annotation_security 1.0.2 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. data/CHANGELOG +22 -0
  2. data/HOW-TO +261 -0
  3. data/{LICENSE → MIT-LICENSE} +1 -1
  4. data/README +39 -0
  5. data/Rakefile +53 -62
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +14 -14
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security.rb +94 -103
  12. data/lib/annotation_security/exceptions.rb +124 -124
  13. data/lib/annotation_security/exec.rb +188 -188
  14. data/lib/annotation_security/includes/helper.rb +215 -215
  15. data/lib/annotation_security/includes/resource.rb +84 -84
  16. data/lib/annotation_security/includes/role.rb +30 -30
  17. data/lib/annotation_security/includes/user.rb +26 -26
  18. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  19. data/lib/annotation_security/manager/policy_manager.rb +87 -79
  20. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  21. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  22. data/lib/annotation_security/manager/right_loader.rb +87 -87
  23. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  24. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  25. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  26. data/lib/annotation_security/policy/rule.rb +340 -340
  27. data/lib/annotation_security/policy/rule_set.rb +138 -138
  28. data/lib/annotation_security/rails.rb +22 -39
  29. data/lib/{extensions → annotation_security/rails/2/extensions}/filter.rb +131 -133
  30. data/lib/annotation_security/rails/2/includes/action_controller.rb +144 -0
  31. data/lib/annotation_security/rails/2/includes/active_record.rb +28 -0
  32. data/lib/annotation_security/rails/2/initializer.rb +35 -0
  33. data/lib/annotation_security/{model_observer.rb → rails/2/model_observer.rb} +61 -61
  34. data/lib/annotation_security/rails/3/extensions/filter.rb +28 -0
  35. data/lib/annotation_security/{includes → rails/3/includes}/action_controller.rb +143 -144
  36. data/lib/annotation_security/{includes → rails/3/includes}/active_record.rb +27 -27
  37. data/lib/annotation_security/rails/3/initializer.rb +40 -0
  38. data/lib/annotation_security/rails/3/model_observer.rb +61 -0
  39. data/lib/annotation_security/rails/extensions.rb +21 -0
  40. data/lib/{extensions → annotation_security/rails/extensions}/action_controller.rb +31 -32
  41. data/lib/{extensions → annotation_security/rails/extensions}/active_record.rb +33 -34
  42. data/lib/{extensions → annotation_security/rails/extensions}/object.rb +10 -10
  43. data/lib/annotation_security/{filters.rb → rails/filters.rb} +37 -37
  44. data/lib/annotation_security/user_wrapper.rb +73 -73
  45. data/lib/annotation_security/utils.rb +141 -141
  46. data/lib/security_context.rb +588 -589
  47. data/spec/annotation_security/exceptions_spec.rb +16 -16
  48. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  49. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  50. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  51. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  52. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  53. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  54. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  55. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  56. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  57. data/spec/annotation_security/security_context_spec.rb +129 -78
  58. data/spec/annotation_security/utils_spec.rb +73 -73
  59. data/spec/helper/test_controller.rb +65 -65
  60. data/spec/helper/test_helper.rb +5 -5
  61. data/spec/helper/test_relations.rb +6 -6
  62. data/spec/helper/test_resource.rb +38 -38
  63. data/spec/helper/test_role.rb +21 -21
  64. data/spec/helper/test_user.rb +31 -31
  65. data/spec/rails_stub.rb +44 -37
  66. metadata +110 -96
  67. data/CHANGELOG.md +0 -14
  68. data/HOW-TO.md +0 -275
  69. data/README.md +0 -39
  70. data/lib/annotation_security/version.rb +0 -10
@@ -1,74 +1,74 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
-
3
- describe AnnotationSecurity::Utils do
4
-
5
- it 'should remove prefixes of the method body' do
6
- %w{may_rule is_rule can_rule has_rule}.each do |method|
7
- AnnotationSecurity::Utils.method_body(method).should eql('rule')
8
- end
9
- end
10
-
11
- it 'should remove suffixes of the method body' do
12
- %w{rule_for rule_of rule_in rule_to rule?}.each do |method|
13
- AnnotationSecurity::Utils.method_body(method).should eql('rule')
14
- end
15
- end
16
-
17
- it 'should return nil if the method body is clean' do
18
- AnnotationSecurity::Utils.method_body('rule').should be_nil
19
- end
20
-
21
- it 'should ignore prefixes and suffixes without underscore in method body' do
22
- %w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
23
- AnnotationSecurity::Utils.method_body(method).should eql(nil)
24
- end
25
- end
26
-
27
- it 'should remove only prefix or suffix from the method body at a time' do
28
- AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
29
- AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
30
- AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
31
- end
32
-
33
- it 'should parse descriptions without bindings correctly' do
34
- ['show a resource', 'show with some text ignored a resource',
35
- 'show pluralized resources', '(ignoring comments) show a resource',
36
- 'show a resource (with comment at the end)'].each do |s|
37
- AnnotationSecurity::Utils.parse_description(s).
38
- should == {:action => :show, :resource => :resource}
39
- end
40
- end
41
-
42
- it 'should detect bindings of a description' do
43
- {
44
- 'show the resource in @res' =>
45
- {:action => :show,:resource => :resource, :source => '@res'},
46
- 'show the resource from :id' =>
47
- {:action => :show,:resource => :resource, :source => :id},
48
- }.each_pair do |key, value|
49
- AnnotationSecurity::Utils.parse_description(key,true).should == value
50
- end
51
- end
52
-
53
- it 'should raise an error if an unexpected binding is detected in a description' do
54
- lambda {
55
- AnnotationSecurity::Utils.parse_description('show the resource :id')
56
- }.should raise_error(StandardError)
57
- end
58
-
59
- it 'should parse policy arguments like specified in SecurityContext.allowed?' do
60
- obj = Object.new
61
- def obj.__is_resource?; true; end
62
- def obj.resource_type; :o_resource; end
63
- {
64
- [:show, :resource, obj] => [:show, :resource, obj],
65
- [:show, obj] => [:show, :o_resource, obj],
66
- ['show resource', obj] => [:show, :resource, obj],
67
- [:show, :resource] => [:show, :resource],
68
- [:administrate] => [:administrate, :all_resources]
69
- }.each_pair do |key, value|
70
- AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
71
- end
72
- end
73
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
+
3
+ describe AnnotationSecurity::Utils do
4
+
5
+ it 'should remove prefixes of the method body' do
6
+ %w{may_rule is_rule can_rule has_rule}.each do |method|
7
+ AnnotationSecurity::Utils.method_body(method).should eql('rule')
8
+ end
9
+ end
10
+
11
+ it 'should remove suffixes of the method body' do
12
+ %w{rule_for rule_of rule_in rule_to rule?}.each do |method|
13
+ AnnotationSecurity::Utils.method_body(method).should eql('rule')
14
+ end
15
+ end
16
+
17
+ it 'should return nil if the method body is clean' do
18
+ AnnotationSecurity::Utils.method_body('rule').should be_nil
19
+ end
20
+
21
+ it 'should ignore prefixes and suffixes without underscore in method body' do
22
+ %w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
23
+ AnnotationSecurity::Utils.method_body(method).should eql(nil)
24
+ end
25
+ end
26
+
27
+ it 'should remove only prefix or suffix from the method body at a time' do
28
+ AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
29
+ AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
30
+ AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
31
+ end
32
+
33
+ it 'should parse descriptions without bindings correctly' do
34
+ ['show a resource', 'show with some text ignored a resource',
35
+ 'show pluralized resources', '(ignoring comments) show a resource',
36
+ 'show a resource (with comment at the end)'].each do |s|
37
+ AnnotationSecurity::Utils.parse_description(s).
38
+ should == {:action => :show, :resource => :resource}
39
+ end
40
+ end
41
+
42
+ it 'should detect bindings of a description' do
43
+ {
44
+ 'show the resource in @res' =>
45
+ {:action => :show,:resource => :resource, :source => '@res'},
46
+ 'show the resource from :id' =>
47
+ {:action => :show,:resource => :resource, :source => :id},
48
+ }.each_pair do |key, value|
49
+ AnnotationSecurity::Utils.parse_description(key,true).should == value
50
+ end
51
+ end
52
+
53
+ it 'should raise an error if an unexpected binding is detected in a description' do
54
+ lambda {
55
+ AnnotationSecurity::Utils.parse_description('show the resource :id')
56
+ }.should raise_error(StandardError)
57
+ end
58
+
59
+ it 'should parse policy arguments like specified in SecurityContext.allowed?' do
60
+ obj = Object.new
61
+ def obj.__is_resource?; true; end
62
+ def obj.resource_type; :o_resource; end
63
+ {
64
+ [:show, :resource, obj] => [:show, :resource, obj],
65
+ [:show, obj] => [:show, :o_resource, obj],
66
+ ['show resource', obj] => [:show, :resource, obj],
67
+ [:show, :resource] => [:show, :resource],
68
+ [:administrate] => [:administrate, :all_resources]
69
+ }.each_pair do |key, value|
70
+ AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
71
+ end
72
+ end
73
+
74
74
  end
@@ -1,66 +1,66 @@
1
- class TestController < ActionController::Base
2
-
3
- describe :show, 'shows a test_resource'
4
- describe :edit, 'edit some test_resources'
5
- describe :show_edit, 'shows a test_resource', 'edits a test_resource'
6
- describe :edit_with_render, 'edits the test_resource in @resource'
7
- describe :delete, 'delete test_resource by :id'
8
- describe :list, 'list all test_resources in @list'
9
-
10
-
11
- def test_init(action, params)
12
- @action = action
13
- @params = params
14
- end
15
-
16
- def action_name
17
- @action
18
- end
19
-
20
- def params
21
- @params
22
- end
23
-
24
- def show
25
- @resource = TestResource.find params[:id]
26
- end
27
-
28
- def edit
29
- @resource = TestResource.find params[:id]
30
- end
31
-
32
- def show_edit
33
- @resource = TestResource.find params[:id]
34
- end
35
-
36
- def edit_with_render
37
- @resource = TestResource.find params[:id1]
38
- render 'view'
39
- @resource = TestResource.find params[:id2]
40
- end
41
-
42
- def delete
43
- self.class.enter_delete
44
- @resource = TestResource.find params[:id]
45
- end
46
-
47
- def list
48
- r1 = TestResource.find params[:id1]
49
- r2 = TestResource.find params[:id2]
50
- @list = [r1, r2]
51
- end
52
-
53
- def render(*args)
54
- super(*args)
55
- self.class.exit_render
56
- end
57
-
58
- # callbacks used for mocking
59
-
60
- def self.enter_delete
61
- end
62
-
63
- def self.exit_render
64
- end
65
-
1
+ class TestController < ActionController::Base
2
+
3
+ describe :show, 'shows a test_resource'
4
+ describe :edit, 'edit some test_resources'
5
+ describe :show_edit, 'shows a test_resource', 'edits a test_resource'
6
+ describe :edit_with_render, 'edits the test_resource in @resource'
7
+ describe :delete, 'delete test_resource by :id'
8
+ describe :list, 'list all test_resources in @list'
9
+
10
+
11
+ def test_init(action, params)
12
+ @action = action
13
+ @params = params
14
+ end
15
+
16
+ def action_name
17
+ @action
18
+ end
19
+
20
+ def params
21
+ @params
22
+ end
23
+
24
+ def show
25
+ @resource = TestResource.find params[:id]
26
+ end
27
+
28
+ def edit
29
+ @resource = TestResource.find params[:id]
30
+ end
31
+
32
+ def show_edit
33
+ @resource = TestResource.find params[:id]
34
+ end
35
+
36
+ def edit_with_render
37
+ @resource = TestResource.find params[:id1]
38
+ render 'view'
39
+ @resource = TestResource.find params[:id2]
40
+ end
41
+
42
+ def delete
43
+ self.class.enter_delete
44
+ @resource = TestResource.find params[:id]
45
+ end
46
+
47
+ def list
48
+ r1 = TestResource.find params[:id1]
49
+ r2 = TestResource.find params[:id2]
50
+ @list = [r1, r2]
51
+ end
52
+
53
+ def render(*args)
54
+ super(*args)
55
+ self.class.exit_render
56
+ end
57
+
58
+ # callbacks used for mocking
59
+
60
+ def self.enter_delete
61
+ end
62
+
63
+ def self.exit_render
64
+ end
65
+
66
66
  end
@@ -1,5 +1,5 @@
1
- class TestHelper
2
-
3
- include AnnotationSecurity::Helper
4
-
5
- end
1
+ class TestHelper
2
+
3
+ include AnnotationSecurity::Helper
4
+
5
+ end
@@ -1,7 +1,7 @@
1
- AnnotationSecurity.define_relations(:test_resource) do
2
-
3
- owner do |user, res|
4
- user.name == res.name
5
- end
6
-
1
+ AnnotationSecurity.define_relations(:test_resource) do
2
+
3
+ owner do |user, res|
4
+ user.name == res.name
5
+ end
6
+
7
7
  end
@@ -1,39 +1,39 @@
1
- class TestResource
2
-
3
- include AnnotationSecurity::Resource
4
-
5
- self.resource_type = :test_resource
6
-
7
- def self.find(arg)
8
- obj = new arg
9
-
10
- # normally, this is done by a model observer
11
- SecurityContext.observe obj
12
-
13
- obj
14
- end
15
-
16
- def self.get_resource(arg)
17
- return nil if arg.nil?
18
- return arg if arg.is_a? self
19
- new arg
20
- end
21
-
22
- def initialize(name = "")
23
- @name = name
24
- end
25
-
26
- def name
27
- @name
28
- end
29
-
30
- def ==(other)
31
- return false unless other.is_a? self.class
32
- name == other.name
33
- end
34
-
35
- def to_s
36
- "<TestResource:#{name}>"
37
- end
38
-
1
+ class TestResource
2
+
3
+ include AnnotationSecurity::Resource
4
+
5
+ self.resource_type = :test_resource
6
+
7
+ def self.find(arg)
8
+ obj = new arg
9
+
10
+ # normally, this is done by a model observer
11
+ SecurityContext.observe obj
12
+
13
+ obj
14
+ end
15
+
16
+ def self.get_resource(arg)
17
+ return nil if arg.nil?
18
+ return arg if arg.is_a? self
19
+ new arg
20
+ end
21
+
22
+ def initialize(name = "")
23
+ @name = name
24
+ end
25
+
26
+ def name
27
+ @name
28
+ end
29
+
30
+ def ==(other)
31
+ return false unless other.is_a? self.class
32
+ name == other.name
33
+ end
34
+
35
+ def to_s
36
+ "<TestResource:#{name}>"
37
+ end
38
+
39
39
  end
@@ -1,22 +1,22 @@
1
- class TestRole
2
-
3
- include AnnotationSecurity::Role
4
-
5
- def initialize(name,user)
6
- @name = name
7
- @user = user
8
- end
9
-
10
- def role_name
11
- @name
12
- end
13
-
14
- def name
15
- role_name
16
- end
17
-
18
- def user
19
- @user
20
- end
21
-
1
+ class TestRole
2
+
3
+ include AnnotationSecurity::Role
4
+
5
+ def initialize(name,user)
6
+ @name = name
7
+ @user = user
8
+ end
9
+
10
+ def role_name
11
+ @name
12
+ end
13
+
14
+ def name
15
+ role_name
16
+ end
17
+
18
+ def user
19
+ @user
20
+ end
21
+
22
22
  end
@@ -1,32 +1,32 @@
1
- class TestUser
2
-
3
- include AnnotationSecurity::User
4
-
5
- def initialize(name='user_name')
6
- @name = name
7
- @one_role = TestRole.new(:one,self)
8
- @many_roles = [
9
- TestRole.new(:a,self), TestRole.new(:b,self), TestRole.new(:c,self)]
10
- end
11
-
12
- def user_name
13
- @name
14
- end
15
-
16
- def name
17
- user_name
18
- end
19
-
20
- def as_one_role
21
- @one_role
22
- end
23
-
24
- def as_many_roles
25
- @many_roles
26
- end
27
-
28
- def to_s
29
- "<TestUser:#{name}>"
30
- end
31
-
1
+ class TestUser
2
+
3
+ include AnnotationSecurity::User
4
+
5
+ def initialize(name='user_name')
6
+ @name = name
7
+ @one_role = TestRole.new(:one,self)
8
+ @many_roles = [
9
+ TestRole.new(:a,self), TestRole.new(:b,self), TestRole.new(:c,self)]
10
+ end
11
+
12
+ def user_name
13
+ @name
14
+ end
15
+
16
+ def name
17
+ user_name
18
+ end
19
+
20
+ def as_one_role
21
+ @one_role
22
+ end
23
+
24
+ def as_many_roles
25
+ @many_roles
26
+ end
27
+
28
+ def to_s
29
+ "<TestUser:#{name}>"
30
+ end
31
+
32
32
  end