RubyGems - annotation_security - Versions diffs - 1.0.1 → 1.0.2 - Mend

annotation_security 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (63) hide show

data/CHANGELOG.md +14 -0
data/HOW-TO.md +275 -0
data/{MIT-LICENSE → LICENSE} +1 -1
data/README.md +39 -0
data/Rakefile +62 -55
data/assets/app/helpers/annotation_security_helper.rb +8 -8
data/assets/config/initializers/annotation_security.rb +11 -11
data/assets/config/security/relations.rb +20 -20
data/assets/vendor/plugins/annotation_security/init.rb +13 -13
data/bin/annotation_security +7 -7
data/lib/annotation_security/exceptions.rb +124 -124
data/lib/annotation_security/exec.rb +188 -188
data/lib/annotation_security/filters.rb +37 -37
data/lib/annotation_security/includes/action_controller.rb +144 -143
data/lib/annotation_security/includes/active_record.rb +27 -27
data/lib/annotation_security/includes/helper.rb +215 -215
data/lib/annotation_security/includes/resource.rb +84 -84
data/lib/annotation_security/includes/role.rb +30 -30
data/lib/annotation_security/includes/user.rb +26 -26
data/lib/annotation_security/manager/policy_factory.rb +29 -29
data/lib/annotation_security/manager/policy_manager.rb +79 -79
data/lib/annotation_security/manager/relation_loader.rb +272 -272
data/lib/annotation_security/manager/resource_manager.rb +36 -36
data/lib/annotation_security/manager/right_loader.rb +87 -87
data/lib/annotation_security/model_observer.rb +61 -61
data/lib/annotation_security/policy/abstract_policy.rb +344 -344
data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
data/lib/annotation_security/policy/rule.rb +340 -340
data/lib/annotation_security/policy/rule_set.rb +138 -138
data/lib/annotation_security/rails.rb +38 -38
data/lib/annotation_security/user_wrapper.rb +73 -73
data/lib/annotation_security/utils.rb +141 -141
data/lib/annotation_security/version.rb +10 -0
data/lib/annotation_security.rb +102 -97
data/lib/extensions/action_controller.rb +32 -32
data/lib/extensions/active_record.rb +34 -34
data/lib/extensions/filter.rb +133 -133
data/lib/extensions/object.rb +10 -10
data/lib/security_context.rb +589 -551
data/spec/annotation_security/exceptions_spec.rb +16 -16
data/spec/annotation_security/includes/helper_spec.rb +82 -82
data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
data/spec/annotation_security/policy/rule_spec.rb +77 -77
data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
data/spec/annotation_security/security_context_spec.rb +78 -78
data/spec/annotation_security/utils_spec.rb +73 -73
data/spec/helper/test_controller.rb +65 -65
data/spec/helper/test_helper.rb +5 -5
data/spec/helper/test_relations.rb +6 -6
data/spec/helper/test_resource.rb +38 -38
data/spec/helper/test_role.rb +21 -21
data/spec/helper/test_user.rb +31 -31
data/spec/rails_stub.rb +37 -37
metadata +94 -72
data/CHANGELOG +0 -2
data/HOW-TO +0 -261
data/README +0 -39

data/lib/annotation_security/policy/abstract_static_policy.rb CHANGED Viewed

@@ -1,76 +1,76 @@
-#
-# = lib/annotation_security/policy/abstract_static_policy.rb
-#
-# Abstract superclass for all static policies.
-# For each policy there is a static policy that is responsible for evaluating
-# static rules.
-#
-class AnnotationSecurity::AbstractStaticPolicy < AnnotationSecurity::AbstractPolicy # :nodoc:
-  # Rules that are defined for all resource types can be found here.
-  def self.all_resources_policy # :nodoc:
-    AllResourcesPolicy.static_policy_class
-  end
-  # Sets the dynamic policy class this policy class belongs to
-  def self.belongs_to(dynamic_policy_class) #:nodoc:
-    @dynamic_policy_class = dynamic_policy_class
-  end
-  # A static policy class has no other corresponding static policy class.
-  # This should never be called.
-  def self.static_policy_class #:nodoc:
-    method_missing(:static_policy_class)
-  end
-  # The corresponding dynamic policy class.
-  #
-  def self.dynamic_policy_class #:nodoc:
-    @dynamic_policy_class
-  end
-  # Returns true iif this is policy class is responsible for static rules.
-  #
-  def self.static? # :nodoc:
-    true
-  end
-  # Rule set for this classes resource type
-  #
-  def self.rule_set # :nodoc:
-    # Each dynamic and static policy pair shares one rule set.
-    dynamic_policy_class.rule_set
-  end
-  # If possible, redirects the rule to the static side.
-  # Returns a rule object or nil.
-  def self.use_static_rule(symbol) #:nodoc:
-    nil # This is not possible
-  end
-  # Evaluate the rules in static mode.
-  # Rules that cannot be evaluated are skipped.
-  # * +rules+ array of symbols
-  # Throws a SecurityViolationError if a rule fails,
-  # returns true if all rules succeed.
-  def evaluate_statically(rules) #:nodoc:
-    rules.each do |rule|
-      if has_rule?(rule) && !__send__(rule)
-        raise_access_denied(rule)
-      end
-    end
-    true
-  end
-  # Evaluate a rule that is defined with a proc
-  # * +symbol+ Name of the rule
-  # * +user+ user object that has to fulfill the rule
-  # * +args+ List of additional arguments
-  def evaluate_rule(rule,user,args) #:nodoc:
-    # In contrast to AbstractPolicy#evaluate_rule,
-    # no resource is passed as argument
-    get_rule!(rule).evaluate(self,user,*args)
-  end
+#
+# = lib/annotation_security/policy/abstract_static_policy.rb
+#
+# Abstract superclass for all static policies.
+# For each policy there is a static policy that is responsible for evaluating
+# static rules.
+#
+class AnnotationSecurity::AbstractStaticPolicy < AnnotationSecurity::AbstractPolicy # :nodoc:
+  # Rules that are defined for all resource types can be found here.
+  def self.all_resources_policy # :nodoc:
+    AllResourcesPolicy.static_policy_class
+  end
+  # Sets the dynamic policy class this policy class belongs to
+  def self.belongs_to(dynamic_policy_class) #:nodoc:
+    @dynamic_policy_class = dynamic_policy_class
+  end
+  # A static policy class has no other corresponding static policy class.
+  # This should never be called.
+  def self.static_policy_class #:nodoc:
+    method_missing(:static_policy_class)
+  end
+  # The corresponding dynamic policy class.
+  #
+  def self.dynamic_policy_class #:nodoc:
+    @dynamic_policy_class
+  end
+  # Returns true iif this is policy class is responsible for static rules.
+  #
+  def self.static? # :nodoc:
+    true
+  end
+  # Rule set for this classes resource type
+  #
+  def self.rule_set # :nodoc:
+    # Each dynamic and static policy pair shares one rule set.
+    dynamic_policy_class.rule_set
+  end
+  # If possible, redirects the rule to the static side.
+  # Returns a rule object or nil.
+  def self.use_static_rule(symbol) #:nodoc:
+    nil # This is not possible
+  end
+  # Evaluate the rules in static mode.
+  # Rules that cannot be evaluated are skipped.
+  # * +rules+ array of symbols
+  # Throws a SecurityViolationError if a rule fails,
+  # returns true if all rules succeed.
+  def evaluate_statically(rules) #:nodoc:
+    rules.each do |rule|
+      if has_rule?(rule) && !__send__(rule)
+        raise_access_denied(rule)
+      end
+    end
+    true
+  end
+  # Evaluate a rule that is defined with a proc
+  # * +symbol+ Name of the rule
+  # * +user+ user object that has to fulfill the rule
+  # * +args+ List of additional arguments
+  def evaluate_rule(rule,user,args) #:nodoc:
+    # In contrast to AbstractPolicy#evaluate_rule,
+    # no resource is passed as argument
+    get_rule!(rule).evaluate(self,user,*args)
+  end
 end

data/lib/annotation_security/policy/all_resources_policy.rb CHANGED Viewed

@@ -1,21 +1,21 @@
-#
-# = lib/annotation_security/policy/all_resources_policy.rb
-#
-# By default, two relations are provided for all resources.
-#
-# The system relation +logged_in+ evaluates to true if the provided
-# credentials are not nil.
-#  logged_in(:system, :require_credential => false) {|u| not u.nil?}
-#
-# The relation +self+ is true when the accessed resource is the current user
-# himself or a role that belongs to the current user.
-#  __self__ { |user, resource| resource.is_user?(user) }
-#
-AnnotationSecurity.define_relations :all_resources do
-  # can be used as "self" in a right definition
-  # success if the accessed resource is the user himself or one of his roles
-  __self__ { |user, resource| resource.is_user?(user) }
-  logged_in(:system, :require_credential => false) {|u| not u.nil?}
+#
+# = lib/annotation_security/policy/all_resources_policy.rb
+#
+# By default, two relations are provided for all resources.
+#
+# The system relation +logged_in+ evaluates to true if the provided
+# credentials are not nil.
+#  logged_in(:system, :require_credential => false) {|u| not u.nil?}
+#
+# The relation +self+ is true when the accessed resource is the current user
+# himself or a role that belongs to the current user.
+#  __self__ { |user, resource| resource.is_user?(user) }
+#
+AnnotationSecurity.define_relations :all_resources do
+  # can be used as "self" in a right definition
+  # success if the accessed resource is the user himself or one of his roles
+  __self__ { |user, resource| resource.is_user?(user) }
+  logged_in(:system, :require_credential => false) {|u| not u.nil?}
 end