -141
  34. data/lib/annotation_security/version.rb +10 -0
  35. data/lib/annotation_security.rb +102 -97
  36. data/lib/extensions/action_controller.rb +32 -32
  37. data/lib/extensions/active_record.rb +34 -34
  38. data/lib/extensions/filter.rb +133 -133
  39. data/lib/extensions/object.rb +10 -10
  40. data/lib/security_context.rb +589 -551
  41. data/spec/annotation_security/exceptions_spec.rb +16 -16
  42. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  43. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  44. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  45. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  46. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  47. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  48. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  49. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  50. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  51. data/spec/annotation_security/security_context_spec.rb +78 -78
  52. data/spec/annotation_security/utils_spec.rb +73 -73
  53. data/spec/helper/test_controller.rb +65 -65
  54. data/spec/helper/test_helper.rb +5 -5
  55. data/spec/helper/test_relations.rb +6 -6
  56. data/spec/helper/test_resource.rb +38 -38
  57. data/spec/helper/test_role.rb +21 -21
  58. data/spec/helper/test_user.rb +31 -31
  59. data/spec/rails_stub.rb +37 -37
  60. metadata +94 -72
  61. data/CHANGELOG +0 -2
  62. data/HOW-TO +0 -261
  63. data/README +0 -39
@@ -1,76 +1,76 @@
1
- #
2
- # = lib/annotation_security/policy/abstract_static_policy.rb
3
- #
4
-
5
- # Abstract superclass for all static policies.
6
- # For each policy there is a static policy that is responsible for evaluating
7
- # static rules.
8
- #
9
- class AnnotationSecurity::AbstractStaticPolicy < AnnotationSecurity::AbstractPolicy # :nodoc:
10
-
11
- # Rules that are defined for all resource types can be found here.
12
- def self.all_resources_policy # :nodoc:
13
- AllResourcesPolicy.static_policy_class
14
- end
15
-
16
- # Sets the dynamic policy class this policy class belongs to
17
- def self.belongs_to(dynamic_policy_class) #:nodoc:
18
- @dynamic_policy_class = dynamic_policy_class
19
- end
20
-
21
- # A static policy class has no other corresponding static policy class.
22
- # This should never be called.
23
- def self.static_policy_class #:nodoc:
24
- method_missing(:static_policy_class)
25
- end
26
-
27
- # The corresponding dynamic policy class.
28
- #
29
- def self.dynamic_policy_class #:nodoc:
30
- @dynamic_policy_class
31
- end
32
-
33
- # Returns true iif this is policy class is responsible for static rules.
34
- #
35
- def self.static? # :nodoc:
36
- true
37
- end
38
-
39
- # Rule set for this classes resource type
40
- #
41
- def self.rule_set # :nodoc:
42
- # Each dynamic and static policy pair shares one rule set.
43
- dynamic_policy_class.rule_set
44
- end
45
-
46
- # If possible, redirects the rule to the static side.
47
- # Returns a rule object or nil.
48
- def self.use_static_rule(symbol) #:nodoc:
49
- nil # This is not possible
50
- end
51
-
52
- # Evaluate the rules in static mode.
53
- # Rules that cannot be evaluated are skipped.
54
- # * +rules+ array of symbols
55
- # Throws a SecurityViolationError if a rule fails,
56
- # returns true if all rules succeed.
57
- def evaluate_statically(rules) #:nodoc:
58
- rules.each do |rule|
59
- if has_rule?(rule) && !__send__(rule)
60
- raise_access_denied(rule)
61
- end
62
- end
63
- true
64
- end
65
-
66
- # Evaluate a rule that is defined with a proc
67
- # * +symbol+ Name of the rule
68
- # * +user+ user object that has to fulfill the rule
69
- # * +args+ List of additional arguments
70
- def evaluate_rule(rule,user,args) #:nodoc:
71
- # In contrast to AbstractPolicy#evaluate_rule,
72
- # no resource is passed as argument
73
- get_rule!(rule).evaluate(self,user,*args)
74
- end
75
-
1
+ #
2
+ # = lib/annotation_security/policy/abstract_static_policy.rb
3
+ #
4
+
5
+ # Abstract superclass for all static policies.
6
+ # For each policy there is a static policy that is responsible for evaluating
7
+ # static rules.
8
+ #
9
+ class AnnotationSecurity::AbstractStaticPolicy < AnnotationSecurity::AbstractPolicy # :nodoc:
10
+
11
+ # Rules that are defined for all resource types can be found here.
12
+ def self.all_resources_policy # :nodoc:
13
+ AllResourcesPolicy.static_policy_class
14
+ end
15
+
16
+ # Sets the dynamic policy class this policy class belongs to
17
+ def self.belongs_to(dynamic_policy_class) #:nodoc:
18
+ @dynamic_policy_class = dynamic_policy_class
19
+ end
20
+
21
+ # A static policy class has no other corresponding static policy class.
22
+ # This should never be called.
23
+ def self.static_policy_class #:nodoc:
24
+ method_missing(:static_policy_class)
25
+ end
26
+
27
+ # The corresponding dynamic policy class.
28
+ #
29
+ def self.dynamic_policy_class #:nodoc:
30
+ @dynamic_policy_class
31
+ end
32
+
33
+ # Returns true iif this is policy class is responsible for static rules.
34
+ #
35
+ def self.static? # :nodoc:
36
+ true
37
+ end
38
+
39
+ # Rule set for this classes resource type
40
+ #
41
+ def self.rule_set # :nodoc:
42
+ # Each dynamic and static policy pair shares one rule set.
43
+ dynamic_policy_class.rule_set
44
+ end
45
+
46
+ # If possible, redirects the rule to the static side.
47
+ # Returns a rule object or nil.
48
+ def self.use_static_rule(symbol) #:nodoc:
49
+ nil # This is not possible
50
+ end
51
+
52
+ # Evaluate the rules in static mode.
53
+ # Rules that cannot be evaluated are skipped.
54
+ # * +rules+ array of symbols
55
+ # Throws a SecurityViolationError if a rule fails,
56
+ # returns true if all rules succeed.
57
+ def evaluate_statically(rules) #:nodoc:
58
+ rules.each do |rule|
59
+ if has_rule?(rule) && !__send__(rule)
60
+ raise_access_denied(rule)
61
+ end
62
+ end
63
+ true
64
+ end
65
+
66
+ # Evaluate a rule that is defined with a proc
67
+ # * +symbol+ Name of the rule
68
+ # * +user+ user object that has to fulfill the rule
69
+ # * +args+ List of additional arguments
70
+ def evaluate_rule(rule,user,args) #:nodoc:
71
+ # In contrast to AbstractPolicy#evaluate_rule,
72
+ # no resource is passed as argument
73
+ get_rule!(rule).evaluate(self,user,*args)
74
+ end
75
+
76
76
  end
@@ -1,21 +1,21 @@
1
- #
2
- # = lib/annotation_security/policy/all_resources_policy.rb
3
- #
4
- # By default, two relations are provided for all resources.
5
- #
6
- # The system relation +logged_in+ evaluates to true if the provided
7
- # credentials are not nil.
8
- # logged_in(:system, :require_credential => false) {|u| not u.nil?}
9
- #
10
- # The relation +self+ is true when the accessed resource is the current user
11
- # himself or a role that belongs to the current user.
12
- # __self__ { |user, resource| resource.is_user?(user) }
13
- #
14
- AnnotationSecurity.define_relations :all_resources do
15
-
16
- # can be used as "self" in a right definition
17
- # success if the accessed resource is the user himself or one of his roles
18
- __self__ { |user, resource| resource.is_user?(user) }
19
-
20
- logged_in(:system, :require_credential => false) {|u| not u.nil?}
1
+ #
2
+ # = lib/annotation_security/policy/all_resources_policy.rb
3
+ #
4
+ # By default, two relations are provided for all resources.
5
+ #
6
+ # The system relation +logged_in+ evaluates to true if the provided
7
+ # credentials are not nil.
8
+ # logged_in(:system, :require_credential => false) {|u| not u.nil?}
9
+ #
10
+ # The relation +self+ is true when the accessed resource is the current user
11
+ # himself or a role that belongs to the current user.
12
+ # __self__ { |user, resource| resource.is_user?(user) }
13
+ #
14
+ AnnotationSecurity.define_relations :all_resources do
15
+
16
+ # can be used as "self" in a right definition
17
+ # success if the accessed resource is the user himself or one of his roles
18
+ __self__ { |user, resource| resource.is_user?(user) }
19
+
20
+ logged_in(:system, :require_credential => false) {|u| not u.nil?}
21
21
  end