annotation_security 1.0.2 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +22 -0
- data/HOW-TO +261 -0
- data/{LICENSE → MIT-LICENSE} +1 -1
- data/README +39 -0
- data/Rakefile +53 -62
- data/assets/app/helpers/annotation_security_helper.rb +8 -8
- data/assets/config/initializers/annotation_security.rb +11 -11
- data/assets/config/security/relations.rb +20 -20
- data/assets/vendor/plugins/annotation_security/init.rb +14 -14
- data/bin/annotation_security +7 -7
- data/lib/annotation_security.rb +94 -103
- data/lib/annotation_security/exceptions.rb +124 -124
- data/lib/annotation_security/exec.rb +188 -188
- data/lib/annotation_security/includes/helper.rb +215 -215
- data/lib/annotation_security/includes/resource.rb +84 -84
- data/lib/annotation_security/includes/role.rb +30 -30
- data/lib/annotation_security/includes/user.rb +26 -26
- data/lib/annotation_security/manager/policy_factory.rb +29 -29
- data/lib/annotation_security/manager/policy_manager.rb +87 -79
- data/lib/annotation_security/manager/relation_loader.rb +272 -272
- data/lib/annotation_security/manager/resource_manager.rb +36 -36
- data/lib/annotation_security/manager/right_loader.rb +87 -87
- data/lib/annotation_security/policy/abstract_policy.rb +344 -344
- data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
- data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
- data/lib/annotation_security/policy/rule.rb +340 -340
- data/lib/annotation_security/policy/rule_set.rb +138 -138
- data/lib/annotation_security/rails.rb +22 -39
- data/lib/{extensions → annotation_security/rails/2/extensions}/filter.rb +131 -133
- data/lib/annotation_security/rails/2/includes/action_controller.rb +144 -0
- data/lib/annotation_security/rails/2/includes/active_record.rb +28 -0
- data/lib/annotation_security/rails/2/initializer.rb +35 -0
- data/lib/annotation_security/{model_observer.rb → rails/2/model_observer.rb} +61 -61
- data/lib/annotation_security/rails/3/extensions/filter.rb +28 -0
- data/lib/annotation_security/{includes → rails/3/includes}/action_controller.rb +143 -144
- data/lib/annotation_security/{includes → rails/3/includes}/active_record.rb +27 -27
- data/lib/annotation_security/rails/3/initializer.rb +40 -0
- data/lib/annotation_security/rails/3/model_observer.rb +61 -0
- data/lib/annotation_security/rails/extensions.rb +21 -0
- data/lib/{extensions → annotation_security/rails/extensions}/action_controller.rb +31 -32
- data/lib/{extensions → annotation_security/rails/extensions}/active_record.rb +33 -34
- data/lib/{extensions → annotation_security/rails/extensions}/object.rb +10 -10
- data/lib/annotation_security/{filters.rb → rails/filters.rb} +37 -37
- data/lib/annotation_security/user_wrapper.rb +73 -73
- data/lib/annotation_security/utils.rb +141 -141
- data/lib/security_context.rb +588 -589
- data/spec/annotation_security/exceptions_spec.rb +16 -16
- data/spec/annotation_security/includes/helper_spec.rb +82 -82
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
- data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
- data/spec/annotation_security/policy/rule_spec.rb +77 -77
- data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
- data/spec/annotation_security/security_context_spec.rb +129 -78
- data/spec/annotation_security/utils_spec.rb +73 -73
- data/spec/helper/test_controller.rb +65 -65
- data/spec/helper/test_helper.rb +5 -5
- data/spec/helper/test_relations.rb +6 -6
- data/spec/helper/test_resource.rb +38 -38
- data/spec/helper/test_role.rb +21 -21
- data/spec/helper/test_user.rb +31 -31
- data/spec/rails_stub.rb +44 -37
- metadata +110 -96
- data/CHANGELOG.md +0 -14
- data/HOW-TO.md +0 -275
- data/README.md +0 -39
- data/lib/annotation_security/version.rb +0 -10
@@ -1,74 +1,74 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::Utils do
|
4
|
-
|
5
|
-
it 'should remove prefixes of the method body' do
|
6
|
-
%w{may_rule is_rule can_rule has_rule}.each do |method|
|
7
|
-
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
it 'should remove suffixes of the method body' do
|
12
|
-
%w{rule_for rule_of rule_in rule_to rule?}.each do |method|
|
13
|
-
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
it 'should return nil if the method body is clean' do
|
18
|
-
AnnotationSecurity::Utils.method_body('rule').should be_nil
|
19
|
-
end
|
20
|
-
|
21
|
-
it 'should ignore prefixes and suffixes without underscore in method body' do
|
22
|
-
%w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
|
23
|
-
AnnotationSecurity::Utils.method_body(method).should eql(nil)
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
it 'should remove only prefix or suffix from the method body at a time' do
|
28
|
-
AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
|
29
|
-
AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
|
30
|
-
AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
|
31
|
-
end
|
32
|
-
|
33
|
-
it 'should parse descriptions without bindings correctly' do
|
34
|
-
['show a resource', 'show with some text ignored a resource',
|
35
|
-
'show pluralized resources', '(ignoring comments) show a resource',
|
36
|
-
'show a resource (with comment at the end)'].each do |s|
|
37
|
-
AnnotationSecurity::Utils.parse_description(s).
|
38
|
-
should == {:action => :show, :resource => :resource}
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
it 'should detect bindings of a description' do
|
43
|
-
{
|
44
|
-
'show the resource in @res' =>
|
45
|
-
{:action => :show,:resource => :resource, :source => '@res'},
|
46
|
-
'show the resource from :id' =>
|
47
|
-
{:action => :show,:resource => :resource, :source => :id},
|
48
|
-
}.each_pair do |key, value|
|
49
|
-
AnnotationSecurity::Utils.parse_description(key,true).should == value
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
it 'should raise an error if an unexpected binding is detected in a description' do
|
54
|
-
lambda {
|
55
|
-
AnnotationSecurity::Utils.parse_description('show the resource :id')
|
56
|
-
}.should raise_error(StandardError)
|
57
|
-
end
|
58
|
-
|
59
|
-
it 'should parse policy arguments like specified in SecurityContext.allowed?' do
|
60
|
-
obj = Object.new
|
61
|
-
def obj.__is_resource?; true; end
|
62
|
-
def obj.resource_type; :o_resource; end
|
63
|
-
{
|
64
|
-
[:show, :resource, obj] => [:show, :resource, obj],
|
65
|
-
[:show, obj] => [:show, :o_resource, obj],
|
66
|
-
['show resource', obj] => [:show, :resource, obj],
|
67
|
-
[:show, :resource] => [:show, :resource],
|
68
|
-
[:administrate] => [:administrate, :all_resources]
|
69
|
-
}.each_pair do |key, value|
|
70
|
-
AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::Utils do
|
4
|
+
|
5
|
+
it 'should remove prefixes of the method body' do
|
6
|
+
%w{may_rule is_rule can_rule has_rule}.each do |method|
|
7
|
+
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should remove suffixes of the method body' do
|
12
|
+
%w{rule_for rule_of rule_in rule_to rule?}.each do |method|
|
13
|
+
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'should return nil if the method body is clean' do
|
18
|
+
AnnotationSecurity::Utils.method_body('rule').should be_nil
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should ignore prefixes and suffixes without underscore in method body' do
|
22
|
+
%w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
|
23
|
+
AnnotationSecurity::Utils.method_body(method).should eql(nil)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'should remove only prefix or suffix from the method body at a time' do
|
28
|
+
AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
|
29
|
+
AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
|
30
|
+
AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should parse descriptions without bindings correctly' do
|
34
|
+
['show a resource', 'show with some text ignored a resource',
|
35
|
+
'show pluralized resources', '(ignoring comments) show a resource',
|
36
|
+
'show a resource (with comment at the end)'].each do |s|
|
37
|
+
AnnotationSecurity::Utils.parse_description(s).
|
38
|
+
should == {:action => :show, :resource => :resource}
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should detect bindings of a description' do
|
43
|
+
{
|
44
|
+
'show the resource in @res' =>
|
45
|
+
{:action => :show,:resource => :resource, :source => '@res'},
|
46
|
+
'show the resource from :id' =>
|
47
|
+
{:action => :show,:resource => :resource, :source => :id},
|
48
|
+
}.each_pair do |key, value|
|
49
|
+
AnnotationSecurity::Utils.parse_description(key,true).should == value
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
it 'should raise an error if an unexpected binding is detected in a description' do
|
54
|
+
lambda {
|
55
|
+
AnnotationSecurity::Utils.parse_description('show the resource :id')
|
56
|
+
}.should raise_error(StandardError)
|
57
|
+
end
|
58
|
+
|
59
|
+
it 'should parse policy arguments like specified in SecurityContext.allowed?' do
|
60
|
+
obj = Object.new
|
61
|
+
def obj.__is_resource?; true; end
|
62
|
+
def obj.resource_type; :o_resource; end
|
63
|
+
{
|
64
|
+
[:show, :resource, obj] => [:show, :resource, obj],
|
65
|
+
[:show, obj] => [:show, :o_resource, obj],
|
66
|
+
['show resource', obj] => [:show, :resource, obj],
|
67
|
+
[:show, :resource] => [:show, :resource],
|
68
|
+
[:administrate] => [:administrate, :all_resources]
|
69
|
+
}.each_pair do |key, value|
|
70
|
+
AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
74
|
end
|
@@ -1,66 +1,66 @@
|
|
1
|
-
class TestController < ActionController::Base
|
2
|
-
|
3
|
-
describe :show, 'shows a test_resource'
|
4
|
-
describe :edit, 'edit some test_resources'
|
5
|
-
describe :show_edit, 'shows a test_resource', 'edits a test_resource'
|
6
|
-
describe :edit_with_render, 'edits the test_resource in @resource'
|
7
|
-
describe :delete, 'delete test_resource by :id'
|
8
|
-
describe :list, 'list all test_resources in @list'
|
9
|
-
|
10
|
-
|
11
|
-
def test_init(action, params)
|
12
|
-
@action = action
|
13
|
-
@params = params
|
14
|
-
end
|
15
|
-
|
16
|
-
def action_name
|
17
|
-
@action
|
18
|
-
end
|
19
|
-
|
20
|
-
def params
|
21
|
-
@params
|
22
|
-
end
|
23
|
-
|
24
|
-
def show
|
25
|
-
@resource = TestResource.find params[:id]
|
26
|
-
end
|
27
|
-
|
28
|
-
def edit
|
29
|
-
@resource = TestResource.find params[:id]
|
30
|
-
end
|
31
|
-
|
32
|
-
def show_edit
|
33
|
-
@resource = TestResource.find params[:id]
|
34
|
-
end
|
35
|
-
|
36
|
-
def edit_with_render
|
37
|
-
@resource = TestResource.find params[:id1]
|
38
|
-
render 'view'
|
39
|
-
@resource = TestResource.find params[:id2]
|
40
|
-
end
|
41
|
-
|
42
|
-
def delete
|
43
|
-
self.class.enter_delete
|
44
|
-
@resource = TestResource.find params[:id]
|
45
|
-
end
|
46
|
-
|
47
|
-
def list
|
48
|
-
r1 = TestResource.find params[:id1]
|
49
|
-
r2 = TestResource.find params[:id2]
|
50
|
-
@list = [r1, r2]
|
51
|
-
end
|
52
|
-
|
53
|
-
def render(*args)
|
54
|
-
super(*args)
|
55
|
-
self.class.exit_render
|
56
|
-
end
|
57
|
-
|
58
|
-
# callbacks used for mocking
|
59
|
-
|
60
|
-
def self.enter_delete
|
61
|
-
end
|
62
|
-
|
63
|
-
def self.exit_render
|
64
|
-
end
|
65
|
-
|
1
|
+
class TestController < ActionController::Base
|
2
|
+
|
3
|
+
describe :show, 'shows a test_resource'
|
4
|
+
describe :edit, 'edit some test_resources'
|
5
|
+
describe :show_edit, 'shows a test_resource', 'edits a test_resource'
|
6
|
+
describe :edit_with_render, 'edits the test_resource in @resource'
|
7
|
+
describe :delete, 'delete test_resource by :id'
|
8
|
+
describe :list, 'list all test_resources in @list'
|
9
|
+
|
10
|
+
|
11
|
+
def test_init(action, params)
|
12
|
+
@action = action
|
13
|
+
@params = params
|
14
|
+
end
|
15
|
+
|
16
|
+
def action_name
|
17
|
+
@action
|
18
|
+
end
|
19
|
+
|
20
|
+
def params
|
21
|
+
@params
|
22
|
+
end
|
23
|
+
|
24
|
+
def show
|
25
|
+
@resource = TestResource.find params[:id]
|
26
|
+
end
|
27
|
+
|
28
|
+
def edit
|
29
|
+
@resource = TestResource.find params[:id]
|
30
|
+
end
|
31
|
+
|
32
|
+
def show_edit
|
33
|
+
@resource = TestResource.find params[:id]
|
34
|
+
end
|
35
|
+
|
36
|
+
def edit_with_render
|
37
|
+
@resource = TestResource.find params[:id1]
|
38
|
+
render 'view'
|
39
|
+
@resource = TestResource.find params[:id2]
|
40
|
+
end
|
41
|
+
|
42
|
+
def delete
|
43
|
+
self.class.enter_delete
|
44
|
+
@resource = TestResource.find params[:id]
|
45
|
+
end
|
46
|
+
|
47
|
+
def list
|
48
|
+
r1 = TestResource.find params[:id1]
|
49
|
+
r2 = TestResource.find params[:id2]
|
50
|
+
@list = [r1, r2]
|
51
|
+
end
|
52
|
+
|
53
|
+
def render(*args)
|
54
|
+
super(*args)
|
55
|
+
self.class.exit_render
|
56
|
+
end
|
57
|
+
|
58
|
+
# callbacks used for mocking
|
59
|
+
|
60
|
+
def self.enter_delete
|
61
|
+
end
|
62
|
+
|
63
|
+
def self.exit_render
|
64
|
+
end
|
65
|
+
|
66
66
|
end
|
data/spec/helper/test_helper.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
class TestHelper
|
2
|
-
|
3
|
-
include AnnotationSecurity::Helper
|
4
|
-
|
5
|
-
end
|
1
|
+
class TestHelper
|
2
|
+
|
3
|
+
include AnnotationSecurity::Helper
|
4
|
+
|
5
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
|
-
AnnotationSecurity.define_relations(:test_resource) do
|
2
|
-
|
3
|
-
owner do |user, res|
|
4
|
-
user.name == res.name
|
5
|
-
end
|
6
|
-
|
1
|
+
AnnotationSecurity.define_relations(:test_resource) do
|
2
|
+
|
3
|
+
owner do |user, res|
|
4
|
+
user.name == res.name
|
5
|
+
end
|
6
|
+
|
7
7
|
end
|
@@ -1,39 +1,39 @@
|
|
1
|
-
class TestResource
|
2
|
-
|
3
|
-
include AnnotationSecurity::Resource
|
4
|
-
|
5
|
-
self.resource_type = :test_resource
|
6
|
-
|
7
|
-
def self.find(arg)
|
8
|
-
obj = new arg
|
9
|
-
|
10
|
-
# normally, this is done by a model observer
|
11
|
-
SecurityContext.observe obj
|
12
|
-
|
13
|
-
obj
|
14
|
-
end
|
15
|
-
|
16
|
-
def self.get_resource(arg)
|
17
|
-
return nil if arg.nil?
|
18
|
-
return arg if arg.is_a? self
|
19
|
-
new arg
|
20
|
-
end
|
21
|
-
|
22
|
-
def initialize(name = "")
|
23
|
-
@name = name
|
24
|
-
end
|
25
|
-
|
26
|
-
def name
|
27
|
-
@name
|
28
|
-
end
|
29
|
-
|
30
|
-
def ==(other)
|
31
|
-
return false unless other.is_a? self.class
|
32
|
-
name == other.name
|
33
|
-
end
|
34
|
-
|
35
|
-
def to_s
|
36
|
-
"<TestResource:#{name}>"
|
37
|
-
end
|
38
|
-
|
1
|
+
class TestResource
|
2
|
+
|
3
|
+
include AnnotationSecurity::Resource
|
4
|
+
|
5
|
+
self.resource_type = :test_resource
|
6
|
+
|
7
|
+
def self.find(arg)
|
8
|
+
obj = new arg
|
9
|
+
|
10
|
+
# normally, this is done by a model observer
|
11
|
+
SecurityContext.observe obj
|
12
|
+
|
13
|
+
obj
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.get_resource(arg)
|
17
|
+
return nil if arg.nil?
|
18
|
+
return arg if arg.is_a? self
|
19
|
+
new arg
|
20
|
+
end
|
21
|
+
|
22
|
+
def initialize(name = "")
|
23
|
+
@name = name
|
24
|
+
end
|
25
|
+
|
26
|
+
def name
|
27
|
+
@name
|
28
|
+
end
|
29
|
+
|
30
|
+
def ==(other)
|
31
|
+
return false unless other.is_a? self.class
|
32
|
+
name == other.name
|
33
|
+
end
|
34
|
+
|
35
|
+
def to_s
|
36
|
+
"<TestResource:#{name}>"
|
37
|
+
end
|
38
|
+
|
39
39
|
end
|
data/spec/helper/test_role.rb
CHANGED
@@ -1,22 +1,22 @@
|
|
1
|
-
class TestRole
|
2
|
-
|
3
|
-
include AnnotationSecurity::Role
|
4
|
-
|
5
|
-
def initialize(name,user)
|
6
|
-
@name = name
|
7
|
-
@user = user
|
8
|
-
end
|
9
|
-
|
10
|
-
def role_name
|
11
|
-
@name
|
12
|
-
end
|
13
|
-
|
14
|
-
def name
|
15
|
-
role_name
|
16
|
-
end
|
17
|
-
|
18
|
-
def user
|
19
|
-
@user
|
20
|
-
end
|
21
|
-
|
1
|
+
class TestRole
|
2
|
+
|
3
|
+
include AnnotationSecurity::Role
|
4
|
+
|
5
|
+
def initialize(name,user)
|
6
|
+
@name = name
|
7
|
+
@user = user
|
8
|
+
end
|
9
|
+
|
10
|
+
def role_name
|
11
|
+
@name
|
12
|
+
end
|
13
|
+
|
14
|
+
def name
|
15
|
+
role_name
|
16
|
+
end
|
17
|
+
|
18
|
+
def user
|
19
|
+
@user
|
20
|
+
end
|
21
|
+
|
22
22
|
end
|
data/spec/helper/test_user.rb
CHANGED
@@ -1,32 +1,32 @@
|
|
1
|
-
class TestUser
|
2
|
-
|
3
|
-
include AnnotationSecurity::User
|
4
|
-
|
5
|
-
def initialize(name='user_name')
|
6
|
-
@name = name
|
7
|
-
@one_role = TestRole.new(:one,self)
|
8
|
-
@many_roles = [
|
9
|
-
TestRole.new(:a,self), TestRole.new(:b,self), TestRole.new(:c,self)]
|
10
|
-
end
|
11
|
-
|
12
|
-
def user_name
|
13
|
-
@name
|
14
|
-
end
|
15
|
-
|
16
|
-
def name
|
17
|
-
user_name
|
18
|
-
end
|
19
|
-
|
20
|
-
def as_one_role
|
21
|
-
@one_role
|
22
|
-
end
|
23
|
-
|
24
|
-
def as_many_roles
|
25
|
-
@many_roles
|
26
|
-
end
|
27
|
-
|
28
|
-
def to_s
|
29
|
-
"<TestUser:#{name}>"
|
30
|
-
end
|
31
|
-
|
1
|
+
class TestUser
|
2
|
+
|
3
|
+
include AnnotationSecurity::User
|
4
|
+
|
5
|
+
def initialize(name='user_name')
|
6
|
+
@name = name
|
7
|
+
@one_role = TestRole.new(:one,self)
|
8
|
+
@many_roles = [
|
9
|
+
TestRole.new(:a,self), TestRole.new(:b,self), TestRole.new(:c,self)]
|
10
|
+
end
|
11
|
+
|
12
|
+
def user_name
|
13
|
+
@name
|
14
|
+
end
|
15
|
+
|
16
|
+
def name
|
17
|
+
user_name
|
18
|
+
end
|
19
|
+
|
20
|
+
def as_one_role
|
21
|
+
@one_role
|
22
|
+
end
|
23
|
+
|
24
|
+
def as_many_roles
|
25
|
+
@many_roles
|
26
|
+
end
|
27
|
+
|
28
|
+
def to_s
|
29
|
+
"<TestUser:#{name}>"
|
30
|
+
end
|
31
|
+
|
32
32
|
end
|